package com.aspose.html.utils.ms.core.bc.jcajce.provider;

import com.aspose.html.utils.ms.core.bc.asn1.pkcs.PKCSObjectIdentifiers;
import com.aspose.html.utils.ms.core.bc.asn1.x509.X509ObjectIdentifiers;
import com.aspose.html.utils.ms.core.bc.crypto.AsymmetricKey;
import com.aspose.html.utils.ms.core.bc.crypto.AsymmetricPrivateKey;
import com.aspose.html.utils.ms.core.bc.crypto.AsymmetricPublicKey;
import com.aspose.html.utils.ms.core.bc.crypto.DigestAlgorithm;
import com.aspose.html.utils.ms.core.bc.crypto.OutputSigner;
import com.aspose.html.utils.ms.core.bc.crypto.OutputVerifier;
import com.aspose.html.utils.ms.core.bc.crypto.Parameters;
import com.aspose.html.utils.ms.core.bc.crypto.SignatureOperatorFactory;
import com.aspose.html.utils.ms.core.bc.crypto.UpdateOutputStream;
import com.aspose.html.utils.ms.core.bc.crypto.fips.FipsAlgorithm;
import com.aspose.html.utils.ms.core.bc.crypto.fips.FipsDigestAlgorithm;
import com.aspose.html.utils.ms.core.bc.crypto.fips.FipsRSA;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.SignatureSpi;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;

/* loaded from: input_file:com/aspose/html/utils/ms/core/bc/jcajce/provider/BaseSignature.class */
class BaseSignature extends SignatureSpi implements PKCSObjectIdentifiers, X509ObjectIdentifiers {
    private static final byte TRAILER_IMPLICIT = -68;
    private final SignatureOperatorFactory operatorFactory;
    private final PublicKeyConverter publicKeyConverter;
    private final PrivateKeyConverter privateKeyConverter;
    private final BouncyCastleFipsProvider fipsProvider;
    private final AlgorithmParameterSpec originalSpec;
    protected Parameters parameters;
    protected OutputVerifier verifier;
    protected OutputSigner signer;
    protected UpdateOutputStream dataStream;
    protected AlgorithmParameters engineParams;
    protected AlgorithmParameterSpec paramSpec;
    protected AsymmetricKey key;

    /* JADX INFO: Access modifiers changed from: protected */
    public BaseSignature(BouncyCastleFipsProvider bouncyCastleFipsProvider, SignatureOperatorFactory signatureOperatorFactory, PublicKeyConverter publicKeyConverter, PrivateKeyConverter privateKeyConverter, Parameters parameters) {
        this.fipsProvider = bouncyCastleFipsProvider;
        this.operatorFactory = signatureOperatorFactory;
        this.publicKeyConverter = publicKeyConverter;
        this.privateKeyConverter = privateKeyConverter;
        this.parameters = parameters;
        this.originalSpec = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public BaseSignature(BouncyCastleFipsProvider bouncyCastleFipsProvider, SignatureOperatorFactory signatureOperatorFactory, PublicKeyConverter publicKeyConverter, PrivateKeyConverter privateKeyConverter, Parameters parameters, AlgorithmParameterSpec algorithmParameterSpec) {
        this.fipsProvider = bouncyCastleFipsProvider;
        this.operatorFactory = signatureOperatorFactory;
        this.publicKeyConverter = publicKeyConverter;
        this.privateKeyConverter = privateKeyConverter;
        this.parameters = parameters;
        this.paramSpec = algorithmParameterSpec;
        this.originalSpec = algorithmParameterSpec;
    }

    @Override // java.security.SignatureSpi
    protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
        this.key = this.publicKeyConverter.convertKey(this.parameters.getAlgorithm(), publicKey);
        this.verifier = this.operatorFactory.createVerifier((AsymmetricPublicKey) this.key, this.parameters);
        this.dataStream = this.verifier.getVerifyingStream();
    }

    @Override // java.security.SignatureSpi
    protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
        this.key = this.privateKeyConverter.convertKey(this.parameters.getAlgorithm(), privateKey);
        try {
            this.signer = (OutputSigner) Utils.addRandomIfNeeded(this.operatorFactory.createSigner((AsymmetricPrivateKey) this.key, this.parameters), this.fipsProvider.getDefaultSecureRandom());
            this.dataStream = this.signer.getSigningStream();
        } catch (Exception e) {
            throw new InvalidKeyException("Cannot initialize for signing: " + e.getMessage(), e);
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineInitSign(PrivateKey privateKey, SecureRandom secureRandom) throws InvalidKeyException {
        this.key = this.privateKeyConverter.convertKey(this.parameters.getAlgorithm(), privateKey);
        this.signer = (OutputSigner) Utils.addRandomIfNeeded(this.operatorFactory.createSigner((AsymmetricPrivateKey) this.key, this.parameters), secureRandom != null ? secureRandom : this.fipsProvider.getDefaultSecureRandom());
        this.dataStream = this.signer.getSigningStream();
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte b) throws SignatureException {
        this.dataStream.update(b);
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte[] bArr, int i, int i2) throws SignatureException {
        this.dataStream.update(bArr, i, i2);
    }

    @Override // java.security.SignatureSpi
    protected byte[] engineSign() throws SignatureException {
        try {
            return this.signer.getSignature();
        } catch (Exception e) {
            throw new SignatureException(e.toString(), e);
        }
    }

    @Override // java.security.SignatureSpi
    protected boolean engineVerify(byte[] bArr) throws SignatureException {
        try {
            return this.verifier.isVerified(bArr);
        } catch (Exception e) {
            throw new SignatureException(e.toString(), e);
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineSetParameter(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        if (algorithmParameterSpec == null) {
            if (this.originalSpec == null) {
                return;
            } else {
                algorithmParameterSpec = this.originalSpec;
            }
        }
        if (!(algorithmParameterSpec instanceof PSSParameterSpec)) {
            throw new InvalidAlgorithmParameterException("Only PSSParameterSpec supported");
        }
        PSSParameterSpec pSSParameterSpec = (PSSParameterSpec) algorithmParameterSpec;
        if (this.originalSpec instanceof PSSParameterSpec) {
            PSSParameterSpec pSSParameterSpec2 = (PSSParameterSpec) this.originalSpec;
            if (this.originalSpec != PSSParameterSpec.DEFAULT && !DigestUtil.isSameDigest(pSSParameterSpec2.getDigestAlgorithm(), pSSParameterSpec.getDigestAlgorithm())) {
                throw new InvalidAlgorithmParameterException("Parameter must be using " + pSSParameterSpec2.getDigestAlgorithm());
            }
        }
        if (!pSSParameterSpec.getMGFAlgorithm().equalsIgnoreCase("MGF1") && !pSSParameterSpec.getMGFAlgorithm().equals(PKCSObjectIdentifiers.id_mgf1.getId())) {
            throw new InvalidAlgorithmParameterException("Unknown mask generation function specified");
        }
        if (!(pSSParameterSpec.getMGFParameters() instanceof MGF1ParameterSpec)) {
            throw new InvalidAlgorithmParameterException("Unknown MGF parameters");
        }
        MGF1ParameterSpec mGF1ParameterSpec = (MGF1ParameterSpec) pSSParameterSpec.getMGFParameters();
        if (!DigestUtil.isSameDigest(mGF1ParameterSpec.getDigestAlgorithm(), pSSParameterSpec.getDigestAlgorithm())) {
            throw new InvalidAlgorithmParameterException("Digest algorithm for MGF should be the same as for PSS parameters.");
        }
        DigestAlgorithm digestID = DigestUtil.getDigestID(mGF1ParameterSpec.getDigestAlgorithm());
        if (digestID == null) {
            throw new InvalidAlgorithmParameterException("No match on MGF digest algorithm: " + mGF1ParameterSpec.getDigestAlgorithm());
        }
        if (!(digestID instanceof FipsAlgorithm)) {
            throw new InvalidAlgorithmParameterException("Digest algorithm not supported: " + mGF1ParameterSpec.getDigestAlgorithm());
        }
        this.parameters = FipsRSA.PSS.withDigestAlgorithm((FipsDigestAlgorithm) digestID).withMGFDigest((FipsDigestAlgorithm) digestID).withSaltLength(pSSParameterSpec.getSaltLength()).withTrailer(getPssTrailer(pSSParameterSpec.getTrailerField()));
        this.paramSpec = pSSParameterSpec;
        if (this.dataStream != null) {
            if (this.key instanceof AsymmetricPrivateKey) {
                this.signer = (OutputSigner) Utils.addRandomIfNeeded(this.operatorFactory.createSigner((AsymmetricPrivateKey) this.key, this.parameters), this.fipsProvider.getDefaultSecureRandom());
                this.dataStream = this.signer.getSigningStream();
            } else {
                this.verifier = this.operatorFactory.createVerifier((AsymmetricPublicKey) this.key, this.parameters);
                this.dataStream = this.verifier.getVerifyingStream();
            }
        }
    }

    private byte getPssTrailer(int i) {
        if (i == 1) {
            return (byte) -68;
        }
        throw new IllegalArgumentException("Unknown trailer field");
    }

    @Override // java.security.SignatureSpi
    protected AlgorithmParameters engineGetParameters() {
        if (this.engineParams == null && this.paramSpec != null) {
            try {
                this.engineParams = AlgorithmParameters.getInstance("PSS", this.fipsProvider);
                this.engineParams.init(this.paramSpec);
            } catch (Exception e) {
                throw new IllegalStateException(e.toString(), e);
            }
        }
        return this.engineParams;
    }

    @Override // java.security.SignatureSpi
    protected void engineSetParameter(String str, Object obj) {
        throw new UnsupportedOperationException("SetParameter unsupported");
    }

    @Override // java.security.SignatureSpi
    protected Object engineGetParameter(String str) {
        throw new UnsupportedOperationException("GetParameter unsupported");
    }
}
