package net.netca.pki.encoding.asn1.pki;

import net.netca.pki.Device;
import net.netca.pki.Freeable;
import net.netca.pki.PkiException;
import net.netca.pki.Signature;

/* loaded from: classes3.dex */
public final class NetcaVerifier implements Freeable, Verifible {
    private Device device;

    public NetcaVerifier() throws PkiException {
        this.device = Device.getPseudoDevice();
        if (this.device == null) {
            throw new PkiException("get software device fail");
        }
    }

    public NetcaVerifier(Device device) throws PkiException {
        this.device = device.dup();
        if (this.device == null) {
            throw new PkiException("device dup fail");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int getNetcaSignAlgorithm(String str) {
        if (str.equals(AlgorithmIdentifier.SHA1WithRSA_OID)) {
            return 2;
        }
        if (str.equals(AlgorithmIdentifier.SM3WithSM2_OID)) {
            return 25;
        }
        if (str.equals(AlgorithmIdentifier.MD5WithRSA_OID)) {
            return 1;
        }
        if (str.equals(AlgorithmIdentifier.SHA224WithRSA_OID)) {
            return 3;
        }
        if (str.equals(AlgorithmIdentifier.SHA256WithRSA_OID)) {
            return 4;
        }
        if (str.equals(AlgorithmIdentifier.SHA384WithRSA_OID)) {
            return 5;
        }
        if (str.equals(AlgorithmIdentifier.SHA512WithRSA_OID)) {
            return 6;
        }
        if (str.equals(AlgorithmIdentifier.SM3WithRSA_OID)) {
            return 31;
        }
        if (str.equals(AlgorithmIdentifier.SHA512_224WithRSA_OID)) {
            return 34;
        }
        if (str.equals(AlgorithmIdentifier.SHA512_256WithRSA_OID)) {
            return 35;
        }
        if (str.equals(AlgorithmIdentifier.RSASSA_PSS_OID)) {
            return 22;
        }
        if (str.equals(AlgorithmIdentifier.DSAWithSHA1_OID)) {
            return 13;
        }
        if (str.equals(AlgorithmIdentifier.DSAWithSHA224_OID)) {
            return 14;
        }
        if (str.equals(AlgorithmIdentifier.DSAWithSHA256_OID)) {
            return 15;
        }
        if (str.equals(AlgorithmIdentifier.ECDSAWithSHA1_OID)) {
            return 16;
        }
        if (str.equals(AlgorithmIdentifier.ECDSAWithSHA224_OID)) {
            return 17;
        }
        if (str.equals(AlgorithmIdentifier.ECDSAWithSHA256_OID)) {
            return 18;
        }
        if (str.equals(AlgorithmIdentifier.ECDSAWithSHA384_OID)) {
            return 19;
        }
        if (str.equals(AlgorithmIdentifier.ECDSAWithSHA512_OID)) {
            return 20;
        }
        if (str.equals(AlgorithmIdentifier.SM2SIGN_OID)) {
            return 25;
        }
        if (str.equals(AlgorithmIdentifier.SHA3_224WithRSA_OID)) {
            return 36;
        }
        if (str.equals(AlgorithmIdentifier.SHA3_256WithRSA_OID)) {
            return 37;
        }
        if (str.equals(AlgorithmIdentifier.SHA3_384WithRSA_OID)) {
            return 38;
        }
        if (str.equals(AlgorithmIdentifier.SHA3_512WithRSA_OID)) {
            return 39;
        }
        if (str.equals(AlgorithmIdentifier.ECDSAWithSHA3_224_OID)) {
            return 40;
        }
        if (str.equals(AlgorithmIdentifier.ECDSAWithSHA3_256_OID)) {
            return 41;
        }
        if (str.equals(AlgorithmIdentifier.ECDSAWithSHA3_384_OID)) {
            return 42;
        }
        return str.equals(AlgorithmIdentifier.ECDSAWithSHA3_512_OID) ? 43 : -1;
    }

    private boolean verifySignature(Signature signature, byte[] bArr, int i, int i2, byte[] bArr2) throws PkiException {
        signature.update(bArr, i, i2);
        return signature.verify(bArr2);
    }

    @Override // net.netca.pki.Freeable
    public void free() {
        this.device.free();
    }

    @Override // net.netca.pki.encoding.asn1.pki.Verifible
    public boolean verify(PublicKey publicKey, AlgorithmIdentifier algorithmIdentifier, byte[] bArr, int i, int i2, byte[] bArr2) throws PkiException {
        Throwable th;
        net.netca.pki.PublicKey publicKey2;
        String oid = algorithmIdentifier.getOid();
        int netcaSignAlgorithm = getNetcaSignAlgorithm(oid);
        if (netcaSignAlgorithm < 0) {
            throw new PkiException("unknown signature algorithm " + oid);
        }
        if (netcaSignAlgorithm == 22) {
            throw new PkiException("unsupported rsa pss signature algorithm");
        }
        Signature signature = null;
        try {
            publicKey2 = this.device.importSubjectPublicKeyInfo(publicKey.toSubjectPublicKeyInfo().getASN1Object().encode());
            try {
                if (publicKey2 == null) {
                    throw new PkiException("importSubjectPublicKeyInfo fail");
                }
                Signature signature2 = new Signature(netcaSignAlgorithm, publicKey2);
                try {
                    boolean verifySignature = verifySignature(signature2, bArr, i, i2, bArr2);
                    signature2.free();
                    if (publicKey2 != null) {
                        publicKey2.free();
                    }
                    return verifySignature;
                } catch (Throwable th2) {
                    th = th2;
                    signature = signature2;
                    if (signature != null) {
                        signature.free();
                    }
                    if (publicKey2 != null) {
                        publicKey2.free();
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (Throwable th4) {
            th = th4;
            publicKey2 = null;
        }
    }
}
