package com.unbound.client.pkcs11;

import com.dyadicsec.cryptoki.CK;
import com.dyadicsec.cryptoki.CKR_Exception;
import com.dyadicsec.cryptoki.CK_ATTRIBUTE;
import com.dyadicsec.cryptoki.CK_ECDH1_DERIVE_PARAMS;
import com.dyadicsec.cryptoki.CK_MECHANISM;
import com.dyadicsec.cryptoki.CK_SESSION_HANDLE;
import com.dyadicsec.cryptoki.DYCK_PRF_PARAMS;
import com.dyadicsec.cryptoki.Library;
import com.unbound.client.DeriveOper;
import com.unbound.client.ObjectType;
import com.unbound.client.SecretKeyObject;
import com.unbound.provider.KeyParameters;
import java.security.ProviderException;

/* loaded from: input_file:com/unbound/client/pkcs11/PKCS11DeriveOper.class */
public final class PKCS11DeriveOper extends DeriveOper {
    private boolean isExternalSession;

    public PKCS11DeriveOper() {
        this.isExternalSession = false;
    }

    public PKCS11DeriveOper(PKCS11Session pKCS11Session) {
        this.isExternalSession = false;
        this.isExternalSession = true;
        this.session = pKCS11Session;
    }

    private int getKeyHandle() {
        return ((PKCS11Object) this.keyObject).handle;
    }

    private CK_SESSION_HANDLE getSessionHandle() {
        return ((PKCS11Session) this.session).getHandle();
    }

    private void markOperationStarted() {
        ((PKCS11Session) this.session).setOperationInProgress(true);
    }

    private void markOperationFinished() {
        ((PKCS11Session) this.session).setOperationInProgress(false);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private CK_MECHANISM getMechanism() {
        DYCK_PRF_PARAMS dyck_prf_params;
        int pkcs11Mech = this.mode.getPkcs11Mech();
        switch (pkcs11Mech) {
            case CK.DYCKM_PRF /* -2147451375 */:
                DYCK_PRF_PARAMS dyck_prf_params2 = new DYCK_PRF_PARAMS();
                dyck_prf_params2.ulPurpose = this.prfPurpose;
                dyck_prf_params2.pTweak = this.prfTweak;
                dyck_prf_params2.ulSecretLen = this.resultLen;
                dyck_prf_params = dyck_prf_params2;
                break;
            case CK.CKM_ECDH1_DERIVE /* 4176 */:
                CK_ECDH1_DERIVE_PARAMS ck_ecdh1_derive_params = new CK_ECDH1_DERIVE_PARAMS();
                ck_ecdh1_derive_params.pPublicData = ((PKCS11ECPrivateKey) this.keyObject).getCurve().toDer(this.ecdhPubKey);
                ck_ecdh1_derive_params.kdf = 1;
                dyck_prf_params = ck_ecdh1_derive_params;
                break;
            default:
                throw new ProviderException("Unsupported derivation mechanism");
        }
        return new CK_MECHANISM(pkcs11Mech, dyck_prf_params);
    }

    @Override // com.unbound.client.DeriveOper
    protected byte[] hwDerive() {
        try {
            int C_DeriveKey = Library.C_DeriveKey(getSessionHandle(), getMechanism(), getKeyHandle(), new CK_ATTRIBUTE[]{new CK_ATTRIBUTE(1, false), new CK_ATTRIBUTE(0, 4), new CK_ATTRIBUTE(256, 16), new CK_ATTRIBUTE(259, false)});
            markOperationStarted();
            CK_ATTRIBUTE[] ck_attributeArr = {new CK_ATTRIBUTE(17)};
            Library.C_GetAttributeValue(getSessionHandle(), C_DeriveKey, ck_attributeArr);
            Library.C_DestroyObject(getSessionHandle(), C_DeriveKey);
            markOperationFinished();
            if (this.isExternalSession) {
                this.session = null;
            }
            return (byte[]) ck_attributeArr[0].pValue;
        } catch (CKR_Exception e) {
            throw new ProviderException(e);
        }
    }

    @Override // com.unbound.client.DeriveOper
    protected SecretKeyObject hwDeriveKey(ObjectType objectType, String str, KeyParameters keyParameters) {
        try {
            PKCS11SecretKey pKCS11SecretKey = new PKCS11SecretKey(objectType, (PKCS11Session) this.session, Library.C_DeriveKey(getSessionHandle(), getMechanism(), getKeyHandle(), PKCS11Object.getAttrs(PKCS11SecretKey.getNewTemplate(str, objectType, keyParameters))));
            if (this.isExternalSession) {
                this.session = null;
            }
            return pKCS11SecretKey;
        } catch (CKR_Exception e) {
            throw new ProviderException(e);
        }
    }
}
