package org.wso2.carbon.crypto.provider.hsm;

import iaik.pkcs.pkcs11.Mechanism;
import iaik.pkcs.pkcs11.Session;
import iaik.pkcs.pkcs11.objects.Key;
import iaik.pkcs.pkcs11.objects.PrivateKey;
import iaik.pkcs.pkcs11.objects.PublicKey;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.api.ServerConfigurationService;
import org.wso2.carbon.crypto.api.CryptoException;
import org.wso2.carbon.crypto.api.InternalCryptoProvider;
import org.wso2.carbon.crypto.provider.hsm.cryptoprovider.objecthandlers.KeyHandler;
import org.wso2.carbon.crypto.provider.hsm.cryptoprovider.operators.Cipher;
import org.wso2.carbon.crypto.provider.hsm.cryptoprovider.util.MechanismDataHolder;
import org.wso2.carbon.crypto.provider.hsm.cryptoprovider.util.MechanismResolver;
import org.wso2.carbon.crypto.provider.hsm.cryptoprovider.util.SessionHandler;

/* loaded from: input_file:org/wso2/carbon/crypto/provider/hsm/HSMBasedInternalCryptoProvider.class */
public class HSMBasedInternalCryptoProvider implements InternalCryptoProvider {
    private static final String INTERNAL_PROVIDER_SLOT_PROPERTY_PATH = "CryptoService.HSMBasedCryptoProviderConfig.InternalProvider.InternalProviderSlotID";
    private static final String HSM_BASED_INTERNAL_PROVIDER_KEY_ALIAS_PATH = "CryptoService.HSMBasedCryptoProviderConfig.InternalProvider.KeyAlias";
    private static Log log = LogFactory.getLog(HSMBasedInternalCryptoProvider.class);
    private String keyAlias;
    private SessionHandler sessionHandler;
    private MechanismResolver mechanismResolver;
    private ServerConfigurationService serverConfigurationService;

    public HSMBasedInternalCryptoProvider(ServerConfigurationService serverConfigurationService) throws CryptoException {
        this.keyAlias = serverConfigurationService.getFirstProperty(HSM_BASED_INTERNAL_PROVIDER_KEY_ALIAS_PATH);
        if (StringUtils.isBlank(this.keyAlias)) {
            throw new CryptoException("Key/Certificate aliases provided for internal crypto provider can't be empty.");
        }
        this.sessionHandler = SessionHandler.getDefaultSessionHandler(serverConfigurationService);
        this.mechanismResolver = MechanismResolver.getInstance();
        this.serverConfigurationService = serverConfigurationService;
    }

    public byte[] encrypt(byte[] bArr, String str, String str2) throws CryptoException {
        failIfMethodParametersInvalid(str, bArr);
        if (log.isDebugEnabled()) {
            log.debug(String.format("Encrypting data with %s algorithm using HSM device with %s public key.", str, this.keyAlias));
        }
        PublicKey generateKeyTemplate = generateKeyTemplate(new PublicKey(), this.keyAlias);
        Mechanism resolveMechanism = this.mechanismResolver.resolveMechanism(new MechanismDataHolder(1, str));
        Session initiateSession = initiateSession(getInternalProviderSlotInfo());
        try {
            byte[] encrypt = new Cipher(initiateSession).encrypt(bArr, (PublicKey) retrieveKey(generateKeyTemplate, initiateSession), resolveMechanism);
            if (log.isDebugEnabled()) {
                log.debug(String.format("Successfully encrypted data with %s algorithm using HSM device with %s public key", str, this.keyAlias));
            }
            return encrypt;
        } finally {
            this.sessionHandler.closeSession(initiateSession);
        }
    }

    public byte[] decrypt(byte[] bArr, String str, String str2) throws CryptoException {
        failIfMethodParametersInvalid(str, bArr);
        if (log.isDebugEnabled()) {
            log.debug(String.format("Decrypting data with %s algorithm and %s private key using HSM device.", str, this.keyAlias));
        }
        PrivateKey generateKeyTemplate = generateKeyTemplate(new PrivateKey(), this.keyAlias);
        Mechanism resolveMechanism = this.mechanismResolver.resolveMechanism(new MechanismDataHolder(2, str));
        Session initiateSession = initiateSession(getInternalProviderSlotInfo());
        try {
            byte[] decrypt = new Cipher(initiateSession).decrypt(bArr, (PrivateKey) retrieveKey(generateKeyTemplate, initiateSession), resolveMechanism);
            if (log.isDebugEnabled()) {
                log.debug(String.format("Successfully decrypted data with %s algorithm and %s private key using HSM device.", str, this.keyAlias));
            }
            return decrypt;
        } finally {
            this.sessionHandler.closeSession(initiateSession);
        }
    }

    protected Session initiateSession(SlotInfo slotInfo) throws CryptoException {
        return this.sessionHandler.initiateSession(slotInfo.getSlotID(), slotInfo.getPin(), false);
    }

    protected void failIfMethodParametersInvalid(String str, byte[] bArr) throws CryptoException {
        if (str == null || !MechanismResolver.getSupportedMechanisms().containsKey(str)) {
            throw new CryptoException(String.format("Requested algorithm '%s' is not valid/supported by the HSM based Crypto Provider.", str));
        }
        if (bArr == null || bArr.length == 0) {
            throw new CryptoException("Data sent for cryptographic operation is null/empty.");
        }
    }

    protected Key generateKeyTemplate(Key key, String str) {
        key.getLabel().setCharArrayValue(str.toCharArray());
        return key;
    }

    protected Key retrieveKey(Key key, Session session) throws CryptoException {
        if (log.isDebugEnabled()) {
            log.debug(String.format("Retrieving key with alias %s from the HSM device.", new String(key.getLabel().getCharArrayValue())));
        }
        return new KeyHandler(session).retrieveKey(key);
    }

    protected SlotInfo getInternalProviderSlotInfo() {
        return new SlotInfo(Integer.parseInt(this.serverConfigurationService.getFirstProperty(INTERNAL_PROVIDER_SLOT_PROPERTY_PATH)), null);
    }
}
