package com.amazonaws.cloudhsm.jce.provider;

import com.amazonaws.cloudhsm.jce.jni.CloudHsmSignature;
import com.amazonaws.cloudhsm.jce.jni.CloudHsmVerify;
import com.amazonaws.cloudhsm.jce.jni.Session;
import com.amazonaws.cloudhsm.jce.jni.exception.DataException;
import com.amazonaws.cloudhsm.jce.jni.exception.DataExceptionCause;
import com.amazonaws.cloudhsm.jce.jni.exception.InternalException;
import com.amazonaws.cloudhsm.jce.jni.exception.InternalExceptionCause;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.SignatureSpi;
import java.security.spec.AlgorithmParameterSpec;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.NoSuchElementException;
import java.util.Optional;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/cloudhsm-jce-0.0.1-SNAPSHOT.jar:com/amazonaws/cloudhsm/jce/provider/CloudHsmSignatureBase.class */
public abstract class CloudHsmSignatureBase extends SignatureSpi {
    private final CloudHsmProvider provider;
    Mode opMode;
    final CloudHsmLogger logger = new CloudHsmLogger(getClass());
    Optional<CloudHsmKey> key = Optional.empty();
    Optional<Session> session = Optional.empty();
    Optional<CloudHsmSignature> cloudHsmSignature = Optional.empty();
    Optional<CloudHsmVerify> cloudHsmVerify = Optional.empty();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/cloudhsm-jce-0.0.1-SNAPSHOT.jar:com/amazonaws/cloudhsm/jce/provider/CloudHsmSignatureBase$Mode.class */
    public enum Mode {
        SIGN_MODE,
        VERIFY_MODE
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CloudHsmSignatureBase(CloudHsmProvider cloudHsmProvider) throws IllegalStateException {
        if (cloudHsmProvider == null) {
            throw new IllegalStateException(ErrorMessages.PROVIDER_NOT_INITIALIZED.getMessage());
        }
        this.provider = cloudHsmProvider;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CloudHsmProvider getProvider() {
        return this.provider;
    }

    abstract Optional<CloudHsmSignature> initSignatureInstance();

    abstract Optional<CloudHsmVerify> initVerifyInstance();

    @Override // java.security.SignatureSpi
    protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
        this.opMode = Mode.SIGN_MODE;
        setKey(privateKey);
    }

    @Override // java.security.SignatureSpi
    protected void engineInitSign(PrivateKey privateKey, SecureRandom secureRandom) throws InvalidKeyException {
        engineInitSign(privateKey);
    }

    @Override // java.security.SignatureSpi
    protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
        this.opMode = Mode.VERIFY_MODE;
        setKey(publicKey);
    }

    @Override // java.security.SignatureSpi
    protected void engineSetParameter(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException, UnsupportedOperationException {
        throw new UnsupportedOperationException(ErrorMessages.SIGNATURE_ALGORITHM_PARAMETERS_NOT_SUPPORTED.getMessage());
    }

    @Override // java.security.SignatureSpi
    @Deprecated
    protected Object engineGetParameter(String str) throws InvalidParameterException {
        throw new UnsupportedOperationException(ErrorMessages.SIGNATURE_ALGORITHM_PARAMETERS_NOT_SUPPORTED.getMessage());
    }

    @Override // java.security.SignatureSpi
    @Deprecated
    protected void engineSetParameter(String str, Object obj) throws InvalidParameterException {
        throw new UnsupportedOperationException(ErrorMessages.SIGNATURE_ALGORITHM_PARAMETERS_NOT_SUPPORTED.getMessage());
    }

    @Override // java.security.SignatureSpi
    protected AlgorithmParameters engineGetParameters() {
        return null;
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte b) {
        engineUpdate(new byte[]{b}, 0, 1);
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte[] bArr, int i, int i2) {
        this.logger.trace("Calling engineUpdate");
        Validations.validateInputBufferForRead(bArr, i, i2);
        initializeCoreSignatureOrVerifyInstance();
        try {
            byte[] copyOfRange = Arrays.copyOfRange(bArr, i, Math.addExact(i, i2));
            switch (this.opMode) {
                case SIGN_MODE:
                    getSignatureInstance().update(copyOfRange);
                    break;
                case VERIFY_MODE:
                    getVerifyInstance().update(copyOfRange);
                    break;
                default:
                    throw new UnsupportedOperationException(MessageFormat.format(ErrorMessages.SIGNATURE_OPERATION_MODE_NOT_SUPPORTED.getMessage(), this.opMode));
            }
        } catch (ArithmeticException e) {
            throw new DataException(DataExceptionCause.DATA_LEN_RANGE, ErrorMessages.BUFFER_INPUT_OFFSET_OR_LENGTH_INVALID.getMessage(), e);
        } catch (Exception e2) {
            throw ErrorHandling.asCloudhsmException(e2);
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(ByteBuffer byteBuffer) {
        throw new UnsupportedOperationException(ErrorMessages.SIGNATURE_OPERATION_UPDATE_WITH_BYTE_BUFFER_NOT_SUPPORTED.getMessage());
    }

    @Override // java.security.SignatureSpi
    protected byte[] engineSign() {
        this.logger.trace("Calling engineSign");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        initializeCoreSignatureInstance();
        try {
            CloudHsmSignature signatureInstance = getSignatureInstance();
            Optional.empty();
            try {
                try {
                    writeToBuffer(byteArrayOutputStream, (byte[]) Optional.of(signatureInstance.complete()).get());
                } catch (NoSuchElementException e) {
                    this.logger.info("No data returned for complete call");
                }
                return byteArrayOutputStream.toByteArray();
            } catch (Exception e2) {
                throw ErrorHandling.asCloudhsmException(e2);
            }
        } finally {
            finalizeCoreSignatureOrVerifyInstance();
        }
    }

    @Override // java.security.SignatureSpi
    protected int engineSign(byte[] bArr, int i, int i2) throws SignatureException {
        this.logger.trace("Calling engineSign with output buffer");
        byte[] engineSign = engineSign();
        if (i2 < engineSign.length) {
            throw new SignatureException(MessageFormat.format(ErrorMessages.BUFFER_TOO_SMALL.getMessage(), Integer.valueOf(engineSign.length)));
        }
        int addExact = Math.addExact(engineSign.length, i);
        if (addExact > bArr.length) {
            throw new SignatureException(MessageFormat.format(ErrorMessages.BUFFER_TOO_SMALL.getMessage(), Integer.valueOf(addExact)));
        }
        System.arraycopy(engineSign, 0, bArr, i, engineSign.length);
        return engineSign.length;
    }

    @Override // java.security.SignatureSpi
    protected boolean engineVerify(byte[] bArr) {
        this.logger.trace("Calling engineVerify");
        Validations.validateInputBufferForRead(bArr);
        return engineVerify(bArr, 0, bArr.length);
    }

    @Override // java.security.SignatureSpi
    protected boolean engineVerify(byte[] bArr, int i, int i2) {
        this.logger.trace("Calling engineVerify with input buffer");
        initializeCoreVerifyInstance();
        Validations.validateInputBufferForRead(bArr, i, i2);
        try {
            try {
                return getVerifyInstance().complete(Arrays.copyOfRange(bArr, i, Math.addExact(i, i2)));
            } catch (ArithmeticException e) {
                throw new DataException(DataExceptionCause.DATA_LEN_RANGE, ErrorMessages.BUFFER_INPUT_OFFSET_OR_LENGTH_INVALID.getMessage(), e);
            } catch (Exception e2) {
                throw ErrorHandling.asCloudhsmException(e2);
            }
        } finally {
            finalizeCoreSignatureOrVerifyInstance();
        }
    }

    protected void setKey(Key key) throws InvalidKeyException {
        if (key == null) {
            throw new InvalidKeyException(ErrorMessages.SIGNATURE_KEY_REQUIRED_FOR_THIS_OPERATION.getMessage());
        }
        if (!(key instanceof CloudHsmKey)) {
            throw new InvalidKeyException(ErrorMessages.SIGNATURE_NON_CLOUDHSM_KEY_NOT_SUPPORTED.getMessage());
        }
        KeyUtil.validateKeyProvider((CloudHsmKey) key, getProvider());
        this.key = Optional.of((CloudHsmKey) key);
        initializeCoreSignatureOrVerifyInstance();
    }

    private void initializeCoreSignatureOrVerifyInstance() {
        switch (this.opMode) {
            case SIGN_MODE:
                initializeCoreSignatureInstance();
                return;
            case VERIFY_MODE:
                initializeCoreVerifyInstance();
                return;
            default:
                throw new UnsupportedOperationException(MessageFormat.format(ErrorMessages.SIGNATURE_OPERATION_MODE_NOT_SUPPORTED.getMessage(), this.opMode));
        }
    }

    private void initializeCoreSignatureInstance() {
        if (this.cloudHsmSignature.isPresent()) {
            return;
        }
        this.session = Optional.of(getProvider().getSession());
        this.cloudHsmSignature = initSignatureInstance();
    }

    private void initializeCoreVerifyInstance() {
        if (this.cloudHsmVerify.isPresent()) {
            return;
        }
        this.session = Optional.of(getProvider().getSession());
        this.cloudHsmVerify = initVerifyInstance();
    }

    private void finalizeCoreSignatureOrVerifyInstance() {
        cleanSession();
        switch (this.opMode) {
            case SIGN_MODE:
                finalizeCoreSignatureInstance();
                return;
            case VERIFY_MODE:
                finalizeCoreVerifyInstance();
                return;
            default:
                throw new UnsupportedOperationException(MessageFormat.format(ErrorMessages.SIGNATURE_OPERATION_MODE_NOT_SUPPORTED.getMessage(), this.opMode));
        }
    }

    private void finalizeCoreSignatureInstance() {
        this.cloudHsmSignature.orElseThrow(() -> {
            return new IllegalStateException(ErrorMessages.SIGNATURE_OPERATION_ALREADY_FINALIZED.getMessage());
        }).delete();
        this.cloudHsmSignature = Optional.empty();
        this.logger.debug("cloudHsmSignature Instance reset");
    }

    private void finalizeCoreVerifyInstance() {
        this.cloudHsmVerify.orElseThrow(() -> {
            return new IllegalStateException(ErrorMessages.SIGNATURE_OPERATION_ALREADY_FINALIZED.getMessage());
        }).delete();
        this.cloudHsmVerify = Optional.empty();
        this.logger.debug("cloudHsmVerify Instance reset");
    }

    private void cleanSession() {
        this.session.orElseThrow(() -> {
            return new IllegalStateException(ErrorMessages.SIGNATURE_OPERATION_ALREADY_FINALIZED.getMessage());
        });
        this.logger.debug("local session reference released");
        this.session = Optional.empty();
    }

    private CloudHsmSignature getSignatureInstance() {
        return this.cloudHsmSignature.orElseThrow(() -> {
            return new IllegalStateException(ErrorMessages.SIGNATURE_OPERATION_NOT_INITIALIZED.getMessage());
        });
    }

    private CloudHsmVerify getVerifyInstance() {
        return this.cloudHsmVerify.orElseThrow(() -> {
            return new IllegalStateException(ErrorMessages.SIGNATURE_OPERATION_NOT_INITIALIZED.getMessage());
        });
    }

    private static void writeToBuffer(ByteArrayOutputStream byteArrayOutputStream, byte[] bArr) {
        try {
            byteArrayOutputStream.write(bArr);
        } catch (IOException e) {
            throw new InternalException(InternalExceptionCause.UNEXPECTED_ERROR, ErrorMessages.ERROR_WRITING_TO_INTERNAL_BUFFER.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CloudHsmKey getCloudHsmKey() {
        return this.key.orElseThrow(() -> {
            return new IllegalStateException(ErrorMessages.SIGNATURE_OPERATION_NOT_INITIALIZED.getMessage());
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Session getSession() {
        return this.session.orElseThrow(() -> {
            return new IllegalStateException(ErrorMessages.SIGNATURE_OPERATION_NOT_INITIALIZED.getMessage());
        });
    }
}
