package com.amazon.corretto.crypto.provider;

import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.SignatureSpi;
import java.security.interfaces.ECKey;
import java.security.interfaces.RSAKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.util.Arrays;
import java.util.Base64;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/amazon/corretto/crypto/provider/EvpSignatureBase.class */
public abstract class EvpSignatureBase extends SignatureSpi {
    static final String P1363_FORMAT_SUFFIX = "inP1363Format";
    protected static final int RSA_PKCS1_PADDING = 1;
    protected static final int RSA_PKCS1_PSS_PADDING = 6;
    protected final AmazonCorrettoCryptoProvider provider_;
    protected final EvpKeyType keyType_;
    protected int paddingType_;
    protected boolean signMode;
    protected long digest_;
    protected Key untranslatedKey_ = null;
    protected EvpKey key_ = null;
    protected int keyUsageCount_ = 0;
    protected String algorithmName_ = null;
    protected PSSParameterSpec pssParams_ = null;
    protected long pssMgfMd_ = 0;
    protected int pssSaltLen_ = 0;

    /* loaded from: input_file:com/amazon/corretto/crypto/provider/EvpSignatureBase$EvpContext.class */
    protected static final class EvpContext extends NativeResource {
        /* JADX INFO: Access modifiers changed from: protected */
        public EvpContext(long j) {
            super(j, j2 -> {
                EvpSignatureBase.destroyContext(j2);
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public EvpSignatureBase(AmazonCorrettoCryptoProvider amazonCorrettoCryptoProvider, EvpKeyType evpKeyType, int i, long j) {
        this.digest_ = 0L;
        this.provider_ = amazonCorrettoCryptoProvider;
        this.keyType_ = evpKeyType;
        this.paddingType_ = i;
        if (this.paddingType_ == RSA_PKCS1_PSS_PADDING) {
            internalSetParams(PSSParameterSpec.DEFAULT);
        } else {
            internalSetParams(null);
            this.digest_ = j;
        }
    }

    protected void internalSetParams(PSSParameterSpec pSSParameterSpec) {
        if (pSSParameterSpec == null) {
            this.pssParams_ = null;
            this.digest_ = 0L;
            this.pssMgfMd_ = 0L;
            this.pssSaltLen_ = 0;
            return;
        }
        this.pssParams_ = pSSParameterSpec;
        this.digest_ = Utils.getMdPtr(pSSParameterSpec.getDigestAlgorithm());
        this.pssMgfMd_ = Utils.getMdPtr(((MGF1ParameterSpec) pSSParameterSpec.getMGFParameters()).getDigestAlgorithm());
        this.pssSaltLen_ = pSSParameterSpec.getSaltLength();
    }

    protected abstract void engineReset();

    void setAlgorithmName(String str) {
        this.algorithmName_ = str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static native void destroyContext(long j);

    @Override // java.security.SignatureSpi
    protected synchronized void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
        if (privateKey == null) {
            throw new InvalidKeyException("Key must not be null");
        }
        if (this.untranslatedKey_ != privateKey) {
            if (!this.keyType_.jceName.equalsIgnoreCase(privateKey.getAlgorithm())) {
                throw new InvalidKeyException();
            }
            this.keyUsageCount_ = 0;
            this.untranslatedKey_ = privateKey;
            if (this.key_ != null) {
                this.key_.releaseEphemeral();
            }
            this.key_ = this.provider_.translateKey(this.untranslatedKey_, this.keyType_);
        }
        this.signMode = true;
        engineReset();
    }

    @Override // java.security.SignatureSpi
    protected synchronized void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
        if (publicKey == null) {
            throw new InvalidKeyException("Key must not be null");
        }
        if (this.untranslatedKey_ != publicKey) {
            if (!this.keyType_.jceName.equalsIgnoreCase(publicKey.getAlgorithm())) {
                throw new InvalidKeyException();
            }
            this.keyUsageCount_ = 0;
            this.untranslatedKey_ = publicKey;
            if (this.key_ != null) {
                this.key_.releaseEphemeral();
            }
            this.key_ = this.provider_.translateKey(this.untranslatedKey_, this.keyType_);
        }
        this.signMode = false;
        engineReset();
    }

    @Override // java.security.SignatureSpi
    @Deprecated
    protected Object engineGetParameter(String str) throws InvalidParameterException {
        throw new UnsupportedOperationException();
    }

    @Override // java.security.SignatureSpi
    @Deprecated
    protected void engineSetParameter(String str, Object obj) throws InvalidParameterException {
        throw new UnsupportedOperationException();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public synchronized void engineSetParameter(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        if (!(algorithmParameterSpec instanceof PSSParameterSpec)) {
            if (!(algorithmParameterSpec instanceof ECParameterSpec)) {
                throw new InvalidAlgorithmParameterException("Specified parameters supported by this algorithm");
            }
            if (this.keyType_ != EvpKeyType.EC) {
                throw new InvalidAlgorithmParameterException("ECParameterSpec only supported with EC keys");
            }
            if (!EcUtils.ecParameterSpecsAreEqual(((ECKey) this.key_).getParams(), (ECParameterSpec) algorithmParameterSpec)) {
                throw new InvalidAlgorithmParameterException("Algorithm parameters do not match key");
            }
            return;
        }
        PSSParameterSpec pSSParameterSpec = (PSSParameterSpec) algorithmParameterSpec;
        if (this.keyType_ != EvpKeyType.RSA || this.paddingType_ != RSA_PKCS1_PSS_PADDING) {
            throw new InvalidAlgorithmParameterException("PSS params only supported for RSASSA-PSS signatures");
        }
        if (!isBufferEmpty()) {
            throw new IllegalStateException("Cannot update PSS parameters with buffered data, reset Signature.");
        }
        if (!"MGF1".equals(pSSParameterSpec.getMGFAlgorithm())) {
            throw new InvalidAlgorithmParameterException("Invalid PSS MGF algorithm");
        }
        if (pSSParameterSpec.getTrailerField() != PSSParameterSpec.DEFAULT.getTrailerField()) {
            throw new IllegalArgumentException("Invalid PSS trailer field");
        }
        if (pSSParameterSpec.getMGFParameters() == null) {
            throw new InvalidAlgorithmParameterException("PSS parameters must specify MGF1 parameters");
        }
        try {
            Utils.getMdPtr(pSSParameterSpec.getDigestAlgorithm());
            Utils.getMdPtr(((MGF1ParameterSpec) pSSParameterSpec.getMGFParameters()).getDigestAlgorithm());
            int saltLength = pSSParameterSpec.getSaltLength();
            int mdLen = Utils.getMdLen(Utils.getMdPtr(pSSParameterSpec.getDigestAlgorithm()));
            int bitLength = this.key_ != null ? (((RSAKey) this.key_).getModulus().bitLength() + 7) / 8 : 256;
            if (saltLength < 0 || saltLength > (bitLength - mdLen) - 2) {
                throw new IllegalArgumentException("PSS salt length invalid");
            }
            internalSetParams(pSSParameterSpec);
        } catch (Exception e) {
            throw new InvalidAlgorithmParameterException();
        }
    }

    protected abstract boolean isBufferEmpty();

    @Override // java.security.SignatureSpi
    protected synchronized AlgorithmParameters engineGetParameters() {
        if (this.paddingType_ != RSA_PKCS1_PSS_PADDING || this.pssParams_ == null) {
            return null;
        }
        try {
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("RSASSA-PSS");
            algorithmParameters.init(this.pssParams_);
            return algorithmParameters;
        } catch (NoSuchAlgorithmException e) {
            throw new UnsupportedOperationException("RSASSA-PSS unsupported.", e);
        } catch (GeneralSecurityException e2) {
            throw new AssertionError(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void ensureInitialized(Boolean bool) throws SignatureException {
        if (this.key_ == null) {
            throw new SignatureException("Not initialized");
        }
        if (bool != null && bool.booleanValue() != this.signMode) {
            throw new SignatureException("Incorrect mode for operation");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] maybeConvertSignatureToVerify(byte[] bArr, int i, int i2) throws SignatureException {
        if (this.algorithmName_ == null || !this.algorithmName_.endsWith(P1363_FORMAT_SUFFIX)) {
            return null;
        }
        return ieeeP1363toAsn1(bArr, i, i2, (((ECKey) this.key_).getParams().getOrder().bitLength() + 7) / 8);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] maybeConvertSignatureToReturn(byte[] bArr) throws SignatureException {
        return (this.algorithmName_ == null || !this.algorithmName_.endsWith(P1363_FORMAT_SUFFIX)) ? bArr : asn1ToiIeeeP1363(bArr, (((ECKey) this.key_).getParams().getOrder().bitLength() + 7) / 8);
    }

    protected static byte[] ieeeP1363toAsn1(byte[] bArr, int i, int i2, int i3) throws SignatureException {
        byte[] bArr2;
        if (2 * i3 != i2) {
            throw new SignatureException();
        }
        byte[] byteArray = new BigInteger(1, Arrays.copyOfRange(bArr, i, i + i3)).toByteArray();
        byte[] byteArray2 = new BigInteger(1, Arrays.copyOfRange(bArr, i + i3, i + (2 * i3))).toByteArray();
        if (byteArray.length > 127 || byteArray2.length > 127) {
            throw new SignatureException("R or S value is too large");
        }
        int length = byteArray.length + byteArray2.length + 4;
        if (length <= 127) {
            bArr2 = new byte[]{(byte) (length & 255)};
        } else {
            if (length > 256) {
                throw new SignatureException("R or S value is too large");
            }
            bArr2 = new byte[]{-127, (byte) (length & 255)};
        }
        byte[] bArr3 = new byte[1 + bArr2.length + length];
        int i4 = 0 + 1;
        bArr3[0] = 48;
        System.arraycopy(bArr2, 0, bArr3, i4, bArr2.length);
        int length2 = i4 + bArr2.length;
        int i5 = length2 + 1;
        bArr3[length2] = 2;
        int i6 = i5 + 1;
        bArr3[i5] = (byte) (byteArray.length & 255);
        System.arraycopy(byteArray, 0, bArr3, i6, byteArray.length);
        int length3 = i6 + byteArray.length;
        int i7 = length3 + 1;
        bArr3[length3] = 2;
        int i8 = i7 + 1;
        bArr3[i7] = (byte) (byteArray2.length & 255);
        System.arraycopy(byteArray2, 0, bArr3, i8, byteArray2.length);
        int length4 = i8 + byteArray2.length;
        if (length4 != bArr3.length) {
            throw new AssertionError("Final position of " + length4 + " does not match expected value of " + bArr3.length);
        }
        return bArr3;
    }

    protected static byte[] asn1ToiIeeeP1363(byte[] bArr, int i) throws SignatureException {
        int i2 = 0 + 1;
        if (bArr[0] != 48) {
            throw new AssertionError();
        }
        int i3 = i2 + 1;
        int unsignedInt = Byte.toUnsignedInt(bArr[i2]);
        if (unsignedInt == 129) {
            i3++;
            unsignedInt = Byte.toUnsignedInt(bArr[i3]);
        } else if (unsignedInt > 127) {
            throw new AssertionError();
        }
        if (unsignedInt != bArr.length - i3) {
            throw new AssertionError();
        }
        int i4 = i3;
        if (bArr[i4] != 2) {
            throw new AssertionError();
        }
        int unsignedInt2 = Byte.toUnsignedInt(bArr[i4 + 1]);
        int i5 = i4 + 2;
        int i6 = i5 + unsignedInt2;
        if (bArr[i6] != 2) {
            throw new AssertionError(Base64.getEncoder().encodeToString(bArr) + " : " + String.format("%x, %x, %x", Byte.valueOf(bArr[i6 - 1]), Byte.valueOf(bArr[i6]), Byte.valueOf(bArr[i6 + 1])));
        }
        int unsignedInt3 = Byte.toUnsignedInt(bArr[i6 + 1]);
        int i7 = i6 + 2;
        if (bArr[i5] == 0) {
            i5++;
            unsignedInt2--;
        }
        if (bArr[i7] == 0) {
            i7++;
            unsignedInt3--;
        }
        byte[] bArr2 = new byte[i * 2];
        System.arraycopy(bArr, i5, bArr2, i - unsignedInt2, unsignedInt2);
        System.arraycopy(bArr, i7, bArr2, (i + i) - unsignedInt3, unsignedInt3);
        return bArr2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sniffTest(byte[] bArr, int i, int i2) throws SignatureException {
        int bitLength;
        if ((this.key_ instanceof RSAKey) && i2 != (bitLength = (((RSAKey) this.key_).getModulus().bitLength() + 7) / 8)) {
            throw new SignatureException("RSA Signature of invalid length. Expected " + bitLength);
        }
    }
}
