package com.huawei.wisesecurity.kfs.crypto.signer;

import androidx.fragment.app.m;
import com.huawei.wisesecurity.kfs.crypto.codec.Decoder;
import com.huawei.wisesecurity.kfs.crypto.key.KeyStoreProvider;
import com.huawei.wisesecurity.kfs.exception.CodecException;
import com.huawei.wisesecurity.kfs.exception.CryptoException;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Mac;

/* loaded from: classes2.dex */
public class DefaultVerifyHandler implements VerifyHandler {
    private final Key key;
    private final AlgorithmParameterSpec parameterSpec;
    private final KeyStoreProvider provider;
    private final SignText signText;

    /* renamed from: com.huawei.wisesecurity.kfs.crypto.signer.DefaultVerifyHandler$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$huawei$wisesecurity$kfs$crypto$signer$SignAlg;

        static {
            int[] iArr = new int[SignAlg.values().length];
            $SwitchMap$com$huawei$wisesecurity$kfs$crypto$signer$SignAlg = iArr;
            try {
                iArr[SignAlg.ECDSA.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$huawei$wisesecurity$kfs$crypto$signer$SignAlg[SignAlg.RSA_SHA256.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$huawei$wisesecurity$kfs$crypto$signer$SignAlg[SignAlg.RSA_SHA256_PSS.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$com$huawei$wisesecurity$kfs$crypto$signer$SignAlg[SignAlg.HMAC_SHA256.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    public DefaultVerifyHandler(KeyStoreProvider keyStoreProvider, Key key, SignText signText, AlgorithmParameterSpec algorithmParameterSpec) {
        this.provider = keyStoreProvider;
        this.key = key;
        this.parameterSpec = algorithmParameterSpec;
        this.signText = signText;
    }

    public DefaultVerifyHandler(Key key, SignText signText, AlgorithmParameterSpec algorithmParameterSpec) {
        this.provider = KeyStoreProvider.ANDROID_KEYSTORE;
        this.key = key;
        this.parameterSpec = algorithmParameterSpec;
        this.signText = signText;
    }

    private boolean checkSignature(byte[] bArr, byte[] bArr2) {
        if (bArr == null || bArr2 == null || bArr.length != bArr2.length) {
            return false;
        }
        for (int i6 = 0; i6 < bArr.length; i6++) {
            if (bArr[i6] != bArr2[i6]) {
                return false;
            }
        }
        return true;
    }

    private boolean doAsymmVerify() throws CryptoException {
        try {
            String transformation = this.signText.getAlgId().getTransformation();
            KeyStoreProvider keyStoreProvider = this.provider;
            Signature signature = keyStoreProvider == KeyStoreProvider.ANDROID_KEYSTORE ? Signature.getInstance(transformation) : Signature.getInstance(transformation, keyStoreProvider.getProviderName());
            AlgorithmParameterSpec algorithmParameterSpec = this.parameterSpec;
            if (algorithmParameterSpec != null) {
                signature.setParameter(algorithmParameterSpec);
            }
            Key key = this.key;
            if (!(key instanceof PublicKey)) {
                throw new CryptoException("verify key not public key");
            }
            signature.initVerify((PublicKey) key);
            signature.update(this.signText.getDataBytes());
            return signature.verify(this.signText.getSignature());
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException e10) {
            throw new CryptoException(m.d(e10, new StringBuilder("Fail to decrypt: ")));
        }
    }

    private boolean doSymmVerify() throws CryptoException {
        try {
            String transformation = this.signText.getAlgId().getTransformation();
            KeyStoreProvider keyStoreProvider = this.provider;
            Mac mac = keyStoreProvider == KeyStoreProvider.ANDROID_KEYSTORE ? Mac.getInstance(transformation) : Mac.getInstance(transformation, keyStoreProvider.getProviderName());
            mac.init(this.key);
            mac.update(this.signText.getDataBytes());
            return checkSignature(this.signText.getSignature(), mac.doFinal());
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException e10) {
            throw new CryptoException(m.d(e10, new StringBuilder("Fail to sign : ")));
        }
    }

    private boolean doVerify() throws CryptoException {
        int i6 = AnonymousClass1.$SwitchMap$com$huawei$wisesecurity$kfs$crypto$signer$SignAlg[this.signText.getAlgId().ordinal()];
        if (i6 == 1 || i6 == 2 || i6 == 3) {
            return doAsymmVerify();
        }
        if (i6 == 4) {
            return doSymmVerify();
        }
        throw new CryptoException("unsupported sign alg : " + this.signText.getAlgId().getTransformation());
    }

    private DefaultVerifyHandler fromData(String str, Decoder decoder) throws CryptoException {
        try {
            fromData(decoder.decode(str));
            return this;
        } catch (CodecException e10) {
            throw new CryptoException("Fail to decode sign data: " + e10.getMessage());
        }
    }

    private boolean verify(String str, Decoder decoder) throws CryptoException {
        try {
            return verify(decoder.decode(str));
        } catch (CodecException e10) {
            throw new CryptoException("Fail to decode signature : " + e10.getMessage());
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.signer.VerifyHandler
    public DefaultVerifyHandler fromBase64Data(String str) throws CryptoException {
        return fromData(str, Decoder.BASE64);
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.signer.VerifyHandler
    public DefaultVerifyHandler fromBase64UrlData(String str) throws CryptoException {
        return fromData(str, Decoder.BASE64URL);
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.signer.VerifyHandler
    public DefaultVerifyHandler fromData(String str) throws CryptoException {
        return fromData(str.getBytes(Charset.forName("UTF-8")));
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.signer.VerifyHandler
    public DefaultVerifyHandler fromData(byte[] bArr) throws CryptoException {
        this.signText.setDataBytes(bArr);
        return this;
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.signer.VerifyHandler
    public DefaultVerifyHandler fromHexData(String str) throws CryptoException {
        return fromData(str, Decoder.HEX);
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.signer.VerifyHandler
    public boolean verify(String str) throws CryptoException {
        return verify(str.getBytes(Charset.forName("UTF-8")));
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.signer.VerifyHandler
    public boolean verify(byte[] bArr) throws CryptoException {
        this.signText.setSignature(bArr);
        return doVerify();
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.signer.VerifyHandler
    public boolean verifyBase64(String str) throws CryptoException {
        return verify(str, Decoder.BASE64);
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.signer.VerifyHandler
    public boolean verifyBase64Url(String str) throws CryptoException {
        return verify(str, Decoder.BASE64URL);
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.signer.VerifyHandler
    public boolean verifyHex(String str) throws CryptoException {
        return verify(str, Decoder.HEX);
    }
}
