package iaik.pkcs.pkcs1;

import iaik.security.random.SecRandom;
import iaik.security.rsa.RSAPrivateKey;
import iaik.security.rsa.RSAPublicKey;
import iaik.utils.CryptoUtils;
import iaik.utils.NumberTheory;
import iaik.utils.Util;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import java.util.Random;
import javax.crypto.BadPaddingException;
import javax.crypto.CipherSpi;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;

/* loaded from: input_file:BKULocal.war:WEB-INF/lib/iaik_jce_full_signed-5.52_MOA.jar:iaik/pkcs/pkcs1/RSACipher.class */
public class RSACipher extends CipherSpi {
    private static boolean b = true;
    private static boolean c = true;
    private int d;
    private String e;
    protected RSAPrivateKey privKey;
    protected RSAPublicKey pubKey;
    private int f;
    private SecureRandom g;
    private ByteArrayOutputStream k;
    static Class a;
    private boolean j = true;
    private Padding h = new PKCS1v15Padding();
    private boolean i = b;

    public static void setValidateAgainstOaepKeyParameters(boolean z) {
        a.a(z);
    }

    public static void setDoVerifyCRTSignature(boolean z) {
        c = z;
    }

    public static boolean isUseBlindingDefault() {
        return b;
    }

    public static boolean setUseBlindingDefault(boolean z) {
        boolean z2 = b;
        b = z;
        return z2;
    }

    public boolean isUseBlinding() {
        return this.i;
    }

    public boolean setUseBlinding(boolean z) {
        boolean z2 = this.i;
        this.i = z;
        return z2;
    }

    public BigInteger rawPrivateRSA(BigInteger bigInteger, java.security.interfaces.RSAPrivateKey rSAPrivateKey, Random random) {
        RSAPrivateCrtKey rSAPrivateCrtKey;
        BigInteger bigInteger2;
        boolean z;
        BigInteger modPow;
        BigInteger bigInteger3 = null;
        if (rSAPrivateKey instanceof RSAPrivateCrtKey) {
            rSAPrivateCrtKey = (RSAPrivateCrtKey) rSAPrivateKey;
            bigInteger2 = rSAPrivateCrtKey.getPublicExponent();
            if (bigInteger2 == null || bigInteger2.bitCount() != 0) {
                z = (!this.i || bigInteger2 == null || bigInteger2.equals(NumberTheory.ZERO)) ? false : true;
            } else {
                bigInteger2 = null;
                z = false;
            }
            if (rSAPrivateCrtKey.getPrimeExponentP().bitCount() == 0) {
                rSAPrivateCrtKey = null;
            }
        } else {
            rSAPrivateCrtKey = null;
            bigInteger2 = null;
            z = false;
        }
        BigInteger modulus = rSAPrivateKey.getModulus();
        if (z) {
            bigInteger3 = new BigInteger(modulus.bitLength() - 1, random != null ? random : SecRandom.getDefault());
            if (bigInteger3.equals(NumberTheory.ZERO) || bigInteger3.equals(NumberTheory.ONE)) {
                throw new ProviderException("Secure random seems to deliver non-random bits. Unable to generate random blinding factor.");
            }
            bigInteger = bigInteger.multiply(bigInteger3.modPow(bigInteger2, modulus)).mod(modulus);
        }
        if (rSAPrivateCrtKey != null) {
            BigInteger primeP = rSAPrivateCrtKey.getPrimeP();
            BigInteger primeQ = rSAPrivateCrtKey.getPrimeQ();
            BigInteger modPow2 = bigInteger.mod(primeP).modPow(rSAPrivateCrtKey.getPrimeExponentP(), primeP);
            BigInteger modPow3 = bigInteger.mod(primeQ).modPow(rSAPrivateCrtKey.getPrimeExponentQ(), primeQ);
            modPow = modPow2.subtract(modPow3).multiply(rSAPrivateCrtKey.getCrtCoefficient()).mod(primeP).multiply(primeQ).add(modPow3);
        } else {
            modPow = bigInteger.modPow(rSAPrivateKey.getPrivateExponent(), modulus);
        }
        if (z) {
            modPow = modPow.multiply(bigInteger3.modInverse(modulus)).mod(modulus);
        }
        if (!this.j || this.d != 1 || bigInteger2 == null || bigInteger.equals(modPow.modPow(bigInteger2, modulus))) {
            return modPow;
        }
        throw new SecurityException("RSA signing error!");
    }

    public BigInteger rawPublicRSA(BigInteger bigInteger, java.security.interfaces.RSAPublicKey rSAPublicKey) {
        return bigInteger.modPow(rSAPublicKey.getPublicExponent(), rSAPublicKey.getModulus());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineInit(int i, Key key, SecureRandom secureRandom) throws InvalidKeyException {
        try {
            engineInit(i, key, (AlgorithmParameterSpec) null, secureRandom);
        } catch (InvalidAlgorithmParameterException e) {
        }
    }

    @Override // javax.crypto.CipherSpi
    protected void engineInit(int i, Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidAlgorithmParameterException, InvalidKeyException {
        SecureRandom secureRandom2;
        if (i == 100) {
            i = 1;
            this.j = false;
        } else {
            this.j = c;
        }
        this.d = a(i);
        this.g = secureRandom;
        this.k = null;
        this.pubKey = null;
        this.privKey = null;
        if (key == null) {
            throw new NullPointerException("Key is null!");
        }
        try {
            this.pubKey = Util.getRSAPublicKey(key);
        } catch (InvalidKeyException e) {
            try {
                this.privKey = Util.getRSAPrivateKey(key);
            } catch (InvalidKeyException e2) {
                throw new InvalidKeyException(new StringBuffer().append("Class does not represent an RSA key: ").append(key.getClass().getName()).toString());
            }
        } catch (Exception e3) {
            throw new InvalidKeyException(new StringBuffer().append("Unable to init RSA key: ").append(e3.toString()).toString());
        }
        this.f = a();
        if (this.h != null) {
            Key key2 = this.pubKey;
            if (key2 == null) {
                key2 = this.privKey;
            }
            if (algorithmParameterSpec != null) {
                if (!this.h.c().toUpperCase().startsWith(Padding.PADDING_OAEP)) {
                    throw new InvalidAlgorithmParameterException("Parameters are only allowed for OAEP padding.");
                }
                if ((algorithmParameterSpec instanceof PKCS1AlgorithmParameterSpec) && (secureRandom2 = ((PKCS1AlgorithmParameterSpec) algorithmParameterSpec).getSecureRandom()) != null) {
                    this.g = secureRandom2;
                }
            }
            this.h.init(this.d, key2, this.f, algorithmParameterSpec, this.g);
        }
    }

    @Override // javax.crypto.CipherSpi
    protected void engineInit(int i, Key key, AlgorithmParameters algorithmParameters, SecureRandom secureRandom) throws InvalidAlgorithmParameterException, InvalidKeyException {
        Class cls;
        AlgorithmParameterSpec algorithmParameterSpec = null;
        if (algorithmParameters != null) {
            if (this.h == null || !this.h.c().toUpperCase().startsWith(Padding.PADDING_OAEP)) {
                throw new InvalidAlgorithmParameterException("Parameters are only allowed for OAEP padding.");
            }
            try {
                if (a == null) {
                    cls = class$("iaik.pkcs.pkcs1.RSAOaepParameterSpec");
                    a = cls;
                } else {
                    cls = a;
                }
                algorithmParameterSpec = algorithmParameters.getParameterSpec(cls);
            } catch (InvalidParameterSpecException e) {
                throw new InvalidAlgorithmParameterException("Only RSAOaepParameters allowed.");
            }
        }
        engineInit(i, key, algorithmParameterSpec, secureRandom);
    }

    @Override // javax.crypto.CipherSpi
    protected AlgorithmParameters engineGetParameters() {
        AlgorithmParameters algorithmParameters = null;
        if (this.h != null) {
            algorithmParameters = this.h.getParameters();
        }
        return algorithmParameters;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineSetPadding(String str) throws NoSuchPaddingException {
        if (str.equalsIgnoreCase(Padding.PADDING_PKCS1) || str.equalsIgnoreCase(Padding.PADDING_PKCS1_SSL2)) {
            this.h = new PKCS1v15Padding(str, this.e);
        } else if (str.toUpperCase().startsWith(Padding.PADDING_OAEP)) {
            this.h = a.a(str);
        } else {
            if (!str.equalsIgnoreCase(Padding.PADDING_NONE)) {
                throw new NoSuchPaddingException(new StringBuffer().append("Unknown padding: ").append(str).toString());
            }
            this.h = null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineSetMode(String str) {
        this.e = str;
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineUpdate(byte[] bArr, int i, int i2) {
        if (this.k == null) {
            if (this.f <= 0) {
                throw new IllegalStateException("Cipher not initialized!");
            }
            this.k = new ByteArrayOutputStream(this.f);
        }
        this.k.write(bArr, i, i2);
        return null;
    }

    @Override // javax.crypto.CipherSpi
    protected int engineUpdate(byte[] bArr, int i, int i2, byte[] bArr2, int i3) {
        if (this.k == null) {
            if (this.f <= 0) {
                throw new IllegalStateException("Cipher not initialized!");
            }
            this.k = new ByteArrayOutputStream(this.f);
        }
        this.k.write(bArr, i, i2);
        return 0;
    }

    private byte[] a(byte[] bArr) throws BadPaddingException {
        byte[] pad = this.h.pad(bArr);
        try {
            byte[] rawCrypt = rawCrypt(pad);
            CryptoUtils.zeroBlock(pad);
            if (rawCrypt.length < this.f) {
                byte[] bArr2 = new byte[this.f];
                System.arraycopy(rawCrypt, 0, bArr2, this.f - rawCrypt.length, rawCrypt.length);
                CryptoUtils.zeroBlock(rawCrypt);
                rawCrypt = bArr2;
            }
            return rawCrypt;
        } catch (SecurityException e) {
            throw new BadPaddingException(e.toString());
        }
    }

    private byte[] b(byte[] bArr) throws BadPaddingException {
        if (bArr.length != a()) {
            throw new BadPaddingException("Invalid PKCS#1 padding: encrypted message and modulus lengths do not match!");
        }
        byte[] rawCrypt = rawCrypt(bArr);
        byte[] unpad = this.h.unpad(rawCrypt);
        CryptoUtils.zeroBlock(rawCrypt);
        return unpad;
    }

    private int a() {
        return ((this.pubKey != null ? this.pubKey.getModulus() : this.privKey.getModulus()).bitLength() + 7) / 8;
    }

    protected byte[] rawCrypt(byte[] bArr) {
        BigInteger bigInteger = new BigInteger(1, bArr);
        byte[] byteArray = this.pubKey != null ? rawPublicRSA(bigInteger, this.pubKey).toByteArray() : rawPrivateRSA(bigInteger, this.privKey, this.g).toByteArray();
        int a2 = a();
        if (byteArray.length > a2) {
            byte[] bArr2 = new byte[a2];
            System.arraycopy(byteArray, byteArray.length - a2, bArr2, 0, a2);
            byteArray = bArr2;
        } else if (byteArray.length < a2) {
            byte[] bArr3 = new byte[a2];
            System.arraycopy(byteArray, 0, bArr3, a2 - byteArray.length, byteArray.length);
            byteArray = bArr3;
        }
        return byteArray;
    }

    @Override // javax.crypto.CipherSpi
    protected int engineGetOutputSize(int i) {
        return 0;
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineGetIV() {
        return null;
    }

    @Override // javax.crypto.CipherSpi
    protected int engineGetBlockSize() {
        return 0;
    }

    @Override // javax.crypto.CipherSpi
    protected int engineDoFinal(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException, BadPaddingException {
        byte[] engineDoFinal = engineDoFinal(bArr, i, i2);
        try {
            System.arraycopy(engineDoFinal, 0, bArr2, i3, engineDoFinal.length);
            CryptoUtils.zeroBlock(engineDoFinal);
            return engineDoFinal.length;
        } catch (Exception e) {
            throw new ShortBufferException("Buffer to short to hold result.");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public byte[] engineDoFinal(byte[] bArr, int i, int i2) throws BadPaddingException {
        byte[] rawCrypt;
        byte[] bArr2 = null;
        if (this.k != null && this.k.size() > 0) {
            if (bArr != null) {
                this.k.write(bArr, i, i2);
            }
            bArr2 = this.k.toByteArray();
        } else if (bArr != null) {
            if (i == 0 && i2 == bArr.length) {
                bArr2 = bArr;
            } else {
                bArr2 = new byte[i2];
                System.arraycopy(bArr, i, bArr2, 0, i2);
            }
        }
        if (bArr2 == null) {
            throw new NullPointerException("Null data to process!");
        }
        if (this.h == null) {
            try {
                rawCrypt = rawCrypt(bArr2);
            } catch (SecurityException e) {
                throw new BadPaddingException(e.getMessage());
            }
        } else {
            rawCrypt = this.d == 1 ? a(bArr2) : b(bArr2);
        }
        if (this.k != null) {
            this.k.reset();
        }
        return rawCrypt;
    }

    @Override // javax.crypto.CipherSpi
    protected int engineGetKeySize(Key key) throws InvalidKeyException {
        try {
            return Util.getRSAPublicKey(key).getModulus().bitLength();
        } catch (InvalidKeyException e) {
            try {
                return Util.getRSAPrivateKey(key).getModulus().bitLength();
            } catch (InvalidKeyException e2) {
                throw new InvalidKeyException("Not an RSA key!");
            }
        }
    }

    private static int a(int i) {
        if (i == 3) {
            return 1;
        }
        if (i == 4) {
            return 2;
        }
        return i;
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineWrap(Key key) throws InvalidKeyException {
        byte[] encoded = key.getEncoded();
        if (encoded == null || encoded.length == 0) {
            throw new InvalidKeyException("Could not encode key for wrapping!");
        }
        try {
            return engineDoFinal(encoded, 0, encoded.length);
        } catch (BadPaddingException e) {
            throw new InvalidKeyException(new StringBuffer().append("Could not wrap key: ").append(e.toString()).toString());
        }
    }

    @Override // javax.crypto.CipherSpi
    protected Key engineUnwrap(byte[] bArr, String str, int i) throws InvalidKeyException, NoSuchAlgorithmException {
        try {
            return Util.decodeKey(i, str, engineDoFinal(bArr, 0, bArr.length));
        } catch (BadPaddingException e) {
            throw new InvalidKeyException(new StringBuffer().append("Could not unwrap key: ").append(e.toString()).toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setSecureRandom(SecureRandom secureRandom) {
        this.g = secureRandom;
        if (this.h != null) {
            this.h.a(secureRandom);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecureRandom getSecureRandom() {
        if (this.g == null) {
            this.g = SecRandom.getDefault();
        }
        return this.g;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Util.toString((byte[]) null, -1, 1);
    }
}
