package com.tencent.kona.sun.security.rsa;

import com.baidu.mobads.sdk.internal.bw;
import com.tencent.kona.crypto.CryptoInsts;
import com.tencent.kona.sun.security.rsa.RSAUtil;
import com.tencent.kona.sun.security.util.ObjectIdentifier;
import com.tencent.kona.sun.security.x509.AlgorithmId;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.SignatureSpi;
import java.security.interfaces.RSAKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.BadPaddingException;

/* loaded from: classes2.dex */
abstract class RSASignature extends SignatureSpi {
    private static final int baseLength = 8;
    private final ObjectIdentifier digestOID;
    private boolean digestReset;
    private final int encodedLength;
    private final MessageDigest md;
    private RSAPadding padding;
    private RSAPrivateKey privateKey;
    private RSAPublicKey publicKey;

    /* loaded from: classes2.dex */
    public static final class MD2withRSA extends RSASignature {
        public MD2withRSA() {
            super("MD2", AlgorithmId.MD2_oid, 10);
        }
    }

    /* loaded from: classes2.dex */
    public static final class MD5withRSA extends RSASignature {
        public MD5withRSA() {
            super(bw.f10396a, AlgorithmId.MD5_oid, 10);
        }
    }

    /* loaded from: classes2.dex */
    public static final class SHA1withRSA extends RSASignature {
        public SHA1withRSA() {
            super("SHA-1", AlgorithmId.SHA_oid, 7);
        }
    }

    /* loaded from: classes2.dex */
    public static final class SHA224withRSA extends RSASignature {
        public SHA224withRSA() {
            super("SHA-224", AlgorithmId.SHA224_oid, 11);
        }
    }

    /* loaded from: classes2.dex */
    public static final class SHA256withRSA extends RSASignature {
        public SHA256withRSA() {
            super("SHA-256", AlgorithmId.SHA256_oid, 11);
        }
    }

    /* loaded from: classes2.dex */
    public static final class SHA384withRSA extends RSASignature {
        public SHA384withRSA() {
            super("SHA-384", AlgorithmId.SHA384_oid, 11);
        }
    }

    /* loaded from: classes2.dex */
    public static final class SHA3_224withRSA extends RSASignature {
        public SHA3_224withRSA() {
            super("SHA3-224", AlgorithmId.SHA3_224_oid, 11);
        }
    }

    /* loaded from: classes2.dex */
    public static final class SHA3_256withRSA extends RSASignature {
        public SHA3_256withRSA() {
            super("SHA3-256", AlgorithmId.SHA3_256_oid, 11);
        }
    }

    /* loaded from: classes2.dex */
    public static final class SHA3_384withRSA extends RSASignature {
        public SHA3_384withRSA() {
            super("SHA3-384", AlgorithmId.SHA3_384_oid, 11);
        }
    }

    /* loaded from: classes2.dex */
    public static final class SHA3_512withRSA extends RSASignature {
        public SHA3_512withRSA() {
            super("SHA3-512", AlgorithmId.SHA3_512_oid, 11);
        }
    }

    /* loaded from: classes2.dex */
    public static final class SHA512_224withRSA extends RSASignature {
        public SHA512_224withRSA() {
            super("SHA-512/224", AlgorithmId.SHA512_224_oid, 11);
        }
    }

    /* loaded from: classes2.dex */
    public static final class SHA512_256withRSA extends RSASignature {
        public SHA512_256withRSA() {
            super("SHA-512/256", AlgorithmId.SHA512_256_oid, 11);
        }
    }

    /* loaded from: classes2.dex */
    public static final class SHA512withRSA extends RSASignature {
        public SHA512withRSA() {
            super("SHA-512", AlgorithmId.SHA512_oid, 11);
        }
    }

    RSASignature(String str, ObjectIdentifier objectIdentifier, int i2) {
        this.digestOID = objectIdentifier;
        try {
            MessageDigest messageDigest = CryptoInsts.getMessageDigest(str);
            this.md = messageDigest;
            this.digestReset = true;
            this.encodedLength = i2 + 8 + messageDigest.getDigestLength();
        } catch (NoSuchAlgorithmException e2) {
            throw new ProviderException(e2);
        }
    }

    private byte[] getDigestValue() {
        this.digestReset = true;
        return this.md.digest();
    }

    private void initCommon(RSAKey rSAKey, SecureRandom secureRandom) throws InvalidKeyException {
        try {
            RSAUtil.checkParamsAgainstType(RSAUtil.KeyType.RSA, RSAUtil.SUPPORT_PSS ? rSAKey.getParams() : null);
            resetDigest();
            try {
                RSAPadding rSAPadding = RSAPadding.getInstance(1, RSACore.getByteLength(rSAKey), secureRandom);
                this.padding = rSAPadding;
                if (this.encodedLength > rSAPadding.getMaxDataSize()) {
                    throw new InvalidKeyException("Key is too short for this signature algorithm");
                }
            } catch (InvalidAlgorithmParameterException e2) {
                throw new InvalidKeyException(e2.getMessage());
            }
        } catch (ProviderException e3) {
            throw new InvalidKeyException("Invalid key for RSA signatures", e3);
        }
    }

    private void resetDigest() {
        if (this.digestReset) {
            return;
        }
        this.md.reset();
        this.digestReset = true;
    }

    @Override // java.security.SignatureSpi
    @Deprecated
    protected Object engineGetParameter(String str) throws InvalidParameterException {
        throw new UnsupportedOperationException("getParameter() not supported");
    }

    @Override // java.security.SignatureSpi
    protected AlgorithmParameters engineGetParameters() {
        return null;
    }

    @Override // java.security.SignatureSpi
    protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
        engineInitSign(privateKey, null);
    }

    @Override // java.security.SignatureSpi
    protected void engineInitSign(PrivateKey privateKey, SecureRandom secureRandom) throws InvalidKeyException {
        RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) RSAKeyFactory.toRSAKey(privateKey);
        this.privateKey = rSAPrivateKey;
        this.publicKey = null;
        initCommon(rSAPrivateKey, secureRandom);
    }

    @Override // java.security.SignatureSpi
    protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
        RSAPublicKey rSAPublicKey = (RSAPublicKey) RSAKeyFactory.toRSAKey(publicKey);
        this.privateKey = null;
        this.publicKey = rSAPublicKey;
        initCommon(rSAPublicKey, null);
    }

    @Override // java.security.SignatureSpi
    @Deprecated
    protected void engineSetParameter(String str, Object obj) throws InvalidParameterException {
        throw new UnsupportedOperationException("setParameter() not supported");
    }

    @Override // java.security.SignatureSpi
    protected void engineSetParameter(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        if (algorithmParameterSpec != null) {
            throw new InvalidAlgorithmParameterException("No parameters accepted");
        }
    }

    @Override // java.security.SignatureSpi
    protected byte[] engineSign() throws SignatureException {
        if (this.privateKey == null) {
            throw new SignatureException("Missing private key");
        }
        try {
            return RSACore.rsa(this.padding.pad(RSAUtil.encodeSignature(this.digestOID, getDigestValue())), this.privateKey, true);
        } catch (GeneralSecurityException e2) {
            throw new SignatureException("Could not sign data", e2);
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte b2) throws SignatureException {
        this.md.update(b2);
        this.digestReset = false;
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(ByteBuffer byteBuffer) {
        this.md.update(byteBuffer);
        this.digestReset = false;
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte[] bArr, int i2, int i3) throws SignatureException {
        this.md.update(bArr, i2, i3);
        this.digestReset = false;
    }

    @Override // java.security.SignatureSpi
    protected boolean engineVerify(byte[] bArr) throws SignatureException {
        RSAPublicKey rSAPublicKey = this.publicKey;
        try {
            if (rSAPublicKey == null) {
                throw new SignatureException("Missing public key");
            }
            try {
                if (bArr.length == RSACore.getByteLength(rSAPublicKey)) {
                    boolean isEqual = MessageDigest.isEqual(getDigestValue(), RSAUtil.decodeSignature(this.digestOID, this.padding.unpad(RSACore.rsa(bArr, this.publicKey))));
                    resetDigest();
                    return isEqual;
                }
                throw new SignatureException("Signature length not correct: got " + bArr.length + " but was expecting " + RSACore.getByteLength(this.publicKey));
            } catch (IOException e2) {
                throw new SignatureException("Signature encoding error", e2);
            } catch (BadPaddingException unused) {
                resetDigest();
                return false;
            }
        } catch (Throwable th) {
            resetDigest();
            throw th;
        }
    }
}
