package cmbc.cfca.rsa.signature;

import cmbc.cfca.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import cmbc.cfca.org.bouncycastle.crypto.Digest;
import cmbc.cfca.org.bouncycastle.crypto.Signer;
import cmbc.cfca.org.bouncycastle.crypto.digests.MD5Digest;
import cmbc.cfca.org.bouncycastle.crypto.digests.SHA1Digest;
import cmbc.cfca.org.bouncycastle.crypto.digests.SHA256Digest;
import cmbc.cfca.org.bouncycastle.crypto.digests.SHA512Digest;
import cmbc.cfca.org.bouncycastle.crypto.signers.RSADigestSigner;
import cmbc.cfca.sm2rsa.common.Mechanism;
import cmbc.cfca.sm2rsa.common.PKCSObjectIdentifiers;
import cmbc.cfca.sm2rsa.common.PKIException;
import cmbc.cfca.util.cipher.lib.BCSoftLib;
import cmbc.cfca.util.cipher.lib.JNISoftLib;
import cmbc.cfca.util.cipher.lib.Session;
import cryptokit.jni.JNIHash;
import java.io.File;
import java.io.FileOutputStream;
import java.io.RandomAccessFile;
import java.security.Key;
import java.security.interfaces.RSAPublicKey;

/* loaded from: input_file:cmbc/cfca/rsa/signature/RSASignUtil.class */
public class RSASignUtil {
    private static final int bufferSize = 16384;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:cmbc/cfca/rsa/signature/RSASignUtil$LocalHashDigest.class */
    public static final class LocalHashDigest {
        final Mechanism signMech;
        final Digest jvmHash;
        final JNIHash jniHash;
        final int hashLength;
        final boolean jniFlag;

        LocalHashDigest(String str, Session session) throws PKIException {
            int i;
            if (session instanceof JNISoftLib) {
                this.jniFlag = true;
            } else {
                this.jniFlag = false;
            }
            this.jniHash = new JNIHash();
            if (str.equals("SHA256")) {
                this.signMech = new Mechanism("SHA256withRSAEncryption");
                this.jvmHash = new SHA256Digest();
                i = JNIHash.NID_sha256;
                this.hashLength = 32;
            } else if (str.equals("SHA1")) {
                this.signMech = new Mechanism("SHA1withRSAEncryption");
                this.jvmHash = new SHA1Digest();
                i = JNIHash.NID_sha1;
                this.hashLength = 20;
            } else if (str.equals("SHA512")) {
                this.signMech = new Mechanism("SHA512withRSA");
                this.jvmHash = new SHA512Digest();
                i = JNIHash.NID_sha512;
                this.hashLength = 64;
            } else {
                if (!str.equals("MD5")) {
                    throw new PKIException("can not support this degest algorithm:" + str);
                }
                this.signMech = new Mechanism("MD5withRSAEncryption");
                this.jvmHash = new MD5Digest();
                i = JNIHash.NID_md5;
                this.hashLength = 16;
            }
            if (this.jniFlag) {
                try {
                    this.jniHash.init(i);
                } catch (Exception e) {
                    throw new PKIException("Init failure digest algorithm for " + str + "(" + i + ")", e);
                }
            }
        }

        final void update(byte[] bArr, int i, int i2) throws PKIException {
            try {
                if (!this.jniFlag) {
                    this.jvmHash.update(bArr, i, i2);
                } else if (i2 > 0) {
                    byte[] bArr2 = new byte[i2];
                    System.arraycopy(bArr, i, bArr2, 0, bArr2.length);
                    this.jniHash.update(bArr2);
                }
            } catch (Exception e) {
                throw new PKIException("hash update failure ", e);
            }
        }

        final byte[] digest() throws PKIException {
            byte[] bArr = new byte[this.hashLength];
            try {
                if (this.jniFlag) {
                    this.jniHash.doFinal(bArr);
                } else {
                    this.jvmHash.doFinal(bArr, 0);
                }
                return bArr;
            } catch (Exception e) {
                throw new PKIException("hash digest failure ", e);
            }
        }
    }

    public static String GetDigestAlgorithm(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws PKIException {
        String str;
        if (aSN1ObjectIdentifier.equals(PKCSObjectIdentifiers.md5)) {
            str = "MD5";
        } else if (aSN1ObjectIdentifier.equals(PKCSObjectIdentifiers.sha1)) {
            str = "SHA1";
        } else if (aSN1ObjectIdentifier.equals(PKCSObjectIdentifiers.sha256)) {
            str = "SHA256";
        } else {
            if (!aSN1ObjectIdentifier.equals(PKCSObjectIdentifiers.sha512)) {
                throw new PKIException("850629", "解析数字签名数据,算法不支持");
            }
            str = "SHA512";
        }
        return str;
    }

    public static boolean verifySign(String str, Key key, byte[] bArr, byte[] bArr2) throws PKIException {
        return verifySign(str, key, bArr, bArr2, new BCSoftLib());
    }

    public static boolean verifySign(String str, Key key, byte[] bArr, byte[] bArr2, Session session) throws PKIException {
        if (bArr == null || bArr2 == null || key == null || !"RSA".equals(key.getAlgorithm())) {
            return false;
        }
        RSAPublicKey rSAPublicKey = (RSAPublicKey) key;
        Mechanism GetSignMechanism = GetSignMechanism(str);
        if (session == null) {
            session = new BCSoftLib();
        }
        return session.verifySign(GetSignMechanism, rSAPublicKey, bArr, bArr2);
    }

    public static boolean verifySignFile(String str, Key key, String str2, byte[] bArr) throws Exception {
        return verifySignFile(str, key, str2, bArr, new BCSoftLib());
    }

    public static boolean verifySignFile(String str, Key key, String str2, byte[] bArr, Session session) throws Exception {
        long j = 0;
        if (str2 != null) {
            File file = new File(str2);
            if (file.exists() && file.isFile()) {
                j = file.length();
            }
        }
        return verifySignFile(str, key, str2, 0L, j, bArr, null, session);
    }

    public static boolean verifySignFile(String str, Key key, String str2, long j, long j2, byte[] bArr, String str3) throws Exception {
        return verifySignFile(str, key, str2, j, j2, bArr, str3, new BCSoftLib());
    }

    public static boolean verifySignFile(String str, Key key, String str2, long j, long j2, byte[] bArr, String str3, Session session) throws Exception {
        if (str2 == null || bArr == null || key == null || !"RSA".equals(key.getAlgorithm())) {
            return false;
        }
        RandomAccessFile randomAccessFile = null;
        FileOutputStream fileOutputStream = null;
        try {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) key;
            LocalHashDigest localHashDigest = new LocalHashDigest(str, session);
            randomAccessFile = new RandomAccessFile(new File(str2), "r");
            randomAccessFile.seek(j);
            if (str3 != null && str3.trim().length() != 0) {
                fileOutputStream = new FileOutputStream(str3);
            }
            byte[] bArr2 = new byte[16384];
            long j3 = j2;
            int length = j3 < ((long) bArr2.length) ? (int) j3 : bArr2.length;
            while (true) {
                int read = randomAccessFile.read(bArr2, 0, length);
                if (read == -1) {
                    break;
                }
                localHashDigest.update(bArr2, 0, read);
                if (fileOutputStream != null) {
                    fileOutputStream.write(bArr2, 0, read);
                }
                j3 -= read;
                if (j3 <= 0) {
                    break;
                }
                length = j3 > ((long) bArr2.length) ? bArr2.length : (int) j3;
            }
            boolean verifyByHash = session.verifyByHash(localHashDigest.signMech, rSAPublicKey, localHashDigest.digest(), bArr);
            if (randomAccessFile != null) {
                try {
                    randomAccessFile.close();
                } catch (Exception e) {
                }
            }
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (Exception e2) {
                }
            }
            return verifyByHash;
        } catch (Throwable th) {
            if (randomAccessFile != null) {
                try {
                    randomAccessFile.close();
                } catch (Exception e3) {
                }
            }
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (Exception e4) {
                }
            }
            throw th;
        }
    }

    final Signer getSigner(String str, Session session) throws PKIException {
        if (str.equals("SHA256")) {
            return new RSADigestSigner(new SHA256Digest());
        }
        if (str.equals("SHA1")) {
            return new RSADigestSigner(new SHA1Digest());
        }
        if (str.equals("SHA512")) {
            return new RSADigestSigner(new SHA512Digest());
        }
        if (str.equals("MD5")) {
            return new RSADigestSigner(new MD5Digest());
        }
        throw new PKIException("can not support this degest algorithm:" + str);
    }

    private static Mechanism GetSignMechanism(String str) throws PKIException {
        if (str.equals("SHA256")) {
            return new Mechanism("SHA256withRSAEncryption");
        }
        if (str.equals("SHA1")) {
            return new Mechanism("SHA1withRSAEncryption");
        }
        if (str.equals("SHA512")) {
            return new Mechanism("SHA512withRSA");
        }
        if (str.equals("MD5")) {
            return new Mechanism("MD5withRSAEncryption");
        }
        throw new PKIException("can not support this degest algorithm:" + str);
    }
}
