package cn.com.infosec.netsigninterface;

import cn.com.infosec.jce.oscca.OSCCAMessageDigest;
import cn.com.infosec.jce.oscca.SM2;
import cn.com.infosec.jce.provider.JCESM2PrivateKey;
import cn.com.infosec.jce.provider.JCESM2PublicKey;
import cn.com.infosec.netsign.der.util.DERSegment;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;

/* loaded from: input_file:cn/com/infosec/netsigninterface/SignatureUtil.class */
public class SignatureUtil {
    public static byte[] sign(byte[] bArr, PrivateKey privateKey, String str, byte[] bArr2, X509Certificate x509Certificate) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        if (privateKey instanceof RSAPrivateKey) {
            Signature signature = Signature.getInstance(new StringBuffer(String.valueOf(str)).append("withRSA").toString(), "INFOSEC");
            signature.initSign(privateKey);
            signature.update(bArr);
            return signature.sign();
        }
        if (!(privateKey instanceof JCESM2PrivateKey)) {
            throw new InvalidKeyException(new StringBuffer("Unsupport private key type: ").append(privateKey.getClass()).toString());
        }
        JCESM2PublicKey publicKey = x509Certificate.getPublicKey();
        return SM2.signHash(str.toUpperCase().equals("SM3") ? OSCCAMessageDigest.SM3Digest(bArr2, publicKey.getX(), publicKey.getY(), bArr) : OSCCAMessageDigest.SHADigest(str, bArr2, publicKey.getX(), publicKey.getY(), bArr), ((JCESM2PrivateKey) privateKey).getD());
    }

    public static boolean verify(byte[] bArr, byte[] bArr2, PublicKey publicKey, String str, byte[] bArr3) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        if (publicKey instanceof RSAPublicKey) {
            Signature signature = Signature.getInstance(new StringBuffer(String.valueOf(str)).append("withRSA").toString(), "INFOSEC");
            signature.initVerify(publicKey);
            signature.update(bArr);
            return signature.verify(bArr2);
        }
        if (!(publicKey instanceof JCESM2PublicKey)) {
            throw new InvalidKeyException(new StringBuffer("Unsupport public key type: ").append(publicKey.getClass()).toString());
        }
        JCESM2PublicKey jCESM2PublicKey = (JCESM2PublicKey) publicKey;
        byte[] SM3Digest = str.toUpperCase().equals("SM3") ? OSCCAMessageDigest.SM3Digest(bArr3, jCESM2PublicKey.getX(), jCESM2PublicKey.getY(), bArr) : OSCCAMessageDigest.SHADigest(str, bArr3, jCESM2PublicKey.getX(), jCESM2PublicKey.getY(), bArr);
        byte[] formatSignedMsg = formatSignedMsg(bArr2);
        byte[] bArr4 = new byte[64];
        System.arraycopy(jCESM2PublicKey.getX(), 0, bArr4, 0, 32);
        System.arraycopy(jCESM2PublicKey.getY(), 0, bArr4, 32, 32);
        return SM2.verifyHash(SM3Digest, formatSignedMsg, bArr4);
    }

    private static byte[] formatSignedMsg(byte[] bArr) throws SignatureException {
        if (bArr.length == 64) {
            return bArr;
        }
        while (bArr[0] == 0) {
            byte[] bArr2 = new byte[bArr.length - 1];
            System.arraycopy(bArr, 1, bArr2, 0, bArr2.length);
            bArr = bArr2;
        }
        if (bArr[0] != 48) {
            throw new SignatureException("Bad signature structon");
        }
        byte[] bArr3 = new byte[64];
        try {
            DERSegment innerDERSegment = new DERSegment(bArr).getInnerDERSegment();
            byte[] innerData = innerDERSegment.nextDERSegment().getInnerData();
            System.arraycopy(innerData, innerData.length - 32, bArr3, 0, 32);
            byte[] innerData2 = innerDERSegment.nextDERSegment().getInnerData();
            System.arraycopy(innerData2, innerData2.length - 32, bArr3, 32, 32);
            return bArr3;
        } catch (Exception e) {
            throw new SignatureException(e.toString());
        }
    }
}
