package com.rsa.jsafe;

import com.rsa.asn1.ASN_Exception;
import com.rsa.asn1.AlgorithmID;
import com.rsa.crypto.AlgorithmStrings;
import com.rsa.crypto.CryptoException;
import com.rsa.crypto.CryptoModule;
import com.rsa.crypto.DomainParams;
import com.rsa.crypto.InvalidAlgorithmParameterException;
import com.rsa.crypto.InvalidKeyException;
import com.rsa.crypto.Key;
import com.rsa.crypto.NoSuchAlgorithmException;
import com.rsa.crypto.PQGParams;
import com.rsa.crypto.PrivateKey;
import com.rsa.crypto.PublicKey;
import com.rsa.crypto.Signature;
import com.rsa.crypto.SignatureException;
import com.rsa.cryptoj.o.aw;
import com.rsa.cryptoj.o.bd;
import com.rsa.cryptoj.o.dl;
import com.rsa.cryptoj.o.ga;
import com.rsa.cryptoj.o.gc;
import com.rsa.cryptoj.o.hn;
import com.rsa.cryptoj.o.ii;
import com.rsa.cryptoj.o.ll;
import com.rsa.cryptoj.o.mk;
import com.rsa.cryptoj.o.nd;
import com.rsa.cryptoj.o.nm;
import java.security.SecureRandom;
import java.util.Arrays;

/* loaded from: input_file:META-INF/lib/cryptojcommon-6.0.0.jar:com/rsa/jsafe/JSAFE_Signature.class */
public final class JSAFE_Signature extends JSAFE_Object {
    public static final int NO_BLINDING = 0;
    public static final int BLINDING = 1;
    public static final int PERSISTENT_BLINDING = 2;
    private static final String a = "Object not initialized for signing.";
    private static final String b = "Object not initialized for verifying.";
    private static final int c = 1;
    private static final int d = 2;
    private static final int e = 3;
    private static final int f = 4;
    private static final int g = 4;
    private static final int h = 4;
    private CryptoModule i;
    private Signature j;
    private ii k;
    private int l;
    private DomainParams m;
    private Key n;
    private String r;
    private byte[] s;
    private String t;
    private gc u;

    private JSAFE_Signature(CryptoModule cryptoModule, Signature signature, ii iiVar) {
        this.i = cryptoModule;
        this.j = signature;
        this.k = iiVar;
    }

    private JSAFE_Signature(String str, byte[] bArr, String str2, gc gcVar) {
        this.r = str;
        this.s = bArr;
        this.t = str2;
        this.u = gcVar;
    }

    public static JSAFE_Signature getInstance(byte[] bArr, int i, String str) throws JSAFE_UnimplementedException, JSAFE_InvalidParameterException {
        byte[] bArr2 = bArr;
        if (i > 0) {
            a(bArr, i);
            bArr2 = hn.b(bArr, i, bArr.length - i);
        }
        return a(null, bArr2, str, dl.a(), null, null);
    }

    public static JSAFE_Signature getInstance(byte[] bArr, int i, String str, FIPS140Context fIPS140Context) throws JSAFE_UnimplementedException, JSAFE_InvalidParameterException {
        byte[] bArr2 = bArr;
        if (i > 0) {
            a(bArr, i);
            bArr2 = hn.b(bArr, i, bArr.length - i);
        }
        return a(null, bArr2, str, fIPS140Context.a(), null, null);
    }

    public static int getNextBEROffset(byte[] bArr, int i) throws JSAFE_UnimplementedException {
        try {
            return AlgorithmID.findNextOffset(bArr, i, 1);
        } catch (ASN_Exception e2) {
            throw new JSAFE_UnimplementedException("Could not read BER data.(" + e2.getMessage() + ")");
        }
    }

    public static JSAFE_Signature getInstance(String str, String str2) throws JSAFE_UnimplementedException, JSAFE_InvalidParameterException {
        return a(str, null, str2, dl.a(), null, null);
    }

    public static JSAFE_Signature getInstance(String str, JSAFE_Session jSAFE_Session) throws JSAFE_UnimplementedException, JSAFE_InvalidParameterException {
        return a(str, null, nm.c.toString(), dl.a(), new JSAFE_Session[]{jSAFE_Session}, null);
    }

    public static JSAFE_Signature getInstance(String str, String str2, FIPS140Context fIPS140Context) throws JSAFE_UnimplementedException, JSAFE_InvalidParameterException {
        return a(str, null, str2, fIPS140Context.a(), null, null);
    }

    private static JSAFE_Signature a(String str, byte[] bArr, String str2, gc gcVar, JSAFE_Session[] jSAFE_SessionArr, JSAFE_Signature jSAFE_Signature) throws JSAFE_UnimplementedException, JSAFE_InvalidParameterException {
        if (bArr == null) {
            a(str, str2);
        }
        if (!str2.equalsIgnoreCase("PKCS11")) {
            for (nm nmVar : b(str2)) {
                if (nmVar.equals(nm.c)) {
                    throw new JSAFE_UnimplementedException("Algorithm not supported on any devices: " + str);
                }
                try {
                    CryptoModule a2 = mk.a(gcVar, nmVar);
                    ii a3 = bArr != null ? ii.a(a2, bArr, 0) : ii.a(a2, str);
                    return new JSAFE_Signature(a2, a2.newSignature(a3.s()), a3);
                } catch (NoSuchAlgorithmException | CryptoException | ga e2) {
                }
            }
            throw new JSAFE_UnimplementedException("Algorithm not supported on any devices: " + str);
        }
        if (jSAFE_Signature == null) {
            jSAFE_Signature = new JSAFE_Signature(str, bArr, str2, gcVar);
        }
        if (jSAFE_SessionArr == null) {
            return jSAFE_Signature;
        }
        if (jSAFE_SessionArr == null || jSAFE_SessionArr.length != 1) {
            throw new JSAFE_UnimplementedException("Algorithm not supported on any devices: " + str);
        }
        CryptoModule a4 = jSAFE_SessionArr[0].a();
        ii a5 = bArr != null ? ii.a(a4, bArr, 0) : ii.a(a4, str);
        Signature newSignature = a4.newSignature(a5.s());
        jSAFE_Signature.i = a4;
        jSAFE_Signature.r = str;
        jSAFE_Signature.k = a5;
        jSAFE_Signature.j = newSignature;
        return jSAFE_Signature;
    }

    public byte[] getDERAlgorithmID() throws JSAFE_UnimplementedException {
        return getDERAlgorithmID(null, true);
    }

    public byte[] getDERAlgorithmID(String str, boolean z) throws JSAFE_UnimplementedException {
        return this.k.a(str, z ? this.m : null, z);
    }

    public String getDevice() {
        return this.i.getDeviceType();
    }

    public String[] getDeviceList() {
        String[] strArr;
        if (this.k == null) {
            strArr = new String[]{this.t, this.t};
        } else {
            strArr = new String[this.k.j()];
            Arrays.fill(strArr, getDevice());
        }
        return strArr;
    }

    public String getSignatureAlgorithm() {
        return this.k.a();
    }

    public String getDigestAlgorithm() {
        return this.k.d();
    }

    public String getPaddingScheme() {
        return this.k.c();
    }

    public int getMaxInputLen() {
        return this.k.a(getSignatureSize());
    }

    public int getSignatureSize() {
        return this.j.getSignatureSize();
    }

    public void setBlinding(int i) {
        this.k.b(i);
    }

    public int getBlinding() {
        return this.k.f();
    }

    public byte[] getSalt() throws JSAFE_UnimplementedException {
        return this.k.h();
    }

    public void setSalt(byte[] bArr) throws JSAFE_UnimplementedException {
        this.k.a(bArr);
        if (this.l == 1 || this.l == 2) {
            this.j.reInit(this.k.q());
        }
    }

    public int getSaltLength() throws JSAFE_UnimplementedException {
        return this.k.i();
    }

    public void setSaltLength(int i) throws JSAFE_UnimplementedException {
        this.k.c(i);
        if (this.l == 1 || this.l == 2) {
            this.j.reInit(this.k.q());
        }
    }

    public void signInit(JSAFE_PrivateKey jSAFE_PrivateKey, SecureRandom secureRandom) throws JSAFE_InvalidUseException, JSAFE_InvalidKeyException {
        try {
            signInit(jSAFE_PrivateKey, null, secureRandom, null);
        } catch (JSAFE_InvalidParameterException e2) {
            throw new JSAFE_InvalidUseException(e2.getMessage());
        }
    }

    public void signInit(JSAFE_PrivateKey jSAFE_PrivateKey, JSAFE_Parameters jSAFE_Parameters, SecureRandom secureRandom) throws JSAFE_InvalidUseException, JSAFE_InvalidKeyException, JSAFE_InvalidParameterException {
        signInit(jSAFE_PrivateKey, jSAFE_Parameters, secureRandom, null);
    }

    public void signInit(JSAFE_PrivateKey jSAFE_PrivateKey, JSAFE_Parameters jSAFE_Parameters, SecureRandom secureRandom, JSAFE_Session[] jSAFE_SessionArr) throws JSAFE_InvalidUseException, JSAFE_InvalidKeyException, JSAFE_InvalidParameterException {
        if (jSAFE_PrivateKey == null) {
            throw new JSAFE_InvalidKeyException("key was null");
        }
        if (jSAFE_SessionArr != null) {
            jSAFE_PrivateKey.a(jSAFE_SessionArr);
        }
        if (this.j == null) {
            try {
                a(this.r, this.s, this.t, this.u, jSAFE_SessionArr, this);
            } catch (JSAFE_UnimplementedException e2) {
                throw new JSAFE_InvalidParameterException(e2);
            }
        }
        if (this.n != null) {
            this.n.clearSensitiveData();
        }
        PrivateKey a2 = a(jSAFE_PrivateKey, jSAFE_Parameters);
        try {
            this.n = a2;
            this.j.initSign(a2, this.k.q(), b.a(secureRandom));
            this.l = 1;
        } catch (InvalidAlgorithmParameterException e3) {
            throw new JSAFE_InvalidParameterException(e3.getMessage());
        } catch (InvalidKeyException e4) {
            throw new JSAFE_InvalidKeyException(e4.getMessage());
        }
    }

    private PrivateKey a(JSAFE_PrivateKey jSAFE_PrivateKey, JSAFE_Parameters jSAFE_Parameters) throws JSAFE_InvalidUseException, JSAFE_InvalidParameterException, JSAFE_InvalidKeyException {
        if (!this.k.a(jSAFE_PrivateKey.getAlgorithm())) {
            throw new JSAFE_InvalidKeyException("Invalid key.");
        }
        if (jSAFE_PrivateKey.getDevice().equalsIgnoreCase(nm.c.toString())) {
            return jSAFE_PrivateKey.a(this.i);
        }
        if (!this.k.b()) {
            if (jSAFE_Parameters != null) {
                throw new JSAFE_InvalidParameterException("Unexpected parameters for " + this.k.a() + " object.");
            }
            return jSAFE_PrivateKey.a(this.i);
        }
        if (this.k.b() && !jSAFE_PrivateKey.c() && (jSAFE_Parameters == null || jSAFE_Parameters.d() == null)) {
            throw new JSAFE_InvalidParameterException("Parameters must be input in key or as system parameters.");
        }
        try {
            if (jSAFE_PrivateKey.c()) {
                this.m = jSAFE_PrivateKey.a();
                return jSAFE_PrivateKey.a(this.i);
            }
            this.m = jSAFE_Parameters.d();
            if (this.k.a().equals(AlgorithmStrings.DSA)) {
                return this.i.getKeyBuilder().newDSAPrivateKey(jSAFE_PrivateKey.getKeyData("DSAPrivateValue")[0], (PQGParams) this.m);
            }
            throw new JSAFE_InvalidParameterException("Expected EC key to contain parameters");
        } catch (JSAFE_UnimplementedException e2) {
            throw new JSAFE_InvalidParameterException(e2.getMessage());
        }
    }

    private PublicKey a(JSAFE_PublicKey jSAFE_PublicKey, JSAFE_Parameters jSAFE_Parameters) throws JSAFE_InvalidParameterException, JSAFE_InvalidKeyException {
        if (!this.k.a(jSAFE_PublicKey.getAlgorithm())) {
            throw new JSAFE_InvalidKeyException("Invalid key.");
        }
        if (jSAFE_PublicKey.getDevice().equalsIgnoreCase(nm.c.toString())) {
            return jSAFE_PublicKey.a(this.i);
        }
        if (!this.k.b()) {
            if (jSAFE_Parameters != null) {
                throw new JSAFE_InvalidParameterException("Unexpected parameters for " + this.k.a() + " object.");
            }
            return jSAFE_PublicKey.a(this.i);
        }
        if (this.k.b() && !jSAFE_PublicKey.a() && (jSAFE_Parameters == null || jSAFE_Parameters.d() == null)) {
            throw new JSAFE_InvalidParameterException("Parameters must be input in key or as system parameters.");
        }
        try {
            if (jSAFE_PublicKey.a()) {
                this.m = jSAFE_PublicKey.d();
                return jSAFE_PublicKey.a(this.i);
            }
            this.m = jSAFE_Parameters.d();
            if (this.k.a().equals(AlgorithmStrings.DSA)) {
                return this.i.getKeyBuilder().newDSAPublicKey(jSAFE_PublicKey.getKeyData("DSAPublicValue")[0], (PQGParams) this.m);
            }
            throw new JSAFE_InvalidParameterException("Expected EC key to contain parameters");
        } catch (JSAFE_UnimplementedException e2) {
            throw new JSAFE_InvalidParameterException(e2.getMessage());
        }
    }

    public void signReInit() throws JSAFE_InvalidUseException {
        if (this.l != 1 && this.l != 3 && this.l != 4) {
            throw new JSAFE_InvalidUseException(a);
        }
        this.j.reInit(this.k.q());
        this.l = 1;
    }

    public void signUpdate(byte[] bArr, int i, int i2) throws JSAFE_InvalidUseException, JSAFE_InputException {
        if (this.l != 1 && this.l != 3) {
            throw new JSAFE_InvalidUseException(a);
        }
        ll.a(bArr, i, i2);
        try {
            this.j.update(bArr, i, i2);
            this.l = 3;
        } catch (SignatureException e2) {
            throw new JSAFE_InputException(e2.getMessage());
        }
    }

    public byte[] signFinal() throws JSAFE_InvalidUseException, JSAFE_InputException, JSAFE_PaddingException {
        if (this.l != 1 && this.l != 3) {
            throw new JSAFE_InvalidUseException(a);
        }
        try {
            byte[] sign = this.j.sign();
            this.l = 4;
            return this.k.k() ? aw.a(sign, 0, this.m) : sign;
        } catch (SignatureException e2) {
            throw new JSAFE_InputException(e2.getMessage());
        }
    }

    public int signFinal(byte[] bArr, int i) throws JSAFE_InvalidUseException, JSAFE_InputException, JSAFE_PaddingException {
        int sign;
        if (this.l != 1 && this.l != 3) {
            throw new JSAFE_InvalidUseException(a);
        }
        ll.a(bArr, i);
        try {
            if (this.k.k()) {
                byte[] a2 = aw.a(this.j.sign(), 0, this.m);
                System.arraycopy(a2, 0, bArr, i, a2.length);
                sign = a2.length;
            } else {
                sign = this.j.sign(bArr, i);
            }
            this.l = 4;
            return sign;
        } catch (SignatureException e2) {
            throw new JSAFE_InputException(e2.getMessage());
        }
    }

    public void verifyInit(JSAFE_PublicKey jSAFE_PublicKey, SecureRandom secureRandom) throws JSAFE_InvalidUseException, JSAFE_InvalidKeyException {
        try {
            verifyInit(jSAFE_PublicKey, null, secureRandom, null);
        } catch (JSAFE_InvalidParameterException e2) {
            throw new JSAFE_InvalidUseException(e2.getMessage());
        }
    }

    public void verifyInit(JSAFE_PublicKey jSAFE_PublicKey, JSAFE_Parameters jSAFE_Parameters, SecureRandom secureRandom) throws JSAFE_InvalidKeyException, JSAFE_InvalidParameterException {
        verifyInit(jSAFE_PublicKey, jSAFE_Parameters, secureRandom, null);
    }

    public void verifyInit(JSAFE_PublicKey jSAFE_PublicKey, JSAFE_Parameters jSAFE_Parameters, SecureRandom secureRandom, JSAFE_Session[] jSAFE_SessionArr) throws JSAFE_InvalidKeyException, JSAFE_InvalidParameterException {
        if (jSAFE_PublicKey == null) {
            throw new JSAFE_InvalidKeyException("key was null");
        }
        if (jSAFE_SessionArr != null) {
            jSAFE_PublicKey.a(jSAFE_SessionArr);
        }
        if (this.j == null) {
            try {
                a(this.r, this.s, this.t, this.u, jSAFE_SessionArr, this);
            } catch (JSAFE_UnimplementedException e2) {
                throw new JSAFE_InvalidParameterException(e2);
            }
        }
        if (this.n != null) {
            this.n.clearSensitiveData();
        }
        PublicKey a2 = a(jSAFE_PublicKey, jSAFE_Parameters);
        try {
            this.n = a2;
            this.j.initVerify(a2, this.k.q());
            this.l = 2;
        } catch (InvalidAlgorithmParameterException e3) {
            throw new JSAFE_InvalidParameterException(e3.getMessage());
        } catch (InvalidKeyException e4) {
            throw new JSAFE_InvalidKeyException(e4.getMessage());
        }
    }

    public void verifyReInit() throws JSAFE_InvalidUseException {
        if (this.l != 2 && this.l != 4 && this.l != 4) {
            throw new JSAFE_InvalidUseException(b);
        }
        this.j.reInit(this.k.q());
        this.l = 2;
    }

    public void verifyUpdate(byte[] bArr, int i, int i2) throws JSAFE_InvalidUseException, JSAFE_InputException {
        if (this.l != 2 && this.l != 4) {
            throw new JSAFE_InvalidUseException(b);
        }
        ll.a(bArr, i, i2);
        try {
            this.j.update(bArr, i, i2);
            this.l = 4;
        } catch (SignatureException e2) {
            throw new JSAFE_InputException(e2.getMessage());
        }
    }

    public boolean verifyFinal(byte[] bArr, int i, int i2) throws JSAFE_InvalidUseException, JSAFE_InputException, JSAFE_PaddingException {
        boolean verify;
        if (this.l != 2 && this.l != 4) {
            throw new JSAFE_InvalidUseException(b);
        }
        ll.a(bArr, i, i2);
        try {
            if (this.k.k() && i2 == aw.a(this.m)) {
                byte[] b2 = aw.b(bArr, i, i2);
                if (b2 == null) {
                    return false;
                }
                verify = this.j.verify(b2, 0, b2.length);
            } else {
                verify = this.j.verify(bArr, i, i2);
            }
            this.l = 4;
            return verify;
        } catch (SignatureException e2) {
            throw new JSAFE_InputException(e2.getMessage());
        }
    }

    @Override // com.rsa.jsafe.JSAFE_Object
    public Object clone() throws CloneNotSupportedException {
        JSAFE_Signature jSAFE_Signature = (JSAFE_Signature) super.clone();
        jSAFE_Signature.j = (Signature) nd.a(this.j);
        jSAFE_Signature.k = (ii) this.k.clone();
        return jSAFE_Signature;
    }

    @Override // com.rsa.jsafe.JSAFE_Object
    public void clearSensitiveData() {
        bd.a.a(this.j);
        bd.a.a(this.n);
        if (this.k != null) {
            this.k.g();
        }
    }
}
