package com.kica.android.fido.uaf.auth.crypto.sign;

import java.math.BigInteger;
import java.util.Random;

/* loaded from: classes.dex */
public class RSASSA extends Signature {
    static byte[] SHA1_DIGEST_INFO = {48, 33, 48, 9, 6, 5, 43, 14, 3, 2, 26, 5, 0, 4, 20};
    static byte[] SHA256_DIGEST_INFO = {48, 49, 48, 13, 6, 9, 96, -122, 72, 1, 101, 3, 4, 2, 1, 5, 0, 4, 32};
    boolean isPss;
    protected Digest md;
    protected RSA_PKCS rsa;
    private int digestInfoLen = 0;
    private byte trailer = -68;
    protected boolean isInitSV = false;
    protected Random rand = new Random(System.currentTimeMillis());

    public RSASSA(Digest digest, boolean z) {
        this.md = null;
        this.isPss = false;
        this.md = digest;
        this.rsa = new RSA_PKCS(this.md);
        this.isPss = z;
    }

    private final byte[] publicDecrypt(byte[] bArr) {
        if (bArr.length > this.rsa.nModLength) {
            throw new AlgorithmException("Ciphertext too long");
        }
        return this.rsa.checkPkcs1pad(new BigInteger(1, bArr).modPow(this.rsa.bnPublicExponent, this.rsa.bnModulus).toByteArray(), (byte) 1);
    }

    @Override // com.kica.android.fido.uaf.auth.crypto.sign.Signature
    public final void initSign(byte[] bArr) {
        try {
            this.rsa.setPrivateKey(bArr, 2);
            this.md.init();
            this.isInitSV = true;
        } catch (Exception e) {
            throw new AlgorithmException("Invalid PrivateKey");
        }
    }

    @Override // com.kica.android.fido.uaf.auth.crypto.sign.Signature
    public final void initVerify(byte[] bArr) {
        try {
            this.rsa.setPublicKey(bArr);
            this.md.init();
            this.isInitSV = true;
        } catch (Exception e) {
            throw new AlgorithmException("Invalid PublicKey");
        }
    }

    @Override // com.kica.android.fido.uaf.auth.crypto.sign.Signature
    public byte[] sign() {
        int length = this.md.getLength();
        int length2 = this.md.getLength();
        byte[] bArr = new byte[length2];
        byte[] bArr2 = new byte[this.rsa.nModLength];
        int i = (this.rsa.nModLength * 8) - 1;
        if ((i + 7) / 8 < length + length2 + 2) {
            throw new AlgorithmException("encoding error");
        }
        this.rsa.lHash = this.md.doFinal();
        byte[] bArr3 = new byte[length + 8 + length2];
        if (length2 != 0) {
            this.rand.nextBytes(bArr);
            System.arraycopy(bArr, 0, bArr3, bArr3.length - length2, length2);
        }
        System.arraycopy(this.rsa.lHash, 0, bArr3, (bArr3.length - length) - length2, length);
        this.md.init();
        this.md.update(bArr3);
        byte[] doFinal = this.md.doFinal();
        bArr2[(((r6 - length2) - 1) - length) - 1] = 1;
        System.arraycopy(bArr, 0, bArr2, ((bArr2.length - length2) - length) - 1, length2);
        byte[] maskGeneratorFunction1 = this.rsa.maskGeneratorFunction1(doFinal, 0, doFinal.length, (bArr2.length - length) - 1);
        for (int i2 = 0; i2 != maskGeneratorFunction1.length; i2++) {
            bArr2[i2] = (byte) (bArr2[i2] ^ maskGeneratorFunction1[i2]);
        }
        bArr2[0] = (byte) (bArr2[0] & (255 >> ((bArr2.length * 8) - i)));
        System.arraycopy(doFinal, 0, bArr2, (bArr2.length - length) - 1, length);
        bArr2[bArr2.length - 1] = this.trailer;
        BigInteger bigInteger = new BigInteger(1, bArr2);
        byte[] byteArray = this.rsa.bnExponent1 != null ? this.rsa.modPowCRT(bigInteger).toByteArray() : bigInteger.modPow(this.rsa.bnPrivateExponent, this.rsa.bnModulus).toByteArray();
        byte[] bArr4 = new byte[this.rsa.nModLength];
        if (byteArray.length <= this.rsa.nModLength) {
            System.arraycopy(byteArray, 0, bArr4, bArr4.length - byteArray.length, byteArray.length);
        } else {
            System.arraycopy(byteArray, 1, bArr4, 0, byteArray.length - 1);
        }
        this.isInitSV = false;
        return bArr4;
    }

    @Override // com.kica.android.fido.uaf.auth.crypto.sign.Signature
    public final void update(byte[] bArr) {
        if (!this.isInitSV) {
            throw new AlgorithmException("RSA-Signature is not initialized.");
        }
        this.md.update(bArr);
    }

    @Override // com.kica.android.fido.uaf.auth.crypto.sign.Signature
    public boolean verify(byte[] bArr) {
        boolean z;
        if (this.isPss) {
            int length = this.md.getLength();
            int length2 = this.md.getLength();
            byte[] bArr2 = new byte[this.rsa.nModLength];
            int i = (this.rsa.nModLength * 8) - 1;
            if ((i + 7) / 8 < length + length2 + 2) {
                return false;
            }
            this.rsa.lHash = this.md.doFinal();
            byte[] bArr3 = new byte[length + 8 + length2];
            byte[] byteArray = new BigInteger(1, bArr).modPow(this.rsa.bnPublicExponent, this.rsa.bnModulus).toByteArray();
            int length3 = byteArray.length;
            int i2 = 0;
            while (byteArray[i2] == 0) {
                i2++;
                length3--;
            }
            if (this.rsa.nModLength >= length3) {
                System.arraycopy(byteArray, i2, bArr2, this.rsa.nModLength - length3, length3);
            } else {
                System.arraycopy(byteArray, 0, bArr2, 0, length3);
            }
            if (bArr2[bArr2.length - 1] != this.trailer) {
                return false;
            }
            byte[] maskGeneratorFunction1 = this.rsa.maskGeneratorFunction1(bArr2, (bArr2.length - length) - 1, length, (bArr2.length - length) - 1);
            for (int i3 = 0; i3 != maskGeneratorFunction1.length; i3++) {
                bArr2[i3] = (byte) (bArr2[i3] ^ maskGeneratorFunction1[i3]);
            }
            bArr2[0] = (byte) (bArr2[0] & (255 >> ((bArr2.length * 8) - i)));
            for (int i4 = 0; i4 != ((bArr2.length - length) - length2) - 2; i4++) {
                if (bArr2[i4] != 0) {
                    return false;
                }
            }
            if (bArr2[((bArr2.length - length) - length2) - 2] != 1) {
                return false;
            }
            System.arraycopy(this.rsa.lHash, 0, bArr3, (bArr3.length - length) - length2, this.rsa.lHash.length);
            System.arraycopy(bArr2, ((bArr2.length - length2) - length) - 1, bArr3, bArr3.length - length2, length2);
            this.md.init();
            this.md.update(bArr3);
            byte[] doFinal = this.md.doFinal();
            int length4 = (bArr2.length - length) - 1;
            for (int length5 = doFinal.length - length; length5 != doFinal.length; length5++) {
                if ((bArr2[length4] ^ doFinal[length5]) != 0) {
                    return false;
                }
                length4++;
            }
            z = true;
        } else {
            byte[] publicDecrypt = publicDecrypt(bArr);
            byte[] doFinal2 = this.md.doFinal();
            if (this.md instanceof SHA256) {
                this.digestInfoLen = SHA256_DIGEST_INFO.length;
            }
            if (doFinal2.length == publicDecrypt.length - this.digestInfoLen) {
                int i5 = 0;
                while (true) {
                    if (i5 >= this.md.getLength()) {
                        z = true;
                        break;
                    }
                    if (publicDecrypt[this.digestInfoLen + i5] != doFinal2[i5]) {
                        z = false;
                        break;
                    }
                    i5++;
                }
            } else {
                z = false;
            }
        }
        this.isInitSV = false;
        return z;
    }
}
