package org.bouncycastle.crypto.fips;

import com.fasterxml.jackson.core.io.doubleparser.FastDoubleMath;
import java.math.BigInteger;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.SecureRandom;
import java.util.logging.Logger;
import org.bouncycastle.crypto.AsymmetricPrivateKey;
import org.bouncycastle.crypto.AsymmetricPublicKey;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.crypto.InvalidSignatureException;
import org.bouncycastle.crypto.asymmetric.AsymmetricDSAPrivateKey;
import org.bouncycastle.crypto.asymmetric.AsymmetricDSAPublicKey;
import org.bouncycastle.crypto.asymmetric.AsymmetricKeyPair;
import org.bouncycastle.crypto.asymmetric.DSADomainParameters;
import org.bouncycastle.crypto.asymmetric.DSAValidationParameters;
import org.bouncycastle.crypto.fips.DSAOutputSigner;
import org.bouncycastle.crypto.fips.FipsSHS;
import org.bouncycastle.crypto.internal.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.internal.DSA;
import org.bouncycastle.crypto.internal.Digest;
import org.bouncycastle.crypto.internal.EngineProvider;
import org.bouncycastle.crypto.internal.ExtendedDigest;
import org.bouncycastle.crypto.internal.Permissions;
import org.bouncycastle.crypto.internal.PrimeCertaintyCalculator;
import org.bouncycastle.crypto.internal.params.DsaKeyGenerationParameters;
import org.bouncycastle.crypto.internal.params.DsaParameterGenerationParameters;
import org.bouncycastle.crypto.internal.params.DsaParameters;
import org.bouncycastle.crypto.internal.params.DsaPrivateKeyParameters;
import org.bouncycastle.crypto.internal.params.DsaPublicKeyParameters;
import org.bouncycastle.crypto.internal.params.DsaValidationParameters;
import org.bouncycastle.crypto.internal.params.ParametersWithRandom;
import org.bouncycastle.crypto.internal.test.ConsistencyTest;
import org.bouncycastle.math.internal.Primes;
import org.bouncycastle.tls.CipherSuite;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.encoders.Hex;
import org.bouncycastle.util.test.FixedSecureRandom;
import org.bouncycastle.util.test.TestRandomBigInteger;

/* loaded from: input_file:org/bouncycastle/crypto/fips/FipsDSA.class */
public final class FipsDSA {
    private static final Logger LOG = Logger.getLogger(FipsDSA.class.getName());
    public static final FipsAlgorithm ALGORITHM = new FipsAlgorithm("DSA", (Enum) null);
    public static final Parameters DSA = new Parameters();
    private static final EngineProvider<DsaSigner> ENGINE_PROVIDER;

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsDSA$DomainGenParameters.class */
    public static final class DomainGenParameters extends FipsParameters {
        private final int L;
        private final int N;
        private final int certainty;
        private final BigInteger p;
        private final BigInteger q;
        private final byte[] seed;
        private final int usageIndex;

        public DomainGenParameters(int i) {
            this(i, i > 1024 ? 256 : CipherSuite.TLS_DH_RSA_WITH_AES_128_GCM_SHA256, PrimeCertaintyCalculator.getDefaultCertainty(i));
        }

        public DomainGenParameters(int i, int i2) {
            this(i, i > 1024 ? 256 : CipherSuite.TLS_DH_RSA_WITH_AES_128_GCM_SHA256, i2);
        }

        public DomainGenParameters(int i, int i2, int i3) {
            this(i, i2, i3, null, null, null, -1);
        }

        public DomainGenParameters(int i, int i2, int i3, int i4) {
            this(i, i2, i3, null, null, null, i4);
        }

        public DomainGenParameters(BigInteger bigInteger, BigInteger bigInteger2) {
            this(bigInteger.bitLength(), bigInteger2.bitLength(), 0, bigInteger, bigInteger2, null, -1);
        }

        public DomainGenParameters(BigInteger bigInteger, BigInteger bigInteger2, byte[] bArr, int i) {
            this(bigInteger.bitLength(), bigInteger2.bitLength(), 0, bigInteger, bigInteger2, Arrays.clone(bArr), i);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public DomainGenParameters(int i, int i2, int i3, BigInteger bigInteger, BigInteger bigInteger2, byte[] bArr, int i4) {
            super(FipsDSA.ALGORITHM);
            if (CryptoServicesRegistrar.isInApprovedOnlyMode() && bigInteger == null && i3 < PrimeCertaintyCalculator.getDefaultCertainty(i)) {
                throw new FipsUnapprovedOperationError("Prime generation certainty " + i3 + " inadequate for parameters of " + i + " bits", getAlgorithm());
            }
            if (i4 > 255) {
                throw new IllegalArgumentException("Usage index must be in range 0 to 255 (or -1 to ignore)");
            }
            this.L = i;
            this.N = i2;
            this.certainty = i3;
            this.p = bigInteger;
            this.q = bigInteger2;
            this.seed = bArr;
            this.usageIndex = i4;
        }
    }

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsDSA$DomainParametersGenerator.class */
    public static final class DomainParametersGenerator {
        private final SecureRandom random;
        private final DomainGenParameters parameters;
        private final FipsDigestAlgorithm digestAlgorithm;

        public DomainParametersGenerator(DomainGenParameters domainGenParameters, SecureRandom secureRandom) {
            this(FipsSHS.Algorithm.SHA256, domainGenParameters, secureRandom);
        }

        public DomainParametersGenerator(FipsDigestAlgorithm fipsDigestAlgorithm, DomainGenParameters domainGenParameters, SecureRandom secureRandom) {
            if (CryptoServicesRegistrar.isInApprovedOnlyMode()) {
                int i = domainGenParameters.L;
                if (i != 2048 && i != 3072) {
                    throw new FipsUnapprovedOperationError("Attempt to create parameters with unapproved key size [" + i + "]", FipsDSA.ALGORITHM);
                }
                Utils.validateRandom(secureRandom, Utils.getAsymmetricSecurityStrength(i), FipsDSA.ALGORITHM, "Attempt to create parameters with unapproved RNG");
            }
            this.digestAlgorithm = fipsDigestAlgorithm;
            this.parameters = domainGenParameters;
            this.random = secureRandom;
        }

        public DSADomainParameters generateDomainParameters() {
            if (this.parameters.p == null) {
                DsaParametersGenerator dsaParametersGenerator = new DsaParametersGenerator(FipsSHS.createDigest(this.digestAlgorithm));
                dsaParametersGenerator.init(new DsaParameterGenerationParameters(this.parameters.L, this.parameters.N, this.parameters.certainty, this.random, this.parameters.usageIndex));
                DsaParameters generateParameters = dsaParametersGenerator.generateParameters();
                DsaValidationParameters validationParameters = generateParameters.getValidationParameters();
                return new DSADomainParameters(generateParameters.getP(), generateParameters.getQ(), generateParameters.getG(), new DSAValidationParameters(validationParameters.getSeed(), validationParameters.getCounter(), validationParameters.getUsageIndex()));
            }
            if (this.parameters.seed == null || this.parameters.usageIndex < 0) {
                return new DSADomainParameters(this.parameters.p, this.parameters.q, DsaParametersGenerator.calculateGenerator_FIPS186_3_Unverifiable(this.parameters.p, this.parameters.q, this.random), null);
            }
            return new DSADomainParameters(this.parameters.p, this.parameters.q, DsaParametersGenerator.calculateGenerator_FIPS186_3_Verifiable(FipsSHS.createDigest(this.digestAlgorithm), this.parameters.p, this.parameters.q, this.parameters.seed, this.parameters.usageIndex), new DSAValidationParameters(this.parameters.seed, -1, this.parameters.usageIndex));
        }
    }

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsDSA$DomainParametersValidator.class */
    public static final class DomainParametersValidator {
        private final Version version;
        private final FipsDigestAlgorithm digestAlgorithm;
        private final SecureRandom random;

        /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsDSA$DomainParametersValidator$Version.class */
        public enum Version {
            FIPS_PUB_186_2,
            FIPS_PUB_186_4
        }

        public DomainParametersValidator(FipsDigestAlgorithm fipsDigestAlgorithm, SecureRandom secureRandom) {
            this(Version.FIPS_PUB_186_4, fipsDigestAlgorithm, secureRandom);
        }

        public DomainParametersValidator(Version version, FipsDigestAlgorithm fipsDigestAlgorithm, SecureRandom secureRandom) {
            if (Version.FIPS_PUB_186_2 == version && fipsDigestAlgorithm != FipsSHS.Algorithm.SHA1) {
                throw new IllegalArgumentException("186-2 can only validate with SHA-1");
            }
            if (CryptoServicesRegistrar.isInApprovedOnlyMode()) {
                Utils.validateRandom(secureRandom, "FIPS SecureRandom required for DSA parameter validation in approved mode.");
            }
            this.version = version;
            this.digestAlgorithm = fipsDigestAlgorithm;
            this.random = secureRandom;
        }

        private static int getMinimumIterations(int i) {
            if (i <= 1024) {
                return 40;
            }
            return 48 + (8 * ((i - 1) / 1024));
        }

        public boolean isValidPAndQ(BigInteger bigInteger, BigInteger bigInteger2, byte[] bArr, int i) {
            ExtendedDigest createDigest = FipsSHS.createDigest(this.digestAlgorithm);
            if (Version.FIPS_PUB_186_2 == this.version) {
                if (bigInteger.bitLength() != 1024 || bigInteger2.bitLength() != 160 || i > 4095 || bArr.length < 20 || !bigInteger2.equals(digest(createDigest, bArr).xor(digest(createDigest, seedPlus1(bArr))).setBit(0).setBit(CipherSuite.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384)) || !isProbablePrime(bigInteger2, getMinimumIterations(1024))) {
                    return false;
                }
                BigInteger shiftLeft = BigInteger.ONE.shiftLeft(64);
                int i2 = 0;
                byte[] clone = Arrays.clone(bArr);
                inc(clone);
                boolean z = false;
                BigInteger bigInteger3 = null;
                while (true) {
                    if (i2 > i) {
                        break;
                    }
                    BigInteger bigInteger4 = BigInteger.ZERO;
                    for (int i3 = 0; i3 <= 5; i3++) {
                        inc(clone);
                        bigInteger4 = bigInteger4.add(digest(createDigest, clone).shiftLeft(CipherSuite.TLS_DH_RSA_WITH_AES_128_GCM_SHA256 * i3));
                    }
                    inc(clone);
                    BigInteger bit = bigInteger4.add(digest(createDigest, clone).mod(shiftLeft).shiftLeft(960)).setBit(FastDoubleMath.DOUBLE_EXPONENT_BIAS);
                    bigInteger3 = bit.subtract(bit.mod(bigInteger2.shiftLeft(1)).subtract(BigInteger.ONE));
                    if (bigInteger3.bitLength() == 1024 && isProbablePrime(bigInteger3, getMinimumIterations(1024))) {
                        z = true;
                        break;
                    }
                    i2++;
                }
                return i2 == i && bigInteger.equals(bigInteger3) && z;
            }
            int bitLength = bigInteger.bitLength();
            int bitLength2 = bigInteger2.bitLength();
            if (!((bitLength == 1024 && bitLength2 == 160) || ((bitLength == 2048 && bitLength2 == 224) || ((bitLength == 2048 && bitLength2 == 256) || (bitLength == 3072 && bitLength2 == 256)))) || i > (4 * bitLength) - 1 || bArr.length * 8 < bitLength2) {
                return false;
            }
            if (!bigInteger2.equals(digest(createDigest, bArr).mod(BigInteger.ONE.shiftLeft(bitLength2 - 1)).setBit(0).setBit(bitLength2 - 1)) || !isProbablePrime(bigInteger2, getMinimumIterations(bitLength))) {
                return false;
            }
            int digestSize = createDigest.getDigestSize() * 8;
            int i4 = (((bitLength + digestSize) - 1) / digestSize) - 1;
            BigInteger shiftLeft2 = BigInteger.ONE.shiftLeft(bitLength - (i4 * digestSize));
            int i5 = 0;
            byte[] clone2 = Arrays.clone(bArr);
            boolean z2 = false;
            BigInteger bigInteger5 = null;
            while (true) {
                if (i5 > i) {
                    break;
                }
                BigInteger bigInteger6 = BigInteger.ZERO;
                for (int i6 = 0; i6 < i4; i6++) {
                    inc(clone2);
                    bigInteger6 = bigInteger6.add(digest(createDigest, clone2).shiftLeft(digestSize * i6));
                }
                inc(clone2);
                BigInteger bit2 = bigInteger6.add(digest(createDigest, clone2).mod(shiftLeft2).shiftLeft(digestSize * i4)).setBit(bitLength - 1);
                bigInteger5 = bit2.subtract(bit2.mod(bigInteger2.shiftLeft(1)).subtract(BigInteger.ONE));
                if (bigInteger5.bitLength() == bitLength && isProbablePrime(bigInteger5, getMinimumIterations(bitLength))) {
                    z2 = true;
                    break;
                }
                i5++;
            }
            return i5 == i && bigInteger.equals(bigInteger5) && z2;
        }

        public boolean isPartiallyValidG(BigInteger bigInteger, BigInteger bigInteger2, BigInteger bigInteger3) {
            if (BigInteger.valueOf(2L).compareTo(bigInteger3) > 0 || bigInteger.subtract(BigInteger.ONE).compareTo(bigInteger3) < 0) {
                return false;
            }
            return bigInteger3.modPow(bigInteger2, bigInteger).equals(BigInteger.ONE);
        }

        public boolean isValidG(BigInteger bigInteger, BigInteger bigInteger2, byte[] bArr, int i, BigInteger bigInteger3) {
            ExtendedDigest createDigest = FipsSHS.createDigest(this.digestAlgorithm);
            if ((i >>> 8) != 0 || BigInteger.valueOf(2L).compareTo(bigInteger3) > 0 || bigInteger.subtract(BigInteger.ONE).compareTo(bigInteger3) < 0 || !bigInteger3.modPow(bigInteger2, bigInteger).equals(BigInteger.ONE)) {
                return false;
            }
            BigInteger divide = bigInteger.subtract(BigInteger.ONE).divide(bigInteger2);
            int i2 = 0;
            byte[] concatenate = Arrays.concatenate(bArr, Hex.decode("6767656E"), new byte[]{(byte) i});
            BigInteger bigInteger4 = null;
            do {
                i2++;
                if (i2 >= 65536) {
                    break;
                }
                inc(concatenate);
                bigInteger4 = digest(createDigest, concatenate).modPow(divide, bigInteger);
            } while (bigInteger4.compareTo(BigInteger.ONE) <= 0);
            return bigInteger3.equals(bigInteger4);
        }

        private BigInteger digest(Digest digest, byte[] bArr) {
            byte[] bArr2 = new byte[digest.getDigestSize()];
            digest.update(bArr, 0, bArr.length);
            digest.doFinal(bArr2, 0);
            return new BigInteger(1, bArr2);
        }

        private byte[] seedPlus1(byte[] bArr) {
            return inc(Arrays.clone(bArr));
        }

        private byte[] inc(byte[] bArr) {
            for (int length = bArr.length - 1; length >= 0; length--) {
                int i = length;
                byte b = (byte) (bArr[i] + 1);
                bArr[i] = b;
                if (b != 0) {
                    break;
                }
            }
            return bArr;
        }

        private boolean isProbablePrime(BigInteger bigInteger, int i) {
            return !Primes.hasAnySmallFactors(bigInteger) && Primes.isMRProbablePrime(bigInteger, this.random, i);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsDSA$DsaProvider.class */
    public static class DsaProvider extends FipsEngineProvider<DsaSigner> {
        private static BigInteger r = new BigInteger("4400138d05f9639caf54a583caaf25d2b76d0c3ead752ce17dbc85fe", 16);
        private static BigInteger s = new BigInteger("46b366898ee97c044df7fd8616410b91978e0eb99a581d7b71e82e89", 16);

        private DsaProvider() {
        }

        @Override // org.bouncycastle.crypto.internal.EngineProvider
        public DsaSigner createEngine() {
            return (DsaSigner) SelfTestExecutor.validate(FipsDSA.ALGORITHM, new DsaSigner(), new VariantKatTest<DsaSigner>() { // from class: org.bouncycastle.crypto.fips.FipsDSA.DsaProvider.1
                /* JADX INFO: Access modifiers changed from: package-private */
                @Override // org.bouncycastle.crypto.fips.VariantKatTest
                public void evaluate(DsaSigner dsaSigner) throws Exception {
                    BigInteger bigInteger = new BigInteger("90EAF4D1AF0708B1B612FF35E0A2997EB9E9D263C9CE659528945C0D", 16);
                    BigInteger bigInteger2 = new BigInteger("C196BA05AC29E1F9C3C72D56DFFC6154A033F1477AC88EC37F09BE6C5BB95F51C296DD20D1A28A067CCC4D4316A4BD1DCA55ED1066D438C35AEBAABF57E7DAE428782A95ECA1C143DB701FD48533A3C18F0FE23557EA7AE619ECACC7E0B51652A8776D02A425567DED36EABD90CA33A1E8D988F0BBB92D02D1D20290113BB562CE1FC856EEB7CDD92D33EEA6F410859B179E7E789A8F75F645FAE2E136D252BFFAFF89528945C1ABE705A38DBC2D364AADE99BE0D0AAD82E5320121496DC65B3930E38047294FF877831A16D5228418DE8AB275D7D75651CEFED65F78AFC3EA7FE4D79B35F62A0402A1117599ADAC7B269A59F353CF450E6982D3B1702D9CA83", 16);
                    BigInteger bigInteger3 = new BigInteger("A59A749A11242C58C894E9E5A91804E8FA0AC64B56288F8D47D51B1EDC4D65444FECA0111D78F35FC9FDD4CB1F1B79A3BA9CBEE83A3F811012503C8117F98E5048B089E387AF6949BF8784EBD9EF45876F2E6A5A495BE64B6E770409494B7FEE1DBB1E4B2BC2A53D4F893D418B7159592E4FFFDF6969E91D770DAEBD0B5CB14C00AD68EC7DC1E5745EA55C706C4A1C5C88964E34D09DEB753AD418C1AD0F4FDFD049A955E5D78491C0B7A2F1575A008CCD727AB376DB6E695515B05BD412F5B8C2F4C77EE10DA48ABD53F5DD498927EE7B692BBBCDA2FB23A516C5B4533D73980B2A3B60E384ED200AE21B40D273651AD6060C13D97FD69AA13C5611A51B9085", 16);
                    DsaKeyPairGenerator dsaKeyPairGenerator = new DsaKeyPairGenerator();
                    dsaKeyPairGenerator.init(new DsaKeyGenerationParameters(new TestRandomBigInteger(Hex.decode("947813B589EDBA642411AD79205E43CE9B859327A4F84CF4B02628DB058A7B22771EA1852903711B")), new DsaParameters(bigInteger2, bigInteger, bigInteger3)));
                    AsymmetricCipherKeyPair generateKeyPair = dsaKeyPairGenerator.generateKeyPair();
                    dsaSigner.init(true, new ParametersWithRandom(generateKeyPair.getPrivate(), new FixedSecureRandom(new FixedSecureRandom.BigInteger("735959CC4463B8B440E407EECA8A473BF6A6D1FE657546F67D401F05"), new FixedSecureRandom.Data(Hex.decode("01020304")))));
                    byte[] decode = Hex.decode("23097D223405D8228642A477BDA255B32AADBCE4BDA0B3F7E36C9DA7");
                    BigInteger[] generateSignature = dsaSigner.generateSignature(decode);
                    if (!generateSignature[0].equals(DsaProvider.r) || !generateSignature[1].equals(DsaProvider.s)) {
                        fail("KAT signature incorrect");
                    }
                    dsaSigner.init(false, generateKeyPair.getPublic());
                    if (dsaSigner.verifySignature(decode, generateSignature[0], generateSignature[1])) {
                        return;
                    }
                    fail("KAT signature not verified");
                }
            });
        }
    }

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsDSA$KeyGenParameters.class */
    public static final class KeyGenParameters extends FipsParameters {
        private final DSADomainParameters domainParameters;

        public KeyGenParameters(DSADomainParameters dSADomainParameters) {
            super(FipsDSA.ALGORITHM);
            this.domainParameters = dSADomainParameters;
        }

        public DSADomainParameters getDomainParameters() {
            return this.domainParameters;
        }
    }

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsDSA$KeyPairGenerator.class */
    public static final class KeyPairGenerator extends FipsAsymmetricKeyPairGenerator<KeyGenParameters, AsymmetricDSAPublicKey, AsymmetricDSAPrivateKey> {
        private final DsaKeyPairGenerator engine;
        private final DSADomainParameters domainParameters;
        private final DsaKeyGenerationParameters param;

        public KeyPairGenerator(KeyGenParameters keyGenParameters, SecureRandom secureRandom) {
            super(keyGenParameters);
            this.engine = new DsaKeyPairGenerator();
            if (CryptoServicesRegistrar.isInApprovedOnlyMode()) {
                int bitLength = keyGenParameters.getDomainParameters().getP().bitLength();
                if (bitLength != 2048 && bitLength != 3072) {
                    throw new FipsUnapprovedOperationError("Attempt to create key pair with unapproved key size [" + bitLength + "]", keyGenParameters.getAlgorithm());
                }
                Utils.validateKeyPairGenRandom(secureRandom, Utils.getAsymmetricSecurityStrength(bitLength), keyGenParameters.getAlgorithm());
            }
            this.domainParameters = keyGenParameters.getDomainParameters();
            this.param = new DsaKeyGenerationParameters(secureRandom, FipsDSA.getDomainParams(this.domainParameters));
            this.engine.init(this.param);
        }

        @Override // org.bouncycastle.crypto.fips.FipsAsymmetricKeyPairGenerator, org.bouncycastle.crypto.AsymmetricKeyPairGenerator
        public AsymmetricKeyPair<AsymmetricDSAPublicKey, AsymmetricDSAPrivateKey> generateKeyPair() {
            AsymmetricCipherKeyPair generateKeyPair = this.engine.generateKeyPair();
            DsaPublicKeyParameters dsaPublicKeyParameters = (DsaPublicKeyParameters) generateKeyPair.getPublic();
            DsaPrivateKeyParameters dsaPrivateKeyParameters = (DsaPrivateKeyParameters) generateKeyPair.getPrivate();
            FipsAlgorithm algorithm = getParameters().getAlgorithm();
            FipsDSA.validateKeyPair(generateKeyPair);
            return new AsymmetricKeyPair<>(new AsymmetricDSAPublicKey(algorithm, this.domainParameters, dsaPublicKeyParameters.getY()), new AsymmetricDSAPrivateKey(algorithm, this.domainParameters, dsaPrivateKeyParameters.getX()));
        }
    }

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsDSA$OperatorFactory.class */
    public static final class OperatorFactory extends FipsSignatureOperatorFactory<Parameters> {
        @Override // org.bouncycastle.crypto.fips.FipsSignatureOperatorFactory, org.bouncycastle.crypto.SignatureOperatorFactory
        public FipsOutputSignerUsingSecureRandom<Parameters> createSigner(AsymmetricPrivateKey asymmetricPrivateKey, Parameters parameters) {
            DsaSigner dsaSigner = (DsaSigner) FipsDSA.ENGINE_PROVIDER.createEngine();
            Digest createDigest = parameters.digestAlgorithm != null ? FipsSHS.createDigest(parameters.digestAlgorithm) : new NullDigest();
            final DsaPrivateKeyParameters lwKey = FipsDSA.getLwKey((AsymmetricDSAPrivateKey) asymmetricPrivateKey);
            int bitLength = lwKey.getParameters().getP().bitLength();
            if (CryptoServicesRegistrar.isInApprovedOnlyMode()) {
                if (bitLength != 2048 && bitLength != 3072) {
                    throw new FipsUnapprovedOperationError("Attempt to create signer with unapproved keysize [" + bitLength + "]", FipsDSA.ALGORITHM);
                }
                Utils.checkDigestAlgorithm(FipsDSA.LOG, parameters.getDigestAlgorithm(), "org.bouncycastle.dsa.allow_sha1_sig");
            }
            return new DSAOutputSigner(dsaSigner, createDigest, parameters, new DSAOutputSigner.Initializer() { // from class: org.bouncycastle.crypto.fips.FipsDSA.OperatorFactory.1
                @Override // org.bouncycastle.crypto.fips.DSAOutputSigner.Initializer
                public void initialize(DSA dsa, SecureRandom secureRandom) {
                    dsa.init(true, new ParametersWithRandom(lwKey, secureRandom));
                }
            });
        }

        @Override // org.bouncycastle.crypto.fips.FipsSignatureOperatorFactory, org.bouncycastle.crypto.SignatureOperatorFactory
        public FipsOutputVerifier<Parameters> createVerifier(AsymmetricPublicKey asymmetricPublicKey, Parameters parameters) {
            DsaSigner dsaSigner = (DsaSigner) FipsDSA.ENGINE_PROVIDER.createEngine();
            Digest createDigest = parameters.digestAlgorithm != null ? FipsSHS.createDigest(parameters.digestAlgorithm) : new NullDigest();
            AsymmetricDSAPublicKey asymmetricDSAPublicKey = (AsymmetricDSAPublicKey) asymmetricPublicKey;
            DsaPublicKeyParameters dsaPublicKeyParameters = new DsaPublicKeyParameters(asymmetricDSAPublicKey.getY(), FipsDSA.getDomainParams(asymmetricDSAPublicKey.getDomainParameters()));
            int bitLength = dsaPublicKeyParameters.getParameters().getP().bitLength();
            if (CryptoServicesRegistrar.isInApprovedOnlyMode() && bitLength != 1024 && bitLength != 2048 && bitLength != 3072) {
                throw new FipsUnapprovedOperationError("Attempt to create verifier with unapproved keysize [" + bitLength + "]", FipsDSA.ALGORITHM);
            }
            dsaSigner.init(false, dsaPublicKeyParameters);
            return new DSAOutputVerifier(dsaSigner, createDigest, parameters);
        }

        @Override // org.bouncycastle.crypto.SignatureOperatorFactory
        public FipsOutputValidator<Parameters> createValidator(AsymmetricPublicKey asymmetricPublicKey, Parameters parameters, byte[] bArr) throws InvalidSignatureException {
            DsaSigner dsaSigner = (DsaSigner) FipsDSA.ENGINE_PROVIDER.createEngine();
            Digest createDigest = parameters.digestAlgorithm != null ? FipsSHS.createDigest(parameters.digestAlgorithm) : new NullDigest();
            AsymmetricDSAPublicKey asymmetricDSAPublicKey = (AsymmetricDSAPublicKey) asymmetricPublicKey;
            DsaPublicKeyParameters dsaPublicKeyParameters = new DsaPublicKeyParameters(asymmetricDSAPublicKey.getY(), FipsDSA.getDomainParams(asymmetricDSAPublicKey.getDomainParameters()));
            int bitLength = dsaPublicKeyParameters.getParameters().getP().bitLength();
            if (CryptoServicesRegistrar.isInApprovedOnlyMode() && bitLength != 1024 && bitLength != 2048 && bitLength != 3072) {
                throw new FipsUnapprovedOperationError("Attempt to create verifier with unapproved keysize [" + bitLength + "]", FipsDSA.ALGORITHM);
            }
            dsaSigner.init(false, dsaPublicKeyParameters);
            return new DSAOutputValidator(dsaSigner, createDigest, parameters, bArr);
        }
    }

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsDSA$Parameters.class */
    public static final class Parameters extends FipsParameters {
        private final FipsDigestAlgorithm digestAlgorithm;

        Parameters() {
            super(FipsDSA.ALGORITHM);
            this.digestAlgorithm = FipsSHS.Algorithm.SHA1;
        }

        private Parameters(FipsDigestAlgorithm fipsDigestAlgorithm) {
            super(FipsDSA.ALGORITHM);
            if (fipsDigestAlgorithm == null && CryptoServicesRegistrar.isInApprovedOnlyMode()) {
                PrivilegedUtils.checkPermission(Permissions.TlsNullDigestEnabled);
            }
            this.digestAlgorithm = fipsDigestAlgorithm;
        }

        public FipsDigestAlgorithm getDigestAlgorithm() {
            return this.digestAlgorithm;
        }

        public Parameters withDigestAlgorithm(FipsDigestAlgorithm fipsDigestAlgorithm) {
            return new Parameters(fipsDigestAlgorithm);
        }
    }

    private FipsDSA() {
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static DsaParameters getDomainParams(DSADomainParameters dSADomainParameters) {
        return new DsaParameters(dSADomainParameters.getP(), dSADomainParameters.getQ(), dSADomainParameters.getG());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static DsaPrivateKeyParameters getLwKey(final AsymmetricDSAPrivateKey asymmetricDSAPrivateKey) {
        return (DsaPrivateKeyParameters) AccessController.doPrivileged(new PrivilegedAction<DsaPrivateKeyParameters>() { // from class: org.bouncycastle.crypto.fips.FipsDSA.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public DsaPrivateKeyParameters run() {
                return new DsaPrivateKeyParameters(AsymmetricDSAPrivateKey.this.getX(), FipsDSA.getDomainParams(AsymmetricDSAPrivateKey.this.getDomainParameters()));
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void validateKeyPair(AsymmetricCipherKeyPair asymmetricCipherKeyPair) {
        SelfTestExecutor.validate(ALGORITHM, asymmetricCipherKeyPair, new ConsistencyTest<AsymmetricCipherKeyPair>() { // from class: org.bouncycastle.crypto.fips.FipsDSA.2
            @Override // org.bouncycastle.crypto.internal.test.ConsistencyTest
            public boolean hasTestPassed(AsymmetricCipherKeyPair asymmetricCipherKeyPair2) {
                byte[] decode = Hex.decode("576a1f885e3420128c8a656097ba7d8bb4c6f1b1853348cf2ba976971dbdbefc");
                DsaSigner dsaSigner = new DsaSigner();
                dsaSigner.init(true, new ParametersWithRandom(asymmetricCipherKeyPair2.getPrivate(), Utils.testRandom));
                BigInteger[] generateSignature = dsaSigner.generateSignature(decode);
                dsaSigner.init(false, asymmetricCipherKeyPair2.getPublic());
                return dsaSigner.verifySignature(decode, generateSignature[0], generateSignature[1]);
            }
        });
    }

    static {
        DsaProvider dsaProvider = new DsaProvider();
        dsaProvider.createEngine();
        ENGINE_PROVIDER = dsaProvider;
    }
}
