package com.xdja.tls.crypto.impl.jcajce;

import com.xdja.jce.base.params.ECKeyParameters;
import com.xdja.jce.base.util.PrivateKeyFactory;
import com.xdja.jce.coding.asn1.cryptlib.ASN1SM2Cipher;
import com.xdja.jce.coding.asn1.pkcs.PrivateKeyInfo;
import com.xdja.jce.core.util.Arrays;
import com.xdja.tls.Certificate;
import com.xdja.tls.DefaultTlsCredentialedSigner;
import com.xdja.tls.SignatureAlgorithm;
import com.xdja.tls.SignatureAndHashAlgorithm;
import com.xdja.tls.TlsCredentialedDecryptor;
import com.xdja.tls.TlsFatalAlert;
import com.xdja.tls.crypto.TlsCertificate;
import com.xdja.tls.crypto.TlsCryptoParameters;
import com.xdja.tls.crypto.TlsSecret;
import com.xdja.tls.crypto.TlsSigner;
import com.xdja.tls.crypto.TlsStreamSigner;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import javax.crypto.Cipher;

/* loaded from: input_file:com/xdja/tls/crypto/impl/jcajce/JcaDefaultGMSSLCredentialedSigner.class */
public class JcaDefaultGMSSLCredentialedSigner extends DefaultTlsCredentialedSigner implements TlsCredentialedDecryptor {
    private PrivateKey signPrivateKey;
    private PrivateKey encPrivateKey;
    private JcaTlsCrypto crypto;
    private TlsCertificate signCertificate;
    private TlsCertificate encCertificate;

    public JcaDefaultGMSSLCredentialedSigner(TlsCryptoParameters tlsCryptoParameters, JcaTlsCrypto jcaTlsCrypto, PrivateKey privateKey, PrivateKey privateKey2, Certificate certificate, SignatureAndHashAlgorithm signatureAndHashAlgorithm) {
        super(tlsCryptoParameters, makeSigner(jcaTlsCrypto, privateKey, signatureAndHashAlgorithm), certificate, signatureAndHashAlgorithm);
        this.signPrivateKey = privateKey;
        this.encPrivateKey = privateKey2;
        this.crypto = jcaTlsCrypto;
        this.signCertificate = certificate.getCertificateAt(0);
        this.encCertificate = certificate.getCertificateAt(1);
    }

    private static TlsSigner makeSigner(JcaTlsCrypto jcaTlsCrypto, PrivateKey privateKey, SignatureAndHashAlgorithm signatureAndHashAlgorithm) {
        String algorithm = privateKey.getAlgorithm();
        if (!(privateKey instanceof RSAPrivateKey) && !"RSA".equalsIgnoreCase(algorithm) && !"RSASSA-PSS".equalsIgnoreCase(algorithm)) {
            if (ECUtil.isECPrivateKey(privateKey)) {
                return new JcaTlsSM2Signer(jcaTlsCrypto, privateKey);
            }
            throw new IllegalArgumentException("'privateKey' type not supported: " + privateKey.getClass().getName());
        }
        if (signatureAndHashAlgorithm == null) {
            return null;
        }
        short signature = signatureAndHashAlgorithm.getSignature();
        switch (signature) {
            case 13:
                return new JcaTlsRSAPSSSigner(jcaTlsCrypto, privateKey, signature);
            default:
                throw new IllegalArgumentException("'signatureAlgorithm' type not supported: " + SignatureAlgorithm.getName(signature));
        }
    }

    @Override // com.xdja.tls.TlsCredentialedDecryptor
    public TlsSecret decrypt(TlsCryptoParameters tlsCryptoParameters, byte[] bArr) throws IOException {
        return safeDecryptPreMasterSecret((ECKeyParameters) PrivateKeyFactory.createKey(PrivateKeyInfo.getInstance(this.encPrivateKey.getEncoded())), bArr);
    }

    private TlsSecret safeDecryptPreMasterSecret(ECKeyParameters eCKeyParameters, byte[] bArr) throws IOException {
        byte[] bArr2 = new byte[bArr.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        ASN1SM2Cipher aSN1SM2Cipher = ASN1SM2Cipher.getInstance(bArr2);
        byte[] concatenate = Arrays.concatenate(eCKeyParameters.getParameters().getCurve().createPoint(aSN1SM2Cipher.getxCoordinate(), aSN1SM2Cipher.getyCoordinate()).getEncoded(false), aSN1SM2Cipher.getCipherText(), aSN1SM2Cipher.getHash());
        try {
            Cipher createCipher = this.crypto.getHelper().createCipher("SM2");
            createCipher.init(2, this.encPrivateKey);
            createCipher.update(concatenate, 0, concatenate.length);
            return this.crypto.createSecret(createCipher.doFinal());
        } catch (Exception e) {
            throw new TlsFatalAlert((short) 51, e);
        }
    }

    @Override // com.xdja.tls.DefaultTlsCredentialedSigner, com.xdja.tls.TlsCredentials
    public Certificate getCertificate() {
        return super.getCertificate();
    }

    @Override // com.xdja.tls.DefaultTlsCredentialedSigner, com.xdja.tls.TlsCredentialedSigner
    public byte[] generateRawSignature(byte[] bArr) throws IOException {
        try {
            Signature createSignature = this.crypto.getHelper().createSignature("SM3WithSM2");
            createSignature.initSign(this.signPrivateKey, this.crypto.getSecureRandom());
            createSignature.update(bArr, 0, bArr.length);
            return createSignature.sign();
        } catch (Exception e) {
            throw new TlsFatalAlert((short) 80, e);
        }
    }

    @Override // com.xdja.tls.DefaultTlsCredentialedSigner, com.xdja.tls.TlsCredentialedSigner
    public SignatureAndHashAlgorithm getSignatureAndHashAlgorithm() {
        return super.getSignatureAndHashAlgorithm();
    }

    @Override // com.xdja.tls.DefaultTlsCredentialedSigner, com.xdja.tls.TlsCredentialedSigner
    public TlsStreamSigner getStreamSigner() throws IOException {
        return super.getStreamSigner();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.xdja.tls.DefaultTlsCredentialedSigner
    public SignatureAndHashAlgorithm getEffectiveAlgorithm() {
        return super.getEffectiveAlgorithm();
    }
}
