package com.google.crypto.tink.subtle;

import com.google.crypto.tink.PublicKeyVerify;
import com.google.crypto.tink.config.internal.TinkFipsUtil;
import com.google.crypto.tink.internal.BigIntegerEncoding;
import com.google.crypto.tink.subtle.Enums;
import com.google.errorprone.annotations.Immutable;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.interfaces.RSAPublicKey;

@Immutable
/* loaded from: classes3.dex */
public final class RsaSsaPkcs1VerifyJce implements PublicKeyVerify {

    /* renamed from: a, reason: collision with root package name */
    public final RSAPublicKey f25268a;

    /* renamed from: b, reason: collision with root package name */
    public final Enums.HashType f25269b;

    /* renamed from: com.google.crypto.tink.subtle.RsaSsaPkcs1VerifyJce$1, reason: invalid class name */
    /* loaded from: classes3.dex */
    public static /* synthetic */ class AnonymousClass1 {

        /* renamed from: a, reason: collision with root package name */
        public static final /* synthetic */ int[] f25270a;

        static {
            int[] iArr = new int[Enums.HashType.values().length];
            f25270a = iArr;
            try {
                iArr[2] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f25270a[3] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f25270a[4] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    public RsaSsaPkcs1VerifyJce(RSAPublicKey rSAPublicKey, Enums.HashType hashType) {
        if (!TinkFipsUtil.AlgorithmFipsCompatibility.f24270b.b()) {
            throw new GeneralSecurityException("Can not use RSA-PKCS1.5 in FIPS-mode, as BoringCrypto module is not available.");
        }
        Validators.e(hashType);
        Validators.c(rSAPublicKey.getModulus().bitLength());
        Validators.d(rSAPublicKey.getPublicExponent());
        this.f25268a = rSAPublicKey;
        this.f25269b = hashType;
    }

    public final void a(byte[] bArr, byte[] bArr2) {
        byte[] a3;
        RSAPublicKey rSAPublicKey = this.f25268a;
        BigInteger publicExponent = rSAPublicKey.getPublicExponent();
        BigInteger modulus = rSAPublicKey.getModulus();
        int bitLength = (modulus.bitLength() + 7) / 8;
        if (bitLength != bArr.length) {
            throw new GeneralSecurityException("invalid signature's length");
        }
        BigInteger a7 = BigIntegerEncoding.a(bArr);
        if (a7.compareTo(modulus) >= 0) {
            throw new GeneralSecurityException("signature out of range");
        }
        byte[] a8 = SubtleUtil.a(a7.modPow(publicExponent, modulus), bitLength);
        Enums.HashType hashType = this.f25269b;
        Validators.e(hashType);
        MessageDigest messageDigest = (MessageDigest) EngineFactory.f25233e.f25236a.b(SubtleUtil.c(hashType));
        messageDigest.update(bArr2);
        byte[] digest = messageDigest.digest();
        int ordinal = hashType.ordinal();
        int i = 2;
        if (ordinal == 2) {
            a3 = Hex.a("3031300d060960864801650304020105000420");
        } else if (ordinal == 3) {
            a3 = Hex.a("3041300d060960864801650304020205000430");
        } else {
            if (ordinal != 4) {
                throw new GeneralSecurityException("Unsupported hash " + hashType);
            }
            a3 = Hex.a("3051300d060960864801650304020305000440");
        }
        int length = a3.length + digest.length;
        if (bitLength < length + 11) {
            throw new GeneralSecurityException("intended encoded message length too short");
        }
        byte[] bArr3 = new byte[bitLength];
        bArr3[0] = 0;
        bArr3[1] = 1;
        int i5 = 0;
        while (i5 < (bitLength - length) - 3) {
            bArr3[i] = -1;
            i5++;
            i++;
        }
        int i7 = i + 1;
        bArr3[i] = 0;
        System.arraycopy(a3, 0, bArr3, i7, a3.length);
        System.arraycopy(digest, 0, bArr3, i7 + a3.length, digest.length);
        if (!MessageDigest.isEqual(a8, bArr3)) {
            throw new GeneralSecurityException("invalid signature");
        }
    }
}
