package kz.akkamal.aksig;

import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.SignatureSpi;
import java.util.Arrays;
import kz.akkamal.org.bouncycastle.asn1.ASN1Encodable;
import kz.akkamal.org.bouncycastle.asn1.ASN1Object;
import kz.akkamal.org.bouncycastle.asn1.ASN1Sequence;
import kz.akkamal.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import kz.akkamal.org.bouncycastle.asn1.x509.DigestInfo;

/* loaded from: classes.dex */
public class RsaSigner extends SignatureSpi {
    public static final int DIG_SHA1 = 1;
    public static final int DIG_SHA256 = 2;
    public static final int DIG_SHA384 = 3;
    public static final int DIG_SHA512 = 4;
    private static final int OP_NOT_INITED = 0;
    private static final int OP_SIGN = 1;
    private static final int OP_VERIFY = 2;
    private MessageDigest md;
    private int opMode;
    private RsaPrivateKey privateKey;
    private RsaPublicKey publicKey;

    /* loaded from: classes.dex */
    public static class SHA1WithRSA extends RsaSigner {
        public SHA1WithRSA() {
            super(1);
        }
    }

    /* loaded from: classes.dex */
    public static class SHA256WithRSA extends RsaSigner {
        public SHA256WithRSA() {
            super(2);
        }
    }

    /* loaded from: classes.dex */
    public static class SHA384WithRSA extends RsaSigner {
        public SHA384WithRSA() {
            super(3);
        }
    }

    /* loaded from: classes.dex */
    public static class SHA512WithRSA extends RsaSigner {
        public SHA512WithRSA() {
            super(4);
        }
    }

    protected RsaSigner(int i) {
        this.opMode = 0;
        switch (i) {
            case 1:
                this.md = new Sha1Digest();
                break;
            case 2:
                this.md = new Sha256Digest();
                break;
            case 3:
                this.md = new Sha384Digest();
                break;
            case 4:
                this.md = new Sha512Digest();
                break;
            default:
                this.md = new Sha256Digest();
                break;
        }
        this.opMode = 0;
    }

    private byte[] emsaDecode(byte[] bArr) throws SignatureException {
        if ((bArr[0] != 0) && (bArr[1] != 1)) {
            throw new SignatureException("Bad signature: bad emsa encoding");
        }
        int i = 1;
        while (true) {
            i++;
            if (i >= bArr.length) {
                break;
            }
            if (bArr[i] != -1) {
                if (bArr[i] != 0) {
                    throw new SignatureException("Bad signature: bad emsa encoding");
                }
            }
        }
        if (i == bArr.length) {
            throw new SignatureException("Bad signature: bad emsa encoding");
        }
        int i2 = i + 1;
        byte[] bArr2 = new byte[bArr.length - i2];
        System.arraycopy(bArr, i2, bArr2, 0, bArr2.length);
        try {
            DigestInfo digestInfo = new DigestInfo((ASN1Sequence) ASN1Object.fromByteArray(bArr2));
            if (digestInfo.getAlgorithmId().getObjectId().getId().equals(AkSigProv.getDigestOid(this.md.getAlgorithm()))) {
                return digestInfo.getDigest();
            }
            throw new SignatureException("Digest algs are different: " + this.md.getAlgorithm() + "-" + digestInfo.getAlgorithmId().getObjectId().getId());
        } catch (IOException e) {
            throw new SignatureException(e);
        }
    }

    private byte[] emsaEncode(byte[] bArr, int i) throws SignatureException {
        try {
            byte[] encoded = new DigestInfo(new AlgorithmIdentifier(AkSigProv.getDigestOid(this.md.getAlgorithm())), bArr).getEncoded(ASN1Encodable.DER);
            if (i < encoded.length + 11) {
                throw new SignatureException("intended encoded message length too short”");
            }
            byte[] bArr2 = new byte[i];
            bArr2[0] = 0;
            bArr2[1] = 1;
            int i2 = 2;
            while (i2 != (bArr2.length - encoded.length) - 1) {
                bArr2[i2] = -1;
                i2++;
            }
            bArr2[i2] = 0;
            System.arraycopy(encoded, 0, bArr2, i2 + 1, encoded.length);
            return bArr2;
        } catch (IOException e) {
            throw new SignatureException(e);
        }
    }

    private static byte[] i2osp(BigInteger bigInteger, int i) throws SignatureException {
        byte[] byteArray = bigInteger.toByteArray();
        if (byteArray.length > i && byteArray[0] == 0) {
            byte[] bArr = new byte[i];
            System.arraycopy(byteArray, 1, bArr, 0, bArr.length);
            byteArray = bArr;
        }
        if (byteArray.length > i) {
            throw new SignatureException("integer too large");
        }
        byte[] bArr2 = new byte[i];
        System.arraycopy(byteArray, 0, bArr2, i - byteArray.length, byteArray.length);
        return bArr2;
    }

    private static BigInteger os2ip(byte[] bArr) {
        return new BigInteger(1, bArr);
    }

    private void resetObjectState() {
        this.opMode = 0;
        this.md.reset();
    }

    private BigInteger rsaSP1(BigInteger bigInteger) throws SignatureException {
        if (bigInteger.compareTo(BigInteger.ZERO) < 0 || bigInteger.compareTo(this.privateKey.modulus) >= 0) {
            throw new SignatureException("message representative out of range");
        }
        if (!(this.privateKey instanceof RsaCrtPrivateKey)) {
            return bigInteger.modPow(this.privateKey.privateExponent, this.privateKey.modulus);
        }
        RsaCrtPrivateKey rsaCrtPrivateKey = (RsaCrtPrivateKey) this.privateKey;
        BigInteger bigInteger2 = rsaCrtPrivateKey.primeP;
        BigInteger bigInteger3 = rsaCrtPrivateKey.primeQ;
        BigInteger bigInteger4 = rsaCrtPrivateKey.primeExponentP;
        BigInteger bigInteger5 = rsaCrtPrivateKey.primeExponentQ;
        BigInteger bigInteger6 = rsaCrtPrivateKey.crtCoefficient;
        BigInteger modPow = bigInteger.remainder(bigInteger2).modPow(bigInteger4, bigInteger2);
        BigInteger modPow2 = bigInteger.remainder(bigInteger3).modPow(bigInteger5, bigInteger3);
        return modPow.subtract(modPow2).multiply(bigInteger6).mod(bigInteger2).multiply(bigInteger3).add(modPow2);
    }

    private BigInteger rsaVP1(BigInteger bigInteger) throws SignatureException {
        if (bigInteger.compareTo(BigInteger.ZERO) < 0 || bigInteger.compareTo(this.publicKey.modulus) >= 0) {
            throw new SignatureException("signature representative out of range");
        }
        return bigInteger.modPow(this.publicKey.publicExponent, this.publicKey.modulus);
    }

    @Override // java.security.SignatureSpi
    protected Object engineGetParameter(String str) throws InvalidParameterException {
        throw new UnsupportedOperationException("Not supported yet.");
    }

    @Override // java.security.SignatureSpi
    protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
        if (privateKey == null) {
            this.opMode = 0;
            throw new InvalidKeyException("Key is null");
        }
        if (privateKey instanceof RsaPrivateKey) {
            this.privateKey = (RsaPrivateKey) privateKey;
            this.opMode = 1;
        } else {
            if (!(privateKey instanceof RsaCrtPrivateKey)) {
                this.opMode = 0;
                throw new InvalidKeyException("Bad key");
            }
            this.privateKey = (RsaPrivateKey) privateKey;
            this.opMode = 1;
        }
        this.md.reset();
    }

    @Override // java.security.SignatureSpi
    protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
        if (publicKey == null) {
            this.opMode = 0;
            throw new InvalidKeyException("Key is null");
        }
        if (!(publicKey instanceof RsaPublicKey)) {
            this.opMode = 0;
            throw new InvalidKeyException("Bad key");
        }
        this.publicKey = (RsaPublicKey) publicKey;
        this.opMode = 2;
        this.md.reset();
    }

    @Override // java.security.SignatureSpi
    protected void engineSetParameter(String str, Object obj) throws InvalidParameterException {
        throw new UnsupportedOperationException("Not supported yet.");
    }

    @Override // java.security.SignatureSpi
    protected byte[] engineSign() throws SignatureException {
        if (this.opMode != 1) {
            resetObjectState();
            throw new SignatureException("sign operation not inited");
        }
        try {
            byte[] digest = this.md.digest();
            int bitLength = this.privateKey.modulus.bitLength() / 8;
            return i2osp(rsaSP1(os2ip(emsaEncode(digest, bitLength))), bitLength);
        } catch (SignatureException e) {
            resetObjectState();
            throw e;
        } catch (Exception e2) {
            resetObjectState();
            throw new SignatureException(e2);
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte b) throws SignatureException {
        if (this.opMode == 0) {
            throw new SignatureException("Signature not inited");
        }
        this.md.update(b);
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte[] bArr, int i, int i2) throws SignatureException {
        if (this.opMode == 0) {
            throw new SignatureException("Signature not inited");
        }
        this.md.update(bArr, i, i2);
    }

    @Override // java.security.SignatureSpi
    protected boolean engineVerify(byte[] bArr) throws SignatureException {
        if (this.opMode != 2) {
            resetObjectState();
            throw new SignatureException("sign verify operation not inited");
        }
        try {
            byte[] digest = this.md.digest();
            int bitLength = this.publicKey.modulus.bitLength() / 8;
            if (bArr.length == bitLength) {
                return Arrays.equals(emsaDecode(i2osp(rsaVP1(os2ip(bArr)), bitLength)), digest);
            }
            resetObjectState();
            return false;
        } catch (SignatureException e) {
            resetObjectState();
            throw e;
        } catch (Exception e2) {
            resetObjectState();
            throw new SignatureException(e2);
        }
    }
}
