package sun.security.util;

import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.interfaces.EdECKey;
import java.security.interfaces.EdECPrivateKey;
import java.security.interfaces.RSAKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.util.Locale;
import jdk.internal.access.SharedSecrets;
import org.testcontainers.shaded.org.bouncycastle.jcajce.spec.EdDSAParameterSpec;
import sun.security.rsa.RSAUtil;
import sun.security.x509.AlgorithmId;

/* JADX WARN: Classes with same name are omitted:
  input_file:META-INF/modules/java.base/classes/sun/security/util/SignatureUtil.class
 */
/* loaded from: input_file:WEB-INF/lib/java.base-2023-03-28.jar:META-INF/modules/java.base/classes/sun/security/util/SignatureUtil.class */
public class SignatureUtil {

    /* JADX WARN: Classes with same name are omitted:
      input_file:META-INF/modules/java.base/classes/sun/security/util/SignatureUtil$EdDSADigestAlgHolder.class
     */
    /* loaded from: input_file:WEB-INF/lib/java.base-2023-03-28.jar:META-INF/modules/java.base/classes/sun/security/util/SignatureUtil$EdDSADigestAlgHolder.class */
    public static class EdDSADigestAlgHolder {
        public static final AlgorithmId sha512;
        public static final AlgorithmId shake256;
        public static final AlgorithmId shake256$512;

        static {
            try {
                sha512 = new AlgorithmId(ObjectIdentifier.of(KnownOIDs.SHA_512));
                shake256 = new AlgorithmId(ObjectIdentifier.of(KnownOIDs.SHAKE256));
                shake256$512 = new AlgorithmId(ObjectIdentifier.of(KnownOIDs.SHAKE256_LEN), new DerValue((byte) 2, new byte[]{2, 0}));
            } catch (IOException e) {
                throw new AssertionError("Should not happen", e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:META-INF/modules/java.base/classes/sun/security/util/SignatureUtil$PSSParamsHolder.class
     */
    /* loaded from: input_file:WEB-INF/lib/java.base-2023-03-28.jar:META-INF/modules/java.base/classes/sun/security/util/SignatureUtil$PSSParamsHolder.class */
    public static class PSSParamsHolder {
        static final PSSParameterSpec PSS_256_SPEC = new PSSParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, 32, 1);
        static final PSSParameterSpec PSS_384_SPEC = new PSSParameterSpec("SHA-384", "MGF1", MGF1ParameterSpec.SHA384, 48, 1);
        static final PSSParameterSpec PSS_512_SPEC = new PSSParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512, 64, 1);

        private PSSParamsHolder() {
        }
    }

    private static String checkName(String str) {
        String upperCase = str.toUpperCase(Locale.ENGLISH);
        if (upperCase.contains(".")) {
            if (upperCase.startsWith("OID.")) {
                upperCase = upperCase.substring(4);
            }
            KnownOIDs findMatch = KnownOIDs.findMatch(upperCase);
            if (findMatch != null) {
                return findMatch.stdName().toUpperCase(Locale.ENGLISH);
            }
        }
        return upperCase;
    }

    private static AlgorithmParameters createAlgorithmParameters(String str, byte[] bArr) throws ProviderException {
        try {
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(str);
            algorithmParameters.init(bArr);
            return algorithmParameters;
        } catch (IOException | NoSuchAlgorithmException e) {
            throw new ProviderException(e);
        }
    }

    public static AlgorithmParameterSpec getParamSpec(String str, AlgorithmParameters algorithmParameters) throws ProviderException {
        AlgorithmParameterSpec algorithmParameterSpec = null;
        if (algorithmParameters != null) {
            String checkName = checkName(str);
            if (algorithmParameters.getAlgorithm().contains(".")) {
                try {
                    algorithmParameters = createAlgorithmParameters(checkName, algorithmParameters.getEncoded());
                } catch (IOException e) {
                    throw new ProviderException(e);
                }
            }
            if (checkName.contains("RSA")) {
                algorithmParameterSpec = RSAUtil.getParamSpec(algorithmParameters);
            } else {
                if (!checkName.contains("ECDSA")) {
                    throw new ProviderException("Unrecognized algorithm for signature parameters " + checkName);
                }
                try {
                    algorithmParameterSpec = algorithmParameters.getParameterSpec(ECParameterSpec.class);
                } catch (Exception e2) {
                    throw new ProviderException("Error handling EC parameters", e2);
                }
            }
        }
        return algorithmParameterSpec;
    }

    public static AlgorithmParameterSpec getParamSpec(String str, byte[] bArr) throws ProviderException {
        AlgorithmParameterSpec algorithmParameterSpec = null;
        if (bArr != null) {
            String checkName = checkName(str);
            if (!checkName.contains("RSA")) {
                if (checkName.contains("ECDSA")) {
                    return null;
                }
                throw new ProviderException("Unrecognized algorithm for signature parameters " + checkName);
            }
            algorithmParameterSpec = RSAUtil.getParamSpec(createAlgorithmParameters(checkName, bArr));
        }
        return algorithmParameterSpec;
    }

    public static void initVerifyWithParam(Signature signature, PublicKey publicKey, AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException, InvalidKeyException {
        SharedSecrets.getJavaSecuritySignatureAccess().initVerify(signature, publicKey, algorithmParameterSpec);
    }

    public static void initVerifyWithParam(Signature signature, Certificate certificate, AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException, InvalidKeyException {
        SharedSecrets.getJavaSecuritySignatureAccess().initVerify(signature, certificate, algorithmParameterSpec);
    }

    public static void initSignWithParam(Signature signature, PrivateKey privateKey, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidAlgorithmParameterException, InvalidKeyException {
        SharedSecrets.getJavaSecuritySignatureAccess().initSign(signature, privateKey, algorithmParameterSpec, secureRandom);
    }

    public static AlgorithmId getDigestAlgInPkcs7SignerInfo(Signature signature, String str, PrivateKey privateKey, boolean z) throws NoSuchAlgorithmException {
        AlgorithmId algorithmId;
        String algorithm = privateKey.getAlgorithm();
        if ((privateKey instanceof EdECPrivateKey) || algorithm.equalsIgnoreCase(EdDSAParameterSpec.Ed25519) || algorithm.equalsIgnoreCase(EdDSAParameterSpec.Ed448)) {
            if (privateKey instanceof EdECPrivateKey) {
                algorithm = ((EdECPrivateKey) privateKey).getParams().getName();
            }
            String upperCase = algorithm.toUpperCase(Locale.ENGLISH);
            boolean z2 = -1;
            switch (upperCase.hashCode()) {
                case -1192165701:
                    if (upperCase.equals("ED25519")) {
                        z2 = false;
                        break;
                    }
                    break;
                case 65800377:
                    if (upperCase.equals("ED448")) {
                        z2 = true;
                        break;
                    }
                    break;
            }
            switch (z2) {
                case false:
                    algorithmId = EdDSADigestAlgHolder.sha512;
                    break;
                case true:
                    if (!z) {
                        algorithmId = EdDSADigestAlgHolder.shake256$512;
                        break;
                    } else {
                        algorithmId = EdDSADigestAlgHolder.shake256;
                        break;
                    }
                default:
                    throw new AssertionError((Object) ("Unknown curve name: " + algorithm));
            }
        } else if (str.equalsIgnoreCase("RSASSA-PSS")) {
            try {
                algorithmId = AlgorithmId.get(((PSSParameterSpec) signature.getParameters().getParameterSpec(PSSParameterSpec.class)).getDigestAlgorithm());
            } catch (InvalidParameterSpecException e) {
                throw new AssertionError("Should not happen", e);
            }
        } else {
            algorithmId = AlgorithmId.get(extractDigestAlgFromDwithE(str));
        }
        return algorithmId;
    }

    public static String extractDigestAlgFromDwithE(String str) {
        String upperCase = str.toUpperCase(Locale.ENGLISH);
        int indexOf = upperCase.indexOf("WITH");
        if (indexOf > 0) {
            return upperCase.substring(0, indexOf);
        }
        throw new IllegalArgumentException("Unknown algorithm: " + upperCase);
    }

    public static String extractKeyAlgFromDwithE(String str) {
        String upperCase = str.toUpperCase(Locale.ENGLISH);
        int indexOf = upperCase.indexOf("WITH");
        String str2 = null;
        if (indexOf > 0) {
            int indexOf2 = upperCase.indexOf("AND", indexOf + 4);
            str2 = indexOf2 > 0 ? upperCase.substring(indexOf + 4, indexOf2) : upperCase.substring(indexOf + 4);
            if (str2.equalsIgnoreCase("ECDSA")) {
                str2 = "EC";
            }
        }
        return str2;
    }

    public static AlgorithmParameterSpec getDefaultParamSpec(String str, Key key) {
        if (!checkName(str).equals("RSASSA-PSS")) {
            return null;
        }
        if (key instanceof RSAKey) {
            AlgorithmParameterSpec params = ((RSAKey) key).getParams();
            if (params instanceof PSSParameterSpec) {
                return params;
            }
        }
        String ifcFfcStrength = ifcFfcStrength(KeyUtil.getKeySize(key));
        boolean z = -1;
        switch (ifcFfcStrength.hashCode()) {
            case -1850268089:
                if (ifcFfcStrength.equals("SHA256")) {
                    z = false;
                    break;
                }
                break;
            case -1850267037:
                if (ifcFfcStrength.equals("SHA384")) {
                    z = true;
                    break;
                }
                break;
            case -1850265334:
                if (ifcFfcStrength.equals("SHA512")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return PSSParamsHolder.PSS_256_SPEC;
            case true:
                return PSSParamsHolder.PSS_384_SPEC;
            case true:
                return PSSParamsHolder.PSS_512_SPEC;
            default:
                throw new AssertionError((Object) "Should not happen");
        }
    }

    public static Signature fromKey(String str, PrivateKey privateKey, String str2) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException {
        return autoInitInternal(str, privateKey, (str2 == null || str2.isEmpty()) ? Signature.getInstance(str) : Signature.getInstance(str, str2));
    }

    public static Signature fromKey(String str, PrivateKey privateKey, Provider provider) throws NoSuchAlgorithmException, InvalidKeyException {
        return autoInitInternal(str, privateKey, provider == null ? Signature.getInstance(str) : Signature.getInstance(str, provider));
    }

    private static Signature autoInitInternal(String str, PrivateKey privateKey, Signature signature) throws InvalidKeyException {
        try {
            initSignWithParam(signature, privateKey, getDefaultParamSpec(str, privateKey), null);
            return signature;
        } catch (InvalidAlgorithmParameterException e) {
            throw new AssertionError("Should not happen", e);
        }
    }

    public static AlgorithmId fromSignature(Signature signature, PrivateKey privateKey) throws SignatureException {
        try {
            if (privateKey instanceof EdECKey) {
                return AlgorithmId.get(((EdECKey) privateKey).getParams().getName());
            }
            AlgorithmParameters algorithmParameters = null;
            try {
                algorithmParameters = signature.getParameters();
            } catch (UnsupportedOperationException e) {
            }
            if (algorithmParameters != null) {
                return AlgorithmId.get(signature.getParameters());
            }
            String algorithm = signature.getAlgorithm();
            if (algorithm.equalsIgnoreCase("EdDSA")) {
                algorithm = privateKey.getAlgorithm();
            }
            return AlgorithmId.get(algorithm);
        } catch (NoSuchAlgorithmException e2) {
            throw new SignatureException("Cannot derive AlgorithmIdentifier", e2);
        }
    }

    public static void checkKeyAndSigAlgMatch(PrivateKey privateKey, String str) {
        String upperCase = privateKey.getAlgorithm().toUpperCase(Locale.ENGLISH);
        String checkName = checkName(str);
        boolean z = -1;
        switch (checkName.hashCode()) {
            case -1192165701:
                if (checkName.equals("ED25519")) {
                    z = 2;
                    break;
                }
                break;
            case 65800377:
                if (checkName.equals("ED448")) {
                    z = 3;
                    break;
                }
                break;
            case 65816723:
                if (checkName.equals("EDDSA")) {
                    z = true;
                    break;
                }
                break;
            case 1775481508:
                if (checkName.equals("RSASSA-PSS")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (!upperCase.equals("RSASSA-PSS") && !upperCase.equals("RSA")) {
                    throw new IllegalArgumentException("key algorithm not compatible with signature algorithm");
                }
                return;
            case true:
                if (!upperCase.equals("EDDSA") && !upperCase.equals("ED448") && !upperCase.equals("ED25519")) {
                    throw new IllegalArgumentException("key algorithm not compatible with signature algorithm");
                }
                return;
            case true:
            case true:
                if (privateKey instanceof EdECKey) {
                    if (!checkName.equals(((EdECKey) privateKey).getParams().getName().toUpperCase(Locale.US))) {
                        throw new IllegalArgumentException("key algorithm not compatible with signature algorithm");
                    }
                    return;
                } else {
                    if (!upperCase.equals("EDDSA") && !upperCase.equals(checkName)) {
                        throw new IllegalArgumentException("key algorithm not compatible with signature algorithm");
                    }
                    return;
                }
            default:
                if (checkName.contains("WITH")) {
                    if ((checkName.endsWith("WITHRSA") && !upperCase.equals("RSA")) || ((checkName.endsWith("WITHECDSA") && !upperCase.equals("EC")) || (checkName.endsWith("WITHDSA") && !upperCase.equals("DSA")))) {
                        throw new IllegalArgumentException("key algorithm not compatible with signature algorithm");
                    }
                    return;
                }
                return;
        }
    }

    public static String getDefaultSigAlgForKey(PrivateKey privateKey) {
        String upperCase = privateKey.getAlgorithm().toUpperCase(Locale.ENGLISH);
        boolean z = -1;
        switch (upperCase.hashCode()) {
            case -1192165701:
                if (upperCase.equals("ED25519")) {
                    z = 5;
                    break;
                }
                break;
            case 2206:
                if (upperCase.equals("EC")) {
                    z = 2;
                    break;
                }
                break;
            case 67986:
                if (upperCase.equals("DSA")) {
                    z = false;
                    break;
                }
                break;
            case 81440:
                if (upperCase.equals("RSA")) {
                    z = true;
                    break;
                }
                break;
            case 65800377:
                if (upperCase.equals("ED448")) {
                    z = 6;
                    break;
                }
                break;
            case 65816723:
                if (upperCase.equals("EDDSA")) {
                    z = 3;
                    break;
                }
                break;
            case 1775481508:
                if (upperCase.equals("RSASSA-PSS")) {
                    z = 4;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return "SHA256withDSA";
            case true:
                return ifcFfcStrength(KeyUtil.getKeySize(privateKey)) + "withRSA";
            case true:
                return ecStrength(KeyUtil.getKeySize(privateKey)) + "withECDSA";
            case true:
                return privateKey instanceof EdECPrivateKey ? ((EdECPrivateKey) privateKey).getParams().getName() : upperCase;
            case true:
            case true:
            case true:
                return upperCase;
            default:
                return null;
        }
    }

    private static String ecStrength(int i) {
        return i >= 512 ? "SHA512" : "SHA384";
    }

    private static String ifcFfcStrength(int i) {
        return i > 7680 ? "SHA512" : i >= 624 ? "SHA384" : "SHA256";
    }
}
