package com.timevale.esign.paas.tech.util;

import com.timevale.tgtext.bouncycastle.asn1.DEROutputStream;
import com.timevale.tgtext.bouncycastle.asn1.cms.ContentInfo;
import com.timevale.tgtext.bouncycastle.cert.X509CertificateHolder;
import com.timevale.tgtext.bouncycastle.cms.CMSException;
import com.timevale.tgtext.bouncycastle.cms.CMSProcessableByteArray;
import com.timevale.tgtext.bouncycastle.cms.CMSSignedData;
import com.timevale.tgtext.bouncycastle.cms.CMSSignedDataGenerator;
import com.timevale.tgtext.bouncycastle.cms.SignerInformation;
import com.timevale.tgtext.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import com.timevale.tgtext.bouncycastle.jcajce.provider.digest.SM3;
import com.timevale.tgtext.bouncycastle.jce.provider.BouncyCastleProvider;
import com.timevale.tgtext.bouncycastle.operator.ContentSigner;
import com.timevale.tgtext.bouncycastle.operator.OperatorCreationException;
import com.timevale.tgtext.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import com.timevale.tgtext.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import com.timevale.tgtext.bouncycastle.util.CollectionStore;
import com.timevale.timestamp.utils.d;
import esign.utils.exception.SuperException;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Arrays;

/* loaded from: input_file:com/timevale/esign/paas/tech/util/SignatureTemplate.class */
public class SignatureTemplate {

    /* loaded from: input_file:com/timevale/esign/paas/tech/util/SignatureTemplate$SignatureVerifyFailureException.class */
    public static class SignatureVerifyFailureException extends RuntimeException {
        public SignatureVerifyFailureException(String str) {
            super(str);
        }
    }

    public static byte[] signWithP1(byte[] bArr, SignatureProperties signatureProperties) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Signature signature = Signature.getInstance(signatureProperties.getSignatureAlgorithm());
        signature.initSign(signatureProperties.getPrivateKey());
        signature.update(bArr);
        return signature.sign();
    }

    public static boolean verifyWithP1(byte[] bArr, byte[] bArr2, byte[] bArr3, SignatureProperties signatureProperties) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, SuperException {
        if (!verifyWithP1(bArr, bArr2, signatureProperties)) {
            throw new SignatureVerifyFailureException("验证失败，签名结果验签失败");
        }
        if (bArr3 == null || bArr3.length == 0 || d.n(bArr2, bArr3)) {
            return true;
        }
        throw new SignatureVerifyFailureException("验证失败，时间戳签名值验证失败。");
    }

    public static boolean verifyWithP1(byte[] bArr, byte[] bArr2, SignatureProperties signatureProperties) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Signature signature = Signature.getInstance(signatureProperties.getSignatureAlgorithm());
        signature.initVerify(signatureProperties.getPublicKey());
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    public static byte[] signWithP7(byte[] bArr, SignatureProperties signatureProperties) throws CMSException, IOException, OperatorCreationException {
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        ContentSigner build = new JcaContentSignerBuilder(signatureProperties.getSignatureAlgorithm()).setProvider(signatureProperties.getProvider()).build(signatureProperties.getPrivateKey());
        X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(signatureProperties.getCertificate());
        cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(signatureProperties.getProvider()).build()).build(build, x509CertificateHolder));
        cMSSignedDataGenerator.addCertificate(x509CertificateHolder);
        ContentInfo aSN1Structure = cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), true).toASN1Structure();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            new DEROutputStream(byteArrayOutputStream).writeObject(aSN1Structure);
            return byteArrayOutputStream.toByteArray();
        } finally {
            if (byteArrayOutputStream != null) {
                try {
                    byteArrayOutputStream.close();
                } catch (IOException e) {
                }
            }
        }
    }

    public static boolean verifyWithP7(byte[] bArr, byte[] bArr2) throws CMSException, IOException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, SuperException {
        CMSSignedData cMSSignedData = new CMSSignedData(bArr2);
        SignerInformation signerInformation = (SignerInformation) cMSSignedData.getSignerInfos().getSigners().toArray()[0];
        boolean verifyWithP1 = verifyWithP1(signerInformation.getEncodedSignedAttributes(), signerInformation.getSignature(), SignaturePropertiesFactory.build(signerInformation.getEncryptionAlgOID(), ((X509CertificateHolder) ((CollectionStore) cMSSignedData.getCertificates()).iterator().next()).getEncoded()));
        if (!verifyWithP1) {
            throw new SignatureVerifyFailureException("验证失败，签名结果验签失败");
        }
        if (bArr.length > 0) {
            verifyWithP1 = Arrays.equals(bArr, (byte[]) cMSSignedData.getSignedContent().getContent());
        }
        if (verifyWithP1) {
            return true;
        }
        throw new SignatureVerifyFailureException("验证失败，签名结果验签失败");
    }

    static {
        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
        Security.removeProvider("SM");
        SMProvider sMProvider = new SMProvider();
        sMProvider.put("MessageDigest.SM3", SM3.class.getName() + "$Digest");
        sMProvider.put("Alg.Alias.MessageDigest.SM3", DigestUtil.SM3);
        sMProvider.put("Alg.Alias.MessageDigest.1.2.156.197.1.401", DigestUtil.SM3);
        sMProvider.put("Alg.Alias.MessageDigest." + com.timevale.tgtext.bouncycastle.asn1.gm.GMObjectIdentifiers.sm3, DigestUtil.SM3);
        Security.addProvider(sMProvider);
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
