package org.conscrypt;

import defpackage.d0;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.SignatureSpi;
import org.conscrypt.NativeRef;

/* loaded from: classes.dex */
public class OpenSSLSignature extends SignatureSpi {
    private NativeRef.EVP_MD_CTX ctx;
    private final EngineType engineType;
    private final long evpAlgorithm;
    private OpenSSLKey key;
    private boolean signing;
    private final byte[] singleByte;

    /* renamed from: org.conscrypt.OpenSSLSignature$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass1 {
        public static final /* synthetic */ int[] a;

        static {
            int[] iArr = new int[EngineType.values().length];
            a = iArr;
            try {
                iArr[0] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                a[1] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* loaded from: classes.dex */
    public enum EngineType {
        RSA,
        EC
    }

    /* loaded from: classes.dex */
    public static final class MD5RSA extends OpenSSLSignature {
        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("MD5");

        public MD5RSA() {
            super(EVP_MD, EngineType.RSA, null);
        }
    }

    /* loaded from: classes.dex */
    public static final class SHA1ECDSA extends OpenSSLSignature {
        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("SHA1");

        public SHA1ECDSA() {
            super(EVP_MD, EngineType.EC, null);
        }
    }

    /* loaded from: classes.dex */
    public static final class SHA1RSA extends OpenSSLSignature {
        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("SHA1");

        public SHA1RSA() {
            super(EVP_MD, EngineType.RSA, null);
        }
    }

    /* loaded from: classes.dex */
    public static final class SHA224ECDSA extends OpenSSLSignature {
        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("SHA224");

        public SHA224ECDSA() {
            super(EVP_MD, EngineType.EC, null);
        }
    }

    /* loaded from: classes.dex */
    public static final class SHA224RSA extends OpenSSLSignature {
        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("SHA224");

        public SHA224RSA() {
            super(EVP_MD, EngineType.RSA, null);
        }
    }

    /* loaded from: classes.dex */
    public static final class SHA256ECDSA extends OpenSSLSignature {
        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("SHA256");

        public SHA256ECDSA() {
            super(EVP_MD, EngineType.EC, null);
        }
    }

    /* loaded from: classes.dex */
    public static final class SHA256RSA extends OpenSSLSignature {
        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("SHA256");

        public SHA256RSA() {
            super(EVP_MD, EngineType.RSA, null);
        }
    }

    /* loaded from: classes.dex */
    public static final class SHA384ECDSA extends OpenSSLSignature {
        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("SHA384");

        public SHA384ECDSA() {
            super(EVP_MD, EngineType.EC, null);
        }
    }

    /* loaded from: classes.dex */
    public static final class SHA384RSA extends OpenSSLSignature {
        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("SHA384");

        public SHA384RSA() {
            super(EVP_MD, EngineType.RSA, null);
        }
    }

    /* loaded from: classes.dex */
    public static final class SHA512ECDSA extends OpenSSLSignature {
        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("SHA512");

        public SHA512ECDSA() {
            super(EVP_MD, EngineType.EC, null);
        }
    }

    /* loaded from: classes.dex */
    public static final class SHA512RSA extends OpenSSLSignature {
        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("SHA512");

        public SHA512RSA() {
            super(EVP_MD, EngineType.RSA, null);
        }
    }

    private OpenSSLSignature(long j, EngineType engineType) {
        this.singleByte = new byte[1];
        this.engineType = engineType;
        this.evpAlgorithm = j;
    }

    public /* synthetic */ OpenSSLSignature(long j, EngineType engineType, AnonymousClass1 anonymousClass1) {
        this(j, engineType);
    }

    private void checkEngineType(OpenSSLKey openSSLKey) {
        int EVP_PKEY_type = NativeCrypto.EVP_PKEY_type(openSSLKey.getNativeRef());
        int ordinal = this.engineType.ordinal();
        if (ordinal == 0) {
            if (EVP_PKEY_type == 6) {
                return;
            }
            StringBuilder i = d0.i("Signature initialized as ");
            i.append(this.engineType);
            i.append(" (not RSA)");
            throw new InvalidKeyException(i.toString());
        }
        if (ordinal != 1) {
            StringBuilder i2 = d0.i("Key must be of type ");
            i2.append(this.engineType);
            throw new InvalidKeyException(i2.toString());
        }
        if (EVP_PKEY_type == 408) {
            return;
        }
        StringBuilder i3 = d0.i("Signature initialized as ");
        i3.append(this.engineType);
        i3.append(" (not EC)");
        throw new InvalidKeyException(i3.toString());
    }

    private void enableDSASignatureNonceHardeningIfApplicable() {
        OpenSSLKey openSSLKey = this.key;
        if (this.engineType.ordinal() != 1) {
            return;
        }
        NativeCrypto.EC_KEY_set_nonce_from_hash(openSSLKey.getNativeRef(), true);
    }

    private void initInternal(OpenSSLKey openSSLKey, boolean z) {
        checkEngineType(openSSLKey);
        this.key = openSSLKey;
        this.signing = z;
        resetContext();
    }

    private final void resetContext() {
        NativeRef.EVP_MD_CTX evp_md_ctx = new NativeRef.EVP_MD_CTX(NativeCrypto.EVP_MD_CTX_create());
        NativeCrypto.EVP_MD_CTX_init(evp_md_ctx);
        if (this.signing) {
            enableDSASignatureNonceHardeningIfApplicable();
            NativeCrypto.EVP_SignInit(evp_md_ctx, this.evpAlgorithm);
        } else {
            NativeCrypto.EVP_VerifyInit(evp_md_ctx, this.evpAlgorithm);
        }
        this.ctx = evp_md_ctx;
    }

    @Override // java.security.SignatureSpi
    public Object engineGetParameter(String str) {
        return null;
    }

    @Override // java.security.SignatureSpi
    public void engineInitSign(PrivateKey privateKey) {
        initInternal(OpenSSLKey.fromPrivateKey(privateKey), true);
    }

    @Override // java.security.SignatureSpi
    public void engineInitVerify(PublicKey publicKey) {
        initInternal(OpenSSLKey.fromPublicKey(publicKey), false);
    }

    @Override // java.security.SignatureSpi
    public void engineSetParameter(String str, Object obj) {
    }

    @Override // java.security.SignatureSpi
    public byte[] engineSign() {
        OpenSSLKey openSSLKey = this.key;
        if (openSSLKey == null) {
            throw new SignatureException("Need RSA or EC private key");
        }
        NativeRef.EVP_MD_CTX evp_md_ctx = this.ctx;
        try {
            try {
                byte[] bArr = new byte[NativeCrypto.EVP_PKEY_size(openSSLKey.getNativeRef())];
                int EVP_SignFinal = NativeCrypto.EVP_SignFinal(evp_md_ctx, bArr, 0, this.key.getNativeRef());
                byte[] bArr2 = new byte[EVP_SignFinal];
                System.arraycopy(bArr, 0, bArr2, 0, EVP_SignFinal);
                return bArr2;
            } catch (Exception e) {
                throw new SignatureException(e);
            }
        } finally {
            resetContext();
        }
    }

    @Override // java.security.SignatureSpi
    public void engineUpdate(byte b) {
        byte[] bArr = this.singleByte;
        bArr[0] = b;
        engineUpdate(bArr, 0, 1);
    }

    @Override // java.security.SignatureSpi
    public void engineUpdate(byte[] bArr, int i, int i2) {
        NativeRef.EVP_MD_CTX evp_md_ctx = this.ctx;
        if (this.signing) {
            NativeCrypto.EVP_SignUpdate(evp_md_ctx, bArr, i, i2);
        } else {
            NativeCrypto.EVP_VerifyUpdate(evp_md_ctx, bArr, i, i2);
        }
    }

    @Override // java.security.SignatureSpi
    public boolean engineVerify(byte[] bArr) {
        OpenSSLKey openSSLKey = this.key;
        if (openSSLKey == null) {
            throw new SignatureException("Need RSA or EC public key");
        }
        try {
            try {
                return NativeCrypto.EVP_VerifyFinal(this.ctx, bArr, 0, bArr.length, openSSLKey.getNativeRef()) == 1;
            } catch (Exception e) {
                throw new SignatureException(e);
            }
        } finally {
            resetContext();
        }
    }
}
