package sun.security.rsa;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.AlgorithmParameters;
import java.security.DigestException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.SignatureSpi;
import java.security.interfaces.RSAKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.util.Arrays;
import java.util.Hashtable;
import javax.crypto.BadPaddingException;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.python.bouncycastle.pqc.jcajce.spec.McElieceCCA2ParameterSpec;
import sun.security.jca.JCAUtil;

/* JADX WARN: Classes with same name are omitted:
  input_file:uab-bootstrap-1.2.10/bin/java/unix/1.8.0_265/lib/rt.jar:sun/security/rsa/RSAPSSSignature.class
 */
/* loaded from: input_file:uab-bootstrap-1.2.10/bin/java/win/1.8.0_265/lib/rt.jar:sun/security/rsa/RSAPSSSignature.class */
public class RSAPSSSignature extends SignatureSpi {
    private static final boolean DEBUG = false;
    private static final byte[] EIGHT_BYTES_OF_ZEROS = new byte[8];
    private static final Hashtable<String, Integer> DIGEST_LENGTHS = new Hashtable<>();
    private SecureRandom random;
    private boolean digestReset = true;
    private RSAPrivateKey privKey = null;
    private RSAPublicKey pubKey = null;
    private PSSParameterSpec sigParams = null;
    private MessageDigest md = null;

    private boolean isDigestEqual(String str, String str2) {
        if (str == null || str2 == null) {
            return false;
        }
        if (str2.indexOf("-") != -1) {
            return str.equalsIgnoreCase(str2);
        }
        if (str.equals(MessageDigestAlgorithms.SHA_1)) {
            return str2.equalsIgnoreCase("SHA") || str2.equalsIgnoreCase("SHA1");
        }
        StringBuilder sb = new StringBuilder(str2);
        if (str2.regionMatches(true, 0, "SHA", 0, 3)) {
            return str.equalsIgnoreCase(sb.insert(3, "-").toString());
        }
        throw new ProviderException("Unsupported digest algorithm " + str2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
        if (!(publicKey instanceof RSAPublicKey)) {
            throw new InvalidKeyException("key must be RSAPublicKey");
        }
        this.pubKey = (RSAPublicKey) isValid((RSAKey) publicKey);
        this.privKey = null;
        resetDigest();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
        engineInitSign(privateKey, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineInitSign(PrivateKey privateKey, SecureRandom secureRandom) throws InvalidKeyException {
        if (!(privateKey instanceof RSAPrivateKey)) {
            throw new InvalidKeyException("key must be RSAPrivateKey");
        }
        this.privKey = (RSAPrivateKey) isValid((RSAKey) privateKey);
        this.pubKey = null;
        this.random = secureRandom == null ? JCAUtil.getSecureRandom() : secureRandom;
        resetDigest();
    }

    private static boolean isCompatible(AlgorithmParameterSpec algorithmParameterSpec, PSSParameterSpec pSSParameterSpec) {
        if (algorithmParameterSpec == null) {
            return true;
        }
        if (!(algorithmParameterSpec instanceof PSSParameterSpec)) {
            return false;
        }
        if (pSSParameterSpec == null) {
            return true;
        }
        PSSParameterSpec pSSParameterSpec2 = (PSSParameterSpec) algorithmParameterSpec;
        if (pSSParameterSpec2.getSaltLength() > pSSParameterSpec.getSaltLength()) {
            return false;
        }
        PSSParameterSpec pSSParameterSpec3 = new PSSParameterSpec(pSSParameterSpec2.getDigestAlgorithm(), pSSParameterSpec2.getMGFAlgorithm(), pSSParameterSpec2.getMGFParameters(), pSSParameterSpec.getSaltLength(), pSSParameterSpec2.getTrailerField());
        PSSParameters pSSParameters = new PSSParameters();
        try {
            pSSParameters.engineInit(pSSParameterSpec3);
            byte[] engineGetEncoded = pSSParameters.engineGetEncoded();
            pSSParameters.engineInit(pSSParameterSpec);
            return Arrays.equals(engineGetEncoded, pSSParameters.engineGetEncoded());
        } catch (Exception e) {
            return false;
        }
    }

    private RSAKey isValid(RSAKey rSAKey) throws InvalidKeyException {
        try {
            rSAKey.getParams();
            if (!isCompatible(rSAKey.getParams(), this.sigParams)) {
                throw new InvalidKeyException("Key contains incompatible PSS parameter values");
            }
            if (this.sigParams != null) {
                Integer num = DIGEST_LENGTHS.get(this.sigParams.getDigestAlgorithm());
                if (num == null) {
                    throw new ProviderException("Unsupported digest algo: " + this.sigParams.getDigestAlgorithm());
                }
                checkKeyLength(rSAKey, num.intValue(), this.sigParams.getSaltLength());
            }
            return rSAKey;
        } catch (SignatureException e) {
            throw new InvalidKeyException(e);
        }
    }

    private PSSParameterSpec validateSigParams(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        if (algorithmParameterSpec == null) {
            throw new InvalidAlgorithmParameterException("Parameters cannot be null");
        }
        if (!(algorithmParameterSpec instanceof PSSParameterSpec)) {
            throw new InvalidAlgorithmParameterException("parameters must be type PSSParameterSpec");
        }
        PSSParameterSpec pSSParameterSpec = (PSSParameterSpec) algorithmParameterSpec;
        if (pSSParameterSpec == this.sigParams) {
            return pSSParameterSpec;
        }
        RSAKey rSAKey = this.privKey == null ? this.pubKey : this.privKey;
        if (rSAKey != null && !isCompatible(rSAKey.getParams(), pSSParameterSpec)) {
            throw new InvalidAlgorithmParameterException("Signature parameters does not match key parameters");
        }
        if (!pSSParameterSpec.getMGFAlgorithm().equalsIgnoreCase("MGF1")) {
            throw new InvalidAlgorithmParameterException("Only supports MGF1");
        }
        if (pSSParameterSpec.getTrailerField() != 1) {
            throw new InvalidAlgorithmParameterException("Only supports TrailerFieldBC(1)");
        }
        String digestAlgorithm = pSSParameterSpec.getDigestAlgorithm();
        if (rSAKey != null) {
            try {
                checkKeyLength(rSAKey, DIGEST_LENGTHS.get(digestAlgorithm).intValue(), pSSParameterSpec.getSaltLength());
            } catch (SignatureException e) {
                throw new InvalidAlgorithmParameterException(e);
            }
        }
        return pSSParameterSpec;
    }

    private void ensureInit() throws SignatureException {
        if ((this.privKey == null ? this.pubKey : this.privKey) == null) {
            throw new SignatureException("Missing key");
        }
        if (this.sigParams == null) {
            throw new SignatureException("Parameters required for RSASSA-PSS signatures");
        }
    }

    private static void checkKeyLength(RSAKey rSAKey, int i, int i2) throws SignatureException {
        if (rSAKey != null) {
            int keyLengthInBits = getKeyLengthInBits(rSAKey) >> 3;
            int addExact = Math.addExact(Math.addExact(i, i2), 2);
            if (keyLengthInBits < addExact) {
                throw new SignatureException("Key is too short, need min " + addExact);
            }
        }
    }

    private void resetDigest() {
        if (this.digestReset) {
            return;
        }
        this.md.reset();
        this.digestReset = true;
    }

    private byte[] getDigestValue() {
        this.digestReset = true;
        return this.md.digest();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineUpdate(byte b) throws SignatureException {
        ensureInit();
        this.md.update(b);
        this.digestReset = false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineUpdate(byte[] bArr, int i, int i2) throws SignatureException {
        ensureInit();
        this.md.update(bArr, i, i2);
        this.digestReset = false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineUpdate(ByteBuffer byteBuffer) {
        try {
            ensureInit();
            this.md.update(byteBuffer);
            this.digestReset = false;
        } catch (SignatureException e) {
            throw new RuntimeException(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public byte[] engineSign() throws SignatureException {
        ensureInit();
        try {
            return RSACore.rsa(encodeSignature(getDigestValue()), this.privKey, true);
        } catch (IOException e) {
            throw new SignatureException("Could not encode data", e);
        } catch (GeneralSecurityException e2) {
            throw new SignatureException("Could not sign data", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public boolean engineVerify(byte[] bArr) throws SignatureException {
        ensureInit();
        try {
            try {
                if (bArr.length != RSACore.getByteLength(this.pubKey)) {
                    throw new SignatureException("Signature length not correct: got " + bArr.length + " but was expecting " + RSACore.getByteLength(this.pubKey));
                }
                boolean decodeSignature = decodeSignature(getDigestValue(), RSACore.rsa(bArr, this.pubKey));
                resetDigest();
                return decodeSignature;
            } catch (IOException e) {
                throw new SignatureException("Signature encoding error", e);
            } catch (BadPaddingException e2) {
                resetDigest();
                return false;
            }
        } catch (Throwable th) {
            resetDigest();
            throw th;
        }
    }

    private static int getKeyLengthInBits(RSAKey rSAKey) {
        if (rSAKey != null) {
            return rSAKey.getModulus().bitLength();
        }
        return -1;
    }

    private byte[] encodeSignature(byte[] bArr) throws IOException, DigestException {
        AlgorithmParameterSpec mGFParameters = this.sigParams.getMGFParameters();
        String digestAlgorithm = mGFParameters != null ? ((MGF1ParameterSpec) mGFParameters).getDigestAlgorithm() : this.md.getAlgorithm();
        try {
            int keyLengthInBits = getKeyLengthInBits(this.privKey) - 1;
            int i = (keyLengthInBits + 7) >> 3;
            int digestLength = this.md.getDigestLength();
            int i2 = (i - digestLength) - 1;
            int saltLength = this.sigParams.getSaltLength();
            byte[] bArr2 = new byte[i];
            bArr2[(i2 - saltLength) - 1] = 1;
            bArr2[bArr2.length - 1] = -68;
            if (!this.digestReset) {
                throw new ProviderException("Digest should be reset");
            }
            this.md.update(EIGHT_BYTES_OF_ZEROS);
            this.digestReset = false;
            this.md.update(bArr);
            if (saltLength != 0) {
                byte[] bArr3 = new byte[saltLength];
                this.random.nextBytes(bArr3);
                this.md.update(bArr3);
                System.arraycopy(bArr3, 0, bArr2, i2 - saltLength, saltLength);
            }
            this.md.digest(bArr2, i2, digestLength);
            this.digestReset = true;
            new MGF1(digestAlgorithm).generateAndXor(bArr2, i2, digestLength, i2, bArr2, 0);
            int i3 = (i << 3) - keyLengthInBits;
            if (i3 != 0) {
                bArr2[0] = (byte) (bArr2[0] & ((byte) (255 >>> i3)));
            }
            return bArr2;
        } catch (NoSuchAlgorithmException e) {
            throw new IOException(e.toString());
        }
    }

    private boolean decodeSignature(byte[] bArr, byte[] bArr2) throws IOException {
        int length = bArr.length;
        int saltLength = this.sigParams.getSaltLength();
        int length2 = bArr2.length;
        int keyLengthInBits = getKeyLengthInBits(this.pubKey) - 1;
        if (length2 < length + saltLength + 2 || bArr2[length2 - 1] != -68) {
            return false;
        }
        int i = (length2 << 3) - keyLengthInBits;
        if (i != 0) {
            if ((bArr2[0] & ((byte) (255 << (8 - i)))) != 0) {
                return false;
            }
        }
        AlgorithmParameterSpec mGFParameters = this.sigParams.getMGFParameters();
        String digestAlgorithm = mGFParameters != null ? ((MGF1ParameterSpec) mGFParameters).getDigestAlgorithm() : this.md.getAlgorithm();
        int i2 = (length2 - length) - 1;
        try {
            new MGF1(digestAlgorithm).generateAndXor(bArr2, i2, length, i2, bArr2, 0);
            if (i != 0) {
                bArr2[0] = (byte) (bArr2[0] & ((byte) (255 >>> i)));
            }
            int i3 = 0;
            while (i3 < (i2 - saltLength) - 1) {
                if (bArr2[i3] != 0) {
                    return false;
                }
                i3++;
            }
            if (bArr2[i3] != 1) {
                return false;
            }
            this.md.update(EIGHT_BYTES_OF_ZEROS);
            this.digestReset = false;
            this.md.update(bArr);
            if (saltLength > 0) {
                this.md.update(bArr2, i2 - saltLength, saltLength);
            }
            byte[] digest = this.md.digest();
            this.digestReset = true;
            return MessageDigest.isEqual(digest, Arrays.copyOfRange(bArr2, i2, length2 - 1));
        } catch (NoSuchAlgorithmException e) {
            throw new IOException(e.toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    @Deprecated
    public void engineSetParameter(String str, Object obj) throws InvalidParameterException {
        throw new UnsupportedOperationException("setParameter() not supported");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineSetParameter(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        this.sigParams = validateSigParams(algorithmParameterSpec);
        if (!this.digestReset) {
            throw new ProviderException("Cannot set parameters during operations");
        }
        String digestAlgorithm = this.sigParams.getDigestAlgorithm();
        if (this.md == null || !this.md.getAlgorithm().equalsIgnoreCase(digestAlgorithm)) {
            try {
                this.md = MessageDigest.getInstance(digestAlgorithm);
            } catch (NoSuchAlgorithmException e) {
                throw new InvalidAlgorithmParameterException("Unsupported digest algorithm " + digestAlgorithm, e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    @Deprecated
    public Object engineGetParameter(String str) throws InvalidParameterException {
        throw new UnsupportedOperationException("getParameter() not supported");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public AlgorithmParameters engineGetParameters() {
        AlgorithmParameters algorithmParameters = null;
        if (this.sigParams != null) {
            try {
                algorithmParameters = AlgorithmParameters.getInstance("RSASSA-PSS");
                algorithmParameters.init(this.sigParams);
            } catch (GeneralSecurityException e) {
                throw new ProviderException(e.getMessage());
            }
        }
        return algorithmParameters;
    }

    static {
        DIGEST_LENGTHS.put(MessageDigestAlgorithms.SHA_1, 20);
        DIGEST_LENGTHS.put("SHA", 20);
        DIGEST_LENGTHS.put("SHA1", 20);
        DIGEST_LENGTHS.put("SHA-224", 28);
        DIGEST_LENGTHS.put("SHA224", 28);
        DIGEST_LENGTHS.put(MessageDigestAlgorithms.SHA_256, 32);
        DIGEST_LENGTHS.put(McElieceCCA2ParameterSpec.DEFAULT_MD, 32);
        DIGEST_LENGTHS.put(MessageDigestAlgorithms.SHA_384, 48);
        DIGEST_LENGTHS.put("SHA384", 48);
        DIGEST_LENGTHS.put(MessageDigestAlgorithms.SHA_512, 64);
        DIGEST_LENGTHS.put("SHA512", 64);
        DIGEST_LENGTHS.put("SHA-512/224", 28);
        DIGEST_LENGTHS.put("SHA512/224", 28);
        DIGEST_LENGTHS.put("SHA-512/256", 32);
        DIGEST_LENGTHS.put("SHA512/256", 32);
    }
}
