package com.google.crypto.tink.subtle;

import com.google.crypto.tink.config.internal.c;
import com.google.crypto.tink.subtle.a0;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.interfaces.RSAPublicKey;

@u1.j
/* loaded from: classes3.dex */
public final class o0 implements com.google.crypto.tink.o0 {

    /* renamed from: c, reason: collision with root package name */
    public static final c.b f29457c = c.b.f27741b;

    /* renamed from: d, reason: collision with root package name */
    private static final String f29458d = "3031300d060960864801650304020105000420";

    /* renamed from: e, reason: collision with root package name */
    private static final String f29459e = "3041300d060960864801650304020205000430";

    /* renamed from: f, reason: collision with root package name */
    private static final String f29460f = "3051300d060960864801650304020305000440";

    /* renamed from: a, reason: collision with root package name */
    private final RSAPublicKey f29461a;

    /* renamed from: b, reason: collision with root package name */
    private final a0.a f29462b;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public static /* synthetic */ class a {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f29463a;

        static {
            int[] iArr = new int[a0.a.values().length];
            f29463a = iArr;
            try {
                iArr[a0.a.SHA256.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f29463a[a0.a.SHA384.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f29463a[a0.a.SHA512.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    public o0(RSAPublicKey rSAPublicKey, a0.a aVar) throws GeneralSecurityException {
        if (!f29457c.a()) {
            throw new GeneralSecurityException("Can not use RSA-PKCS1.5 in FIPS-mode, as BoringCrypto module is not available.");
        }
        a1.h(aVar);
        a1.f(rSAPublicKey.getModulus().bitLength());
        a1.g(rSAPublicKey.getPublicExponent());
        this.f29461a = rSAPublicKey;
        this.f29462b = aVar;
    }

    private byte[] b(byte[] bArr, int i8, a0.a aVar) throws GeneralSecurityException {
        a1.h(aVar);
        MessageDigest a8 = y.f29582e.a(z0.g(this.f29462b));
        a8.update(bArr);
        byte[] digest = a8.digest();
        byte[] c8 = c(aVar);
        if (i8 < c8.length + digest.length + 11) {
            throw new GeneralSecurityException("intended encoded message length too short");
        }
        byte[] bArr2 = new byte[i8];
        bArr2[0] = 0;
        bArr2[1] = 1;
        int i9 = 2;
        int i10 = 0;
        while (i10 < (i8 - r0) - 3) {
            bArr2[i9] = -1;
            i10++;
            i9++;
        }
        int i11 = i9 + 1;
        bArr2[i9] = 0;
        System.arraycopy(c8, 0, bArr2, i11, c8.length);
        System.arraycopy(digest, 0, bArr2, i11 + c8.length, digest.length);
        return bArr2;
    }

    private byte[] c(a0.a aVar) throws GeneralSecurityException {
        int i8 = a.f29463a[aVar.ordinal()];
        if (i8 == 1) {
            return c0.a(f29458d);
        }
        if (i8 == 2) {
            return c0.a(f29459e);
        }
        if (i8 == 3) {
            return c0.a(f29460f);
        }
        throw new GeneralSecurityException("Unsupported hash " + aVar);
    }

    @Override // com.google.crypto.tink.o0
    public void a(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        BigInteger publicExponent = this.f29461a.getPublicExponent();
        BigInteger modulus = this.f29461a.getModulus();
        int bitLength = (modulus.bitLength() + 7) / 8;
        if (bitLength != bArr.length) {
            throw new GeneralSecurityException("invalid signature's length");
        }
        BigInteger b8 = z0.b(bArr);
        if (b8.compareTo(modulus) >= 0) {
            throw new GeneralSecurityException("signature out of range");
        }
        if (!h.e(z0.c(b8.modPow(publicExponent, modulus), bitLength), b(bArr2, bitLength, this.f29462b))) {
            throw new GeneralSecurityException("invalid signature");
        }
    }
}
