package net.netca.pki.encoding.asn1.pki;

import net.netca.pki.Device;
import net.netca.pki.Freeable;
import net.netca.pki.PkiException;
import net.netca.pki.RSAPSSParam;
import net.netca.pki.Signature;
import net.netca.pki.encoding.asn1.ASN1Object;
import net.netca.pki.encoding.asn1.Sequence;

/* loaded from: classes3.dex */
public final class NetcaVerifier implements Verifible, Freeable, MultiStepVerifible {
    private Device device;
    private Signature signObj = null;

    public NetcaVerifier() throws PkiException {
        Device pseudoDevice = Device.getPseudoDevice();
        this.device = pseudoDevice;
        if (pseudoDevice == null) {
            throw new PkiException("get software device fail");
        }
    }

    public NetcaVerifier(Device device) throws PkiException {
        Device dup = device.dup();
        this.device = dup;
        if (dup == null) {
            throw new PkiException("device dup fail");
        }
    }

    public static int getMGF1AlgoFromHashAlgo(String str) {
        if (str.equals(AlgorithmIdentifier.SHA1_OID)) {
            return 1;
        }
        if (str.equals(AlgorithmIdentifier.SHA224_OID)) {
            return 2;
        }
        if (str.equals(AlgorithmIdentifier.SHA256_OID)) {
            return 3;
        }
        if (str.equals(AlgorithmIdentifier.SHA384_OID)) {
            return 4;
        }
        if (str.equals(AlgorithmIdentifier.SHA512_OID)) {
            return 5;
        }
        if (str.equals(AlgorithmIdentifier.SHA512_224_OID)) {
            return 6;
        }
        if (str.equals(AlgorithmIdentifier.SHA512_256_OID)) {
            return 7;
        }
        if (str.equals(AlgorithmIdentifier.SHA3_224_OID)) {
            return 8;
        }
        if (str.equals(AlgorithmIdentifier.SHA3_256_OID)) {
            return 9;
        }
        if (str.equals(AlgorithmIdentifier.SHA3_384_OID)) {
            return 10;
        }
        return str.equals(AlgorithmIdentifier.SHA3_512_OID) ? 11 : -1;
    }

    public static int getNetcaSignAlgorithm(String str) {
        if (str.equals(AlgorithmIdentifier.SHA1WithRSA_OID)) {
            return 2;
        }
        if (str.equals(AlgorithmIdentifier.SM3WithSM2_OID)) {
            return 25;
        }
        if (str.equals(AlgorithmIdentifier.MD5WithRSA_OID)) {
            return 1;
        }
        if (str.equals(AlgorithmIdentifier.SHA224WithRSA_OID)) {
            return 3;
        }
        if (str.equals(AlgorithmIdentifier.SHA256WithRSA_OID)) {
            return 4;
        }
        if (str.equals(AlgorithmIdentifier.SHA384WithRSA_OID)) {
            return 5;
        }
        if (str.equals(AlgorithmIdentifier.SHA512WithRSA_OID)) {
            return 6;
        }
        if (str.equals(AlgorithmIdentifier.SM3WithRSA_OID)) {
            return 31;
        }
        if (str.equals(AlgorithmIdentifier.SHA512_224WithRSA_OID)) {
            return 34;
        }
        if (str.equals(AlgorithmIdentifier.SHA512_256WithRSA_OID)) {
            return 35;
        }
        if (str.equals(AlgorithmIdentifier.RSASSA_PSS_OID)) {
            return 22;
        }
        if (str.equals(AlgorithmIdentifier.DSAWithSHA1_OID)) {
            return 13;
        }
        if (str.equals(AlgorithmIdentifier.DSAWithSHA224_OID)) {
            return 14;
        }
        if (str.equals(AlgorithmIdentifier.DSAWithSHA256_OID)) {
            return 15;
        }
        if (str.equals(AlgorithmIdentifier.ECDSAWithSHA1_OID)) {
            return 16;
        }
        if (str.equals(AlgorithmIdentifier.ECDSAWithSHA224_OID)) {
            return 17;
        }
        if (str.equals(AlgorithmIdentifier.ECDSAWithSHA256_OID) || str.equals(AlgorithmIdentifier.WAPI_ECDSA192WITHSHA256)) {
            return 18;
        }
        if (str.equals(AlgorithmIdentifier.ECDSAWithSHA384_OID)) {
            return 19;
        }
        if (str.equals(AlgorithmIdentifier.ECDSAWithSHA512_OID)) {
            return 20;
        }
        if (str.equals(AlgorithmIdentifier.SM2SIGN_OID)) {
            return 25;
        }
        if (str.equals(AlgorithmIdentifier.SHA3_224WithRSA_OID)) {
            return 36;
        }
        if (str.equals(AlgorithmIdentifier.SHA3_256WithRSA_OID)) {
            return 37;
        }
        if (str.equals(AlgorithmIdentifier.SHA3_384WithRSA_OID)) {
            return 38;
        }
        if (str.equals(AlgorithmIdentifier.SHA3_512WithRSA_OID)) {
            return 39;
        }
        if (str.equals(AlgorithmIdentifier.ECDSAWithSHA3_224_OID)) {
            return 40;
        }
        if (str.equals(AlgorithmIdentifier.ECDSAWithSHA3_256_OID)) {
            return 41;
        }
        if (str.equals(AlgorithmIdentifier.ECDSAWithSHA3_384_OID)) {
            return 42;
        }
        return str.equals(AlgorithmIdentifier.ECDSAWithSHA3_512_OID) ? 43 : -1;
    }

    public static RSAPSSParam toRSAPSSParam(AlgorithmIdentifier algorithmIdentifier) throws PkiException {
        if (!algorithmIdentifier.hasParam()) {
            throw new PkiException("pss no param");
        }
        ASN1Object param = algorithmIdentifier.getParam();
        if (!(param instanceof Sequence)) {
            throw new PkiException("bad pss param encode,not sequence");
        }
        RSASSAPSSParams rSASSAPSSParams = new RSASSAPSSParams((Sequence) param);
        int netcaHashAlgorithm = NetcaHasher.getNetcaHashAlgorithm(rSASSAPSSParams.getHashAlgorithm().getOid());
        if (netcaHashAlgorithm < 0) {
            throw new PkiException("unknown hash algo");
        }
        int mGF1AlgoFromHashAlgo = getMGF1AlgoFromHashAlgo(rSASSAPSSParams.getMgf1HashAlgorithm().getOid());
        if (mGF1AlgoFromHashAlgo < 0) {
            throw new PkiException("unknown mgf1 algo");
        }
        int saltLength = rSASSAPSSParams.getSaltLength();
        if (rSASSAPSSParams.getTrailerField() == 1) {
            return new RSAPSSParam(netcaHashAlgorithm, mGF1AlgoFromHashAlgo, saltLength);
        }
        throw new PkiException("bad trailerField");
    }

    @Override // net.netca.pki.Freeable
    public void free() {
        Signature signature = this.signObj;
        if (signature != null) {
            signature.free();
        }
        this.device.free();
    }

    @Override // net.netca.pki.encoding.asn1.pki.MultiStepVerifible
    public void init(PublicKey publicKey, AlgorithmIdentifier algorithmIdentifier) throws PkiException {
        Signature signature = this.signObj;
        Freeable freeable = null;
        if (signature != null) {
            signature.free();
            this.signObj = null;
        }
        String oid = algorithmIdentifier.getOid();
        int netcaSignAlgorithm = getNetcaSignAlgorithm(oid);
        if (netcaSignAlgorithm < 0) {
            throw new PkiException("unknown signature algorithm " + oid);
        }
        try {
            net.netca.pki.PublicKey importSubjectPublicKeyInfo = this.device.importSubjectPublicKeyInfo(publicKey.toSubjectPublicKeyInfo().getASN1Object().encode());
            if (importSubjectPublicKeyInfo == null) {
                throw new PkiException("importSubjectPublicKeyInfo fail");
            }
            this.signObj = netcaSignAlgorithm == 22 ? new Signature(toRSAPSSParam(algorithmIdentifier), importSubjectPublicKeyInfo) : new Signature(netcaSignAlgorithm, importSubjectPublicKeyInfo);
            if (importSubjectPublicKeyInfo != null) {
                importSubjectPublicKeyInfo.free();
            }
        } catch (Throwable th) {
            if (0 != 0) {
                freeable.free();
            }
            throw th;
        }
    }

    @Override // net.netca.pki.encoding.asn1.pki.MultiStepVerifible
    public void update(byte[] bArr, int i2, int i3) throws PkiException {
        Signature signature = this.signObj;
        if (signature == null) {
            throw new PkiException("init first");
        }
        signature.update(bArr, i2, i3);
    }

    @Override // net.netca.pki.encoding.asn1.pki.Verifible
    public boolean verify(PublicKey publicKey, AlgorithmIdentifier algorithmIdentifier, byte[] bArr, int i2, int i3, byte[] bArr2) throws PkiException {
        init(publicKey, algorithmIdentifier);
        update(bArr, i2, i3);
        return verify(bArr2);
    }

    @Override // net.netca.pki.encoding.asn1.pki.MultiStepVerifible
    public boolean verify(byte[] bArr) throws PkiException {
        Signature signature = this.signObj;
        if (signature == null) {
            throw new PkiException("init first");
        }
        boolean verify = signature.verify(bArr);
        this.signObj.free();
        this.signObj = null;
        return verify;
    }
}
