package com.amazon.corretto.crypto.provider;

import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.RSAKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.CipherSpi;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/AmazonCorrettoCryptoProvider-1.6.1.jar:com/amazon/corretto/crypto/provider/RsaCipher.class */
public class RsaCipher extends CipherSpi {
    private static final int HANDLE_USAGE_IGNORE = 1;
    private static final int HANDLE_USAGE_USE = 2;
    private static final int HANDLE_USAGE_CREATE = 3;
    private static final KeyFactory KEY_FACTORY;
    private final AmazonCorrettoCryptoProvider provider_;
    private final Padding padding_;
    private int mode_;
    private RSAKey key_;
    private int keySizeBytes_;
    private NativeRsaKey nativeKey_;
    private AccessibleByteArrayOutputStream buffer_;
    byte[] n;
    byte[] e;
    byte[] d;
    byte[] p;
    byte[] q;
    byte[] dmp1;
    byte[] dmq1;
    byte[] iqmp;
    private final Object lock_ = new Object();
    private boolean reUseKey_ = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/AmazonCorrettoCryptoProvider-1.6.1.jar:com/amazon/corretto/crypto/provider/RsaCipher$NativeRsaKey.class */
    public static class NativeRsaKey extends NativeResource {
        protected NativeRsaKey(long j) {
            super(j, j2 -> {
                RsaCipher.releaseNativeKey(j2);
            });
        }
    }

    /* loaded from: input_file:WEB-INF/lib/AmazonCorrettoCryptoProvider-1.6.1.jar:com/amazon/corretto/crypto/provider/RsaCipher$NoPadding.class */
    static class NoPadding extends RsaCipher {
        NoPadding(AmazonCorrettoCryptoProvider amazonCorrettoCryptoProvider) {
            super(amazonCorrettoCryptoProvider, Padding.NO_PADDING);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/AmazonCorrettoCryptoProvider-1.6.1.jar:com/amazon/corretto/crypto/provider/RsaCipher$OAEPSha1.class */
    static class OAEPSha1 extends RsaCipher {
        OAEPSha1(AmazonCorrettoCryptoProvider amazonCorrettoCryptoProvider) {
            super(amazonCorrettoCryptoProvider, Padding.OAEP_SHA1_MGF1);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/AmazonCorrettoCryptoProvider-1.6.1.jar:com/amazon/corretto/crypto/provider/RsaCipher$Padding.class */
    public enum Padding {
        PKCS1(1, "PKCS1Padding", 11),
        NO_PADDING(3, "NoPadding", 0),
        OAEP_SHA1_MGF1(4, "OAEPWithSHA-1AndMGF1Padding", 42);

        private final int nativeVal;
        private final String jceName;
        private final int paddingLength;

        Padding(int i, String str, int i2) {
            this.nativeVal = i;
            this.jceName = str;
            this.paddingLength = i2;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/AmazonCorrettoCryptoProvider-1.6.1.jar:com/amazon/corretto/crypto/provider/RsaCipher$Pkcs1.class */
    static class Pkcs1 extends RsaCipher {
        Pkcs1(AmazonCorrettoCryptoProvider amazonCorrettoCryptoProvider) {
            super(amazonCorrettoCryptoProvider, Padding.PKCS1);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static native void releaseNativeKey(long j);

    private static native int cipher(int i, byte[] bArr, int i2, int i3, byte[] bArr2, int i4, int i5, boolean z, long[] jArr, int i6, byte[] bArr3, byte[] bArr4, byte[] bArr5, byte[] bArr6, byte[] bArr7, byte[] bArr8, byte[] bArr9, byte[] bArr10);

    RsaCipher(AmazonCorrettoCryptoProvider amazonCorrettoCryptoProvider, Padding padding) {
        Loader.checkNativeLibraryAvailability();
        this.provider_ = amazonCorrettoCryptoProvider;
        this.padding_ = padding;
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineDoFinal(byte[] bArr, int i, int i2) throws IllegalBlockSizeException, BadPaddingException {
        synchronized (this.lock_) {
            assertInitialized();
            byte[] bArr2 = new byte[engineGetOutputSize(i2)];
            try {
                int engineDoFinal = engineDoFinal(bArr, i, i2, bArr2, 0);
                if (engineDoFinal == bArr2.length) {
                    return bArr2;
                }
                return Arrays.copyOf(bArr2, engineDoFinal);
            } catch (ShortBufferException e) {
                throw new AssertionError(e);
            }
        }
    }

    @Override // javax.crypto.CipherSpi
    protected int engineDoFinal(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException {
        int cipherAndCreateNativeKey;
        int i4;
        synchronized (this.lock_) {
            assertInitialized();
            try {
                parseKey();
                if (this.buffer_.size() != 0) {
                    if (bArr != null) {
                        this.buffer_.write(bArr, i, i2);
                    }
                    bArr = this.buffer_.getDataBuffer();
                    i = 0;
                    i2 = this.buffer_.size();
                } else if (bArr == null) {
                    bArr = Utils.EMPTY_ARRAY;
                    i = 0;
                    i2 = 0;
                }
                if (bArr2.length - i3 < engineGetOutputSize(i2)) {
                    throw new ShortBufferException();
                }
                if (this.mode_ == 1 || this.mode_ == 3) {
                    if (i2 > this.keySizeBytes_ - this.padding_.paddingLength) {
                        throw new IllegalBlockSizeException("Data must not be longer than " + (this.keySizeBytes_ - this.padding_.paddingLength) + " bytes");
                    }
                    if (this.padding_.equals(Padding.NO_PADDING) && i2 < this.keySizeBytes_) {
                        byte[] bArr3 = new byte[this.keySizeBytes_];
                        System.arraycopy(bArr, i, bArr3, this.keySizeBytes_ - i2, i2);
                        bArr = bArr3;
                        i = 0;
                        i2 = this.keySizeBytes_;
                    }
                } else if (i2 > this.keySizeBytes_) {
                    throw new IllegalBlockSizeException("Data must not be longer than " + this.keySizeBytes_ + " bytes");
                }
                if (this.nativeKey_ != null) {
                    cipherAndCreateNativeKey = cipherWithNativeKey(bArr, i, i2, bArr2, i3);
                } else if (this.reUseKey_) {
                    cipherAndCreateNativeKey = cipherAndCreateNativeKey(bArr, i, i2, bArr2, i3);
                } else {
                    cipherAndCreateNativeKey = cipherWithRawParams(bArr, i, i2, bArr2, i3);
                    this.reUseKey_ = true;
                }
                this.buffer_ = new AccessibleByteArrayOutputStream();
                i4 = cipherAndCreateNativeKey;
            } catch (InvalidKeyException e) {
                throw new IllegalStateException(e);
            }
        }
        return i4;
    }

    private int cipherWithNativeKey(byte[] bArr, int i, int i2, byte[] bArr2, int i3) {
        int intValue;
        synchronized (this.lock_) {
            if (this.nativeKey_ == null) {
                throw new IllegalStateException("cipherWithNativeKey must only be called with a non-null nativeKey_");
            }
            intValue = ((Integer) this.nativeKey_.use(j -> {
                return Integer.valueOf(cipher(this.mode_, bArr, i, i2, bArr2, i3, this.padding_.nativeVal, this.provider_.hasExtraCheck(ExtraCheck.PRIVATE_KEY_CONSISTENCY), new long[]{j}, 2, null, null, null, null, null, null, null, null));
            })).intValue();
        }
        return intValue;
    }

    private int cipherWithRawParams(byte[] bArr, int i, int i2, byte[] bArr2, int i3) {
        int cipher;
        synchronized (this.lock_) {
            cipher = cipher(this.mode_, bArr, i, i2, bArr2, i3, this.padding_.nativeVal, this.provider_.hasExtraCheck(ExtraCheck.PRIVATE_KEY_CONSISTENCY), null, 1, this.n, this.e, this.d, this.p, this.q, this.dmp1, this.dmq1, this.iqmp);
        }
        return cipher;
    }

    private int cipherAndCreateNativeKey(byte[] bArr, int i, int i2, byte[] bArr2, int i3) {
        int cipher;
        synchronized (this.lock_) {
            long[] jArr = new long[1];
            cipher = cipher(this.mode_, bArr, i, i2, bArr2, i3, this.padding_.nativeVal, this.provider_.hasExtraCheck(ExtraCheck.PRIVATE_KEY_CONSISTENCY), jArr, 3, this.n, this.e, this.d, this.p, this.q, this.dmp1, this.dmq1, this.iqmp);
            this.nativeKey_ = new NativeRsaKey(jArr[0]);
        }
        return cipher;
    }

    @Override // javax.crypto.CipherSpi
    protected int engineGetKeySize(Key key) throws InvalidKeyException {
        if (key instanceof RSAKey) {
            return ((RSAKey) key).getModulus().bitLength();
        }
        throw new InvalidKeyException();
    }

    @Override // javax.crypto.CipherSpi
    protected int engineGetBlockSize() {
        return 0;
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineGetIV() {
        return null;
    }

    @Override // javax.crypto.CipherSpi
    protected int engineGetOutputSize(int i) {
        int i2;
        synchronized (this.lock_) {
            assertInitialized();
            i2 = this.keySizeBytes_;
        }
        return i2;
    }

    @Override // javax.crypto.CipherSpi
    protected AlgorithmParameters engineGetParameters() {
        if (!this.padding_.equals(Padding.OAEP_SHA1_MGF1)) {
            return null;
        }
        try {
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("OAEP");
            algorithmParameters.init(new OAEPParameterSpec("SHA-1", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
            return algorithmParameters;
        } catch (GeneralSecurityException e) {
            throw new AssertionError(e);
        }
    }

    @Override // javax.crypto.CipherSpi
    protected void engineInit(int i, Key key, SecureRandom secureRandom) throws InvalidKeyException {
        synchronized (this.lock_) {
            if (!(key instanceof RSAKey)) {
                throw new InvalidKeyException();
            }
            this.mode_ = checkMode(i, key);
            if (this.key_ != key) {
                if (this.nativeKey_ != null) {
                    this.nativeKey_.release();
                    this.nativeKey_ = null;
                }
                this.reUseKey_ = false;
                this.key_ = (RSAKey) key;
                this.keySizeBytes_ = (this.key_.getModulus().bitLength() + 7) / 8;
                this.buffer_ = new AccessibleByteArrayOutputStream();
                parseKey();
            }
        }
    }

    private static int checkMode(int i, Key key) throws InvalidKeyException {
        if (key instanceof PrivateKey) {
            switch (i) {
                case 1:
                    return (-1) * i;
                case 2:
                case 4:
                    return i;
                case 3:
                default:
                    throw new InvalidKeyException("Private keys not supported for mode " + i);
            }
        }
        if (!(key instanceof PublicKey)) {
            throw new InvalidKeyException("Unsupported key type: " + key.getClass());
        }
        switch (i) {
            case 1:
            case 3:
                return i;
            case 2:
                return (-1) * i;
            default:
                throw new InvalidKeyException("Public keys not supported for mode " + i);
        }
    }

    private void parseKey() throws InvalidKeyException {
        synchronized (this.lock_) {
            if (this.nativeKey_ == null || this.nativeKey_.isReleased()) {
                this.n = null;
                this.e = null;
                this.d = null;
                this.p = null;
                this.q = null;
                this.dmp1 = null;
                this.dmq1 = null;
                this.iqmp = null;
                if (this.key_ instanceof PrivateKey) {
                    boolean z = false;
                    try {
                        RSAPrivateCrtKeySpec rSAPrivateCrtKeySpec = (RSAPrivateCrtKeySpec) KEY_FACTORY.getKeySpec((Key) this.key_, RSAPrivateCrtKeySpec.class);
                        this.n = rSAPrivateCrtKeySpec.getModulus().toByteArray();
                        this.e = rSAPrivateCrtKeySpec.getPublicExponent().toByteArray();
                        this.d = rSAPrivateCrtKeySpec.getPrivateExponent().toByteArray();
                        this.p = rSAPrivateCrtKeySpec.getPrimeP().toByteArray();
                        this.q = rSAPrivateCrtKeySpec.getPrimeQ().toByteArray();
                        this.dmp1 = rSAPrivateCrtKeySpec.getPrimeExponentP().toByteArray();
                        this.dmq1 = rSAPrivateCrtKeySpec.getPrimeExponentQ().toByteArray();
                        this.iqmp = rSAPrivateCrtKeySpec.getCrtCoefficient().toByteArray();
                        z = true;
                    } catch (InvalidKeySpecException e) {
                    }
                    if (!z) {
                        try {
                            RSAPrivateKeySpec rSAPrivateKeySpec = (RSAPrivateKeySpec) KEY_FACTORY.getKeySpec((Key) this.key_, RSAPrivateKeySpec.class);
                            this.n = rSAPrivateKeySpec.getModulus().toByteArray();
                            this.d = rSAPrivateKeySpec.getPrivateExponent().toByteArray();
                            z = true;
                        } catch (InvalidKeySpecException e2) {
                        }
                    }
                    if (!z) {
                        throw new InvalidKeyException("Unable to parse the key " + this.key_);
                    }
                } else {
                    if (!(this.key_ instanceof PublicKey)) {
                        throw new IllegalArgumentException("Unexpected key type: " + this.key_.getClass());
                    }
                    try {
                        RSAPublicKeySpec rSAPublicKeySpec = (RSAPublicKeySpec) KEY_FACTORY.getKeySpec((Key) this.key_, RSAPublicKeySpec.class);
                        this.n = rSAPublicKeySpec.getModulus().toByteArray();
                        this.e = rSAPublicKeySpec.getPublicExponent().toByteArray();
                    } catch (InvalidKeySpecException e3) {
                        throw new InvalidKeyException(e3);
                    }
                }
            }
        }
    }

    @Override // javax.crypto.CipherSpi
    protected void engineInit(int i, Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (algorithmParameterSpec != null) {
            if (!(algorithmParameterSpec instanceof OAEPParameterSpec) || !this.padding_.equals(Padding.OAEP_SHA1_MGF1)) {
                throw new InvalidAlgorithmParameterException();
            }
            OAEPParameterSpec oAEPParameterSpec = (OAEPParameterSpec) algorithmParameterSpec;
            if (!"SHA-1".equalsIgnoreCase(oAEPParameterSpec.getDigestAlgorithm()) || !"MGF1".equalsIgnoreCase(oAEPParameterSpec.getMGFAlgorithm()) || oAEPParameterSpec.getMGFParameters() == null || !(oAEPParameterSpec.getMGFParameters() instanceof MGF1ParameterSpec)) {
                throw new InvalidAlgorithmParameterException();
            }
            if (!MGF1ParameterSpec.SHA1.getDigestAlgorithm().equals(((MGF1ParameterSpec) oAEPParameterSpec.getMGFParameters()).getDigestAlgorithm())) {
                throw new InvalidAlgorithmParameterException();
            }
            PSource.PSpecified pSpecified = PSource.PSpecified.DEFAULT;
            PSource pSource = oAEPParameterSpec.getPSource();
            if (pSource == null || !pSpecified.getAlgorithm().equalsIgnoreCase(pSource.getAlgorithm())) {
                throw new InvalidAlgorithmParameterException();
            }
        }
        engineInit(i, key, secureRandom);
    }

    @Override // javax.crypto.CipherSpi
    protected void engineInit(int i, Key key, AlgorithmParameters algorithmParameters, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        try {
            engineInit(i, key, algorithmParameters.getParameterSpec(OAEPParameterSpec.class), secureRandom);
        } catch (InvalidParameterSpecException e) {
            throw new InvalidAlgorithmParameterException(e);
        }
    }

    @Override // javax.crypto.CipherSpi
    protected void engineSetMode(String str) throws NoSuchAlgorithmException {
        if (!"ECB".equalsIgnoreCase(str)) {
            throw new NoSuchAlgorithmException();
        }
    }

    @Override // javax.crypto.CipherSpi
    protected void engineSetPadding(String str) throws NoSuchPaddingException {
        if (!this.padding_.jceName.equalsIgnoreCase(str)) {
            throw new NoSuchPaddingException();
        }
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineUpdate(byte[] bArr, int i, int i2) {
        synchronized (this.lock_) {
            assertInitialized();
            this.buffer_.write(bArr, i, i2);
        }
        return Utils.EMPTY_ARRAY;
    }

    @Override // javax.crypto.CipherSpi
    protected int engineUpdate(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException {
        synchronized (this.lock_) {
            assertInitialized();
            this.buffer_.write(bArr, i, i2);
        }
        return 0;
    }

    @Override // javax.crypto.CipherSpi
    protected Key engineUnwrap(byte[] bArr, String str, int i) throws InvalidKeyException, NoSuchAlgorithmException {
        if (this.mode_ != 4 && this.mode_ != 2) {
            throw new IllegalStateException("Cipher must be in UNWRAP_MODE");
        }
        try {
            return Utils.buildUnwrappedKey(engineDoFinal(bArr, 0, bArr.length), str, i);
        } catch (InvalidKeySpecException | BadPaddingException | IllegalBlockSizeException e) {
            throw new InvalidKeyException("Unwrapping failed", e);
        }
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineWrap(Key key) throws IllegalBlockSizeException, InvalidKeyException {
        if (this.mode_ != 3 && this.mode_ != 1) {
            throw new IllegalStateException("Cipher must be in WRAP_MODE");
        }
        try {
            byte[] encodeForWrapping = Utils.encodeForWrapping(key);
            return engineDoFinal(encodeForWrapping, 0, encodeForWrapping.length);
        } catch (BadPaddingException e) {
            throw new InvalidKeyException("Wrapping failed", e);
        }
    }

    private void assertInitialized() {
        synchronized (this.lock_) {
            if (this.key_ == null) {
                throw new IllegalStateException();
            }
        }
    }

    static {
        Loader.load();
        try {
            KEY_FACTORY = KeyFactory.getInstance("RSA");
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        }
    }
}
