package ee.cyber.tse.v11.cryptolib.internal.impl;

import android.util.Base64;
import ee.cyber.tse.v11.cryptolib.internal.dto.TseSignatureShare;
import ee.cyber.tse.v11.cryptolib.internal.inter.CryptoOpInternal;
import ee.cyber.tse.v11.cryptolib.internal.inter.EncodingOpInternal;
import ee.cyber.tse.v11.cryptolib.internal.inter.RandomGenerationOpInternal;
import ee.cyber.tse.v11.cryptolib.internal.inter.SigningOpInternal;
import ee.cyber.tse.v11.cryptolib.internal.util.RsaSsaPssUtil;
import ee.cyber.tse.v11.cryptolib.internal.util.ValidationUtil;
import ee.cyber.tse.v11.inter.cryptolib.dto.CryptoRuntimeException;
import ee.cyber.tse.v11.internal.dto.ClientShare;
import java.io.ByteArrayOutputStream;
import java.io.Serializable;
import java.math.BigInteger;
import java.util.Arrays;
import org.bouncycastle.asn1.x509.DigestInfo;
import org.bouncycastle.jcajce.provider.util.DigestFactory;

/* loaded from: classes2.dex */
public final class SigningOpImpl implements SigningOpInternal {
    private final CryptoOpInternal b;

    /* renamed from: c, reason: collision with root package name */
    private final RandomGenerationOpInternal f2956c;
    private final EncodingOpInternal d;

    public SigningOpImpl(EncodingOpInternal encodingOpInternal, CryptoOpInternal cryptoOpInternal, RandomGenerationOpInternal randomGenerationOpInternal) {
        this.d = encodingOpInternal;
        this.b = cryptoOpInternal;
        this.f2956c = randomGenerationOpInternal;
    }

    private static void e(BigInteger bigInteger, int i) {
        if (bigInteger == null || bigInteger.compareTo(BigInteger.ZERO) <= 0 || bigInteger.compareTo(new BigInteger("2").pow(i)) >= 0) {
            throw new CryptoRuntimeException(114, "Message representative out of range");
        }
    }

    protected final Object clone() {
        throw new CloneNotSupportedException();
    }

    public final byte[] createPaddedMessageForSchemeRsaSsaPkcs1(String str, int i, String str2) {
        try {
            int i2 = (i + 7) / 8;
            byte[] decode = Base64.decode(str, 0);
            String supportedStandardDigestAlgorithmNameFromSzDigestAlgorithmNameOrThrow = this.d.getSupportedStandardDigestAlgorithmNameFromSzDigestAlgorithmNameOrThrow(str2);
            if (decode.length != DigestFactory.getDigest(supportedStandardDigestAlgorithmNameFromSzDigestAlgorithmNameOrThrow).getDigestSize()) {
                throw new CryptoRuntimeException(113, String.format("Incorrect hash length for %1s algorithm", supportedStandardDigestAlgorithmNameFromSzDigestAlgorithmNameOrThrow));
            }
            byte[] encoded = new DigestInfo(this.d.getTseDigestAlgorithmIdentifierFinderWithDerNull().find(supportedStandardDigestAlgorithmNameFromSzDigestAlgorithmNameOrThrow), decode).getEncoded();
            int length = encoded.length;
            if (i2 < length + 11) {
                throw new CryptoRuntimeException(110, "Intended encoded message length too short");
            }
            int i3 = (i2 - length) - 3;
            if (i3 < 8) {
                throw new CryptoRuntimeException(111, "Padding too short");
            }
            byte[] bArr = new byte[i3];
            Arrays.fill(bArr, (byte) -1);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(new byte[]{0, 1});
            byteArrayOutputStream.write(bArr);
            byteArrayOutputStream.write(new byte[]{0});
            byteArrayOutputStream.write(encoded);
            return byteArrayOutputStream.toByteArray();
        } catch (CryptoRuntimeException e) {
            throw e;
        } catch (Throwable th) {
            StringBuilder sb = new StringBuilder("RSASSA-PKCS1 padded message creation failed.\n");
            sb.append(th.getMessage());
            throw new CryptoRuntimeException(CryptoRuntimeException.ERROR_CODE_PADDED_MESSAGE_CREATION_DURING_SIGNING_FAILED, sb.toString());
        }
    }

    public final BigInteger createPaddedMessageForSchemeRsaSsaPss(String str, String str2, String str3, int i) {
        try {
            String supportedStandardDigestAlgorithmNameFromSzDigestAlgorithmNameOrThrow = this.d.getSupportedStandardDigestAlgorithmNameFromSzDigestAlgorithmNameOrThrow(str2);
            return RsaSsaPssUtil.encodeMessage(this.d.decodeBytesFromBase64(str), DigestFactory.getDigest(supportedStandardDigestAlgorithmNameFromSzDigestAlgorithmNameOrThrow), i, this.d.decodeBytesFromBase64(str3));
        } catch (CryptoRuntimeException e) {
            throw e;
        } catch (Throwable th) {
            StringBuilder sb = new StringBuilder("RSASSA-PSS padded message creation failed.\n");
            sb.append(th.getMessage());
            throw new CryptoRuntimeException(CryptoRuntimeException.ERROR_CODE_PADDED_MESSAGE_CREATION_DURING_SIGNING_FAILED, sb.toString());
        }
    }

    @Override // ee.cyber.tse.v11.cryptolib.internal.inter.SigningOpInternal
    public final String generateRsaSsaPssSignatureSalt(String str) {
        int length = this.d.decodeBytesFromBase64(str).length;
        return this.d.encodeBytesToBase64(length == 0 ? new byte[0] : this.f2956c.generateRandomBytes(length));
    }

    @Override // ee.cyber.tse.v11.cryptolib.internal.inter.SigningOpInternal
    public final TseSignatureShare sign(ClientShare clientShare, String str, int i, String str2, String str3, String str4, String str5) {
        BigInteger decryptKey = this.b.decryptKey(clientShare, str2);
        BigInteger decodeDecimalFromBase64 = this.d.decodeDecimalFromBase64(str);
        if ("RSASSA-PKCS1-v1_5".equals(str3)) {
            return signWithSchemeRsaSsaPkcs1(decryptKey, decodeDecimalFromBase64, i, str4, str5);
        }
        if ("RSASSA-PSS".equals(str3)) {
            return signWithSchemeRsaSsaPss(decryptKey, decodeDecimalFromBase64, i, generateRsaSsaPssSignatureSalt(str4), str4, str5);
        }
        StringBuilder sb = new StringBuilder("Unsupported signature scheme \"");
        sb.append(str3);
        sb.append("\"");
        throw new CryptoRuntimeException(126, sb.toString());
    }

    public final TseSignatureShare signWithSchemeRsaSsaPkcs1(BigInteger bigInteger, BigInteger bigInteger2, int i, String str, String str2) {
        ValidationUtil.throwIfEmpty(str, "messageDigestInBase64 can't be empty");
        ValidationUtil.throwIfEmpty(str2, "messageDigestAlgorithmName can't be empty");
        ValidationUtil.throwIfNull((Serializable) bigInteger, "dPrime can't be empty");
        ValidationUtil.throwIfNull((Serializable) bigInteger2, "n1 can't be empty");
        BigInteger bigInteger3 = new BigInteger(createPaddedMessageForSchemeRsaSsaPkcs1(str, i, str2));
        e(bigInteger3, i);
        return new TseSignatureShare(this.d.encodeDecimalToBase64(bigInteger3.modPow(bigInteger, bigInteger2)), null);
    }

    public final TseSignatureShare signWithSchemeRsaSsaPss(BigInteger bigInteger, BigInteger bigInteger2, int i, String str, String str2, String str3) {
        ValidationUtil.throwIfNull((Serializable) bigInteger, "dPrime can't be null");
        ValidationUtil.throwIfNull((Serializable) bigInteger2, "n1 can't be null");
        ValidationUtil.throwIfEmpty(str, "saltInBase64 can't be empty");
        ValidationUtil.throwIfEmpty(str2, "messageDigestInBase64 can't be empty");
        ValidationUtil.throwIfEmpty(str3, "messageDigestAlgorithmName can't be empty");
        BigInteger createPaddedMessageForSchemeRsaSsaPss = createPaddedMessageForSchemeRsaSsaPss(str2, str3, str, i);
        e(createPaddedMessageForSchemeRsaSsaPss, i);
        return new TseSignatureShare(this.d.encodeDecimalToBase64(createPaddedMessageForSchemeRsaSsaPss.modPow(bigInteger, bigInteger2)), str);
    }
}
