package com.unbound.provider;

import com.unbound.common.crypto.SystemProvider;
import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.SignatureSpi;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;

/* loaded from: input_file:com/unbound/provider/RSASignaturePSS.class */
public class RSASignaturePSS extends SignatureSpi {
    private Signature pubSignature = null;
    private UBRSAPrivateKey prvKey = null;
    private MessageDigest md = null;
    private PSSParameterSpec pss = null;
    private int saltLen = 20;
    private HashType hash = HashType.SHA1;
    private HashType mgfHash = HashType.SHA1;

    @Override // java.security.SignatureSpi
    protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
        if (!(publicKey instanceof RSAPublicKey)) {
            throw new InvalidKeyException("Invalid key type");
        }
        try {
            this.pubSignature = SystemProvider.Signature.getInstance("RSASSA-PSS");
            if (this.pss == null) {
                this.pss = new PSSParameterSpec("SHA-1", "MGF1", null, 20, 1);
            }
            this.pubSignature.setParameter(this.pss);
            this.pubSignature.initVerify(publicKey);
        } catch (Throwable th) {
            throw new InvalidKeyException("engineInitVerify failed");
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
        if (!(privateKey instanceof UBRSAPrivateKey)) {
            throw new InvalidKeyException("Invalid key type");
        }
        this.prvKey = (UBRSAPrivateKey) privateKey;
        this.md = this.hash.getMessageDigest();
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte b) throws SignatureException {
        if (this.pubSignature != null) {
            this.pubSignature.update(b);
        } else {
            engineUpdate(new byte[]{b}, 0, 1);
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte[] bArr, int i, int i2) throws SignatureException {
        if (this.pubSignature != null) {
            this.pubSignature.update(bArr, i, i2);
        } else {
            this.md.update(bArr, i, i2);
        }
    }

    @Override // java.security.SignatureSpi
    protected byte[] engineSign() throws SignatureException {
        try {
            return this.prvKey.signPss(this.md.digest(), this.hash.kmipCode, this.mgfHash.kmipCode, this.saltLen);
        } catch (IOException e) {
            throw new ProviderException(e);
        }
    }

    @Override // java.security.SignatureSpi
    protected boolean engineVerify(byte[] bArr) throws SignatureException {
        return this.pubSignature.verify(bArr);
    }

    @Override // java.security.SignatureSpi
    protected void engineSetParameter(String str, Object obj) throws InvalidParameterException {
        throw new UnsupportedOperationException("setParameter() not supported");
    }

    @Override // java.security.SignatureSpi
    protected void engineSetParameter(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        if (algorithmParameterSpec == null) {
            throw new InvalidAlgorithmParameterException("Parameters cannot be null");
        }
        if (!(algorithmParameterSpec instanceof PSSParameterSpec)) {
            throw new InvalidAlgorithmParameterException("parameters must be type PSSParameterSpec");
        }
        PSSParameterSpec pSSParameterSpec = (PSSParameterSpec) algorithmParameterSpec;
        if (!pSSParameterSpec.getMGFAlgorithm().equalsIgnoreCase("MGF1")) {
            throw new InvalidAlgorithmParameterException("Only supports MGF1");
        }
        if (pSSParameterSpec.getTrailerField() != 1) {
            throw new InvalidAlgorithmParameterException("Only supports TrailerFieldBC(1)");
        }
        this.saltLen = pSSParameterSpec.getSaltLength();
        HashType fromName = HashType.getFromName(pSSParameterSpec.getDigestAlgorithm());
        this.hash = fromName;
        this.mgfHash = fromName;
        AlgorithmParameterSpec mGFParameters = pSSParameterSpec.getMGFParameters();
        if (mGFParameters != null) {
            this.mgfHash = HashType.getFromName(((MGF1ParameterSpec) mGFParameters).getDigestAlgorithm());
        }
        this.pss = pSSParameterSpec;
    }

    @Override // java.security.SignatureSpi
    protected Object engineGetParameter(String str) throws InvalidParameterException {
        throw new UnsupportedOperationException("getParameter() not supported");
    }

    @Override // java.security.SignatureSpi
    protected AlgorithmParameters engineGetParameters() {
        if (this.pss == null) {
            throw new ProviderException("Missing required PSS parameters");
        }
        try {
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("RSASSA-PSS");
            algorithmParameters.init(this.pss);
            return algorithmParameters;
        } catch (GeneralSecurityException e) {
            throw new ProviderException(e);
        }
    }
}
