package com.android.internal.net.ipsec.ike.message;

import android.net.ipsec.ike.IkeManager;
import android.net.ipsec.ike.exceptions.AuthenticationFailedException;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
import android.util.ArraySet;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.net.ipsec.ike.crypto.IkeMacPrf;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.nio.ByteBuffer;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Set;
import org.robolectric.internal.bytecode.InvokeDynamicSupport;
import org.robolectric.internal.bytecode.RobolectricInternals;
import org.robolectric.internal.bytecode.ShadowedObject;

/* loaded from: input_file:com/android/internal/net/ipsec/ike/message/IkeAuthDigitalSignPayload.class */
public class IkeAuthDigitalSignPayload extends IkeAuthPayload implements ShadowedObject {
    public transient /* synthetic */ Object __robo_data__;
    private static String TAG;
    private static String KEY_ALGO_NAME = "RSA";
    private static byte SIGNATURE_ALGO_ASN1_BYTES_LEN = 15;
    private static byte SIGNATURE_ALGO_ASN1_BYTES_LEN_LEN = 1;
    private static byte[] PKI_ALGO_ID_DER_BYTES_RSA_SHA1;
    private static byte[] PKI_ALGO_ID_DER_BYTES_RSA_SHA2_256;
    private static byte[] PKI_ALGO_ID_DER_BYTES_RSA_SHA2_384;
    private static byte[] PKI_ALGO_ID_DER_BYTES_RSA_SHA2_512;
    private static int SIGNATURE_ALGO_ASN1_LEN_LEN = 1;
    public static String SIGNATURE_ALGO_RSA_SHA1 = "SHA1withRSA";
    public static String SIGNATURE_ALGO_RSA_SHA2_256 = "SHA256withRSA";
    public static String SIGNATURE_ALGO_RSA_SHA2_384 = "SHA384withRSA";
    public static String SIGNATURE_ALGO_RSA_SHA2_512 = "SHA512withRSA";
    public static short HASH_ALGORITHM_RSA_SHA1 = 1;
    public static short HASH_ALGORITHM_RSA_SHA2_256 = 2;
    public static short HASH_ALGORITHM_RSA_SHA2_384 = 3;
    public static short HASH_ALGORITHM_RSA_SHA2_512 = 4;
    public static short[] ALL_SIGNATURE_ALGO_TYPES;
    private static Set<Short> ALL_SIGNATURE_ALGO_TYPES_SET;
    public String signatureAndHashAlgos;
    public byte[] signature;

    @Retention(RetentionPolicy.SOURCE)
    @VisibleForTesting
    /* loaded from: input_file:com/android/internal/net/ipsec/ike/message/IkeAuthDigitalSignPayload$SignatureAlgo.class */
    @interface SignatureAlgo {
    }

    private void $$robo$$com_android_internal_net_ipsec_ike_message_IkeAuthDigitalSignPayload$__constructor__(boolean z, int i, byte[] bArr) throws IkeProtocolException {
        switch (i) {
            case 1:
                this.signatureAndHashAlgos = "SHA1withRSA";
                this.signature = bArr;
                return;
            case 14:
                ByteBuffer wrap = ByteBuffer.wrap(bArr);
                int unsignedInt = Byte.toUnsignedInt(wrap.get());
                byte[] bArr2 = new byte[unsignedInt];
                wrap.get(bArr2);
                this.signatureAndHashAlgos = bytesToJavaStandardSignAlgoName(bArr2);
                this.signature = new byte[(bArr.length - 1) - unsignedInt];
                wrap.get(this.signature);
                return;
            default:
                throw new IllegalArgumentException("Unrecognized authentication method.");
        }
    }

    private void $$robo$$com_android_internal_net_ipsec_ike_message_IkeAuthDigitalSignPayload$__constructor__(String str, PrivateKey privateKey, byte[] bArr, byte[] bArr2, byte[] bArr3, IkeMacPrf ikeMacPrf, byte[] bArr4) {
        byte[] signedOctets = getSignedOctets(bArr, bArr2, bArr3, ikeMacPrf, bArr4);
        try {
            Signature signature = Signature.getInstance(str);
            signature.initSign(privateKey);
            signature.update(signedOctets);
            this.signature = signature.sign();
            this.signatureAndHashAlgos = str;
        } catch (InvalidKeyException | SignatureException e) {
            throw new IllegalArgumentException("Signature generation failed", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new ProviderException("Security Provider does not support RSA or " + str);
        }
    }

    private final byte[] $$robo$$com_android_internal_net_ipsec_ike_message_IkeAuthDigitalSignPayload$javaStandardSignAlgoNameToAsn1Bytes(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -794853417:
                if (str.equals("SHA384withRSA")) {
                    z = 2;
                    break;
                }
                break;
            case -754115883:
                if (str.equals("SHA1withRSA")) {
                    z = false;
                    break;
                }
                break;
            case -611254448:
                if (str.equals("SHA512withRSA")) {
                    z = 3;
                    break;
                }
                break;
            case -280290445:
                if (str.equals("SHA256withRSA")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return PKI_ALGO_ID_DER_BYTES_RSA_SHA1;
            case true:
                return PKI_ALGO_ID_DER_BYTES_RSA_SHA2_256;
            case true:
                return PKI_ALGO_ID_DER_BYTES_RSA_SHA2_384;
            case true:
                return PKI_ALGO_ID_DER_BYTES_RSA_SHA2_512;
            default:
                throw new IllegalArgumentException("Impossible! We used an unsupported algo");
        }
    }

    private final String $$robo$$com_android_internal_net_ipsec_ike_message_IkeAuthDigitalSignPayload$bytesToJavaStandardSignAlgoName(byte[] bArr) throws AuthenticationFailedException {
        if (Arrays.equals(PKI_ALGO_ID_DER_BYTES_RSA_SHA1, bArr)) {
            return "SHA1withRSA";
        }
        if (Arrays.equals(PKI_ALGO_ID_DER_BYTES_RSA_SHA2_256, bArr)) {
            return "SHA256withRSA";
        }
        if (Arrays.equals(PKI_ALGO_ID_DER_BYTES_RSA_SHA2_384, bArr)) {
            return "SHA384withRSA";
        }
        if (Arrays.equals(PKI_ALGO_ID_DER_BYTES_RSA_SHA2_512, bArr)) {
            return "SHA512withRSA";
        }
        throw new AuthenticationFailedException("Unrecognized ASN.1 objects for Signature algorithm and Hash");
    }

    private final void $$robo$$com_android_internal_net_ipsec_ike_message_IkeAuthDigitalSignPayload$verifyInboundSignature(X509Certificate x509Certificate, byte[] bArr, byte[] bArr2, byte[] bArr3, IkeMacPrf ikeMacPrf, byte[] bArr4) throws AuthenticationFailedException {
        byte[] signedOctets = getSignedOctets(bArr, bArr2, bArr3, ikeMacPrf, bArr4);
        try {
            Signature signature = Signature.getInstance(this.signatureAndHashAlgos);
            signature.initVerify(x509Certificate);
            signature.update(signedOctets);
            if (signature.verify(this.signature)) {
            } else {
                throw new AuthenticationFailedException("Signature verification failed.");
            }
        } catch (InvalidKeyException | SignatureException e) {
            throw new AuthenticationFailedException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new ProviderException("Security Provider does not support " + this.signatureAndHashAlgos);
        }
    }

    private final void $$robo$$com_android_internal_net_ipsec_ike_message_IkeAuthDigitalSignPayload$encodeAuthDataToByteBuffer(ByteBuffer byteBuffer) {
        if (this.authMethod == 14) {
            byteBuffer.put((byte) 15);
            byteBuffer.put(javaStandardSignAlgoNameToAsn1Bytes(this.signatureAndHashAlgos));
        }
        byteBuffer.put(this.signature);
    }

    private final int $$robo$$com_android_internal_net_ipsec_ike_message_IkeAuthDigitalSignPayload$getAuthDataLength() {
        return this.authMethod == 14 ? 16 + this.signature.length : this.signature.length;
    }

    private final String $$robo$$com_android_internal_net_ipsec_ike_message_IkeAuthDigitalSignPayload$getTypeString() {
        return "Auth(Digital Sign)";
    }

    private static final Set<Short> $$robo$$com_android_internal_net_ipsec_ike_message_IkeAuthDigitalSignPayload$getSignatureHashAlgorithmsFromIkeNotifyPayload(IkeNotifyPayload ikeNotifyPayload) throws InvalidSyntaxException {
        if (ikeNotifyPayload.notifyType != 16431) {
            throw new IllegalArgumentException("Notify payload type must be SIGNATURE_HASH_ALGORITHMS");
        }
        if (ikeNotifyPayload.notifyData.length % 2 != 0) {
            throw new InvalidSyntaxException("Received notify(SIGNATURE_HASH_ALGORITHMS) with invalid notify data");
        }
        ArraySet arraySet = new ArraySet();
        ByteBuffer wrap = ByteBuffer.wrap(ikeNotifyPayload.notifyData);
        while (wrap.hasRemaining()) {
            short s = wrap.getShort();
            if (!ALL_SIGNATURE_ALGO_TYPES_SET.contains(Short.valueOf(s)) || !arraySet.add(Short.valueOf(s))) {
                IkeManager.getIkeLog().w(TAG, "Unexpected or repeated Signature Hash Algorithm: " + ((int) s));
            }
        }
        return arraySet;
    }

    static void __staticInitializer__() {
        TAG = IkeAuthDigitalSignPayload.class.getSimpleName();
        PKI_ALGO_ID_DER_BYTES_RSA_SHA1 = new byte[]{48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 5, 5, 0};
        PKI_ALGO_ID_DER_BYTES_RSA_SHA2_256 = new byte[]{48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 11, 5, 0};
        PKI_ALGO_ID_DER_BYTES_RSA_SHA2_384 = new byte[]{48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 12, 5, 0};
        PKI_ALGO_ID_DER_BYTES_RSA_SHA2_512 = new byte[]{48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 13, 5, 0};
        ALL_SIGNATURE_ALGO_TYPES = new short[]{1, 2, 3, 4};
        ALL_SIGNATURE_ALGO_TYPES_SET = new ArraySet();
        ALL_SIGNATURE_ALGO_TYPES_SET.add((short) 1);
        ALL_SIGNATURE_ALGO_TYPES_SET.add((short) 2);
        ALL_SIGNATURE_ALGO_TYPES_SET.add((short) 3);
        ALL_SIGNATURE_ALGO_TYPES_SET.add((short) 4);
    }

    private void __constructor__(boolean z, int i, byte[] bArr) throws IkeProtocolException {
        $$robo$$com_android_internal_net_ipsec_ike_message_IkeAuthDigitalSignPayload$__constructor__(z, i, bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public IkeAuthDigitalSignPayload(boolean z, int i, byte[] bArr) throws IkeProtocolException {
        super(z, i);
        <init>();
        InvokeDynamicSupport.bootstrap(MethodHandles.lookup(), "__constructor__", MethodType.methodType(Void.TYPE, IkeAuthDigitalSignPayload.class, Boolean.TYPE, Integer.TYPE, byte[].class), MethodHandles.lookup().findVirtual(IkeAuthDigitalSignPayload.class, "$$robo$$com_android_internal_net_ipsec_ike_message_IkeAuthDigitalSignPayload$__constructor__", MethodType.methodType(Void.TYPE, Boolean.TYPE, Integer.TYPE, byte[].class)), 0).dynamicInvoker().invoke(this, z, i, bArr) /* invoke-custom */;
    }

    private void __constructor__(String str, PrivateKey privateKey, byte[] bArr, byte[] bArr2, byte[] bArr3, IkeMacPrf ikeMacPrf, byte[] bArr4) {
        $$robo$$com_android_internal_net_ipsec_ike_message_IkeAuthDigitalSignPayload$__constructor__(str, privateKey, bArr, bArr2, bArr3, ikeMacPrf, bArr4);
    }

    public IkeAuthDigitalSignPayload(String str, PrivateKey privateKey, byte[] bArr, byte[] bArr2, byte[] bArr3, IkeMacPrf ikeMacPrf, byte[] bArr4) {
        super(false, 14);
        <init>();
        InvokeDynamicSupport.bootstrap(MethodHandles.lookup(), "__constructor__", MethodType.methodType(Void.TYPE, IkeAuthDigitalSignPayload.class, String.class, PrivateKey.class, byte[].class, byte[].class, byte[].class, IkeMacPrf.class, byte[].class), MethodHandles.lookup().findVirtual(IkeAuthDigitalSignPayload.class, "$$robo$$com_android_internal_net_ipsec_ike_message_IkeAuthDigitalSignPayload$__constructor__", MethodType.methodType(Void.TYPE, String.class, PrivateKey.class, byte[].class, byte[].class, byte[].class, IkeMacPrf.class, byte[].class)), 0).dynamicInvoker().invoke(this, str, privateKey, bArr, bArr2, bArr3, ikeMacPrf, bArr4) /* invoke-custom */;
    }

    private byte[] javaStandardSignAlgoNameToAsn1Bytes(String str) {
        return (byte[]) InvokeDynamicSupport.bootstrap(MethodHandles.lookup(), "javaStandardSignAlgoNameToAsn1Bytes", MethodType.methodType(byte[].class, IkeAuthDigitalSignPayload.class, String.class), MethodHandles.lookup().findVirtual(IkeAuthDigitalSignPayload.class, "$$robo$$com_android_internal_net_ipsec_ike_message_IkeAuthDigitalSignPayload$javaStandardSignAlgoNameToAsn1Bytes", MethodType.methodType(byte[].class, String.class)), 0).dynamicInvoker().invoke(this, str) /* invoke-custom */;
    }

    private String bytesToJavaStandardSignAlgoName(byte[] bArr) throws AuthenticationFailedException {
        return (String) InvokeDynamicSupport.bootstrap(MethodHandles.lookup(), "bytesToJavaStandardSignAlgoName", MethodType.methodType(String.class, IkeAuthDigitalSignPayload.class, byte[].class), MethodHandles.lookup().findVirtual(IkeAuthDigitalSignPayload.class, "$$robo$$com_android_internal_net_ipsec_ike_message_IkeAuthDigitalSignPayload$bytesToJavaStandardSignAlgoName", MethodType.methodType(String.class, byte[].class)), 0).dynamicInvoker().invoke(this, bArr) /* invoke-custom */;
    }

    public void verifyInboundSignature(X509Certificate x509Certificate, byte[] bArr, byte[] bArr2, byte[] bArr3, IkeMacPrf ikeMacPrf, byte[] bArr4) throws AuthenticationFailedException {
        InvokeDynamicSupport.bootstrap(MethodHandles.lookup(), "verifyInboundSignature", MethodType.methodType(Void.TYPE, IkeAuthDigitalSignPayload.class, X509Certificate.class, byte[].class, byte[].class, byte[].class, IkeMacPrf.class, byte[].class), MethodHandles.lookup().findVirtual(IkeAuthDigitalSignPayload.class, "$$robo$$com_android_internal_net_ipsec_ike_message_IkeAuthDigitalSignPayload$verifyInboundSignature", MethodType.methodType(Void.TYPE, X509Certificate.class, byte[].class, byte[].class, byte[].class, IkeMacPrf.class, byte[].class)), 0).dynamicInvoker().invoke(this, x509Certificate, bArr, bArr2, bArr3, ikeMacPrf, bArr4) /* invoke-custom */;
    }

    @Override // com.android.internal.net.ipsec.ike.message.IkeAuthPayload
    protected void encodeAuthDataToByteBuffer(ByteBuffer byteBuffer) {
        InvokeDynamicSupport.bootstrap(MethodHandles.lookup(), "encodeAuthDataToByteBuffer", MethodType.methodType(Void.TYPE, IkeAuthDigitalSignPayload.class, ByteBuffer.class), MethodHandles.lookup().findVirtual(IkeAuthDigitalSignPayload.class, "$$robo$$com_android_internal_net_ipsec_ike_message_IkeAuthDigitalSignPayload$encodeAuthDataToByteBuffer", MethodType.methodType(Void.TYPE, ByteBuffer.class)), 0).dynamicInvoker().invoke(this, byteBuffer) /* invoke-custom */;
    }

    @Override // com.android.internal.net.ipsec.ike.message.IkeAuthPayload
    protected int getAuthDataLength() {
        return (int) InvokeDynamicSupport.bootstrap(MethodHandles.lookup(), "getAuthDataLength", MethodType.methodType(Integer.TYPE, IkeAuthDigitalSignPayload.class), MethodHandles.lookup().findVirtual(IkeAuthDigitalSignPayload.class, "$$robo$$com_android_internal_net_ipsec_ike_message_IkeAuthDigitalSignPayload$getAuthDataLength", MethodType.methodType(Integer.TYPE)), 0).dynamicInvoker().invoke(this) /* invoke-custom */;
    }

    @Override // com.android.internal.net.ipsec.ike.message.IkePayload
    public String getTypeString() {
        return (String) InvokeDynamicSupport.bootstrap(MethodHandles.lookup(), "getTypeString", MethodType.methodType(String.class, IkeAuthDigitalSignPayload.class), MethodHandles.lookup().findVirtual(IkeAuthDigitalSignPayload.class, "$$robo$$com_android_internal_net_ipsec_ike_message_IkeAuthDigitalSignPayload$getTypeString", MethodType.methodType(String.class)), 0).dynamicInvoker().invoke(this) /* invoke-custom */;
    }

    public static Set<Short> getSignatureHashAlgorithmsFromIkeNotifyPayload(IkeNotifyPayload ikeNotifyPayload) throws InvalidSyntaxException {
        return (Set) InvokeDynamicSupport.bootstrapStatic(MethodHandles.lookup(), "getSignatureHashAlgorithmsFromIkeNotifyPayload", MethodType.methodType(Set.class, IkeNotifyPayload.class), MethodHandles.lookup().findStatic(IkeAuthDigitalSignPayload.class, "$$robo$$com_android_internal_net_ipsec_ike_message_IkeAuthDigitalSignPayload$getSignatureHashAlgorithmsFromIkeNotifyPayload", MethodType.methodType(Set.class, IkeNotifyPayload.class)), 0).dynamicInvoker().invoke(ikeNotifyPayload) /* invoke-custom */;
    }

    static {
        RobolectricInternals.classInitializing(IkeAuthDigitalSignPayload.class);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.android.internal.net.ipsec.ike.message.IkeAuthPayload, com.android.internal.net.ipsec.ike.message.IkePayload
    /* renamed from: $$robo$init */
    public /* synthetic */ void <init>() {
        if (this.__robo_data__ == null) {
            this.__robo_data__ = (Object) InvokeDynamicSupport.bootstrapInit(MethodHandles.lookup(), "initializing", MethodType.methodType(Object.class, IkeAuthDigitalSignPayload.class)).dynamicInvoker().invoke(this) /* invoke-custom */;
        }
    }

    @Override // com.android.internal.net.ipsec.ike.message.IkeAuthPayload, com.android.internal.net.ipsec.ike.message.IkePayload
    public /* synthetic */ Object $$robo$getData() {
        return this.__robo_data__;
    }
}
