package com.idemia.mdw.security;

import com.idemia.mdw.exception.GenericServiceException;
import com.idemia.mdw.security.b;
import com.idemia.mdw.security.spec.AccessKeySpec;
import com.idemia.mdw.security.spec.SignatureMethodParameterSpec;
import idemia.bioserver.metadata.android.core.Configuration;
import java.security.AuthProvider;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.SignatureSpi;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import javax.security.auth.login.LoginException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public class SESignature extends SignatureSpi {

    /* renamed from: a, reason: collision with root package name */
    private static final Logger f1126a = LoggerFactory.getLogger((Class<?>) SESignature.class);
    private AuthProvider c;
    private r d;
    private byte[] e;
    private String f;
    private PublicKey g;
    private String h;
    private String i;
    private String j;
    private int b = 0;
    private boolean k = false;

    public SESignature(AuthProvider authProvider, String str) {
        this.c = authProvider;
        this.f = str;
        String[] split = str.split("with|/");
        if (split.length < 2 || !b.EnumC0036b.b(split[0]) || !b.e.b(split[1])) {
            throw new InvalidParameterException("Algorithm not supported: " + str);
        }
        if (split.length == 2) {
            split = new String[]{split[0], split[1], ""};
        } else if (!b.d.b(split[2], false)) {
            throw new InvalidParameterException("Algorithm not supported: " + str);
        }
        this.h = split[1];
        this.i = split[0];
        this.j = split[2];
    }

    @Override // java.security.SignatureSpi
    @Deprecated
    protected Object engineGetParameter(String str) throws InvalidParameterException {
        return null;
    }

    @Override // java.security.SignatureSpi
    protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
        if (privateKey == null) {
            this.b = 0;
            throw new InvalidKeyException("Key value is null");
        }
        if (!(privateKey instanceof r)) {
            this.b = 0;
            throw new InvalidKeyException("Key is not instance of SEPrivateKey");
        }
        this.d = (r) privateKey;
        if (b.e.a(this.h).equals(b.e.ECDSA) && !this.d.getAlgorithm().equals("EC")) {
            throw new InvalidKeyException("Not an EC key: " + this.d.getAlgorithm());
        }
        if (b.e.a(this.h).equals(b.e.RSA) && !this.d.getAlgorithm().equals(Configuration.RSA)) {
            throw new InvalidKeyException("Not an RSA key: " + this.d.getAlgorithm());
        }
        this.e = null;
        this.b = 2;
    }

    @Override // java.security.SignatureSpi
    protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
        if (publicKey == null) {
            this.b = 0;
            throw new InvalidKeyException("Key value is null");
        }
        this.g = publicKey;
        this.e = null;
        this.b = 3;
    }

    @Override // java.security.SignatureSpi
    @Deprecated
    protected void engineSetParameter(String str, Object obj) throws InvalidParameterException {
    }

    @Override // java.security.SignatureSpi
    protected void engineSetParameter(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        if (!(algorithmParameterSpec instanceof SignatureMethodParameterSpec)) {
            throw new InvalidAlgorithmParameterException("Params must be instance of SignatureMethodParameterSpec");
        }
        this.k = ((SignatureMethodParameterSpec) algorithmParameterSpec).doHashOnCard();
    }

    @Override // java.security.SignatureSpi
    protected byte[] engineSign() throws SignatureException {
        if (this.b != 2) {
            throw new SignatureException("Signature not initialized for sign operation");
        }
        com.idemia.mdw.j.e f = this.d.b().f();
        if (f == null) {
            throw new SignatureException("Smartcard not initialized for sign operation");
        }
        try {
            if (f.b()) {
                String f2 = f.f();
                if (this.c.containsKey("Property.lock type") && (this.c.get("Property.lock type") instanceof String)) {
                    f2 = (String) this.c.get("Property.lock type");
                } else {
                    f1126a.warn("Provider property is not set - Property.lock type = " + f2);
                }
                com.idemia.mdw.provider.a aVar = new com.idemia.mdw.provider.a(f, f2);
                this.c.login(null, aVar);
                f.a(new AccessKeySpec(com.idemia.mdw.c.a.d.a(aVar.a().getPassword()), "", f2));
            }
            com.idemia.mdw.provider.b bVar = new com.idemia.mdw.provider.b(this.c, f);
            f1126a.debug("Signing with '" + this.d.b().c() + "' (isNonrepudiation=" + this.d.b().h() + ")");
            if ((this.d.b().h() || !bVar.c(com.idemia.mdw.j.f.SIGN, this.d.a())) && !bVar.a(com.idemia.mdw.j.f.SIGN, this.d.a())) {
                throw new LoginException("Authentication failed");
            }
            return f.a(this.d.b(), this.e, b.e.a(this.h), b.EnumC0036b.a(this.i), this.j.isEmpty() ? b.d.NONE : b.d.a(this.j, false), this.k);
        } catch (GenericServiceException | NoSuchAlgorithmException | LoginException e) {
            throw new SignatureException(e);
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte b) throws SignatureException {
        if (this.b == 0) {
            throw new SignatureException("Signature not initialized");
        }
        engineUpdate(new byte[]{b}, 0, 1);
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte[] bArr, int i, int i2) throws SignatureException {
        if (this.b == 0) {
            throw new SignatureException("Signature not initialized");
        }
        try {
            byte[] bArr2 = this.e;
            if (bArr2 == null) {
                byte[] bArr3 = new byte[i2];
                this.e = bArr3;
                System.arraycopy(bArr, i, bArr3, 0, i2);
            } else {
                byte[] bArr4 = new byte[bArr2.length];
                System.arraycopy(bArr2, 0, bArr4, 0, bArr2.length);
                byte[] bArr5 = new byte[i2];
                System.arraycopy(bArr, i, bArr5, 0, i2);
                this.e = com.idemia.mdw.c.a.d.a(bArr4, bArr5);
            }
        } catch (ArrayStoreException | IndexOutOfBoundsException | NullPointerException e) {
            throw new SignatureException(e);
        }
    }

    @Override // java.security.SignatureSpi
    protected boolean engineVerify(byte[] bArr) throws SignatureException {
        PSSParameterSpec pSSParameterSpec;
        if (this.b != 3) {
            throw new SignatureException("Signature not initialized for verify operation");
        }
        for (Provider provider : Security.getProviders()) {
            if (!this.c.equals(provider)) {
                try {
                    Signature signature = Signature.getInstance(this.f, provider);
                    if (this.f.equals("SHA1withRSA/PSS")) {
                        pSSParameterSpec = new PSSParameterSpec("SHA-1", "MGF1", MGF1ParameterSpec.SHA1, 20, 1);
                    } else if (this.f.equals("SHA224withRSA/PSS")) {
                        pSSParameterSpec = new PSSParameterSpec("SHA-224", "MGF1", new MGF1ParameterSpec("SHA-224"), 28, 1);
                    } else if (this.f.equals("SHA256withRSA/PSS")) {
                        pSSParameterSpec = new PSSParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, 32, 1);
                    } else {
                        if (!this.f.equals("SHA384withRSA/PSS")) {
                            if (this.f.equals("SHA512withRSA/PSS")) {
                                pSSParameterSpec = new PSSParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512, 64, 1);
                            }
                            signature.initVerify(this.g);
                            signature.update(this.e);
                            return signature.verify(bArr);
                        }
                        pSSParameterSpec = new PSSParameterSpec("SHA-384", "MGF1", MGF1ParameterSpec.SHA384, 48, 1);
                    }
                    signature.setParameter(pSSParameterSpec);
                    signature.initVerify(this.g);
                    signature.update(this.e);
                    return signature.verify(bArr);
                } catch (InvalidAlgorithmParameterException e) {
                    e = e;
                    f1126a.warn("An exception occurred with provider " + provider.getName(), e);
                } catch (InvalidKeyException e2) {
                    e = e2;
                    f1126a.warn("An exception occurred with provider " + provider.getName(), e);
                } catch (NoSuchAlgorithmException unused) {
                    continue;
                }
            }
        }
        throw new SignatureException("No provider has been found with the selected algorithm: " + this.f);
    }
}
