package cfca.sadk.signature.sm2;

import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.algorithm.sm2.SM3Digest;
import cfca.sadk.lib.crypto.bcsoft.BCSoftSM2;
import cfca.sadk.lib.crypto.jni.JNIDigest;
import cfca.sadk.lib.crypto.jni.JNISM2;
import cfca.sadk.org.bouncycastle.asn1.sm2.ASN1SM2Signature;
import cfca.sadk.org.bouncycastle.crypto.Digest;
import cfca.sadk.org.bouncycastle.jcajce.provider.asymmetric.sm.GMTPrivateKey;
import cfca.sadk.org.bouncycastle.jcajce.provider.asymmetric.sm.GMTPublicKey;
import cfca.sadk.org.bouncycastle.jce.interfaces.ECPrivateKey;
import cfca.sadk.org.bouncycastle.jce.interfaces.ECPublicKey;
import java.security.PrivateKey;
import java.security.PublicKey;

/* loaded from: input_file:cfca/sadk/signature/sm2/SM2Signature.class */
public class SM2Signature {
    private GMTPrivateKey priKey;
    private GMTPublicKey pubKey;
    private Digest hash;
    private final boolean jniFlag;
    private boolean initedKey;

    public SM2Signature() throws PKIException {
        this(false);
    }

    public SM2Signature(boolean z) throws PKIException {
        this.initedKey = false;
        if (z) {
            this.hash = new JNIDigest(JNIDigest.NID_ChinaSM3);
        } else {
            this.hash = new SM3Digest();
        }
        this.jniFlag = z;
    }

    public final void destroy() {
        if (this.jniFlag && this.hash != null) {
            JNIDigest.destroy(this.hash);
        }
        this.hash = null;
    }

    public final void initSign(PrivateKey privateKey) throws PKIException {
        if (privateKey == null) {
            throw new PKIException("SM2Signature@initSign required privateKey not null");
        }
        if (this.hash == null) {
            throw new PKIException("SM2Signature@initSign required hash not null");
        }
        if (privateKey instanceof GMTPrivateKey) {
            this.priKey = (GMTPrivateKey) privateKey;
        } else {
            if (!(privateKey instanceof ECPrivateKey)) {
                throw new PKIException("SM2Signature@initSign can't recognise key type in SM2 based signer");
            }
            try {
                this.priKey = new GMTPrivateKey(privateKey.getEncoded());
            } catch (Exception e) {
                throw new PKIException("SM2Signature@initSign can't recognise key type in SM2 based signer", e);
            }
        }
        this.initedKey = true;
    }

    public final void initVerify(PublicKey publicKey) throws PKIException {
        if (publicKey == null) {
            throw new PKIException("SM2Signature@initVerify required publicKey not null");
        }
        if (this.hash == null) {
            throw new PKIException("SM2Signature@initVerify required hash not null");
        }
        if (publicKey instanceof GMTPublicKey) {
            this.pubKey = (GMTPublicKey) publicKey;
        } else {
            if (!(publicKey instanceof ECPublicKey)) {
                throw new PKIException("SM2Signature@initVerify Can't recognise key type in SM2 based signer");
            }
            try {
                this.pubKey = new GMTPublicKey(publicKey.getEncoded());
            } catch (Exception e) {
                throw new PKIException("SM2Signature@initVerify Can't recognise key type in SM2 based signer");
            }
        }
        this.initedKey = true;
    }

    public final void update(byte b) throws PKIException {
        if (!this.initedKey) {
            throw new PKIException("SM2Signature@update failed: key not yet inited");
        }
        if (this.hash == null) {
            throw new PKIException("SM2Signature@update required hash not null");
        }
        this.hash.update(b);
    }

    public final void update(byte[] bArr, int i, int i2) throws PKIException {
        if (!this.initedKey) {
            throw new PKIException("SM2Signature@update failed: key not yet inited");
        }
        if (this.hash == null) {
            throw new PKIException("SM2Signature@update required hash not null");
        }
        if (bArr == null) {
            throw new PKIException("SM2Signature@update failed: required in not null");
        }
        if (i < 0) {
            throw new PKIException("SM2Signature@update failed: required inOff>=0");
        }
        if (i2 < 0) {
            throw new PKIException("SM2Signature@update failed: required len>=0");
        }
        if (bArr.length - i < i2) {
            throw new PKIException("SM2Signature@update failed: required in.length-inOff>=len=" + i2);
        }
        this.hash.update(bArr, i, i2);
    }

    public final byte[] sign(byte[] bArr) throws PKIException {
        byte[] sign;
        try {
            if (!this.initedKey) {
                throw new PKIException("SM2Signature@sign failed: key not yet inited");
            }
            if (this.hash == null) {
                throw new PKIException("SM2Signature@sign required hash not null");
            }
            if (this.priKey == null) {
                throw new PKIException("SM2Signature@sign failed: priKey not yet inited");
            }
            if (bArr == null) {
                throw new PKIException("SM2Signature@sign failed: required sourceData not null");
            }
            byte[] hashData = hashData(bArr);
            if (!this.jniFlag) {
                try {
                    sign = BCSoftSM2.sign(hashData, this.priKey.getDByInt(), false);
                    return sign;
                } catch (Exception e) {
                    throw new PKIException("SM2Signature@sign java failed", e);
                }
            }
            byte[] dByBytes = this.priKey.getDByBytes();
            if (dByBytes == null || dByBytes.length != 32) {
                throw new PKIException("SM2Signature@sign failed: required d32BytesLength=32");
            }
            byte[] bArr2 = new byte[32];
            byte[] bArr3 = new byte[32];
            try {
                JNISM2.sign(hashData, dByBytes, bArr2, bArr3);
                sign = new byte[64];
                System.arraycopy(bArr2, 0, sign, 0, 32);
                System.arraycopy(bArr3, 0, sign, 32, 32);
                return sign;
            } catch (PKIException e2) {
                throw new PKIException("SM2Signature@sign jni failed", e2);
            } catch (Exception e3) {
                throw new PKIException("SM2Signature@sign jni failed", e3);
            } catch (Throwable th) {
                throw new PKIException("SM2Signature@sign jni failed", th);
            }
        } finally {
            this.initedKey = false;
            this.priKey = null;
        }
    }

    public final boolean verify(byte[] bArr, byte[] bArr2) throws PKIException {
        String str;
        boolean verify;
        try {
            if (!this.initedKey) {
                throw new PKIException("SM2Signature@verify failed: key not yet inited");
            }
            if (this.hash == null) {
                throw new PKIException("SM2Signature@verify required hash not null");
            }
            if (this.pubKey == null) {
                throw new PKIException("SM2Signature@verify failed: pubKey not yet inited");
            }
            if (bArr2 == null) {
                throw new PKIException("SM2Signature@verify failed: required sourceData not null");
            }
            if (bArr == null) {
                throw new PKIException("SM2Signature@verify failed: required signature not null");
            }
            byte[] hashData = hashData(bArr2);
            byte[] rSRaw64Bytes = new ASN1SM2Signature(bArr).getRSRaw64Bytes();
            if (!this.jniFlag) {
                try {
                    verify = BCSoftSM2.verify(hashData, rSRaw64Bytes, this.pubKey.getQ());
                    return verify;
                } catch (Exception th) {
                    throw new PKIException(str, th);
                }
            }
            byte[] pubXByBytes = this.pubKey.getPubXByBytes();
            if (pubXByBytes == null || pubXByBytes.length != 32) {
                throw new PKIException("SM2Signature@verify failed: required X32BytesLength=32");
            }
            byte[] pubYByBytes = this.pubKey.getPubYByBytes();
            if (pubYByBytes == null || pubYByBytes.length != 32) {
                throw new PKIException("SM2Signature@verify failed: required Y32BytesLength=32");
            }
            byte[] bArr3 = new byte[32];
            byte[] bArr4 = new byte[32];
            System.arraycopy(rSRaw64Bytes, 0, bArr3, 0, 32);
            System.arraycopy(rSRaw64Bytes, 32, bArr4, 0, 32);
            try {
                try {
                    verify = JNISM2.verify(bArr3, bArr4, pubXByBytes, pubYByBytes, hashData);
                    return verify;
                } finally {
                    PKIException pKIException = new PKIException("SM2Signature@verify jni failed", th);
                }
            } catch (PKIException th2) {
                throw new PKIException(str, th2);
            } catch (Exception th22) {
                throw new PKIException(str, th22);
            }
        } finally {
            this.initedKey = false;
            this.pubKey = null;
        }
    }

    private byte[] hashData(byte[] bArr) throws PKIException {
        try {
            byte[] bArr2 = new byte[this.hash.getDigestSize()];
            this.hash.update(bArr, 0, bArr.length);
            this.hash.doFinal(bArr2, 0);
            this.hash = null;
            return bArr2;
        } catch (Exception e) {
            throw new PKIException("SM2Signature@hashData failed", e);
        }
    }
}
