package net.netca.pki.encoding.asn1.pki;

import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import net.netca.pki.PkiException;
import net.netca.pki.algorithm.SM3;
import net.netca.pki.algorithm.ecc.Curve;
import net.netca.pki.algorithm.ecc.ECCSignature;
import net.netca.pki.encoding.asn1.BitString;

/* loaded from: classes3.dex */
public final class JCEVerifier implements Verifible {
    private String keyFactoryProvider;
    private HashMap<String, String> map;
    private String signatureProvider;

    public JCEVerifier() {
        this.keyFactoryProvider = null;
        this.signatureProvider = null;
        this.map = new HashMap<>();
    }

    public JCEVerifier(String str, String str2) {
        this.keyFactoryProvider = null;
        this.signatureProvider = null;
        this.map = new HashMap<>();
        this.signatureProvider = str;
        this.keyFactoryProvider = str2;
    }

    private static String getDefaultSignatureAlgorithmName(String str) {
        return str.equals(AlgorithmIdentifier.SHA1WithRSA_OID) ? "SHA1withRSA" : str.equals(AlgorithmIdentifier.SM3WithSM2_OID) ? "SM3withSM2" : str.equals(AlgorithmIdentifier.MD5WithRSA_OID) ? "MD5withRSA" : str.equals(AlgorithmIdentifier.SHA224WithRSA_OID) ? "SHA224withRSA" : str.equals(AlgorithmIdentifier.SHA256WithRSA_OID) ? "SHA256withRSA" : str.equals(AlgorithmIdentifier.SHA384WithRSA_OID) ? "SHA384withRSA" : str.equals(AlgorithmIdentifier.SHA512WithRSA_OID) ? "SHA512withRSA" : str.equals(AlgorithmIdentifier.SHA512_224WithRSA_OID) ? "SHA512_224withRSA" : str.equals(AlgorithmIdentifier.SHA512_256WithRSA_OID) ? "SHA512_256withRSA" : str.equals(AlgorithmIdentifier.SHA3_224WithRSA_OID) ? "SHA3_224withRSA" : str.equals(AlgorithmIdentifier.SHA3_256WithRSA_OID) ? "SHA3_256withRSA" : str.equals(AlgorithmIdentifier.SHA3_384WithRSA_OID) ? "SHA3_384withRSA" : str.equals(AlgorithmIdentifier.SHA3_512WithRSA_OID) ? "SHA3_512withRSA" : str.equals(AlgorithmIdentifier.SM3WithRSA_OID) ? "SM3withRSA" : str.equals(AlgorithmIdentifier.MD2WithRSA_OID) ? "MD2withRSA" : str.equals(AlgorithmIdentifier.DSAWithSHA1_OID) ? "SHA1withDSA" : str.equals(AlgorithmIdentifier.DSAWithSHA224_OID) ? "SHA224withDSA" : str.equals(AlgorithmIdentifier.DSAWithSHA256_OID) ? "SHA256withDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA1_OID) ? "SHA1withECDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA224_OID) ? "SHA224withECDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA256_OID) ? "SHA256withECDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA384_OID) ? "SHA384withECDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA512_OID) ? "SHA512withECDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA3_224_OID) ? "SHA3_224withECDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA3_256_OID) ? "SHA3_256withECDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA3_384_OID) ? "SHA3_384withECDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA3_512_OID) ? "SHA3_512withECDSA" : str.equals(AlgorithmIdentifier.SM2SIGN_OID) ? "SM3withSM2" : str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getKeyType(PublicKey publicKey) {
        if (publicKey instanceof RSAPublicKey) {
            return "RSA";
        }
        if (publicKey instanceof DSAPublicKey) {
            return "DSA";
        }
        if (publicKey instanceof ECCPublicKey) {
            return "EC";
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getSignatureAlgorithmName(HashMap<String, String> hashMap, AlgorithmIdentifier algorithmIdentifier) {
        String oid = algorithmIdentifier.getOid();
        String str = hashMap.get(oid);
        return str != null ? str : getDefaultSignatureAlgorithmName(oid);
    }

    private boolean sm2Verify(PublicKey publicKey, byte[] bArr, int i, int i2, byte[] bArr2) throws PkiException {
        BitString subjectPublicKey = publicKey.toSubjectPublicKeyInfo().getSubjectPublicKey();
        if (subjectPublicKey.getUnusedBits() != 0) {
            throw new PkiException("bad sm2 public key");
        }
        net.netca.pki.algorithm.ecc.ECCPublicKey Parse = net.netca.pki.algorithm.ecc.ECCPublicKey.Parse(Curve.getSM2Curve(), subjectPublicKey.getValue());
        if (Parse == null) {
            throw new PkiException("bad sm2 public key");
        }
        ECCSignature parse = ECCSignature.parse(bArr2);
        if (parse == null) {
            return false;
        }
        SM3 sm3 = new SM3();
        sm3.update(Parse.computeZ());
        sm3.update(bArr, i, i2);
        return Parse.SM2VerifyHash(sm3.doFinal(), parse);
    }

    public void addSignatureAlgorithmAlias(String str, String str2) {
        this.map.put(str, str2);
    }

    @Override // net.netca.pki.encoding.asn1.pki.Verifible
    public boolean verify(PublicKey publicKey, AlgorithmIdentifier algorithmIdentifier, byte[] bArr, int i, int i2, byte[] bArr2) throws PkiException {
        String str;
        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(publicKey.toSubjectPublicKeyInfo().getASN1Object().encode());
        String keyType = getKeyType(publicKey);
        if (keyType == null) {
            throw new PkiException("unknown publick key");
        }
        try {
            try {
                str = getSignatureAlgorithmName(this.map, algorithmIdentifier);
                try {
                    if (str == null) {
                        throw new PkiException("unknown signature algorithm " + algorithmIdentifier.getOid());
                    }
                    java.security.PublicKey generatePublic = (this.keyFactoryProvider != null ? KeyFactory.getInstance(keyType, this.keyFactoryProvider) : KeyFactory.getInstance(keyType)).generatePublic(x509EncodedKeySpec);
                    Signature signature = this.signatureProvider != null ? Signature.getInstance(str, this.signatureProvider) : Signature.getInstance(str);
                    signature.initVerify(generatePublic);
                    signature.update(bArr, i, i2);
                    return signature.verify(bArr2);
                } catch (InvalidKeyException e) {
                    e = e;
                    if ("SM3withSM2".equals(str)) {
                        return sm2Verify(publicKey, bArr, i, i2, bArr2);
                    }
                    throw new PkiException("InvalidKeyException: " + e.getMessage());
                } catch (NoSuchAlgorithmException e2) {
                    e = e2;
                    if ("SM3withSM2".equals(str)) {
                        return sm2Verify(publicKey, bArr, i, i2, bArr2);
                    }
                    throw new PkiException("NoSuchAlgorithmException: " + e.getMessage());
                } catch (InvalidKeySpecException e3) {
                    e = e3;
                    if ("SM3withSM2".equals(str)) {
                        return sm2Verify(publicKey, bArr, i, i2, bArr2);
                    }
                    throw new PkiException("InvalidKeySpecException: " + e.getMessage());
                }
            } catch (NoSuchProviderException e4) {
                throw new PkiException("NoSuchProviderException: " + e4.getMessage());
            } catch (SignatureException e5) {
                throw new PkiException("SignatureException: " + e5.getMessage());
            }
        } catch (InvalidKeyException e6) {
            e = e6;
            str = null;
        } catch (NoSuchAlgorithmException e7) {
            e = e7;
            str = null;
        } catch (InvalidKeySpecException e8) {
            e = e8;
            str = null;
        }
    }
}
