package com.fortanix.sdkms.jce.provider.signatures;

import com.fortanix.sdkms.jce.provider.config.Configuration;
import com.fortanix.sdkms.jce.provider.constants.AlgorithmParameters;
import com.fortanix.sdkms.jce.provider.constants.DigestAlgorithms;
import com.fortanix.sdkms.jce.provider.keys.asym.rsa.RSAPrivateKeyImpl;
import com.fortanix.sdkms.jce.provider.keys.asym.rsa.RSAPublicKeyImpl;
import com.fortanix.sdkms.jce.provider.service.SDKMSLogger;
import com.fortanix.sdkms.v1.model.Mgf;
import com.fortanix.sdkms.v1.model.MgfMgf1;
import com.fortanix.sdkms.v1.model.RsaSignaturePaddingPSS;
import com.fortanix.sdkms.v1.model.SignatureMode;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.SignatureSpi;
import java.security.interfaces.RSAKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/fortanix/sdkms/jce/provider/signatures/RSASignature.class */
public abstract class RSASignature extends SignatureSpi {
    private MessageDigest md;
    private boolean digestReset;
    private RSAPrivateKeyImpl privateKey;
    private RSAPublicKeyImpl publicKey;
    private DigestAlgorithms digestAlgorithm;
    private DigestAlgorithms pssDigestAlgorithm;
    private String transientKey;
    private static final SDKMSLogger LOGGER = new SDKMSLogger(LoggerFactory.getLogger(RSASignature.class));

    /* loaded from: input_file:com/fortanix/sdkms/jce/provider/signatures/RSASignature$SHA1withRSAandMGF1.class */
    public static final class SHA1withRSAandMGF1 extends RSASignature {
        public SHA1withRSAandMGF1() {
            super(AlgorithmParameters.SHA1);
            setPssDigestAlgorithm(AlgorithmParameters.SHA1);
            RSASignature.LOGGER.debug("RSASignature: being initialized for SHA1withRSAandMGF1");
        }
    }

    /* loaded from: input_file:com/fortanix/sdkms/jce/provider/signatures/RSASignature$SHA1withRSAandPKCSV15.class */
    public static final class SHA1withRSAandPKCSV15 extends RSASignature {
        public SHA1withRSAandPKCSV15() {
            super(AlgorithmParameters.SHA1);
            RSASignature.LOGGER.debug("RSASignature: being initialized for SHA1withRSAandPKCSV1_5");
        }
    }

    /* loaded from: input_file:com/fortanix/sdkms/jce/provider/signatures/RSASignature$SHA256withRSAandMGF1.class */
    public static final class SHA256withRSAandMGF1 extends RSASignature {
        public SHA256withRSAandMGF1() {
            super(AlgorithmParameters.SHA_256);
            setPssDigestAlgorithm(AlgorithmParameters.SHA_256);
            RSASignature.LOGGER.debug("RSASignature: being initialized for SHA256withRSAandMGF1");
        }
    }

    /* loaded from: input_file:com/fortanix/sdkms/jce/provider/signatures/RSASignature$SHA256withRSAandPKCSV15.class */
    public static final class SHA256withRSAandPKCSV15 extends RSASignature {
        public SHA256withRSAandPKCSV15() {
            super(AlgorithmParameters.SHA_256);
            RSASignature.LOGGER.debug("RSASignature: being initialized for SHA256withRSAandPKCSV1_5");
        }
    }

    /* loaded from: input_file:com/fortanix/sdkms/jce/provider/signatures/RSASignature$SHA384withRSAandMGF1.class */
    public static final class SHA384withRSAandMGF1 extends RSASignature {
        public SHA384withRSAandMGF1() {
            super(AlgorithmParameters.SHA_384);
            setPssDigestAlgorithm(AlgorithmParameters.SHA_384);
            RSASignature.LOGGER.debug("RSASignature: being initialized for SHA384withRSAandMGF1");
        }
    }

    /* loaded from: input_file:com/fortanix/sdkms/jce/provider/signatures/RSASignature$SHA384withRSAandPKCSV15.class */
    public static final class SHA384withRSAandPKCSV15 extends RSASignature {
        public SHA384withRSAandPKCSV15() {
            super(AlgorithmParameters.SHA_384);
            RSASignature.LOGGER.debug("RSASignature: being initialized for SHA384withRSAandPKCSV1_5");
        }
    }

    /* loaded from: input_file:com/fortanix/sdkms/jce/provider/signatures/RSASignature$SHA512withRSAandMGF1.class */
    public static final class SHA512withRSAandMGF1 extends RSASignature {
        public SHA512withRSAandMGF1() {
            super(AlgorithmParameters.SHA_512);
            setPssDigestAlgorithm(AlgorithmParameters.SHA_512);
            RSASignature.LOGGER.debug("RSASignature: being initialized for SHA512withRSAandMGF1");
        }
    }

    /* loaded from: input_file:com/fortanix/sdkms/jce/provider/signatures/RSASignature$SHA512withRSAandPKCSV15.class */
    public static final class SHA512withRSAandPKCSV15 extends RSASignature {
        public SHA512withRSAandPKCSV15() {
            super(AlgorithmParameters.SHA_512);
            RSASignature.LOGGER.debug("RSASignature: being initialized for SHA512withRSAandPKCSV1_5");
        }
    }

    RSASignature(String str) {
        this.md = null;
        LOGGER.debug("Initializing RSA Signature");
        this.digestAlgorithm = DigestAlgorithms.getByKey(str);
        if (this.digestAlgorithm == null) {
            throw new ProviderException("The digest algorithm " + str + " is not supported");
        }
        try {
            this.md = MessageDigest.getInstance(str, Configuration.getInstance().getProviderName());
        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
            LOGGER.logAndRaiseProviderException("Failed to initialize RSA Signature", e);
        }
        this.digestReset = true;
    }

    protected void setPssDigestAlgorithm(String str) {
        this.pssDigestAlgorithm = DigestAlgorithms.getByKey(str);
    }

    @Override // java.security.SignatureSpi
    protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
        LOGGER.debug("RSA Signature: verify init");
        if (!(publicKey instanceof RSAPublicKeyImpl)) {
            throw new InvalidKeyException("Key is not of type RSAPublicImpl");
        }
        this.privateKey = null;
        this.publicKey = (RSAPublicKeyImpl) publicKey;
        initCommon(this.publicKey, null);
    }

    @Override // java.security.SignatureSpi
    protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
        engineInitSign(privateKey, null);
    }

    @Override // java.security.SignatureSpi
    protected void engineInitSign(PrivateKey privateKey, SecureRandom secureRandom) throws InvalidKeyException {
        LOGGER.debug("RSA Signature: sign init");
        if (!(privateKey instanceof RSAPrivateKeyImpl)) {
            throw new InvalidKeyException("Key is not of type RSAPublicImpl");
        }
        this.privateKey = (RSAPrivateKeyImpl) privateKey;
        this.publicKey = null;
        initCommon(this.privateKey, secureRandom);
    }

    private void initCommon(RSAKey rSAKey, SecureRandom secureRandom) throws InvalidKeyException {
        resetDigest();
    }

    private void resetDigest() {
        if (this.digestReset) {
            return;
        }
        this.md.reset();
        this.digestReset = true;
    }

    private byte[] getDigestValue() {
        this.digestReset = true;
        return this.md.digest();
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte b) throws SignatureException {
        LOGGER.debug("RSA Signature: sign update");
        this.md.update(b);
        this.digestReset = false;
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte[] bArr, int i, int i2) throws SignatureException {
        LOGGER.debug("RSA Signature: sign update");
        this.md.update(bArr, i, i2);
        this.digestReset = false;
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(ByteBuffer byteBuffer) {
        LOGGER.debug("RSA Signature: sign update");
        this.md.update(byteBuffer);
        this.digestReset = false;
    }

    @Override // java.security.SignatureSpi
    protected byte[] engineSign() throws SignatureException {
        LOGGER.debug("RSA Signature: sign final");
        return SdkmsSignatureService.signDigest(getDigestValue(), this.digestAlgorithm.getValue(), this.privateKey.getKeyDescriptor(), getSignatureMode()).getSignature();
    }

    @Override // java.security.SignatureSpi
    protected boolean engineVerify(byte[] bArr) throws SignatureException {
        LOGGER.debug("RSA Signature: verify final");
        return SdkmsSignatureService.verifyDigest(bArr, getDigestValue(), this.digestAlgorithm.getValue(), this.publicKey.getKeyDescriptor(), getSignatureMode()).getResult().booleanValue();
    }

    private SignatureMode getSignatureMode() {
        SignatureMode signatureMode = new SignatureMode();
        if (this.pssDigestAlgorithm == null) {
            signatureMode.setPkCS1V15(new Object());
            return signatureMode;
        }
        signatureMode.setPSS(new RsaSignaturePaddingPSS().mgf(new Mgf().mgf1(new MgfMgf1().hash(this.pssDigestAlgorithm.getValue()))));
        return signatureMode;
    }

    @Override // java.security.SignatureSpi
    @Deprecated
    protected void engineSetParameter(String str, Object obj) throws InvalidParameterException {
        LOGGER.logAndRaiseProviderException("method setParameter() not supported", null);
    }

    @Override // java.security.SignatureSpi
    @Deprecated
    protected Object engineGetParameter(String str) throws InvalidParameterException {
        LOGGER.logAndRaiseProviderException("method getParameter() not supported", null);
        return null;
    }

    @Override // java.security.SignatureSpi
    protected java.security.AlgorithmParameters engineGetParameters() {
        return null;
    }

    @Override // java.security.SignatureSpi
    protected void engineSetParameter(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        if (!(algorithmParameterSpec instanceof PSSParameterSpec)) {
            throw new InvalidAlgorithmParameterException();
        }
        PSSParameterSpec pSSParameterSpec = (PSSParameterSpec) algorithmParameterSpec;
        if (DigestAlgorithms.getByKey(pSSParameterSpec.getDigestAlgorithm()) != null) {
            this.digestAlgorithm = DigestAlgorithms.getByKey(pSSParameterSpec.getDigestAlgorithm());
        }
        if (pSSParameterSpec.getMGFParameters() != null) {
            this.pssDigestAlgorithm = DigestAlgorithms.getByKey(((MGF1ParameterSpec) pSSParameterSpec.getMGFParameters()).getDigestAlgorithm());
        }
    }
}
