package com.adobe.internal.pdftoolkit.services.digsig.cryptoprovider.impl;

import com.adobe.internal.pdftoolkit.core.exceptions.PDFConfigurationException;
import com.adobe.internal.pdftoolkit.core.exceptions.PDFInvalidDocumentException;
import com.adobe.internal.pdftoolkit.core.exceptions.PDFInvalidParameterException;
import com.adobe.internal.pdftoolkit.core.exceptions.PDFSignatureException;
import com.adobe.internal.pdftoolkit.core.exceptions.PDFUnableToCompleteOperationException;
import com.adobe.internal.pdftoolkit.services.digsig.cryptoprovider.Verifier;
import com.adobe.internal.pdftoolkit.services.digsig.digsigframework.impl.SignatureHandlerPKCS1;
import com.adobe.internal.pdftoolkit.services.xfa.acroform.CWidget;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.jsafe.JSAFE_InputException;
import com.rsa.jsafe.JSAFE_InvalidKeyException;
import com.rsa.jsafe.JSAFE_InvalidParameterException;
import com.rsa.jsafe.JSAFE_InvalidUseException;
import com.rsa.jsafe.JSAFE_PaddingException;
import com.rsa.jsafe.JSAFE_Signature;
import com.rsa.jsafe.JSAFE_UnimplementedException;
import java.io.IOException;
import java.io.InputStream;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;

/* loaded from: input_file:com/adobe/internal/pdftoolkit/services/digsig/cryptoprovider/impl/RSAPKCS1Verifier.class */
public final class RSAPKCS1Verifier extends Verifier {
    private JSAFE_Signature jsafeVerifier;

    public RSAPKCS1Verifier(byte[][] bArr) throws PDFSignatureException {
        try {
            init(bArr);
        } catch (CertificateException e) {
            throw new PDFSignatureException("Certificate exception when initializing the RSA PKCS1 verifier", e);
        } catch (PDFInvalidParameterException e2) {
            throw new PDFSignatureException("Exception when initializing the RSA PKCS1 verifier", e2);
        } catch (com.rsa.certj.cert.CertificateException e3) {
            throw new PDFSignatureException("Exception when initializing the RSA PKCS1 verifier", e3);
        } catch (PDFConfigurationException e4) {
            throw new PDFSignatureException("Exception when initializing the RSA PKCS1 verifier", e4);
        }
    }

    void init(byte[][] bArr) throws CertificateException, com.rsa.certj.cert.CertificateException, PDFConfigurationException, PDFInvalidParameterException, PDFSignatureException {
        if (bArr == null) {
            throw new PDFSignatureException("No signing certificates have been provided. Use PKCS1Verifier.setSigningCertificates(byte[][] derCertificates) to set up the certs");
        }
        X509Certificate x509Certificate = null;
        int i = 0;
        while (true) {
            if (i < bArr.length) {
                if (bArr[i] != null) {
                    x509Certificate = new X509Certificate(bArr[i], 0, 0);
                    break;
                }
                i++;
            } else {
                break;
            }
        }
        initJSAFESignature(x509Certificate);
    }

    @Override // com.adobe.internal.pdftoolkit.services.digsig.cryptoprovider.Verifier
    public boolean verify(InputStream inputStream, byte[] bArr) throws PDFSignatureException {
        try {
            byte[] bArr2 = new byte[CWidget.TextAP_options];
            while (true) {
                int read = inputStream.read(bArr2);
                if (read <= 0) {
                    return verify(this.jsafeVerifier, bArr);
                }
                this.jsafeVerifier.verifyUpdate(bArr2, 0, read);
            }
        } catch (PDFInvalidDocumentException e) {
            throw new PDFSignatureException("Exception when validating PKCS1 signature using RSA", e);
        } catch (PDFUnableToCompleteOperationException e2) {
            throw new PDFSignatureException("Exception when validating PKCS1 signature using RSA", e2);
        } catch (IOException e3) {
            throw new PDFSignatureException("Exception when validating PKCS1 signature using RSA", e3);
        } catch (JSAFE_InputException e4) {
            throw new PDFSignatureException("Exception when validating PKCS1 signature using RSA", e4);
        } catch (JSAFE_InvalidUseException e5) {
            throw new PDFSignatureException("Exception when validating PKCS1 signature using RSA", e5);
        }
    }

    private boolean verify(JSAFE_Signature jSAFE_Signature, byte[] bArr) throws PDFInvalidDocumentException, PDFUnableToCompleteOperationException {
        try {
            try {
                try {
                    byte[] signatureBytes = RSAVerifyUtils.getSignatureBytes(bArr);
                    boolean verifyFinal = jSAFE_Signature.verifyFinal(signatureBytes, 0, signatureBytes.length);
                    if (jSAFE_Signature != null) {
                        jSAFE_Signature.clearSensitiveData();
                    }
                    return verifyFinal;
                } catch (JSAFE_InvalidUseException e) {
                    throw new PDFUnableToCompleteOperationException("Verification error.", e);
                }
            } catch (JSAFE_InputException e2) {
                throw new PDFUnableToCompleteOperationException("Verification error", e2);
            } catch (JSAFE_PaddingException e3) {
                throw new PDFInvalidDocumentException("Possible invalid document. Verification error.", e3);
            }
        } catch (Throwable th) {
            if (jSAFE_Signature != null) {
                jSAFE_Signature.clearSensitiveData();
            }
            throw th;
        }
    }

    private void initJSAFESignature(X509Certificate x509Certificate) throws PDFConfigurationException, PDFInvalidParameterException {
        String str = null;
        try {
            str = getKeyAlgorithm(x509Certificate);
            this.jsafeVerifier = createJSAFESignature(str);
            this.jsafeVerifier.verifyInit(x509Certificate.getSubjectPublicKey("Java"), (SecureRandom) null);
        } catch (JSAFE_InvalidUseException e) {
            throw new PDFInvalidParameterException("Could not initialize the JSAFE Verifier", e);
        } catch (JSAFE_InvalidParameterException e2) {
            throw new PDFInvalidParameterException("Could not initialize the JSAFE Verifier. The parameters provided are invalid", e2);
        } catch (JSAFE_InvalidKeyException e3) {
            throw new PDFInvalidParameterException("Could not initialize the JSAFE Verifier. The private key is invalid", e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new PDFConfigurationException("The key algorithm" + str + " is not available", e4);
        } catch (JSAFE_UnimplementedException e5) {
            throw new PDFInvalidParameterException("Could not initialize the JSAFE Verifier", e5);
        } catch (com.rsa.certj.cert.CertificateException e6) {
            throw new PDFInvalidParameterException("Certificate exception when initializing the JSAFE Verifier", e6);
        }
    }

    private String getKeyAlgorithm(X509Certificate x509Certificate) throws com.rsa.certj.cert.CertificateException {
        return x509Certificate.getSubjectPublicKey("Java").getAlgorithm();
    }

    private JSAFE_Signature createJSAFESignature(String str) throws NoSuchAlgorithmException, JSAFE_UnimplementedException, JSAFE_InvalidParameterException {
        if (str.equalsIgnoreCase("RSA")) {
            return JSAFE_Signature.getInstance(SignatureHandlerPKCS1.CRYPTOJ_RSA_ALG, "Java");
        }
        if (str.equalsIgnoreCase("DSA")) {
            return JSAFE_Signature.getInstance(SignatureHandlerPKCS1.CRYPTOJ_DSA_ALG, "Java");
        }
        return null;
    }
}
