package org.bouncycastle.jcajce.provider;

import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.KeySpec;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.PSSParameterSpec;
import java.security.spec.RSAKeyGenParameterSpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.HashMap;
import java.util.Map;
import javassist.bytecode.SignatureAttribute;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.SecretKeyFactorySpi;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.cms.GenericHybridParameters;
import org.bouncycastle.asn1.cms.RsaKemParameters;
import org.bouncycastle.asn1.iso.ISOIECObjectIdentifiers;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.RSAESOAEPparams;
import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.crypto.Algorithm;
import org.bouncycastle.crypto.AsymmetricKeyPairGenerator;
import org.bouncycastle.crypto.AsymmetricOperatorFactory;
import org.bouncycastle.crypto.AsymmetricPrivateKey;
import org.bouncycastle.crypto.AsymmetricPublicKey;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.crypto.DigestAlgorithm;
import org.bouncycastle.crypto.EncapsulatingSecretGenerator;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.KDFCalculator;
import org.bouncycastle.crypto.Key;
import org.bouncycastle.crypto.KeyWrapOperatorFactory;
import org.bouncycastle.crypto.OutputSigner;
import org.bouncycastle.crypto.OutputVerifier;
import org.bouncycastle.crypto.Parameters;
import org.bouncycastle.crypto.PlainInputProcessingException;
import org.bouncycastle.crypto.SecretWithEncapsulation;
import org.bouncycastle.crypto.SignatureOperatorFactory;
import org.bouncycastle.crypto.SignatureWithMessageRecoveryOperatorFactory;
import org.bouncycastle.crypto.asymmetric.AsymmetricKeyPair;
import org.bouncycastle.crypto.asymmetric.AsymmetricRSAPrivateKey;
import org.bouncycastle.crypto.asymmetric.AsymmetricRSAPublicKey;
import org.bouncycastle.crypto.fips.FipsAlgorithm;
import org.bouncycastle.crypto.fips.FipsDigestAlgorithm;
import org.bouncycastle.crypto.fips.FipsEncapsulatedSecretExtractor;
import org.bouncycastle.crypto.fips.FipsKDF;
import org.bouncycastle.crypto.fips.FipsParameters;
import org.bouncycastle.crypto.fips.FipsRSA;
import org.bouncycastle.crypto.fips.FipsSHS;
import org.bouncycastle.crypto.fips.FipsUnapprovedOperationError;
import org.bouncycastle.crypto.general.GeneralAlgorithm;
import org.bouncycastle.crypto.general.RSA;
import org.bouncycastle.crypto.general.SecureHash;
import org.bouncycastle.jcajce.AgreedKeyWithMacKey;
import org.bouncycastle.jcajce.KTSKeyWithEncapsulation;
import org.bouncycastle.jcajce.ZeroizableSecretKey;
import org.bouncycastle.jcajce.provider.BaseSingleBlockCipher;
import org.bouncycastle.jcajce.spec.KTSExtractKeySpec;
import org.bouncycastle.jcajce.spec.KTSGenerateKeySpec;
import org.bouncycastle.jcajce.spec.KTSKeySpec;
import org.bouncycastle.jcajce.spec.KTSParameterSpec;
import org.bouncycastle.jcajce.spec.KTSWithKEMKWSKeySpec;
import org.bouncycastle.jcajce.util.MessageDigestUtils;
import org.bouncycastle.util.Arrays;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/bouncycastle/jcajce/provider/ProvRSA.class */
public class ProvRSA extends AsymmetricAlgorithmProvider {
    private AsymmetricOperatorFactory singleBlockFactory;
    private KeyWrapOperatorFactory generalKeyWrapFactory;
    private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric.rsa.";
    private static final KeyIvSizeProvider keySizeProvider = new KeyIvSizeProvider();
    private static final PublicKeyConverter<AsymmetricRSAPublicKey> publicKeyConverter = new PublicKeyConverter<AsymmetricRSAPublicKey>() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.1
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.bouncycastle.jcajce.provider.PublicKeyConverter
        public AsymmetricRSAPublicKey convertKey(Algorithm algorithm, PublicKey publicKey) throws InvalidKeyException {
            if (publicKey instanceof RSAPublicKey) {
                return publicKey instanceof ProvRSAPublicKey ? ((ProvRSAPublicKey) publicKey).getBaseKey() : new ProvRSAPublicKey(algorithm, (RSAPublicKey) publicKey).getBaseKey();
            }
            try {
                return new AsymmetricRSAPublicKey(algorithm, SubjectPublicKeyInfo.getInstance(Utils.getKeyEncoding(publicKey)));
            } catch (Exception e) {
                throw new InvalidKeyException("Cannot identify RSA public key: " + e.getMessage(), e);
            }
        }
    };
    private static final PrivateKeyConverter<AsymmetricRSAPrivateKey> privateKeyConverter = new PrivateKeyConverter<AsymmetricRSAPrivateKey>() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.2
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.bouncycastle.jcajce.provider.PrivateKeyConverter
        public AsymmetricRSAPrivateKey convertKey(Algorithm algorithm, PrivateKey privateKey) throws InvalidKeyException {
            if (privateKey instanceof RSAPrivateCrtKey) {
                return privateKey instanceof ProvRSAPrivateCrtKey ? ((ProvRSAPrivateCrtKey) privateKey).getBaseKey() : new ProvRSAPrivateCrtKey(algorithm, (RSAPrivateCrtKey) privateKey).getBaseKey();
            }
            if (privateKey instanceof RSAPrivateKey) {
                return privateKey instanceof ProvRSAPrivateKey ? ((ProvRSAPrivateKey) privateKey).getBaseKey() : new ProvRSAPrivateKey(algorithm, (RSAPrivateKey) privateKey).getBaseKey();
            }
            try {
                return new AsymmetricRSAPrivateKey(algorithm, PrivateKeyInfo.getInstance(Utils.getKeyEncoding(privateKey)));
            } catch (Exception e) {
                throw new InvalidKeyException("Cannot identify RSA private key: " + e.getMessage(), e);
            }
        }
    };
    private static final Map<ASN1ObjectIdentifier, FipsKDF.AgreementKDFPRF> kdfPRF = new HashMap();
    private static final Map<ASN1ObjectIdentifier, String> wrapNames = new HashMap();
    private static final Map<String, String> generalRsaAttributes = new HashMap();
    private final SignatureOperatorFactory fipsRsaSigFactory = new FipsRSA.SignatureOperatorFactory();
    private SignatureOperatorFactory generalRsaSigFactory = getGeneralSigFactory();
    private SignatureWithMessageRecoveryOperatorFactory recoveryRsaSigFactory = getRecoverySigFactory();
    private final FipsAlgorithm[] fipsAlgorithms = {FipsRSA.WRAP_PKCS1v1_5.getAlgorithm(), FipsRSA.WRAP_OAEP.getAlgorithm()};
    private final GeneralAlgorithm[] generalAlgorithms = {RSA.ALGORITHM, RSA.WRAP_PKCS1v1_5.getAlgorithm(), RSA.WRAP_OAEP.getAlgorithm()};

    /* loaded from: input_file:org/bouncycastle/jcajce/provider/ProvRSA$AdaptiveSignatureOperatorFactory.class */
    private class AdaptiveSignatureOperatorFactory<T extends Parameters> implements SignatureOperatorFactory<FipsRSA.PKCS1v15SignatureParameters> {
        private AdaptiveSignatureOperatorFactory() {
        }

        @Override // org.bouncycastle.crypto.SignatureOperatorFactory
        public final OutputSigner createSigner(AsymmetricPrivateKey asymmetricPrivateKey, FipsRSA.PKCS1v15SignatureParameters pKCS1v15SignatureParameters) {
            if (!CryptoServicesRegistrar.isInApprovedOnlyMode() && ((AsymmetricRSAPrivateKey) asymmetricPrivateKey).getModulus().bitLength() < 2048) {
                return ProvRSA.this.getGeneralSigFactory().createSigner(asymmetricPrivateKey, RSA.PKCS1v1_5.withDigestAlgorithm(pKCS1v15SignatureParameters.getDigestAlgorithm()));
            }
            return ProvRSA.this.fipsRsaSigFactory.createSigner(asymmetricPrivateKey, pKCS1v15SignatureParameters);
        }

        @Override // org.bouncycastle.crypto.SignatureOperatorFactory
        public final OutputVerifier createVerifier(AsymmetricPublicKey asymmetricPublicKey, FipsRSA.PKCS1v15SignatureParameters pKCS1v15SignatureParameters) {
            if (!CryptoServicesRegistrar.isInApprovedOnlyMode() && ((AsymmetricRSAPublicKey) asymmetricPublicKey).getModulus().bitLength() < 1024) {
                return ProvRSA.this.getGeneralSigFactory().createVerifier(asymmetricPublicKey, RSA.PKCS1v1_5.withDigestAlgorithm(pKCS1v15SignatureParameters.getDigestAlgorithm()));
            }
            return ProvRSA.this.fipsRsaSigFactory.createVerifier(asymmetricPublicKey, pKCS1v15SignatureParameters);
        }
    }

    /* loaded from: input_file:org/bouncycastle/jcajce/provider/ProvRSA$InternalKtsSpec.class */
    static class InternalKtsSpec implements AlgorithmParameterSpec {
        private final int keySize;
        private final int macKeySize;
        private final AlgorithmParameterSpec parameterSpec;

        public InternalKtsSpec(int i, int i2, AlgorithmParameterSpec algorithmParameterSpec) {
            this.keySize = i;
            this.macKeySize = i2;
            this.parameterSpec = algorithmParameterSpec;
        }
    }

    /* loaded from: input_file:org/bouncycastle/jcajce/provider/ProvRSA$KEMKTSSKeyFactory.class */
    static class KEMKTSSKeyFactory extends SecretKeyFactorySpi {
        private final BouncyCastleFipsProvider fipsProvider;

        public KEMKTSSKeyFactory(BouncyCastleFipsProvider bouncyCastleFipsProvider) {
            this.fipsProvider = bouncyCastleFipsProvider;
        }

        @Override // javax.crypto.SecretKeyFactorySpi
        protected SecretKey engineGenerateSecret(KeySpec keySpec) throws InvalidKeySpecException {
            try {
                if (!(keySpec instanceof KTSWithKEMKWSKeySpec)) {
                    throw new InvalidKeySpecException("Unknown KeySpec passed");
                }
                KTSWithKEMKWSKeySpec kTSWithKEMKWSKeySpec = (KTSWithKEMKWSKeySpec) keySpec;
                KTSKeySpec kTSKeySpec = kTSWithKEMKWSKeySpec.getKTSKeySpec();
                SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("RSA-KAS-KEM", this.fipsProvider);
                if (kTSKeySpec instanceof KTSGenerateKeySpec) {
                    KTSKeyWithEncapsulation kTSKeyWithEncapsulation = (KTSKeyWithEncapsulation) secretKeyFactory.generateSecret(kTSKeySpec);
                    KeyGenerator keyGenerator = KeyGenerator.getInstance(kTSWithKEMKWSKeySpec.getTransportedKeyAlgorithm(), this.fipsProvider);
                    keyGenerator.init(kTSWithKEMKWSKeySpec.getTransportedKeySize(), ((KTSGenerateKeySpec) kTSKeySpec).getSecureRandom());
                    Cipher cipher = Cipher.getInstance(kTSKeySpec.getKeyAlgorithmName(), this.fipsProvider);
                    cipher.init(3, kTSKeyWithEncapsulation, ((KTSGenerateKeySpec) kTSKeySpec).getSecureRandom());
                    SecretKey generateKey = keyGenerator.generateKey();
                    ZeroizableSecretKey macKey = kTSKeyWithEncapsulation.getMacKey();
                    byte[] concatenate = Arrays.concatenate(kTSKeyWithEncapsulation.getEncapsulation(), cipher.wrap(generateKey));
                    return macKey != null ? new KTSKeyWithEncapsulation(new AgreedKeyWithMacKey(generateKey, macKey.getAlgorithm(), macKey.getEncoded()), concatenate) : new KTSKeyWithEncapsulation(generateKey, concatenate);
                }
                KTSExtractKeySpec kTSExtractKeySpec = (KTSExtractKeySpec) kTSKeySpec;
                byte[] encapsulation = kTSExtractKeySpec.getEncapsulation();
                byte[] bArr = new byte[(((RSAPrivateKey) kTSExtractKeySpec.getPrivateKey()).getModulus().bitLength() + 7) / 8];
                System.arraycopy(encapsulation, 0, bArr, 0, bArr.length);
                KTSKeyWithEncapsulation kTSKeyWithEncapsulation2 = (KTSKeyWithEncapsulation) secretKeyFactory.generateSecret(new KTSExtractKeySpec.Builder(kTSExtractKeySpec.getPrivateKey(), bArr, kTSExtractKeySpec.getKeyAlgorithmName(), kTSExtractKeySpec.getKeySize(), kTSExtractKeySpec.getOtherInfo()).withKdfAlgorithm(kTSExtractKeySpec.getKdfAlgorithmId()).withMac(kTSExtractKeySpec.getMacAlgorithmName(), kTSExtractKeySpec.getMacKeySize()).build());
                Cipher cipher2 = Cipher.getInstance(kTSExtractKeySpec.getKeyAlgorithmName(), this.fipsProvider);
                cipher2.init(4, kTSKeyWithEncapsulation2);
                byte[] bArr2 = new byte[encapsulation.length - bArr.length];
                System.arraycopy(encapsulation, bArr.length, bArr2, 0, bArr2.length);
                SecretKey secretKey = (SecretKey) cipher2.unwrap(bArr2, kTSWithKEMKWSKeySpec.getTransportedKeyAlgorithm(), 3);
                ZeroizableSecretKey macKey2 = kTSKeyWithEncapsulation2.getMacKey();
                int length = secretKey.getEncoded().length;
                if (length != (kTSWithKEMKWSKeySpec.getTransportedKeySize() + 7) / 8) {
                    throw new InvalidKeySpecException("KEM transported key the incorrect size: found " + length + " bytes");
                }
                return macKey2 != null ? new KTSKeyWithEncapsulation(new AgreedKeyWithMacKey(secretKey, macKey2.getAlgorithm(), macKey2.getEncoded()), bArr) : new KTSKeyWithEncapsulation(secretKey, bArr);
            } catch (IllegalArgumentException e) {
                throw new InvalidKeySpecException("Unable to process KDF AlgorithmIdentifier: " + e.getMessage(), e);
            } catch (InvalidKeySpecException e2) {
                throw e2;
            } catch (GeneralSecurityException e3) {
                throw new InvalidKeySpecException("Unable to process RSA key: " + e3.getMessage(), e3);
            }
        }

        @Override // javax.crypto.SecretKeyFactorySpi
        protected KeySpec engineGetKeySpec(SecretKey secretKey, Class cls) throws InvalidKeySpecException {
            throw new InvalidKeySpecException("Operation not supported");
        }

        @Override // javax.crypto.SecretKeyFactorySpi
        protected SecretKey engineTranslateKey(SecretKey secretKey) throws InvalidKeyException {
            throw new InvalidKeyException("Operation not supported");
        }
    }

    /* loaded from: input_file:org/bouncycastle/jcajce/provider/ProvRSA$KTSSKeyFactory.class */
    static class KTSSKeyFactory extends SecretKeyFactorySpi {
        private final BouncyCastleFipsProvider fipsProvider;
        private final PublicKeyConverter publicKeyConverter;
        private final PrivateKeyConverter privateKeyConverter;
        private final ParametersCreator parametersCreator;

        public KTSSKeyFactory(ParametersCreator parametersCreator, BouncyCastleFipsProvider bouncyCastleFipsProvider, PublicKeyConverter publicKeyConverter, PrivateKeyConverter privateKeyConverter) {
            this.parametersCreator = parametersCreator;
            this.fipsProvider = bouncyCastleFipsProvider;
            this.publicKeyConverter = publicKeyConverter;
            this.privateKeyConverter = privateKeyConverter;
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // javax.crypto.SecretKeyFactorySpi
        protected SecretKey engineGenerateSecret(KeySpec keySpec) throws InvalidKeySpecException {
            FipsRSA.KTSOperatorFactory kTSOperatorFactory = new FipsRSA.KTSOperatorFactory(this.fipsProvider.getDefaultSecureRandom());
            try {
                if (keySpec instanceof KTSGenerateKeySpec) {
                    KTSGenerateKeySpec kTSGenerateKeySpec = (KTSGenerateKeySpec) keySpec;
                    FipsRSA.KTSParameters kTSParameters = (FipsRSA.KTSParameters) this.parametersCreator.createParameters(true, new InternalKtsSpec(kTSGenerateKeySpec.getKeySize(), kTSGenerateKeySpec.getMacKeySize(), kTSGenerateKeySpec.getParameterSpec()), kTSGenerateKeySpec.getSecureRandom());
                    EncapsulatingSecretGenerator createGenerator = kTSOperatorFactory.createGenerator((Key) this.publicKeyConverter.convertKey(kTSParameters.getAlgorithm(), kTSGenerateKeySpec.getPublicKey()), kTSParameters);
                    if (kTSGenerateKeySpec.getSecureRandom() != null) {
                        createGenerator = createGenerator.withSecureRandom(kTSGenerateKeySpec.getSecureRandom());
                    }
                    try {
                        SecretWithEncapsulation generate = createGenerator.generate();
                        byte[] secret = generate.getSecret();
                        if (kTSGenerateKeySpec.getMacAlgorithmName() == null) {
                            return new KTSKeyWithEncapsulation(new SecretKeySpec(makeKeyBytes(kTSParameters, kTSGenerateKeySpec.getKdfAlgorithmId(), secret, kTSGenerateKeySpec.getKeySize(), kTSGenerateKeySpec.getOtherInfo()), kTSGenerateKeySpec.getKeyAlgorithmName()), generate.getEncapsulation());
                        }
                        byte[] bArr = new byte[(kTSGenerateKeySpec.getMacKeySize() + 7) / 8];
                        if (bArr.length > secret.length) {
                            throw new InvalidKeySpecException("MAC key length larger than available key material");
                        }
                        byte[] bArr2 = new byte[secret.length - bArr.length];
                        System.arraycopy(secret, 0, bArr, 0, bArr.length);
                        System.arraycopy(secret, bArr.length, bArr2, 0, bArr2.length);
                        Arrays.fill(secret, (byte) 0);
                        return new KTSKeyWithEncapsulation(new AgreedKeyWithMacKey(new SecretKeySpec(makeKeyBytes(kTSParameters, kTSGenerateKeySpec.getKdfAlgorithmId(), bArr2, kTSGenerateKeySpec.getKeySize(), kTSGenerateKeySpec.getOtherInfo()), kTSGenerateKeySpec.getKeyAlgorithmName()), kTSGenerateKeySpec.getMacAlgorithmName(), bArr), generate.getEncapsulation());
                    } catch (PlainInputProcessingException e) {
                        throw new InvalidKeySpecException("Unable to create secret: " + e.getMessage(), e);
                    }
                }
                if (!(keySpec instanceof KTSExtractKeySpec)) {
                    throw new InvalidKeySpecException("Unknown KeySpec passed");
                }
                KTSExtractKeySpec kTSExtractKeySpec = (KTSExtractKeySpec) keySpec;
                FipsRSA.KTSParameters kTSParameters2 = (FipsRSA.KTSParameters) this.parametersCreator.createParameters(true, new InternalKtsSpec(kTSExtractKeySpec.getKeySize(), kTSExtractKeySpec.getMacKeySize(), kTSExtractKeySpec.getParameterSpec()), null);
                FipsEncapsulatedSecretExtractor<FipsRSA.KTSParameters> createExtractor = kTSOperatorFactory.createExtractor((Key) this.privateKeyConverter.convertKey(kTSParameters2.getAlgorithm(), kTSExtractKeySpec.getPrivateKey()), kTSParameters2);
                byte[] encapsulation = kTSExtractKeySpec.getEncapsulation();
                try {
                    byte[] secret2 = createExtractor.extractSecret(encapsulation, 0, encapsulation.length).getSecret();
                    if (kTSExtractKeySpec.getMacAlgorithmName() == null) {
                        return new KTSKeyWithEncapsulation(new SecretKeySpec(makeKeyBytes(kTSParameters2, kTSExtractKeySpec.getKdfAlgorithmId(), secret2, kTSExtractKeySpec.getKeySize(), kTSExtractKeySpec.getOtherInfo()), kTSExtractKeySpec.getKeyAlgorithmName()), encapsulation);
                    }
                    byte[] bArr3 = new byte[(kTSExtractKeySpec.getMacKeySize() + 7) / 8];
                    if (bArr3.length > secret2.length) {
                        throw new InvalidKeySpecException("MAC key length larger than available key material");
                    }
                    byte[] bArr4 = new byte[secret2.length - bArr3.length];
                    System.arraycopy(secret2, 0, bArr3, 0, bArr3.length);
                    System.arraycopy(secret2, bArr3.length, bArr4, 0, bArr4.length);
                    Arrays.fill(secret2, (byte) 0);
                    return new KTSKeyWithEncapsulation(new AgreedKeyWithMacKey(new SecretKeySpec(makeKeyBytes(kTSParameters2, kTSExtractKeySpec.getKdfAlgorithmId(), bArr4, kTSExtractKeySpec.getKeySize(), kTSExtractKeySpec.getOtherInfo()), kTSExtractKeySpec.getKeyAlgorithmName()), kTSExtractKeySpec.getMacAlgorithmName(), bArr3), encapsulation);
                } catch (InvalidCipherTextException e2) {
                    throw new InvalidKeySpecException("Unable to extract secret: " + e2.getMessage(), e2);
                }
            } catch (IllegalArgumentException e3) {
                throw new InvalidKeySpecException("Unable to process KDF AlgorithmIdentifier: " + e3.getMessage(), e3);
            } catch (InvalidAlgorithmParameterException e4) {
                throw new InvalidKeySpecException("Unable to process RSA key: " + e4.getMessage(), e4);
            } catch (InvalidKeyException e5) {
                throw new InvalidKeySpecException("Unable to process RSA key: " + e5.getMessage(), e5);
            }
        }

        private byte[] makeKeyBytes(FipsRSA.KTSParameters kTSParameters, AlgorithmIdentifier algorithmIdentifier, byte[] bArr, int i, byte[] bArr2) throws InvalidKeySpecException {
            KDFCalculator<FipsKDF.AgreementKDFParameters> createKDFCalculator;
            if (kTSParameters instanceof FipsRSA.OAEPKTSParameters) {
                return bArr;
            }
            AlgorithmIdentifier algorithmIdentifier2 = AlgorithmIdentifier.getInstance(algorithmIdentifier.getParameters());
            if (Utils.isNotNull(algorithmIdentifier2.getParameters())) {
                throw new InvalidKeySpecException("Digest algorithm identifier cannot have parameters");
            }
            if (CryptoServicesRegistrar.isInApprovedOnlyMode() && (bArr2 == null || bArr2.length == 0)) {
                throw new FipsUnapprovedOperationError("OtherInfo/IV for KDF must be present in approved mode");
            }
            if (X9ObjectIdentifiers.id_kdf_kdf2.equals(algorithmIdentifier.getAlgorithm())) {
                createKDFCalculator = new FipsKDF.AgreementOperatorFactory().createKDFCalculator(FipsKDF.X963.withPRF(getPrfAlgorithm(algorithmIdentifier2.getAlgorithm())).using(bArr).withIV(bArr2));
            } else {
                if (!X9ObjectIdentifiers.id_kdf_kdf3.equals(algorithmIdentifier.getAlgorithm())) {
                    throw new InvalidKeySpecException("Unrecognized KDF: " + algorithmIdentifier.getAlgorithm());
                }
                createKDFCalculator = new FipsKDF.AgreementOperatorFactory().createKDFCalculator(FipsKDF.CONCATENATION.withPRF(getPrfAlgorithm(algorithmIdentifier2.getAlgorithm())).using(bArr).withIV(bArr2));
            }
            byte[] bArr3 = new byte[(i + 7) / 8];
            createKDFCalculator.generateBytes(bArr3);
            Arrays.fill(bArr, (byte) 0);
            return bArr3;
        }

        private static FipsKDF.AgreementKDFPRF getPrfAlgorithm(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws InvalidKeySpecException {
            FipsKDF.AgreementKDFPRF agreementKDFPRF = (FipsKDF.AgreementKDFPRF) ProvRSA.kdfPRF.get(aSN1ObjectIdentifier);
            if (agreementKDFPRF == null) {
                throw new InvalidKeySpecException("Unrecognized digest in KDF: " + aSN1ObjectIdentifier);
            }
            return agreementKDFPRF;
        }

        @Override // javax.crypto.SecretKeyFactorySpi
        protected KeySpec engineGetKeySpec(SecretKey secretKey, Class cls) throws InvalidKeySpecException {
            throw new InvalidKeySpecException("Operation not supported");
        }

        @Override // javax.crypto.SecretKeyFactorySpi
        protected SecretKey engineTranslateKey(SecretKey secretKey) throws InvalidKeyException {
            throw new InvalidKeyException("Operation not supported");
        }
    }

    /* loaded from: input_file:org/bouncycastle/jcajce/provider/ProvRSA$KeyPairGenerator.class */
    static class KeyPairGenerator extends java.security.KeyPairGenerator {
        private final BouncyCastleFipsProvider fipsProvider;
        static final BigInteger defaultPublicExponent = BigInteger.valueOf(65537);
        AsymmetricKeyPairGenerator engine;

        public KeyPairGenerator(BouncyCastleFipsProvider bouncyCastleFipsProvider, String str) {
            super(str);
            this.fipsProvider = bouncyCastleFipsProvider;
        }

        public KeyPairGenerator(BouncyCastleFipsProvider bouncyCastleFipsProvider) {
            this(bouncyCastleFipsProvider, "RSA");
        }

        @Override // java.security.KeyPairGenerator
        public void initialize(int i) {
            initialize(i, this.fipsProvider.getDefaultSecureRandom());
        }

        @Override // java.security.KeyPairGenerator, java.security.KeyPairGeneratorSpi
        public void initialize(int i, SecureRandom secureRandom) {
            if (i < 2048) {
                this.engine = new RSA.KeyPairGenerator(new RSA.KeyGenParameters(defaultPublicExponent, i), secureRandom);
            } else {
                this.engine = new FipsRSA.KeyPairGenerator(new FipsRSA.KeyGenParameters(defaultPublicExponent, i), secureRandom);
            }
        }

        @Override // java.security.KeyPairGenerator
        public void initialize(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
            initialize(algorithmParameterSpec, this.fipsProvider.getDefaultSecureRandom());
        }

        @Override // java.security.KeyPairGenerator, java.security.KeyPairGeneratorSpi
        public void initialize(AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
            if (!(algorithmParameterSpec instanceof RSAKeyGenParameterSpec)) {
                throw new InvalidAlgorithmParameterException("AlgorithmParameterSpec not recognized: " + algorithmParameterSpec.getClass().getName());
            }
            RSAKeyGenParameterSpec rSAKeyGenParameterSpec = (RSAKeyGenParameterSpec) algorithmParameterSpec;
            if (rSAKeyGenParameterSpec.getKeysize() >= 2048) {
                this.engine = new FipsRSA.KeyPairGenerator(new FipsRSA.KeyGenParameters(rSAKeyGenParameterSpec.getPublicExponent(), rSAKeyGenParameterSpec.getKeysize()), secureRandom);
            } else {
                if (CryptoServicesRegistrar.isInApprovedOnlyMode()) {
                    throw new InvalidAlgorithmParameterException("RSA key size too small for FIPS mode operation");
                }
                this.engine = new RSA.KeyPairGenerator(new RSA.KeyGenParameters(rSAKeyGenParameterSpec.getPublicExponent(), rSAKeyGenParameterSpec.getKeysize()), secureRandom);
            }
        }

        @Override // java.security.KeyPairGenerator, java.security.KeyPairGeneratorSpi
        public KeyPair generateKeyPair() {
            if (this.engine == null) {
                this.engine = new FipsRSA.KeyPairGenerator(new FipsRSA.KeyGenParameters(defaultPublicExponent, 2048), this.fipsProvider.getDefaultSecureRandom());
            }
            AsymmetricKeyPair generateKeyPair = this.engine.generateKeyPair();
            return new KeyPair(new ProvRSAPublicKey((AsymmetricRSAPublicKey) generateKeyPair.getPublicKey()), new ProvRSAPrivateCrtKey((AsymmetricRSAPrivateKey) generateKeyPair.getPrivateKey()));
        }
    }

    /* loaded from: input_file:org/bouncycastle/jcajce/provider/ProvRSA$KtsAlgParams.class */
    public static class KtsAlgParams extends X509AlgorithmParameters {
        private GenericHybridParameters params;

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.bouncycastle.jcajce.provider.BaseAlgorithmParameters
        public byte[] localGetEncoded() throws IOException {
            return this.params.getEncoded();
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.bouncycastle.jcajce.provider.BaseAlgorithmParameters
        public void localInit(byte[] bArr) throws IOException {
            this.params = GenericHybridParameters.getInstance(bArr);
        }

        @Override // org.bouncycastle.jcajce.provider.BaseAlgorithmParameters
        protected AlgorithmParameterSpec localEngineGetParameterSpec(Class cls) throws InvalidParameterSpecException {
            if (cls != KTSParameterSpec.class && cls != AlgorithmParameterSpec.class) {
                throw new InvalidParameterSpecException("AlgorithmParameterSpec not recognized: " + cls.getName());
            }
            RsaKemParameters rsaKemParameters = RsaKemParameters.getInstance(this.params.getKem().getParameters());
            String str = (String) ProvRSA.wrapNames.get(this.params.getDem().getAlgorithm());
            if (str == null) {
                str = this.params.getDem().getAlgorithm().getId();
            }
            return new KTSParameterSpec.Builder(str, rsaKemParameters.getKeyLength().intValue() * 8).withKdfAlgorithm(rsaKemParameters.getKeyDerivationFunction()).build();
        }

        @Override // java.security.AlgorithmParametersSpi
        protected void engineInit(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidParameterSpecException {
            int keySize;
            ASN1ObjectIdentifier aSN1ObjectIdentifier;
            if (!(algorithmParameterSpec instanceof KTSParameterSpec)) {
                throw new InvalidParameterSpecException("KTSParameterSpec required to initialise a KTS AlgorithmParameters object");
            }
            KTSParameterSpec kTSParameterSpec = (KTSParameterSpec) algorithmParameterSpec;
            int keySize2 = kTSParameterSpec.getKeySize();
            if (kTSParameterSpec.getKeyAlgorithmName().equalsIgnoreCase("AES")) {
                switch (keySize2) {
                    case 128:
                        aSN1ObjectIdentifier = NISTObjectIdentifiers.id_aes128_wrap;
                        keySize = 16;
                        break;
                    case 192:
                        aSN1ObjectIdentifier = NISTObjectIdentifiers.id_aes192_wrap;
                        keySize = 24;
                        break;
                    case 256:
                        aSN1ObjectIdentifier = NISTObjectIdentifiers.id_aes256_wrap;
                        keySize = 32;
                        break;
                    default:
                        throw new InvalidParameterSpecException("Unknown key size for AES: " + keySize2);
                }
            } else if (kTSParameterSpec.getKeyAlgorithmName().equalsIgnoreCase("Camellia")) {
                switch (keySize2) {
                    case 128:
                        aSN1ObjectIdentifier = NTTObjectIdentifiers.id_camellia128_wrap;
                        keySize = 16;
                        break;
                    case 192:
                        aSN1ObjectIdentifier = NTTObjectIdentifiers.id_camellia192_wrap;
                        keySize = 24;
                        break;
                    case 256:
                        aSN1ObjectIdentifier = NTTObjectIdentifiers.id_camellia256_wrap;
                        keySize = 32;
                        break;
                    default:
                        throw new InvalidParameterSpecException("Unknown key size for Camellia: " + keySize2);
                }
            } else {
                keySize = ProvRSA.keySizeProvider.getKeySize(kTSParameterSpec.getKeyAlgorithmName());
                try {
                    aSN1ObjectIdentifier = new ASN1ObjectIdentifier(kTSParameterSpec.getKeyAlgorithmName());
                } catch (IllegalArgumentException e) {
                    throw new InvalidParameterSpecException("Cannot recognise key algorithm: " + kTSParameterSpec.getKeyAlgorithmName());
                }
            }
            if (keySize < 0) {
                throw new InvalidParameterSpecException("Unavailable key length for algorithm: " + kTSParameterSpec.getKeyAlgorithmName());
            }
            if (keySize * 8 != keySize2) {
                throw new InvalidParameterSpecException("Expected key size and key length do not match: " + keySize2 + " != (8 * " + keySize + ")");
            }
            this.params = new GenericHybridParameters(new AlgorithmIdentifier(ISOIECObjectIdentifiers.id_kem_rsa, new RsaKemParameters(kTSParameterSpec.getKdfAlgorithm(), keySize)), new AlgorithmIdentifier(aSN1ObjectIdentifier));
        }

        @Override // java.security.AlgorithmParametersSpi
        protected String engineToString() {
            return "KTS AlgParams";
        }
    }

    /* loaded from: input_file:org/bouncycastle/jcajce/provider/ProvRSA$OAEPAlgorithmParameters.class */
    public static class OAEPAlgorithmParameters extends X509AlgorithmParameters {
        OAEPParameterSpec currentSpec;

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.bouncycastle.jcajce.provider.BaseAlgorithmParameters
        public byte[] localGetEncoded() throws IOException {
            return new RSAESOAEPparams(new AlgorithmIdentifier(DigestUtil.getOID(this.currentSpec.getDigestAlgorithm()), DERNull.INSTANCE), new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, new AlgorithmIdentifier(DigestUtil.getOID(((MGF1ParameterSpec) this.currentSpec.getMGFParameters()).getDigestAlgorithm()), DERNull.INSTANCE)), new AlgorithmIdentifier(PKCSObjectIdentifiers.id_pSpecified, new DEROctetString(((PSource.PSpecified) this.currentSpec.getPSource()).getValue()))).getEncoded(ASN1Encoding.DER);
        }

        @Override // org.bouncycastle.jcajce.provider.BaseAlgorithmParameters
        protected AlgorithmParameterSpec localEngineGetParameterSpec(Class cls) throws InvalidParameterSpecException {
            if (cls == OAEPParameterSpec.class || cls == AlgorithmParameterSpec.class) {
                return this.currentSpec;
            }
            throw new InvalidParameterSpecException("AlgorithmParameterSpec not recognized: " + cls.getName());
        }

        @Override // java.security.AlgorithmParametersSpi
        protected void engineInit(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidParameterSpecException {
            if (!(algorithmParameterSpec instanceof OAEPParameterSpec)) {
                throw new InvalidParameterSpecException("OAEPParameterSpec required to initialise an OAEP AlgorithmParameters object");
            }
            this.currentSpec = (OAEPParameterSpec) algorithmParameterSpec;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.bouncycastle.jcajce.provider.BaseAlgorithmParameters
        public void localInit(byte[] bArr) throws IOException {
            RSAESOAEPparams rSAESOAEPparams = RSAESOAEPparams.getInstance(bArr);
            this.currentSpec = new OAEPParameterSpec(MessageDigestUtils.getDigestName(rSAESOAEPparams.getHashAlgorithm().getAlgorithm()), ProvRSA.getMGFName(rSAESOAEPparams.getMaskGenAlgorithm().getAlgorithm()), new MGF1ParameterSpec(MessageDigestUtils.getDigestName(AlgorithmIdentifier.getInstance(rSAESOAEPparams.getMaskGenAlgorithm().getParameters()).getAlgorithm())), new PSource.PSpecified(ASN1OctetString.getInstance(rSAESOAEPparams.getPSourceAlgorithm().getParameters()).getOctets()));
        }

        @Override // java.security.AlgorithmParametersSpi
        protected String engineToString() {
            return "OAEP Parameters";
        }
    }

    /* loaded from: input_file:org/bouncycastle/jcajce/provider/ProvRSA$PSSAlgorithmParameters.class */
    public static class PSSAlgorithmParameters extends X509AlgorithmParameters {
        PSSParameterSpec currentSpec;

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.bouncycastle.jcajce.provider.BaseAlgorithmParameters
        public byte[] localGetEncoded() throws IOException {
            PSSParameterSpec pSSParameterSpec = this.currentSpec;
            return new RSASSAPSSparams(new AlgorithmIdentifier(DigestUtil.getOID(pSSParameterSpec.getDigestAlgorithm()), DERNull.INSTANCE), new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, new AlgorithmIdentifier(DigestUtil.getOID(((MGF1ParameterSpec) pSSParameterSpec.getMGFParameters()).getDigestAlgorithm()), DERNull.INSTANCE)), new ASN1Integer(pSSParameterSpec.getSaltLength()), new ASN1Integer(pSSParameterSpec.getTrailerField())).getEncoded(ASN1Encoding.DER);
        }

        @Override // org.bouncycastle.jcajce.provider.BaseAlgorithmParameters
        protected AlgorithmParameterSpec localEngineGetParameterSpec(Class cls) throws InvalidParameterSpecException {
            if (cls == PSSParameterSpec.class || cls == AlgorithmParameterSpec.class) {
                return this.currentSpec;
            }
            throw new InvalidParameterSpecException("AlgorithmParameterSpec not recognized: " + cls.getName());
        }

        @Override // java.security.AlgorithmParametersSpi
        protected void engineInit(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidParameterSpecException {
            if (!(algorithmParameterSpec instanceof PSSParameterSpec)) {
                throw new InvalidParameterSpecException("PSSParameterSpec required to initialise an PSS AlgorithmParameters object");
            }
            this.currentSpec = (PSSParameterSpec) algorithmParameterSpec;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.bouncycastle.jcajce.provider.BaseAlgorithmParameters
        public void localInit(byte[] bArr) throws IOException {
            RSASSAPSSparams rSASSAPSSparams = RSASSAPSSparams.getInstance(bArr);
            this.currentSpec = new PSSParameterSpec(MessageDigestUtils.getDigestName(rSASSAPSSparams.getHashAlgorithm().getAlgorithm()), ProvRSA.getMGFName(rSASSAPSSparams.getMaskGenAlgorithm().getAlgorithm()), new MGF1ParameterSpec(MessageDigestUtils.getDigestName(AlgorithmIdentifier.getInstance(rSASSAPSSparams.getMaskGenAlgorithm().getParameters()).getAlgorithm())), rSASSAPSSparams.getSaltLength().intValue(), rSASSAPSSparams.getTrailerField().intValue());
        }

        @Override // java.security.AlgorithmParametersSpi
        protected String engineToString() {
            return "PSS Parameters";
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/bouncycastle/jcajce/provider/ProvRSA$RSAKeyFactory.class */
    public static class RSAKeyFactory extends BaseKeyFactory {
        private final Algorithm algorithm;

        public RSAKeyFactory(Algorithm algorithm) {
            this.algorithm = algorithm;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.bouncycastle.jcajce.provider.BaseKeyFactory, java.security.KeyFactorySpi
        public KeySpec engineGetKeySpec(java.security.Key key, Class cls) throws InvalidKeySpecException {
            if (cls == null) {
                throw new InvalidKeySpecException("null spec is invalid");
            }
            if (cls.isAssignableFrom(RSAPublicKeySpec.class) && (key instanceof RSAPublicKey)) {
                RSAPublicKey rSAPublicKey = (RSAPublicKey) key;
                return new RSAPublicKeySpec(rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent());
            }
            if (cls.isAssignableFrom(RSAPrivateKeySpec.class) && (key instanceof RSAPrivateKey)) {
                RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) key;
                return new RSAPrivateKeySpec(rSAPrivateKey.getModulus(), rSAPrivateKey.getPrivateExponent());
            }
            if (!cls.isAssignableFrom(RSAPrivateCrtKeySpec.class) || !(key instanceof RSAPrivateCrtKey)) {
                return super.engineGetKeySpec(key, cls);
            }
            RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) key;
            return new RSAPrivateCrtKeySpec(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent(), rSAPrivateCrtKey.getPrivateExponent(), rSAPrivateCrtKey.getPrimeP(), rSAPrivateCrtKey.getPrimeQ(), rSAPrivateCrtKey.getPrimeExponentP(), rSAPrivateCrtKey.getPrimeExponentQ(), rSAPrivateCrtKey.getCrtCoefficient());
        }

        @Override // java.security.KeyFactorySpi
        protected java.security.Key engineTranslateKey(java.security.Key key) throws InvalidKeyException {
            if (key instanceof PublicKey) {
                return new ProvRSAPublicKey((AsymmetricRSAPublicKey) ProvRSA.publicKeyConverter.convertKey(ProvRSA.access$700(), (PublicKey) key));
            }
            if (key instanceof PrivateKey) {
                return toProviderKey((AsymmetricRSAPrivateKey) ProvRSA.privateKeyConverter.convertKey(ProvRSA.access$700(), (PrivateKey) key));
            }
            if (key != null) {
                throw new InvalidKeyException("Key type unrecognized: " + key.getClass().getName());
            }
            throw new InvalidKeyException("Key is null");
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.bouncycastle.jcajce.provider.BaseKeyFactory, java.security.KeyFactorySpi
        public PrivateKey engineGeneratePrivate(KeySpec keySpec) throws InvalidKeySpecException {
            if (keySpec instanceof PKCS8EncodedKeySpec) {
                try {
                    return generatePrivate(((PKCS8EncodedKeySpec) keySpec).getEncoded());
                } catch (Exception e) {
                    throw new InvalidKeySpecException(e.getMessage(), e);
                }
            }
            if (keySpec instanceof RSAPrivateCrtKeySpec) {
                return new ProvRSAPrivateCrtKey(ProvRSA.access$700(), (RSAPrivateCrtKeySpec) keySpec);
            }
            if (keySpec instanceof RSAPrivateKeySpec) {
                return new ProvRSAPrivateKey(ProvRSA.access$700(), (RSAPrivateKeySpec) keySpec);
            }
            if (keySpec != null) {
                throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName());
            }
            throw new InvalidKeySpecException("null keySpec passed for PrivateKey");
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.bouncycastle.jcajce.provider.BaseKeyFactory, java.security.KeyFactorySpi
        public PublicKey engineGeneratePublic(KeySpec keySpec) throws InvalidKeySpecException {
            return keySpec instanceof RSAPublicKeySpec ? new ProvRSAPublicKey(ProvRSA.access$700(), (RSAPublicKeySpec) keySpec) : super.engineGeneratePublic(keySpec);
        }

        public PrivateKey generatePrivate(byte[] bArr) throws IOException {
            return generatePrivate(PrivateKeyInfo.getInstance(bArr));
        }

        @Override // org.bouncycastle.jcajce.provider.AsymmetricKeyInfoConverter
        public PrivateKey generatePrivate(PrivateKeyInfo privateKeyInfo) throws IOException {
            return toProviderKey(new AsymmetricRSAPrivateKey(ProvRSA.access$700(), privateKeyInfo));
        }

        @Override // org.bouncycastle.jcajce.provider.AsymmetricKeyInfoConverter
        public PublicKey generatePublic(SubjectPublicKeyInfo subjectPublicKeyInfo) throws IOException {
            return new ProvRSAPublicKey(new AsymmetricRSAPublicKey(ProvRSA.access$700(), subjectPublicKeyInfo));
        }

        private RSAPrivateKey toProviderKey(AsymmetricRSAPrivateKey asymmetricRSAPrivateKey) {
            return asymmetricRSAPrivateKey.getP().equals(BigInteger.ZERO) ? new ProvRSAPrivateKey(asymmetricRSAPrivateKey) : new ProvRSAPrivateCrtKey(asymmetricRSAPrivateKey);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public AsymmetricOperatorFactory getGeneralEncryptionFactory() {
        if (CryptoServicesRegistrar.isInApprovedOnlyMode()) {
            return null;
        }
        if (this.singleBlockFactory == null) {
            this.singleBlockFactory = new RSA.OperatorFactory();
        }
        return this.singleBlockFactory;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public KeyWrapOperatorFactory getGeneralWrappingFactory() {
        if (CryptoServicesRegistrar.isInApprovedOnlyMode()) {
            return null;
        }
        if (this.generalKeyWrapFactory == null) {
            this.generalKeyWrapFactory = new RSA.KeyWrapOperatorFactory();
        }
        return this.generalKeyWrapFactory;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SignatureOperatorFactory getGeneralSigFactory() {
        if (CryptoServicesRegistrar.isInApprovedOnlyMode()) {
            return null;
        }
        if (this.generalRsaSigFactory == null) {
            this.generalRsaSigFactory = new RSA.SignatureOperatorFactory();
        }
        return this.generalRsaSigFactory;
    }

    private SignatureWithMessageRecoveryOperatorFactory getRecoverySigFactory() {
        if (CryptoServicesRegistrar.isInApprovedOnlyMode()) {
            return null;
        }
        if (this.recoveryRsaSigFactory == null) {
            this.recoveryRsaSigFactory = new RSA.SignatureWithMessageRecoveryOperatorFactory();
        }
        return this.recoveryRsaSigFactory;
    }

    @Override // org.bouncycastle.jcajce.provider.AlgorithmProvider
    public void configure(final BouncyCastleFipsProvider bouncyCastleFipsProvider) {
        bouncyCastleFipsProvider.addAlgorithmImplementation("AlgorithmParameters.OAEP", "org.bouncycastle.jcajce.provider.asymmetric.rsa.AlgorithmParametersSpi$OAEP", new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.3
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new OAEPAlgorithmParameters();
            }
        });
        bouncyCastleFipsProvider.addAlias("AlgorithmParameters", "OAEP", PKCSObjectIdentifiers.id_RSAES_OAEP);
        bouncyCastleFipsProvider.addAlgorithmImplementation("AlgorithmParameters.PSS", "org.bouncycastle.jcajce.provider.asymmetric.rsa.AlgorithmParametersSpi$PSS", new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.4
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new PSSAlgorithmParameters();
            }
        });
        bouncyCastleFipsProvider.addAlias("AlgorithmParameters", "PSS", "RSAPSS", "RSA-PSS", "RSASSA-PSS");
        bouncyCastleFipsProvider.addAlias("AlgorithmParameters", "PSS", PKCSObjectIdentifiers.id_RSASSA_PSS);
        EngineCreator engineCreator = new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.5
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return CryptoServicesRegistrar.isInApprovedOnlyMode() ? build(ProvRSA.this.fipsAlgorithms) : build(ProvRSA.this.generalAlgorithms);
            }

            private BaseSingleBlockCipher build(Algorithm[] algorithmArr) {
                return new BaseSingleBlockCipher.Builder(bouncyCastleFipsProvider, algorithmArr).setWrapModeOnly(CryptoServicesRegistrar.isInApprovedOnlyMode()).withFipsOperators(null, new FipsRSA.KeyWrapOperatorFactory()).withGeneralOperators(ProvRSA.this.getGeneralEncryptionFactory(), ProvRSA.this.getGeneralWrappingFactory()).withPublicKeyConverter(ProvRSA.publicKeyConverter).withPrivateKeyConverter(ProvRSA.privateKeyConverter).withParametersCreatorProvider(new ParametersCreatorProvider() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.5.1
                    @Override // org.bouncycastle.jcajce.provider.ParametersCreatorProvider
                    public ParametersCreator get(final Parameters parameters) {
                        return new ParametersCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.5.1.1
                            @Override // org.bouncycastle.jcajce.provider.ParametersCreator, org.bouncycastle.jcajce.provider.MacParametersCreator
                            public Parameters createParameters(boolean z, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) {
                                if (CryptoServicesRegistrar.isInApprovedOnlyMode()) {
                                    return parameters.getAlgorithm() == FipsRSA.WRAP_OAEP.getAlgorithm() ? ProvRSA.createFipsOaepParameters((OAEPParameterSpec) algorithmParameterSpec) : FipsRSA.WRAP_PKCS1v1_5;
                                }
                                if (parameters.getAlgorithm() != RSA.WRAP_OAEP.getAlgorithm()) {
                                    return parameters.getAlgorithm() == RSA.WRAP_PKCS1v1_5.getAlgorithm() ? RSA.WRAP_PKCS1v1_5 : RSA.RAW;
                                }
                                OAEPParameterSpec oAEPParameterSpec = (OAEPParameterSpec) algorithmParameterSpec;
                                return RSA.WRAP_OAEP.withDigest(Utils.digestNameToAlgMap.get(oAEPParameterSpec.getDigestAlgorithm())).withMGFDigest(Utils.digestNameToAlgMap.get(((MGF1ParameterSpec) oAEPParameterSpec.getMGFParameters()).getDigestAlgorithm())).withEncodingParams(((PSource.PSpecified) oAEPParameterSpec.getPSource()).getValue());
                            }
                        };
                    }
                }).build();
            }
        };
        GuardedEngineCreator guardedEngineCreator = new GuardedEngineCreator(new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.6
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new BaseSingleBlockCipher.Builder(bouncyCastleFipsProvider, RSA.WRAP_PKCS1v1_5).withGeneralOperators(ProvRSA.this.getGeneralEncryptionFactory(), ProvRSA.this.getGeneralWrappingFactory()).withPublicKeyConverter(ProvRSA.publicKeyConverter).withPrivateKeyConverter(ProvRSA.privateKeyConverter).withParametersCreatorProvider(new ParametersCreatorProvider() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.6.1
                    @Override // org.bouncycastle.jcajce.provider.ParametersCreatorProvider
                    public ParametersCreator get(Parameters parameters) {
                        return new ParametersCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.6.1.1
                            @Override // org.bouncycastle.jcajce.provider.ParametersCreator, org.bouncycastle.jcajce.provider.MacParametersCreator
                            public Parameters createParameters(boolean z, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) {
                                return RSA.WRAP_PKCS1v1_5;
                            }
                        };
                    }
                }).build();
            }
        });
        GuardedEngineCreator guardedEngineCreator2 = new GuardedEngineCreator(new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.7
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new BaseSingleBlockCipher.Builder(bouncyCastleFipsProvider, RSA.WRAP_PKCS1v1_5).withGeneralOperators(ProvRSA.this.getGeneralEncryptionFactory(), ProvRSA.this.getGeneralWrappingFactory()).withPublicKeyConverter(ProvRSA.publicKeyConverter).withPrivateKeyConverter(ProvRSA.privateKeyConverter).setPrivateKeyOnly(true).withParametersCreatorProvider(new ParametersCreatorProvider() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.7.1
                    @Override // org.bouncycastle.jcajce.provider.ParametersCreatorProvider
                    public ParametersCreator get(Parameters parameters) {
                        return new ParametersCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.7.1.1
                            @Override // org.bouncycastle.jcajce.provider.ParametersCreator, org.bouncycastle.jcajce.provider.MacParametersCreator
                            public Parameters createParameters(boolean z, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) {
                                return RSA.WRAP_PKCS1v1_5;
                            }
                        };
                    }
                }).build();
            }
        });
        GuardedEngineCreator guardedEngineCreator3 = new GuardedEngineCreator(new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.8
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new BaseSingleBlockCipher.Builder(bouncyCastleFipsProvider, RSA.WRAP_PKCS1v1_5).withGeneralOperators(ProvRSA.this.getGeneralEncryptionFactory(), ProvRSA.this.getGeneralWrappingFactory()).withPublicKeyConverter(ProvRSA.publicKeyConverter).withPrivateKeyConverter(ProvRSA.privateKeyConverter).setPublicKeyOnly(true).withParametersCreatorProvider(new ParametersCreatorProvider() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.8.1
                    @Override // org.bouncycastle.jcajce.provider.ParametersCreatorProvider
                    public ParametersCreator get(Parameters parameters) {
                        return new ParametersCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.8.1.1
                            @Override // org.bouncycastle.jcajce.provider.ParametersCreator, org.bouncycastle.jcajce.provider.MacParametersCreator
                            public Parameters createParameters(boolean z, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) {
                                return RSA.WRAP_PKCS1v1_5;
                            }
                        };
                    }
                }).build();
            }
        });
        bouncyCastleFipsProvider.addAlgorithmImplementation("Cipher.RSA", "org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi$NoPadding", engineCreator);
        bouncyCastleFipsProvider.addAttributes("Cipher.RSA", generalRsaAttributes);
        if (!CryptoServicesRegistrar.isInApprovedOnlyMode()) {
            bouncyCastleFipsProvider.addAlgorithmImplementation("Cipher", PKCSObjectIdentifiers.rsaEncryption, "org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi$PKCS1v1_5Padding", guardedEngineCreator);
            bouncyCastleFipsProvider.addAttributes("Cipher", PKCSObjectIdentifiers.rsaEncryption, generalRsaAttributes);
            bouncyCastleFipsProvider.addAlgorithmImplementation("Cipher", X509ObjectIdentifiers.id_ea_rsa, "org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi$PKCS1v1_5Padding", guardedEngineCreator);
            bouncyCastleFipsProvider.addAttributes("Cipher", X509ObjectIdentifiers.id_ea_rsa, generalRsaAttributes);
            bouncyCastleFipsProvider.addAlgorithmImplementation("Cipher.RSA/1/PKCS1PADDING", "org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi$PKCS1v1_5Padding_PrivateOnly", guardedEngineCreator2);
            bouncyCastleFipsProvider.addAlgorithmImplementation("Cipher.RSA/2/PKCS1PADDING", "org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi$PKCS1v1_5Padding_PublicOnly", guardedEngineCreator3);
        }
        bouncyCastleFipsProvider.addAlgorithmImplementation("Cipher", PKCSObjectIdentifiers.id_RSAES_OAEP, "org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi$OAEPPadding", new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.9
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return CryptoServicesRegistrar.isInApprovedOnlyMode() ? new BaseSingleBlockCipher.Builder(bouncyCastleFipsProvider, FipsRSA.WRAP_OAEP).withPublicKeyConverter(ProvRSA.publicKeyConverter).withPrivateKeyConverter(ProvRSA.privateKeyConverter).setWrapModeOnly(true).withParameters(new Class[]{OAEPParameterSpec.class}).withFipsOperators(null, new FipsRSA.KeyWrapOperatorFactory()).withParametersCreatorProvider(new ParametersCreatorProvider() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.9.1
                    @Override // org.bouncycastle.jcajce.provider.ParametersCreatorProvider
                    public ParametersCreator get(Parameters parameters) {
                        return new ParametersCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.9.1.1
                            @Override // org.bouncycastle.jcajce.provider.ParametersCreator, org.bouncycastle.jcajce.provider.MacParametersCreator
                            public Parameters createParameters(boolean z, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) {
                                return algorithmParameterSpec == null ? FipsRSA.WRAP_OAEP : ProvRSA.createFipsOaepParameters((OAEPParameterSpec) algorithmParameterSpec);
                            }
                        };
                    }
                }).build() : new BaseSingleBlockCipher.Builder(bouncyCastleFipsProvider, RSA.WRAP_OAEP).withPublicKeyConverter(ProvRSA.publicKeyConverter).withPrivateKeyConverter(ProvRSA.privateKeyConverter).withParameters(new Class[]{OAEPParameterSpec.class}).withGeneralOperators(ProvRSA.this.getGeneralEncryptionFactory(), new RSA.KeyWrapOperatorFactory()).withParametersCreatorProvider(new ParametersCreatorProvider() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.9.2
                    @Override // org.bouncycastle.jcajce.provider.ParametersCreatorProvider
                    public ParametersCreator get(Parameters parameters) {
                        return new ParametersCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.9.2.1
                            @Override // org.bouncycastle.jcajce.provider.ParametersCreator, org.bouncycastle.jcajce.provider.MacParametersCreator
                            public Parameters createParameters(boolean z, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
                                if (algorithmParameterSpec == null) {
                                    return RSA.WRAP_OAEP;
                                }
                                if (!(algorithmParameterSpec instanceof OAEPParameterSpec)) {
                                    throw new InvalidAlgorithmParameterException("OAEP can only accept OAEPParameterSpec");
                                }
                                OAEPParameterSpec oAEPParameterSpec = (OAEPParameterSpec) algorithmParameterSpec;
                                DigestAlgorithm digestAlgorithm = Utils.digestNameToAlgMap.get(oAEPParameterSpec.getDigestAlgorithm());
                                return RSA.WRAP_OAEP.withDigest(digestAlgorithm).withMGFDigest(Utils.digestNameToAlgMap.get(((MGF1ParameterSpec) oAEPParameterSpec.getMGFParameters()).getDigestAlgorithm())).withEncodingParams(((PSource.PSpecified) oAEPParameterSpec.getPSource()).getValue());
                            }
                        };
                    }
                }).build();
            }
        });
        bouncyCastleFipsProvider.addAttributes("Cipher", PKCSObjectIdentifiers.id_RSAES_OAEP, generalRsaAttributes);
        bouncyCastleFipsProvider.addAlgorithmImplementation("KeyFactory.RSA", "org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyFactorySpi", new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.10
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new RSAKeyFactory(ProvRSA.access$700());
            }
        });
        bouncyCastleFipsProvider.addAlgorithmImplementation("KeyPairGenerator.RSA", "org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyPairGeneratorSpi", new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.11
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new KeyPairGenerator(bouncyCastleFipsProvider);
            }
        });
        RSAKeyFactory rSAKeyFactory = new RSAKeyFactory(getAlgorithmType());
        registerOid(bouncyCastleFipsProvider, PKCSObjectIdentifiers.rsaEncryption, "RSA", rSAKeyFactory);
        registerOid(bouncyCastleFipsProvider, X509ObjectIdentifiers.id_ea_rsa, "RSA", rSAKeyFactory);
        registerOid(bouncyCastleFipsProvider, PKCSObjectIdentifiers.id_RSAES_OAEP, "RSA", rSAKeyFactory);
        registerOid(bouncyCastleFipsProvider, PKCSObjectIdentifiers.id_RSASSA_PSS, "RSA", rSAKeyFactory);
        registerOid(bouncyCastleFipsProvider, PKCSObjectIdentifiers.id_rsa_KEM, "RSA", rSAKeyFactory);
        bouncyCastleFipsProvider.addAlgorithmImplementation("SecretKeyFactory.RSA-KAS-KEM", "org.bouncycastle.jcajce.provider.asymmetric.rsa.RSAKTSKEM", new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.12
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new KTSSKeyFactory(new ParametersCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.12.1
                    @Override // org.bouncycastle.jcajce.provider.ParametersCreator, org.bouncycastle.jcajce.provider.MacParametersCreator
                    public Parameters createParameters(boolean z, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
                        if (((InternalKtsSpec) algorithmParameterSpec).parameterSpec != null) {
                            throw new InvalidAlgorithmParameterException("RSA-KAS-KEM does not accept an AlgorithmParameterSpec");
                        }
                        return FipsRSA.KTS_SVE;
                    }
                }, bouncyCastleFipsProvider, ProvRSA.publicKeyConverter, ProvRSA.privateKeyConverter);
            }
        });
        bouncyCastleFipsProvider.addAlgorithmImplementation("SecretKeyFactory.RSA-KTS-KEM-KWS", "org.bouncycastle.jcajce.provider.asymmetric.rsa.RSAKTSKEMKWS", new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.13
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new KEMKTSSKeyFactory(bouncyCastleFipsProvider);
            }
        });
        bouncyCastleFipsProvider.addAlgorithmImplementation("Cipher.RSA-KTS-KEM-KWS", "org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherRSAKTSKEM", new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.14
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) throws NoSuchAlgorithmException {
                return new KtsCipherSpi(bouncyCastleFipsProvider, "RSA-KTS-KEM-KWS");
            }
        });
        bouncyCastleFipsProvider.addAttributes("Cipher.RSA-KTS-KEM-KWS", generalRsaAttributes);
        bouncyCastleFipsProvider.addAlias("Cipher", "RSA-KTS-KEM-KWS", PKCSObjectIdentifiers.id_rsa_KEM);
        bouncyCastleFipsProvider.addAlgorithmImplementation("AlgorithmParameters.RSA-KTS-KEM-KWS", "org.bouncycastle.jcajce.provider.asymmetric.rsa.AlgParamsRSAKTSKEM", new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.15
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) throws NoSuchAlgorithmException {
                return new KtsAlgParams();
            }
        });
        bouncyCastleFipsProvider.addAlias("AlgorithmParameters", "RSA-KTS-KEM-KWS", PKCSObjectIdentifiers.id_rsa_KEM);
        bouncyCastleFipsProvider.addAlgorithmImplementation("SecretKeyFactory.RSA-KTS-OAEP", "org.bouncycastle.jcajce.provider.asymmetric.rsa.RSAKTSOEAP", new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.16
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new KTSSKeyFactory(new ParametersCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.16.1
                    @Override // org.bouncycastle.jcajce.provider.ParametersCreator, org.bouncycastle.jcajce.provider.MacParametersCreator
                    public Parameters createParameters(boolean z, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
                        InternalKtsSpec internalKtsSpec = (InternalKtsSpec) algorithmParameterSpec;
                        if (internalKtsSpec.parameterSpec == null) {
                            return FipsRSA.KTS_OAEP.withKeySizeInBits(internalKtsSpec.keySize).withMacKeySizeInBits(internalKtsSpec.macKeySize);
                        }
                        if (!(internalKtsSpec.parameterSpec instanceof OAEPParameterSpec)) {
                            throw new InvalidAlgorithmParameterException("KTS-OAEP can only accept OAEPParameterSpec");
                        }
                        return FipsRSA.KTS_OAEP.withOAEPParameters(ProvRSA.createFipsOaepParameters((OAEPParameterSpec) internalKtsSpec.parameterSpec)).withKeySizeInBits(internalKtsSpec.keySize).withMacKeySizeInBits(internalKtsSpec.macKeySize);
                    }
                }, bouncyCastleFipsProvider, ProvRSA.publicKeyConverter, ProvRSA.privateKeyConverter);
            }
        });
        bouncyCastleFipsProvider.addAlgorithmImplementation("Signature.PSS", "org.bouncycastle.jcajce.provider.asymmetric.rsa.PSSSignatureSpi$PSSwithRSA", new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.17
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new BaseSignature(bouncyCastleFipsProvider, ProvRSA.this.fipsRsaSigFactory, ProvRSA.publicKeyConverter, ProvRSA.privateKeyConverter, FipsRSA.PSS, PSSParameterSpec.DEFAULT);
            }
        });
        bouncyCastleFipsProvider.addAttributes("Signature.PSS", generalRsaAttributes);
        bouncyCastleFipsProvider.addAlias(SignatureAttribute.tag, "PSS", PKCSObjectIdentifiers.id_RSASSA_PSS);
        bouncyCastleFipsProvider.addAlias(SignatureAttribute.tag, "PSS", "RSAPSS", "RSA-PSS", "RSASSA-PSS");
        bouncyCastleFipsProvider.addAlgorithmImplementation("Signature.NONEWITHRSA", "org.bouncycastle.jcajce.provider.asymmetric.rsa.SignatureSpi$NONEwithRSA", new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.18
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new BaseSignature(bouncyCastleFipsProvider, ProvRSA.this.fipsRsaSigFactory, ProvRSA.publicKeyConverter, ProvRSA.privateKeyConverter, FipsRSA.PKCS1v1_5.withDigestAlgorithm(null));
            }
        });
        bouncyCastleFipsProvider.addAttributes("Signature.NONEWITHRSA", generalRsaAttributes);
        bouncyCastleFipsProvider.addAlias("Alg.Alias.Signature.RAWRSA", "NONEWITHRSA");
        addPSSSignature(bouncyCastleFipsProvider, "SHA1", FipsSHS.Algorithm.SHA1, new PSSParameterSpec("SHA-1", "MGF1", new MGF1ParameterSpec("SHA-1"), 20, 1));
        addPSSSignature(bouncyCastleFipsProvider, "SHA224", FipsSHS.Algorithm.SHA224, new PSSParameterSpec("SHA-224", "MGF1", new MGF1ParameterSpec("SHA-224"), 28, 1));
        addPSSSignature(bouncyCastleFipsProvider, "SHA256", FipsSHS.Algorithm.SHA256, new PSSParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), 32, 1));
        addPSSSignature(bouncyCastleFipsProvider, "SHA384", FipsSHS.Algorithm.SHA384, new PSSParameterSpec("SHA-384", "MGF1", new MGF1ParameterSpec("SHA-384"), 48, 1));
        addPSSSignature(bouncyCastleFipsProvider, "SHA512", FipsSHS.Algorithm.SHA512, new PSSParameterSpec("SHA-512", "MGF1", new MGF1ParameterSpec("SHA-512"), 64, 1));
        addPSSSignature(bouncyCastleFipsProvider, "SHA512(224)", FipsSHS.Algorithm.SHA512_224, new PSSParameterSpec("SHA-512(224)", "MGF1", new MGF1ParameterSpec("SHA-512(224)"), 28, 1));
        addPSSSignature(bouncyCastleFipsProvider, "SHA512(256)", FipsSHS.Algorithm.SHA512_256, new PSSParameterSpec("SHA-512(256)", "MGF1", new MGF1ParameterSpec("SHA-512(256)"), 32, 1));
        addPSSSignature(bouncyCastleFipsProvider, MessageDigestAlgorithms.SHA3_224, FipsSHS.Algorithm.SHA3_224, new PSSParameterSpec(MessageDigestAlgorithms.SHA3_224, "MGF1", new MGF1ParameterSpec(MessageDigestAlgorithms.SHA3_224), 28, 1));
        addPSSSignature(bouncyCastleFipsProvider, "SHA3-256", FipsSHS.Algorithm.SHA3_256, new PSSParameterSpec("SHA3-256", "MGF1", new MGF1ParameterSpec("SHA3-256"), 32, 1));
        addPSSSignature(bouncyCastleFipsProvider, MessageDigestAlgorithms.SHA3_384, FipsSHS.Algorithm.SHA3_384, new PSSParameterSpec(MessageDigestAlgorithms.SHA3_384, "MGF1", new MGF1ParameterSpec(MessageDigestAlgorithms.SHA3_384), 48, 1));
        addPSSSignature(bouncyCastleFipsProvider, MessageDigestAlgorithms.SHA3_512, FipsSHS.Algorithm.SHA3_512, new PSSParameterSpec(MessageDigestAlgorithms.SHA3_512, "MGF1", new MGF1ParameterSpec(MessageDigestAlgorithms.SHA3_512), 64, 1));
        addX931Signature(bouncyCastleFipsProvider, "SHA1", FipsSHS.Algorithm.SHA1);
        addX931Signature(bouncyCastleFipsProvider, "SHA224", FipsSHS.Algorithm.SHA224);
        addX931Signature(bouncyCastleFipsProvider, "SHA256", FipsSHS.Algorithm.SHA256);
        addX931Signature(bouncyCastleFipsProvider, "SHA384", FipsSHS.Algorithm.SHA384);
        addX931Signature(bouncyCastleFipsProvider, "SHA512", FipsSHS.Algorithm.SHA512);
        addX931Signature(bouncyCastleFipsProvider, "SHA512(224)", FipsSHS.Algorithm.SHA512_224);
        addX931Signature(bouncyCastleFipsProvider, "SHA512(256)", FipsSHS.Algorithm.SHA512_256);
        if (!CryptoServicesRegistrar.isInApprovedOnlyMode()) {
            addX931Signature(bouncyCastleFipsProvider, "RIPEMD128", SecureHash.Algorithm.RIPEMD128);
            addX931Signature(bouncyCastleFipsProvider, "RIPEMD160", SecureHash.Algorithm.RIPEMD160);
            addX931Signature(bouncyCastleFipsProvider, "WHIRLPOOL", SecureHash.Algorithm.WHIRLPOOL);
        }
        if (!CryptoServicesRegistrar.isInApprovedOnlyMode()) {
            addIso9796Signature(bouncyCastleFipsProvider, MessageDigestAlgorithms.MD5, SecureHash.Algorithm.MD5);
            addIso9796Signature(bouncyCastleFipsProvider, "SHA1", FipsSHS.Algorithm.SHA1);
            addIso9796Signature(bouncyCastleFipsProvider, "SHA224", FipsSHS.Algorithm.SHA224);
            addIso9796Signature(bouncyCastleFipsProvider, "SHA256", FipsSHS.Algorithm.SHA256);
            addIso9796Signature(bouncyCastleFipsProvider, "SHA384", FipsSHS.Algorithm.SHA384);
            addIso9796Signature(bouncyCastleFipsProvider, "SHA512", FipsSHS.Algorithm.SHA512);
            addIso9796Signature(bouncyCastleFipsProvider, "SHA512(224)", FipsSHS.Algorithm.SHA512_224);
            addIso9796Signature(bouncyCastleFipsProvider, "SHA512(256)", FipsSHS.Algorithm.SHA512_256);
            addIso9796Signature(bouncyCastleFipsProvider, "RIPEMD128", SecureHash.Algorithm.RIPEMD128);
            addIso9796Signature(bouncyCastleFipsProvider, "RIPEMD160", SecureHash.Algorithm.RIPEMD160);
            addIso9796PSSSignature(bouncyCastleFipsProvider, "SHA1", FipsSHS.Algorithm.SHA1);
            addIso9796PSSSignature(bouncyCastleFipsProvider, "SHA224", FipsSHS.Algorithm.SHA224);
            addIso9796PSSSignature(bouncyCastleFipsProvider, "SHA256", FipsSHS.Algorithm.SHA256);
            addIso9796PSSSignature(bouncyCastleFipsProvider, "SHA384", FipsSHS.Algorithm.SHA384);
            addIso9796PSSSignature(bouncyCastleFipsProvider, "SHA512", FipsSHS.Algorithm.SHA512);
            addIso9796PSSSignature(bouncyCastleFipsProvider, "SHA512(224)", FipsSHS.Algorithm.SHA512_224);
            addIso9796PSSSignature(bouncyCastleFipsProvider, "SHA512(256)", FipsSHS.Algorithm.SHA512_256);
            addIso9796PSSSignature(bouncyCastleFipsProvider, "RIPEMD128", SecureHash.Algorithm.RIPEMD128);
            addIso9796PSSSignature(bouncyCastleFipsProvider, "RIPEMD160", SecureHash.Algorithm.RIPEMD160);
        }
        addDigestSignature(bouncyCastleFipsProvider, FipsRSA.PKCS1v1_5.withDigestAlgorithm(FipsSHS.Algorithm.SHA1), "SHA1", "org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi$SHA1", PKCSObjectIdentifiers.sha1WithRSAEncryption);
        bouncyCastleFipsProvider.addAlias(SignatureAttribute.tag, "SHA1WITHRSA", OIWObjectIdentifiers.sha1WithRSA);
        addDigestSignature(bouncyCastleFipsProvider, FipsRSA.PKCS1v1_5.withDigestAlgorithm(FipsSHS.Algorithm.SHA224), "SHA224", "org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi$SHA224", PKCSObjectIdentifiers.sha224WithRSAEncryption);
        addDigestSignature(bouncyCastleFipsProvider, FipsRSA.PKCS1v1_5.withDigestAlgorithm(FipsSHS.Algorithm.SHA256), "SHA256", "org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi$SHA256", PKCSObjectIdentifiers.sha256WithRSAEncryption);
        addDigestSignature(bouncyCastleFipsProvider, FipsRSA.PKCS1v1_5.withDigestAlgorithm(FipsSHS.Algorithm.SHA384), "SHA384", "org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi$SHA384", PKCSObjectIdentifiers.sha384WithRSAEncryption);
        addDigestSignature(bouncyCastleFipsProvider, FipsRSA.PKCS1v1_5.withDigestAlgorithm(FipsSHS.Algorithm.SHA512), "SHA512", "org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi$SHA512", PKCSObjectIdentifiers.sha512WithRSAEncryption);
        addDigestSignature(bouncyCastleFipsProvider, FipsRSA.PKCS1v1_5.withDigestAlgorithm(FipsSHS.Algorithm.SHA512_224), "SHA512(224)", "org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi$SHA512_224", PKCSObjectIdentifiers.sha512_224WithRSAEncryption);
        addDigestSignature(bouncyCastleFipsProvider, FipsRSA.PKCS1v1_5.withDigestAlgorithm(FipsSHS.Algorithm.SHA512_256), "SHA512(256)", "org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi$SHA512_256", PKCSObjectIdentifiers.sha512_256WithRSAEncryption);
        addDigestSignature(bouncyCastleFipsProvider, FipsRSA.PKCS1v1_5.withDigestAlgorithm(FipsSHS.Algorithm.SHA3_224), MessageDigestAlgorithms.SHA3_224, "org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi$SHA3_224", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_224);
        addDigestSignature(bouncyCastleFipsProvider, FipsRSA.PKCS1v1_5.withDigestAlgorithm(FipsSHS.Algorithm.SHA3_256), "SHA3-256", "org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi$SHA3_256", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_256);
        addDigestSignature(bouncyCastleFipsProvider, FipsRSA.PKCS1v1_5.withDigestAlgorithm(FipsSHS.Algorithm.SHA3_384), MessageDigestAlgorithms.SHA3_384, "org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi$SHA3_384", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_384);
        addDigestSignature(bouncyCastleFipsProvider, FipsRSA.PKCS1v1_5.withDigestAlgorithm(FipsSHS.Algorithm.SHA3_512), MessageDigestAlgorithms.SHA3_512, "org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi$SHA3_512", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_512);
        if (CryptoServicesRegistrar.isInApprovedOnlyMode()) {
            return;
        }
        addDigestSignature(bouncyCastleFipsProvider, RSA.PKCS1v1_5.withDigestAlgorithm(SecureHash.Algorithm.MD5), MessageDigestAlgorithms.MD5, "org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi$MD5", PKCSObjectIdentifiers.md5WithRSAEncryption);
        bouncyCastleFipsProvider.addAlias(SignatureAttribute.tag, "MD5WITHRSA", OIWObjectIdentifiers.md5WithRSA);
        addDigestSignature(bouncyCastleFipsProvider, RSA.PKCS1v1_5.withDigestAlgorithm(SecureHash.Algorithm.RIPEMD128), "RIPEMD128", "org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi$RIPEMD128", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
        addDigestSignature(bouncyCastleFipsProvider, RSA.PKCS1v1_5.withDigestAlgorithm(SecureHash.Algorithm.RIPEMD128), "RMD128", "org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi$RIPEMD128", null);
        addDigestSignature(bouncyCastleFipsProvider, RSA.PKCS1v1_5.withDigestAlgorithm(SecureHash.Algorithm.RIPEMD160), "RIPEMD160", "org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi$RIPEMD160", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
        addDigestSignature(bouncyCastleFipsProvider, RSA.PKCS1v1_5.withDigestAlgorithm(SecureHash.Algorithm.RIPEMD160), "RMD160", "org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi$RIPEMD160", null);
        addDigestSignature(bouncyCastleFipsProvider, RSA.PKCS1v1_5.withDigestAlgorithm(SecureHash.Algorithm.RIPEMD256), "RIPEMD256", "org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi$RIPEMD256", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
        addDigestSignature(bouncyCastleFipsProvider, RSA.PKCS1v1_5.withDigestAlgorithm(SecureHash.Algorithm.RIPEMD256), "RMD256", "org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi$RIPEMD256", null);
    }

    private void addPSSSignature(final BouncyCastleFipsProvider bouncyCastleFipsProvider, String str, final Algorithm algorithm, final PSSParameterSpec pSSParameterSpec) {
        bouncyCastleFipsProvider.addAlgorithmImplementation("Signature." + str + "WITHRSA/PSS", "org.bouncycastle.jcajce.provider.asymmetric.rsa.PSSSignatureSpi$" + str, new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.19
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new BaseSignature(bouncyCastleFipsProvider, ProvRSA.this.fipsRsaSigFactory, ProvRSA.publicKeyConverter, ProvRSA.privateKeyConverter, FipsRSA.PSS.withDigestAlgorithm((FipsDigestAlgorithm) algorithm), pSSParameterSpec);
            }
        });
        bouncyCastleFipsProvider.addAttributes("Signature." + str + "WITHRSA/PSS", generalRsaAttributes);
        bouncyCastleFipsProvider.addAlias(SignatureAttribute.tag, str + "WITHRSA/PSS", str + "WITHRSAANDMGF1");
        bouncyCastleFipsProvider.addAlias("AlgorithmParameters", "PSS", str + "WITHRSA/PSS", str + "WITHRSAANDMGF1");
    }

    private void addX931Signature(final BouncyCastleFipsProvider bouncyCastleFipsProvider, String str, final DigestAlgorithm digestAlgorithm) {
        if (digestAlgorithm instanceof FipsAlgorithm) {
            bouncyCastleFipsProvider.addAlgorithmImplementation("Signature." + str + "WITHRSA/X9.31", "org.bouncycastle.jcajce.provider.asymmetric.rsa.X931SignatureSpi$" + str, new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.20
                @Override // org.bouncycastle.jcajce.provider.EngineCreator
                public Object createInstance(Object obj) {
                    return new BaseSignature(bouncyCastleFipsProvider, ProvRSA.this.fipsRsaSigFactory, ProvRSA.publicKeyConverter, ProvRSA.privateKeyConverter, FipsRSA.X931.withDigestAlgorithm((FipsDigestAlgorithm) digestAlgorithm));
                }
            });
        } else {
            bouncyCastleFipsProvider.addAlgorithmImplementation("Signature." + str + "WITHRSA/X9.31", "org.bouncycastle.jcajce.provider.asymmetric.rsa.X931SignatureSpi$" + str, new GuardedEngineCreator(new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.21
                @Override // org.bouncycastle.jcajce.provider.EngineCreator
                public Object createInstance(Object obj) {
                    return new BaseSignature(bouncyCastleFipsProvider, ProvRSA.this.generalRsaSigFactory, ProvRSA.publicKeyConverter, ProvRSA.privateKeyConverter, new RSA.X931SignatureParameters(digestAlgorithm));
                }
            }));
        }
        bouncyCastleFipsProvider.addAttributes("Signature." + str + "WITHRSA/X9.31", generalRsaAttributes);
    }

    private void addIso9796Signature(final BouncyCastleFipsProvider bouncyCastleFipsProvider, String str, final DigestAlgorithm digestAlgorithm) {
        bouncyCastleFipsProvider.addAlgorithmImplementation("Signature." + str + "WITHRSA/ISO9796-2", "org.bouncycastle.jcajce.provider.asymmetric.rsa.ISO9796-2SignatureSpi$" + str, new GuardedEngineCreator(new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.22
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new BaseSignature(bouncyCastleFipsProvider, ProvRSA.this.recoveryRsaSigFactory, ProvRSA.publicKeyConverter, ProvRSA.privateKeyConverter, RSA.ISO9796d2.withDigestAlgorithm(digestAlgorithm));
            }
        }));
        bouncyCastleFipsProvider.addAttributes("Signature." + str + "WITHRSA/ISO9796-2", generalRsaAttributes);
    }

    private void addIso9796PSSSignature(final BouncyCastleFipsProvider bouncyCastleFipsProvider, String str, final DigestAlgorithm digestAlgorithm) {
        bouncyCastleFipsProvider.addAlgorithmImplementation("Signature." + str + "WITHRSA/ISO9796-2PSS", "org.bouncycastle.jcajce.provider.asymmetric.rsa.ISO9796-2PSSSignatureSpi$" + str, new GuardedEngineCreator(new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.23
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new BaseSignature(bouncyCastleFipsProvider, ProvRSA.this.recoveryRsaSigFactory, ProvRSA.publicKeyConverter, ProvRSA.privateKeyConverter, RSA.ISO9796d2PSS.withDigestAlgorithm(digestAlgorithm));
            }
        }));
        bouncyCastleFipsProvider.addAttributes("Signature." + str + "WITHRSA/ISO9796-2PSS", generalRsaAttributes);
        bouncyCastleFipsProvider.addAlias("Alg.Alias.Signature." + str + "WITHRSAANDMGF1/ISO9796-2", str + "WITHRSA/ISO9796-2PSS");
    }

    private void addDigestSignature(final BouncyCastleFipsProvider bouncyCastleFipsProvider, final Parameters parameters, String str, String str2, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        String str3 = str + "WITHRSA";
        String str4 = str + "/RSA";
        String str5 = str + "WITHRSAENCRYPTION";
        if (parameters instanceof FipsParameters) {
            bouncyCastleFipsProvider.addAlgorithmImplementation("Signature." + str3, str2, new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.24
                @Override // org.bouncycastle.jcajce.provider.EngineCreator
                public Object createInstance(Object obj) {
                    return new BaseSignature(bouncyCastleFipsProvider, new AdaptiveSignatureOperatorFactory(), ProvRSA.publicKeyConverter, ProvRSA.privateKeyConverter, parameters);
                }
            });
        } else {
            bouncyCastleFipsProvider.addAlgorithmImplementation("Signature." + str3, str2, new GuardedEngineCreator(new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvRSA.25
                @Override // org.bouncycastle.jcajce.provider.EngineCreator
                public Object createInstance(Object obj) {
                    return new BaseSignature(bouncyCastleFipsProvider, ProvRSA.this.getGeneralSigFactory(), ProvRSA.publicKeyConverter, ProvRSA.privateKeyConverter, parameters);
                }
            }));
        }
        bouncyCastleFipsProvider.addAttributes("Signature." + str3, generalRsaAttributes);
        bouncyCastleFipsProvider.addAlias(SignatureAttribute.tag, str3, str4, str5);
        if (aSN1ObjectIdentifier != null) {
            bouncyCastleFipsProvider.addAlias(SignatureAttribute.tag, str3, aSN1ObjectIdentifier);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static FipsRSA.OAEPParameters createFipsOaepParameters(OAEPParameterSpec oAEPParameterSpec) {
        FipsDigestAlgorithm fipsDigestAlgorithm = (FipsDigestAlgorithm) Utils.digestNameToAlgMap.get(oAEPParameterSpec.getDigestAlgorithm());
        return FipsRSA.WRAP_OAEP.withDigest(fipsDigestAlgorithm).withMGFDigest((FipsDigestAlgorithm) Utils.digestNameToAlgMap.get(((MGF1ParameterSpec) oAEPParameterSpec.getMGFParameters()).getDigestAlgorithm())).withEncodingParams(((PSource.PSpecified) oAEPParameterSpec.getPSource()).getValue());
    }

    private static Algorithm getAlgorithmType() {
        return CryptoServicesRegistrar.isInApprovedOnlyMode() ? FipsRSA.ALGORITHM : RSA.ALGORITHM;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getMGFName(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return PKCSObjectIdentifiers.id_mgf1.equals(aSN1ObjectIdentifier) ? "MGF1" : aSN1ObjectIdentifier.getId();
    }

    static /* synthetic */ Algorithm access$700() {
        return getAlgorithmType();
    }

    static {
        kdfPRF.put(OIWObjectIdentifiers.idSHA1, FipsKDF.AgreementKDFPRF.SHA1);
        kdfPRF.put(NISTObjectIdentifiers.id_sha224, FipsKDF.AgreementKDFPRF.SHA224);
        kdfPRF.put(NISTObjectIdentifiers.id_sha256, FipsKDF.AgreementKDFPRF.SHA256);
        kdfPRF.put(NISTObjectIdentifiers.id_sha384, FipsKDF.AgreementKDFPRF.SHA384);
        kdfPRF.put(NISTObjectIdentifiers.id_sha512, FipsKDF.AgreementKDFPRF.SHA512);
        wrapNames.put(NISTObjectIdentifiers.id_aes128_wrap, "AES");
        wrapNames.put(NISTObjectIdentifiers.id_aes192_wrap, "AES");
        wrapNames.put(NISTObjectIdentifiers.id_aes256_wrap, "AES");
        wrapNames.put(NTTObjectIdentifiers.id_camellia128_wrap, "Camellia");
        wrapNames.put(NTTObjectIdentifiers.id_camellia192_wrap, "Camellia");
        wrapNames.put(NTTObjectIdentifiers.id_camellia256_wrap, "Camellia");
        generalRsaAttributes.put("SupportedKeyClasses", "java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey");
        generalRsaAttributes.put("SupportedKeyFormats", "PKCS#8|X.509");
    }
}
