package com.google.crypto.tink.subtle;

import com.google.crypto.tink.AccessesPartialKey;
import com.google.crypto.tink.PublicKeySign;
import com.google.crypto.tink.SecretKeyAccess;
import com.google.crypto.tink.config.internal.TinkFipsUtil;
import com.google.crypto.tink.internal.EnumTypeProtoConverter;
import com.google.crypto.tink.signature.RsaSsaPkcs1Parameters;
import com.google.crypto.tink.signature.RsaSsaPkcs1PrivateKey;
import com.google.crypto.tink.signature.RsaSsaPkcs1PublicKey;
import com.google.crypto.tink.subtle.EngineFactory;
import com.google.crypto.tink.subtle.EngineWrapper;
import com.google.crypto.tink.subtle.Enums;
import com.google.errorprone.annotations.Immutable;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.Signature;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPublicKeySpec;

@Immutable
/* loaded from: classes4.dex */
public final class RsaSsaPkcs1SignJce implements PublicKeySign {
    public static final TinkFipsUtil.AlgorithmFipsCompatibility f = TinkFipsUtil.AlgorithmFipsCompatibility.ALGORITHM_REQUIRES_BORINGCRYPTO;

    /* renamed from: a, reason: collision with root package name */
    public final RSAPrivateCrtKey f13959a;
    public final RSAPublicKey b;
    public final String c;

    /* renamed from: d, reason: collision with root package name */
    public final byte[] f13960d;

    /* renamed from: e, reason: collision with root package name */
    public final byte[] f13961e;

    public RsaSsaPkcs1SignJce(RSAPrivateCrtKey rSAPrivateCrtKey, Enums.HashType hashType, byte[] bArr, byte[] bArr2) {
        if (!f.isCompatible()) {
            throw new GeneralSecurityException("Can not use RSA PKCS1.5 in FIPS-mode, as BoringCrypto module is not available.");
        }
        Validators.e(hashType);
        Validators.c(rSAPrivateCrtKey.getModulus().bitLength());
        Validators.d(rSAPrivateCrtKey.getPublicExponent());
        this.f13959a = rSAPrivateCrtKey;
        Validators.e(hashType);
        this.c = hashType + "withRSA";
        this.b = (RSAPublicKey) EngineFactory.f13942g.f13943a.b("RSA").generatePublic(new RSAPublicKeySpec(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent()));
        this.f13960d = bArr;
        this.f13961e = bArr2;
    }

    @AccessesPartialKey
    public static RsaSsaPkcs1SignJce a(RsaSsaPkcs1PrivateKey rsaSsaPkcs1PrivateKey) {
        KeyFactory b = EngineFactory.f13942g.f13943a.b("RSA");
        RsaSsaPkcs1PublicKey rsaSsaPkcs1PublicKey = rsaSsaPkcs1PrivateKey.f13779a;
        BigInteger bigInteger = rsaSsaPkcs1PublicKey.b;
        BigInteger bigInteger2 = rsaSsaPkcs1PublicKey.f13787a.b;
        SecretKeyAccess secretKeyAccess = SecretKeyAccess.f13039a;
        RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) b.generatePrivate(new RSAPrivateCrtKeySpec(bigInteger, bigInteger2, rsaSsaPkcs1PrivateKey.b.b(secretKeyAccess), rsaSsaPkcs1PrivateKey.c.b(secretKeyAccess), rsaSsaPkcs1PrivateKey.f13780d.b(secretKeyAccess), rsaSsaPkcs1PrivateKey.f13781e.b(secretKeyAccess), rsaSsaPkcs1PrivateKey.f.b(secretKeyAccess), rsaSsaPkcs1PrivateKey.f13782g.b(secretKeyAccess)));
        EnumTypeProtoConverter<Enums.HashType, RsaSsaPkcs1Parameters.HashType> enumTypeProtoConverter = RsaSsaPkcs1VerifyJce.f;
        RsaSsaPkcs1PublicKey rsaSsaPkcs1PublicKey2 = rsaSsaPkcs1PrivateKey.f13779a;
        RsaSsaPkcs1SignJce rsaSsaPkcs1SignJce = new RsaSsaPkcs1SignJce(rSAPrivateCrtKey, enumTypeProtoConverter.b(rsaSsaPkcs1PublicKey2.f13787a.f13770d), rsaSsaPkcs1PrivateKey.b().b().b(), rsaSsaPkcs1PublicKey2.f13787a.c.equals(RsaSsaPkcs1Parameters.Variant.f13776d) ? new byte[]{0} : new byte[0]);
        try {
            RsaSsaPkcs1VerifyJce.a(rsaSsaPkcs1PublicKey2).c(rsaSsaPkcs1SignJce.c(new byte[]{1, 2, 3}), new byte[]{1, 2, 3});
            return rsaSsaPkcs1SignJce;
        } catch (GeneralSecurityException e2) {
            throw new GeneralSecurityException("RsaSsaPkcs1 signing with private key followed by verifying with public key failed. The key may be corrupted.", e2);
        }
    }

    public final byte[] b(byte[] bArr) {
        EngineFactory<EngineWrapper.TSignature, Signature> engineFactory = EngineFactory.f13940d;
        EngineFactory.Policy<Signature> policy = engineFactory.f13943a;
        String str = this.c;
        Signature b = policy.b(str);
        b.initSign(this.f13959a);
        b.update(bArr);
        byte[] sign = b.sign();
        Signature b2 = engineFactory.f13943a.b(str);
        b2.initVerify(this.b);
        b2.update(bArr);
        if (b2.verify(sign)) {
            return sign;
        }
        throw new RuntimeException("Security bug: RSA signature computation error");
    }

    public final byte[] c(byte[] bArr) {
        byte[] bArr2 = this.f13961e;
        byte[] b = bArr2.length == 0 ? b(bArr) : b(Bytes.a(bArr, bArr2));
        byte[] bArr3 = this.f13960d;
        return bArr3.length == 0 ? b : Bytes.a(bArr3, b);
    }
}
