package com.tencent.kona.sun.security.rsa;

import A1.I;
import D9.q;
import com.tencent.kona.sun.security.action.GetPropertyAction;
import com.tencent.kona.sun.security.rsa.RSAUtil;
import com.unity3d.ads.core.data.datasource.AndroidStaticDeviceInfoDataSource;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactorySpi;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.interfaces.RSAKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;

/* loaded from: classes.dex */
public class RSAKeyFactory extends KeyFactorySpi {
    public static final int MAX_MODLEN = 16384;
    public static final int MAX_MODLEN_RESTRICT_EXP = 3072;
    public static final int MAX_RESTRICTED_EXPLEN = 64;
    public static final int MIN_MODLEN = 512;
    private final RSAUtil.KeyType type;
    private static final Class<?> RSA_PUB_KEYSPEC_CLS = RSAPublicKeySpec.class;
    private static final Class<?> RSA_PRIV_KEYSPEC_CLS = RSAPrivateKeySpec.class;
    private static final Class<?> RSA_PRIVCRT_KEYSPEC_CLS = RSAPrivateCrtKeySpec.class;
    private static final Class<?> X509_KEYSPEC_CLS = X509EncodedKeySpec.class;
    private static final Class<?> PKCS8_KEYSPEC_CLS = PKCS8EncodedKeySpec.class;
    private static final boolean restrictExpLen = "true".equalsIgnoreCase(GetPropertyAction.privilegedGetProperty("com.tencent.rsa.restrictRSAExponent", "true"));

    /* loaded from: classes.dex */
    public static final class Legacy extends RSAKeyFactory {
        public Legacy() {
            super(RSAUtil.KeyType.RSA);
        }
    }

    /* loaded from: classes.dex */
    public static final class PSS extends RSAKeyFactory {
        public PSS() {
            super(RSAUtil.KeyType.PSS);
        }
    }

    private RSAKeyFactory() {
        this.type = RSAUtil.KeyType.RSA;
    }

    public RSAKeyFactory(RSAUtil.KeyType keyType) {
        this.type = keyType;
    }

    public static void checkKeyAlgo(Key key, String str) throws InvalidKeyException {
        String algorithm = key.getAlgorithm();
        if (algorithm == null || !algorithm.equalsIgnoreCase(str)) {
            throw new InvalidKeyException(I.k("Expected a ", str, " key, but got ", algorithm));
        }
    }

    public static void checkKeyLengths(int i5, BigInteger bigInteger, int i10, int i11) throws InvalidKeyException {
        if (i10 > 0 && i5 < i10) {
            throw new InvalidKeyException(q.h(i10, "RSA keys must be at least ", " bits long"));
        }
        int min = Math.min(i11, MAX_MODLEN);
        if (i5 > min) {
            throw new InvalidKeyException(q.h(min, "RSA keys must be no longer than ", " bits"));
        }
        if (restrictExpLen && bigInteger != null && i5 > 3072 && bigInteger.bitLength() > 64) {
            throw new InvalidKeyException("RSA exponents can be no longer than 64 bits  if modulus is greater than 3072 bits");
        }
    }

    public static void checkRSAProviderKeyLengths(int i5, BigInteger bigInteger) throws InvalidKeyException {
        checkKeyLengths((i5 + 7) & (-8), bigInteger, 512, Integer.MAX_VALUE);
    }

    private PrivateKey generatePrivate(KeySpec keySpec) throws GeneralSecurityException {
        if (keySpec instanceof PKCS8EncodedKeySpec) {
            byte[] encoded = ((PKCS8EncodedKeySpec) keySpec).getEncoded();
            try {
                return RSAPrivateCrtKeyImpl.newKey(this.type, "PKCS#8", encoded);
            } finally {
                Arrays.fill(encoded, (byte) 0);
            }
        }
        if (keySpec instanceof RSAPrivateCrtKeySpec) {
            RSAPrivateCrtKeySpec rSAPrivateCrtKeySpec = (RSAPrivateCrtKeySpec) keySpec;
            try {
                return new RSAPrivateCrtKeyImpl(this.type, RSAUtil.SUPPORT_PSS ? rSAPrivateCrtKeySpec.getParams() : null, rSAPrivateCrtKeySpec.getModulus(), rSAPrivateCrtKeySpec.getPublicExponent(), rSAPrivateCrtKeySpec.getPrivateExponent(), rSAPrivateCrtKeySpec.getPrimeP(), rSAPrivateCrtKeySpec.getPrimeQ(), rSAPrivateCrtKeySpec.getPrimeExponentP(), rSAPrivateCrtKeySpec.getPrimeExponentQ(), rSAPrivateCrtKeySpec.getCrtCoefficient());
            } catch (ProviderException e9) {
                throw new InvalidKeySpecException(e9);
            }
        }
        if (!(keySpec instanceof RSAPrivateKeySpec)) {
            throw new InvalidKeySpecException("Only RSAPrivate(Crt)KeySpec and PKCS8EncodedKeySpec supported for RSA private keys");
        }
        RSAPrivateKeySpec rSAPrivateKeySpec = (RSAPrivateKeySpec) keySpec;
        try {
            return new RSAPrivateKeyImpl(this.type, RSAUtil.SUPPORT_PSS ? rSAPrivateKeySpec.getParams() : null, rSAPrivateKeySpec.getModulus(), rSAPrivateKeySpec.getPrivateExponent());
        } catch (ProviderException e10) {
            throw new InvalidKeySpecException(e10);
        }
    }

    private PublicKey generatePublic(KeySpec keySpec) throws GeneralSecurityException {
        if (keySpec instanceof X509EncodedKeySpec) {
            return RSAPublicKeyImpl.newKey(this.type, AndroidStaticDeviceInfoDataSource.CERTIFICATE_TYPE_X509, ((X509EncodedKeySpec) keySpec).getEncoded());
        }
        if (!(keySpec instanceof RSAPublicKeySpec)) {
            throw new InvalidKeySpecException("Only RSAPublicKeySpec and X509EncodedKeySpec supported for RSA public keys");
        }
        RSAPublicKeySpec rSAPublicKeySpec = (RSAPublicKeySpec) keySpec;
        try {
            return new RSAPublicKeyImpl(this.type, RSAUtil.SUPPORT_PSS ? rSAPublicKeySpec.getParams() : null, rSAPublicKeySpec.getModulus(), rSAPublicKeySpec.getPublicExponent());
        } catch (ProviderException e9) {
            throw new InvalidKeySpecException(e9);
        }
    }

    public static RSAKeyFactory getInstance(RSAUtil.KeyType keyType) {
        return new RSAKeyFactory(keyType);
    }

    public static RSAKey toRSAKey(Key key) throws InvalidKeyException {
        if (key == null) {
            throw new InvalidKeyException("Key must not be null");
        }
        if ((key instanceof RSAPrivateKeyImpl) || (key instanceof RSAPrivateCrtKeyImpl) || (key instanceof RSAPublicKeyImpl)) {
            return (RSAKey) key;
        }
        try {
            return (RSAKey) getInstance(RSAUtil.KeyType.lookup(key.getAlgorithm())).engineTranslateKey(key);
        } catch (ProviderException e9) {
            throw new InvalidKeyException(e9);
        }
    }

    private PrivateKey translatePrivateKey(PrivateKey privateKey) throws InvalidKeyException {
        if (privateKey instanceof RSAPrivateCrtKey) {
            RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) privateKey;
            try {
                return new RSAPrivateCrtKeyImpl(this.type, RSAUtil.SUPPORT_PSS ? rSAPrivateCrtKey.getParams() : null, rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent(), rSAPrivateCrtKey.getPrivateExponent(), rSAPrivateCrtKey.getPrimeP(), rSAPrivateCrtKey.getPrimeQ(), rSAPrivateCrtKey.getPrimeExponentP(), rSAPrivateCrtKey.getPrimeExponentQ(), rSAPrivateCrtKey.getCrtCoefficient());
            } catch (ProviderException e9) {
                throw new InvalidKeyException("Invalid key", e9);
            }
        }
        if (privateKey instanceof RSAPrivateKey) {
            RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) privateKey;
            try {
                return new RSAPrivateKeyImpl(this.type, RSAUtil.SUPPORT_PSS ? rSAPrivateKey.getParams() : null, rSAPrivateKey.getModulus(), rSAPrivateKey.getPrivateExponent());
            } catch (ProviderException e10) {
                throw new InvalidKeyException("Invalid key", e10);
            }
        }
        byte[] encoded = privateKey.getEncoded();
        try {
            RSAPrivateKey newKey = RSAPrivateCrtKeyImpl.newKey(this.type, privateKey.getFormat(), encoded);
            if (encoded != null) {
                Arrays.fill(encoded, (byte) 0);
            }
            return newKey;
        } finally {
        }
    }

    private PublicKey translatePublicKey(PublicKey publicKey) throws InvalidKeyException {
        if (!(publicKey instanceof RSAPublicKey)) {
            return RSAPublicKeyImpl.newKey(this.type, publicKey.getFormat(), publicKey.getEncoded());
        }
        RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
        try {
            return new RSAPublicKeyImpl(this.type, RSAUtil.SUPPORT_PSS ? rSAPublicKey.getParams() : null, rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent());
        } catch (ProviderException e9) {
            throw new InvalidKeyException("Invalid key", e9);
        }
    }

    @Override // java.security.KeyFactorySpi
    public PrivateKey engineGeneratePrivate(KeySpec keySpec) throws InvalidKeySpecException {
        try {
            return generatePrivate(keySpec);
        } catch (InvalidKeySpecException e9) {
            throw e9;
        } catch (GeneralSecurityException e10) {
            throw new InvalidKeySpecException(e10);
        }
    }

    @Override // java.security.KeyFactorySpi
    public PublicKey engineGeneratePublic(KeySpec keySpec) throws InvalidKeySpecException {
        try {
            return generatePublic(keySpec);
        } catch (InvalidKeySpecException e9) {
            throw e9;
        } catch (GeneralSecurityException e10) {
            throw new InvalidKeySpecException(e10);
        }
    }

    @Override // java.security.KeyFactorySpi
    public <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> cls) throws InvalidKeySpecException {
        RSAPrivateKeySpec rSAPrivateKeySpec;
        AlgorithmParameterSpec params;
        RSAPrivateCrtKeySpec rSAPrivateCrtKeySpec;
        AlgorithmParameterSpec params2;
        RSAPublicKeySpec rSAPublicKeySpec;
        AlgorithmParameterSpec params3;
        try {
            Key engineTranslateKey = engineTranslateKey(key);
            if (engineTranslateKey instanceof RSAPublicKey) {
                RSAPublicKey rSAPublicKey = (RSAPublicKey) engineTranslateKey;
                if (!cls.isAssignableFrom(RSA_PUB_KEYSPEC_CLS)) {
                    if (cls.isAssignableFrom(X509_KEYSPEC_CLS)) {
                        return cls.cast(new X509EncodedKeySpec(engineTranslateKey.getEncoded()));
                    }
                    throw new InvalidKeySpecException("KeySpec must be RSAPublicKeySpec or X509EncodedKeySpec for RSA public keys");
                }
                if (RSAUtil.SUPPORT_PSS) {
                    BigInteger modulus = rSAPublicKey.getModulus();
                    BigInteger publicExponent = rSAPublicKey.getPublicExponent();
                    params3 = rSAPublicKey.getParams();
                    rSAPublicKeySpec = e.a(modulus, publicExponent, params3);
                } else {
                    rSAPublicKeySpec = new RSAPublicKeySpec(rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent());
                }
                return cls.cast(rSAPublicKeySpec);
            }
            if (!(engineTranslateKey instanceof RSAPrivateKey)) {
                throw new InvalidKeySpecException("Neither public nor private key");
            }
            if (cls.isAssignableFrom(PKCS8_KEYSPEC_CLS)) {
                byte[] encoded = engineTranslateKey.getEncoded();
                try {
                    return cls.cast(new PKCS8EncodedKeySpec(encoded));
                } finally {
                    Arrays.fill(encoded, (byte) 0);
                }
            }
            if (!cls.isAssignableFrom(RSA_PRIVCRT_KEYSPEC_CLS)) {
                throw new InvalidKeySpecException("KeySpec must be RSAPrivate(Crt)KeySpec or PKCS8EncodedKeySpec for RSA private keys");
            }
            if (!(engineTranslateKey instanceof RSAPrivateCrtKey)) {
                if (!cls.isAssignableFrom(RSA_PRIV_KEYSPEC_CLS)) {
                    throw new InvalidKeySpecException("RSAPrivateCrtKeySpec can only be used with CRT keys");
                }
                RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) engineTranslateKey;
                if (RSAUtil.SUPPORT_PSS) {
                    BigInteger modulus2 = rSAPrivateKey.getModulus();
                    BigInteger privateExponent = rSAPrivateKey.getPrivateExponent();
                    params = rSAPrivateKey.getParams();
                    rSAPrivateKeySpec = g.a(modulus2, privateExponent, params);
                } else {
                    rSAPrivateKeySpec = new RSAPrivateKeySpec(rSAPrivateKey.getModulus(), rSAPrivateKey.getPrivateExponent());
                }
                return cls.cast(rSAPrivateKeySpec);
            }
            RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) engineTranslateKey;
            if (RSAUtil.SUPPORT_PSS) {
                BigInteger modulus3 = rSAPrivateCrtKey.getModulus();
                BigInteger publicExponent2 = rSAPrivateCrtKey.getPublicExponent();
                BigInteger privateExponent2 = rSAPrivateCrtKey.getPrivateExponent();
                BigInteger primeP = rSAPrivateCrtKey.getPrimeP();
                BigInteger primeQ = rSAPrivateCrtKey.getPrimeQ();
                BigInteger primeExponentP = rSAPrivateCrtKey.getPrimeExponentP();
                BigInteger primeExponentQ = rSAPrivateCrtKey.getPrimeExponentQ();
                BigInteger crtCoefficient = rSAPrivateCrtKey.getCrtCoefficient();
                params2 = rSAPrivateCrtKey.getParams();
                rSAPrivateCrtKeySpec = f.a(modulus3, publicExponent2, privateExponent2, primeP, primeQ, primeExponentP, primeExponentQ, crtCoefficient, params2);
            } else {
                rSAPrivateCrtKeySpec = new RSAPrivateCrtKeySpec(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent(), rSAPrivateCrtKey.getPrivateExponent(), rSAPrivateCrtKey.getPrimeP(), rSAPrivateCrtKey.getPrimeQ(), rSAPrivateCrtKey.getPrimeExponentP(), rSAPrivateCrtKey.getPrimeExponentQ(), rSAPrivateCrtKey.getCrtCoefficient());
            }
            return cls.cast(rSAPrivateCrtKeySpec);
        } catch (InvalidKeyException e9) {
            throw new InvalidKeySpecException(e9);
        }
    }

    @Override // java.security.KeyFactorySpi
    public Key engineTranslateKey(Key key) throws InvalidKeyException {
        if (key == null) {
            throw new InvalidKeyException("Key must not be null");
        }
        checkKeyAlgo(key, this.type.keyAlgo);
        if ((key instanceof RSAPrivateKeyImpl) || (key instanceof RSAPrivateCrtKeyImpl) || (key instanceof RSAPublicKeyImpl)) {
            return key;
        }
        if (key instanceof PublicKey) {
            return translatePublicKey((PublicKey) key);
        }
        if (key instanceof PrivateKey) {
            return translatePrivateKey((PrivateKey) key);
        }
        throw new InvalidKeyException("Neither a public nor a private key");
    }
}
