package de.cardcontact.smartcardhsmprovider;

import de.cardcontact.opencard.service.smartcardhsm.KeyDescription;
import de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMCardService;
import de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMSecretKey;
import de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMSecretKeySpec;
import java.security.InvalidAlgorithmParameterException;
import java.security.ProviderException;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.KeyGeneratorSpi;
import javax.crypto.SecretKey;
import opencard.core.OpenCardException;
import opencard.core.service.CardServiceException;
import opencard.core.terminal.CardTerminalException;

/* loaded from: input_file:de/cardcontact/smartcardhsmprovider/KeyGenerator.class */
public class KeyGenerator extends KeyGeneratorSpi {
    private SmartCardHSMProvider provider;
    private SmartCardHSMCardService schsm;
    private SmartCardHSMParameterSpec spec;

    public KeyGenerator(SmartCardHSMProvider smartCardHSMProvider, String str) {
        this.provider = smartCardHSMProvider;
        this.schsm = smartCardHSMProvider.getSmartCardHSMCardService();
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(java.security.SecureRandom secureRandom) {
        throw new ProviderException("engineInit(SecureRandom random) not supported");
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(AlgorithmParameterSpec algorithmParameterSpec, java.security.SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
        if (secureRandom != null) {
            throw new ProviderException("Setting a random number generator is not supported");
        }
        if (!(algorithmParameterSpec instanceof SmartCardHSMParameterSpec)) {
            throw new InvalidAlgorithmParameterException("Algorithm parameter must be instance of SmartCardHSMParameterSpec");
        }
        if (!(((SmartCardHSMParameterSpec) algorithmParameterSpec).getKeySpec() instanceof SmartCardHSMSecretKeySpec)) {
            throw new InvalidAlgorithmParameterException("SmartCardHSMParameterSpec must contain SmartCardHSMSecretKeySpec");
        }
        this.spec = (SmartCardHSMParameterSpec) algorithmParameterSpec;
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(int i, java.security.SecureRandom secureRandom) {
        throw new ProviderException("engineInit(SecureRandom random) not supported");
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected SecretKey engineGenerateKey() {
        SmartCardHSMSecretKeySpec keySpec = this.spec.getKeySpec();
        try {
            byte determineFreeKeyId = this.schsm.determineFreeKeyId();
            byte[] generateKey = this.schsm.generateKey(determineFreeKeyId, keySpec);
            byte[] algorithmList = keySpec.getAlgorithmList();
            boolean z = false;
            int i = 0;
            while (true) {
                if (i >= algorithmList.length) {
                    break;
                }
                if (algorithmList[i] == -103) {
                    z = true;
                    break;
                }
                i++;
            }
            byte[] bArr = null;
            if (z) {
                try {
                    bArr = new byte[8];
                    System.arraycopy(this.schsm.deriveSymmetricKey(determineFreeKeyId, (byte) -103, "KeyCheckValue".getBytes()), 0, bArr, 0, bArr.length);
                } catch (CardTerminalException | CardServiceException e) {
                    throw new ProviderException("Deriving KCV failed", e);
                }
            }
            KeyDescription keyDescription = new KeyDescription(bArr, this.spec.getLabel(), 0, KeyDescription.KeyTypes.AES);
            keyDescription.setKeyRef(determineFreeKeyId);
            try {
                this.schsm.storePRKD(determineFreeKeyId, keyDescription);
                SmartCardHSMSecretKey smartCardHSMSecretKey = new SmartCardHSMSecretKey(determineFreeKeyId, keyDescription.getTranslatedLabel(), (short) keySpec.getKeySize(), "AES");
                smartCardHSMSecretKey.setAlgorithms(algorithmList);
                if (keySpec.hasKeyDomain()) {
                    smartCardHSMSecretKey.setKeyDomain(keySpec.getKeyDomain());
                }
                if (keySpec.hasKeyUseCounter()) {
                    smartCardHSMSecretKey.setKeyUseCounter(keySpec.getKeyUseCounter());
                }
                if (generateKey != null && generateKey.length > 0) {
                    smartCardHSMSecretKey.setWrapCryptogram(generateKey);
                }
                if (bArr != null) {
                    smartCardHSMSecretKey.setKeyId(bArr);
                }
                this.schsm.addKeyToMap(smartCardHSMSecretKey);
                return smartCardHSMSecretKey;
            } catch (OpenCardException e2) {
                throw new ProviderException("Writing key description failed", e2);
            }
        } catch (OpenCardException e3) {
            throw new ProviderException("Generating key failed", e3);
        }
    }
}
