package cn.com.syan.jce.implSpi;

import cn.com.syan.jce.baseSpi.SignatureBaseSpi;
import cn.com.syan.jce.entity.RSASdfPublicKey;
import cn.com.syan.jce.exception.ServiceException;
import cn.com.syan.sdfapi.DCUtil;
import cn.com.syan.sdfapi.entity.RsaPrivateKey;
import cn.com.syan.sdfapi.entity.RsaPublicKey;
import java.security.SignatureException;

/* loaded from: input_file:cn/com/syan/jce/implSpi/RSASignSpi.class */
public class RSASignSpi extends SignatureBaseSpi {
    private byte[] pucDataInput;
    private static byte[] algo_sha256 = {48, 49, 48, 13, 6, 9, 96, -122, 72, 1, 101, 3, 4, 2, 1, 5, 0, 4, 32};
    private static byte[] algo_sha1 = {48, 33, 48, 9, 6, 5, 43, 14, 3, 2, 26, 5, 0, 4, 20};
    private boolean isSignDigestFinal;
    private boolean isVerifyDigestFinal;
    private int rsa_len = 256;
    private byte[] input = new byte[0];

    /* loaded from: input_file:cn/com/syan/jce/implSpi/RSASignSpi$SHA1.class */
    public static class SHA1 extends RSASignSpi {
        public SHA1() {
            this.hash_algorithm = 2;
            this.ret = this.jceService.hashInit(this.hash_algorithm);
        }
    }

    /* loaded from: input_file:cn/com/syan/jce/implSpi/RSASignSpi$SHA256.class */
    public static class SHA256 extends RSASignSpi {
        public SHA256() {
            this.hash_algorithm = 4;
            this.ret = this.jceService.hashInit(this.hash_algorithm);
        }
    }

    @Override // cn.com.syan.jce.baseSpi.SignatureBaseSpi
    protected byte[] sign(byte[] bArr) throws SignatureException {
        if (!this.external && !this.pinValidate) {
            throw new SignatureException("私钥不可访问");
        }
        if (this.publicKey != null) {
            this.rsa_len = RSASdfPublicKey.parsePubKey(this.publicKey).getBits() / 8;
        } else if (this.keyIndex != 0) {
            RsaPublicKey rsaPublicKey = new RsaPublicKey();
            int exportRsaPublicKey = this.jceService.exportRsaPublicKey(1, this.keyIndex, rsaPublicKey);
            if (exportRsaPublicKey != 0) {
                throw new ServiceException(exportRsaPublicKey, "导出公钥异常");
            }
            this.rsa_len = rsaPublicKey.getBits() / 8;
        }
        this.pucDataInput = new byte[this.rsa_len];
        if (this.hash_algorithm == 0) {
            this.input = bArr;
        } else if (!this.isSignDigestFinal) {
            this.input = hashFinal();
            if (this.input == null || this.input.length > 32) {
                throw new SignatureException("签名数据已超过32字节，可能由于未指定杂凑算法");
            }
            if (this.hash_algorithm == 4) {
                this.input = DCUtil.addBytes(algo_sha256, this.input);
            } else if (this.hash_algorithm == 2) {
                this.input = DCUtil.addBytes(algo_sha1, this.input);
            }
            this.isSignDigestFinal = true;
        }
        byte[] fixedData = getFixedData((this.rsa_len - this.input.length) - 3);
        this.pucDataInput[0] = 0;
        this.pucDataInput[1] = 1;
        this.pucDataInput[fixedData.length + 2] = 0;
        System.arraycopy(fixedData, 0, this.pucDataInput, 2, fixedData.length);
        System.arraycopy(this.input, 0, this.pucDataInput, fixedData.length + 3, this.input.length);
        byte[] bArr2 = new byte[this.rsa_len];
        int[] iArr = {bArr2.length};
        int externalPrivateKeyOperationRsa = this.external ? this.jceService.externalPrivateKeyOperationRsa(new RsaPrivateKey(), this.pucDataInput, bArr2, iArr) : this.jceService.internalPrivateKeyOperationRsa(this.keyIndex, this.pucDataInput, bArr2, iArr);
        if (externalPrivateKeyOperationRsa == 0) {
            return DCUtil.byteSub(bArr2, 0, iArr[0]);
        }
        throw new ServiceException(externalPrivateKeyOperationRsa, "服务调用异常");
    }

    @Override // cn.com.syan.jce.baseSpi.SignatureBaseSpi
    protected boolean verify(byte[] bArr, byte[] bArr2) throws SignatureException {
        RsaPublicKey parsePubKey = RSASdfPublicKey.parsePubKey(this.publicKey);
        byte[] bArr3 = new byte[parsePubKey.getBits() / 8];
        Integer valueOf = Integer.valueOf(bArr3.length);
        int externalPublicKeyOperationRsa = this.jceService.externalPublicKeyOperationRsa(parsePubKey, bArr2, bArr3, new int[]{valueOf.intValue()});
        if (externalPublicKeyOperationRsa != 0) {
            throw new SignatureException();
        }
        if (this.hash_algorithm == 0) {
            this.input = bArr;
        } else if (!this.isVerifyDigestFinal) {
            this.input = hashFinal();
            if (this.input == null || this.input.length > 32) {
                throw new SignatureException("签名数据已超过32字节，可能由于未指定杂凑算法");
            }
            if (this.hash_algorithm == 4) {
                this.input = DCUtil.addBytes(algo_sha256, this.input);
            } else if (this.hash_algorithm == 2) {
                this.input = DCUtil.addBytes(algo_sha1, this.input);
            }
            this.isVerifyDigestFinal = true;
        }
        String bytes2HexStr = DCUtil.bytes2HexStr(rsa_verify_data_parse(DCUtil.byteSub(bArr3, 0, valueOf.intValue())));
        if (externalPublicKeyOperationRsa == 0) {
            return bytes2HexStr.equals(DCUtil.bytes2HexStr(this.input).trim());
        }
        return false;
    }

    private byte[] getFixedData(int i) {
        byte[] bArr = new byte[i];
        for (int i2 = 0; i2 < i; i2++) {
            bArr[i2] = -1;
        }
        return bArr;
    }

    private byte[] rsa_verify_data_parse(byte[] bArr) {
        if (bArr == null || bArr.length == 0 || bArr[0] != 0 || bArr.length < 2 || bArr[1] != 1) {
            return null;
        }
        byte[] byteSub = DCUtil.byteSub(bArr, 2, bArr.length - 2);
        int i = 0;
        int i2 = 0;
        while (true) {
            if (i2 >= byteSub.length) {
                break;
            }
            if (byteSub[i2] == 0) {
                i = i2;
                break;
            }
            i2++;
        }
        return DCUtil.byteSub(byteSub, i + 1, (byteSub.length - i) - 1);
    }
}
