package com.google.crypto.tink.subtle;

import com.google.crypto.tink.PublicKeySign;
import com.google.crypto.tink.config.internal.TinkFipsUtil;
import com.google.crypto.tink.subtle.EngineWrapper;
import com.google.crypto.tink.subtle.Enums;
import com.google.errorprone.annotations.Immutable;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPublicKeySpec;
import javax.crypto.Cipher;

@Immutable
/* loaded from: classes3.dex */
public final class RsaSsaPssSignJce implements PublicKeySign {
    public static final TinkFipsUtil.AlgorithmFipsCompatibility FIPS = TinkFipsUtil.AlgorithmFipsCompatibility.ALGORITHM_REQUIRES_BORINGCRYPTO;

    /* renamed from: a, reason: collision with root package name */
    public final RSAPrivateCrtKey f23807a;

    /* renamed from: b, reason: collision with root package name */
    public final RSAPublicKey f23808b;
    public final Enums.HashType c;

    /* renamed from: d, reason: collision with root package name */
    public final Enums.HashType f23809d;

    /* renamed from: e, reason: collision with root package name */
    public final int f23810e;

    public RsaSsaPssSignJce(RSAPrivateCrtKey rSAPrivateCrtKey, Enums.HashType hashType, Enums.HashType hashType2, int i10) {
        if (!FIPS.isCompatible()) {
            throw new GeneralSecurityException("Can not use RSA PSS in FIPS-mode, as BoringCrypto module is not available.");
        }
        Validators.validateSignatureHash(hashType);
        Validators.validateRsaModulusSize(rSAPrivateCrtKey.getModulus().bitLength());
        Validators.validateRsaPublicExponent(rSAPrivateCrtKey.getPublicExponent());
        this.f23807a = rSAPrivateCrtKey;
        this.f23808b = (RSAPublicKey) EngineFactory.KEY_FACTORY.getInstance("RSA").generatePublic(new RSAPublicKeySpec(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent()));
        this.c = hashType;
        this.f23809d = hashType2;
        this.f23810e = i10;
    }

    @Override // com.google.crypto.tink.PublicKeySign
    public byte[] sign(byte[] bArr) {
        byte[] bArr2;
        RSAPublicKey rSAPublicKey = this.f23808b;
        int bitLength = rSAPublicKey.getModulus().bitLength() - 1;
        Enums.HashType hashType = this.c;
        Validators.validateSignatureHash(hashType);
        MessageDigest engineFactory = EngineFactory.MESSAGE_DIGEST.getInstance(SubtleUtil.toDigestAlgo(hashType));
        byte[] digest = engineFactory.digest(bArr);
        int digestLength = engineFactory.getDigestLength();
        int i10 = ((bitLength - 1) / 8) + 1;
        int i11 = this.f23810e;
        if (i10 < digestLength + i11 + 2) {
            throw new GeneralSecurityException("encoding error");
        }
        byte[] randBytes = Random.randBytes(i11);
        int i12 = digestLength + 8;
        byte[] bArr3 = new byte[i12 + i11];
        System.arraycopy(digest, 0, bArr3, 8, digestLength);
        System.arraycopy(randBytes, 0, bArr3, i12, randBytes.length);
        byte[] digest2 = engineFactory.digest(bArr3);
        int i13 = (i10 - digestLength) - 1;
        byte[] bArr4 = new byte[i13];
        int i14 = (i10 - i11) - digestLength;
        bArr4[i14 - 2] = 1;
        System.arraycopy(randBytes, 0, bArr4, i14 - 1, randBytes.length);
        byte[] mgf1 = SubtleUtil.mgf1(digest2, i13, this.f23809d);
        byte[] bArr5 = new byte[i13];
        for (int i15 = 0; i15 < i13; i15++) {
            bArr5[i15] = (byte) (bArr4[i15] ^ mgf1[i15]);
        }
        int i16 = 0;
        while (true) {
            bArr2 = digest2;
            if (i16 >= (i10 * 8) - bitLength) {
                break;
            }
            int i17 = i16 / 8;
            bArr5[i17] = (byte) ((~(1 << (7 - (i16 % 8)))) & bArr5[i17]);
            i16++;
            digest2 = bArr2;
        }
        int i18 = digestLength + i13;
        byte[] bArr6 = new byte[i18 + 1];
        System.arraycopy(bArr5, 0, bArr6, 0, i13);
        System.arraycopy(bArr2, 0, bArr6, i13, bArr2.length);
        bArr6[i18] = -68;
        EngineFactory<EngineWrapper.TCipher, Cipher> engineFactory2 = EngineFactory.CIPHER;
        Cipher engineFactory3 = engineFactory2.getInstance("RSA/ECB/NOPADDING");
        engineFactory3.init(2, this.f23807a);
        byte[] doFinal = engineFactory3.doFinal(bArr6);
        Cipher engineFactory4 = engineFactory2.getInstance("RSA/ECB/NOPADDING");
        engineFactory4.init(1, rSAPublicKey);
        if (new BigInteger(1, bArr6).equals(new BigInteger(1, engineFactory4.doFinal(doFinal)))) {
            return doFinal;
        }
        throw new RuntimeException("Security bug: RSA signature computation error");
    }
}
