package org.conscrypt;

import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.SignatureSpi;

/* loaded from: classes.dex */
public class OpenSSLSignature extends SignatureSpi {
    private OpenSSLDigestContext ctx;
    private final EngineType engineType;
    private final long evpAlgorithm;
    private OpenSSLKey key;
    private boolean signing;
    private final byte[] singleByte;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public enum EngineType {
        RSA,
        DSA,
        EC
    }

    /* loaded from: classes.dex */
    public static final class MD5RSA extends OpenSSLSignature {
        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("RSA-MD5");

        public MD5RSA() {
            super(EVP_MD, EngineType.RSA);
        }
    }

    /* loaded from: classes.dex */
    public static final class SHA1DSA extends OpenSSLSignature {
        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("DSA-SHA1");

        public SHA1DSA() {
            super(EVP_MD, EngineType.DSA);
        }
    }

    /* loaded from: classes.dex */
    public static final class SHA1ECDSA extends OpenSSLSignature {
        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("SHA1");

        public SHA1ECDSA() {
            super(EVP_MD, EngineType.EC);
        }
    }

    /* loaded from: classes.dex */
    public static final class SHA1RSA extends OpenSSLSignature {
        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("RSA-SHA1");

        public SHA1RSA() {
            super(EVP_MD, EngineType.RSA);
        }
    }

    /* loaded from: classes.dex */
    public static final class SHA224ECDSA extends OpenSSLSignature {
        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("SHA224");

        public SHA224ECDSA() {
            super(EVP_MD, EngineType.EC);
        }
    }

    /* loaded from: classes.dex */
    public static final class SHA224RSA extends OpenSSLSignature {
        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("RSA-SHA224");

        public SHA224RSA() {
            super(EVP_MD, EngineType.RSA);
        }
    }

    /* loaded from: classes.dex */
    public static final class SHA256ECDSA extends OpenSSLSignature {
        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("SHA256");

        public SHA256ECDSA() {
            super(EVP_MD, EngineType.EC);
        }
    }

    /* loaded from: classes.dex */
    public static final class SHA256RSA extends OpenSSLSignature {
        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("RSA-SHA256");

        public SHA256RSA() {
            super(EVP_MD, EngineType.RSA);
        }
    }

    /* loaded from: classes.dex */
    public static final class SHA384ECDSA extends OpenSSLSignature {
        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("SHA384");

        public SHA384ECDSA() {
            super(EVP_MD, EngineType.EC);
        }
    }

    /* loaded from: classes.dex */
    public static final class SHA384RSA extends OpenSSLSignature {
        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("RSA-SHA384");

        public SHA384RSA() {
            super(EVP_MD, EngineType.RSA);
        }
    }

    /* loaded from: classes.dex */
    public static final class SHA512ECDSA extends OpenSSLSignature {
        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("SHA512");

        public SHA512ECDSA() {
            super(EVP_MD, EngineType.EC);
        }
    }

    /* loaded from: classes.dex */
    public static final class SHA512RSA extends OpenSSLSignature {
        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("RSA-SHA512");

        public SHA512RSA() {
            super(EVP_MD, EngineType.RSA);
        }
    }

    private OpenSSLSignature(long j, EngineType engineType) {
        this.singleByte = new byte[1];
        this.engineType = engineType;
        this.evpAlgorithm = j;
    }

    private void checkEngineType(OpenSSLKey openSSLKey) {
        int EVP_PKEY_type = NativeCrypto.EVP_PKEY_type(openSSLKey.getPkeyContext());
        switch (this.engineType) {
            case RSA:
                if (EVP_PKEY_type != 6) {
                    throw new InvalidKeyException("Signature initialized as " + this.engineType + " (not RSA)");
                }
                return;
            case DSA:
                if (EVP_PKEY_type != 116) {
                    throw new InvalidKeyException("Signature initialized as " + this.engineType + " (not DSA)");
                }
                return;
            case EC:
                if (EVP_PKEY_type != 408) {
                    throw new InvalidKeyException("Signature initialized as " + this.engineType + " (not EC)");
                }
                return;
            default:
                throw new InvalidKeyException("Key must be of type " + this.engineType);
        }
    }

    private void enableDSASignatureNonceHardeningIfApplicable() {
        OpenSSLKey openSSLKey = this.key;
        switch (this.engineType) {
            case DSA:
                NativeCrypto.set_DSA_flag_nonce_from_hash(openSSLKey.getPkeyContext());
                return;
            case EC:
                NativeCrypto.EC_KEY_set_nonce_from_hash(openSSLKey.getPkeyContext(), true);
                return;
            default:
                return;
        }
    }

    private void initInternal(OpenSSLKey openSSLKey, boolean z) {
        checkEngineType(openSSLKey);
        this.key = openSSLKey;
        this.signing = z;
        resetContext();
    }

    private final void resetContext() {
        OpenSSLDigestContext openSSLDigestContext = new OpenSSLDigestContext(NativeCrypto.EVP_MD_CTX_create());
        NativeCrypto.EVP_MD_CTX_init(openSSLDigestContext);
        if (this.signing) {
            enableDSASignatureNonceHardeningIfApplicable();
            NativeCrypto.EVP_SignInit(openSSLDigestContext, this.evpAlgorithm);
        } else {
            NativeCrypto.EVP_VerifyInit(openSSLDigestContext, this.evpAlgorithm);
        }
        this.ctx = openSSLDigestContext;
    }

    @Override // java.security.SignatureSpi
    protected Object engineGetParameter(String str) {
        return null;
    }

    @Override // java.security.SignatureSpi
    protected void engineInitSign(PrivateKey privateKey) {
        initInternal(OpenSSLKey.fromPrivateKey(privateKey), true);
    }

    @Override // java.security.SignatureSpi
    protected void engineInitVerify(PublicKey publicKey) {
        initInternal(OpenSSLKey.fromPublicKey(publicKey), false);
    }

    @Override // java.security.SignatureSpi
    protected void engineSetParameter(String str, Object obj) {
    }

    @Override // java.security.SignatureSpi
    protected byte[] engineSign() {
        if (this.key == null) {
            throw new SignatureException("Need DSA or RSA or EC private key");
        }
        OpenSSLDigestContext openSSLDigestContext = this.ctx;
        try {
            try {
                byte[] bArr = new byte[NativeCrypto.EVP_PKEY_size(this.key.getPkeyContext())];
                int EVP_SignFinal = NativeCrypto.EVP_SignFinal(openSSLDigestContext, bArr, 0, this.key.getPkeyContext());
                byte[] bArr2 = new byte[EVP_SignFinal];
                System.arraycopy(bArr, 0, bArr2, 0, EVP_SignFinal);
                return bArr2;
            } catch (Exception e) {
                throw new SignatureException(e);
            }
        } finally {
            resetContext();
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte b) {
        this.singleByte[0] = b;
        engineUpdate(this.singleByte, 0, 1);
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte[] bArr, int i, int i2) {
        OpenSSLDigestContext openSSLDigestContext = this.ctx;
        if (this.signing) {
            NativeCrypto.EVP_SignUpdate(openSSLDigestContext, bArr, i, i2);
        } else {
            NativeCrypto.EVP_VerifyUpdate(openSSLDigestContext, bArr, i, i2);
        }
    }

    @Override // java.security.SignatureSpi
    protected boolean engineVerify(byte[] bArr) {
        if (this.key == null) {
            throw new SignatureException("Need DSA or RSA public key");
        }
        try {
            boolean z = NativeCrypto.EVP_VerifyFinal(this.ctx, bArr, 0, bArr.length, this.key.getPkeyContext()) == 1;
            resetContext();
            return z;
        } catch (Exception unused) {
            resetContext();
            return false;
        } catch (Throwable th) {
            resetContext();
            throw th;
        }
    }
}
