package sun.security.pkcs11;

import java.security.ProviderException;
import sun.security.jca.JCAUtil;
import sun.security.pkcs11.wrapper.CK_ATTRIBUTE;
import sun.security.pkcs11.wrapper.CK_MECHANISM;
import sun.security.pkcs11.wrapper.PKCS11Constants;
import sun.security.pkcs11.wrapper.PKCS11Exception;

/* compiled from: P11Key.java */
/* loaded from: input_file:sun/security/pkcs11/NativeKeyHolder.class */
final class NativeKeyHolder {
    private static long nativeKeyWrapperKeyID;
    private static CK_MECHANISM nativeKeyWrapperMechanism;
    private static long nativeKeyWrapperRefCount;
    private static Session nativeKeyWrapperSession;
    private final P11Key p11Key;
    private final byte[] nativeKeyInfo;
    private boolean wrapperKeyUsed;
    private long keyID;
    private SessionKeyRef ref;
    private int refCount = -1;
    static final /* synthetic */ boolean $assertionsDisabled;

    private static void createNativeKeyWrapper(Token token) throws PKCS11Exception {
        if (!$assertionsDisabled && nativeKeyWrapperKeyID != 0) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && nativeKeyWrapperRefCount != 0) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && nativeKeyWrapperSession != null) {
            throw new AssertionError();
        }
        CK_ATTRIBUTE[] attributes = token.getAttributes("generate", 4L, 31L, new CK_ATTRIBUTE[]{new CK_ATTRIBUTE(0L, 4L), new CK_ATTRIBUTE(353L, 32L)});
        Session session = null;
        try {
            session = token.getObjSession();
            nativeKeyWrapperKeyID = token.p11.C_GenerateKey(session.id(), new CK_MECHANISM(PKCS11Constants.CKM_AES_KEY_GEN), attributes);
            nativeKeyWrapperSession = session;
            nativeKeyWrapperSession.addObject();
            byte[] bArr = new byte[16];
            JCAUtil.getSecureRandom().nextBytes(bArr);
            nativeKeyWrapperMechanism = new CK_MECHANISM(PKCS11Constants.CKM_AES_CBC_PAD, bArr);
            token.releaseSession(session);
        } catch (PKCS11Exception e) {
            token.releaseSession(session);
        } catch (Throwable th) {
            token.releaseSession(session);
            throw th;
        }
    }

    private static void deleteNativeKeyWrapper() {
        Token token = nativeKeyWrapperSession.token;
        if (token.isValid()) {
            Session session = null;
            try {
                session = token.getOpSession();
                token.p11.C_DestroyObject(session.id(), nativeKeyWrapperKeyID);
                nativeKeyWrapperSession.removeObject();
                token.releaseSession(session);
            } catch (PKCS11Exception e) {
                token.releaseSession(session);
            } catch (Throwable th) {
                token.releaseSession(session);
                throw th;
            }
        }
        nativeKeyWrapperKeyID = 0L;
        nativeKeyWrapperMechanism = null;
        nativeKeyWrapperSession = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void decWrapperKeyRef() {
        synchronized (NativeKeyHolder.class) {
            if (!$assertionsDisabled && nativeKeyWrapperKeyID == 0) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && nativeKeyWrapperRefCount <= 0) {
                throw new AssertionError();
            }
            nativeKeyWrapperRefCount--;
            if (nativeKeyWrapperRefCount == 0) {
                deleteNativeKeyWrapper();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public NativeKeyHolder(P11Key p11Key, long j, Session session, boolean z, boolean z2) {
        this.p11Key = p11Key;
        this.keyID = j;
        byte[] bArr = null;
        if (z2) {
            this.ref = null;
        } else {
            Token token = p11Key.token;
            if (z) {
                try {
                    if (p11Key.sensitive) {
                        synchronized (NativeKeyHolder.class) {
                            if (nativeKeyWrapperKeyID == 0) {
                                createNativeKeyWrapper(token);
                            }
                            if (nativeKeyWrapperKeyID != 0) {
                                nativeKeyWrapperRefCount++;
                                this.wrapperKeyUsed = true;
                            }
                        }
                    }
                    Session session2 = null;
                    try {
                        session2 = token.getOpSession();
                        bArr = p11Key.token.p11.getNativeKeyInfo(session2.id(), j, nativeKeyWrapperKeyID, nativeKeyWrapperMechanism);
                        token.releaseSession(session2);
                    } catch (PKCS11Exception e) {
                        token.releaseSession(session2);
                    } catch (Throwable th) {
                        token.releaseSession(session2);
                        throw th;
                    }
                } catch (PKCS11Exception e2) {
                }
            }
            this.ref = new SessionKeyRef(p11Key, j, this.wrapperKeyUsed, session);
        }
        this.nativeKeyInfo = (bArr == null || bArr.length == 0) ? null : bArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long getKeyID() throws ProviderException {
        if (this.nativeKeyInfo != null) {
            synchronized (this.nativeKeyInfo) {
                if (this.refCount == -1) {
                    this.refCount = 0;
                }
                int i = this.refCount;
                this.refCount = i + 1;
                if (this.keyID == 0) {
                    if (i != 0) {
                        throw new RuntimeException("Error: null keyID with non-zero refCount " + i);
                    }
                    Token token = this.p11Key.token;
                    try {
                        try {
                            Session objSession = token.getObjSession();
                            this.keyID = token.p11.createNativeKey(objSession.id(), this.nativeKeyInfo, nativeKeyWrapperKeyID, nativeKeyWrapperMechanism);
                            this.ref.registerNativeKey(this.keyID, objSession);
                            token.releaseSession(objSession);
                        } catch (Throwable th) {
                            token.releaseSession(null);
                            throw th;
                        }
                    } catch (PKCS11Exception e) {
                        this.refCount--;
                        throw new ProviderException("Error recreating native key", e);
                    }
                } else if (i < 0) {
                    throw new RuntimeException("ERROR: negative refCount");
                }
            }
        }
        return this.keyID;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void releaseKeyID() {
        if (this.nativeKeyInfo != null) {
            synchronized (this.nativeKeyInfo) {
                if (this.refCount == -1) {
                    throw new RuntimeException("Error: miss match getKeyID call");
                }
                int i = this.refCount - 1;
                this.refCount = i;
                if (i == 0) {
                    if (this.keyID == 0) {
                        throw new RuntimeException("ERROR: null keyID can't be destroyed");
                    }
                    this.keyID = 0L;
                    this.ref.removeNativeKey();
                } else if (i < 0) {
                    throw new RuntimeException("wrong refCount value: " + i);
                }
            }
        }
    }

    static {
        $assertionsDisabled = !NativeKeyHolder.class.desiredAssertionStatus();
        nativeKeyWrapperKeyID = 0L;
        nativeKeyWrapperMechanism = null;
        nativeKeyWrapperRefCount = 0L;
        nativeKeyWrapperSession = null;
    }
}
