package com.blackberry.security.crypto.provider.rsa;

import com.blackberry.security.crypto.provider.b.a;
import com.blackberry.security.crypto.provider.context.GlobalContext;
import com.blackberry.security.crypto.provider.md.HashFunction;
import com.blackberry.security.crypto.provider.random.ExtendedSecureRandomSpi;
import com.blackberry.security.crypto.provider.random.d;
import java.security.InvalidAlgorithmParameterException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.PSSParameterSpec;

/* loaded from: classes2.dex */
public abstract class RSAPSSSignatureSpi extends RSASignatureSpi {
    private String eiE;
    private int eiF;

    /* renamed from: com.blackberry.security.crypto.provider.rsa.RSAPSSSignatureSpi$1SignatureHolder, reason: invalid class name */
    /* loaded from: classes2.dex */
    class C1SignatureHolder {
        byte[] signature;

        C1SignatureHolder() {
        }
    }

    /* renamed from: com.blackberry.security.crypto.provider.rsa.RSAPSSSignatureSpi$1VerifiedHolder, reason: invalid class name */
    /* loaded from: classes2.dex */
    class C1VerifiedHolder {
        boolean verified;

        C1VerifiedHolder() {
        }
    }

    /* loaded from: classes2.dex */
    public static class NONEwithRSAPSS extends RSAPSSSignatureSpi {
    }

    /* loaded from: classes2.dex */
    public static class SHA1withRSAPSS extends RSAPSSSignatureSpi {
        public SHA1withRSAPSS() {
            super(HashFunction.SHA1.class, "SHA1", 4);
        }
    }

    /* loaded from: classes2.dex */
    public static class SHA224withRSAPSS extends RSAPSSSignatureSpi {
        public SHA224withRSAPSS() {
            super(HashFunction.SHA224.class, "SHA224", 5);
        }
    }

    /* loaded from: classes2.dex */
    public static class SHA256withRSAPSS extends RSAPSSSignatureSpi {
        public SHA256withRSAPSS() {
            super(HashFunction.SHA256.class, "SHA256", 6);
        }
    }

    /* loaded from: classes2.dex */
    public static class SHA384withRSAPSS extends RSAPSSSignatureSpi {
        public SHA384withRSAPSS() {
            super(HashFunction.SHA384.class, "SHA384", 7);
        }
    }

    /* loaded from: classes2.dex */
    public static class SHA512withRSAPSS extends RSAPSSSignatureSpi {
        public SHA512withRSAPSS() {
            super(HashFunction.SHA512.class, "SHA512", 8);
        }
    }

    protected RSAPSSSignatureSpi() {
    }

    protected RSAPSSSignatureSpi(Class<? extends HashFunction> cls, String str, int i) {
        super(cls, i);
        hc(i);
        this.eiE = str;
    }

    private byte[] getDigest() {
        if (!this.dXW) {
            return this.dXc.engineDigest();
        }
        byte[] byteArray = this.dXY.toByteArray();
        int length = byteArray.length;
        if (length > 64) {
            throw new SignatureException("Message digest is too long");
        }
        if (length == 20) {
            this.eiJ = 4;
            this.eiE = "SHA1";
        } else if (length == 28) {
            this.eiJ = 5;
            this.eiE = "SHA224";
        } else if (length == 32) {
            this.eiJ = 6;
            this.eiE = "SHA256";
        } else if (length == 48) {
            this.eiJ = 7;
            this.eiE = "SHA384";
        } else {
            if (length != 64) {
                throw new SignatureException("Message digest length is not supported");
            }
            this.eiJ = 8;
            this.eiE = "SHA512";
        }
        hc(this.eiJ);
        this.dXY.reset();
        return byteArray;
    }

    private void hc(int i) {
        switch (i) {
            case 4:
                this.eiF = 20;
                return;
            case 5:
                this.eiF = 28;
                return;
            case 6:
                this.eiF = 32;
                return;
            case 7:
                this.eiF = 48;
                return;
            case 8:
                this.eiF = 64;
                return;
            default:
                throw new IllegalArgumentException("hash ID is undefined");
        }
    }

    private static String kz(String str) {
        int indexOf = str.indexOf(45);
        return indexOf == -1 ? str : str.substring(0, indexOf) + str.substring(indexOf + 1);
    }

    private native int rsaPSSNoHashSign(long j, long j2, int i, byte[] bArr, int i2, Object obj, long j3);

    private native int rsaPSSNoHashVerify(long j, long j2, int i, byte[] bArr, int i2, byte[] bArr2, Object obj, long j3);

    @Override // java.security.SignatureSpi
    protected synchronized void engineSetParameter(AlgorithmParameterSpec algorithmParameterSpec) {
        if (!(algorithmParameterSpec instanceof PSSParameterSpec)) {
            throw new InvalidAlgorithmParameterException("unsufficient paramster spec");
        }
        PSSParameterSpec pSSParameterSpec = (PSSParameterSpec) algorithmParameterSpec;
        this.eiF = pSSParameterSpec.getSaltLength();
        String digestAlgorithm = pSSParameterSpec.getDigestAlgorithm();
        int indexOf = digestAlgorithm.indexOf(45);
        if (indexOf != -1) {
            digestAlgorithm = digestAlgorithm.substring(0, indexOf) + digestAlgorithm.substring(indexOf + 1);
        }
        if (this.eiE != null && !digestAlgorithm.equals(this.eiE)) {
            throw new InvalidAlgorithmParameterException("explicitely provided hash algorithm (" + digestAlgorithm + ") does not match the configured one (" + this.eiE + ")");
        }
        if (!pSSParameterSpec.getMGFAlgorithm().equals("MGF1")) {
            throw new InvalidAlgorithmParameterException("only MGF1 is supported");
        }
    }

    @Override // com.blackberry.security.crypto.provider.rsa.RSASignatureSpi, java.security.SignatureSpi
    protected synchronized byte[] engineSign() {
        C1SignatureHolder c1SignatureHolder;
        try {
            checkInit();
            if (this.eiK == null) {
                throw new SignatureException("Not initialised for sign");
            }
            byte[] digest = getDigest();
            ExtendedSecureRandomSpi a2 = d.a((SecureRandom) null);
            a2.OJ();
            RSAParams params = this.eiK.getParams(a2.rngCtx);
            RSAJNIPrivateKey copy = RSAJNIKey.copy(this.eiK, params);
            try {
                c1SignatureHolder = new C1SignatureHolder();
                a.ha(rsaPSSNoHashSign(params.ON(), copy.privateKey, this.eiJ, digest, this.eiF, c1SignatureHolder, GlobalContext.getContext()));
            } finally {
                copy.destroy();
                params.destroy();
                a2.OK();
            }
        } catch (RuntimeException e) {
            throw new SignatureException(e);
        }
        return c1SignatureHolder.signature;
    }

    @Override // com.blackberry.security.crypto.provider.rsa.RSASignatureSpi, java.security.SignatureSpi
    protected synchronized boolean engineVerify(byte[] bArr) {
        C1VerifiedHolder c1VerifiedHolder;
        try {
            checkInit();
            if (this.eiL == null) {
                throw new SignatureException("Not initialised for verify");
            }
            if (bArr == null) {
                throw new SignatureException("sigBytes==null");
            }
            byte[] digest = getDigest();
            RSAParams params = this.eiL.getParams();
            try {
                RSAJNIPublicKey copy = RSAJNIKey.copy(this.eiL, params);
                try {
                    c1VerifiedHolder = new C1VerifiedHolder();
                    a.ha(rsaPSSNoHashVerify(params.ON(), copy.publicKey, this.eiJ, digest, this.eiF, bArr, c1VerifiedHolder, GlobalContext.getContext()));
                } finally {
                    copy.destroy();
                }
            } finally {
                params.destroy();
            }
        } catch (RuntimeException e) {
            throw new SignatureException(e);
        }
        return c1VerifiedHolder.verified;
    }
}
