package com.kloudtek.kryptotek.jce;

import com.kloudtek.kryptotek.AsymmetricAlgorithm;
import com.kloudtek.kryptotek.CryptoEngine;
import com.kloudtek.kryptotek.CryptoUtils;
import com.kloudtek.kryptotek.DecryptionException;
import com.kloudtek.kryptotek.Digest;
import com.kloudtek.kryptotek.DigestAlgorithm;
import com.kloudtek.kryptotek.EncodedKey;
import com.kloudtek.kryptotek.EncryptionException;
import com.kloudtek.kryptotek.JCEDigest;
import com.kloudtek.kryptotek.Key;
import com.kloudtek.kryptotek.SymmetricAlgorithm;
import com.kloudtek.kryptotek.key.AESKey;
import com.kloudtek.kryptotek.key.AESKeyLen;
import com.kloudtek.kryptotek.key.Certificate;
import com.kloudtek.kryptotek.key.DHKeyPair;
import com.kloudtek.kryptotek.key.DHParameters;
import com.kloudtek.kryptotek.key.DHPrivateKey;
import com.kloudtek.kryptotek.key.DHPublicKey;
import com.kloudtek.kryptotek.key.DecryptionKey;
import com.kloudtek.kryptotek.key.EncryptionKey;
import com.kloudtek.kryptotek.key.HMACKey;
import com.kloudtek.kryptotek.key.HMACSHA1Key;
import com.kloudtek.kryptotek.key.HMACSHA256Key;
import com.kloudtek.kryptotek.key.HMACSHA512Key;
import com.kloudtek.kryptotek.key.PublicKey;
import com.kloudtek.kryptotek.key.RSAKeyPair;
import com.kloudtek.kryptotek.key.RSAPrivateKey;
import com.kloudtek.kryptotek.key.RSAPublicKey;
import com.kloudtek.kryptotek.key.SignatureVerificationKey;
import com.kloudtek.kryptotek.key.SigningKey;
import com.kloudtek.ktserializer.ClassMapper;
import com.kloudtek.ktserializer.InvalidSerializedDataException;
import com.kloudtek.ktserializer.SerializationEngine;
import com.kloudtek.util.ArrayUtils;
import com.kloudtek.util.StringUtils;
import com.kloudtek.util.UnexpectedException;
import com.kloudtek.util.io.ByteArrayDataInputStream;
import com.kloudtek.util.io.ByteArrayDataOutputStream;
import java.io.IOException;
import java.security.AlgorithmParameterGenerator;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:com/kloudtek/kryptotek/jce/JCECryptoEngine.class */
public class JCECryptoEngine extends CryptoEngine {
    private static ThreadLocal<JCECryptoEngine> ctxEngine = new ThreadLocal<>();
    private static final ClassMapper classMapper = new ClassMapper(new Class[]{JCEAESKey.class, JCEHMACSHA1Key.class, JCEHMACSHA256Key.class, JCEHMACSHA512Key.class, JCERSAPrivateKey.class, JCERSAPublicKey.class, JCERSAKeyPair.class, JCECertificate.class, JCEDHKeyPair.class, JCEDHPrivateKey.class, JCEDHPublicKey.class});
    final SerializationEngine serializer = new SerializationEngine(classMapper);

    public static String getRSAEncryptionAlgorithm(boolean z) {
        return z ? CryptoEngine.RSA_ECB_PKCS1_PADDING : CryptoEngine.RSA_ECB_OAEPPADDING;
    }

    public void setCtx() {
        ctxEngine.set(this);
    }

    public void removeCtx() {
        ctxEngine.remove();
    }

    public static JCECryptoEngine getCtx() {
        return ctxEngine.get();
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    @NotNull
    public AESKey generateAESKey(AESKeyLen aESKeyLen) {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(SymmetricAlgorithm.AES.getJceId());
            keyGenerator.init(aESKeyLen.getLenBits());
            return new JCEAESKey(this, keyGenerator.generateKey());
        } catch (NoSuchAlgorithmException e) {
            throw new UnexpectedException(e);
        }
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    @NotNull
    public AESKey generateAESKey(AESKeyLen aESKeyLen, DHPrivateKey dHPrivateKey, DHPublicKey dHPublicKey) throws InvalidKeyException {
        byte[] agreeDHKey = agreeDHKey(dHPrivateKey, dHPublicKey);
        return generatePBEAESKey(DigestAlgorithm.SHA1, StringUtils.base64Encode(agreeDHKey).toCharArray(), 10, Arrays.copyOf(agreeDHKey, Math.min(agreeDHKey.length, 30)), aESKeyLen);
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    @NotNull
    public HMACKey generateHMACKey(DigestAlgorithm digestAlgorithm) {
        try {
            return createHmacKey(digestAlgorithm, KeyGenerator.getInstance("Hmac" + digestAlgorithm.name()).generateKey());
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalArgumentException("Cannot create an hmac key of type Hmac" + digestAlgorithm.name());
        }
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    @NotNull
    public HMACKey generateHMACKey(DigestAlgorithm digestAlgorithm, DHPrivateKey dHPrivateKey, DHPublicKey dHPublicKey) throws InvalidKeyException {
        return createHmacKey(digestAlgorithm, new SecretKeySpec(agreeDHKey(dHPrivateKey, dHPublicKey), "HMAC"));
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    @NotNull
    public RSAKeyPair generateRSAKeyPair(int i) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(AsymmetricAlgorithm.RSA.getJceId());
            keyPairGenerator.initialize(i);
            return new JCERSAKeyPair(this, keyPairGenerator.generateKeyPair());
        } catch (NoSuchAlgorithmException e) {
            throw new UnexpectedException(e);
        }
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    @NotNull
    public Certificate generateCertificate(String str, PublicKey publicKey) {
        return new JCECertificate(this, str, publicKey);
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    @NotNull
    public DHParameters generateDHParameters(int i) {
        try {
            AlgorithmParameterGenerator algorithmParameterGenerator = AlgorithmParameterGenerator.getInstance("DH");
            algorithmParameterGenerator.init(i, CryptoUtils.rng());
            DHParameterSpec dHParameterSpec = (DHParameterSpec) algorithmParameterGenerator.generateParameters().getParameterSpec(DHParameterSpec.class);
            return new DHParameters(dHParameterSpec.getP(), dHParameterSpec.getG(), dHParameterSpec.getL());
        } catch (NoSuchAlgorithmException e) {
            throw new UnexpectedException(e);
        } catch (InvalidParameterSpecException e2) {
            throw new IllegalArgumentException(e2);
        }
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    @NotNull
    public DHKeyPair generateDHKeyPair(DHParameters dHParameters) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DiffieHellman");
            keyPairGenerator.initialize(new DHParameterSpec(dHParameters.getP(), dHParameters.getG(), dHParameters.getL()));
            return new JCEDHKeyPair(this, keyPairGenerator.generateKeyPair());
        } catch (InvalidAlgorithmParameterException e) {
            throw new IllegalArgumentException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new UnexpectedException(e2);
        }
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    public Key readSerializedKey(byte[] bArr) throws InvalidKeyException {
        if (bArr.length < 1 || bArr[0] < 0) {
            throw new InvalidKeyException();
        }
        setCtx();
        try {
            try {
                Key deserialize = this.serializer.deserialize(JCEKey.class, bArr);
                removeCtx();
                return deserialize;
            } catch (InvalidSerializedDataException e) {
                throw new InvalidKeyException((Throwable) e);
            }
        } catch (Throwable th) {
            removeCtx();
            throw th;
        }
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    public <K extends Key> K readKey(@NotNull Class<K> cls, @NotNull EncodedKey encodedKey) throws InvalidKeyException {
        byte[] encodedKey2 = encodedKey.getEncodedKey();
        if (encodedKey.getFormat() == EncodedKey.Format.SERIALIZED) {
            Key readSerializedKey = readSerializedKey(encodedKey2);
            if (cls.isInstance(readSerializedKey)) {
                return cls.cast(readSerializedKey);
            }
            throw new InvalidKeyException("Key " + readSerializedKey.getClass().getName() + " does not match expected " + cls.getName());
        }
        try {
            if (AESKey.class.isAssignableFrom(cls) && encodedKey.getFormat() == EncodedKey.Format.RAW) {
                return cls.cast(new JCEAESKey(this, encodedKey2));
            }
            if (HMACSHA1Key.class.isAssignableFrom(cls) && encodedKey.getFormat() == EncodedKey.Format.RAW) {
                return cls.cast(new JCEHMACSHA1Key(this, encodedKey2));
            }
            if (HMACSHA256Key.class.isAssignableFrom(cls) && encodedKey.getFormat() == EncodedKey.Format.RAW) {
                return cls.cast(new JCEHMACSHA256Key(this, encodedKey2));
            }
            if (HMACSHA512Key.class.isAssignableFrom(cls) && encodedKey.getFormat() == EncodedKey.Format.RAW) {
                return cls.cast(new JCEHMACSHA512Key(this, encodedKey2));
            }
            if (RSAPrivateKey.class.isAssignableFrom(cls) && encodedKey.getFormat() == EncodedKey.Format.PKCS8) {
                return cls.cast(new JCERSAPrivateKey(this, KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(encodedKey2))));
            }
            if (RSAPublicKey.class.isAssignableFrom(cls) && encodedKey.getFormat() == EncodedKey.Format.X509) {
                return cls.cast(new JCERSAPublicKey(this, KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(encodedKey2))));
            }
            if (DHPrivateKey.class.isAssignableFrom(cls) && encodedKey.getFormat() == EncodedKey.Format.PKCS8) {
                return cls.cast(new JCEDHPrivateKey(this, KeyFactory.getInstance("DH").generatePrivate(new PKCS8EncodedKeySpec(encodedKey2))));
            }
            if (DHPublicKey.class.isAssignableFrom(cls) && encodedKey.getFormat() == EncodedKey.Format.X509) {
                return cls.cast(new JCEDHPublicKey(this, KeyFactory.getInstance("DH").generatePublic(new X509EncodedKeySpec(encodedKey2))));
            }
            throw new InvalidKeyException("Unsupported key type " + cls.getName() + " and format " + encodedKey.getFormat().name());
        } catch (NoSuchAlgorithmException e) {
            throw new UnexpectedException(e);
        } catch (InvalidKeySpecException e2) {
            throw new InvalidKeyException(e2);
        }
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    public <K extends Key> K readKey(@NotNull Class<K> cls, @NotNull byte[] bArr) throws InvalidKeyException {
        if (AESKey.class.isAssignableFrom(cls) || HMACKey.class.isAssignableFrom(cls)) {
            return (K) readKey(cls, new EncodedKey(bArr, EncodedKey.Format.RAW));
        }
        if (RSAPrivateKey.class.isAssignableFrom(cls)) {
            return (K) readKey(cls, EncodedKey.rsaPrivatePkcs8(bArr));
        }
        if (RSAPublicKey.class.isAssignableFrom(cls)) {
            return (K) readKey(cls, EncodedKey.rsaPublicX509(bArr));
        }
        if (RSAKeyPair.class.isAssignableFrom(cls)) {
            return (K) readKey(cls, new EncodedKey(bArr, EncodedKey.Format.SERIALIZED));
        }
        if (DHPrivateKey.class.isAssignableFrom(cls)) {
            return (K) readKey(cls, EncodedKey.rsaPrivatePkcs8(bArr));
        }
        if (DHPublicKey.class.isAssignableFrom(cls)) {
            return (K) readKey(cls, EncodedKey.rsaPublicX509(bArr));
        }
        if (!DHKeyPair.class.isAssignableFrom(cls) && !Certificate.class.isAssignableFrom(cls)) {
            throw new InvalidKeyException("Unsupported key type " + cls.getName());
        }
        return (K) readKey(cls, new EncodedKey(bArr, EncodedKey.Format.SERIALIZED));
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    public byte[] encrypt(@NotNull EncryptionKey encryptionKey, @NotNull byte[] bArr, boolean z) throws EncryptionException {
        try {
            return crypt((Key) encryptionKey, bArr, true, getJceDefaultAlg(encryptionKey, z));
        } catch (InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
            throw new EncryptionException(e);
        }
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    public byte[] encrypt(@NotNull EncryptionKey encryptionKey, @NotNull byte[] bArr, String str) throws EncryptionException {
        try {
            return crypt((Key) encryptionKey, bArr, true, str);
        } catch (InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
            throw new EncryptionException(e);
        }
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    public byte[] encrypt(@NotNull EncryptionKey encryptionKey, @NotNull SymmetricAlgorithm symmetricAlgorithm, int i, @NotNull byte[] bArr, boolean z) throws EncryptionException {
        return encrypt(encryptionKey, symmetricAlgorithm, symmetricAlgorithm.getDefaultCipherAlg(z), i, bArr, getJceDefaultAlg(encryptionKey, z));
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    public byte[] encrypt(@NotNull EncryptionKey encryptionKey, @NotNull SymmetricAlgorithm symmetricAlgorithm, @NotNull String str, int i, @NotNull byte[] bArr, @NotNull String str2) throws EncryptionException {
        checkJceKey(encryptionKey);
        ByteArrayDataOutputStream byteArrayDataOutputStream = new ByteArrayDataOutputStream();
        try {
            try {
                byte[] crypt = crypt((Key) encryptionKey, bArr, true, str2);
                byteArrayDataOutputStream.writeShort(0);
                byteArrayDataOutputStream.write(crypt);
            } catch (InvalidKeyException | BadPaddingException e) {
                throw new EncryptionException(e);
            } catch (IllegalBlockSizeException e2) {
                if (symmetricAlgorithm != SymmetricAlgorithm.AES) {
                    throw new IllegalArgumentException("Unsupported asymmetric cryptography");
                }
                AESKey aESKey = (AESKey) generateKey(AESKey.class, i);
                byte[] encrypt = encrypt(encryptionKey, aESKey.getEncoded().getEncodedKey(), str2);
                byteArrayDataOutputStream.writeShort(encrypt.length);
                byteArrayDataOutputStream.write(encrypt);
                byteArrayDataOutputStream.write(encrypt(aESKey, bArr, str));
                aESKey.destroy();
            }
            return byteArrayDataOutputStream.toByteArray();
        } catch (IOException e3) {
            throw new UnexpectedException(e3);
        }
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    public byte[] decrypt(@NotNull DecryptionKey decryptionKey, @NotNull byte[] bArr, boolean z) throws DecryptionException {
        return decrypt(decryptionKey, bArr, getJceDefaultAlg(decryptionKey, z));
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    public byte[] decrypt(@NotNull DecryptionKey decryptionKey, @NotNull byte[] bArr, String str) throws DecryptionException {
        try {
            return crypt((Key) decryptionKey, bArr, false, str);
        } catch (InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
            throw new DecryptionException(e);
        }
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    public byte[] decrypt(@NotNull DecryptionKey decryptionKey, @NotNull SymmetricAlgorithm symmetricAlgorithm, int i, @NotNull byte[] bArr, boolean z) throws DecryptionException {
        return decrypt(decryptionKey, symmetricAlgorithm, null, i, bArr, getJceDefaultAlg(decryptionKey, z));
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    public byte[] decrypt(@NotNull DecryptionKey decryptionKey, @NotNull SymmetricAlgorithm symmetricAlgorithm, @Nullable String str, int i, @NotNull byte[] bArr, @NotNull String str2) throws DecryptionException {
        checkJceKey(decryptionKey);
        if (bArr.length < 3) {
            throw new IllegalArgumentException("Encrypted data is invalid");
        }
        if (str == null) {
            str = symmetricAlgorithm.getDefaultCipherAlg(this.defaultCompatibilityMode);
        }
        try {
            try {
                ByteArrayDataInputStream byteArrayDataInputStream = new ByteArrayDataInputStream(bArr);
                short readShort = byteArrayDataInputStream.readShort();
                if (readShort <= 0) {
                    return crypt((Key) decryptionKey, byteArrayDataInputStream.readFully(bArr.length - 2), false, str2);
                }
                byte[] crypt = crypt((Key) decryptionKey, byteArrayDataInputStream.readFully(readShort), false, str2);
                return crypt(readKey(symmetricAlgorithm.getKeyClass(), crypt), byteArrayDataInputStream.readFully((bArr.length - 2) - readShort), false, str);
            } catch (InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
                throw new DecryptionException(e);
            }
        } catch (IOException e2) {
            throw new IllegalArgumentException("Encrypted data is invalid");
        }
    }

    private byte[] crypt(Key key, byte[] bArr, boolean z, String str) throws BadPaddingException, InvalidKeyException, IllegalBlockSizeException {
        try {
            checkJceKey(key);
            if (key instanceof JCESecretKey) {
                return crypt(str, ((JCESecretKey) key).getSecretKey(), bArr, z);
            }
            if (key instanceof JCEKeyPair) {
                KeyPair jCEKeyPair = ((JCEKeyPair) key).getJCEKeyPair();
                return crypt(str, z ? jCEKeyPair.getPublic() : jCEKeyPair.getPrivate(), bArr, z);
            }
            if (key instanceof JCEPublicKey) {
                return crypt(str, ((JCEPublicKey) key).getJCEPublicKey(), bArr, z);
            }
            if (key instanceof JCEPrivateKey) {
                return crypt(str, ((JCEPrivateKey) key).getJCEPrivateKey(), bArr, z);
            }
            throw new IllegalArgumentException("Unable to perform de/encryption operation using key of type " + key.getClass().getName());
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new UnexpectedException(e);
        }
    }

    private byte[] crypt(@NotNull String str, @NotNull java.security.Key key, @NotNull byte[] bArr, boolean z) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        try {
            Cipher cipher = Cipher.getInstance(str);
            if (!str.startsWith("AES/CBC")) {
                cipher.init(z ? 1 : 2, key);
                return cipher.doFinal(bArr);
            }
            if (z) {
                byte[] genSalt = CryptoUtils.genSalt(16);
                cipher.init(1, key, new IvParameterSpec(genSalt));
                return ArrayUtils.concat(genSalt, cipher.doFinal(bArr));
            }
            CryptoUtils.DataAndSalt splitSalt = CryptoUtils.splitSalt(bArr, 16);
            cipher.init(2, key, new IvParameterSpec(splitSalt.getSalt()));
            return cipher.doFinal(splitSalt.getData());
        } catch (InvalidAlgorithmParameterException e) {
            throw new UnexpectedException(e);
        }
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    public byte[] sign(@NotNull SigningKey signingKey, @Nullable DigestAlgorithm digestAlgorithm, @NotNull byte[] bArr) throws InvalidKeyException {
        if (digestAlgorithm == null) {
            try {
                digestAlgorithm = DigestAlgorithm.SHA256;
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalArgumentException("Unable to sign using key type " + signingKey.getClass().getName() + " with digest " + digestAlgorithm.name());
            } catch (SignatureException e2) {
                throw new InvalidKeyException(e2);
            }
        }
        if (signingKey instanceof JCERSAKeyPair) {
            JCERSAPrivateKey rSAPrivateKey = getRSAPrivateKey(signingKey);
            if (rSAPrivateKey != null) {
                return sign(rSAPrivateKey, digestAlgorithm, bArr);
            }
        } else {
            if (signingKey instanceof JCERSAPrivateKey) {
                Signature signature = Signature.getInstance(digestAlgorithm.name() + "withRSA");
                signature.initSign(((JCERSAPrivateKey) signingKey).getJCEPrivateKey());
                signature.update(bArr);
                return signature.sign();
            }
            if (signingKey instanceof JCEHMACKey) {
                Mac mac = Mac.getInstance("Hmac" + ((JCEHMACKey) signingKey).getDigestAlgorithm().name());
                mac.init(((JCEHMACKey) signingKey).getSecretKey());
                return mac.doFinal(bArr);
            }
        }
        throw new IllegalArgumentException("Unable to sign using key type " + signingKey.getClass().getName() + " with digest " + digestAlgorithm.name());
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    public void verifySignature(@NotNull SignatureVerificationKey signatureVerificationKey, @Nullable DigestAlgorithm digestAlgorithm, @NotNull byte[] bArr, @NotNull byte[] bArr2) throws SignatureException, InvalidKeyException {
        try {
            if (signatureVerificationKey instanceof JCEHMACKey) {
                Mac mac = Mac.getInstance("Hmac" + ((JCEHMACKey) signatureVerificationKey).getDigestAlgorithm().name());
                mac.init(((JCEHMACKey) signatureVerificationKey).getSecretKey());
                if (!Arrays.equals(mac.doFinal(bArr), bArr2)) {
                    throw new SignatureException("Signature does not match data");
                }
            } else {
                if (!(signatureVerificationKey instanceof JCERSAKey)) {
                    throw new IllegalArgumentException("Unable to verify signature using key type " + signatureVerificationKey.getClass().getName() + (digestAlgorithm == null ? "" : " with digest " + digestAlgorithm.name()));
                }
                if (digestAlgorithm == null) {
                    digestAlgorithm = DigestAlgorithm.SHA256;
                }
                JCERSAPublicKey rSAPublicKey = getRSAPublicKey(signatureVerificationKey);
                if (rSAPublicKey != null) {
                    Signature signature = Signature.getInstance(digestAlgorithm.name() + "withRSA");
                    signature.initVerify(rSAPublicKey.getJCEPublicKey());
                    signature.update(bArr);
                    if (!signature.verify(bArr2)) {
                        throw new SignatureException();
                    }
                }
            }
        } catch (NoSuchAlgorithmException e) {
            throw new UnexpectedException(e);
        }
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    @NotNull
    public AESKey generatePBEAESKey(DigestAlgorithm digestAlgorithm, char[] cArr, int i, byte[] bArr, AESKeyLen aESKeyLen) {
        return new JCEAESKey(this, new SecretKeySpec(pbkdf2(digestAlgorithm, cArr, i, bArr, aESKeyLen.getLenBits()), "AES"));
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    @NotNull
    public HMACKey generatePBEHMACKey(DigestAlgorithm digestAlgorithm, DigestAlgorithm digestAlgorithm2, char[] cArr, int i, byte[] bArr) {
        byte[] pbkdf2 = pbkdf2(digestAlgorithm, cArr, i, bArr, digestAlgorithm2.getHmacKeyLen());
        switch (digestAlgorithm2) {
            case SHA1:
                return new JCEHMACSHA1Key(this, pbkdf2);
            case SHA256:
                return new JCEHMACSHA256Key(this, pbkdf2);
            case SHA512:
                return new JCEHMACSHA512Key(this, pbkdf2);
            default:
                throw new IllegalArgumentException("algorithm not supported: " + digestAlgorithm2);
        }
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    public byte[] pbkdf2(DigestAlgorithm digestAlgorithm, char[] cArr, int i, byte[] bArr, int i2) {
        try {
            return SecretKeyFactory.getInstance("PBKDF2WithHmac" + digestAlgorithm.name()).generateSecret(new PBEKeySpec(cArr, bArr, i, i2)).getEncoded();
        } catch (NoSuchAlgorithmException e) {
            throw new UnexpectedException(e);
        } catch (InvalidKeySpecException e2) {
            throw new IllegalArgumentException("Invalid key parameters", e2);
        }
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    public byte[] digest(byte[] bArr, DigestAlgorithm digestAlgorithm) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(digestAlgorithm.getJceId());
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            throw new UnexpectedException(e);
        }
    }

    @Override // com.kloudtek.kryptotek.CryptoEngine
    public Digest digest(DigestAlgorithm digestAlgorithm) {
        try {
            return new JCEDigest(MessageDigest.getInstance(digestAlgorithm.getJceId()));
        } catch (NoSuchAlgorithmException e) {
            throw new UnexpectedException(e);
        }
    }

    private JCERSAPublicKey getRSAPublicKey(Key key) {
        if (key instanceof JCERSAPublicKey) {
            return (JCERSAPublicKey) key;
        }
        if (key instanceof JCEKeyPair) {
            return new JCERSAPublicKey(this, ((JCEKeyPair) key).getJCEKeyPair().getPublic());
        }
        return null;
    }

    private JCERSAPrivateKey getRSAPrivateKey(Key key) {
        if (key instanceof JCERSAPrivateKey) {
            return (JCERSAPrivateKey) key;
        }
        if (key instanceof JCEKeyPair) {
            return new JCERSAPrivateKey(this, ((JCEKeyPair) key).getJCEKeyPair().getPrivate());
        }
        return null;
    }

    private void checkJceKey(Key key) {
        if (!(key instanceof JCEKey)) {
            throw new IllegalArgumentException("Key must be a JCE key");
        }
    }

    private String getJceDefaultAlg(Key key, boolean z) {
        String jceCryptAlgorithm = ((JCEKey) key).getJceCryptAlgorithm(z);
        if (jceCryptAlgorithm == null) {
            throw new IllegalArgumentException("Unable to perform de/encryption operation using key of type " + key.getClass().getName());
        }
        return jceCryptAlgorithm;
    }

    private HMACKey createHmacKey(DigestAlgorithm digestAlgorithm, SecretKey secretKey) {
        switch (digestAlgorithm) {
            case SHA1:
                return new JCEHMACSHA1Key(this, secretKey);
            case SHA256:
                return new JCEHMACSHA256Key(this, secretKey);
            case SHA512:
                return new JCEHMACSHA512Key(this, secretKey);
            default:
                throw new IllegalArgumentException("Cannot create an hmac key of type " + digestAlgorithm.name());
        }
    }

    private byte[] agreeDHKey(DHPrivateKey dHPrivateKey, DHPublicKey dHPublicKey) throws InvalidKeyException {
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance("DH");
            keyAgreement.init(((JCEDHPrivateKey) dHPrivateKey).getJCEPrivateKey());
            keyAgreement.doPhase(((JCEDHPublicKey) dHPublicKey).getJCEPublicKey(), true);
            return keyAgreement.generateSecret();
        } catch (NoSuchAlgorithmException e) {
            throw new UnexpectedException(e);
        }
    }
}
