package net.openvpn.openvpn.crypto;

import android.util.Base64;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.util.Locale;
import javax.crypto.Cipher;
import net.openvpn.openvpn.ClientAPI_ExternalPKISignRequest;

/* loaded from: classes.dex */
public class Signing {
    static final String SALT_DIGEST = "digest";

    /* loaded from: classes.dex */
    private static final class Algorithms {
        public static final String ECDSA = "ECDSA";
        public static final String RSA_NO_PADDING = "RSA_NO_PADDING";
        public static final String RSA_PKCS1_PADDING = "RSA_PKCS1_PADDING";
        public static final String RSA_PKCS1_PSS_PADDING = "RSA_PKCS1_PSS_PADDING";

        private Algorithms() {
        }
    }

    /* loaded from: classes.dex */
    public static class UnsupportedSignRequestAlgorithm extends Exception {
        /* JADX WARN: Illegal instructions before constructor call */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public UnsupportedSignRequestAlgorithm(java.lang.String r3, java.lang.String r4, java.lang.String r5, java.lang.String r6) {
            /*
                r2 = this;
                r0 = 4
                java.lang.Object[] r0 = new java.lang.Object[r0]
                r1 = 0
                r0[r1] = r3
                r3 = 1
                r0[r3] = r4
                r3 = 2
                r0[r3] = r5
                boolean r3 = r6.isEmpty()
                if (r3 == 0) goto L14
                java.lang.String r6 = "empty"
            L14:
                r3 = 3
                r0[r3] = r6
                java.lang.String r3 = "%s (%s %s saltlen=%S)"
                java.lang.String r3 = java.lang.String.format(r3, r0)
                r2.<init>(r3)
                return
            */
            throw new UnsupportedOperationException("Method not decompiled: net.openvpn.openvpn.crypto.Signing.UnsupportedSignRequestAlgorithm.<init>(java.lang.String, java.lang.String, java.lang.String, java.lang.String):void");
        }
    }

    private static byte[] encrypt(byte[] bArr, String str, PrivateKey privateKey) {
        String str2;
        if (str.equals(Algorithms.RSA_NO_PADDING)) {
            str2 = "RSA/ECB/NoPadding";
        } else {
            if (!str.equals(Algorithms.RSA_PKCS1_PADDING)) {
                throw new UnsupportedSignRequestAlgorithm("Algorithm not supported for signing without digest", str, "", "");
            }
            str2 = "RSA/ECB/PKCS1PADDING";
        }
        Cipher cipher = Cipher.getInstance(str2);
        cipher.init(1, privateKey);
        return cipher.doFinal(bArr);
    }

    public static String processSignRequestWithKey(ClientAPI_ExternalPKISignRequest clientAPI_ExternalPKISignRequest, PrivateKey privateKey) {
        byte[] decode = Base64.decode(clientAPI_ExternalPKISignRequest.getData(), 0);
        String algorithm = clientAPI_ExternalPKISignRequest.getAlgorithm();
        String hashalg = clientAPI_ExternalPKISignRequest.getHashalg();
        String saltlen = clientAPI_ExternalPKISignRequest.getSaltlen();
        String algorithm2 = privateKey.getAlgorithm();
        if (!saltlen.isEmpty() && !algorithm.equals(Algorithms.RSA_PKCS1_PSS_PADDING)) {
            throw new UnsupportedSignRequestAlgorithm("Salt length is only supported for PSS padding", algorithm, hashalg, saltlen);
        }
        byte[] sign = (!hashalg.isEmpty() || algorithm2.equals("EC")) ? sign(decode, algorithm, hashalg, saltlen, privateKey) : encrypt(decode, algorithm, privateKey);
        if (sign != null) {
            return Base64.encodeToString(sign, 2);
        }
        throw new SignatureException("Signing failed for unknown reason (empty result).");
    }

    private static byte[] sign(byte[] bArr, String str, String str2, String str3, PrivateKey privateKey) {
        PSSParameterSpec pSSParameterSpec;
        PrivateKey privateKey2;
        Signature signature;
        StringBuilder sb;
        String str4;
        String upperCase = str2.isEmpty() ? "NONE" : str2.toUpperCase(Locale.ROOT);
        if (str.equals(Algorithms.ECDSA)) {
            sb = new StringBuilder();
            sb.append(upperCase);
            str4 = "withECDSA";
        } else {
            if (!str.equals(Algorithms.RSA_PKCS1_PADDING)) {
                if (!str.equals(Algorithms.RSA_PKCS1_PSS_PADDING)) {
                    throw new UnsupportedSignRequestAlgorithm("Algorithm not supported for signing with digest", str, str2, str3);
                }
                if (str3.isEmpty()) {
                    throw new UnsupportedSignRequestAlgorithm("Salt length is required for PSS padding", str, str2, str3);
                }
                if (!str3.equals(SALT_DIGEST)) {
                    throw new UnsupportedSignRequestAlgorithm("Unsupported PSS salt length (only 'digest' is allowed)", str, str2, str3);
                }
                Signature signature2 = Signature.getInstance(upperCase + "withRSA/PSS");
                char c = 65535;
                switch (str2.hashCode()) {
                    case -1850268184:
                        if (str2.equals("SHA224")) {
                            c = 0;
                            break;
                        }
                        break;
                    case -1850268089:
                        if (str2.equals("SHA256")) {
                            c = 1;
                            break;
                        }
                        break;
                    case -1850267037:
                        if (str2.equals("SHA384")) {
                            c = 2;
                            break;
                        }
                        break;
                    case -1850265334:
                        if (str2.equals("SHA512")) {
                            c = 3;
                            break;
                        }
                        break;
                    case 2543909:
                        if (str2.equals("SHA1")) {
                            c = 4;
                            break;
                        }
                        break;
                }
                switch (c) {
                    case 0:
                        pSSParameterSpec = new PSSParameterSpec("SHA-224", "MGF1", MGF1ParameterSpec.SHA224, 28, 1);
                        break;
                    case 1:
                        pSSParameterSpec = new PSSParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, 32, 1);
                        break;
                    case 2:
                        pSSParameterSpec = new PSSParameterSpec("SHA-384", "MGF1", MGF1ParameterSpec.SHA384, 48, 1);
                        break;
                    case 3:
                        pSSParameterSpec = new PSSParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512, 64, 1);
                        break;
                    case 4:
                        pSSParameterSpec = new PSSParameterSpec("SHA-1", "MGF1", MGF1ParameterSpec.SHA1, 20, 1);
                        break;
                    default:
                        throw new UnsupportedSignRequestAlgorithm("Not supported hash algorithm for PSS padding", str, str2, str3);
                }
                signature2.setParameter(pSSParameterSpec);
                privateKey2 = privateKey;
                signature = signature2;
                signature.initSign(privateKey2);
                signature.update(bArr);
                return signature.sign();
            }
            sb = new StringBuilder();
            sb.append(upperCase);
            str4 = "withRSA";
        }
        sb.append(str4);
        signature = Signature.getInstance(sb.toString());
        privateKey2 = privateKey;
        signature.initSign(privateKey2);
        signature.update(bArr);
        return signature.sign();
    }
}
