package org.jcp.xml.dsig.internal.dom;

import com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureBaseRSA;
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
import com.sun.org.apache.xml.internal.security.utils.Constants;
import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
import com.sun.org.slf4j.internal.Logger;
import com.sun.org.slf4j.internal.LoggerFactory;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dom.DOMCryptoContext;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignContext;
import javax.xml.crypto.dsig.XMLValidateContext;
import javax.xml.crypto.dsig.spec.RSAPSSParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import org.jcp.xml.dsig.internal.SignerOutputStream;
import org.jcp.xml.dsig.internal.dom.AbstractDOMSignatureMethod;
import org.w3c.dom.DOMException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:com/kohlschutter/jdk/home/modules/java.xml.crypto/org/jcp/xml/dsig/internal/dom/DOMRSAPSSSignatureMethod.class */
public abstract class DOMRSAPSSSignatureMethod extends AbstractDOMSignatureMethod {
    private static final String DOM_SIGNATURE_PROVIDER = "org.jcp.xml.dsig.internal.dom.SignatureProvider";
    private final SignatureMethodParameterSpec params;
    private Signature signature;
    static final String RSA_PSS = "http://www.w3.org/2007/05/xmldsig-more#rsa-pss";
    private PSSParameterSpec spec;
    private static final Logger LOG = LoggerFactory.getLogger(DOMRSAPSSSignatureMethod.class);
    private static final RSAPSSParameterSpec DEFAULT_PSS_SPEC = new RSAPSSParameterSpec(new PSSParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), 32, 1));

    /* loaded from: input_file:com/kohlschutter/jdk/home/modules/java.xml.crypto/org/jcp/xml/dsig/internal/dom/DOMRSAPSSSignatureMethod$RSAPSS.class */
    static final class RSAPSS extends DOMRSAPSSSignatureMethod {
        /* JADX INFO: Access modifiers changed from: package-private */
        public RSAPSS(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
            super(algorithmParameterSpec);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public RSAPSS(Element element) throws MarshalException {
            super(element);
        }

        @Override // javax.xml.crypto.AlgorithmMethod
        public String getAlgorithm() {
            return "http://www.w3.org/2007/05/xmldsig-more#rsa-pss";
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // org.jcp.xml.dsig.internal.dom.AbstractDOMSignatureMethod
        public String getJCAAlgorithm() {
            return "RSASSA-PSS";
        }

        @Override // org.jcp.xml.dsig.internal.dom.AbstractDOMSignatureMethod
        AbstractDOMSignatureMethod.Type getAlgorithmType() {
            return AbstractDOMSignatureMethod.Type.RSA;
        }
    }

    DOMRSAPSSSignatureMethod(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        if (algorithmParameterSpec != null && !(algorithmParameterSpec instanceof SignatureMethodParameterSpec)) {
            throw new InvalidAlgorithmParameterException("params must be of type SignatureMethodParameterSpec");
        }
        algorithmParameterSpec = algorithmParameterSpec == null ? DEFAULT_PSS_SPEC : algorithmParameterSpec;
        checkParams((SignatureMethodParameterSpec) algorithmParameterSpec);
        this.params = (SignatureMethodParameterSpec) algorithmParameterSpec;
    }

    DOMRSAPSSSignatureMethod(Element element) throws MarshalException {
        Element firstChildElement = DOMUtils.getFirstChildElement(element);
        if (firstChildElement != null) {
            this.params = unmarshalParams(firstChildElement);
        } else {
            this.params = DEFAULT_PSS_SPEC;
        }
        try {
            checkParams(this.params);
        } catch (InvalidAlgorithmParameterException e) {
            throw new MarshalException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.jcp.xml.dsig.internal.dom.AbstractDOMSignatureMethod
    public void checkParams(SignatureMethodParameterSpec signatureMethodParameterSpec) throws InvalidAlgorithmParameterException {
        if (!(signatureMethodParameterSpec instanceof RSAPSSParameterSpec)) {
            throw new InvalidAlgorithmParameterException("params must be of type RSAPSSParameterSpec");
        }
        this.spec = ((RSAPSSParameterSpec) signatureMethodParameterSpec).getPSSParameterSpec();
        LOG.debug("Setting RSAPSSParameterSpec to: {}", signatureMethodParameterSpec.toString());
    }

    @Override // javax.xml.crypto.dsig.SignatureMethod, javax.xml.crypto.AlgorithmMethod
    public final AlgorithmParameterSpec getParameterSpec() {
        return this.params;
    }

    @Override // org.jcp.xml.dsig.internal.dom.AbstractDOMSignatureMethod
    void marshalParams(Element element, String str) throws MarshalException {
        Element createElementNS = DOMUtils.getOwnerDocument(element).createElementNS(Constants.XML_DSIG_NS_MORE_07_05, "pss:RSAPSSParams");
        createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:pss", Constants.XML_DSIG_NS_MORE_07_05);
        try {
            SignatureBaseRSA.SignatureRSASSAPSS.DigestAlgorithm fromDigestAlgorithm = SignatureBaseRSA.SignatureRSASSAPSS.DigestAlgorithm.fromDigestAlgorithm(this.spec.getDigestAlgorithm());
            String xmlDigestAlgorithm = fromDigestAlgorithm.getXmlDigestAlgorithm();
            if (!xmlDigestAlgorithm.equals("http://www.w3.org/2001/04/xmlenc#sha256")) {
                Element createElement = DOMUtils.createElement(createElementNS.getOwnerDocument(), Constants._TAG_DIGESTMETHOD, "http://www.w3.org/2000/09/xmldsig#", str);
                createElement.setAttributeNS(null, "Algorithm", xmlDigestAlgorithm);
                createElementNS.appendChild(createElement);
            }
            if (this.spec.getSaltLength() != fromDigestAlgorithm.getSaltLength()) {
                Element createElementNS2 = createElementNS.getOwnerDocument().createElementNS(Constants.XML_DSIG_NS_MORE_07_05, "pss:SaltLength");
                createElementNS2.appendChild(createElementNS.getOwnerDocument().createTextNode(String.valueOf(this.spec.getSaltLength())));
                createElementNS.appendChild(createElementNS2);
            }
            if (!this.spec.getMGFAlgorithm().equals("MGF1")) {
                throw new MarshalException("Unsupported MGF algorithm supplied: " + this.spec.getMGFAlgorithm());
            }
            MGF1ParameterSpec mGF1ParameterSpec = (MGF1ParameterSpec) this.spec.getMGFParameters();
            try {
                SignatureBaseRSA.SignatureRSASSAPSS.DigestAlgorithm fromDigestAlgorithm2 = SignatureBaseRSA.SignatureRSASSAPSS.DigestAlgorithm.fromDigestAlgorithm(mGF1ParameterSpec.getDigestAlgorithm());
                if (fromDigestAlgorithm2 != fromDigestAlgorithm) {
                    Element createElementNS3 = createElementNS.getOwnerDocument().createElementNS(Constants.XML_DSIG_NS_MORE_07_05, "pss:MaskGenerationFunction");
                    try {
                        createElementNS3.setAttributeNS(null, "Algorithm", "http://www.w3.org/2007/05/xmldsig-more#MGF1");
                        Element createElement2 = DOMUtils.createElement(createElementNS.getOwnerDocument(), Constants._TAG_DIGESTMETHOD, "http://www.w3.org/2000/09/xmldsig#", str);
                        createElement2.setAttributeNS(null, "Algorithm", fromDigestAlgorithm2.getXmlDigestAlgorithm());
                        createElementNS3.appendChild(createElement2);
                        createElementNS.appendChild(createElementNS3);
                    } catch (DOMException e) {
                        throw new MarshalException("Should not happen");
                    }
                }
                if (this.spec.getTrailerField() != 1) {
                    Element createElementNS4 = createElementNS.getOwnerDocument().createElementNS(Constants.XML_DSIG_NS_MORE_07_05, "pss:TrailerField");
                    createElementNS4.appendChild(createElementNS.getOwnerDocument().createTextNode(String.valueOf(this.spec.getTrailerField())));
                    createElementNS.appendChild(createElementNS4);
                }
                if (createElementNS.hasChildNodes()) {
                    element.appendChild(createElementNS);
                }
            } catch (XMLSignatureException | DOMException e2) {
                throw new MarshalException("Invalid digest name supplied: " + mGF1ParameterSpec.getDigestAlgorithm());
            }
        } catch (XMLSignatureException | DOMException e3) {
            throw new MarshalException("Invalid digest name supplied: " + this.spec.getDigestAlgorithm());
        }
    }

    private static SignatureBaseRSA.SignatureRSASSAPSS.DigestAlgorithm validateDigestAlgorithm(String str) throws MarshalException {
        try {
            return SignatureBaseRSA.SignatureRSASSAPSS.DigestAlgorithm.fromXmlDigestAlgorithm(str);
        } catch (XMLSignatureException e) {
            throw new MarshalException("Invalid digest algorithm supplied: " + str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.jcp.xml.dsig.internal.dom.AbstractDOMSignatureMethod
    public SignatureMethodParameterSpec unmarshalParams(Element element) throws MarshalException {
        int parseUnsignedInt;
        if (element == null) {
            return DEFAULT_PSS_SPEC;
        }
        Element selectNode = XMLUtils.selectNode(element.getFirstChild(), Constants.XML_DSIG_NS_MORE_07_05, Constants._TAG_SALTLENGTH, 0);
        Element selectNode2 = XMLUtils.selectNode(element.getFirstChild(), Constants.XML_DSIG_NS_MORE_07_05, Constants._TAG_TRAILERFIELD, 0);
        Element selectDsNode = XMLUtils.selectDsNode(element.getFirstChild(), Constants._TAG_DIGESTMETHOD, 0);
        Element selectNode3 = XMLUtils.selectNode(element.getFirstChild(), Constants.XML_DSIG_NS_MORE_07_05, Constants._TAG_MGF, 0);
        SignatureBaseRSA.SignatureRSASSAPSS.DigestAlgorithm validateDigestAlgorithm = selectDsNode != null ? validateDigestAlgorithm(selectDsNode.getAttribute("Algorithm")) : SignatureBaseRSA.SignatureRSASSAPSS.DigestAlgorithm.SHA256;
        SignatureBaseRSA.SignatureRSASSAPSS.DigestAlgorithm digestAlgorithm = validateDigestAlgorithm;
        if (selectNode3 != null) {
            String attribute = selectNode3.getAttribute("Algorithm");
            if (!attribute.equals("http://www.w3.org/2007/05/xmldsig-more#MGF1")) {
                throw new MarshalException("Unknown MGF algorithm: " + attribute);
            }
            Element selectDsNode2 = XMLUtils.selectDsNode(selectNode3.getFirstChild(), Constants._TAG_DIGESTMETHOD, 0);
            if (selectDsNode2 != null) {
                digestAlgorithm = validateDigestAlgorithm(selectDsNode2.getAttribute("Algorithm"));
            }
        }
        try {
            int saltLength = selectNode == null ? validateDigestAlgorithm.getSaltLength() : Integer.parseUnsignedInt(selectNode.getTextContent());
            if (selectNode2 == null) {
                parseUnsignedInt = 1;
            } else {
                try {
                    parseUnsignedInt = Integer.parseUnsignedInt(selectNode2.getTextContent());
                } catch (NumberFormatException e) {
                    throw new MarshalException("Invalid trailer field supplied: " + selectNode2.getTextContent());
                }
            }
            return new RSAPSSParameterSpec(new PSSParameterSpec(validateDigestAlgorithm.getDigestAlgorithm(), "MGF1", new MGF1ParameterSpec(digestAlgorithm.getDigestAlgorithm()), saltLength, parseUnsignedInt));
        } catch (NumberFormatException e2) {
            throw new MarshalException("Invalid salt length supplied: " + selectNode.getTextContent());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.jcp.xml.dsig.internal.dom.AbstractDOMSignatureMethod
    public boolean verify(Key key, SignedInfo signedInfo, byte[] bArr, XMLValidateContext xMLValidateContext) throws InvalidKeyException, SignatureException, javax.xml.crypto.dsig.XMLSignatureException {
        if (key == null || signedInfo == null || bArr == null) {
            throw new NullPointerException();
        }
        if (!(key instanceof PublicKey)) {
            throw new InvalidKeyException("key must be PublicKey");
        }
        if (this.signature == null) {
            try {
                Provider provider = (Provider) xMLValidateContext.getProperty(DOM_SIGNATURE_PROVIDER);
                this.signature = provider == null ? Signature.getInstance(getJCAAlgorithm()) : Signature.getInstance(getJCAAlgorithm(), provider);
            } catch (NoSuchAlgorithmException e) {
                throw new javax.xml.crypto.dsig.XMLSignatureException(e);
            }
        }
        this.signature.initVerify((PublicKey) key);
        try {
            this.signature.setParameter(this.spec);
            LOG.debug("Signature provider: {}", this.signature.getProvider());
            LOG.debug("Verifying with key: {}", key);
            LOG.debug("JCA Algorithm: {}", getJCAAlgorithm());
            LOG.debug("Signature Bytes length: {}", Integer.valueOf(bArr.length));
            try {
                SignerOutputStream signerOutputStream = new SignerOutputStream(this.signature);
                try {
                    ((DOMSignedInfo) signedInfo).canonicalize(xMLValidateContext, signerOutputStream);
                    boolean verify = this.signature.verify(bArr);
                    signerOutputStream.close();
                    return verify;
                } finally {
                }
            } catch (IOException e2) {
                throw new javax.xml.crypto.dsig.XMLSignatureException(e2);
            }
        } catch (InvalidAlgorithmParameterException e3) {
            throw new javax.xml.crypto.dsig.XMLSignatureException(e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.jcp.xml.dsig.internal.dom.AbstractDOMSignatureMethod
    public byte[] sign(Key key, SignedInfo signedInfo, XMLSignContext xMLSignContext) throws InvalidKeyException, javax.xml.crypto.dsig.XMLSignatureException {
        if (key == null || signedInfo == null) {
            throw new NullPointerException();
        }
        if (!(key instanceof PrivateKey)) {
            throw new InvalidKeyException("key must be PrivateKey");
        }
        if (this.signature == null) {
            try {
                Provider provider = (Provider) xMLSignContext.getProperty(DOM_SIGNATURE_PROVIDER);
                this.signature = provider == null ? Signature.getInstance(getJCAAlgorithm()) : Signature.getInstance(getJCAAlgorithm(), provider);
            } catch (NoSuchAlgorithmException e) {
                throw new javax.xml.crypto.dsig.XMLSignatureException(e);
            }
        }
        this.signature.initSign((PrivateKey) key);
        try {
            this.signature.setParameter(this.spec);
            LOG.debug("Signature provider: {}", this.signature.getProvider());
            LOG.debug("Signing with key: {}", key);
            LOG.debug("JCA Algorithm: {}", getJCAAlgorithm());
            try {
                SignerOutputStream signerOutputStream = new SignerOutputStream(this.signature);
                try {
                    ((DOMSignedInfo) signedInfo).canonicalize(xMLSignContext, signerOutputStream);
                    byte[] sign = this.signature.sign();
                    signerOutputStream.close();
                    return sign;
                } finally {
                }
            } catch (IOException | SignatureException e2) {
                throw new javax.xml.crypto.dsig.XMLSignatureException(e2);
            }
        } catch (InvalidAlgorithmParameterException e3) {
            throw new javax.xml.crypto.dsig.XMLSignatureException(e3);
        }
    }

    @Override // org.jcp.xml.dsig.internal.dom.AbstractDOMSignatureMethod
    boolean paramsEqual(AlgorithmParameterSpec algorithmParameterSpec) {
        return getParameterSpec().equals(algorithmParameterSpec);
    }

    @Override // org.jcp.xml.dsig.internal.dom.AbstractDOMSignatureMethod
    public /* bridge */ /* synthetic */ int hashCode() {
        return super.hashCode();
    }

    @Override // org.jcp.xml.dsig.internal.dom.AbstractDOMSignatureMethod
    public /* bridge */ /* synthetic */ boolean equals(Object obj) {
        return super.equals(obj);
    }

    @Override // org.jcp.xml.dsig.internal.dom.AbstractDOMSignatureMethod, org.jcp.xml.dsig.internal.dom.DOMStructure
    public /* bridge */ /* synthetic */ void marshal(Node node, String str, DOMCryptoContext dOMCryptoContext) throws MarshalException {
        super.marshal(node, str, dOMCryptoContext);
    }
}
