package com.adobe.granite.crypto.internal.jsafe;

import com.adobe.granite.crypto.CryptoException;
import com.adobe.granite.crypto.internal.CryptoSupportImpl;
import com.rsa.crypto.AlgorithmStrings;
import com.rsa.jsafe.CryptoJ;
import com.rsa.jsafe.JSAFE_InvalidParameterException;
import com.rsa.jsafe.JSAFE_InvalidUseException;
import com.rsa.jsafe.JSAFE_KeyPair;
import com.rsa.jsafe.JSAFE_KeyWrapCipher;
import com.rsa.jsafe.JSAFE_MAC;
import com.rsa.jsafe.JSAFE_PrivateKey;
import com.rsa.jsafe.JSAFE_PublicKey;
import com.rsa.jsafe.JSAFE_SecretKey;
import com.rsa.jsafe.JSAFE_Signature;
import com.rsa.jsafe.JSAFE_SymmetricCipher;
import com.rsa.jsafe.JSAFE_UnimplementedException;
import com.rsa.jsafe.cert.AuthorityKeyIdentifier;
import com.rsa.jsafe.cert.CertCreationFactory;
import com.rsa.jsafe.cert.CertCreationParameterSpec;
import com.rsa.jsafe.cert.IssuerInformation;
import com.rsa.jsafe.cert.Version;
import com.rsa.jsafe.cert.X509ExtensionSpec;
import com.rsa.jsafe.cms.ParameterFactory;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/lib/jSafeCryptoSupport.jar:com/adobe/granite/crypto/internal/jsafe/JSafeCryptoSupport.class */
public class JSafeCryptoSupport extends CryptoSupportImpl {
    private static final String SHA256_WITH_RSA = "SHA256withRSA";
    private static final String X509 = "X.509";
    private static final Set<Integer> KEK_SIZES_BYTES = Collections.unmodifiableSet(new HashSet(Arrays.asList(16, 24, 32)));
    private final Logger log = LoggerFactory.getLogger(getClass());
    private byte[] key;
    private byte[] hmac_key;

    public JSafeCryptoSupport() throws Exception {
        String str;
        if (this.log.isDebugEnabled()) {
            this.log.debug("CryptoJ information:");
            this.log.debug("  CryptoJ Protection Domain: {}", CryptoJ.class.getProtectionDomain());
            this.log.debug("  FIPS 140 cryptographic module name: {}", CryptoJ.getFIPS140ModuleName());
            this.log.debug("  FIPS 140 compliant: {}", Boolean.valueOf(CryptoJ.isFIPS140Compliant()));
            this.log.debug("  FIPS 140 security level: {}", CryptoJ.getFIPS140SecurityLevel());
            this.log.debug("  Role: {}", CryptoJ.getRole() == 11 ? "User" : "Crypto Officer");
            this.log.debug("  FIPS 140 mode: {}", Boolean.valueOf(CryptoJ.isInFIPS140Mode()));
            switch (CryptoJ.getState()) {
                case 0:
                    str = "not initialized";
                    break;
                case 1:
                    str = "under self test";
                    break;
                case 2:
                    str = "operational";
                    break;
                case 3:
                    str = "failed";
                    break;
                default:
                    str = "unknown: " + CryptoJ.getState();
                    break;
            }
            this.log.debug("  State: {}", str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.adobe.granite.crypto.internal.CryptoSupportImpl
    public void init(byte[] bArr) throws Exception {
        dispose(this.key);
        if (bArr.length == 32) {
            this.key = JSafeHelper.deObfuscate(bArr);
        } else {
            if (bArr.length != 16) {
                throw new IllegalArgumentException("key");
            }
            this.key = bArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.adobe.granite.crypto.internal.CryptoSupportImpl
    public void init_hmac(byte[] bArr) throws Exception {
        dispose(this.hmac_key);
        if (bArr.length == 48) {
            this.hmac_key = JSafeHelper.deObfuscate(bArr);
        } else {
            if (bArr.length != 32) {
                throw new IllegalArgumentException("key");
            }
            this.hmac_key = bArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.adobe.granite.crypto.internal.CryptoSupportImpl
    public void dispose() {
        dispose(this.key);
        dispose(this.hmac_key);
    }

    @Override // com.adobe.granite.crypto.internal.CryptoSupportImpl
    protected void dispose(byte[] bArr) {
        if (bArr != null) {
            clear(bArr);
        }
    }

    @Override // com.adobe.granite.crypto.CryptoSupport
    public void nextRandomBytes(byte[] bArr) throws CryptoException {
        if (bArr == null) {
            throw new NullPointerException("bytes");
        }
        try {
            JSafeHelper.getSecureRandom().nextBytes(bArr);
        } catch (Exception e) {
            throw new CryptoException("Failed generating " + bArr.length + " random bytes", e);
        }
    }

    @Override // com.adobe.granite.crypto.CryptoSupport
    public byte[] hmac_sha256(byte[] bArr) throws CryptoException {
        return hmac_sha256(this.hmac_key, bArr);
    }

    @Override // com.adobe.granite.crypto.CryptoSupport
    public byte[] hmac_sha256(byte[] bArr, byte[] bArr2) throws CryptoException {
        if (bArr == null || bArr.length == 0) {
            throw new IllegalArgumentException("key");
        }
        if (bArr2 == null || bArr2.length == 0) {
            throw new IllegalArgumentException("text");
        }
        int min = Math.min(512, bArr.length);
        JSAFE_MAC jsafe_mac = null;
        JSAFE_SecretKey jSAFE_SecretKey = null;
        try {
            try {
                jsafe_mac = JSAFE_MAC.getInstance("HMAC/SHA256", "Java", JSafeHelper.getFipsContext());
                jSAFE_SecretKey = jsafe_mac.getBlankKey();
                jSAFE_SecretKey.setSecretKeyData("Clear", bArr, 0, min);
                jsafe_mac.macInit(jSAFE_SecretKey, JSafeHelper.getSecureRandom());
                jsafe_mac.macUpdate(bArr2, 0, bArr2.length);
                byte[] macFinal = jsafe_mac.macFinal();
                if (jSAFE_SecretKey != null) {
                    jSAFE_SecretKey.clearSensitiveData();
                }
                if (jsafe_mac != null) {
                    jsafe_mac.clearSensitiveData();
                }
                return macFinal;
            } catch (Exception e) {
                throw new CryptoException("Cannot generate hash", e);
            }
        } catch (Throwable th) {
            if (jSAFE_SecretKey != null) {
                jSAFE_SecretKey.clearSensitiveData();
            }
            if (jsafe_mac != null) {
                jsafe_mac.clearSensitiveData();
            }
            throw th;
        }
    }

    @Override // com.adobe.granite.crypto.internal.CryptoSupportImpl
    protected byte[] getCipherText(byte[] bArr) throws Exception {
        byte[] createIV = createIV();
        return getCipherText(getCipher(createIV, false), createIV, bArr);
    }

    @Override // com.adobe.granite.crypto.internal.CryptoSupportImpl
    protected byte[] getCipherText(byte[] bArr, byte[] bArr2) throws Exception {
        byte[] createIV = createIV();
        return getCipherText(getCipher(bArr, createIV, false), createIV, bArr2);
    }

    private byte[] getCipherText(JSAFE_SymmetricCipher jSAFE_SymmetricCipher, byte[] bArr, byte[] bArr2) throws Exception {
        byte[] bArr3 = new byte[jSAFE_SymmetricCipher.getOutputBufferSize(bArr2.length)];
        int encryptUpdate = jSAFE_SymmetricCipher.encryptUpdate(bArr2, 0, bArr2.length, bArr3, 0);
        int length = bArr.length + encryptUpdate + jSAFE_SymmetricCipher.encryptFinal(bArr3, encryptUpdate);
        byte[] bArr4 = new byte[length];
        System.arraycopy(bArr, 0, bArr4, 0, bArr.length);
        System.arraycopy(bArr3, 0, bArr4, bArr.length, length - bArr.length);
        jSAFE_SymmetricCipher.clearSensitiveData();
        Arrays.fill(bArr, (byte) 0);
        Arrays.fill(bArr3, (byte) 0);
        return bArr4;
    }

    @Override // com.adobe.granite.crypto.internal.CryptoSupportImpl
    protected byte[] getPlainText(byte[] bArr) throws Exception {
        byte[] iv = getIV(bArr);
        return getPlainText(getCipher(iv, true), iv, bArr);
    }

    @Override // com.adobe.granite.crypto.internal.CryptoSupportImpl
    protected byte[] getPlainText(byte[] bArr, byte[] bArr2) throws Exception {
        byte[] iv = getIV(bArr2);
        return getPlainText(getCipher(bArr, iv, true), iv, bArr2);
    }

    private byte[] getPlainText(JSAFE_SymmetricCipher jSAFE_SymmetricCipher, byte[] bArr, byte[] bArr2) throws Exception {
        byte[] bArr3 = new byte[bArr2.length];
        int decryptUpdate = jSAFE_SymmetricCipher.decryptUpdate(bArr2, bArr.length, bArr2.length - bArr.length, bArr3, 0);
        int decryptFinal = decryptUpdate + jSAFE_SymmetricCipher.decryptFinal(bArr3, decryptUpdate);
        byte[] bArr4 = new byte[decryptFinal];
        System.arraycopy(bArr3, 0, bArr4, 0, decryptFinal);
        jSAFE_SymmetricCipher.clearSensitiveData();
        Arrays.fill(bArr3, (byte) 0);
        return bArr4;
    }

    private JSAFE_SymmetricCipher getCipher(byte[] bArr, boolean z) throws Exception {
        return getCipher(this.key, bArr, z);
    }

    @Override // com.adobe.granite.crypto.CryptoSupport
    public byte[] wrapKey(byte[] bArr, byte[] bArr2) throws CryptoException {
        if (bArr2 == null) {
            throw new IllegalArgumentException("key data unavailable");
        }
        if (bArr2.length == 0) {
            throw new IllegalArgumentException("key data empty");
        }
        if (bArr2.length < 16 || bArr2.length % 8 != 0) {
            throw new IllegalArgumentException("key data length invalid");
        }
        validateKek(bArr);
        JSAFE_KeyWrapCipher jSAFE_KeyWrapCipher = null;
        try {
            try {
                jSAFE_KeyWrapCipher = getKeyWrapCipher(bArr, false);
                jSAFE_KeyWrapCipher.encryptUpdate(bArr2, 0, bArr2.length);
                byte[] encryptFinal = jSAFE_KeyWrapCipher.encryptFinal();
                if (jSAFE_KeyWrapCipher != null) {
                    jSAFE_KeyWrapCipher.clearSensitiveData();
                }
                return encryptFinal;
            } catch (Exception e) {
                throw new CryptoException("Cannot wrap key data", e);
            }
        } catch (Throwable th) {
            if (jSAFE_KeyWrapCipher != null) {
                jSAFE_KeyWrapCipher.clearSensitiveData();
            }
            throw th;
        }
    }

    @Override // com.adobe.granite.crypto.CryptoSupport
    public byte[] wrapKey(byte[] bArr) throws CryptoException {
        return wrapKey(this.key, bArr);
    }

    @Override // com.adobe.granite.crypto.CryptoSupport
    public byte[] unwrapKey(byte[] bArr, byte[] bArr2) throws CryptoException {
        if (bArr2 == null) {
            throw new IllegalArgumentException("wrapped key data unavailable");
        }
        if (bArr2.length == 0) {
            throw new IllegalArgumentException("wrapped key data empty");
        }
        validateKek(bArr);
        JSAFE_KeyWrapCipher jSAFE_KeyWrapCipher = null;
        try {
            try {
                jSAFE_KeyWrapCipher = getKeyWrapCipher(bArr, true);
                jSAFE_KeyWrapCipher.decryptUpdate(bArr2, 0, bArr2.length);
                byte[] decryptFinal = jSAFE_KeyWrapCipher.decryptFinal();
                if (jSAFE_KeyWrapCipher != null) {
                    jSAFE_KeyWrapCipher.clearSensitiveData();
                }
                return decryptFinal;
            } catch (Exception e) {
                throw new CryptoException("Cannot unwrap key data", e);
            }
        } catch (Throwable th) {
            if (jSAFE_KeyWrapCipher != null) {
                jSAFE_KeyWrapCipher.clearSensitiveData();
            }
            throw th;
        }
    }

    @Override // com.adobe.granite.crypto.CryptoSupport
    public byte[] unwrapKey(byte[] bArr) throws CryptoException {
        return unwrapKey(this.key, bArr);
    }

    private void validateKek(byte[] bArr) throws CryptoException {
        if (bArr == null) {
            throw new IllegalArgumentException("Key-encryption key unavailable");
        }
        if (bArr.length == 0) {
            throw new IllegalArgumentException("Key-encryption key empty");
        }
        if (!KEK_SIZES_BYTES.contains(Integer.valueOf(kekLength(bArr)))) {
            throw new IllegalArgumentException("Key-encryption key length invalid");
        }
    }

    private JSAFE_KeyWrapCipher getKeyWrapCipher(byte[] bArr, boolean z) throws Exception {
        int kekLength = kekLength(bArr);
        JSAFE_KeyWrapCipher jSAFE_KeyWrapCipher = JSAFE_KeyWrapCipher.getInstance(AlgorithmStrings.AES3394, "Java", JSafeHelper.getFipsContext());
        JSAFE_SecretKey jSAFE_SecretKey = JSAFE_SecretKey.getInstance(AlgorithmStrings.AES, "Java", JSafeHelper.getFipsContext());
        jSAFE_SecretKey.setSecretKeyData(bArr, 0, kekLength);
        if (z) {
            jSAFE_KeyWrapCipher.decryptInit(jSAFE_SecretKey);
        } else {
            jSAFE_KeyWrapCipher.encryptInit(jSAFE_SecretKey);
        }
        jSAFE_SecretKey.clearSensitiveData();
        return jSAFE_KeyWrapCipher;
    }

    private int kekLength(byte[] bArr) {
        return Math.min(32, bArr.length);
    }

    private JSAFE_SymmetricCipher getCipher(byte[] bArr, byte[] bArr2, boolean z) throws Exception {
        if (bArr == null) {
            throw new IllegalStateException("Encryption key unavailable");
        }
        int min = Math.min(512, bArr.length);
        JSAFE_SymmetricCipher jSAFE_SymmetricCipher = JSAFE_SymmetricCipher.getInstance(ParameterFactory.ENCRYPTION_ALG_AES_CBC_PKCS5PAD, "Java", JSafeHelper.getFipsContext());
        if (bArr2 == null || bArr2.length != jSAFE_SymmetricCipher.getBlockSize()) {
            throw new IllegalArgumentException("IV missing or wrong size; expecting " + jSAFE_SymmetricCipher.getBlockSize() + " byte IV");
        }
        jSAFE_SymmetricCipher.setIV(bArr2, 0, bArr2.length);
        JSAFE_SecretKey blankKey = jSAFE_SymmetricCipher.getBlankKey();
        blankKey.setSecretKeyData(bArr, 0, min);
        if (z) {
            jSAFE_SymmetricCipher.decryptInit(blankKey);
        } else {
            jSAFE_SymmetricCipher.encryptInit(blankKey);
        }
        blankKey.clearSensitiveData();
        return jSAFE_SymmetricCipher;
    }

    private byte[] createIV() throws Exception {
        byte[] bArr = new byte[16];
        JSafeHelper.getSecureRandom().nextBytes(bArr);
        return bArr;
    }

    private byte[] getIV(byte[] bArr) {
        if (bArr.length <= 16) {
            throw new IllegalArgumentException("Ciphertext too short");
        }
        byte[] bArr2 = new byte[16];
        System.arraycopy(bArr, 0, bArr2, 0, 16);
        return bArr2;
    }

    @Override // com.adobe.granite.crypto.CryptoSupport
    public KeyPair createKeyPair(String str) throws CryptoException {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("Unrecognised or unsupported signature algorithm");
        }
        if ("RSA".equals(str)) {
            return createKeyPairRSA();
        }
        throw new IllegalArgumentException("Unrecognised or unsupported signature algorithm");
    }

    @Override // com.adobe.granite.crypto.CryptoSupport
    public Certificate sign(Certificate certificate, KeyPair keyPair, X500Principal x500Principal, long j, long j2) throws CryptoException {
        IssuerInformation issuerInformation;
        try {
            byte[] bArr = new byte[8];
            nextRandomBytes(bArr);
            BigInteger abs = new BigInteger(bArr).abs();
            X509ExtensionSpec x509ExtensionSpec = new X509ExtensionSpec();
            x509ExtensionSpec.setSubjectKeyIdentifier(hmac_sha256(keyPair.getPublic().getEncoded()));
            CertCreationParameterSpec certCreationParameterSpec = new CertCreationParameterSpec();
            certCreationParameterSpec.setSubject(x500Principal);
            certCreationParameterSpec.setSubjectPublicKey(keyPair.getPublic());
            certCreationParameterSpec.setNotAfter(new Date(j2));
            certCreationParameterSpec.setNotBefore(new Date(j));
            certCreationParameterSpec.setSerialNum(abs);
            certCreationParameterSpec.setVersion(Version.V3);
            if (certificate instanceof X509Certificate) {
                X509Certificate x509Certificate = (X509Certificate) certificate;
                x509ExtensionSpec.setAuthorityKeyIdentifier(new AuthorityKeyIdentifier(x509Certificate));
                issuerInformation = new IssuerInformation(x509Certificate, keyPair.getPrivate(), SHA256_WITH_RSA);
            } else {
                if (certificate != null) {
                    throw new CryptoException("Issuer Certificate type not supported");
                }
                issuerInformation = new IssuerInformation(x500Principal, keyPair.getPrivate(), SHA256_WITH_RSA);
            }
            certCreationParameterSpec.setExtensions(x509ExtensionSpec);
            return CertCreationFactory.getInstance("X.509").generateCertificate(issuerInformation, certCreationParameterSpec);
        } catch (Exception e) {
            throw new CryptoException(e.getMessage(), e);
        }
    }

    @Override // com.adobe.granite.crypto.CryptoSupport
    public byte[] sign(byte[] bArr, PrivateKey privateKey, String str) throws CryptoException {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("Unrecognised or unsupported signature algorithm");
        }
        if (bArr == null || bArr.length == 0) {
            throw new IllegalArgumentException("No clear text to sign provided");
        }
        if (privateKey == null) {
            throw new IllegalArgumentException("No private key provided");
        }
        if (str.contains("RSA")) {
            return signWithRSA(bArr, privateKey, str);
        }
        throw new IllegalArgumentException("Unrecognised or unsupported signature algorithm");
    }

    @Override // com.adobe.granite.crypto.CryptoSupport
    public boolean verify(byte[] bArr, byte[] bArr2, PublicKey publicKey, String str) throws CryptoException {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("Unrecognised or unsupported signature algorithm");
        }
        if (bArr == null || bArr.length == 0) {
            throw new IllegalArgumentException("No clear text to verify provided");
        }
        if (bArr2 == null || bArr2.length == 0) {
            throw new IllegalArgumentException("No signed text to verify provided");
        }
        if (publicKey == null) {
            throw new IllegalArgumentException("No public key provided");
        }
        if (str.contains("RSA")) {
            return verifyWithRSA(bArr, bArr2, publicKey, str);
        }
        throw new IllegalArgumentException("Unrecognised or unsupported signature algorithm");
    }

    private KeyPair createKeyPairRSA() throws CryptoException {
        JSAFE_KeyPair jSAFE_KeyPair = null;
        JSAFE_PublicKey jSAFE_PublicKey = null;
        JSAFE_PrivateKey jSAFE_PrivateKey = null;
        try {
            try {
                jSAFE_KeyPair = createKeyPairRSAInternal();
                KeyFactory keyFactory = KeyFactory.getInstance("RSA");
                jSAFE_PublicKey = jSAFE_KeyPair.getPublicKey();
                byte[][] keyData = jSAFE_PublicKey.getKeyData("RSAPublicKey");
                PublicKey generatePublic = keyFactory.generatePublic(new RSAPublicKeySpec(new BigInteger(convertForBigInteger(keyData[0])), new BigInteger(keyData[1])));
                jSAFE_PrivateKey = jSAFE_KeyPair.getPrivateKey();
                byte[][] keyData2 = jSAFE_PrivateKey.getKeyData("RSAPrivateKeyCRT");
                KeyPair keyPair = new KeyPair(generatePublic, keyFactory.generatePrivate(new RSAPrivateCrtKeySpec(new BigInteger(convertForBigInteger(keyData2[0])), new BigInteger(keyData2[1]), new BigInteger(convertForBigInteger(keyData2[2])), new BigInteger(keyData2[3]), new BigInteger(keyData2[4]), new BigInteger(keyData2[5]), new BigInteger(keyData2[6]), new BigInteger(keyData2[7]))));
                if (jSAFE_PrivateKey != null) {
                    jSAFE_PrivateKey.clearSensitiveData();
                }
                if (jSAFE_PublicKey != null) {
                    jSAFE_PublicKey.clearSensitiveData();
                }
                if (jSAFE_KeyPair != null) {
                    jSAFE_KeyPair.clearSensitiveData();
                }
                return keyPair;
            } catch (Exception e) {
                throw new CryptoException("Cannot generate Key Pair", e);
            }
        } catch (Throwable th) {
            if (jSAFE_PrivateKey != null) {
                jSAFE_PrivateKey.clearSensitiveData();
            }
            if (jSAFE_PublicKey != null) {
                jSAFE_PublicKey.clearSensitiveData();
            }
            if (jSAFE_KeyPair != null) {
                jSAFE_KeyPair.clearSensitiveData();
            }
            throw th;
        }
    }

    private JSAFE_KeyPair createKeyPairRSAInternal() throws JSAFE_InvalidParameterException, JSAFE_InvalidUseException, Exception {
        JSAFE_KeyPair jSAFE_KeyPair = JSAFE_KeyPair.getInstance("RSA", "Java", JSafeHelper.getFipsContext());
        jSAFE_KeyPair.generateInit(null, new int[]{2048, 65537}, JSafeHelper.getSecureRandom());
        jSAFE_KeyPair.generate();
        return jSAFE_KeyPair;
    }

    private byte[] signWithRSA(byte[] bArr, PrivateKey privateKey, String str) throws CryptoException {
        if (!"RSA".equals(privateKey.getAlgorithm())) {
            throw new IllegalArgumentException("Unrecognised or unsupported signature algorithm ");
        }
        try {
            JSAFE_PrivateKey jSAFE_PrivateKey = JSAFE_PrivateKey.getInstance(privateKey.getEncoded(), 0, "Java");
            JSAFE_Signature jSAFE_Signature = null;
            try {
                try {
                    try {
                        jSAFE_Signature = JSAFE_Signature.getInstance(getAlgorithm(str), "Java");
                        jSAFE_Signature.signInit(jSAFE_PrivateKey, null);
                        jSAFE_Signature.signUpdate(bArr, 0, bArr.length);
                        byte[] signFinal = jSAFE_Signature.signFinal();
                        if (jSAFE_Signature != null) {
                            jSAFE_Signature.clearSensitiveData();
                        }
                        return signFinal;
                    } catch (JSAFE_InvalidParameterException e) {
                        throw new IllegalArgumentException("Unrecognised or unsupported signature algorithm ", e);
                    }
                } catch (JSAFE_UnimplementedException e2) {
                    throw new IllegalArgumentException("Unrecognised or unsupported signature algorithm ", e2);
                } catch (Exception e3) {
                    throw new CryptoException("Cannot sign", e3);
                }
            } catch (Throwable th) {
                if (jSAFE_Signature != null) {
                    jSAFE_Signature.clearSensitiveData();
                }
                throw th;
            }
        } catch (Exception e4) {
            throw new CryptoException("Cannot sign", e4);
        }
    }

    private boolean verifyWithRSA(byte[] bArr, byte[] bArr2, PublicKey publicKey, String str) throws CryptoException {
        if (!"RSA".equals(publicKey.getAlgorithm())) {
            throw new IllegalArgumentException("Unrecognised or unsupported signature algorithm");
        }
        try {
            JSAFE_PublicKey jSAFE_PublicKey = JSAFE_PublicKey.getInstance(publicKey.getEncoded(), 0, "Java");
            JSAFE_Signature jSAFE_Signature = null;
            try {
                try {
                    jSAFE_Signature = JSAFE_Signature.getInstance(getAlgorithm(str), "Java");
                    jSAFE_Signature.verifyInit(jSAFE_PublicKey, null);
                    jSAFE_Signature.verifyUpdate(bArr, 0, bArr.length);
                    boolean verifyFinal = jSAFE_Signature.verifyFinal(bArr2, 0, bArr2.length);
                    if (jSAFE_Signature != null) {
                        jSAFE_Signature.clearSensitiveData();
                    }
                    return verifyFinal;
                } catch (JSAFE_InvalidParameterException e) {
                    throw new IllegalArgumentException("Unrecognised or unsupported signature algorithm ", e);
                } catch (JSAFE_UnimplementedException e2) {
                    throw new IllegalArgumentException("Unrecognised or unsupported signature algorithm ", e2);
                } catch (Exception e3) {
                    throw new CryptoException("Cannot verify", e3);
                }
            } catch (Throwable th) {
                if (jSAFE_Signature != null) {
                    jSAFE_Signature.clearSensitiveData();
                }
                throw th;
            }
        } catch (Exception e4) {
            throw new CryptoException("Cannot verify", e4);
        }
    }

    private String getAlgorithm(String str) {
        if ("SHA224withRSA".equals(str)) {
            str = "SHA224/RSA/PKCS1Block01Pad";
        } else if (SHA256_WITH_RSA.equals(str)) {
            str = "SHA256/RSA/PKCS1Block01Pad";
        } else if ("SHA384withRSA".equals(str)) {
            str = "SHA384/RSA/PKCS1Block01Pad";
        } else if ("SHA512withRSA".equals(str)) {
            str = "SHA512/RSA/PKCS1Block01Pad";
        }
        return str;
    }

    private byte[] convertForBigInteger(byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length + 1];
        System.arraycopy(bArr, 0, bArr2, 1, bArr.length);
        return bArr2;
    }
}
