package gnu.javax.net.ssl.provider;

import gnu.classpath.debug.Component;
import gnu.classpath.debug.SystemLogger;
import gnu.java.security.sig.rsa.RSA;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.SignatureSpi;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;

/* loaded from: input_file:gnu/javax/net/ssl/provider/SSLRSASignatureImpl.class */
public class SSLRSASignatureImpl extends SignatureSpi {
    private static final SystemLogger logger = SystemLogger.SYSTEM;
    private RSAPublicKey pubkey;
    private RSAPrivateKey privkey;
    private boolean initSign = false;
    private boolean initVerify = false;
    private final MessageDigest md5 = MessageDigest.getInstance("MD5");
    private final MessageDigest sha = MessageDigest.getInstance("SHA-1");

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
        try {
            this.pubkey = (RSAPublicKey) publicKey;
            this.initVerify = true;
            this.initSign = false;
            this.privkey = null;
        } catch (ClassCastException e) {
            throw new InvalidKeyException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
        try {
            this.privkey = (RSAPrivateKey) privateKey;
            this.initSign = true;
            this.initVerify = false;
            this.pubkey = null;
        } catch (ClassCastException e) {
            throw new InvalidKeyException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineUpdate(byte b) throws SignatureException {
        if (!this.initSign && !this.initVerify) {
            throw new IllegalStateException("not initialized");
        }
        logger.log(Component.SSL_HANDSHAKE, "SSL/RSA update 0x{0}", Util.formatInt(b & 255, 16, 2));
        this.md5.update(b);
        this.sha.update(b);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineUpdate(byte[] bArr, int i, int i2) throws SignatureException {
        if (!this.initSign && !this.initVerify) {
            throw new IllegalStateException("not initialized");
        }
        logger.log(Component.SSL_HANDSHAKE, "SSL/RSA update\n{0}", Util.hexDump(bArr, i, i2, ">> "));
        this.md5.update(bArr, i, i2);
        this.sha.update(bArr, i, i2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public byte[] engineSign() throws SignatureException {
        if (!this.initSign) {
            throw new SignatureException("not initialized for signing");
        }
        int bitLength = (this.privkey.getModulus().bitLength() + 7) >>> 3;
        byte[] concat = Util.concat(this.md5.digest(), this.sha.digest());
        if (bitLength - 11 < concat.length) {
            throw new SignatureException("message too long");
        }
        byte[] bArr = new byte[bitLength];
        bArr[0] = 0;
        bArr[1] = 1;
        for (int i = 2; i < (bitLength - concat.length) - 1; i++) {
            bArr[i] = -1;
        }
        System.arraycopy(concat, 0, bArr, bitLength - concat.length, concat.length);
        return Util.trim(RSA.sign(this.privkey, new BigInteger(bArr)));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public boolean engineVerify(byte[] bArr) throws SignatureException {
        int i;
        if (!this.initVerify) {
            throw new SignatureException("not initialized for verifying");
        }
        byte[] byteArray = RSA.verify(this.pubkey, new BigInteger(1, bArr)).toByteArray();
        if (byteArray[0] == 0) {
            i = 0;
            while (i < byteArray.length && byteArray[i] == 0) {
                i++;
            }
        } else {
            if (byteArray[0] != 1) {
                throw new SignatureException("decryption failed");
            }
            int i2 = 1;
            while (i2 < byteArray.length && byteArray[i2] != 0) {
                if (byteArray[i2] != -1) {
                    throw new SignatureException("bad padding");
                }
                i2++;
            }
            i = i2 + 1;
        }
        byte[] trim = Util.trim(byteArray, i, byteArray.length - i);
        byte[] concat = Util.concat(this.md5.digest(), this.sha.digest());
        logger.logv(Component.SSL_HANDSHAKE, "SSL/RSA d1:{0} d2:{1}", Util.toHexString(trim, ':'), Util.toHexString(concat, ':'));
        return Arrays.equals(trim, concat);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineSetParameter(String str, Object obj) throws InvalidParameterException {
        throw new InvalidParameterException("parameters not supported");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public Object engineGetParameter(String str) throws InvalidParameterException {
        throw new InvalidParameterException("parameters not supported");
    }
}
