package com.google.crypto.tink.subtle;

import com.google.crypto.tink.PublicKeySign;
import com.google.crypto.tink.config.internal.TinkFipsUtil;
import com.google.crypto.tink.subtle.EngineWrapper;
import com.google.crypto.tink.subtle.Enums;
import com.google.errorprone.annotations.Immutable;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPublicKeySpec;
import javax.crypto.Cipher;
import org.bouncycastle.crypto.signers.PSSSigner;

@Immutable
/* loaded from: classes4.dex */
public final class RsaSsaPssSignJce implements PublicKeySign {
    public static final TinkFipsUtil.AlgorithmFipsCompatibility FIPS = TinkFipsUtil.AlgorithmFipsCompatibility.ALGORITHM_REQUIRES_BORINGCRYPTO;

    /* renamed from: a, reason: collision with root package name */
    public final RSAPrivateCrtKey f28783a;
    public final RSAPublicKey b;

    /* renamed from: c, reason: collision with root package name */
    public final Enums.HashType f28784c;

    /* renamed from: d, reason: collision with root package name */
    public final Enums.HashType f28785d;
    public final int e;

    public RsaSsaPssSignJce(RSAPrivateCrtKey rSAPrivateCrtKey, Enums.HashType hashType, Enums.HashType hashType2, int i) throws GeneralSecurityException {
        if (!FIPS.isCompatible()) {
            throw new GeneralSecurityException("Can not use RSA PSS in FIPS-mode, as BoringCrypto module is not available.");
        }
        Validators.validateSignatureHash(hashType);
        Validators.validateRsaModulusSize(rSAPrivateCrtKey.getModulus().bitLength());
        Validators.validateRsaPublicExponent(rSAPrivateCrtKey.getPublicExponent());
        this.f28783a = rSAPrivateCrtKey;
        this.b = (RSAPublicKey) EngineFactory.KEY_FACTORY.getInstance("RSA").generatePublic(new RSAPublicKeySpec(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent()));
        this.f28784c = hashType;
        this.f28785d = hashType2;
        this.e = i;
    }

    @Override // com.google.crypto.tink.PublicKeySign
    public byte[] sign(byte[] bArr) throws GeneralSecurityException {
        byte[] bArr2;
        RSAPublicKey rSAPublicKey = this.b;
        int bitLength = rSAPublicKey.getModulus().bitLength() - 1;
        Enums.HashType hashType = this.f28784c;
        Validators.validateSignatureHash(hashType);
        MessageDigest engineFactory = EngineFactory.MESSAGE_DIGEST.getInstance(SubtleUtil.toDigestAlgo(hashType));
        byte[] digest = engineFactory.digest(bArr);
        int digestLength = engineFactory.getDigestLength();
        int i = ((bitLength - 1) / 8) + 1;
        int i3 = this.e;
        if (i < digestLength + i3 + 2) {
            throw new GeneralSecurityException("encoding error");
        }
        byte[] randBytes = Random.randBytes(i3);
        int i4 = digestLength + 8;
        byte[] bArr3 = new byte[i4 + i3];
        System.arraycopy(digest, 0, bArr3, 8, digestLength);
        System.arraycopy(randBytes, 0, bArr3, i4, randBytes.length);
        byte[] digest2 = engineFactory.digest(bArr3);
        int i5 = (i - digestLength) - 1;
        byte[] bArr4 = new byte[i5];
        int i6 = (i - i3) - digestLength;
        bArr4[i6 - 2] = 1;
        System.arraycopy(randBytes, 0, bArr4, i6 - 1, randBytes.length);
        byte[] mgf1 = SubtleUtil.mgf1(digest2, i5, this.f28785d);
        byte[] bArr5 = new byte[i5];
        for (int i7 = 0; i7 < i5; i7++) {
            bArr5[i7] = (byte) (bArr4[i7] ^ mgf1[i7]);
        }
        int i8 = 0;
        while (true) {
            bArr2 = digest2;
            if (i8 >= (i * 8) - bitLength) {
                break;
            }
            int i9 = i8 / 8;
            bArr5[i9] = (byte) ((~(1 << (7 - (i8 % 8)))) & bArr5[i9]);
            i8++;
            digest2 = bArr2;
        }
        int i10 = digestLength + i5;
        byte[] bArr6 = new byte[i10 + 1];
        System.arraycopy(bArr5, 0, bArr6, 0, i5);
        System.arraycopy(bArr2, 0, bArr6, i5, bArr2.length);
        bArr6[i10] = PSSSigner.TRAILER_IMPLICIT;
        EngineFactory<EngineWrapper.TCipher, Cipher> engineFactory2 = EngineFactory.CIPHER;
        Cipher engineFactory3 = engineFactory2.getInstance("RSA/ECB/NOPADDING");
        engineFactory3.init(2, this.f28783a);
        byte[] doFinal = engineFactory3.doFinal(bArr6);
        Cipher engineFactory4 = engineFactory2.getInstance("RSA/ECB/NOPADDING");
        engineFactory4.init(1, rSAPublicKey);
        if (new BigInteger(1, bArr6).equals(new BigInteger(1, engineFactory4.doFinal(doFinal)))) {
            return doFinal;
        }
        throw new RuntimeException("Security bug: RSA signature computation error");
    }
}
