package com.sony.csx.enclave.security;

import android.util.Base64;
import com.sony.csx.enclave.common.CommonLog;
import com.sony.csx.enclave.component.EnclaveError;
import com.sony.csx.enclave.proguard.Keep;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

@Keep
/* loaded from: classes2.dex */
public class RsaKernel {
    public static final int DIGEST_MD5 = 2;
    public static final int DIGEST_SHA1 = 0;
    public static final int DIGEST_SHA256 = 1;
    private static final String TAG = RsaKernel.class.getSimpleName() + ".java";
    private static final Pattern PEM_MARKER_PATTERN = Pattern.compile("-----BEGIN[ A-Z]+?-----(.+?)-----END[ A-Z]+?-----", 32);

    private RsaKernel() {
    }

    private static Certificate certificateFromPem(String str) throws CertificateException {
        return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes()));
    }

    private static byte[] convertPem2Der(String str) {
        Matcher matcher = PEM_MARKER_PATTERN.matcher(str);
        if (!matcher.find()) {
            throw new IllegalArgumentException("find() failed : " + str);
        }
        try {
            String group = matcher.group(1);
            if (group != null) {
                return Base64.decode(group, 0);
            }
            throw new IllegalArgumentException("group() failed : " + str);
        } catch (IllegalStateException e7) {
            throw new IllegalArgumentException(e7 + " : " + str);
        }
    }

    private static Signature getSignatureInstance(int i7) throws NoSuchAlgorithmException {
        String str;
        if (i7 == 0) {
            str = "SHA1withRSA";
        } else if (i7 == 1) {
            str = "SHA256withRSA";
        } else {
            if (i7 != 2) {
                throw new IllegalArgumentException("unknown algorithm number : " + i7);
            }
            str = "MD5withRSA";
        }
        return Signature.getInstance(str);
    }

    private static PrivateKey privateKeyFromPem(String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        KeyFactory keyFactory;
        PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(convertPem2Der(str));
        try {
            keyFactory = KeyFactory.getInstance("RSA", "BC");
        } catch (NoSuchProviderException e7) {
            CommonLog.w(TAG, e7.toString());
            keyFactory = KeyFactory.getInstance("RSA");
        }
        return keyFactory.generatePrivate(pKCS8EncodedKeySpec);
    }

    @Keep
    public static int sign(String str, byte[] bArr, int i7, OutputStream outputStream) {
        if (str == null) {
            CommonLog.e(TAG, "sign() private key null");
            return EnclaveError.RESULT_ERR_INVALID_PARAMETER;
        }
        if (bArr == null) {
            CommonLog.e(TAG, "sign() data null");
            return EnclaveError.RESULT_ERR_INVALID_PARAMETER;
        }
        if (outputStream == null) {
            CommonLog.e(TAG, "sign() output stream null");
            return EnclaveError.RESULT_ERR_INVALID_PARAMETER;
        }
        try {
            Signature signatureInstance = getSignatureInstance(i7);
            signatureInstance.initSign(privateKeyFromPem(str));
            signatureInstance.update(bArr);
            outputStream.write(Base64.encode(signatureInstance.sign(), 2));
            return 0;
        } catch (IOException e7) {
            CommonLog.e(TAG, e7.toString());
            return EnclaveError.RESULT_ERR_ASSERT;
        } catch (IllegalArgumentException e8) {
            CommonLog.e(TAG, e8.toString());
            return EnclaveError.RESULT_ERR_INVALID_PARAMETER;
        } catch (InvalidKeyException e9) {
            CommonLog.e(TAG, e9.toString());
            return EnclaveError.RESULT_ERR_ASSERT;
        } catch (NoSuchAlgorithmException e10) {
            CommonLog.e(TAG, e10.toString());
            return EnclaveError.RESULT_ERR_ASSERT;
        } catch (SignatureException e11) {
            CommonLog.e(TAG, e11.toString());
            return EnclaveError.RESULT_ERR_ASSERT;
        } catch (InvalidKeySpecException e12) {
            CommonLog.e(TAG, e12.toString());
            return EnclaveError.RESULT_ERR_ASSERT;
        }
    }

    @Keep
    public static int verify(String str, String str2, byte[] bArr, int i7) {
        if (str == null) {
            CommonLog.e(TAG, "verify() certificate null");
            return EnclaveError.RESULT_ERR_INVALID_PARAMETER;
        }
        if (str2 == null) {
            CommonLog.e(TAG, "verify() signature null");
            return EnclaveError.RESULT_ERR_INVALID_PARAMETER;
        }
        if (bArr == null) {
            CommonLog.e(TAG, "verify() data null");
            return EnclaveError.RESULT_ERR_INVALID_PARAMETER;
        }
        try {
            Signature signatureInstance = getSignatureInstance(i7);
            signatureInstance.initVerify(certificateFromPem(str));
            signatureInstance.update(bArr);
            if (signatureInstance.verify(Base64.decode(str2, 0))) {
                return 0;
            }
            return EnclaveError.RESULT_ERR_TAMPERED;
        } catch (IllegalArgumentException e7) {
            CommonLog.e(TAG, e7.toString());
            return EnclaveError.RESULT_ERR_INVALID_PARAMETER;
        } catch (InvalidKeyException e8) {
            CommonLog.e(TAG, e8.toString());
            return EnclaveError.RESULT_ERR_ASSERT;
        } catch (NoSuchAlgorithmException e9) {
            CommonLog.e(TAG, e9.toString());
            return EnclaveError.RESULT_ERR_ASSERT;
        } catch (SignatureException e10) {
            CommonLog.e(TAG, e10.toString());
            return EnclaveError.RESULT_ERR_ASSERT;
        } catch (CertificateException e11) {
            CommonLog.e(TAG, e11.toString());
            return EnclaveError.RESULT_ERR_ASSERT;
        }
    }
}
