package cn.com.syan.utils;

import cn.com.syan.jce.constant.JCEAlgorithmIdentifier;
import cn.com.syan.jce.exception.EblHsmException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:cn/com/syan/utils/SignAndVerifyUtil.class */
public class SignAndVerifyUtil {
    public static byte[] sign(String str, byte[] bArr) throws EblHsmException {
        return sign(str, bArr, (String) null);
    }

    public static byte[] sign(String str, byte[] bArr, String str2) throws EblHsmException {
        PrivateKey generatePrivate;
        try {
            generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(str)));
        } catch (NoSuchAlgorithmException e) {
            throw new EblHsmException(e.getMessage());
        } catch (InvalidKeySpecException e2) {
            try {
                generatePrivate = KeyFactory.getInstance("EC").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(str)));
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e3) {
                throw new EblHsmException(e3.getMessage());
            }
        }
        return sign(generatePrivate, bArr, str2);
    }

    public static byte[] sign(PrivateKey privateKey, byte[] bArr, String str) throws EblHsmException {
        Signature signature;
        try {
            if (privateKey.getAlgorithm().equalsIgnoreCase("RSA")) {
                signature = Signature.getInstance((str == null || str.isEmpty()) ? JCEAlgorithmIdentifier.SHA1_WITH_RSA : str, (Provider) new BouncyCastleProvider());
            } else {
                signature = Signature.getInstance("SM3WithSM2", (Provider) new BouncyCastleProvider());
            }
            signature.initSign(privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    public static boolean verify(String str, byte[] bArr, String str2) throws EblHsmException, CertificateException {
        boolean verify = verify(CertificateUtil.buildX509Certificate(str), bArr, str2, null);
        if (!verify) {
            verify = verify(CertificateUtil.buildX509Certificate(str), bArr, str2, JCEAlgorithmIdentifier.SHA256_WITH_RSA);
        }
        return verify;
    }

    public static boolean verify(X509Certificate x509Certificate, byte[] bArr, String str, String str2) throws EblHsmException {
        Signature signature;
        try {
            if (x509Certificate.getPublicKey().getAlgorithm().toUpperCase().trim().equals("RSA")) {
                signature = Signature.getInstance((str2 == null || str2.isEmpty()) ? JCEAlgorithmIdentifier.SHA1_WITH_RSA : str2, (Provider) new BouncyCastleProvider());
            } else {
                signature = Signature.getInstance("SM3WithSM2", (Provider) new BouncyCastleProvider());
            }
            signature.initVerify(x509Certificate);
            signature.update(bArr);
            return signature.verify(org.bouncycastle.util.encoders.Base64.decode(str));
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
