package de.cardcontact.smartcardhsmprovider;

import de.cardcontact.opencard.eac.CardVerifiableCertificate;
import de.cardcontact.opencard.service.smartcardhsm.KeyDescription;
import de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMCardService;
import de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMECKey;
import de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMECPrivateKeySpec;
import de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMPrivateKey;
import de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMRSAKey;
import de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMRSAPrivateKeySpec;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGeneratorSpi;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.util.HashMap;
import opencard.core.OpenCardException;
import opencard.opt.iso.fs.CardFilePath;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/cardcontact/smartcardhsmprovider/KeyPairGenerator.class */
public class KeyPairGenerator {

    /* loaded from: input_file:de/cardcontact/smartcardhsmprovider/KeyPairGenerator$EC.class */
    public static class EC extends Key {
        private static final Logger log = LoggerFactory.getLogger(EC.class);
        private SmartCardHSMECPrivateKeySpec spec;

        public EC(SmartCardHSMProvider smartCardHSMProvider, String str) {
            super(smartCardHSMProvider, str);
        }

        @Override // java.security.KeyPairGeneratorSpi
        public void initialize(int i, java.security.SecureRandom secureRandom) {
            ECGenParameterSpec eCGenParameterSpec;
            switch (i) {
                case 192:
                    eCGenParameterSpec = new ECGenParameterSpec("secp192r1");
                    break;
                case 256:
                    eCGenParameterSpec = new ECGenParameterSpec("secp256r1");
                    break;
                default:
                    throw new IllegalArgumentException("Unsupported key size " + i);
            }
            try {
                initialize(eCGenParameterSpec, secureRandom);
            } catch (InvalidAlgorithmParameterException e) {
                throw new IllegalArgumentException("Invalid algorithm", e);
            }
        }

        @Override // java.security.KeyPairGeneratorSpi
        public void initialize(AlgorithmParameterSpec algorithmParameterSpec, java.security.SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
            log.trace("initialize(spec, random) called...");
            if (algorithmParameterSpec instanceof SmartCardHSMParameterSpec) {
                SmartCardHSMParameterSpec smartCardHSMParameterSpec = (SmartCardHSMParameterSpec) algorithmParameterSpec;
                this.label = smartCardHSMParameterSpec.getLabel();
                this.spec = smartCardHSMParameterSpec.getKeySpec();
            } else {
                if (!(algorithmParameterSpec instanceof ECGenParameterSpec) && !(algorithmParameterSpec instanceof ECParameterSpec)) {
                    throw new InvalidAlgorithmParameterException("Spec is not an instance of SmartCardHSMPrivateKeySpec, ECGenParameterSpec or ECParameterSpec");
                }
                this.label = null;
                this.spec = new SmartCardHSMECPrivateKeySpec(algorithmParameterSpec);
            }
            this.spec.setAlgorithm(getAlgorithmFromString(this.algorithm));
        }

        @Override // java.security.KeyPairGeneratorSpi
        public KeyPair generateKeyPair() {
            try {
                byte determineID = determineID();
                log.debug("Generating key pair with key ID: " + ((int) determineID));
                byte[] generateKeyPair = this.schsm.generateKeyPair(determineID, this.spec);
                if (this.spec.storePublicKey()) {
                    this.schsm.write(new CardFilePath(new byte[]{-50, determineID}), 0, generateKeyPair);
                }
                CardVerifiableCertificate cardVerifiableCertificate = new CardVerifiableCertificate(generateKeyPair);
                PublicKey publicKey = cardVerifiableCertificate.getPublicKey();
                byte[] subjectPublicKeyIdentifier = cardVerifiableCertificate.getSubjectPublicKeyIdentifier();
                KeyDescription keyDescription = new KeyDescription(subjectPublicKeyIdentifier, this.label, (short) this.spec.getKeySize(), KeyDescription.KeyTypes.EC);
                keyDescription.setKeyRef(determineID);
                this.schsm.storePRKD(determineID, keyDescription);
                this.privateKeyRef = new SmartCardHSMECKey(determineID, keyDescription.getTranslatedLabel(), (short) this.spec.getKeySize());
                if (this.spec.hasAlgorithmList()) {
                    this.privateKeyRef.setAlgorithms(this.spec.getAlgorithmList());
                }
                if (this.spec.hasKeyDomain()) {
                    this.privateKeyRef.setKeyDomain(this.spec.getKeyDomain());
                }
                this.privateKeyRef.setKeyId(subjectPublicKeyIdentifier);
                this.schsm.addKeyToMap(this.privateKeyRef);
                this.schsm.addCertToMap(cardVerifiableCertificate, true, determineID, this.label);
                return new KeyPair(publicKey, this.privateKeyRef);
            } catch (CertificateException e) {
                log.error(e.getLocalizedMessage(), e);
                throw new ProviderException(e);
            } catch (Exception e2) {
                log.error(e2.getLocalizedMessage(), e2);
                throw new ProviderException(e2);
            } catch (OpenCardException e3) {
                log.error(e3.getLocalizedMessage(), e3);
                throw new ProviderException((Throwable) e3);
            }
        }

        private byte[] getAlgorithmFromString(String str) {
            HashMap hashMap = new HashMap();
            hashMap.put("ECDSA-SHA-1", new byte[]{4, 0, Byte.MAX_VALUE, 0, 7, 2, 2, 2, 2, 1});
            hashMap.put("ECDSA-SHA-224", new byte[]{4, 0, Byte.MAX_VALUE, 0, 7, 2, 2, 2, 2, 2});
            hashMap.put("ECDSA-SHA-256", new byte[]{4, 0, Byte.MAX_VALUE, 0, 7, 2, 2, 2, 2, 3});
            hashMap.put("ECDSA-SHA-384", new byte[]{4, 0, Byte.MAX_VALUE, 0, 7, 2, 2, 2, 2, 4});
            hashMap.put("ECDSA-SHA-512", new byte[]{4, 0, Byte.MAX_VALUE, 0, 7, 2, 2, 2, 2, 5});
            return (byte[]) hashMap.get(str);
        }
    }

    /* loaded from: input_file:de/cardcontact/smartcardhsmprovider/KeyPairGenerator$Key.class */
    public static abstract class Key extends KeyPairGeneratorSpi {
        protected static byte PRK_DEV_AUT = 0;
        protected SmartCardHSMCardService schsm;
        protected String label;
        protected SmartCardHSMPrivateKey privateKeyRef;
        protected String algorithm;

        public Key(SmartCardHSMProvider smartCardHSMProvider, String str) {
            this.schsm = smartCardHSMProvider.getSmartCardHSMCardService();
            this.algorithm = str;
            if (!smartCardHSMProvider.isVerified()) {
                throw new ProviderException("Login required.");
            }
        }

        protected byte determineID() throws OpenCardException {
            if (this.schsm.getSmartCardHSMEntry(this.label) == null) {
                return this.schsm.determineFreeKeyId();
            }
            throw new ProviderException("A key for label '" + this.label + "' does already exist");
        }
    }

    /* loaded from: input_file:de/cardcontact/smartcardhsmprovider/KeyPairGenerator$RSA.class */
    public static class RSA extends Key {
        private static final Logger log = LoggerFactory.getLogger(RSA.class);
        private SmartCardHSMRSAPrivateKeySpec spec;

        public RSA(SmartCardHSMProvider smartCardHSMProvider, String str) {
            super(smartCardHSMProvider, str);
        }

        @Override // java.security.KeyPairGeneratorSpi
        public KeyPair generateKeyPair() {
            try {
                byte determineID = determineID();
                log.debug("Generating key pair with key ID: " + ((int) determineID));
                byte[] generateKeyPair = this.schsm.generateKeyPair(determineID, this.spec);
                this.schsm.write(new CardFilePath(new byte[]{-50, determineID}), 0, generateKeyPair);
                CardVerifiableCertificate cardVerifiableCertificate = new CardVerifiableCertificate(generateKeyPair);
                PublicKey publicKey = cardVerifiableCertificate.getPublicKey();
                byte[] subjectPublicKeyIdentifier = cardVerifiableCertificate.getSubjectPublicKeyIdentifier();
                KeyDescription keyDescription = new KeyDescription(subjectPublicKeyIdentifier, this.label, (short) this.spec.getModulusSize(), KeyDescription.KeyTypes.RSA);
                keyDescription.setKeyRef(determineID);
                this.schsm.storePRKD(determineID, keyDescription);
                this.privateKeyRef = new SmartCardHSMRSAKey(determineID, keyDescription.getTranslatedLabel(), (short) this.spec.getModulusSize());
                if (this.spec.hasAlgorithmList()) {
                    this.privateKeyRef.setAlgorithms(this.spec.getAlgorithmList());
                }
                if (this.spec.hasKeyDomain()) {
                    this.privateKeyRef.setKeyDomain(this.spec.getKeyDomain());
                }
                this.privateKeyRef.setKeyId(subjectPublicKeyIdentifier);
                this.schsm.addKeyToMap(this.privateKeyRef);
                this.schsm.addCertToMap(cardVerifiableCertificate, true, determineID, this.label);
                return new KeyPair(publicKey, this.privateKeyRef);
            } catch (CertificateException e) {
                log.error(e.getLocalizedMessage(), e);
                throw new ProviderException(e);
            } catch (OpenCardException e2) {
                log.error(e2.getLocalizedMessage(), e2);
                throw new ProviderException((Throwable) e2);
            }
        }

        @Override // java.security.KeyPairGeneratorSpi
        public void initialize(int i, java.security.SecureRandom secureRandom) {
            if (secureRandom != null) {
                throw new ProviderException("Setting a random number generator is not supported");
            }
            this.spec = new SmartCardHSMRSAPrivateKeySpec(i);
        }

        private void initialize(int i) {
            initialize(i, (java.security.SecureRandom) null);
        }

        @Override // java.security.KeyPairGeneratorSpi
        public void initialize(AlgorithmParameterSpec algorithmParameterSpec, java.security.SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
            log.trace("Entering initialize");
            if (!(algorithmParameterSpec instanceof SmartCardHSMParameterSpec)) {
                throw new InvalidAlgorithmParameterException("Spec is not an instance of SmartCardHSMPrivateKeySpec");
            }
            this.label = ((SmartCardHSMParameterSpec) algorithmParameterSpec).getLabel();
            this.spec = ((SmartCardHSMParameterSpec) algorithmParameterSpec).getKeySpec();
            this.spec.setAlgorithm(getAlgorithmFromString(this.algorithm));
        }

        private byte[] getAlgorithmFromString(String str) {
            HashMap hashMap = new HashMap();
            hashMap.put("PKCS1-v1-5-SHA-1", new byte[]{4, 0, Byte.MAX_VALUE, 0, 7, 2, 2, 2, 1, 1});
            hashMap.put("PKCS1-v1-5-SHA-256", new byte[]{4, 0, Byte.MAX_VALUE, 0, 7, 2, 2, 2, 1, 2});
            hashMap.put("PKCS1-v1-5-SHA-512", new byte[]{4, 0, Byte.MAX_VALUE, 0, 7, 2, 2, 2, 1, 5});
            hashMap.put("PKCS1-PSS-SHA-1", new byte[]{4, 0, Byte.MAX_VALUE, 0, 7, 2, 2, 2, 1, 3});
            hashMap.put("PKCS1-PSS-SHA-256", new byte[]{4, 0, Byte.MAX_VALUE, 0, 7, 2, 2, 2, 1, 4});
            hashMap.put("PKCS1-PSS-SHA-512", new byte[]{4, 0, Byte.MAX_VALUE, 0, 7, 2, 2, 2, 1, 6});
            return (byte[]) hashMap.get(str);
        }
    }
}
