package sun.security.rsa;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.SignatureSpi;
import java.security.interfaces.RSAKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import sun.security.util.DerInputStream;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.AlgorithmId;

/* loaded from: classes4.dex */
public abstract class RSASignature extends SignatureSpi {
    private static final int baseLength = 8;
    private final ObjectIdentifier digestOID;
    private boolean digestReset;
    private final int encodedLength;
    private final MessageDigest md;
    private RSAPadding padding;
    private RSAPrivateKey privateKey;
    private RSAPublicKey publicKey;

    /* loaded from: classes4.dex */
    public static final class MD2withRSA extends RSASignature {
        public MD2withRSA() {
            super("MD2", AlgorithmId.MD2_oid, 10);
        }
    }

    /* loaded from: classes4.dex */
    public static final class MD5withRSA extends RSASignature {
        public MD5withRSA() {
            super("MD5", AlgorithmId.MD5_oid, 10);
        }
    }

    /* loaded from: classes4.dex */
    public static final class SHA1withRSA extends RSASignature {
        public SHA1withRSA() {
            super("SHA-1", AlgorithmId.SHA_oid, 7);
        }
    }

    /* loaded from: classes4.dex */
    public static final class SHA256withRSA extends RSASignature {
        public SHA256withRSA() {
            super("SHA-256", AlgorithmId.SHA256_oid, 11);
        }
    }

    /* loaded from: classes4.dex */
    public static final class SHA384withRSA extends RSASignature {
        public SHA384withRSA() {
            super("SHA-384", AlgorithmId.SHA384_oid, 11);
        }
    }

    /* loaded from: classes4.dex */
    public static final class SHA512withRSA extends RSASignature {
        public SHA512withRSA() {
            super("SHA-512", AlgorithmId.SHA512_oid, 11);
        }
    }

    RSASignature(String str, ObjectIdentifier objectIdentifier, int i) {
        this.digestOID = objectIdentifier;
        try {
            this.md = MessageDigest.getInstance(str);
            this.digestReset = true;
            this.encodedLength = i + 8 + this.md.getDigestLength();
        } catch (NoSuchAlgorithmException e) {
            throw new ProviderException(e);
        }
    }

    public static byte[] decodeSignature(ObjectIdentifier objectIdentifier, byte[] bArr) throws IOException {
        DerInputStream derInputStream = new DerInputStream(bArr);
        DerValue[] sequence = derInputStream.getSequence(2);
        if (sequence.length != 2 || derInputStream.available() != 0) {
            throw new IOException("SEQUENCE length error");
        }
        AlgorithmId parse = AlgorithmId.parse(sequence[0]);
        if (!parse.getOID().equals(objectIdentifier)) {
            throw new IOException("ObjectIdentifier mismatch: " + ((Object) parse.getOID()));
        }
        if (parse.getEncodedParams() != null) {
            throw new IOException("Unexpected AlgorithmId parameters");
        }
        return sequence[1].getOctetString();
    }

    public static byte[] encodeSignature(ObjectIdentifier objectIdentifier, byte[] bArr) throws IOException {
        DerOutputStream derOutputStream = new DerOutputStream();
        new AlgorithmId(objectIdentifier).encode(derOutputStream);
        derOutputStream.putOctetString(bArr);
        return new DerValue((byte) 48, derOutputStream.toByteArray()).toByteArray();
    }

    private byte[] getDigestValue() {
        this.digestReset = true;
        return this.md.digest();
    }

    private void initCommon(RSAKey rSAKey, SecureRandom secureRandom) throws InvalidKeyException {
        resetDigest();
        try {
            this.padding = RSAPadding.getInstance(1, RSACore.getByteLength(rSAKey), secureRandom);
            if (this.encodedLength > this.padding.getMaxDataSize()) {
                throw new InvalidKeyException("Key is too short for this signature algorithm");
            }
        } catch (InvalidAlgorithmParameterException e) {
            throw new InvalidKeyException(e.getMessage());
        }
    }

    private void resetDigest() {
        if (this.digestReset) {
            return;
        }
        this.md.reset();
        this.digestReset = true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public Object engineGetParameter(String str) throws InvalidParameterException {
        throw new UnsupportedOperationException("getParameter() not supported");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
        engineInitSign(privateKey, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineInitSign(PrivateKey privateKey, SecureRandom secureRandom) throws InvalidKeyException {
        RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) RSAKeyFactory.toRSAKey(privateKey);
        this.privateKey = rSAPrivateKey;
        this.publicKey = null;
        initCommon(rSAPrivateKey, secureRandom);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
        RSAPublicKey rSAPublicKey = (RSAPublicKey) RSAKeyFactory.toRSAKey(publicKey);
        this.privateKey = null;
        this.publicKey = rSAPublicKey;
        initCommon(rSAPublicKey, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineSetParameter(String str, Object obj) throws InvalidParameterException {
        throw new UnsupportedOperationException("setParameter() not supported");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public byte[] engineSign() throws SignatureException {
        try {
            return RSACore.rsa(this.padding.pad(encodeSignature(this.digestOID, getDigestValue())), this.privateKey);
        } catch (IOException e) {
            throw new SignatureException("Could not encode data", e);
        } catch (GeneralSecurityException e2) {
            throw new SignatureException("Could not sign data", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineUpdate(byte b) throws SignatureException {
        this.md.update(b);
        this.digestReset = false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineUpdate(ByteBuffer byteBuffer) {
        this.md.update(byteBuffer);
        this.digestReset = false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineUpdate(byte[] bArr, int i, int i2) throws SignatureException {
        this.md.update(bArr, i, i2);
        this.digestReset = false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public boolean engineVerify(byte[] bArr) throws SignatureException {
        if (bArr.length != RSACore.getByteLength(this.publicKey)) {
            throw new SignatureException("Signature length not correct: got " + bArr.length + " but was expecting " + RSACore.getByteLength(this.publicKey));
        }
        try {
            return Arrays.equals(getDigestValue(), decodeSignature(this.digestOID, this.padding.unpad(RSACore.rsa(bArr, this.publicKey))));
        } catch (IOException e) {
            throw new SignatureException("Signature encoding error", e);
        } catch (BadPaddingException e2) {
            return false;
        } catch (GeneralSecurityException e3) {
            throw new SignatureException("Signature verification failed", e3);
        }
    }
}
