package net.netca.pki.encoding.asn1.pki;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.PSSParameterSpec;
import java.util.HashMap;
import net.netca.pki.PkiException;
import net.netca.pki.algorithm.SM3;
import net.netca.pki.algorithm.ecc.ECCKeyPair;
import net.netca.pki.encoding.asn1.ASN1Object;

/* loaded from: classes3.dex */
public final class JCESigner implements Signable, MultiStepSignable {
    private PrivateKey privkey;
    private ECCKeyPair sm2;
    private HashMap<String, String> map = new HashMap<>();
    private Signature signObj = null;
    private SM3 sm3 = null;

    public JCESigner(PrivateKey privateKey) {
        this.privkey = privateKey;
    }

    public JCESigner(ECCKeyPair eCCKeyPair) {
        this.sm2 = eCCKeyPair;
    }

    public JCESigner(PrivateKeyInfo privateKeyInfo) throws PkiException {
        String str;
        if (privateKeyInfo.isSM2()) {
            this.sm2 = privateKeyInfo.getSM2KeyPair();
            return;
        }
        String oid = privateKeyInfo.getPrivateKeyAlgorithm().getOid();
        if (oid.equals(AlgorithmIdentifier.RSAEncrypt_OID) || oid.equals(AlgorithmIdentifier.RSASSA_PSS_OID)) {
            str = "RSA";
        } else {
            if (!oid.equals(AlgorithmIdentifier.ECPubKey_OID)) {
                throw new PkiException("unknow PrivateKeyInfo");
            }
            str = "EC";
        }
        try {
            this.privkey = KeyFactory.getInstance(str).generatePrivate(new PKCS8EncodedKeySpec(privateKeyInfo.getASN1Object().encode()));
        } catch (NoSuchAlgorithmException e2) {
            throw new PkiException("generatePrivate fail", e2);
        } catch (InvalidKeySpecException e3) {
            throw new PkiException("generatePrivate fail", e3);
        }
    }

    public JCESigner(PrivateKeyInfo privateKeyInfo, String str) throws PkiException {
        String str2;
        if (privateKeyInfo.isSM2()) {
            this.sm2 = privateKeyInfo.getSM2KeyPair();
            return;
        }
        String oid = privateKeyInfo.getPrivateKeyAlgorithm().getOid();
        if (oid.equals(AlgorithmIdentifier.RSAEncrypt_OID) || oid.equals(AlgorithmIdentifier.RSASSA_PSS_OID)) {
            str2 = "RSA";
        } else {
            if (!oid.equals(AlgorithmIdentifier.ECPubKey_OID)) {
                throw new PkiException("unknow PrivateKeyInfo");
            }
            str2 = "EC";
        }
        try {
            this.privkey = KeyFactory.getInstance(str2, str).generatePrivate(new PKCS8EncodedKeySpec(privateKeyInfo.getASN1Object().encode()));
        } catch (NoSuchAlgorithmException e2) {
            throw new PkiException("generatePrivate fail", e2);
        } catch (NoSuchProviderException e3) {
            throw new PkiException("generatePrivate fail", e3);
        } catch (InvalidKeySpecException e4) {
            throw new PkiException("generatePrivate fail", e4);
        }
    }

    private void sm2Init(AlgorithmIdentifier algorithmIdentifier) throws PkiException {
        if (!algorithmIdentifier.getOid().equals(AlgorithmIdentifier.SM3WithSM2_OID)) {
            throw new PkiException("not sm2 sign,private key mismatch");
        }
        byte[] computeZ = this.sm2.getPublicKey().computeZ();
        SM3 sm3 = new SM3();
        this.sm3 = sm3;
        sm3.update(computeZ);
    }

    public void addSignatureAlgorithmAlias(String str, String str2) {
        this.map.put(str, str2);
    }

    @Override // net.netca.pki.encoding.asn1.pki.MultiStepSignable
    public void init(AlgorithmIdentifier algorithmIdentifier) throws PkiException {
        if (this.sm2 != null) {
            sm2Init(algorithmIdentifier);
            return;
        }
        String signatureAlgorithmName = JCEVerifier.getSignatureAlgorithmName(this.map, algorithmIdentifier);
        if (signatureAlgorithmName == null) {
            throw new PkiException("unknown signature algorithm " + algorithmIdentifier.getOid());
        }
        PSSParameterSpec pSSParameterSpec = null;
        try {
            if (signatureAlgorithmName.equals(AlgorithmIdentifier.RSASSA_PSS_OID)) {
                ASN1Object param = algorithmIdentifier.getParam();
                pSSParameterSpec = JCEVerifier.toPSSParameterSpec(param);
                signatureAlgorithmName = JCEVerifier.toPSSAlgoName(param);
            }
            Signature signature = Signature.getInstance(signatureAlgorithmName);
            this.signObj = signature;
            signature.initSign(this.privkey);
            if (pSSParameterSpec != null) {
                this.signObj.setParameter(pSSParameterSpec);
            }
        } catch (InvalidAlgorithmParameterException e2) {
            throw new PkiException("InvalidAlgorithmParameterException: " + e2.getMessage(), e2);
        } catch (InvalidKeyException e3) {
            throw new PkiException("InvalidKeyException: " + e3.getMessage(), e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new PkiException("NoSuchAlgorithmException: " + e4.getMessage(), e4);
        }
    }

    @Override // net.netca.pki.encoding.asn1.pki.MultiStepSignable
    public byte[] sign() throws PkiException {
        if (this.sm2 != null) {
            SM3 sm3 = this.sm3;
            if (sm3 == null) {
                throw new PkiException("init first");
            }
            return this.sm2.SM2SignHash(sm3.doFinal(), JCESecureRandomGenerator.getInstance()).encode();
        }
        Signature signature = this.signObj;
        if (signature == null) {
            throw new PkiException("init first");
        }
        try {
            return signature.sign();
        } catch (SignatureException e2) {
            throw new PkiException("SignatureException: " + e2.getMessage(), e2);
        }
    }

    @Override // net.netca.pki.encoding.asn1.pki.Signable
    public byte[] sign(AlgorithmIdentifier algorithmIdentifier, byte[] bArr, int i2, int i3) throws PkiException {
        init(algorithmIdentifier);
        update(bArr, i2, i3);
        return sign();
    }

    @Override // net.netca.pki.encoding.asn1.pki.MultiStepSignable
    public void update(byte[] bArr, int i2, int i3) throws PkiException {
        if (this.sm2 != null) {
            SM3 sm3 = this.sm3;
            if (sm3 == null) {
                throw new PkiException("init first");
            }
            sm3.update(bArr, i2, i3);
            return;
        }
        Signature signature = this.signObj;
        if (signature == null) {
            throw new PkiException("init first");
        }
        try {
            signature.update(bArr, i2, i3);
        } catch (SignatureException e2) {
            throw new PkiException("SignatureException: " + e2.getMessage(), e2);
        }
    }
}
