package com.icbc.hsm.software.basic;

import com.icbc.bcprov.org.bouncycastle.asn1.ASN1EncodableVector;
import com.icbc.bcprov.org.bouncycastle.asn1.ASN1Integer;
import com.icbc.bcprov.org.bouncycastle.asn1.ASN1Primitive;
import com.icbc.bcprov.org.bouncycastle.asn1.ASN1Sequence;
import com.icbc.bcprov.org.bouncycastle.asn1.DERSequence;
import com.icbc.bcprov.org.bouncycastle.crypto.CipherParameters;
import com.icbc.bcprov.org.bouncycastle.crypto.Digest;
import com.icbc.bcprov.org.bouncycastle.crypto.digests.MD5Digest;
import com.icbc.bcprov.org.bouncycastle.crypto.digests.SHA1Digest;
import com.icbc.bcprov.org.bouncycastle.crypto.digests.SHA224Digest;
import com.icbc.bcprov.org.bouncycastle.crypto.digests.SHA256Digest;
import com.icbc.bcprov.org.bouncycastle.crypto.digests.SHA384Digest;
import com.icbc.bcprov.org.bouncycastle.crypto.digests.SHA3Digest;
import com.icbc.bcprov.org.bouncycastle.crypto.digests.SHA512Digest;
import com.icbc.bcprov.org.bouncycastle.crypto.digests.SM3Digest;
import com.icbc.bcprov.org.bouncycastle.crypto.engines.RSAEngine;
import com.icbc.bcprov.org.bouncycastle.crypto.params.ParametersWithID;
import com.icbc.bcprov.org.bouncycastle.crypto.params.RSAKeyParameters;
import com.icbc.bcprov.org.bouncycastle.crypto.signers.PSSSigner;
import com.icbc.bcprov.org.bouncycastle.crypto.signers.RSADigestSigner;
import com.icbc.bcprov.org.bouncycastle.crypto.signers.SM2Signer;
import com.icbc.hsm.software.config.IcbcEnvironment;
import com.icbc.hsm.software.exception.ParmErrorException;
import com.icbc.hsm.software.parms.ClearKeyParameter;
import com.icbc.hsm.software.parms.icbc.IcbcAsymmetricKeyParameter;
import com.icbc.hsm.software.utils.Helper;
import com.icbc.hsm.utils.AlgorithmConstants;
import com.icbc.hsm.utils.encoders.Hex;
import java.io.IOException;
import java.math.BigInteger;

/* loaded from: input_file:BOOT-INF/lib/hsm-software-share-0.0.3-SNAPSHOT.jar:com/icbc/hsm/software/basic/Signature.class */
public class Signature {
    private Signature() {
    }

    public static byte[] sign(String str, CipherParameters cipherParameters, byte[] bArr) throws Exception {
        byte[] id;
        CipherParameters bCkey = Helper.toBCkey(cipherParameters);
        if (AlgorithmConstants.SM3withSM2.equalsIgnoreCase(str)) {
            if (IcbcEnvironment.isICBCEnvironment() && (cipherParameters instanceof IcbcAsymmetricKeyParameter) && (id = ((IcbcAsymmetricKeyParameter) cipherParameters).getId()) != null) {
                bCkey = new ParametersWithID(bCkey, id);
            }
            return sm2Sign(bCkey, bArr);
        }
        if (AlgorithmConstants.PS256.equalsIgnoreCase(str) || AlgorithmConstants.PS384.equalsIgnoreCase(str) || AlgorithmConstants.PS512.equalsIgnoreCase(str)) {
            if (!(bCkey instanceof RSAKeyParameters)) {
            }
            return pssSign(str, bCkey, bArr);
        }
        if (str == null || !str.toUpperCase().endsWith("WITHRSA")) {
            throw new ParmErrorException("signature Algorithm Name error:" + str);
        }
        if (!(bCkey instanceof RSAKeyParameters)) {
        }
        return rsaSign(str, bCkey, bArr);
    }

    public static boolean verify(String str, CipherParameters cipherParameters, byte[] bArr, byte[] bArr2) throws Exception {
        byte[] id;
        byte[] id2;
        CipherParameters bCkey = Helper.toBCkey(cipherParameters);
        if (AlgorithmConstants.SM3withSM2.equalsIgnoreCase(str)) {
            if (IcbcEnvironment.isICBCEnvironment() && (cipherParameters instanceof IcbcAsymmetricKeyParameter) && (id2 = ((IcbcAsymmetricKeyParameter) cipherParameters).getId()) != null) {
                bCkey = new ParametersWithID(bCkey, id2);
            }
            if (!IcbcEnvironment.isICBCEnvironment() && (cipherParameters instanceof ClearKeyParameter) && (id = ((ClearKeyParameter) cipherParameters).getId()) != null) {
                bCkey = new ParametersWithID(bCkey, id);
            }
            return sm2Verify(bCkey, bArr, bArr2);
        }
        if (AlgorithmConstants.PS256.equalsIgnoreCase(str) || AlgorithmConstants.PS384.equalsIgnoreCase(str) || AlgorithmConstants.PS512.equalsIgnoreCase(str)) {
            if (!(bCkey instanceof RSAKeyParameters)) {
            }
            return pssVerify(str, bCkey, bArr, bArr2);
        }
        if (str == null || !str.toUpperCase().endsWith("WITHRSA")) {
            throw new ParmErrorException("signature Algorithm Name error:" + str);
        }
        if (!(bCkey instanceof RSAKeyParameters)) {
        }
        return rsaVerify(str, bCkey, bArr, bArr2);
    }

    private static byte[] rsaSign(String str, CipherParameters cipherParameters, byte[] bArr) throws Exception {
        Digest sM3Digest;
        if (str == null) {
            throw new ParmErrorException("signature Algorithm Name error:" + str);
        }
        if (str.toUpperCase().startsWith("MD5")) {
            sM3Digest = new MD5Digest();
        } else if (str.toUpperCase().startsWith("SHA1")) {
            sM3Digest = new SHA1Digest();
        } else if (str.toUpperCase().startsWith(AlgorithmConstants.SHA224)) {
            sM3Digest = new SHA224Digest();
        } else if (str.toUpperCase().startsWith("SHA256")) {
            sM3Digest = new SHA256Digest();
        } else if (str.toUpperCase().startsWith(AlgorithmConstants.SHA384)) {
            sM3Digest = new SHA384Digest();
        } else if (str.toUpperCase().startsWith("SHA512")) {
            sM3Digest = new SHA512Digest();
        } else if (str.toUpperCase().startsWith("SHA3-")) {
            sM3Digest = new SHA3Digest(Integer.parseInt(str.substring("SHA3-".length(), 3)));
        } else {
            if (!str.toUpperCase().startsWith(AlgorithmConstants.SM3)) {
                throw new ParmErrorException("signature Algorithm Name error:" + str);
            }
            sM3Digest = new SM3Digest();
        }
        RSADigestSigner rSADigestSigner = new RSADigestSigner(sM3Digest);
        rSADigestSigner.init(true, cipherParameters);
        rSADigestSigner.update(bArr, 0, bArr.length);
        return rSADigestSigner.generateSignature();
    }

    private static boolean rsaVerify(String str, CipherParameters cipherParameters, byte[] bArr, byte[] bArr2) throws Exception {
        Digest sM3Digest;
        if (str == null) {
            throw new ParmErrorException("signature Algorithm Name error:" + str);
        }
        if (str.toUpperCase().startsWith("MD5")) {
            sM3Digest = new MD5Digest();
        } else if (str.toUpperCase().startsWith("SHA1")) {
            sM3Digest = new SHA1Digest();
        } else if (str.toUpperCase().startsWith(AlgorithmConstants.SHA224)) {
            sM3Digest = new SHA224Digest();
        } else if (str.toUpperCase().startsWith("SHA256")) {
            sM3Digest = new SHA256Digest();
        } else if (str.toUpperCase().startsWith(AlgorithmConstants.SHA384)) {
            sM3Digest = new SHA384Digest();
        } else if (str.toUpperCase().startsWith("SHA512")) {
            sM3Digest = new SHA512Digest();
        } else if (str.toUpperCase().startsWith("SHA3-")) {
            sM3Digest = new SHA3Digest(Integer.parseInt(str.substring("SHA3-".length(), 3)));
        } else {
            if (!str.toUpperCase().startsWith(AlgorithmConstants.SM3)) {
                throw new ParmErrorException("signature Algorithm Name error:" + str);
            }
            sM3Digest = new SM3Digest();
        }
        RSADigestSigner rSADigestSigner = new RSADigestSigner(sM3Digest);
        rSADigestSigner.init(false, cipherParameters);
        rSADigestSigner.update(bArr, 0, bArr.length);
        return rSADigestSigner.verifySignature(bArr2);
    }

    private static byte[] pssSign(String str, CipherParameters cipherParameters, byte[] bArr) throws Exception {
        PSSSigner pSSSigner;
        RSAEngine rSAEngine = new RSAEngine();
        if (AlgorithmConstants.PS256.equalsIgnoreCase(str)) {
            pSSSigner = new PSSSigner(rSAEngine, new SHA256Digest(), 32);
        } else if (AlgorithmConstants.PS384.equalsIgnoreCase(str)) {
            pSSSigner = new PSSSigner(rSAEngine, new SHA384Digest(), 32);
        } else {
            if (!AlgorithmConstants.PS512.equalsIgnoreCase(str)) {
                throw new ParmErrorException("signature Algorithm Name error:" + str);
            }
            pSSSigner = new PSSSigner(rSAEngine, new SHA512Digest(), 32);
        }
        pSSSigner.init(true, cipherParameters);
        pSSSigner.update(bArr, 0, bArr.length);
        return pSSSigner.generateSignature();
    }

    private static boolean pssVerify(String str, CipherParameters cipherParameters, byte[] bArr, byte[] bArr2) throws Exception {
        PSSSigner pSSSigner;
        RSAEngine rSAEngine = new RSAEngine();
        if (AlgorithmConstants.PS256.equalsIgnoreCase(str)) {
            pSSSigner = new PSSSigner(rSAEngine, new SHA256Digest(), 32);
        } else if (AlgorithmConstants.PS384.equalsIgnoreCase(str)) {
            pSSSigner = new PSSSigner(rSAEngine, new SHA384Digest(), 32);
        } else {
            if (!AlgorithmConstants.PS512.equalsIgnoreCase(str)) {
                throw new ParmErrorException("signature Algorithm Name error:" + str);
            }
            pSSSigner = new PSSSigner(rSAEngine, new SHA512Digest(), 32);
        }
        pSSSigner.init(true, cipherParameters);
        pSSSigner.update(bArr, 0, bArr.length);
        return pSSSigner.verifySignature(bArr2);
    }

    private static byte[] sm2Sign(CipherParameters cipherParameters, byte[] bArr) throws Exception {
        byte[] generateSignature;
        SM2Signer sM2Signer = new SM2Signer();
        do {
            sM2Signer.reset();
            sM2Signer.init(true, cipherParameters);
            sM2Signer.update(bArr, 0, bArr.length);
            generateSignature = sM2Signer.generateSignature();
            if (!validateASN1(generateSignature)) {
                System.out.println("improper signature:" + Hex.toHexString(generateSignature) + " regenerate!");
            }
        } while (!validateASN1(generateSignature));
        return generateSignature;
    }

    private static boolean sm2Verify(CipherParameters cipherParameters, byte[] bArr, byte[] bArr2) {
        boolean z = false;
        try {
            SM2Signer sM2Signer = new SM2Signer();
            sM2Signer.init(false, cipherParameters);
            sM2Signer.update(bArr, 0, bArr.length);
            z = sM2Signer.verifySignature(bArr2);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return z;
    }

    private static boolean validateASN1(byte[] bArr) {
        boolean z = true;
        if (bArr == null) {
            return false;
        }
        try {
            ASN1Sequence aSN1Sequence = (ASN1Sequence) ASN1Primitive.fromByteArray(bArr);
            if (aSN1Sequence.size() == 2) {
                if (((ASN1Integer) aSN1Sequence.getObjectAt(0)).getValue().toByteArray().length < 32) {
                    z = false;
                }
                if (((ASN1Integer) aSN1Sequence.getObjectAt(1)).getValue().toByteArray().length < 32) {
                    z = false;
                }
            }
            return z;
        } catch (IOException e) {
            e.printStackTrace();
            return false;
        }
    }

    public static byte[] reformatASN1(byte[] bArr) {
        System.setProperty("com.icbc.bcprov.org.bouncycastle.asn1.allow_unsafe_integer", "true");
        byte[] bArr2 = null;
        try {
            ASN1Sequence aSN1Sequence = (ASN1Sequence) ASN1Primitive.fromByteArray(bArr);
            if (aSN1Sequence.size() == 2) {
                byte[] byteArray = ((ASN1Integer) aSN1Sequence.getObjectAt(0)).getValue().toByteArray();
                byte[] byteArray2 = ((ASN1Integer) aSN1Sequence.getObjectAt(1)).getValue().toByteArray();
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                aSN1EncodableVector.add(new ASN1Integer(new BigInteger(1, byteArray)));
                aSN1EncodableVector.add(new ASN1Integer(new BigInteger(1, byteArray2)));
                bArr2 = new DERSequence(aSN1EncodableVector).getEncoded("DER");
            }
            System.setProperty("com.icbc.bcprov.org.bouncycastle.asn1.allow_unsafe_integer", "false");
            return bArr2;
        } catch (IOException e) {
            e.printStackTrace();
            System.setProperty("com.icbc.bcprov.org.bouncycastle.asn1.allow_unsafe_integer", "false");
            return null;
        }
    }
}
