package org.xipki.security.pkcs11.iaik;

import iaik.pkcs.pkcs11.objects.Key;
import iaik.pkcs.pkcs11.objects.PrivateKey;
import iaik.pkcs.pkcs11.objects.SecretKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import org.bouncycastle.jcajce.interfaces.EdDSAKey;
import org.bouncycastle.jcajce.interfaces.XDHKey;
import org.xipki.security.EdECConstants;
import org.xipki.security.pkcs11.P11Identity;
import org.xipki.security.pkcs11.P11IdentityId;
import org.xipki.security.pkcs11.P11Params;
import org.xipki.security.pkcs11.P11TokenException;
import org.xipki.util.Args;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/security-5.3.7.jar:org/xipki/security/pkcs11/iaik/IaikP11Identity.class */
public class IaikP11Identity extends P11Identity {
    private final Key signingKey;
    private final int expectedSignatureLen;

    /* JADX INFO: Access modifiers changed from: package-private */
    public IaikP11Identity(IaikP11Slot iaikP11Slot, P11IdentityId p11IdentityId, SecretKey secretKey) {
        super(iaikP11Slot, p11IdentityId, 0);
        this.signingKey = (Key) Args.notNull(secretKey, "signingKey");
        this.expectedSignatureLen = 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public IaikP11Identity(IaikP11Slot iaikP11Slot, P11IdentityId p11IdentityId, PrivateKey privateKey, PublicKey publicKey, X509Certificate[] x509CertificateArr) {
        super(iaikP11Slot, p11IdentityId, publicKey, x509CertificateArr);
        this.signingKey = (Key) Args.notNull(privateKey, "privateKey");
        int signatureKeyBitLength = getSignatureKeyBitLength();
        if (publicKey instanceof RSAPublicKey) {
            this.expectedSignatureLen = (signatureKeyBitLength + 7) / 8;
            return;
        }
        if (publicKey instanceof ECPublicKey) {
            this.expectedSignatureLen = ((signatureKeyBitLength + 7) / 8) * 2;
            return;
        }
        if (publicKey instanceof DSAPublicKey) {
            this.expectedSignatureLen = ((signatureKeyBitLength + 7) / 8) * 2;
            return;
        }
        if (!(publicKey instanceof EdDSAKey)) {
            if (!(publicKey instanceof XDHKey)) {
                throw new IllegalArgumentException("currently only RSA, DSA, EC, EdDSA and XDH public key are supported, but not " + this.publicKey.getAlgorithm() + " (class: " + publicKey.getClass().getName() + ")");
            }
            this.expectedSignatureLen = 0;
            return;
        }
        String algorithm = publicKey.getAlgorithm();
        if (EdECConstants.Ed25519.equalsIgnoreCase(algorithm)) {
            this.expectedSignatureLen = 64;
        } else {
            if (!EdECConstants.Ed25519.equalsIgnoreCase(algorithm)) {
                throw new IllegalArgumentException("unknown EdDSA algorithm " + algorithm);
            }
            this.expectedSignatureLen = 114;
        }
    }

    @Override // org.xipki.security.pkcs11.P11Identity
    protected byte[] digestSecretKey0(long j) throws P11TokenException {
        if (!(this.signingKey instanceof SecretKey)) {
            throw new P11TokenException("could not digest asymmetric key");
        }
        Boolean booleanValue = ((SecretKey) this.signingKey).getExtractable().getBooleanValue();
        if (booleanValue != null && !booleanValue.booleanValue()) {
            throw new P11TokenException("could not digest unextractable key");
        }
        Boolean booleanValue2 = ((SecretKey) this.signingKey).getNeverExtractable().getBooleanValue();
        if (booleanValue2 == null || !booleanValue2.booleanValue()) {
            return ((IaikP11Slot) this.slot).digestKey(j, this);
        }
        throw new P11TokenException("could not digest unextractable key");
    }

    @Override // org.xipki.security.pkcs11.P11Identity
    protected byte[] sign0(long j, P11Params p11Params, byte[] bArr) throws P11TokenException {
        return ((IaikP11Slot) this.slot).sign(j, p11Params, bArr, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Key getSigningKey() {
        return this.signingKey;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getExpectedSignatureLen() {
        return this.expectedSignatureLen;
    }
}
