package com.xdja.pki.gmssl.crypto.sdf;

import com.xdja.pki.gmssl.core.utils.GMSSLByteArrayUtils;
import com.xdja.pki.gmssl.sdf.SdfSDK;
import com.xdja.pki.gmssl.sdf.SdfSDKException;
import com.xdja.pki.gmssl.sdf.bean.SdfAlgIdHash;
import com.xdja.pki.gmssl.sdf.bean.SdfRSAPublicKey;
import java.io.IOException;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.DigestInfo;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.ExtendedDigest;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.digests.SHA384Digest;
import org.bouncycastle.crypto.digests.SHA512Digest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/gmssl-sdf-crypto-2.0.2-SNAPSHOT.jar:com/xdja/pki/gmssl/crypto/sdf/SdfRSASigner.class */
public class SdfRSASigner extends SdfSigner {
    private Logger logger;
    private ExtendedDigest sdfSHADigest;
    private SdfRSAKeyParameters keyParameters;
    private AlgorithmIdentifier algId;
    private SdfAlgIdHash sdfAlgIdHash;

    public SdfRSASigner(SdfCryptoType sdfCryptoType, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws SdfSDKException {
        this(sdfCryptoType, SdfAlgIdHash.converSdfAlgIdHash(aSN1ObjectIdentifier));
    }

    public SdfRSASigner(SdfCryptoType sdfCryptoType, AlgorithmIdentifier algorithmIdentifier) throws SdfSDKException {
        this(sdfCryptoType, algorithmIdentifier.getAlgorithm());
    }

    public SdfRSASigner(SdfAlgIdHash sdfAlgIdHash) throws SdfSDKException {
        this(SdfCryptoType.YUNHSM, sdfAlgIdHash);
    }

    public SdfRSASigner(SdfCryptoType sdfCryptoType, SdfAlgIdHash sdfAlgIdHash) throws SdfSDKException {
        this(sdfCryptoType.getSdfSDK(), sdfCryptoType, sdfAlgIdHash);
    }

    public SdfRSASigner(SdfSDK sdfSDK, SdfCryptoType sdfCryptoType, SdfAlgIdHash sdfAlgIdHash) throws SdfSDKException {
        this.logger = LoggerFactory.getLogger(getClass());
        this.sdfSDK = sdfSDK;
        this.algId = SdfAlgIdHash.convertAlgorithmIdentifier(sdfAlgIdHash);
        this.sdfAlgIdHash = sdfAlgIdHash;
        if (sdfAlgIdHash == SdfAlgIdHash.SGD_SHA1) {
            if (sdfCryptoType == SdfCryptoType.YUNHSM) {
                this.sdfSHADigest = new SdfSHADigest(sdfSDK, SdfAlgIdHash.SGD_SHA1);
            } else {
                this.sdfSHADigest = new SHA1Digest();
            }
        } else if (sdfAlgIdHash == SdfAlgIdHash.SGD_SHA256) {
            if (sdfCryptoType == SdfCryptoType.YUNHSM) {
                this.sdfSHADigest = new SdfSHADigest(sdfSDK, SdfAlgIdHash.SGD_SHA256);
            } else {
                this.sdfSHADigest = new SHA256Digest();
            }
        } else if (sdfAlgIdHash == SdfAlgIdHash.SGD_SHA384) {
            if (sdfCryptoType == SdfCryptoType.YUNHSM) {
                this.sdfSHADigest = new SdfSHADigest(sdfSDK, SdfAlgIdHash.SGD_SHA384);
            } else {
                this.sdfSHADigest = new SHA384Digest();
            }
        } else {
            if (sdfAlgIdHash != SdfAlgIdHash.SGD_SHA512) {
                throw new SdfSDKException("unsupported " + sdfAlgIdHash.getName() + " hash type");
            }
            if (sdfCryptoType == SdfCryptoType.YUNHSM) {
                this.sdfSHADigest = new SdfSHADigest(sdfSDK, SdfAlgIdHash.SGD_SHA512);
            } else {
                this.sdfSHADigest = new SHA512Digest();
            }
        }
        this.sdfSDK.init();
    }

    @Override // org.bouncycastle.crypto.Signer
    public void init(boolean z, CipherParameters cipherParameters) {
        this.keyParameters = (SdfRSAKeyParameters) cipherParameters;
    }

    @Override // org.bouncycastle.crypto.Signer
    public void update(byte b) {
        byte[] bArr = {b};
        update(bArr, 0, bArr.length);
    }

    @Override // org.bouncycastle.crypto.Signer
    public void update(byte[] bArr, int i, int i2) {
        this.sdfSHADigest.update(bArr, i, i2);
    }

    @Override // org.bouncycastle.crypto.Signer
    public byte[] generateSignature() throws DataLengthException {
        try {
            byte[] bArr = new byte[this.sdfSHADigest.getDigestSize()];
            this.sdfSHADigest.doFinal(bArr, 0);
            byte[] derEncode = derEncode(bArr, this.sdfSDK.exportSignPublicKeyRsa(this.keyParameters.getPrivateKeyIndex()).getBits() / 8);
            return derEncode.length == 0 ? derEncode : this.sdfSDK.internalPrivateKeyOperationRsa(this.keyParameters.getPrivateKeyIndex(), this.keyParameters.getPassword(), derEncode);
        } catch (Exception e) {
            this.logger.error("generateSignature", (Throwable) e);
            return new byte[0];
        }
    }

    @Override // org.bouncycastle.crypto.Signer
    public boolean verifySignature(byte[] bArr) {
        try {
            byte[] bArr2 = new byte[this.sdfSHADigest.getDigestSize()];
            this.sdfSHADigest.doFinal(bArr2, 0);
            SdfRSAPublicKey sdfRSAPublicKey = SdfRSAPublicKey.getInstance(this.keyParameters.getPublicKey());
            return GMSSLByteArrayUtils.isEqual(derEncode(bArr2, sdfRSAPublicKey.getBits() / 8), this.sdfSDK.externalPublicKeyOperationRsa(sdfRSAPublicKey, bArr));
        } catch (Exception e) {
            if (bArr != null) {
                GMSSLByteArrayUtils.printHexBinary(this.logger, "verifySignature signature", bArr);
            }
            this.logger.error("verifySignature", (Throwable) e);
            return false;
        }
    }

    @Override // org.bouncycastle.crypto.Signer
    public void reset() {
    }

    private byte[] derEncode(byte[] bArr, int i) throws IOException {
        return pkcs1Padding(new DigestInfo(this.algId, bArr).getEncoded(ASN1Encoding.DER), i);
    }
}
