package com.google.crypto.tink.subtle;

import _COROUTINE._BOUNDARY;
import androidx.compose.material.ripple.RippleHostMap;
import com.google.crypto.tink.PublicKeyVerify;
import com.google.crypto.tink.internal.Util;
import com.google.crypto.tink.signature.RsaSsaPkcs1Parameters;
import com.google.crypto.tink.signature.RsaSsaPkcs1PublicKey;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import kotlin.ResultKt;
import kotlin.TuplesKt;
import kotlin.UnsignedKt;
import okio.Utf8$$ExternalSyntheticCheckNotZero0;

/* loaded from: classes.dex */
public final class RsaSsaPkcs1VerifyJce implements PublicKeyVerify {
    public static final RippleHostMap HASH_TYPE_CONVERTER;
    public final Enums$HashType hash;
    public final byte[] messageSuffix;
    public final byte[] outputPrefix;
    public final RSAPublicKey publicKey;

    static {
        RippleHostMap builder = RippleHostMap.builder();
        builder.add(Enums$HashType.SHA256, RsaSsaPkcs1Parameters.HashType.SHA256);
        builder.add(Enums$HashType.SHA384, RsaSsaPkcs1Parameters.HashType.SHA384);
        builder.add(Enums$HashType.SHA512, RsaSsaPkcs1Parameters.HashType.SHA512);
        HASH_TYPE_CONVERTER = builder.build();
    }

    public RsaSsaPkcs1VerifyJce(RSAPublicKey rSAPublicKey, Enums$HashType enums$HashType, byte[] bArr, byte[] bArr2) {
        if (!Utf8$$ExternalSyntheticCheckNotZero0._isCompatible$1(2)) {
            throw new GeneralSecurityException("Can not use RSA-PKCS1.5 in FIPS-mode, as BoringCrypto module is not available.");
        }
        Validators.validateSignatureHash(enums$HashType);
        Validators.validateRsaModulusSize(rSAPublicKey.getModulus().bitLength());
        Validators.validateRsaPublicExponent(rSAPublicKey.getPublicExponent());
        this.publicKey = rSAPublicKey;
        this.hash = enums$HashType;
        this.outputPrefix = bArr;
        this.messageSuffix = bArr2;
    }

    public static RsaSsaPkcs1VerifyJce create(RsaSsaPkcs1PublicKey rsaSsaPkcs1PublicKey) {
        KeyFactory keyFactory = (KeyFactory) EngineFactory.KEY_FACTORY.policy.getInstance("RSA");
        BigInteger bigInteger = rsaSsaPkcs1PublicKey.modulus;
        RsaSsaPkcs1Parameters rsaSsaPkcs1Parameters = rsaSsaPkcs1PublicKey.parameters;
        return new RsaSsaPkcs1VerifyJce((RSAPublicKey) keyFactory.generatePublic(new RSAPublicKeySpec(bigInteger, rsaSsaPkcs1Parameters.publicExponent)), (Enums$HashType) HASH_TYPE_CONVERTER.toProtoEnum(rsaSsaPkcs1Parameters.hashType), rsaSsaPkcs1PublicKey.outputPrefix.toByteArray(), rsaSsaPkcs1Parameters.variant.equals(RsaSsaPkcs1Parameters.Variant.LEGACY) ? new byte[]{0} : new byte[0]);
    }

    public final void noPrefixVerify$2(byte[] bArr, byte[] bArr2) {
        String str;
        RSAPublicKey rSAPublicKey = this.publicKey;
        BigInteger publicExponent = rSAPublicKey.getPublicExponent();
        BigInteger modulus = rSAPublicKey.getModulus();
        int bitLength = (modulus.bitLength() + 7) / 8;
        if (bitLength != bArr.length) {
            throw new GeneralSecurityException("invalid signature's length");
        }
        BigInteger fromUnsignedBigEndianBytes = _BOUNDARY.fromUnsignedBigEndianBytes(bArr);
        if (fromUnsignedBigEndianBytes.compareTo(modulus) >= 0) {
            throw new GeneralSecurityException("signature out of range");
        }
        byte[] bigEndianBytesOfFixedLength = _BOUNDARY.toBigEndianBytesOfFixedLength(fromUnsignedBigEndianBytes.modPow(publicExponent, modulus), bitLength);
        Enums$HashType enums$HashType = this.hash;
        Validators.validateSignatureHash(enums$HashType);
        MessageDigest messageDigest = (MessageDigest) EngineFactory.MESSAGE_DIGEST.getInstance(UnsignedKt.toDigestAlgo(enums$HashType));
        messageDigest.update(bArr2);
        byte[] digest = messageDigest.digest();
        int ordinal = enums$HashType.ordinal();
        int i = 2;
        if (ordinal == 2) {
            str = "3031300d060960864801650304020105000420";
        } else if (ordinal == 3) {
            str = "3041300d060960864801650304020205000430";
        } else {
            if (ordinal != 4) {
                throw new GeneralSecurityException("Unsupported hash " + enums$HashType);
            }
            str = "3051300d060960864801650304020305000440";
        }
        byte[] decode = ResultKt.decode(str);
        int length = decode.length + digest.length;
        if (bitLength < length + 11) {
            throw new GeneralSecurityException("intended encoded message length too short");
        }
        byte[] bArr3 = new byte[bitLength];
        bArr3[0] = 0;
        bArr3[1] = 1;
        int i2 = 0;
        while (i2 < (bitLength - length) - 3) {
            bArr3[i] = -1;
            i2++;
            i++;
        }
        int i3 = i + 1;
        bArr3[i] = 0;
        System.arraycopy(decode, 0, bArr3, i3, decode.length);
        System.arraycopy(digest, 0, bArr3, i3 + decode.length, digest.length);
        if (!MessageDigest.isEqual(bigEndianBytesOfFixedLength, bArr3)) {
            throw new GeneralSecurityException("invalid signature");
        }
    }

    public final void verify(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = this.outputPrefix;
        int length = bArr3.length;
        byte[] bArr4 = this.messageSuffix;
        if (length == 0 && bArr4.length == 0) {
            noPrefixVerify$2(bArr, bArr2);
        } else {
            if (!Util.isPrefix(bArr3, bArr)) {
                throw new GeneralSecurityException("Invalid signature (output prefix mismatch)");
            }
            if (bArr4.length != 0) {
                bArr2 = TuplesKt.concat(bArr2, bArr4);
            }
            noPrefixVerify$2(Arrays.copyOfRange(bArr, bArr3.length, bArr.length), bArr2);
        }
    }
}
