package ee.cyber.tse.v11.cryptolib.internal.impl;

import ee.cyber.tse.v11.cryptolib.internal.dto.SignatureMissingRequiredValuesException;
import ee.cyber.tse.v11.cryptolib.internal.dto.SignatureTseSzValueMismatchException;
import ee.cyber.tse.v11.cryptolib.internal.dto.SignatureUnknownSchemeException;
import ee.cyber.tse.v11.cryptolib.internal.dto.SignatureValidationFailedException;
import ee.cyber.tse.v11.cryptolib.internal.inter.EncodingOpInternal;
import ee.cyber.tse.v11.cryptolib.internal.inter.SignatureValidatorOpInternal;
import ee.cyber.tse.v11.cryptolib.internal.util.PSSSignerBackwardsCompat;
import ee.cyber.tse.v11.internal.log.Log;
import java.lang.reflect.Constructor;
import java.lang.reflect.Method;
import java.math.BigInteger;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import org.bouncycastle.asn1.x509.DigestInfo;
import org.bouncycastle.crypto.AsymmetricBlockCipher;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.digests.NullDigest;
import org.bouncycastle.crypto.engines.RSAEngine;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.signers.PSSSigner;
import org.bouncycastle.crypto.signers.RSADigestSigner;
import org.bouncycastle.jcajce.provider.util.DigestFactory;

@Metadata(d1 = {"\u0000P\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0000\n\u0002\u0010\u0005\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0013\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\b\u0000\u0018\u00002\u00020\u0001B\u000f\u0012\u0006\u0010+\u001a\u00020&¢\u0006\u0004\b,\u0010-J9\u0010\f\u001a\u0004\u0018\u00010\u000b2\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u0005\u001a\u00020\u00042\u0006\u0010\u0006\u001a\u00020\u00042\u0006\u0010\b\u001a\u00020\u00072\u0006\u0010\n\u001a\u00020\tH\u0002¢\u0006\u0004\b\f\u0010\rJ/\u0010\f\u001a\u00020\u00102\u0006\u0010\u0003\u001a\u00020\u000e2\u0006\u0010\u0005\u001a\u00020\u000f2\u0006\u0010\u0006\u001a\u00020\u000f2\u0006\u0010\b\u001a\u00020\u000eH\u0002¢\u0006\u0004\b\f\u0010\u0011Ji\u0010\u001c\u001a\u00020\u000e2\b\u0010\u0013\u001a\u0004\u0018\u00010\u00122\b\u0010\u0014\u001a\u0004\u0018\u00010\u00122\b\u0010\u0015\u001a\u0004\u0018\u00010\u00122\b\u0010\u0016\u001a\u0004\u0018\u00010\u00122\b\u0010\u0017\u001a\u0004\u0018\u00010\u00122\b\u0010\u0018\u001a\u0004\u0018\u00010\u00122\b\u0010\u0019\u001a\u0004\u0018\u00010\u00122\b\u0010\u001a\u001a\u0004\u0018\u00010\u00122\b\u0010\u001b\u001a\u0004\u0018\u00010\u000fH\u0016¢\u0006\u0004\b\u001c\u0010\u001dJ?\u0010\"\u001a\u00020\u000e2\u0006\u0010\u0015\u001a\u00020\u00122\u0006\u0010\u001e\u001a\u00020\u00122\u0006\u0010\u0017\u001a\u00020\u00122\u0006\u0010\u001f\u001a\u00020\u00122\u0006\u0010 \u001a\u00020\u000f2\u0006\u0010!\u001a\u00020\u000fH\u0000¢\u0006\u0004\b\"\u0010#JG\u0010$\u001a\u00020\u000e2\u0006\u0010\u0015\u001a\u00020\u00122\u0006\u0010\u001e\u001a\u00020\u00122\u0006\u0010\u0017\u001a\u00020\u00122\u0006\u0010\u001f\u001a\u00020\u00122\u0006\u0010\u0019\u001a\u00020\u00122\u0006\u0010 \u001a\u00020\u000f2\u0006\u0010!\u001a\u00020\u000fH\u0000¢\u0006\u0004\b$\u0010%R\u0014\u0010(\u001a\u00020&8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\f\u0010'R\u0018\u0010!\u001a\u0006*\u00020)0)8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b(\u0010*"}, d2 = {"Lee/cyber/tse/v11/cryptolib/internal/impl/SignatureValidatorOpImpl;", "Lee/cyber/tse/v11/cryptolib/internal/inter/SignatureValidatorOpInternal;", "Lorg/bouncycastle/crypto/AsymmetricBlockCipher;", "p0", "Lorg/bouncycastle/crypto/Digest;", "p1", "p2", "", "p3", "", "p4", "Lorg/bouncycastle/crypto/Signer;", "a", "(Lorg/bouncycastle/crypto/AsymmetricBlockCipher;Lorg/bouncycastle/crypto/Digest;Lorg/bouncycastle/crypto/Digest;[B)Lorg/bouncycastle/crypto/Signer;", "", "Ljava/math/BigInteger;", "Lorg/bouncycastle/crypto/params/RSAKeyParameters;", "(Ljava/math/BigInteger;Ljava/math/BigInteger;)Lorg/bouncycastle/crypto/params/RSAKeyParameters;", "", "szSignatureSchemeName", "szSignatureMessageDigestAlgorithm", "szSignatureValueInBase64", "originalSignatureScheme", "originalMessageDigestAlgorithm", "originalMessageDigestValueInBase64", "originalSignatureSaltInBase64", "keyCompositeModulusNInBase64", "keyPublicVerificationExponentE", "isSecureZoneSignatureValid", "(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/math/BigInteger;)Z", "originalSignatureSchemeName", "originalMessageInBase64", "n", "e", "isSecureZoneRsaSsaPkcs1v1p5SignatureValid$tse_release", "(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/math/BigInteger;Ljava/math/BigInteger;)Z", "isSecureZoneRsaSsaPssSignatureValid$tse_release", "(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/math/BigInteger;Ljava/math/BigInteger;)Z", "Lee/cyber/tse/v11/cryptolib/internal/inter/EncodingOpInternal;", "Lee/cyber/tse/v11/cryptolib/internal/inter/EncodingOpInternal;", "b", "Lee/cyber/tse/v11/internal/log/Log;", "Lee/cyber/tse/v11/internal/log/Log;", "encodingOp", "<init>", "(Lee/cyber/tse/v11/cryptolib/internal/inter/EncodingOpInternal;)V"}, k = 1, mv = {1, 8, 0})
/* loaded from: classes2.dex */
public final class SignatureValidatorOpImpl implements SignatureValidatorOpInternal {

    /* renamed from: a, reason: from kotlin metadata */
    private final EncodingOpInternal b;

    /* renamed from: b, reason: from kotlin metadata */
    private final Log e;

    public SignatureValidatorOpImpl(EncodingOpInternal encodingOpInternal) {
        Intrinsics.checkNotNullParameter(encodingOpInternal, "");
        this.b = encodingOpInternal;
        this.e = Log.getInstance(this);
    }

    private static Signer a(AsymmetricBlockCipher asymmetricBlockCipher, Digest digest, Digest digest2, byte[] bArr) {
        try {
            Method method = PSSSigner.class.getMethod("createRawSigner", AsymmetricBlockCipher.class, Digest.class, Digest.class, byte[].class, Byte.TYPE);
            if (method == null) {
                return null;
            }
            return (Signer) method.invoke(null, asymmetricBlockCipher, digest, digest2, bArr, (byte) -68);
        } catch (Throwable unused) {
            return null;
        }
    }

    private final RSAKeyParameters a(BigInteger bigInteger, BigInteger bigInteger2) {
        try {
            Class cls = Boolean.TYPE;
            Constructor constructor = RSAKeyParameters.class.getConstructor(cls, BigInteger.class, BigInteger.class, cls);
            if (constructor != null) {
                Object newInstance = constructor.newInstance(Boolean.FALSE, bigInteger, bigInteger2, Boolean.TRUE);
                Intrinsics.checkNotNullExpressionValue(newInstance, "");
                return (RSAKeyParameters) newInstance;
            }
        } catch (Throwable unused) {
            this.e.d("createRsaKeyParametersBasedOnBcVersionAvailable new constructor not available. Defaulting to the old RSAKeyParameters");
        }
        return new RSAKeyParameters(false, bigInteger, bigInteger2);
    }

    public final boolean isSecureZoneRsaSsaPkcs1v1p5SignatureValid$tse_release(String szSignatureValueInBase64, String originalSignatureSchemeName, String originalMessageDigestAlgorithm, String originalMessageInBase64, BigInteger n, BigInteger e) {
        Intrinsics.checkNotNullParameter(szSignatureValueInBase64, "");
        Intrinsics.checkNotNullParameter(originalSignatureSchemeName, "");
        Intrinsics.checkNotNullParameter(originalMessageDigestAlgorithm, "");
        Intrinsics.checkNotNullParameter(originalMessageInBase64, "");
        Intrinsics.checkNotNullParameter(n, "");
        Intrinsics.checkNotNullParameter(e, "");
        try {
            RSAKeyParameters a = a(n, e);
            RSADigestSigner rSADigestSigner = new RSADigestSigner(new NullDigest());
            rSADigestSigner.init(false, a);
            byte[] encoded = new DigestInfo(this.b.getTseDigestAlgorithmIdentifierFinderWithDerNull().find(this.b.getSupportedStandardDigestAlgorithmNameFromSzDigestAlgorithmNameOrThrow(originalMessageDigestAlgorithm)), this.b.decodeBytesFromBase64(originalMessageInBase64)).getEncoded();
            Intrinsics.checkNotNullExpressionValue(encoded, "");
            rSADigestSigner.update(encoded, 0, encoded.length);
            return rSADigestSigner.verifySignature(this.b.decodeBytesFromBase64(szSignatureValueInBase64));
        } catch (Throwable th) {
            StringBuilder sb = new StringBuilder("Signature ");
            sb.append(originalSignatureSchemeName);
            sb.append(' ');
            sb.append(originalMessageDigestAlgorithm);
            sb.append(" validation failed. Unknown issue, see the trace.");
            throw new SignatureValidationFailedException(sb.toString(), th);
        }
    }

    public final boolean isSecureZoneRsaSsaPssSignatureValid$tse_release(String szSignatureValueInBase64, String originalSignatureSchemeName, String originalMessageDigestAlgorithm, String originalMessageInBase64, String originalSignatureSaltInBase64, BigInteger n, BigInteger e) {
        Intrinsics.checkNotNullParameter(szSignatureValueInBase64, "");
        Intrinsics.checkNotNullParameter(originalSignatureSchemeName, "");
        Intrinsics.checkNotNullParameter(originalMessageDigestAlgorithm, "");
        Intrinsics.checkNotNullParameter(originalMessageInBase64, "");
        Intrinsics.checkNotNullParameter(originalSignatureSaltInBase64, "");
        Intrinsics.checkNotNullParameter(n, "");
        Intrinsics.checkNotNullParameter(e, "");
        try {
            RSAKeyParameters a = a(n, e);
            String supportedStandardDigestAlgorithmNameFromSzDigestAlgorithmNameOrThrow = this.b.getSupportedStandardDigestAlgorithmNameFromSzDigestAlgorithmNameOrThrow(originalMessageDigestAlgorithm);
            Digest digest = DigestFactory.getDigest(supportedStandardDigestAlgorithmNameFromSzDigestAlgorithmNameOrThrow);
            Digest digest2 = DigestFactory.getDigest(supportedStandardDigestAlgorithmNameFromSzDigestAlgorithmNameOrThrow);
            byte[] decodeBytesFromBase64 = this.b.decodeBytesFromBase64(originalSignatureSaltInBase64);
            RSAEngine rSAEngine = new RSAEngine();
            Intrinsics.checkNotNullExpressionValue(digest, "");
            Intrinsics.checkNotNullExpressionValue(digest2, "");
            Signer a2 = a(rSAEngine, digest, digest2, decodeBytesFromBase64);
            if (a2 != null) {
                this.e.d("createPssSignerBasedOnBcVersionAvailable - using a PSSSigner from Bouncy Castle");
            } else {
                this.e.d("createPssSignerBasedOnBcVersionAvailable - using a Compat implementation for PSSSigner");
                a2 = PSSSignerBackwardsCompat.createRawSigner(rSAEngine, digest, digest2, decodeBytesFromBase64, (byte) -68);
                Intrinsics.checkNotNullExpressionValue(a2, "");
            }
            a2.init(false, a);
            byte[] decodeBytesFromBase642 = this.b.decodeBytesFromBase64(originalMessageInBase64);
            a2.update(decodeBytesFromBase642, 0, decodeBytesFromBase642.length);
            return a2.verifySignature(this.b.decodeBytesFromBase64(szSignatureValueInBase64));
        } catch (Throwable th) {
            StringBuilder sb = new StringBuilder("Signature ");
            sb.append(originalSignatureSchemeName);
            sb.append(' ');
            sb.append(originalMessageDigestAlgorithm);
            sb.append(" validation failed. Unknown issue, see the trace.");
            throw new SignatureValidationFailedException(sb.toString(), th);
        }
    }

    @Override // ee.cyber.tse.v11.cryptolib.internal.inter.SignatureValidatorOpInternal
    public final boolean isSecureZoneSignatureValid(String szSignatureSchemeName, String szSignatureMessageDigestAlgorithm, String szSignatureValueInBase64, String originalSignatureScheme, String originalMessageDigestAlgorithm, String originalMessageDigestValueInBase64, String originalSignatureSaltInBase64, String keyCompositeModulusNInBase64, BigInteger keyPublicVerificationExponentE) {
        if (originalSignatureScheme == null || originalSignatureScheme.length() == 0) {
            throw new SignatureMissingRequiredValuesException("Signature validation failed. Missing the required original scheme value.");
        }
        if (!Intrinsics.areEqual(originalSignatureScheme, szSignatureSchemeName)) {
            StringBuilder sb = new StringBuilder("Signature validation failed. The original signature scheme ");
            sb.append(originalSignatureScheme);
            sb.append(" differs from the one returned from SecureZone: ");
            sb.append(szSignatureSchemeName);
            sb.append('.');
            throw new SignatureTseSzValueMismatchException(sb.toString());
        }
        if (originalMessageDigestAlgorithm == null || originalMessageDigestAlgorithm.length() == 0) {
            throw new SignatureMissingRequiredValuesException("Signature validation failed. Missing the original digest algorithm name value.");
        }
        if (szSignatureMessageDigestAlgorithm == null || szSignatureMessageDigestAlgorithm.length() == 0) {
            throw new SignatureMissingRequiredValuesException("Signature validation failed. Missing the SZ digest algorithm name value.");
        }
        String supportedStandardDigestAlgorithmNameFromSzDigestAlgorithmNameOrThrow = this.b.getSupportedStandardDigestAlgorithmNameFromSzDigestAlgorithmNameOrThrow(originalMessageDigestAlgorithm);
        String supportedStandardDigestAlgorithmNameFromSzDigestAlgorithmNameOrThrow2 = this.b.getSupportedStandardDigestAlgorithmNameFromSzDigestAlgorithmNameOrThrow(szSignatureMessageDigestAlgorithm);
        if (!Intrinsics.areEqual(supportedStandardDigestAlgorithmNameFromSzDigestAlgorithmNameOrThrow, supportedStandardDigestAlgorithmNameFromSzDigestAlgorithmNameOrThrow2)) {
            StringBuilder sb2 = new StringBuilder("Signature validation failed. The original digest standard name ");
            sb2.append(supportedStandardDigestAlgorithmNameFromSzDigestAlgorithmNameOrThrow);
            sb2.append(" differs from the standard name returned from SecureZone: ");
            sb2.append(supportedStandardDigestAlgorithmNameFromSzDigestAlgorithmNameOrThrow2);
            sb2.append('.');
            throw new SignatureTseSzValueMismatchException(sb2.toString());
        }
        if (szSignatureValueInBase64 == null || szSignatureValueInBase64.length() == 0) {
            throw new SignatureMissingRequiredValuesException("Signature validation failed. Missing the required Secure Zone signature value.");
        }
        if (originalMessageDigestValueInBase64 == null || originalMessageDigestValueInBase64.length() == 0) {
            throw new SignatureMissingRequiredValuesException("Signature validation failed. Missing the required original message digest value.");
        }
        if (Intrinsics.areEqual(originalSignatureScheme, "RSASSA-PSS") && (originalSignatureSaltInBase64 == null || originalSignatureSaltInBase64.length() == 0)) {
            throw new SignatureMissingRequiredValuesException("Signature validation failed. Missing the required RSASSA-PSS salt value.");
        }
        if (keyCompositeModulusNInBase64 == null || keyCompositeModulusNInBase64.length() == 0) {
            return true;
        }
        if (keyPublicVerificationExponentE == null) {
            throw new SignatureMissingRequiredValuesException("Signature validation failed. Missing the required public verification exponent e value.");
        }
        if (Intrinsics.areEqual("RSASSA-PKCS1-v1_5", originalSignatureScheme)) {
            return isSecureZoneRsaSsaPkcs1v1p5SignatureValid$tse_release(szSignatureValueInBase64, originalSignatureScheme, originalMessageDigestAlgorithm, originalMessageDigestValueInBase64, this.b.decodeDecimalFromBase64(keyCompositeModulusNInBase64), keyPublicVerificationExponentE);
        }
        if (Intrinsics.areEqual("RSASSA-PSS", originalSignatureScheme)) {
            Intrinsics.checkNotNull(originalSignatureSaltInBase64);
            return isSecureZoneRsaSsaPssSignatureValid$tse_release(szSignatureValueInBase64, originalSignatureScheme, originalMessageDigestAlgorithm, originalMessageDigestValueInBase64, originalSignatureSaltInBase64, this.b.decodeDecimalFromBase64(keyCompositeModulusNInBase64), keyPublicVerificationExponentE);
        }
        StringBuilder sb3 = new StringBuilder("Signature ");
        sb3.append(originalSignatureScheme);
        sb3.append(' ');
        sb3.append(originalMessageDigestAlgorithm);
        sb3.append(" validation failed. Unsupported scheme \"");
        sb3.append(originalSignatureScheme);
        sb3.append("\".");
        throw new SignatureUnknownSchemeException(sb3.toString());
    }
}
