package org.bouncycastle.jcajce.provider;

import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.SignatureSpi;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.HashMap;
import java.util.Map;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.crypto.Algorithm;
import org.bouncycastle.crypto.AsymmetricKey;
import org.bouncycastle.crypto.AsymmetricPrivateKey;
import org.bouncycastle.crypto.AsymmetricPublicKey;
import org.bouncycastle.crypto.OutputSigner;
import org.bouncycastle.crypto.OutputVerifier;
import org.bouncycastle.crypto.Parameters;
import org.bouncycastle.crypto.SignatureOperatorFactory;
import org.bouncycastle.crypto.UpdateOutputStream;
import org.bouncycastle.crypto.asymmetric.AsymmetricKeyPair;
import org.bouncycastle.crypto.asymmetric.AsymmetricLMSPrivateKey;
import org.bouncycastle.crypto.asymmetric.AsymmetricLMSPublicKey;
import org.bouncycastle.crypto.fips.FipsLMS;
import org.bouncycastle.jcajce.spec.LMSHSSKeyGenParameterSpec;
import org.bouncycastle.jcajce.spec.LMSKeyGenParameterSpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/bouncycastle/jcajce/provider/ProvLMS.class */
public final class ProvLMS extends AsymmetricAlgorithmProvider {
    private static final Map<String, String> generalAttributes = new HashMap();
    private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric.lms.";
    private static final PublicKeyConverter<AsymmetricLMSPublicKey> lmsPublicKeyConverter;
    private static final PrivateKeyConverter<AsymmetricLMSPrivateKey> lmsPrivateKeyConverter;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/bouncycastle/jcajce/provider/ProvLMS$KeyFactorySpi.class */
    public static class KeyFactorySpi extends BaseKeyFactory {
        String algorithm;

        public KeyFactorySpi(String str) {
            this.algorithm = str;
        }

        @Override // java.security.KeyFactorySpi
        protected Key engineTranslateKey(Key key) throws InvalidKeyException {
            if (key instanceof PublicKey) {
                return new ProvLMSPublicKey((AsymmetricLMSPublicKey) ProvLMS.lmsPublicKeyConverter.convertKey(FipsLMS.ALGORITHM, (PublicKey) key));
            }
            if (key instanceof PrivateKey) {
                return new ProvLMSPrivateKey((AsymmetricLMSPrivateKey) ProvLMS.lmsPrivateKeyConverter.convertKey(FipsLMS.ALGORITHM, (PrivateKey) key));
            }
            if (key != null) {
                throw new InvalidKeyException("Key type unrecognized: " + key.getClass().getName());
            }
            throw new InvalidKeyException("Key is null");
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.bouncycastle.jcajce.provider.BaseKeyFactory, java.security.KeyFactorySpi
        public KeySpec engineGetKeySpec(Key key, Class cls) throws InvalidKeySpecException {
            if (cls == null) {
                throw new InvalidKeySpecException("null spec is invalid");
            }
            return super.engineGetKeySpec(key, cls);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.bouncycastle.jcajce.provider.BaseKeyFactory, java.security.KeyFactorySpi
        public PrivateKey engineGeneratePrivate(KeySpec keySpec) throws InvalidKeySpecException {
            return super.engineGeneratePrivate(keySpec);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.bouncycastle.jcajce.provider.BaseKeyFactory, java.security.KeyFactorySpi
        public PublicKey engineGeneratePublic(KeySpec keySpec) throws InvalidKeySpecException {
            return super.engineGeneratePublic(keySpec);
        }

        @Override // org.bouncycastle.jcajce.provider.AsymmetricKeyInfoConverter
        public PrivateKey generatePrivate(PrivateKeyInfo privateKeyInfo) throws IOException {
            ASN1ObjectIdentifier algorithm = privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm();
            if (algorithm.equals((ASN1Primitive) PKCSObjectIdentifiers.id_alg_hss_lms_hashsig)) {
                return new ProvLMSPrivateKey(privateKeyInfo);
            }
            throw new IOException("algorithm identifier " + algorithm + " in key not recognized");
        }

        @Override // org.bouncycastle.jcajce.provider.AsymmetricKeyInfoConverter
        public PublicKey generatePublic(SubjectPublicKeyInfo subjectPublicKeyInfo) throws IOException {
            ASN1ObjectIdentifier algorithm = subjectPublicKeyInfo.getAlgorithm().getAlgorithm();
            if (algorithm.equals((ASN1Primitive) PKCSObjectIdentifiers.id_alg_hss_lms_hashsig)) {
                return new ProvLMSPublicKey(subjectPublicKeyInfo);
            }
            throw new IOException("algorithm identifier " + algorithm + " in key not recognized");
        }
    }

    /* loaded from: input_file:org/bouncycastle/jcajce/provider/ProvLMS$KeyPairGeneratorSpi.class */
    static class KeyPairGeneratorSpi extends KeyPairGenerator {
        private final BouncyCastleFipsProvider provider;
        FipsLMS.KeyGenParameters param;
        FipsLMS.KeyPairGenerator engine;
        SecureRandom random;
        boolean initialised;

        public KeyPairGeneratorSpi(BouncyCastleFipsProvider bouncyCastleFipsProvider) {
            super("LMS");
            this.initialised = false;
            this.provider = bouncyCastleFipsProvider;
        }

        @Override // java.security.KeyPairGenerator
        public void initialize(int i) {
            initialize(i, this.provider.getDefaultSecureRandom());
        }

        @Override // java.security.KeyPairGenerator, java.security.KeyPairGeneratorSpi
        public void initialize(int i, SecureRandom secureRandom) {
            throw new UnsupportedOperationException("use AlgorithmParameterSpec");
        }

        @Override // java.security.KeyPairGenerator
        public void initialize(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
            initialize(algorithmParameterSpec, this.provider.getDefaultSecureRandom());
        }

        @Override // java.security.KeyPairGenerator, java.security.KeyPairGeneratorSpi
        public void initialize(AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
            if (algorithmParameterSpec instanceof LMSKeyGenParameterSpec) {
                this.param = new FipsLMS.KeyGenParameters(((LMSKeyGenParameterSpec) algorithmParameterSpec).getKeyParams());
                this.engine = new FipsLMS.KeyPairGenerator(this.param, secureRandom);
            } else {
                if (!(algorithmParameterSpec instanceof LMSHSSKeyGenParameterSpec)) {
                    if (algorithmParameterSpec != null) {
                        throw new InvalidAlgorithmParameterException("AlgorithmParameterSpec not recognized: " + algorithmParameterSpec.getClass().getName());
                    }
                    throw new InvalidAlgorithmParameterException("parameterSpec cannot be null");
                }
                LMSKeyGenParameterSpec[] lMSSpecs = ((LMSHSSKeyGenParameterSpec) algorithmParameterSpec).getLMSSpecs();
                FipsLMS.KeyParameters[] keyParametersArr = new FipsLMS.KeyParameters[lMSSpecs.length];
                for (int i = 0; i != lMSSpecs.length; i++) {
                    keyParametersArr[i] = lMSSpecs[i].getKeyParams();
                }
                this.param = new FipsLMS.KeyGenParameters(keyParametersArr);
                this.engine = new FipsLMS.KeyPairGenerator(this.param, secureRandom);
            }
            this.initialised = true;
        }

        @Override // java.security.KeyPairGenerator, java.security.KeyPairGeneratorSpi
        public KeyPair generateKeyPair() {
            if (!this.initialised) {
                this.param = new FipsLMS.KeyGenParameters(FipsLMS.lms_sha256_n32_h10.using(FipsLMS.sha256_n32_w4));
                if (this.random == null) {
                    this.random = this.provider.getDefaultSecureRandom();
                }
                this.engine = new FipsLMS.KeyPairGenerator(this.param, this.random);
                this.initialised = true;
            }
            AsymmetricKeyPair<AsymmetricLMSPublicKey, AsymmetricLMSPrivateKey> generateKeyPair = this.engine.generateKeyPair();
            return new KeyPair(new ProvLMSPublicKey(generateKeyPair.getPublicKey()), new ProvLMSPrivateKey(generateKeyPair.getPrivateKey()));
        }
    }

    /* loaded from: input_file:org/bouncycastle/jcajce/provider/ProvLMS$LMSSignatureSpi.class */
    static class LMSSignatureSpi extends SignatureSpi implements PKCSObjectIdentifiers, X509ObjectIdentifiers {
        private static final byte TRAILER_IMPLICIT = -68;
        private final SignatureOperatorFactory operatorFactory;
        private final PublicKeyConverter publicKeyConverter;
        private final PrivateKeyConverter privateKeyConverter;
        private final BouncyCastleFipsProvider fipsProvider;
        protected Parameters parameters;
        protected OutputVerifier verifier;
        protected OutputSigner signer;
        protected UpdateOutputStream dataStream;
        protected AlgorithmParameters engineParams;
        protected AlgorithmParameterSpec paramSpec;
        protected AsymmetricKey key;
        protected boolean isInitState = true;
        private final AlgorithmParameterSpec originalSpec = null;

        protected LMSSignatureSpi(BouncyCastleFipsProvider bouncyCastleFipsProvider, SignatureOperatorFactory signatureOperatorFactory, PublicKeyConverter publicKeyConverter, PrivateKeyConverter privateKeyConverter, Parameters parameters) {
            this.fipsProvider = bouncyCastleFipsProvider;
            this.operatorFactory = signatureOperatorFactory;
            this.publicKeyConverter = publicKeyConverter;
            this.privateKeyConverter = privateKeyConverter;
            this.parameters = parameters;
        }

        @Override // java.security.SignatureSpi
        protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
            this.key = this.publicKeyConverter.convertKey(this.parameters.getAlgorithm(), publicKey);
            initVerify();
            this.isInitState = true;
        }

        @Override // java.security.SignatureSpi
        protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
            this.key = this.privateKeyConverter.convertKey(this.parameters.getAlgorithm(), privateKey);
            if (((AsymmetricLMSPrivateKey) this.key).getUsagesRemaining() == 0) {
                throw new InvalidKeyException("private key exhausted");
            }
            this.appRandom = this.fipsProvider.getDefaultSecureRandom();
            this.isInitState = true;
        }

        @Override // java.security.SignatureSpi
        protected void engineInitSign(PrivateKey privateKey, SecureRandom secureRandom) throws InvalidKeyException {
            this.key = this.privateKeyConverter.convertKey(this.parameters.getAlgorithm(), privateKey);
            this.appRandom = secureRandom != null ? secureRandom : this.fipsProvider.getDefaultSecureRandom();
            this.isInitState = true;
        }

        @Override // java.security.SignatureSpi
        protected void engineUpdate(byte b) throws SignatureException {
            if (this.isInitState && (this.key instanceof AsymmetricLMSPrivateKey)) {
                initSign();
            }
            this.isInitState = false;
            this.dataStream.update(b);
        }

        @Override // java.security.SignatureSpi
        protected void engineUpdate(byte[] bArr, int i, int i2) throws SignatureException {
            if (this.isInitState && (this.key instanceof AsymmetricLMSPrivateKey)) {
                initSign();
            }
            this.isInitState = false;
            this.dataStream.update(bArr, i, i2);
        }

        @Override // java.security.SignatureSpi
        protected byte[] engineSign() throws SignatureException {
            if (this.isInitState && (this.key instanceof AsymmetricLMSPrivateKey)) {
                initSign();
            }
            try {
                this.isInitState = true;
                return this.signer.getSignature();
            } catch (Exception e) {
                throw new SignatureException(e.toString(), e);
            }
        }

        @Override // java.security.SignatureSpi
        protected boolean engineVerify(byte[] bArr) throws SignatureException {
            try {
                this.isInitState = true;
                return this.verifier.isVerified(bArr);
            } catch (Exception e) {
                throw new SignatureException(e.toString(), e);
            }
        }

        @Override // java.security.SignatureSpi
        protected void engineSetParameter(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
            throw new InvalidAlgorithmParameterException("no ParameterSpec supported");
        }

        private void initVerify() {
            this.verifier = this.operatorFactory.createVerifier((AsymmetricPublicKey) this.key, this.parameters);
            this.dataStream = this.verifier.getVerifyingStream();
        }

        private void initSign() throws SignatureException {
            try {
                this.signer = (OutputSigner) Utils.addRandomIfNeeded(this.operatorFactory.createSigner((AsymmetricPrivateKey) this.key, this.parameters), this.appRandom);
                this.dataStream = this.signer.getSigningStream();
            } catch (Exception e) {
                throw new SignatureException(e.getMessage(), e);
            }
        }

        @Override // java.security.SignatureSpi
        protected AlgorithmParameters engineGetParameters() {
            return this.engineParams;
        }

        @Override // java.security.SignatureSpi
        protected void engineSetParameter(String str, Object obj) {
            throw new UnsupportedOperationException("SetParameter unsupported");
        }

        @Override // java.security.SignatureSpi
        protected Object engineGetParameter(String str) {
            throw new UnsupportedOperationException("GetParameter unsupported");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.bouncycastle.jcajce.provider.AlgorithmProvider
    public void configure(final BouncyCastleFipsProvider bouncyCastleFipsProvider) {
        bouncyCastleFipsProvider.addAlgorithmImplementation("KeyFactory.LMS", "org.bouncycastle.jcajce.provider.asymmetric.lms.KeyFactorySpi$LMS", new GuardedEngineCreator(new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvLMS.3
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new KeyFactorySpi("LMS");
            }
        }));
        bouncyCastleFipsProvider.addAlgorithmImplementation("KeyPairGenerator.LMS", "org.bouncycastle.jcajce.provider.asymmetric.lms.KeyPairGenerator", new GuardedEngineCreator(new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvLMS.4
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new KeyPairGeneratorSpi(bouncyCastleFipsProvider);
            }
        }));
        bouncyCastleFipsProvider.addAlgorithmImplementation("Signature.LMS", "org.bouncycastle.jcajce.provider.asymmetric.lms.Signature$LMS", new GuardedEngineCreator(new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvLMS.5
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new LMSSignatureSpi(bouncyCastleFipsProvider, new FipsLMS.OperatorFactory(), ProvLMS.lmsPublicKeyConverter, ProvLMS.lmsPrivateKeyConverter, FipsLMS.SIG);
            }
        }));
        bouncyCastleFipsProvider.addAlias("Signature", "LMS", PKCSObjectIdentifiers.id_alg_hss_lms_hashsig);
        registerOid(bouncyCastleFipsProvider, PKCSObjectIdentifiers.id_alg_hss_lms_hashsig, "LMS", new KeyFactorySpi("LMS"));
    }

    static {
        generalAttributes.put("SupportedKeyClasses", "org.bouncycastle.interfaces.LMSKey");
        generalAttributes.put("SupportedKeyFormats", "PKCS#8|X.509");
        lmsPublicKeyConverter = new PublicKeyConverter<AsymmetricLMSPublicKey>() { // from class: org.bouncycastle.jcajce.provider.ProvLMS.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.bouncycastle.jcajce.provider.PublicKeyConverter
            public AsymmetricLMSPublicKey convertKey(Algorithm algorithm, PublicKey publicKey) throws InvalidKeyException {
                if (publicKey instanceof ProvLMSPublicKey) {
                    return ((ProvLMSPublicKey) publicKey).getBaseKey();
                }
                try {
                    return new AsymmetricLMSPublicKey(Utils.getKeyEncoding(publicKey));
                } catch (Exception e) {
                    throw new InvalidKeyException("Cannot identify LMS public key: " + e.getMessage(), e);
                }
            }
        };
        lmsPrivateKeyConverter = new PrivateKeyConverter<AsymmetricLMSPrivateKey>() { // from class: org.bouncycastle.jcajce.provider.ProvLMS.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.bouncycastle.jcajce.provider.PrivateKeyConverter
            public AsymmetricLMSPrivateKey convertKey(Algorithm algorithm, PrivateKey privateKey) throws InvalidKeyException {
                if (privateKey instanceof ProvLMSPrivateKey) {
                    return ((ProvLMSPrivateKey) privateKey).getBaseKey();
                }
                try {
                    return new AsymmetricLMSPrivateKey(PrivateKeyInfo.getInstance(Utils.getKeyEncoding(privateKey)));
                } catch (Exception e) {
                    throw new InvalidKeyException("Cannot identify LMS private key: " + e.getMessage(), e);
                }
            }
        };
    }
}
