package pl.unizeto.android.cryptoapi.provider;

import iaik.asn1.structures.AlgorithmID;
import iaik.cms.DigestInfo;
import iaik.cms.IaikProvider;
import iaik.cms.InvalidSignatureValueException;
import iaik.cms.SecurityProvider;
import iaik.pkcs.pkcs11.provider.IAIKPkcs11;
import iaik.pkcs.pkcs11.provider.keys.IAIKPKCS11Key;
import iaik.pkcs.pkcs11.provider.keys.IAIKPKCS11PrivateKey;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;

/* loaded from: classes.dex */
public class UniSecurityProvider extends IaikProvider {
    private static final String CRYPTO_API_PROVIDER_NAME = "MicrosoftCryptoAPIBridge";
    private static final String PROVIDER_NAME = "Unizeto CMS Security Provider";

    private boolean isClassInstanceOf(Class<?> cls, String str) {
        if (cls.getName().equals(str)) {
            return true;
        }
        Class<? super Object> superclass = cls.getSuperclass();
        if (superclass != null) {
            return isClassInstanceOf(superclass, str);
        }
        return false;
    }

    @Override // iaik.cms.IaikProvider, iaik.cms.SecurityProvider
    public byte[] calculateSignatureFromHash(AlgorithmID algorithmID, AlgorithmID algorithmID2, PrivateKey privateKey, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        byte[] bArr2;
        Signature signature;
        if (!(privateKey instanceof IAIKPKCS11PrivateKey)) {
            return super.calculateSignatureFromHash(algorithmID, algorithmID2, privateKey, bArr);
        }
        IAIKPkcs11 provider = ((IAIKPKCS11PrivateKey) privateKey).getTokenManager().getProvider();
        String implementationName = algorithmID.getImplementationName();
        try {
            if (implementationName.equals("RSA")) {
                bArr2 = new DigestInfo(algorithmID2, bArr).toByteArray();
                signature = Signature.getInstance("RawRSA/PKCS1", provider.getName());
            } else if (implementationName.equals(IAIKPKCS11Key.DSA)) {
                bArr2 = bArr;
                signature = Signature.getInstance(SecurityProvider.ALG_SIGNATURE_RAWDSA, provider.getName());
            } else {
                if (!implementationName.equals("ECDSA")) {
                    throw new NoSuchAlgorithmException("Unable to calculate signature with signature algorithm: " + implementationName);
                }
                bArr2 = bArr;
                signature = Signature.getInstance(SecurityProvider.ALG_SIGNATURE_RAWECDSA, provider.getName());
            }
            signature.initSign(privateKey);
            signature.update(bArr2);
            return signature.sign();
        } catch (NoSuchProviderException e) {
            throw new NoSuchAlgorithmException("The PKCS#11 provider has not been installed corerctly: " + e);
        }
    }

    @Override // iaik.cms.IaikProvider, iaik.cms.SecurityProvider
    public byte[] calculateSignatureFromSignedAttributes(AlgorithmID algorithmID, AlgorithmID algorithmID2, PrivateKey privateKey, byte[] bArr) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException {
        Signature signature;
        byte[] bArr2;
        if (!isClassInstanceOf(privateKey.getClass(), "be.cardon.cryptoapi.provider.CryptoAPIPrivateKey")) {
            return super.calculateSignatureFromSignedAttributes(algorithmID, algorithmID2, privateKey, bArr);
        }
        String implementationName = algorithmID.getImplementationName();
        String implementationName2 = algorithmID2.getImplementationName();
        try {
            if (implementationName.equals("RSA")) {
                if (implementationName2.equals(SecurityProvider.ALG_DIGEST_SHA)) {
                    bArr2 = bArr;
                    signature = Signature.getInstance("SHA1withRSA", CRYPTO_API_PROVIDER_NAME);
                } else if (implementationName2.equals("SHA256")) {
                    bArr2 = bArr;
                    signature = Signature.getInstance("SHA256withRSA", CRYPTO_API_PROVIDER_NAME);
                } else if (implementationName2.equals("SHA384")) {
                    bArr2 = bArr;
                    signature = Signature.getInstance("SHA384withRSA", CRYPTO_API_PROVIDER_NAME);
                } else if (implementationName2.equals("SHA512")) {
                    bArr2 = bArr;
                    signature = Signature.getInstance("SHA512withRSA", CRYPTO_API_PROVIDER_NAME);
                } else if (implementationName2.equals(SecurityProvider.ALG_DIGEST_MD5)) {
                    bArr2 = bArr;
                    signature = Signature.getInstance("MD5withRSA", CRYPTO_API_PROVIDER_NAME);
                } else {
                    if (!implementationName2.equals("MD2")) {
                        throw new NoSuchAlgorithmException("Unable to calculate RSA signature with signature algorithm: " + implementationName + ", digest algorithm: " + implementationName2 + "and key: " + privateKey.getClass());
                    }
                    bArr2 = bArr;
                    signature = Signature.getInstance("MD2withRSA", CRYPTO_API_PROVIDER_NAME);
                }
            } else {
                if (!implementationName.equals(IAIKPKCS11Key.DSA)) {
                    throw new NoSuchAlgorithmException("Unable to calculate signature with signature algorithm: " + implementationName + " and diggest algorithm: " + implementationName2 + "and key: " + privateKey.getClass());
                }
                if (implementationName2.equals(SecurityProvider.ALG_DIGEST_SHA)) {
                    signature = Signature.getInstance(SecurityProvider.ALG_SIGNATURE_SHADSA, CRYPTO_API_PROVIDER_NAME);
                    bArr2 = bArr;
                } else if (implementationName2.equals(SecurityProvider.ALG_DIGEST_MD5)) {
                    signature = Signature.getInstance("MD5withDSA", CRYPTO_API_PROVIDER_NAME);
                    bArr2 = bArr;
                } else {
                    if (!implementationName2.equals("MD2")) {
                        throw new NoSuchAlgorithmException("Unable to calculate DSA signature with signature algorithm: " + implementationName + ", digest algorithm: " + implementationName2 + "and key: " + privateKey.getClass());
                    }
                    signature = Signature.getInstance("MD2withDSA", CRYPTO_API_PROVIDER_NAME);
                    bArr2 = bArr;
                }
            }
            signature.initSign(privateKey);
            signature.update(bArr2);
            return signature.sign();
        } catch (NoSuchProviderException e) {
            throw new NoSuchAlgorithmException("The PKCS#11 provider has not been installed correctly", e);
        }
    }

    @Override // iaik.cms.IaikProvider, iaik.cms.SecurityProvider
    public SecretKey decryptKey(byte[] bArr, AlgorithmID algorithmID, PrivateKey privateKey, String str) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException, BadPaddingException {
        String implementationName = algorithmID.getImplementationName();
        if (privateKey instanceof IAIKPKCS11PrivateKey) {
            try {
                Cipher cipher = Cipher.getInstance(implementationName, ((IAIKPKCS11PrivateKey) privateKey).getTokenManager().getProvider().getName());
                cipher.init(2, privateKey, (AlgorithmParameterSpec) null, (SecureRandom) null);
                return new iaik.security.cipher.SecretKey(cipher.doFinal(bArr), str);
            } catch (InvalidAlgorithmParameterException e) {
                throw new NoSuchAlgorithmException("Error initializing the cipher: " + e);
            } catch (NoSuchProviderException e2) {
                throw new NoSuchAlgorithmException("The PKCS#11 provider has not been installed correctly: " + e2);
            } catch (IllegalBlockSizeException e3) {
                throw new NoSuchAlgorithmException("Error during cipher operation: " + e3);
            }
        }
        if (!isClassInstanceOf(privateKey.getClass(), "be.cardon.cryptoapi.provider.CryptoAPIPrivateKey")) {
            return super.decryptKey(bArr, algorithmID, privateKey, str);
        }
        try {
            Cipher cipher2 = Cipher.getInstance("RSA", CRYPTO_API_PROVIDER_NAME);
            cipher2.init(2, privateKey, (AlgorithmParameterSpec) null, (SecureRandom) null);
            return new iaik.security.cipher.SecretKey(cipher2.doFinal(bArr), str);
        } catch (InvalidAlgorithmParameterException e4) {
            throw new NoSuchAlgorithmException("Error initializing the cipher: " + e4);
        } catch (NoSuchProviderException e5) {
            throw new NoSuchAlgorithmException("The CryptoAPI provider has not been installed correctly: " + e5);
        } catch (IllegalBlockSizeException e6) {
            throw new NoSuchAlgorithmException("Error during cipher operation: " + e6);
        }
    }

    @Override // iaik.cms.SecurityProvider
    public String getProviderName() {
        return PROVIDER_NAME;
    }

    @Override // iaik.cms.SecurityProvider
    public Signature getSignature(AlgorithmID algorithmID, int i, Key key) throws NoSuchAlgorithmException, InvalidKeyException {
        return getSignature(algorithmID.getImplementationName(), i, key);
    }

    @Override // iaik.cms.SecurityProvider
    public Signature getSignature(String str, int i, Key key) throws InvalidKeyException, NoSuchAlgorithmException {
        if (key instanceof IAIKPKCS11Key) {
            try {
                Signature signature = Signature.getInstance(str, ((IAIKPKCS11Key) key).getTokenManager().getProvider().getName());
                if (i == 1) {
                    signature.initSign((PrivateKey) key);
                    return signature;
                }
                if (i != 2) {
                    return signature;
                }
                signature.initVerify((PublicKey) key);
                return signature;
            } catch (NoSuchProviderException e) {
                throw new NoSuchAlgorithmException("PKCS#11 Provider has not been installed correctly " + e.toString());
            }
        }
        if (key.getClass().getName().equals("sun.security.mscapi.RSAPrivateKey")) {
            try {
                Signature signature2 = str.equalsIgnoreCase("SHAwithRSA") ? Signature.getInstance("SHA1withRSA", "SunMSCAPI") : Signature.getInstance(str, "SunMSCAPI");
                if (i == 1) {
                    signature2.initSign((PrivateKey) key);
                    return signature2;
                }
                if (i != 2) {
                    return signature2;
                }
                signature2.initVerify((PublicKey) key);
                return signature2;
            } catch (NoSuchProviderException e2) {
                throw new NoSuchAlgorithmException(e2);
            }
        }
        if (!isClassInstanceOf(key.getClass(), "be.cardon.cryptoapi.provider.CryptoAPIPrivateKey")) {
            return super.getSignature(str, i, key);
        }
        try {
            Signature signature3 = str.equalsIgnoreCase("SHAwithRSA") ? Signature.getInstance("SHA1withRSA", CRYPTO_API_PROVIDER_NAME) : Signature.getInstance(str, CRYPTO_API_PROVIDER_NAME);
            if (i == 1) {
                signature3.initSign((PrivateKey) key);
                return signature3;
            }
            if (i != 2) {
                return signature3;
            }
            signature3.initVerify((PublicKey) key);
            return signature3;
        } catch (NoSuchProviderException e3) {
            throw new NoSuchAlgorithmException(e3);
        }
    }

    @Override // iaik.cms.IaikProvider, iaik.cms.SecurityProvider
    public boolean verifySignatureFromHash(AlgorithmID algorithmID, AlgorithmID algorithmID2, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        boolean z = false;
        try {
            z = super.verifySignatureFromHash(algorithmID, algorithmID2, publicKey, bArr, bArr2);
        } catch (InvalidSignatureValueException e) {
        }
        if (z) {
            return z;
        }
        String implementationName = algorithmID.getImplementationName();
        if (implementationName != "RSA" && !implementationName.endsWith("/RSA")) {
            return z;
        }
        AlgorithmID algorithmID3 = (AlgorithmID) algorithmID2.clone();
        algorithmID3.encodeAbsentParametersAsNull(algorithmID2.getParameter() == null);
        byte[] byteArray = new DigestInfo(algorithmID3, bArr).toByteArray();
        Signature signature = getSignature(IaikProvider.ALG_SIGNATURE_RAWRSA, 2, publicKey);
        signature.update(byteArray);
        try {
            return signature.verify(bArr2);
        } catch (SignatureException e2) {
            throw new InvalidSignatureValueException(e2.getMessage());
        }
    }
}
