package org.bouncycastle.crypto.fips;

import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.Provider;
import java.security.SecureRandom;
import org.bouncycastle.crypto.AsymmetricPrivateKey;
import org.bouncycastle.crypto.AsymmetricPublicKey;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.crypto.EncapsulatingSecretGenerator;
import org.bouncycastle.crypto.IllegalKeyException;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.InvalidSignatureException;
import org.bouncycastle.crypto.InvalidWrappingException;
import org.bouncycastle.crypto.Key;
import org.bouncycastle.crypto.KeyWrapperUsingSecureRandom;
import org.bouncycastle.crypto.PlainInputProcessingException;
import org.bouncycastle.crypto.SecretWithEncapsulation;
import org.bouncycastle.crypto.UpdateOutputStream;
import org.bouncycastle.crypto.asymmetric.AsymmetricKeyPair;
import org.bouncycastle.crypto.asymmetric.AsymmetricRSAKey;
import org.bouncycastle.crypto.asymmetric.AsymmetricRSAPrivateKey;
import org.bouncycastle.crypto.asymmetric.AsymmetricRSAPublicKey;
import org.bouncycastle.crypto.fips.FipsSHS;
import org.bouncycastle.crypto.general.FipsRegister;
import org.bouncycastle.crypto.internal.AsymmetricBlockCipher;
import org.bouncycastle.crypto.internal.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.internal.CipherParameters;
import org.bouncycastle.crypto.internal.CryptoException;
import org.bouncycastle.crypto.internal.DataLengthException;
import org.bouncycastle.crypto.internal.Permissions;
import org.bouncycastle.crypto.internal.PrimeCertaintyCalculator;
import org.bouncycastle.crypto.internal.Signer;
import org.bouncycastle.crypto.internal.encodings.OAEPEncoding;
import org.bouncycastle.crypto.internal.encodings.PKCS1Encoding;
import org.bouncycastle.crypto.internal.io.SignerOutputStream;
import org.bouncycastle.crypto.internal.params.ParametersWithRandom;
import org.bouncycastle.crypto.internal.params.RsaKeyGenerationParameters;
import org.bouncycastle.crypto.internal.params.RsaKeyParameters;
import org.bouncycastle.crypto.internal.params.RsaPrivateCrtKeyParameters;
import org.bouncycastle.crypto.internal.signers.BaseRsaDigestSigner;
import org.bouncycastle.crypto.internal.test.ConsistencyTest;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.BigIntegers;
import org.bouncycastle.util.Properties;
import org.bouncycastle.util.encoders.Hex;
import org.bouncycastle.util.test.FixedSecureRandom;
import org.bouncycastle.util.test.TestRandomData;

/* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA.class */
public final class FipsRSA {
    static final FipsEngineProvider<AsymmetricBlockCipher> ENGINE_PROVIDER;
    public static final FipsAlgorithm ALGORITHM = new FipsAlgorithm("RSA");
    private static final FipsAlgorithm ALGORITHM_PKCS1v1_5 = new FipsAlgorithm("RSA/PKCS1V1.5", Variations.PKCS1v1_5);
    private static final FipsAlgorithm ALGORITHM_PSS = new FipsAlgorithm("RSA/PSS", Variations.PSS);
    private static final FipsAlgorithm ALGORITHM_X931 = new FipsAlgorithm("RSA/X9.31", Variations.X931);
    private static final FipsAlgorithm ALGORITHM_OAEP = new FipsAlgorithm("RSA/OAEP", Variations.OAEP);
    private static final FipsAlgorithm ALGORITHM_SVE = new FipsAlgorithm("RSA/SVE", Variations.SVE);
    public static final PKCS1v15SignatureParameters PKCS1v1_5 = new PKCS1v15SignatureParameters();
    public static final PSSSignatureParameters PSS = new PSSSignatureParameters();
    public static final X931SignatureParameters X931 = new X931SignatureParameters();
    public static final PKCS1v15Parameters WRAP_PKCS1v1_5 = new PKCS1v15Parameters();
    public static final OAEPParameters WRAP_OAEP = new OAEPParameters();
    public static final SVEKTSParameters KTS_SVE = new SVEKTSParameters();
    public static final OAEPKTSParameters KTS_OAEP = new OAEPKTSParameters(WRAP_OAEP, 128);
    private static final BigInteger MIN_PUB_EXP = BigInteger.valueOf(65537);
    private static final BigInteger MAX_PUB_EXP = BigInteger.ONE.shiftLeft(256).subtract(BigInteger.ONE);
    private static BigInteger katE = new BigInteger("10001", 16);
    private static BigInteger katM = new BigInteger("83ca29fa6f3da1a20a7d64c741c502def9dff5630c94ca0c674a7602aea3436d432c94e3fe9f8cea4a7975ffa5228cba39acb6d1262c3453280bd8352b0dc7fb0a343f62b2c1405baf44c0f6b37edc94f63de8f772dc30e3b5003ff9a35befa02540e08b128718870fab40dcd91575b6592bb143cc3f29aa82fce7ee72952601c0c815396a9ad382c0a79e494727478606bf92d7b1c445b73368b4d7480500091de498b365719ec9c9b76f37cc97d13d7ce830248f4df2cdc73433a9b5d3fe29122bfdb113be45444b15652059eb51085dfe354d0c87256e6a51c6902ce56d3967dcf32f3bc9464ab437ac4030d00c1e53b4da74b9e70c47a5842f3b4d4dd6c7", 16);
    private static BigInteger katD = new BigInteger("22b248d6fc0e77cd5781a7d4a5c61e7961c3cab0e7110d18b2e0f1acc7198898ed8481367d44b82ebea8b79e3475a2232d28018192d1347d681fa62e6945598f0822b54560d66c0137659c7fd6c5e180fe4b5258434f2137f1e13cf696419016d377ff25de1cdf223fc7d06dd46147fa58039ec9c0ae286411d44fa3815b2f040895344a413ba141b4228a704a75883caaa3e9d2ace0d28c179acb571ca8ce0d1c3a0cf9cda8b0088b919a4833f5b46ce556faa923ea5b852a48f153ca6fc26730496d7f06691e08edac984870517d2ef689a94ad23c16d471c9a477d82fd225382a4d1ae1b934bf79f2adf3353c557888e056822809dfb561bbef946c1404d1", 16);
    private static BigInteger katP = new BigInteger("df26154977b823cbee3e1861b239197310bc3115ee46e7e70bf6dd826aa834fcdafb8d940b77e43e63c073b2efceaa24805c232a3011fd8b2ac323442d89f246a024c843586174d28475fbf7eca079fae8bbe5263cdef074be0a9a07a37bdad3e72b4b44a39a70415db4b0f7f65515f6806ef88b97f935b8d6d5918feff69edd", 16);
    private static BigInteger katQ = new BigInteger("9730fcb5f8e93cb4df58b80ab3e9b7f014a87b90953c26a29277771965bf2720e1808adf55aa5ac4702ba813eb2643d03a89dad3a3767beddd3fa98148057c8398a0106b086caef10603977e69ffe3e513531c7b456bb7079c57761a7eacde4218c08897ac17d4de7a5b19d192b5706694cbb162c9f95b0154232fc7bd0107f3", 16);
    private static BigInteger katDP = new BigInteger("dba3666c6bb40937de85ac05ed201a9691304ab82552114bef10cb3264bcaf7afa278350e680d95d375de40389da46c9aab605beae95e6932641efe259585fe97812fc329d393f7d3df7cb4c59d2127e0eb97270d29534e41371e7ee00d215af60e7d22bfb44359d81182adfc5cc35d3ecd24d3d491677f43930f9174dbfd6d9", 16);
    private static BigInteger katDQ = new BigInteger("82d8a47ca054ca7306b07366dfd9af94996c4eb40c53a8641e3a41dabb11b9bd5d2bb00424d170087dc36a8d027f7544eac48f9b85e66ecea7220782996016289598415d40473f07dcda92eb96b51cf80dc769e8cd65b15b66d4d2a38f69f05867af89072aaadd5145b73e1affcb02e1e4787ca630821b5e850086c36831523d", 16);
    private static BigInteger katQInv = new BigInteger("c6ae6a9ff4614a08e1e501e3dd7586c7cd2e70b9e2581185194b7984452325558f576b54b177df38f6d98e2ffce835608d1d3c81fab9f3696796bd5faacf9870b5ad12868eebccb2f55cc398d70ad6197eaeb4ead5cb0415913f18306bc0327f31db0f04910aea237a657634f1ac82b03bd5b2bc30b5f89077677bd3cab0d255", 16);
    private static byte[] msg = Hex.decode("48656c6c6f20776f726c6421");
    private static byte[] pkcs15Sig = Hex.decode("1669b752b409a66ca38ba7e34ae2d5da4303c091255989a4369885ecbb25db3ec05b06fdb4b1be46f6ab347bad9dbbbc9facf0beb4be70bd5f2ee2760c76f0a55932dd7fb4fe5c7b18226796f955215ec6354da9b3808a0df8c2a328abdd67d537f967ea5147bb85dcd80fdcee250b9bc7cec84a08afcde82afa4e62d80bbaf00bcdaf6bbac2b4a4bd394ee223ea3ee100fd233dd40514ea7a9717bfb52370eb4157e7bd25396e9dd3e3782ec2c64db71cf8380c05d3941481af3a08003737456a00cb265efc1d0987acae40776fa497681cb987a508419cbe1e4601a5e5aef66329288453003101a375ad3ec6e4b9a82f49a0748eb024fe1ce2de910d823938");
    private static final RsaKeyParameters testPubKey = new RsaKeyParameters(false, katM, katE);
    private static final RsaPrivateCrtKeyParameters testPrivKey = new RsaPrivateCrtKeyParameters(katM, katE, katD, katP, katQ, katDP, katDQ, katQInv);

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$DummyProvider.class */
    private static class DummyProvider extends Provider {
        DummyProvider() {
            super("FipsRSA_TEST_RNG", 1.0d, "BCFIPS FipsRSA Test Provider");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$EngineProvider.class */
    public static final class EngineProvider extends FipsEngineProvider<AsymmetricBlockCipher> {
        private static final BigInteger mod = new BigInteger("b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5", 16);
        private static final BigInteger pubExp = new BigInteger("11", 16);
        private static final BigInteger privExp = new BigInteger("92e08f83cc9920746989ca5034dcb384a094fb9c5a6288fcc4304424ab8f56388f72652d8fafc65a4b9020896f2cde297080f2a540e7b7ce5af0b3446e1258d1dd7f245cf54124b4c6e17da21b90a0ebd22605e6f45c9f136d7a13eaac1c0f7487de8bd6d924972408ebb58af71e76fd7b012a8d0e165f3ae2e5077a8648e619", 16);
        private static final BigInteger p = new BigInteger("f75e80839b9b9379f1cf1128f321639757dba514642c206bbbd99f9a4846208b3e93fbbe5e0527cc59b1d4b929d9555853004c7c8b30ee6a213c3d1bb7415d03", 16);
        private static final BigInteger q = new BigInteger("b892d9ebdbfc37e397256dd8a5d3123534d1f03726284743ddc6be3a709edb696fc40c7d902ed804c6eee730eee3d5b20bf6bd8d87a296813c87d3b3cc9d7947", 16);
        private static final BigInteger pExp = new BigInteger("1d1a2d3ca8e52068b3094d501c9a842fec37f54db16e9a67070a8b3f53cc03d4257ad252a1a640eadd603724d7bf3737914b544ae332eedf4f34436cac25ceb5", 16);
        private static final BigInteger qExp = new BigInteger("6c929e4e81672fef49d9c825163fec97c4b7ba7acb26c0824638ac22605d7201c94625770984f78a56e6e25904fe7db407099cad9b14588841b94f5ab498dded", 16);
        private static final BigInteger crtCoef = new BigInteger("dae7651ee69ad1d081ec5e7188ae126f6004ff39556bde90e0b870962fa7b926d070686d8244fe5a9aa709a95686a104614834b0ada4b10f53197a5cb4c97339", 16);
        private static final byte[] edgeInput = Hex.decode("ff6f77206973207468652074696d6520666f7220616c6c20676f6f64206d656e");
        private static final byte[] edgeOutput = Hex.decode("576a1f885e3420128c8a656097ba7d8bb4c6f1b1853348cf2ba976971dbdbefc3497a9fb17ba03d95f28fad91247d6f8ebc463fa8ada974f0f4e28961565a73a46a465369e0798ccbf7893cb9afaa7c426cc4fea6f429e67b6205b682a9831337f2548fd165c2dd7bf5b54be5894403d6e9f6283e65fb134cd4687bf86f95e7a");

        private EngineProvider() {
        }

        @Override // org.bouncycastle.crypto.internal.EngineProvider
        public AsymmetricBlockCipher createEngine() {
            return (AsymmetricBlockCipher) SelfTestExecutor.validate(FipsRSA.ALGORITHM, new RsaBlindedEngine(), new VariantKatTest<RsaBlindedEngine>() { // from class: org.bouncycastle.crypto.fips.FipsRSA.EngineProvider.1
                /* JADX INFO: Access modifiers changed from: package-private */
                @Override // org.bouncycastle.crypto.fips.VariantKatTest
                public void evaluate(RsaBlindedEngine rsaBlindedEngine) throws Exception {
                    RsaKeyParameters rsaKeyParameters = new RsaKeyParameters(false, EngineProvider.mod, EngineProvider.pubExp);
                    RsaPrivateCrtKeyParameters rsaPrivateCrtKeyParameters = new RsaPrivateCrtKeyParameters(EngineProvider.mod, EngineProvider.pubExp, EngineProvider.privExp, EngineProvider.p, EngineProvider.q, EngineProvider.pExp, EngineProvider.qExp, EngineProvider.crtCoef);
                    byte[] bArr = EngineProvider.edgeInput;
                    rsaBlindedEngine.init(true, new ParametersWithRandom(rsaKeyParameters, Utils.testRandom));
                    try {
                        bArr = rsaBlindedEngine.processBlock(bArr, 0, bArr.length);
                    } catch (Exception e) {
                        fail("Self test failed: exception " + e.toString());
                    }
                    if (!Arrays.areEqual(EngineProvider.edgeOutput, bArr)) {
                        fail("Self test failed: input does not match decrypted output");
                    }
                    rsaBlindedEngine.init(false, new ParametersWithRandom(rsaPrivateCrtKeyParameters, Utils.testRandom));
                    try {
                        bArr = rsaBlindedEngine.processBlock(bArr, 0, bArr.length);
                    } catch (Exception e2) {
                        fail("Self test failed: exception " + e2.toString());
                    }
                    if (Arrays.areEqual(EngineProvider.edgeInput, bArr)) {
                        return;
                    }
                    fail("Self test failed: input does not match decrypted output");
                }
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$ExtractorImpl.class */
    public static class ExtractorImpl extends FipsEncapsulatedSecretExtractor<KTSParameters> {
        private final AsymmetricRSAPrivateKey privKey;
        private final KTSParameters parameters;
        private final SecureRandom random;

        ExtractorImpl(AsymmetricRSAPrivateKey asymmetricRSAPrivateKey, KTSParameters kTSParameters, SecureRandom secureRandom) {
            if (!asymmetricRSAPrivateKey.canBeUsed(AsymmetricRSAKey.Usage.ENCRYPT_OR_DECRYPT)) {
                throw new IllegalKeyException("Attempt to encrypt/decrypt with RSA modulus already used for sign/verify.");
            }
            this.privKey = asymmetricRSAPrivateKey;
            this.parameters = kTSParameters;
            this.random = secureRandom;
        }

        @Override // org.bouncycastle.crypto.EncapsulatedSecretExtractor
        public KTSParameters getParameters() {
            return this.parameters;
        }

        @Override // org.bouncycastle.crypto.EncapsulatedSecretExtractor
        public SecretWithEncapsulation extractSecret(byte[] bArr, int i, int i2) throws InvalidCipherTextException {
            return doExtraction(FipsRSA.getPrivateKeyParameters(this.privKey), FipsRSA.ENGINE_PROVIDER.createEngine(), bArr, i, i2);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public SecretWithEncapsulation doExtraction(RsaKeyParameters rsaKeyParameters, AsymmetricBlockCipher asymmetricBlockCipher, byte[] bArr, int i, int i2) throws InvalidCipherTextException {
            AsymmetricBlockCipher oAEPEncoding;
            if (this.parameters.getAlgorithm() == FipsRSA.ALGORITHM_SVE) {
                oAEPEncoding = asymmetricBlockCipher;
            } else {
                OAEPParameters oAEPParameters = ((OAEPKTSParameters) this.parameters).oaepParameters;
                oAEPEncoding = new OAEPEncoding(asymmetricBlockCipher, FipsSHS.createDigest(oAEPParameters.digestAlgorithm), FipsSHS.createDigest(oAEPParameters.mgfDigestAlgorithm), oAEPParameters.encodingParams);
            }
            oAEPEncoding.init(false, new ParametersWithRandom(rsaKeyParameters, this.random));
            try {
                byte[] processBlock = oAEPEncoding.processBlock(bArr, i, i2);
                if (this.parameters.getAlgorithm() == FipsRSA.ALGORITHM_SVE) {
                    processBlock = correctedExtract((this.privKey.getModulus().bitLength() + 7) / 8, processBlock);
                }
                return new SecretWithEncapsulationImpl(processBlock, Arrays.copyOfRange(bArr, i, i + i2));
            } catch (org.bouncycastle.crypto.internal.InvalidCipherTextException e) {
                throw new InvalidCipherTextException("Unable to extract secret: " + e.getMessage(), e);
            }
        }

        private byte[] correctedExtract(int i, byte[] bArr) {
            if (bArr.length >= i) {
                return bArr;
            }
            byte[] bArr2 = new byte[i];
            System.arraycopy(bArr, 0, bArr2, bArr2.length - bArr.length, bArr.length);
            Arrays.fill(bArr, (byte) 0);
            return bArr2;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$GeneratorImpl.class */
    public static class GeneratorImpl extends FipsEncapsulatingSecretGenerator<KTSParameters> {
        private static final BigInteger TWO = BigInteger.valueOf(2);
        private final RsaKeyParameters pubKey;
        private final KTSParameters parameters;
        private final SecureRandom random;

        GeneratorImpl(AsymmetricRSAPublicKey asymmetricRSAPublicKey, KTSParameters kTSParameters, SecureRandom secureRandom) {
            if (!asymmetricRSAPublicKey.canBeUsed(AsymmetricRSAKey.Usage.ENCRYPT_OR_DECRYPT)) {
                throw new IllegalKeyException("Attempt to encrypt/decrypt with RSA modulus already used for sign/verify.");
            }
            this.pubKey = new RsaKeyParameters(false, asymmetricRSAPublicKey.getModulus(), asymmetricRSAPublicKey.getPublicExponent());
            this.parameters = kTSParameters;
            this.random = secureRandom;
        }

        GeneratorImpl(RsaKeyParameters rsaKeyParameters, KTSParameters kTSParameters, SecureRandom secureRandom) {
            this.pubKey = rsaKeyParameters;
            this.parameters = kTSParameters;
            this.random = secureRandom;
        }

        @Override // org.bouncycastle.crypto.OperatorUsingSecureRandom
        public EncapsulatingSecretGenerator<KTSParameters> withSecureRandom(SecureRandom secureRandom) {
            return new GeneratorImpl(this.pubKey, this.parameters, secureRandom);
        }

        @Override // org.bouncycastle.crypto.EncapsulatingSecretGenerator
        public KTSParameters getParameters() {
            return this.parameters;
        }

        @Override // org.bouncycastle.crypto.EncapsulatingSecretGenerator
        public SecretWithEncapsulation generate() throws PlainInputProcessingException {
            return doGeneration(FipsRSA.ENGINE_PROVIDER.createEngine());
        }

        SecretWithEncapsulation doGeneration(AsymmetricBlockCipher asymmetricBlockCipher) throws PlainInputProcessingException {
            AsymmetricBlockCipher oAEPEncoding;
            byte[] bArr;
            if (this.parameters.getAlgorithm() == FipsRSA.ALGORITHM_SVE) {
                oAEPEncoding = asymmetricBlockCipher;
                bArr = BigIntegers.asUnsignedByteArray((this.pubKey.getModulus().bitLength() + 7) / 8, BigIntegers.createRandomInRange(TWO, this.pubKey.getModulus().subtract(TWO), this.random));
                oAEPEncoding.init(true, new ParametersWithRandom(this.pubKey, this.random));
            } else {
                OAEPKTSParameters oAEPKTSParameters = (OAEPKTSParameters) this.parameters;
                OAEPParameters oAEPParameters = oAEPKTSParameters.oaepParameters;
                oAEPEncoding = new OAEPEncoding(asymmetricBlockCipher, FipsSHS.createDigest(oAEPParameters.digestAlgorithm), FipsSHS.createDigest(oAEPParameters.mgfDigestAlgorithm), oAEPParameters.encodingParams);
                oAEPEncoding.init(true, new ParametersWithRandom(this.pubKey, this.random));
                int keySizeInBits = ((oAEPKTSParameters.getKeySizeInBits() + 7) / 8) + ((oAEPKTSParameters.getMacKeySizeInBits() + 7) / 8);
                if (keySizeInBits > oAEPEncoding.getInputBlockSize()) {
                    throw new IllegalArgumentException("Key material size too large for cipher");
                }
                bArr = new byte[keySizeInBits];
                this.random.nextBytes(bArr);
            }
            try {
                return new SecretWithEncapsulationImpl(bArr, oAEPEncoding.processBlock(bArr, 0, bArr.length));
            } catch (Exception e) {
                throw new PlainInputProcessingException("Unable to wrap secret: " + e.getMessage(), e);
            }
        }
    }

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$KTSOperatorFactory.class */
    public static class KTSOperatorFactory extends FipsKTSOperatorFactory<KTSParameters> {
        private final SecureRandom random;

        public KTSOperatorFactory(SecureRandom secureRandom) {
            if (CryptoServicesRegistrar.isInApprovedOnlyMode()) {
                Utils.validateRandom(secureRandom, "Attempt to create KTSOperatorFactory with unapproved RNG");
            }
            this.random = secureRandom;
        }

        @Override // org.bouncycastle.crypto.fips.FipsKTSOperatorFactory, org.bouncycastle.crypto.KTSOperatorFactory
        public FipsEncapsulatingSecretGenerator<KTSParameters> createGenerator(Key key, KTSParameters kTSParameters) {
            if (CryptoServicesRegistrar.isInApprovedOnlyMode()) {
                Utils.validateRandom(this.random, kTSParameters.getAlgorithm(), "Attempt to create generator with unapproved RNG");
            }
            return new GeneratorImpl((AsymmetricRSAPublicKey) key, kTSParameters, this.random);
        }

        @Override // org.bouncycastle.crypto.fips.FipsKTSOperatorFactory, org.bouncycastle.crypto.KTSOperatorFactory
        public FipsEncapsulatedSecretExtractor<KTSParameters> createExtractor(Key key, KTSParameters kTSParameters) {
            if (CryptoServicesRegistrar.isInApprovedOnlyMode()) {
                Utils.validateRandom(this.random, kTSParameters.getAlgorithm(), "Attempt to create extractor with unapproved RNG");
            }
            return new ExtractorImpl((AsymmetricRSAPrivateKey) key, kTSParameters, this.random);
        }
    }

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$KTSParameters.class */
    public static class KTSParameters extends FipsParameters {
        KTSParameters(FipsAlgorithm fipsAlgorithm) {
            super(fipsAlgorithm);
        }
    }

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$KeyGenParameters.class */
    public static final class KeyGenParameters extends FipsParameters {
        private BigInteger publicExponent;
        private int keySize;
        private int certainty;

        public KeyGenParameters(BigInteger bigInteger, int i) {
            this(FipsRSA.ALGORITHM, bigInteger, i, PrimeCertaintyCalculator.getDefaultCertainty(i));
        }

        public KeyGenParameters(BigInteger bigInteger, int i, int i2) {
            this(FipsRSA.ALGORITHM, bigInteger, i, i2);
        }

        public KeyGenParameters(SignatureParameters signatureParameters, BigInteger bigInteger, int i) {
            this(signatureParameters.getAlgorithm(), bigInteger, i, PrimeCertaintyCalculator.getDefaultCertainty(i));
        }

        public KeyGenParameters(WrapParameters wrapParameters, BigInteger bigInteger, int i) {
            this(wrapParameters.getAlgorithm(), bigInteger, i, PrimeCertaintyCalculator.getDefaultCertainty(i));
        }

        public KeyGenParameters(KTSParameters kTSParameters, BigInteger bigInteger, int i) {
            this(kTSParameters.getAlgorithm(), bigInteger, i, PrimeCertaintyCalculator.getDefaultCertainty(i));
        }

        private KeyGenParameters(FipsAlgorithm fipsAlgorithm, BigInteger bigInteger, int i, int i2) {
            super(fipsAlgorithm);
            this.publicExponent = bigInteger;
            this.keySize = i;
            this.certainty = i2;
            validate();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void validate() {
            if (!CryptoServicesRegistrar.isInApprovedOnlyMode()) {
                if (!this.publicExponent.testBit(0)) {
                    throw new IllegalArgumentException("Public exponent must be an odd number: " + getAlgorithm().getName());
                }
            } else {
                if (this.keySize < 2048) {
                    throw new FipsUnapprovedOperationError("Attempt to use RSA key size outside of accepted range - requested keySize " + this.keySize + " bits", getAlgorithm());
                }
                if (this.publicExponent.compareTo(FipsRSA.MIN_PUB_EXP) < 0) {
                    throw new FipsUnapprovedOperationError("Public exponent too small", getAlgorithm());
                }
                if (this.publicExponent.compareTo(FipsRSA.MAX_PUB_EXP) > 0) {
                    throw new FipsUnapprovedOperationError("Public exponent too large", getAlgorithm());
                }
                if (!this.publicExponent.testBit(0)) {
                    throw new FipsUnapprovedOperationError("Public exponent must be an odd number", getAlgorithm());
                }
                if (this.certainty < PrimeCertaintyCalculator.getDefaultCertainty(this.keySize)) {
                    throw new FipsUnapprovedOperationError("Prime generation certainty " + this.certainty + " inadequate for key of  " + this.keySize + " bits", getAlgorithm());
                }
            }
        }

        public BigInteger getPublicExponent() {
            return this.publicExponent;
        }

        public int getKeySize() {
            return this.keySize;
        }

        public int getCertainty() {
            return this.certainty;
        }
    }

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$KeyPairGenerator.class */
    public static final class KeyPairGenerator extends FipsAsymmetricKeyPairGenerator<KeyGenParameters, AsymmetricRSAPublicKey, AsymmetricRSAPrivateKey> {
        private final RsaKeyPairGenerator engine;
        private final RsaKeyGenerationParameters param;

        public KeyPairGenerator(KeyGenParameters keyGenParameters, SecureRandom secureRandom) {
            super(keyGenParameters);
            this.engine = new RsaKeyPairGenerator();
            int keySize = keyGenParameters.getKeySize();
            keyGenParameters.validate();
            if (CryptoServicesRegistrar.isInApprovedOnlyMode()) {
                Utils.validateKeyPairGenRandom(secureRandom, Utils.getAsymmetricSecurityStrength(keySize), FipsRSA.ALGORITHM);
            }
            this.param = new RsaKeyGenerationParameters(keyGenParameters.getPublicExponent(), secureRandom, keySize, keyGenParameters.getCertainty());
            this.engine.init(this.param);
        }

        @Override // org.bouncycastle.crypto.fips.FipsAsymmetricKeyPairGenerator, org.bouncycastle.crypto.AsymmetricKeyPairGenerator
        public AsymmetricKeyPair<AsymmetricRSAPublicKey, AsymmetricRSAPrivateKey> generateKeyPair() {
            AsymmetricCipherKeyPair generateKeyPair = this.engine.generateKeyPair();
            RsaKeyParameters rsaKeyParameters = (RsaKeyParameters) generateKeyPair.getPublic();
            RsaPrivateCrtKeyParameters rsaPrivateCrtKeyParameters = (RsaPrivateCrtKeyParameters) generateKeyPair.getPrivate();
            FipsAlgorithm algorithm = getParameters().getAlgorithm();
            FipsRSA.validateKeyPair(generateKeyPair);
            return new AsymmetricKeyPair<>(new AsymmetricRSAPublicKey(algorithm, rsaKeyParameters.getModulus(), rsaKeyParameters.getExponent()), new AsymmetricRSAPrivateKey(algorithm, rsaPrivateCrtKeyParameters.getModulus(), rsaPrivateCrtKeyParameters.getPublicExponent(), rsaPrivateCrtKeyParameters.getExponent(), rsaPrivateCrtKeyParameters.getP(), rsaPrivateCrtKeyParameters.getQ(), rsaPrivateCrtKeyParameters.getDP(), rsaPrivateCrtKeyParameters.getDQ(), rsaPrivateCrtKeyParameters.getQInv()));
        }
    }

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$KeyWrapOperatorFactory.class */
    public static final class KeyWrapOperatorFactory extends FipsKeyWrapOperatorFactory<WrapParameters, AsymmetricRSAKey> {

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$KeyWrapOperatorFactory$KeyUnwrapper.class */
        public class KeyUnwrapper extends FipsKeyUnwrapperUsingSecureRandom<WrapParameters> {
            private final AsymmetricBlockCipher keyWrapper;
            private final AsymmetricRSAKey key;
            private final WrapParameters parameters;

            public KeyUnwrapper(AsymmetricRSAKey asymmetricRSAKey, WrapParameters wrapParameters, SecureRandom secureRandom) {
                if (!asymmetricRSAKey.canBeUsed(AsymmetricRSAKey.Usage.ENCRYPT_OR_DECRYPT)) {
                    throw new IllegalKeyException("Attempt to encrypt/decrypt with RSA modulus already used for sign/verify.");
                }
                this.key = asymmetricRSAKey;
                this.parameters = wrapParameters;
                if (secureRandom != null) {
                    this.keyWrapper = FipsRSA.createCipher(false, asymmetricRSAKey, wrapParameters, secureRandom);
                } else {
                    this.keyWrapper = null;
                }
            }

            @Override // org.bouncycastle.crypto.KeyUnwrapper
            public WrapParameters getParameters() {
                return this.parameters;
            }

            @Override // org.bouncycastle.crypto.fips.FipsKeyUnwrapper, org.bouncycastle.crypto.KeyUnwrapper
            public byte[] unwrap(byte[] bArr, int i, int i2) throws InvalidWrappingException {
                if (this.keyWrapper == null) {
                    throw new IllegalStateException("KeyUnwrapper requires a SecureRandom");
                }
                try {
                    return this.keyWrapper.processBlock(bArr, i, i2);
                } catch (Exception e) {
                    throw new InvalidWrappingException("Unable to unwrap key: " + e.getMessage(), e);
                }
            }

            @Override // org.bouncycastle.crypto.OperatorUsingSecureRandom
            public FipsKeyUnwrapperUsingSecureRandom<WrapParameters> withSecureRandom(SecureRandom secureRandom) {
                return new KeyUnwrapper(this.key, this.parameters, secureRandom);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$KeyWrapOperatorFactory$KeyWrapper.class */
        public class KeyWrapper extends FipsKeyWrapperUsingSecureRandom<WrapParameters> {
            private final AsymmetricBlockCipher keyWrapper;
            private final AsymmetricRSAKey key;
            private final WrapParameters parameters;

            public KeyWrapper(AsymmetricRSAKey asymmetricRSAKey, WrapParameters wrapParameters, SecureRandom secureRandom) {
                if (!asymmetricRSAKey.canBeUsed(AsymmetricRSAKey.Usage.ENCRYPT_OR_DECRYPT)) {
                    throw new IllegalKeyException("Attempt to encrypt/decrypt with RSA modulus already used for sign/verify.");
                }
                this.key = asymmetricRSAKey;
                this.parameters = wrapParameters;
                if (secureRandom == null) {
                    this.keyWrapper = null;
                } else {
                    if (CryptoServicesRegistrar.isInApprovedOnlyMode() && wrapParameters.getAlgorithm().equals(FipsRSA.ALGORITHM_PKCS1v1_5) && !Properties.isOverrideSet("org.bouncycastle.rsa.allow_pkcs15_enc")) {
                        throw new FipsUnapprovedOperationError("RSA PKCS1.5 encryption disallowed");
                    }
                    this.keyWrapper = FipsRSA.createCipher(true, asymmetricRSAKey, wrapParameters, secureRandom);
                }
            }

            @Override // org.bouncycastle.crypto.KeyWrapper
            public WrapParameters getParameters() {
                return this.parameters;
            }

            @Override // org.bouncycastle.crypto.KeyWrapper
            public byte[] wrap(byte[] bArr, int i, int i2) throws PlainInputProcessingException {
                if (this.keyWrapper == null) {
                    throw new IllegalStateException("KeyWrapper requires a SecureRandom");
                }
                try {
                    return this.keyWrapper.processBlock(bArr, i, i2);
                } catch (Exception e) {
                    throw new PlainInputProcessingException("Unable to wrap key: " + e.getMessage(), e);
                }
            }

            @Override // org.bouncycastle.crypto.OperatorUsingSecureRandom
            public KeyWrapperUsingSecureRandom<WrapParameters> withSecureRandom(SecureRandom secureRandom) {
                return new KeyWrapper(this.key, this.parameters, secureRandom);
            }
        }

        @Override // org.bouncycastle.crypto.fips.FipsKeyWrapOperatorFactory, org.bouncycastle.crypto.KeyWrapOperatorFactory
        public FipsKeyWrapperUsingSecureRandom<WrapParameters> createKeyWrapper(AsymmetricRSAKey asymmetricRSAKey, WrapParameters wrapParameters) {
            return new KeyWrapper(asymmetricRSAKey, wrapParameters, null);
        }

        @Override // org.bouncycastle.crypto.fips.FipsKeyWrapOperatorFactory, org.bouncycastle.crypto.KeyWrapOperatorFactory
        public FipsKeyUnwrapperUsingSecureRandom<WrapParameters> createKeyUnwrapper(AsymmetricRSAKey asymmetricRSAKey, WrapParameters wrapParameters) {
            return new KeyUnwrapper(asymmetricRSAKey, wrapParameters, null);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$NullSigner.class */
    public static class NullSigner implements Signer {
        AsymmetricBlockCipher engine;
        ByteArrayOutputStream bOut;

        private NullSigner() {
            this.engine = new PKCS1Encoding(FipsRSA.ENGINE_PROVIDER.createEngine());
            this.bOut = new ByteArrayOutputStream();
        }

        @Override // org.bouncycastle.crypto.internal.Signer
        public void init(boolean z, CipherParameters cipherParameters) {
            this.engine.init(z, cipherParameters);
        }

        @Override // org.bouncycastle.crypto.internal.Signer
        public void update(byte b) {
            this.bOut.write(b);
        }

        @Override // org.bouncycastle.crypto.internal.Signer
        public void update(byte[] bArr, int i, int i2) {
            this.bOut.write(bArr, i, i2);
        }

        @Override // org.bouncycastle.crypto.internal.Signer
        public byte[] generateSignature() throws CryptoException, DataLengthException {
            byte[] byteArray = this.bOut.toByteArray();
            this.bOut.reset();
            return this.engine.processBlock(byteArray, 0, byteArray.length);
        }

        @Override // org.bouncycastle.crypto.internal.Signer
        public boolean verifySignature(byte[] bArr) throws InvalidSignatureException {
            byte[] byteArray = this.bOut.toByteArray();
            this.bOut.reset();
            try {
                return BaseRsaDigestSigner.checkPKCS1Sig(byteArray, this.engine.processBlock(bArr, 0, bArr.length));
            } catch (org.bouncycastle.crypto.internal.InvalidCipherTextException e) {
                throw new InvalidSignatureException("Unable to process signature: " + e.getMessage(), e);
            }
        }

        @Override // org.bouncycastle.crypto.internal.Signer
        public void reset() {
            this.bOut = new ByteArrayOutputStream();
        }
    }

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$OAEPKTSParameters.class */
    public static final class OAEPKTSParameters extends KTSParameters {
        private final OAEPParameters oaepParameters;
        private final int keySizeInBits;
        private final int macKeySizeInBits;

        OAEPKTSParameters(OAEPParameters oAEPParameters, int i) {
            this(oAEPParameters, i, 0);
        }

        private OAEPKTSParameters(OAEPParameters oAEPParameters, int i, int i2) {
            super(FipsRSA.ALGORITHM_OAEP);
            this.oaepParameters = oAEPParameters;
            this.keySizeInBits = i;
            this.macKeySizeInBits = i2;
        }

        public OAEPKTSParameters withOAEPParameters(OAEPParameters oAEPParameters) {
            return new OAEPKTSParameters(oAEPParameters, this.keySizeInBits, this.macKeySizeInBits);
        }

        public OAEPKTSParameters withKeySizeInBits(int i) {
            return new OAEPKTSParameters(this.oaepParameters, i, this.macKeySizeInBits);
        }

        public OAEPKTSParameters withMacKeySizeInBits(int i) {
            return new OAEPKTSParameters(this.oaepParameters, this.keySizeInBits, i);
        }

        public OAEPParameters getOAEPParameters() {
            return this.oaepParameters;
        }

        public int getKeySizeInBits() {
            return this.keySizeInBits;
        }

        public int getMacKeySizeInBits() {
            return this.macKeySizeInBits;
        }
    }

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$OAEPParameters.class */
    public static final class OAEPParameters extends WrapParameters {
        private final FipsDigestAlgorithm digestAlgorithm;
        private final FipsDigestAlgorithm mgfDigestAlgorithm;
        private final byte[] encodingParams;

        OAEPParameters() {
            this(FipsSHS.Algorithm.SHA1, FipsSHS.Algorithm.SHA1, null);
        }

        private OAEPParameters(FipsDigestAlgorithm fipsDigestAlgorithm, FipsDigestAlgorithm fipsDigestAlgorithm2, byte[] bArr) {
            super(FipsRSA.ALGORITHM_OAEP);
            this.digestAlgorithm = fipsDigestAlgorithm;
            this.mgfDigestAlgorithm = fipsDigestAlgorithm2;
            this.encodingParams = Arrays.clone(bArr);
        }

        public OAEPParameters withDigest(FipsDigestAlgorithm fipsDigestAlgorithm) {
            return new OAEPParameters(fipsDigestAlgorithm, fipsDigestAlgorithm, this.encodingParams);
        }

        public OAEPParameters withMGFDigest(FipsDigestAlgorithm fipsDigestAlgorithm) {
            return new OAEPParameters(this.digestAlgorithm, fipsDigestAlgorithm, this.encodingParams);
        }

        public OAEPParameters withEncodingParams(byte[] bArr) {
            return new OAEPParameters(this.digestAlgorithm, this.mgfDigestAlgorithm, Arrays.clone(bArr));
        }

        public FipsDigestAlgorithm getDigest() {
            return this.digestAlgorithm;
        }

        public FipsDigestAlgorithm getMGFDigest() {
            return this.mgfDigestAlgorithm;
        }

        public byte[] getEncodingParams() {
            return Arrays.clone(this.encodingParams);
        }
    }

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$PKCS1v15Parameters.class */
    public static final class PKCS1v15Parameters extends WrapParameters {
        PKCS1v15Parameters() {
            super(FipsRSA.ALGORITHM_PKCS1v1_5);
        }
    }

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$PKCS1v15SignatureParameters.class */
    public static final class PKCS1v15SignatureParameters extends SignatureParameters {
        PKCS1v15SignatureParameters() {
            super(FipsRSA.ALGORITHM_PKCS1v1_5, FipsSHS.Algorithm.SHA1);
        }

        private PKCS1v15SignatureParameters(FipsDigestAlgorithm fipsDigestAlgorithm) {
            super(FipsRSA.ALGORITHM_PKCS1v1_5, fipsDigestAlgorithm);
        }

        public PKCS1v15SignatureParameters withDigestAlgorithm(FipsDigestAlgorithm fipsDigestAlgorithm) {
            return new PKCS1v15SignatureParameters(fipsDigestAlgorithm);
        }
    }

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$PSSSignatureParameters.class */
    public static final class PSSSignatureParameters extends SignatureParameters {
        private final int saltLength;
        private final FipsDigestAlgorithm mgfDigest;
        private final int trailer;
        private final byte[] salt;

        PSSSignatureParameters() {
            this(FipsSHS.Algorithm.SHA1, FipsSHS.Algorithm.SHA1, 20, null, -68);
        }

        private PSSSignatureParameters(FipsDigestAlgorithm fipsDigestAlgorithm, FipsDigestAlgorithm fipsDigestAlgorithm2, int i, byte[] bArr, int i2) {
            super(FipsRSA.ALGORITHM_PSS, fipsDigestAlgorithm);
            this.mgfDigest = fipsDigestAlgorithm2;
            this.saltLength = i;
            this.salt = bArr;
            this.trailer = i2;
        }

        public PSSSignatureParameters withDigestAlgorithm(FipsDigestAlgorithm fipsDigestAlgorithm) {
            return new PSSSignatureParameters(fipsDigestAlgorithm, fipsDigestAlgorithm, FipsSHS.createDigest(fipsDigestAlgorithm).getDigestSize(), null, this.trailer);
        }

        public PSSSignatureParameters withMGFDigest(FipsDigestAlgorithm fipsDigestAlgorithm) {
            return new PSSSignatureParameters(getDigestAlgorithm(), fipsDigestAlgorithm, this.saltLength, this.salt, this.trailer);
        }

        public PSSSignatureParameters withSaltLength(int i) {
            return new PSSSignatureParameters(getDigestAlgorithm(), this.mgfDigest, i, null, this.trailer);
        }

        public PSSSignatureParameters withTrailer(int i) {
            return new PSSSignatureParameters(getDigestAlgorithm(), this.mgfDigest, this.saltLength, this.salt, i);
        }

        public PSSSignatureParameters withSalt(byte[] bArr) {
            return new PSSSignatureParameters(getDigestAlgorithm(), this.mgfDigest, bArr.length, Arrays.clone(bArr), this.trailer);
        }

        public byte[] getSalt() {
            return Arrays.clone(this.salt);
        }

        public int getSaltLength() {
            return this.saltLength;
        }

        public FipsDigestAlgorithm getMGFDigest() {
            return this.mgfDigest;
        }

        public int getTrailer() {
            return this.trailer;
        }
    }

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$RepeatingRandom.class */
    private static final class RepeatingRandom extends SecureRandom {
        RepeatingRandom() {
            super(null, new DummyProvider());
        }

        @Override // java.security.SecureRandom, java.util.Random
        public void nextBytes(byte[] bArr) {
            for (int i = 0; i != bArr.length; i++) {
                bArr[i] = (byte) (i % 255);
            }
        }
    }

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$SVEKTSParameters.class */
    public static final class SVEKTSParameters extends KTSParameters {
        public SVEKTSParameters() {
            super(FipsRSA.ALGORITHM_SVE);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$SecretWithEncapsulationImpl.class */
    public static class SecretWithEncapsulationImpl implements SecretWithEncapsulation {
        private final byte[] secret;
        private final byte[] encapsulation;

        public SecretWithEncapsulationImpl(byte[] bArr, byte[] bArr2) {
            this.secret = Arrays.clone(bArr);
            this.encapsulation = Arrays.clone(bArr2);
        }

        @Override // org.bouncycastle.crypto.SecretWithEncapsulation
        public final byte[] getSecret() {
            return Arrays.clone(this.secret);
        }

        @Override // org.bouncycastle.crypto.SecretWithEncapsulation
        public final byte[] getEncapsulation() {
            return Arrays.clone(this.encapsulation);
        }
    }

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$SignatureOperatorFactory.class */
    public static final class SignatureOperatorFactory<T extends SignatureParameters> extends FipsSignatureOperatorFactory<T> {

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$SignatureOperatorFactory$RSASigner.class */
        public class RSASigner<P extends SignatureParameters> extends FipsOutputSignerUsingSecureRandom<P> {
            final Signer signer;
            private final CipherParameters keyParameters;
            private final P parameters;
            private final SecureRandom random;

            RSASigner(P p, CipherParameters cipherParameters, SecureRandom secureRandom) {
                this.parameters = p;
                this.keyParameters = cipherParameters;
                this.random = secureRandom;
                if (p instanceof PKCS1v15SignatureParameters) {
                    if (p.getDigestAlgorithm() == null) {
                        this.signer = new NullSigner();
                        return;
                    } else {
                        this.signer = new RsaDigestSigner(FipsRSA.ENGINE_PROVIDER.createEngine(), FipsSHS.createDigest(p.getDigestAlgorithm()));
                        return;
                    }
                }
                if (p instanceof PSSSignatureParameters) {
                    this.signer = FipsRSA.getPSSSigner((PSSSignatureParameters) p);
                } else {
                    this.signer = new X931Signer(FipsRSA.ENGINE_PROVIDER.createEngine(), FipsSHS.createDigest(p.getDigestAlgorithm()));
                }
            }

            @Override // org.bouncycastle.crypto.fips.FipsOutputSignerUsingSecureRandom, org.bouncycastle.crypto.fips.FipsOutputSigner, org.bouncycastle.crypto.OutputSigner
            public P getParameters() {
                return this.parameters;
            }

            @Override // org.bouncycastle.crypto.fips.FipsOutputSignerUsingSecureRandom, org.bouncycastle.crypto.fips.FipsOutputSigner, org.bouncycastle.crypto.OutputSigner
            public UpdateOutputStream getSigningStream() {
                if (this.random != null) {
                    this.signer.init(true, new ParametersWithRandom(this.keyParameters, this.random));
                } else {
                    this.signer.init(true, new ParametersWithRandom(this.keyParameters, CryptoServicesRegistrar.getSecureRandom()));
                }
                return new SignerOutputStream(this.parameters.getAlgorithm().getName(), this.signer);
            }

            @Override // org.bouncycastle.crypto.fips.FipsOutputSignerUsingSecureRandom, org.bouncycastle.crypto.fips.FipsOutputSigner, org.bouncycastle.crypto.OutputSigner
            public byte[] getSignature() throws PlainInputProcessingException {
                try {
                    return this.signer.generateSignature();
                } catch (Exception e) {
                    throw new PlainInputProcessingException("Unable to create signature: " + e.getMessage(), e);
                }
            }

            @Override // org.bouncycastle.crypto.fips.FipsOutputSignerUsingSecureRandom, org.bouncycastle.crypto.OperatorUsingSecureRandom
            public FipsOutputSignerUsingSecureRandom<P> withSecureRandom(SecureRandom secureRandom) {
                return new RSASigner(this.parameters, this.keyParameters, secureRandom);
            }

            @Override // org.bouncycastle.crypto.fips.FipsOutputSigner, org.bouncycastle.crypto.OutputSigner
            public int getSignature(byte[] bArr, int i) throws PlainInputProcessingException {
                byte[] signature = getSignature();
                System.arraycopy(signature, 0, bArr, i, signature.length);
                return signature.length;
            }
        }

        @Override // org.bouncycastle.crypto.fips.FipsSignatureOperatorFactory, org.bouncycastle.crypto.SignatureOperatorFactory
        public FipsOutputSignerUsingSecureRandom<T> createSigner(AsymmetricPrivateKey asymmetricPrivateKey, T t) {
            int bitLength;
            AsymmetricRSAPrivateKey asymmetricRSAPrivateKey = (AsymmetricRSAPrivateKey) asymmetricPrivateKey;
            if (!asymmetricRSAPrivateKey.canBeUsed(AsymmetricRSAKey.Usage.SIGN_OR_VERIFY)) {
                throw new IllegalKeyException("Attempt to sign/verify with RSA modulus already used for encrypt/decrypt.");
            }
            if (!CryptoServicesRegistrar.isInApprovedOnlyMode() || (bitLength = asymmetricRSAPrivateKey.getModulus().bitLength()) >= 2048) {
                return new RSASigner(t, FipsRSA.getPrivateKeyParameters(asymmetricRSAPrivateKey), null);
            }
            throw new FipsUnapprovedOperationError("Attempt to use RSA key with non-approved size: " + bitLength, asymmetricPrivateKey.getAlgorithm());
        }

        @Override // org.bouncycastle.crypto.fips.FipsSignatureOperatorFactory, org.bouncycastle.crypto.SignatureOperatorFactory
        public FipsOutputVerifier<T> createVerifier(AsymmetricPublicKey asymmetricPublicKey, final T t) {
            int bitLength;
            Signer nullSigner = t instanceof PKCS1v15SignatureParameters ? t.getDigestAlgorithm() == null ? new NullSigner() : new RsaDigestSigner(FipsRSA.ENGINE_PROVIDER.createEngine(), FipsSHS.createDigest(t.getDigestAlgorithm())) : t instanceof PSSSignatureParameters ? FipsRSA.getPSSSigner((PSSSignatureParameters) t) : new X931Signer(new RsaBlindedEngine(), FipsSHS.createDigest(t.getDigestAlgorithm()));
            AsymmetricRSAPublicKey asymmetricRSAPublicKey = (AsymmetricRSAPublicKey) asymmetricPublicKey;
            if (!asymmetricRSAPublicKey.canBeUsed(AsymmetricRSAKey.Usage.SIGN_OR_VERIFY)) {
                throw new IllegalKeyException("Attempt to sign/verify with RSA modulus already used for encrypt/decrypt.");
            }
            if (CryptoServicesRegistrar.isInApprovedOnlyMode() && (bitLength = asymmetricRSAPublicKey.getModulus().bitLength()) < 2048 && bitLength != 1024 && bitLength != 1536) {
                throw new FipsUnapprovedOperationError("Attempt to use RSA key with non-approved size: " + bitLength, asymmetricPublicKey.getAlgorithm());
            }
            nullSigner.init(false, new RsaKeyParameters(false, asymmetricRSAPublicKey.getModulus(), asymmetricRSAPublicKey.getPublicExponent()));
            final Signer signer = nullSigner;
            return (FipsOutputVerifier<T>) new FipsOutputVerifier<T>() { // from class: org.bouncycastle.crypto.fips.FipsRSA.SignatureOperatorFactory.1
                @Override // org.bouncycastle.crypto.fips.FipsOutputVerifier, org.bouncycastle.crypto.OutputVerifier
                public T getParameters() {
                    return (T) t;
                }

                @Override // org.bouncycastle.crypto.fips.FipsOutputVerifier, org.bouncycastle.crypto.OutputVerifier
                public UpdateOutputStream getVerifyingStream() {
                    return new SignerOutputStream(t.getAlgorithm().getName(), signer);
                }

                @Override // org.bouncycastle.crypto.fips.FipsOutputVerifier, org.bouncycastle.crypto.OutputVerifier
                public boolean isVerified(byte[] bArr) throws InvalidSignatureException {
                    try {
                        return signer.verifySignature(bArr);
                    } catch (Exception e) {
                        return false;
                    }
                }
            };
        }
    }

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$SignatureParameters.class */
    public static class SignatureParameters extends FipsParameters {
        private final FipsDigestAlgorithm digestAlgorithm;

        SignatureParameters(FipsAlgorithm fipsAlgorithm, FipsDigestAlgorithm fipsDigestAlgorithm) {
            super(fipsAlgorithm);
            if (fipsDigestAlgorithm == null && CryptoServicesRegistrar.isInApprovedOnlyMode()) {
                PrivilegedUtils.checkPermission(Permissions.TlsNullDigestEnabled);
            }
            this.digestAlgorithm = fipsDigestAlgorithm;
        }

        public FipsDigestAlgorithm getDigestAlgorithm() {
            return this.digestAlgorithm;
        }
    }

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$Variations.class */
    private enum Variations {
        PKCS1v1_5,
        PSS,
        X931,
        OAEP,
        SVE
    }

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$WrapParameters.class */
    public static class WrapParameters extends FipsParameters {
        WrapParameters(FipsAlgorithm fipsAlgorithm) {
            super(fipsAlgorithm);
        }
    }

    /* loaded from: input_file:org/bouncycastle/crypto/fips/FipsRSA$X931SignatureParameters.class */
    public static final class X931SignatureParameters extends SignatureParameters {
        X931SignatureParameters() {
            super(FipsRSA.ALGORITHM_X931, FipsSHS.Algorithm.SHA1);
        }

        private X931SignatureParameters(FipsDigestAlgorithm fipsDigestAlgorithm) {
            super(FipsRSA.ALGORITHM_X931, fipsDigestAlgorithm);
        }

        public X931SignatureParameters withDigestAlgorithm(FipsDigestAlgorithm fipsDigestAlgorithm) {
            return new X931SignatureParameters(fipsDigestAlgorithm);
        }
    }

    private FipsRSA() {
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Signer getPSSSigner(PSSSignatureParameters pSSSignatureParameters) {
        byte[] salt = pSSSignatureParameters.getSalt();
        return salt != null ? new PSSSigner(new RsaBlindedEngine(), FipsSHS.createDigest(pSSSignatureParameters.getDigestAlgorithm()), FipsSHS.createDigest(pSSSignatureParameters.getMGFDigest()), salt, pSSSignatureParameters.getTrailer()) : new PSSSigner(new RsaBlindedEngine(), FipsSHS.createDigest(pSSSignatureParameters.getDigestAlgorithm()), FipsSHS.createDigest(pSSSignatureParameters.getMGFDigest()), pSSSignatureParameters.getSaltLength(), pSSSignatureParameters.getTrailer());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static AsymmetricBlockCipher createCipher(boolean z, AsymmetricRSAKey asymmetricRSAKey, WrapParameters wrapParameters, SecureRandom secureRandom) {
        RsaKeyParameters privateKeyParameters;
        final AsymmetricBlockCipher createEngine = ENGINE_PROVIDER.createEngine();
        if (!asymmetricRSAKey.canBeUsed(AsymmetricRSAKey.Usage.ENCRYPT_OR_DECRYPT)) {
            throw new IllegalKeyException("Attempt to encrypt/decrypt with RSA modulus already used for sign/verify.");
        }
        if (asymmetricRSAKey instanceof AsymmetricRSAPublicKey) {
            AsymmetricRSAPublicKey asymmetricRSAPublicKey = (AsymmetricRSAPublicKey) asymmetricRSAKey;
            privateKeyParameters = new RsaKeyParameters(false, asymmetricRSAPublicKey.getModulus(), asymmetricRSAPublicKey.getPublicExponent());
        } else {
            privateKeyParameters = getPrivateKeyParameters((AsymmetricRSAPrivateKey) asymmetricRSAKey);
        }
        if (wrapParameters.getAlgorithm().equals(ALGORITHM_OAEP)) {
            OAEPParameters oAEPParameters = (OAEPParameters) wrapParameters;
            createEngine = new OAEPEncoding(createEngine, FipsSHS.createDigest(oAEPParameters.digestAlgorithm), FipsSHS.createDigest(oAEPParameters.mgfDigestAlgorithm), oAEPParameters.encodingParams);
        } else if (wrapParameters.getAlgorithm().equals(ALGORITHM_PKCS1v1_5)) {
            createEngine = (AsymmetricBlockCipher) AccessController.doPrivileged(new PrivilegedAction<PKCS1Encoding>() { // from class: org.bouncycastle.crypto.fips.FipsRSA.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public PKCS1Encoding run() {
                    if (CryptoServicesRegistrar.isInApprovedOnlyMode()) {
                        Utils.checkPermission(Permissions.TlsPKCS15KeyWrapEnabled);
                    }
                    return new PKCS1Encoding(AsymmetricBlockCipher.this);
                }
            });
        }
        createEngine.init(z, new ParametersWithRandom(privateKeyParameters, secureRandom));
        return createEngine;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static RsaKeyParameters getPrivateKeyParameters(final AsymmetricRSAPrivateKey asymmetricRSAPrivateKey) {
        return (RsaKeyParameters) AccessController.doPrivileged(new PrivilegedAction<RsaKeyParameters>() { // from class: org.bouncycastle.crypto.fips.FipsRSA.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public RsaKeyParameters run() {
                return AsymmetricRSAPrivateKey.this.getPublicExponent().equals(BigInteger.ZERO) ? new RsaKeyParameters(true, AsymmetricRSAPrivateKey.this.getModulus(), AsymmetricRSAPrivateKey.this.getPrivateExponent()) : new RsaPrivateCrtKeyParameters(AsymmetricRSAPrivateKey.this.getModulus(), AsymmetricRSAPrivateKey.this.getPublicExponent(), AsymmetricRSAPrivateKey.this.getPrivateExponent(), AsymmetricRSAPrivateKey.this.getP(), AsymmetricRSAPrivateKey.this.getQ(), AsymmetricRSAPrivateKey.this.getDP(), AsymmetricRSAPrivateKey.this.getDQ(), AsymmetricRSAPrivateKey.this.getQInv());
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void validateKeyPair(AsymmetricCipherKeyPair asymmetricCipherKeyPair) {
        SelfTestExecutor.validate(ALGORITHM, asymmetricCipherKeyPair, new ConsistencyTest<AsymmetricCipherKeyPair>() { // from class: org.bouncycastle.crypto.fips.FipsRSA.3
            @Override // org.bouncycastle.crypto.internal.test.ConsistencyTest
            public boolean hasTestPassed(AsymmetricCipherKeyPair asymmetricCipherKeyPair2) {
                byte[] decode = Hex.decode("576a1f885e3420128c8a656097ba7d8bb4c6f1b1853348cf2ba976971dbdbefc");
                RsaBlindedEngine rsaBlindedEngine = new RsaBlindedEngine();
                rsaBlindedEngine.init(true, asymmetricCipherKeyPair2.getPublic());
                byte[] processBlock = rsaBlindedEngine.processBlock(decode, 0, decode.length);
                if (Arrays.areEqual(decode, processBlock)) {
                    return false;
                }
                rsaBlindedEngine.init(false, new ParametersWithRandom(asymmetricCipherKeyPair2.getPrivate(), Utils.testRandom));
                if (Arrays.areEqual(rsaBlindedEngine.processBlock(decode, 0, decode.length), decode)) {
                    return false;
                }
                return Arrays.areEqual(decode, rsaBlindedEngine.processBlock(processBlock, 0, processBlock.length));
            }
        });
    }

    private static void rsaSignTest(final EngineProvider engineProvider) {
        SelfTestExecutor.validate(ALGORITHM, new VariantInternalKatTest(ALGORITHM) { // from class: org.bouncycastle.crypto.fips.FipsRSA.4
            /* JADX INFO: Access modifiers changed from: package-private */
            @Override // org.bouncycastle.crypto.fips.VariantInternalKatTest
            public void evaluate() throws Exception {
                RsaDigestSigner rsaDigestSigner = new RsaDigestSigner(engineProvider.createEngine(), FipsSHS.createDigest(FipsSHS.Algorithm.SHA256));
                rsaDigestSigner.init(false, new RsaKeyParameters(false, FipsRSA.katM, FipsRSA.katE));
                rsaDigestSigner.update(FipsRSA.msg, 0, FipsRSA.msg.length);
                if (!rsaDigestSigner.verifySignature(FipsRSA.pkcs15Sig)) {
                    fail("Self test signature verify failed.");
                }
                rsaDigestSigner.init(true, new ParametersWithRandom(FipsRSA.testPrivKey, Utils.testRandom));
                rsaDigestSigner.update(FipsRSA.msg, 0, FipsRSA.msg.length);
                if (Arrays.areEqual(FipsRSA.pkcs15Sig, rsaDigestSigner.generateSignature())) {
                    return;
                }
                fail("Self test signature generate failed.");
            }
        });
    }

    private static void rsaKasTest(final EngineProvider engineProvider) {
        SelfTestExecutor.validate(ALGORITHM_SVE, new VariantInternalKatTest(ALGORITHM_SVE) { // from class: org.bouncycastle.crypto.fips.FipsRSA.5
            /* JADX INFO: Access modifiers changed from: package-private */
            @Override // org.bouncycastle.crypto.fips.VariantInternalKatTest
            public void evaluate() throws Exception {
                byte[] decode = Hex.decode("ce4cf74c1caef7e0455f4210e13fde6847f56c939aedfed9d24c2e6a7c661c461b436ade0a9afd6457be92af33c2626b319e060e9435612215099f9369aaca72351dad4dc14a4c418dbe7fd3b273e91d45fa615c15be8d5e0b97b6aca713cbc549ed4ef2d82f5f8e03b0d0d95d6ce7c7695f8bba938746eff19b70d2c2d56fab");
                byte[] decode2 = Hex.decode("697140a15ddcb8dc01b7f97d929c20c99f9b1348fa80d67350183e44ca9a90d958758d0299b95fb442338e7c3d3595076f05c51b0152bc8a68a1d0b9eb4077ad716a357f72b10130669eeeb4c7454afe742c14dbcfd469c1f2171b59d2c5b3ebb704157b7df5b8bd68ab15b003355dd3ec033bee5e3d418a8b3dd357d14914143b40b0a6e1900bd1f1bf238f75cbba9a93144bd9ec6ddfe500de2318730d0f55e4ee05cd58201c1993500ff1396a4e66fe868f3eaa8cf09752d48426da24186e7870e610efecc9dc02f959c258d8bbdbc354d652c68e778bb6e523fcd08677d48afbed4f15af72f82b870e4d4b658456dea6f581deb9e6d19a9baa0e30f46023");
                SecretWithEncapsulation doGeneration = new GeneratorImpl(new RsaKeyParameters(false, FipsRSA.katM, FipsRSA.katE), new KTSParameters(FipsRSA.ALGORITHM_SVE), new FixedSecureRandom(new FixedSecureRandom.BigInteger(2048, decode2), new FixedSecureRandom.Data(decode))).doGeneration(engineProvider.createEngine());
                byte[] encapsulation = doGeneration.getEncapsulation();
                if (!Arrays.areEqual(Hex.decode("2dc23f549cedbc83b5efa8c0c666010ea8d59d8c860a473f6f32347b53a7a62b47a63b3f306f03b648aec8defa00414d3a24f422384decd3f147967789f5e7e79a927ec59398f3397d3e930489adbd3f213cebfc29715771f30f38335c4ac6dc8632e0be5649a881d551f9a883925be2f5aed67a09ea8257ca832f9240fc345d64b9d3d0522f533fd2f230803516f359376bdd1df899d8fa793cacae1d84c68a974fa554e88e8d182496c502babf4306c055c05b4f6ff4c9af8b74d20bc564bb9b238b9d16309ed20bc290b615d0cfab69dbf49d594fe256e44ad29025c0d811a63e1fe361ea3d106461069d00981a9c013aded45277ef19e1dba7d18a2249b9"), encapsulation)) {
                    fail("Self test SVE encryption KAT failed.");
                }
                byte[] secret = new ExtractorImpl(new AsymmetricRSAPrivateKey(FipsRSA.ALGORITHM_SVE, FipsRSA.testPrivKey.getModulus(), FipsRSA.testPrivKey.getExponent()), new KTSParameters(FipsRSA.ALGORITHM_SVE), Utils.testRandom).doExtraction(FipsRSA.testPrivKey, engineProvider.createEngine(), encapsulation, 0, encapsulation.length).getSecret();
                if (!Arrays.areEqual(decode2, secret)) {
                    fail("Self test SVE decryption KAT failed.");
                }
                if (Arrays.areEqual(doGeneration.getSecret(), secret)) {
                    return;
                }
                fail("Self test SVE failed.");
            }
        });
    }

    private static void rsaKeyTransportTest(final EngineProvider engineProvider) {
        SelfTestExecutor.validate(ALGORITHM_OAEP, new VariantInternalKatTest(ALGORITHM_OAEP) { // from class: org.bouncycastle.crypto.fips.FipsRSA.6
            /* JADX INFO: Access modifiers changed from: package-private */
            @Override // org.bouncycastle.crypto.fips.VariantInternalKatTest
            public void evaluate() throws Exception {
                byte[] decode = Hex.decode("4458cce0f94ebd79d275a134d224f95ef4126034e5d979359703b466096fcc15b71b78df4d4a68033112dfcfad7611cc0458475ab4a66b815f87fcb16a8aa1133441b9d61ed846c4856c5d42059fab7505bd8ffa5281a2bb187c6c853f298c98d5752a40be905f85e5ccb27d59415f09ac12a1788d654c675d98f412e6481e6f1159f1736dd96b29c99b411b4e5420b56b07be2885dbc397fa091f66877c41e502cb4afeba460a2ebcdec7d09d933e630b98a4510ad6f32ca7ffc1bdb43e46fff709819d3a69d9b62b774cb12c9dc176a6911bf370ab5029719dc1b4c13e23e57e46a7cd8ba5ee54c954ed460835ddab0086fa36ac110a5790e82c929bc7ca86");
                OAEPEncoding oAEPEncoding = new OAEPEncoding(engineProvider.createEngine(), new SHA1Digest());
                oAEPEncoding.init(true, new ParametersWithRandom(FipsRSA.testPubKey, new TestRandomData("18b776ea21069d69776a33e96bad48e1dda0a5ef")));
                if (!Arrays.areEqual(decode, oAEPEncoding.processBlock(FipsRSA.msg, 0, FipsRSA.msg.length))) {
                    fail("Self test OAEP transport encrypt failed.");
                }
                oAEPEncoding.init(false, new ParametersWithRandom(FipsRSA.testPrivKey, Utils.testRandom));
                if (Arrays.areEqual(FipsRSA.msg, oAEPEncoding.processBlock(decode, 0, decode.length))) {
                    return;
                }
                fail("Self test OAEP transport decrypt failed.");
            }
        });
        SelfTestExecutor.validate(ALGORITHM_PKCS1v1_5, new VariantInternalKatTest(ALGORITHM_PKCS1v1_5) { // from class: org.bouncycastle.crypto.fips.FipsRSA.7
            /* JADX INFO: Access modifiers changed from: package-private */
            @Override // org.bouncycastle.crypto.fips.VariantInternalKatTest
            public void evaluate() throws Exception {
                byte[] decode = Hex.decode("300603e8d5fdb52e4f9d1dea9cac60ef3500700f03f53b1437fee040ef2713ddd0419b69f5ffe92703999895ea4a111f9bb1333c8d5e115f70a41eb9e4a4ee4d20d7781e0c0765b1b3eb51bd96e9a1715c9be703e3dfa9c4195c001a64239709dfb135921ae6de5960d3e13abdf7cb54580db9922e969a9c4f3a35ac1d5c14958159a0e9259556c19daa793892151370012a215fb7a3d2f8daed098e47e9674edbebeba4bbb6c6b9f37d2bdaa218d0cbc1a70030ccb47f72a25168b0e1ef5a5570920db23f092db0be3dbfbee4babf4bd0e4a1355f45bc9e2a3947ed530d0fc66f77ba4167f16ea12f7ace82950de600ef555fb54bea15be1ec3d93e61af1e97");
                PKCS1Encoding pKCS1Encoding = new PKCS1Encoding(engineProvider.createEngine());
                pKCS1Encoding.init(true, new ParametersWithRandom(FipsRSA.testPubKey, new RepeatingRandom()));
                if (!Arrays.areEqual(decode, pKCS1Encoding.processBlock(FipsRSA.msg, 0, FipsRSA.msg.length))) {
                    fail("Self test PKCS#1.5 transport encrypt failed.");
                }
                pKCS1Encoding.init(false, new ParametersWithRandom(FipsRSA.testPrivKey, Utils.testRandom));
                if (Arrays.areEqual(FipsRSA.msg, pKCS1Encoding.processBlock(decode, 0, decode.length))) {
                    return;
                }
                fail("Self test PKCS#1.5 transport decrypt failed.");
            }
        });
    }

    static {
        EngineProvider engineProvider = new EngineProvider();
        rsaSignTest(engineProvider);
        rsaKasTest(engineProvider);
        rsaKeyTransportTest(engineProvider);
        ENGINE_PROVIDER = engineProvider;
        FipsRegister.registerEngineProvider(ALGORITHM, engineProvider);
    }
}
