package com.unbound.provider;

import com.dyadicsec.cryptoki.CK;
import com.unbound.common.crypto.SystemProvider;
import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.MGF1ParameterSpec;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.CipherSpi;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/unbound/provider/RSACipher.class */
public final class RSACipher extends CipherSpi {
    private static final byte[] B0 = new byte[0];
    private UBRSAPrivateKey prvKey = null;
    private RSAPublicKey pubKey = null;
    private SecureRandom secureRandom = null;
    private OAEPParameterSpec oaepSpec = null;
    private byte[] buffer = new byte[512];
    private int bufferSize = 0;
    private int bufferOffset = 0;
    private int opmode = 0;
    private boolean isOaep = false;
    private boolean isRaw = false;
    private int oaepHashBitSize = 0;
    private int oaepMgfBitSize = 0;
    private byte[] oaepSource = null;

    private static MGF1ParameterSpec mgfBitSizeToSpec(int i) throws InvalidAlgorithmParameterException {
        switch (i) {
            case CK.CKR_PIN_INCORRECT /* 160 */:
                return MGF1ParameterSpec.SHA1;
            case 256:
                return MGF1ParameterSpec.SHA256;
            case 384:
                return MGF1ParameterSpec.SHA384;
            case 512:
                return MGF1ParameterSpec.SHA512;
            default:
                throw new InvalidAlgorithmParameterException("Unsupported OAEP MGF hash algorithm");
        }
    }

    private static String hashBitSizeToName(int i) throws InvalidAlgorithmParameterException {
        switch (i) {
            case CK.CKR_PIN_INCORRECT /* 160 */:
                return "SHA-1";
            case 256:
                return "SHA-256";
            case 384:
                return "SHA-384";
            case 512:
                return "SHA-512";
            default:
                throw new InvalidAlgorithmParameterException("Unsupported OAEP hash algorithm");
        }
    }

    private static int hashBitSizeToKmipHashAlg(int i) {
        switch (i) {
            case CK.CKR_PIN_INCORRECT /* 160 */:
                return 4;
            case 256:
                return 6;
            case 384:
                return 7;
            case 512:
                return 8;
            default:
                return 0;
        }
    }

    private static String paddingTypeToName(boolean z, boolean z2, int i) throws InvalidAlgorithmParameterException {
        return z ? "NOPadding" : !z2 ? "PKCS1Padding" : "OAEPWith" + hashBitSizeToName(i) + "AndMGF1Padding";
    }

    private static int hashNameToBitSize(String str) throws InvalidAlgorithmParameterException {
        String upperCase = str.toUpperCase();
        if (upperCase.equals("SHA1") || upperCase.equals("SHA-1")) {
            return CK.CKR_PIN_INCORRECT;
        }
        if (upperCase.equals("SHA-256")) {
            return 256;
        }
        if (upperCase.equals("SHA-384")) {
            return 384;
        }
        if (upperCase.equals("SHA-512")) {
            return 512;
        }
        throw new InvalidAlgorithmParameterException("OAEP hash algorithm not supported: " + upperCase);
    }

    private static int oaepPaddingToHashBitSize(String str) throws NoSuchPaddingException {
        String upperCase = str.toUpperCase();
        if (upperCase.equals("OAEPPADDING")) {
            return CK.CKR_PIN_INCORRECT;
        }
        if (!upperCase.startsWith("OAEPWITH") || !upperCase.endsWith("ANDMGF1PADDING")) {
            throw new NoSuchPaddingException("padding not supported: " + upperCase);
        }
        try {
            return hashNameToBitSize(upperCase.substring(8, upperCase.length() - 14));
        } catch (InvalidAlgorithmParameterException e) {
            throw new NoSuchPaddingException("padding not supported: " + upperCase);
        }
    }

    private AlgorithmParameterSpec getParameterSpec() throws InvalidAlgorithmParameterException {
        if (this.oaepSpec == null) {
            if (!this.isOaep) {
                return null;
            }
            this.oaepSpec = new OAEPParameterSpec(hashBitSizeToName(this.oaepHashBitSize), "MGF1", mgfBitSizeToSpec(this.oaepMgfBitSize), PSource.PSpecified.DEFAULT);
        }
        return this.oaepSpec;
    }

    private void init(int i, Key key, AlgorithmParameterSpec algorithmParameterSpec) throws InvalidKeyException, InvalidAlgorithmParameterException {
        this.opmode = i;
        this.bufferOffset = 0;
        switch (i) {
            case 1:
            case 3:
                this.prvKey = null;
                if (!(key instanceof RSAPublicKey)) {
                    throw new InvalidKeyException("Invalid key type");
                }
                this.pubKey = (RSAPublicKey) key;
                this.bufferSize = (this.pubKey.getModulus().bitLength() + 7) / 8;
                break;
            case 2:
            case 4:
                this.pubKey = null;
                if (!(key instanceof UBRSAPrivateKey)) {
                    throw new InvalidKeyException("Invalid key type");
                }
                this.prvKey = (UBRSAPrivateKey) key;
                this.bufferSize = (this.prvKey.getBitSize() + 7) / 8;
                break;
            default:
                throw new InvalidKeyException("Unknown mode: " + i);
        }
        if (algorithmParameterSpec != null) {
            if (!this.isOaep) {
                throw new InvalidAlgorithmParameterException("Wrong padding parameter");
            }
            if (!(algorithmParameterSpec instanceof OAEPParameterSpec)) {
                throw new InvalidAlgorithmParameterException("Wrong Parameters for OAEP Padding");
            }
            this.oaepSpec = (OAEPParameterSpec) algorithmParameterSpec;
            this.oaepHashBitSize = hashNameToBitSize(this.oaepSpec.getDigestAlgorithm());
            String mGFAlgorithm = this.oaepSpec.getMGFAlgorithm();
            if (!mGFAlgorithm.toUpperCase().equals("MGF1")) {
                throw new InvalidAlgorithmParameterException("Unsupported MGF algorithm: " + mGFAlgorithm);
            }
            AlgorithmParameterSpec mGFParameters = this.oaepSpec.getMGFParameters();
            if (!(mGFParameters instanceof MGF1ParameterSpec)) {
                throw new InvalidAlgorithmParameterException("Unsupported MGF hash");
            }
            this.oaepMgfBitSize = hashNameToBitSize(((MGF1ParameterSpec) mGFParameters).getDigestAlgorithm());
            PSource pSource = this.oaepSpec.getPSource();
            if (!pSource.getAlgorithm().equals("PSpecified")) {
                throw new InvalidAlgorithmParameterException("Unsupported pSource " + pSource.getAlgorithm() + "; PSpecified only");
            }
            this.oaepSource = ((PSource.PSpecified) pSource).getValue();
        }
    }

    private void update(byte[] bArr, int i, int i2) {
        if (i2 == 0 || bArr == null) {
            return;
        }
        if (this.bufferOffset + i2 <= this.buffer.length) {
            System.arraycopy(bArr, i, this.buffer, this.bufferOffset, i2);
        }
        this.bufferOffset += i2;
    }

    private byte[] doFinal(Key key) throws BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException, IOException {
        if (this.pubKey != null) {
            Cipher base = SystemProvider.Cipher.getInstance("RSA/ECB/" + paddingTypeToName(this.isRaw, this.isOaep, this.oaepHashBitSize));
            base.init(this.opmode, this.pubKey, getParameterSpec(), this.secureRandom);
            return this.opmode == 3 ? base.wrap(key) : base.doFinal(this.buffer, 0, this.bufferOffset);
        }
        byte[] copyOfRange = Arrays.copyOfRange(this.buffer, 0, this.bufferOffset);
        int i = 0;
        int i2 = 0;
        int i3 = this.isOaep ? 2 : 8;
        if (this.isOaep) {
            i = hashBitSizeToKmipHashAlg(this.oaepHashBitSize);
            i2 = hashBitSizeToKmipHashAlg(this.oaepMgfBitSize);
        }
        return this.prvKey.decrypt(copyOfRange, i3, i, i2, this.oaepSource);
    }

    @Override // javax.crypto.CipherSpi
    protected void engineSetMode(String str) throws NoSuchAlgorithmException {
        String upperCase = str.toUpperCase();
        if (!upperCase.equals("NONE") && !upperCase.equals("ECB")) {
            throw new NoSuchAlgorithmException("Mode not supported: " + upperCase);
        }
    }

    @Override // javax.crypto.CipherSpi
    protected void engineSetPadding(String str) throws NoSuchPaddingException {
        String upperCase = str.toUpperCase();
        if (upperCase.equals("NOPADDING")) {
            this.isRaw = true;
            this.isOaep = false;
        } else if (upperCase.equals("PKCS1PADDING")) {
            this.isRaw = false;
            this.isOaep = false;
        } else if (upperCase.equals("OAEPPADDING")) {
            this.isRaw = false;
            this.isOaep = true;
        } else {
            if (!upperCase.startsWith("OAEPWITH") || !upperCase.endsWith("ANDMGF1PADDING")) {
                throw new NoSuchPaddingException("Unsupported padding: " + upperCase);
            }
            this.isRaw = false;
            this.isOaep = true;
        }
        if (this.isOaep) {
            this.oaepHashBitSize = oaepPaddingToHashBitSize(upperCase);
            this.oaepMgfBitSize = CK.CKR_PIN_INCORRECT;
        }
    }

    @Override // javax.crypto.CipherSpi
    protected int engineGetBlockSize() {
        return 0;
    }

    @Override // javax.crypto.CipherSpi
    protected int engineGetOutputSize(int i) {
        return this.bufferSize;
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineGetIV() {
        return null;
    }

    @Override // javax.crypto.CipherSpi
    protected AlgorithmParameters engineGetParameters() {
        try {
            AlgorithmParameterSpec parameterSpec = getParameterSpec();
            if (parameterSpec == null) {
                return null;
            }
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("OAEP");
            algorithmParameters.init(parameterSpec);
            return algorithmParameters;
        } catch (Throwable th) {
            throw new RuntimeException("Invalid algorithm parameters not supported");
        }
    }

    @Override // javax.crypto.CipherSpi
    protected void engineInit(int i, Key key, SecureRandom secureRandom) throws InvalidKeyException {
        this.secureRandom = secureRandom;
        try {
            init(i, key, null);
        } catch (InvalidAlgorithmParameterException e) {
            throw new InvalidKeyException("Wrong parameters", e);
        }
    }

    @Override // javax.crypto.CipherSpi
    protected void engineInit(int i, Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        this.secureRandom = secureRandom;
        init(i, key, algorithmParameterSpec);
    }

    @Override // javax.crypto.CipherSpi
    protected void engineInit(int i, Key key, AlgorithmParameters algorithmParameters, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        this.secureRandom = secureRandom;
        OAEPParameterSpec oAEPParameterSpec = null;
        if (algorithmParameters != null) {
            try {
                oAEPParameterSpec = (OAEPParameterSpec) algorithmParameters.getParameterSpec(OAEPParameterSpec.class);
            } catch (InvalidParameterSpecException e) {
                throw new InvalidKeyException("Wrong parameters", e);
            }
        }
        init(i, key, oAEPParameterSpec);
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineUpdate(byte[] bArr, int i, int i2) {
        update(bArr, i, i2);
        return B0;
    }

    @Override // javax.crypto.CipherSpi
    protected int engineUpdate(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException {
        update(bArr, i, i2);
        return 0;
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineDoFinal(byte[] bArr, int i, int i2) throws IllegalBlockSizeException, BadPaddingException {
        update(bArr, i, i2);
        if (this.bufferOffset > this.buffer.length) {
            throw new IllegalBlockSizeException("Input must be under " + this.buffer.length + " bytes");
        }
        try {
            return doFinal(null);
        } catch (Exception e) {
            throw new BadPaddingException("engineDoFinal failed");
        }
    }

    @Override // javax.crypto.CipherSpi
    protected int engineDoFinal(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException {
        byte[] engineDoFinal = engineDoFinal(bArr, i, i2);
        if (i3 + engineDoFinal.length > bArr2.length) {
            throw new ShortBufferException("Output buffer is too small");
        }
        System.arraycopy(engineDoFinal, 0, bArr2, i3, engineDoFinal.length);
        return engineDoFinal.length;
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineWrap(Key key) throws InvalidKeyException, IllegalBlockSizeException {
        byte[] encoded = key.getEncoded();
        if (encoded == null || encoded.length == 0) {
            throw new InvalidKeyException("Could not obtain encoded key");
        }
        if (encoded.length > this.buffer.length) {
            throw new InvalidKeyException("CKKey is too long for wrapping");
        }
        try {
            return doFinal(key);
        } catch (Exception e) {
            throw new InvalidKeyException("Wrapping failed", e);
        }
    }

    @Override // javax.crypto.CipherSpi
    protected Key engineUnwrap(byte[] bArr, String str, int i) throws InvalidKeyException, NoSuchAlgorithmException {
        if (i != 3) {
            throw new UnsupportedOperationException("wrappedKeyType == " + i);
        }
        if (bArr.length > this.buffer.length) {
            throw new InvalidKeyException("Key is too long for unwrapping");
        }
        try {
            return new SecretKeySpec(doFinal(null), str);
        } catch (Exception e) {
            throw new ProviderException(e);
        }
    }
}
