package net.netca.pki.crypto.android.interfaces.impl;

import android.content.Context;
import android.text.TextUtils;
import net.netca.pki.Certificate;
import net.netca.pki.GeneralDevice;
import net.netca.pki.Hash;
import net.netca.pki.PkiException;
import net.netca.pki.PublicKey;
import net.netca.pki.Signature;
import net.netca.pki.crypto.android.core.DeviceItem;
import net.netca.pki.crypto.android.core.DeviceManager;
import net.netca.pki.crypto.android.core.KeyxVerifyPwd;
import net.netca.pki.crypto.android.err.InnerDeviceError;
import net.netca.pki.crypto.android.exceptions.DeviceNotFoundException;
import net.netca.pki.crypto.android.exceptions.PinErrorException;
import net.netca.pki.crypto.android.exceptions.UserCancelException;
import net.netca.pki.crypto.android.global.PKISetting;
import net.netca.pki.crypto.android.interfaces.SignatureInterface;
import net.netca.pki.crypto.android.utils.CertUtil;
import net.netca.pki.crypto.android.utils.DeviceUtils;
import net.netca.pki.crypto.android.utils.PasswordInputUtil;

/* loaded from: classes3.dex */
public class SignatureImpl implements SignatureInterface {
    private int signAlgo = -1;
    Certificate certCode = null;
    private Signature sign = null;
    private String password = null;
    private int mDeviceType = 0;

    private boolean createSignSignObj() throws PkiException {
        int i;
        if (this.certCode == null && this.signAlgo == -1) {
            throw new PkiException("call init first");
        }
        if (this.sign != null) {
            free();
        }
        CertUtil.verifyCertValid(this.certCode);
        DeviceItem deviceItemByCert = DeviceManager.getInstance().getDeviceItemByCert(this.certCode);
        if (deviceItemByCert == null || deviceItemByCert.getDevice() == null) {
            throw new DeviceNotFoundException("找不到相关设备");
        }
        this.mDeviceType = DeviceUtils.getDeviceType(deviceItemByCert.getDevice());
        InnerDeviceError.clear(this.mDeviceType);
        GeneralDevice device = deviceItemByCert.getDevice();
        if (DeviceUtils.isNeedPasswordUI(device)) {
            if (TextUtils.isEmpty(this.password)) {
                Context activity = PKISetting.getInstance().getActivity();
                if (activity == null) {
                    activity = PKISetting.getInstance().getApplicationContext();
                }
                this.password = new PasswordInputUtil(activity, this.certCode, device).getPassword();
            }
            if (TextUtils.isEmpty(this.password)) {
                throw new UserCancelException("取消输入");
            }
        }
        device.setVerifyPwdUIObject(new KeyxVerifyPwd(this.password));
        if (!DeviceUtils.isNeedPasswordVerify(device) || device.verifyPwd(1, this.password)) {
            this.sign = device.getSignatureObjectForSign(this.certCode, this.signAlgo);
            InnerDeviceError.clear(this.mDeviceType);
            if (this.sign != null) {
                return true;
            }
            throw new PkiException("无法创建签名对象");
        }
        String str = "PIN码错误";
        try {
            i = device.getPwdRetryNumber(1);
        } catch (Exception unused) {
            i = 0;
        }
        if (i > 0) {
            str = "PIN码错误,剩余次数" + i;
        }
        throw new PinErrorException(str);
    }

    private boolean createVerifySignObj() throws PkiException {
        if (this.certCode == null && this.signAlgo == -1) {
            throw new PkiException("call init first");
        }
        if (this.sign != null) {
            free();
        }
        this.sign = new Signature(this.signAlgo, this.certCode.getPublicKey(Certificate.PURPOSE_VERIFY_OLD_DATA));
        return true;
    }

    @Override // net.netca.pki.crypto.android.interfaces.SignatureInterface
    public byte[] computeSM2Z(byte[] bArr) throws PkiException {
        if (this.certCode == null) {
            throw new PkiException("call init first");
        }
        PublicKey publicKey = this.certCode.getPublicKey(Certificate.PURPOSE_VERIFY_OLD_DATA);
        if (publicKey.isSM2()) {
            return (bArr == null || bArr.length == 0) ? publicKey.ComputeSM2Z(Hash.SM3) : publicKey.ComputeSM2Z(Hash.SM3, bArr);
        }
        throw new PkiException("该证书非SM2证书");
    }

    @Override // net.netca.pki.crypto.android.interfaces.SignatureInterface
    public void free() {
        if (this.sign != null) {
            this.sign.free();
            this.sign = null;
        }
    }

    @Override // net.netca.pki.crypto.android.interfaces.SignatureInterface
    public void init(int i, Certificate certificate, String str) throws PkiException {
        this.signAlgo = i;
        this.certCode = certificate;
        this.password = str;
    }

    @Override // net.netca.pki.crypto.android.interfaces.SignatureInterface
    public byte[] sign() throws PkiException {
        if (this.sign == null) {
            throw new PkiException("call init first");
        }
        try {
            return this.sign.sign();
        } catch (Exception e) {
            throw new PkiException(e.getMessage() + " " + InnerDeviceError.getErrorMsg(this.mDeviceType));
        }
    }

    @Override // net.netca.pki.crypto.android.interfaces.SignatureInterface
    public byte[] signHash(byte[] bArr) throws PkiException {
        if (bArr == null || bArr.length == 0) {
            throw new PkiException("invalid param");
        }
        createSignSignObj();
        try {
            return this.sign.signHash(bArr);
        } catch (Exception e) {
            throw new PkiException(e.getMessage() + " " + InnerDeviceError.getErrorMsg(this.mDeviceType));
        }
    }

    @Override // net.netca.pki.crypto.android.interfaces.SignatureInterface
    public void signUpdate(byte[] bArr, int i, int i2) throws PkiException {
        if (bArr == null || bArr.length == 0) {
            throw new PkiException("invalid param");
        }
        if (this.sign == null) {
            createSignSignObj();
        }
        this.sign.update(bArr, i, i2);
    }

    @Override // net.netca.pki.crypto.android.interfaces.SignatureInterface
    public boolean verify(byte[] bArr) throws PkiException {
        if (bArr == null || bArr.length == 0) {
            throw new PkiException("invalid param");
        }
        if (this.sign != null) {
            return this.sign.verify(bArr);
        }
        throw new PkiException("call init first");
    }

    @Override // net.netca.pki.crypto.android.interfaces.SignatureInterface
    public boolean verifyHash(byte[] bArr, byte[] bArr2) throws PkiException {
        if (bArr == null || bArr.length == 0 || bArr2 == null || bArr2.length == 0) {
            throw new PkiException("invalid param");
        }
        createVerifySignObj();
        return this.sign.verifyHash(bArr, bArr2);
    }

    @Override // net.netca.pki.crypto.android.interfaces.SignatureInterface
    public void verifyUpdate(byte[] bArr, int i, int i2) throws PkiException {
        if (bArr == null || bArr.length == 0) {
            throw new PkiException("invalid param");
        }
        if (this.sign == null) {
            createVerifySignObj();
        }
        this.sign.update(bArr, i, i2);
    }
}
