package org.wso2.carbon.crypto.provider.hsm.cryptoprovider.operators;

import iaik.pkcs.pkcs11.Mechanism;
import iaik.pkcs.pkcs11.Session;
import iaik.pkcs.pkcs11.TokenException;
import iaik.pkcs.pkcs11.objects.PrivateKey;
import iaik.pkcs.pkcs11.objects.PublicKey;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.crypto.api.CryptoException;
import org.wso2.carbon.crypto.provider.hsm.cryptoprovider.exception.HSMCryptoException;

/* loaded from: input_file:org/wso2/carbon/crypto/provider/hsm/cryptoprovider/operators/SignatureHandler.class */
public class SignatureHandler {
    private static Log log = LogFactory.getLog(SignatureHandler.class);
    private final Session session;

    public SignatureHandler(Session session) {
        this.session = session;
    }

    public byte[] sign(byte[] bArr, PrivateKey privateKey, Mechanism mechanism) throws CryptoException {
        if (!mechanism.isFullSignVerifyMechanism() && !mechanism.isSingleOperationSignVerifyMechanism()) {
            throw new CryptoException(String.format("Requested '%s' algorithm for data signing is not a valid signing mechanism.", mechanism.getName()));
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("Signing data using the HSM device with %s mechanism.", mechanism.getName()));
        }
        try {
            this.session.signInit(mechanism, privateKey);
            return this.session.sign(bArr);
        } catch (TokenException e) {
            throw new HSMCryptoException(String.format("Error occurred during signature generation using algorithm '%s'.", mechanism.getName()), e);
        }
    }

    public boolean verify(byte[] bArr, byte[] bArr2, PublicKey publicKey, Mechanism mechanism) throws CryptoException {
        boolean z = false;
        if (!mechanism.isFullSignVerifyMechanism()) {
            throw new CryptoException(String.format("Requested '%s' algorithm for signature verification is not a valid sign verification mechanism.", mechanism.getName()));
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("Verifying signature using the HSM device with %s mechanism.", mechanism.getName()));
        }
        try {
            this.session.verifyInit(mechanism, publicKey);
            this.session.verify(bArr, bArr2);
            z = true;
        } catch (TokenException e) {
            if (!e.getMessage().equals("CKR_SIGNATURE_INVALID")) {
                throw new HSMCryptoException(String.format("Error occurred during verifying the signature using algorithm '%s'.", mechanism.getName()), e);
            }
        }
        return z;
    }
}
