package org.xwiki.crypto.signer.internal.factory;

import javax.inject.Singleton;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.crypto.AsymmetricBlockCipher;
import org.bouncycastle.crypto.engines.RSABlindedEngine;
import org.xwiki.component.annotation.Component;
import org.xwiki.crypto.params.cipher.CipherParameters;
import org.xwiki.crypto.params.cipher.asymmetric.AsymmetricCipherParameters;
import org.xwiki.crypto.params.cipher.asymmetric.AsymmetricKeyParameters;
import org.xwiki.crypto.signer.Signer;
import org.xwiki.crypto.signer.params.PssParameters;
import org.xwiki.crypto.signer.params.PssSignerParameters;

@Singleton
@Component(hints = {"RSASSA-PSS", "1.2.840.113549.1.1.10"})
/* loaded from: input_file:WEB-INF/lib/xwiki-commons-crypto-signer-10.2.jar:org/xwiki/crypto/signer/internal/factory/BcRsaSsaPssSignerFactory.class */
public class BcRsaSsaPssSignerFactory extends AbstractBcPssSignerFactory {
    private static final String PSS_PARAMS_ERROR = "PSS signer parameters are invalid: ";

    @Override // org.xwiki.crypto.signer.internal.factory.AbstractBcPssSignerFactory
    protected AsymmetricBlockCipher getCipherEngine() {
        return new RSABlindedEngine();
    }

    @Override // org.xwiki.crypto.signer.internal.factory.AbstractBcSignerFactory, org.xwiki.crypto.signer.internal.factory.BcSignerFactory
    public Signer getInstance(boolean z, CipherParameters cipherParameters, AlgorithmIdentifier algorithmIdentifier) {
        if (!algorithmIdentifier.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) {
            throw new IllegalArgumentException("Incompatible algorithm for this signer: " + algorithmIdentifier.getAlgorithm().getId());
        }
        if (DERNull.INSTANCE.equals(algorithmIdentifier.getParameters())) {
            return getInstance(z, cipherParameters);
        }
        RSASSAPSSparams rSASSAPSSparams = RSASSAPSSparams.getInstance(algorithmIdentifier.getParameters());
        if (cipherParameters instanceof AsymmetricKeyParameters) {
            return getInstance(z, new PssSignerParameters((AsymmetricKeyParameters) cipherParameters, rSASSAPSSparams.getHashAlgorithm().getAlgorithm().getId(), AlgorithmIdentifier.getInstance(rSASSAPSSparams.getMaskGenAlgorithm().getParameters()).getAlgorithm().getId(), rSASSAPSSparams.getSaltLength().intValue(), rSASSAPSSparams.getTrailerField().intValue()));
        }
        throw new UnsupportedOperationException(PSS_PARAMS_ERROR + cipherParameters.getClass().getName());
    }

    @Override // org.xwiki.crypto.signer.internal.factory.AbstractBcSignerFactory
    protected AlgorithmIdentifier getSignerAlgorithmIdentifier(AsymmetricCipherParameters asymmetricCipherParameters) {
        if (asymmetricCipherParameters instanceof AsymmetricKeyParameters) {
            return new AlgorithmIdentifier(PKCSObjectIdentifiers.id_RSASSA_PSS, DERNull.INSTANCE);
        }
        if (!(asymmetricCipherParameters instanceof PssSignerParameters)) {
            throw new UnsupportedOperationException(PSS_PARAMS_ERROR + asymmetricCipherParameters.getClass().getName());
        }
        PssParameters pssParameters = ((PssSignerParameters) asymmetricCipherParameters).getPssParameters();
        return new AlgorithmIdentifier(PKCSObjectIdentifiers.id_RSASSA_PSS, new RSASSAPSSparams(getDigestFactory(pssParameters.getHashAlgorithm()).getAlgorithmIdentifier(), new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, getDigestFactory(pssParameters.getMaskGenAlgorithm()).getAlgorithmIdentifier()), new ASN1Integer(pssParameters.getSaltLength() >= 0 ? pssParameters.getSaltLength() : r0.getDigestSize()), new ASN1Integer(pssParameters.getTrailerField())));
    }
}
