package net.netca.pki.encoding.asn1.pki;

import com.tencent.soter.core.keystore.KeyPropertiesCompact;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import net.netca.pki.algorithm.SM3;
import net.netca.pki.algorithm.ecc.Curve;
import net.netca.pki.algorithm.ecc.ECCSignature;
import net.netca.pki.encoding.asn1.ASN1Object;
import net.netca.pki.encoding.asn1.BitString;
import net.netca.pki.encoding.asn1.Sequence;
import net.netca.pki.encoding.json.jose.IHash;
import net.netca.pki.u;
import org.bouncycastle.pqc.jcajce.spec.SPHINCS256KeyGenParameterSpec;

/* loaded from: classes.dex */
public final class JCEVerifier implements MultiStepVerifible, Verifible {
    private String keyFactoryProvider;
    private HashMap<String, String> map;
    private Signature signObj;
    private String signatureProvider;
    private net.netca.pki.algorithm.ecc.ECCPublicKey sm2PublicKey;
    private SM3 sm3;

    public JCEVerifier() {
        this.keyFactoryProvider = null;
        this.signatureProvider = null;
        this.map = new HashMap<>();
        this.sm2PublicKey = null;
        this.sm3 = null;
    }

    public JCEVerifier(String str, String str2) {
        this.keyFactoryProvider = null;
        this.signatureProvider = null;
        this.map = new HashMap<>();
        this.sm2PublicKey = null;
        this.sm3 = null;
        this.signatureProvider = str;
        this.keyFactoryProvider = str2;
    }

    private static String getDefaultSignatureAlgorithmName(String str) {
        return str.equals(AlgorithmIdentifier.SHA1WithRSA_OID) ? "SHA1withRSA" : str.equals(AlgorithmIdentifier.SM3WithSM2_OID) ? "SM3withSM2" : str.equals(AlgorithmIdentifier.MD5WithRSA_OID) ? "MD5withRSA" : str.equals(AlgorithmIdentifier.SHA224WithRSA_OID) ? "SHA224withRSA" : str.equals(AlgorithmIdentifier.SHA256WithRSA_OID) ? "SHA256withRSA" : str.equals(AlgorithmIdentifier.SHA384WithRSA_OID) ? "SHA384withRSA" : str.equals(AlgorithmIdentifier.SHA512WithRSA_OID) ? "SHA512withRSA" : str.equals(AlgorithmIdentifier.SHA512_224WithRSA_OID) ? "SHA512_224withRSA" : str.equals(AlgorithmIdentifier.SHA512_256WithRSA_OID) ? "SHA512_256withRSA" : str.equals(AlgorithmIdentifier.SHA3_224WithRSA_OID) ? "SHA3_224withRSA" : str.equals(AlgorithmIdentifier.SHA3_256WithRSA_OID) ? "SHA3_256withRSA" : str.equals(AlgorithmIdentifier.SHA3_384WithRSA_OID) ? "SHA3_384withRSA" : str.equals(AlgorithmIdentifier.SHA3_512WithRSA_OID) ? "SHA3_512withRSA" : str.equals(AlgorithmIdentifier.SM3WithRSA_OID) ? "SM3withRSA" : str.equals(AlgorithmIdentifier.MD2WithRSA_OID) ? "MD2withRSA" : str.equals(AlgorithmIdentifier.DSAWithSHA1_OID) ? "SHA1withDSA" : str.equals(AlgorithmIdentifier.DSAWithSHA224_OID) ? "SHA224withDSA" : str.equals(AlgorithmIdentifier.DSAWithSHA256_OID) ? "SHA256withDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA1_OID) ? "SHA1withECDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA224_OID) ? "SHA224withECDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA256_OID) ? "SHA256withECDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA384_OID) ? "SHA384withECDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA512_OID) ? "SHA512withECDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA3_224_OID) ? "SHA3_224withECDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA3_256_OID) ? "SHA3_256withECDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA3_384_OID) ? "SHA3_384withECDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA3_512_OID) ? "SHA3_512withECDSA" : str.equals(AlgorithmIdentifier.SM2SIGN_OID) ? "SM3withSM2" : str;
    }

    private static String getHashAlgorithmName(String str) {
        return str.equals(AlgorithmIdentifier.SHA1_OID) ? "SHA1" : str.equals(AlgorithmIdentifier.SM3_OID) ? IHash.SM3 : str.equals(AlgorithmIdentifier.MD5_OID) ? "MD5" : str.equals(AlgorithmIdentifier.SHA224_OID) ? "SHA224" : str.equals(AlgorithmIdentifier.SHA256_OID) ? IHash.SHA256 : str.equals(AlgorithmIdentifier.SHA384_OID) ? IHash.SHA384 : str.equals(AlgorithmIdentifier.SHA512_OID) ? IHash.SHA512 : str.equals(AlgorithmIdentifier.MD2_OID) ? "MD2" : str.equals(AlgorithmIdentifier.SHA512_224_OID) ? "SHA512-224" : str.equals(AlgorithmIdentifier.SHA512_256_OID) ? SPHINCS256KeyGenParameterSpec.SHA512_256 : str.equals(AlgorithmIdentifier.SHA3_224_OID) ? "SHA3-224" : str.equals(AlgorithmIdentifier.SHA3_256_OID) ? SPHINCS256KeyGenParameterSpec.SHA3_256 : str.equals(AlgorithmIdentifier.SHA3_384_OID) ? "SHA3-384" : str.equals(AlgorithmIdentifier.SHA3_512_OID) ? "SHA3-512" : str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getKeyType(PublicKey publicKey) {
        if (publicKey instanceof RSAPublicKey) {
            return KeyPropertiesCompact.KEY_ALGORITHM_RSA;
        }
        if (publicKey instanceof DSAPublicKey) {
            return "DSA";
        }
        if (publicKey instanceof ECCPublicKey) {
            return KeyPropertiesCompact.KEY_ALGORITHM_EC;
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getSignatureAlgorithmName(HashMap<String, String> hashMap, AlgorithmIdentifier algorithmIdentifier) {
        String oid = algorithmIdentifier.getOid();
        String str = hashMap.get(oid);
        return str != null ? str : getDefaultSignatureAlgorithmName(oid);
    }

    private void sm2Init(PublicKey publicKey) {
        BitString subjectPublicKey = publicKey.toSubjectPublicKeyInfo().getSubjectPublicKey();
        if (subjectPublicKey.getUnusedBits() != 0) {
            throw new u("bad sm2 public key");
        }
        this.sm2PublicKey = net.netca.pki.algorithm.ecc.ECCPublicKey.Parse(Curve.getSM2Curve(), subjectPublicKey.getValue());
        if (this.sm2PublicKey == null) {
            throw new u("bad sm2 public key");
        }
        this.sm3 = new SM3();
        this.sm3.update(this.sm2PublicKey.computeZ());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String toPSSAlgoName(ASN1Object aSN1Object) {
        if (aSN1Object == null) {
            throw new u("no pss param");
        }
        if (!(aSN1Object instanceof Sequence)) {
            throw new u("bad pss param,not sequence");
        }
        String oid = new RSASSAPSSParams((Sequence) aSN1Object).getHashAlgorithm().getOid();
        String hashAlgorithmName = getHashAlgorithmName(oid);
        if (oid.equals(hashAlgorithmName)) {
            throw new u("bad pss param,unknown hash algo");
        }
        return String.valueOf(hashAlgorithmName) + "withRSAandMGF1";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PSSParameterSpec toPSSParameterSpec(ASN1Object aSN1Object) {
        if (aSN1Object == null) {
            throw new u("no pss param");
        }
        if (!(aSN1Object instanceof Sequence)) {
            throw new u("bad pss param,not sequence");
        }
        RSASSAPSSParams rSASSAPSSParams = new RSASSAPSSParams((Sequence) aSN1Object);
        String oid = rSASSAPSSParams.getHashAlgorithm().getOid();
        String defaultHashAlgorithmName = JCEHasher.getDefaultHashAlgorithmName(oid);
        if (oid.equals(defaultHashAlgorithmName)) {
            throw new u("bad pss param,unknown hash algo");
        }
        String oid2 = rSASSAPSSParams.getMgf1HashAlgorithm().getOid();
        String defaultHashAlgorithmName2 = JCEHasher.getDefaultHashAlgorithmName(oid2);
        if (oid2.equals(defaultHashAlgorithmName2)) {
            throw new u("bad mgf1 param,unknown hash algo");
        }
        int saltLength = rSASSAPSSParams.getSaltLength();
        if (rSASSAPSSParams.getTrailerField() == 1) {
            return new PSSParameterSpec(defaultHashAlgorithmName, "MGF1", new MGF1ParameterSpec(defaultHashAlgorithmName2), saltLength, 1);
        }
        throw new u("bad trailerField");
    }

    public void addSignatureAlgorithmAlias(String str, String str2) {
        this.map.put(str, str2);
    }

    @Override // net.netca.pki.encoding.asn1.pki.MultiStepVerifible
    public void init(PublicKey publicKey, AlgorithmIdentifier algorithmIdentifier) {
        String str;
        PSSParameterSpec pSSParameterSpec;
        String str2 = null;
        this.sm2PublicKey = null;
        this.sm3 = null;
        this.signObj = null;
        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(publicKey.toSubjectPublicKeyInfo().getASN1Object().encode());
        String keyType = getKeyType(publicKey);
        if (keyType == null) {
            throw new u("unknown publick key");
        }
        try {
            try {
                str = getSignatureAlgorithmName(this.map, algorithmIdentifier);
            } catch (InvalidAlgorithmParameterException e) {
                throw new u("InvalidAlgorithmParameterException: " + e.getMessage(), e);
            } catch (NoSuchProviderException e2) {
                throw new u("NoSuchProviderException: " + e2.getMessage(), e2);
            }
        } catch (InvalidKeyException e3) {
            e = e3;
            str = str2;
        } catch (NoSuchAlgorithmException e4) {
            e = e4;
            str = str2;
        } catch (InvalidKeySpecException e5) {
            e = e5;
            str = str2;
        }
        try {
            if (str == null) {
                throw new u("unknown signature algorithm " + algorithmIdentifier.getOid());
            }
            java.security.PublicKey generatePublic = (this.keyFactoryProvider != null ? KeyFactory.getInstance(keyType, this.keyFactoryProvider) : KeyFactory.getInstance(keyType)).generatePublic(x509EncodedKeySpec);
            if (str.equals(AlgorithmIdentifier.RSASSA_PSS_OID)) {
                ASN1Object param = algorithmIdentifier.getParam();
                PSSParameterSpec pSSParameterSpec2 = toPSSParameterSpec(param);
                str2 = toPSSAlgoName(param);
                pSSParameterSpec = pSSParameterSpec2;
            } else {
                pSSParameterSpec = null;
                str2 = str;
            }
            this.signObj = this.signatureProvider != null ? Signature.getInstance(str2, this.signatureProvider) : Signature.getInstance(str2);
            this.signObj.initVerify(generatePublic);
            if (pSSParameterSpec != null) {
                this.signObj.setParameter(pSSParameterSpec);
            }
        } catch (InvalidKeyException e6) {
            e = e6;
            if ("SM3withSM2".equals(str)) {
                sm2Init(publicKey);
            } else {
                throw new u("InvalidKeyException: " + e.getMessage(), e);
            }
        } catch (NoSuchAlgorithmException e7) {
            e = e7;
            if ("SM3withSM2".equals(str)) {
                sm2Init(publicKey);
            } else {
                throw new u("NoSuchAlgorithmException: " + e.getMessage(), e);
            }
        } catch (InvalidKeySpecException e8) {
            e = e8;
            if ("SM3withSM2".equals(str)) {
                sm2Init(publicKey);
            } else {
                throw new u("InvalidKeySpecException: " + e.getMessage(), e);
            }
        }
    }

    @Override // net.netca.pki.encoding.asn1.pki.MultiStepVerifible
    public void update(byte[] bArr, int i, int i2) {
        if (this.sm2PublicKey != null) {
            this.sm3.update(bArr, i, i2);
            return;
        }
        if (this.signObj == null) {
            throw new u("init first");
        }
        try {
            this.signObj.update(bArr, i, i2);
        } catch (SignatureException e) {
            throw new u("SignatureException: " + e.getMessage());
        }
    }

    @Override // net.netca.pki.encoding.asn1.pki.Verifible
    public boolean verify(PublicKey publicKey, AlgorithmIdentifier algorithmIdentifier, byte[] bArr, int i, int i2, byte[] bArr2) {
        init(publicKey, algorithmIdentifier);
        update(bArr, i, i2);
        return verify(bArr2);
    }

    @Override // net.netca.pki.encoding.asn1.pki.MultiStepVerifible
    public boolean verify(byte[] bArr) {
        if (this.sm2PublicKey != null) {
            ECCSignature parse = ECCSignature.parse(bArr);
            if (parse == null) {
                return false;
            }
            return this.sm2PublicKey.SM2VerifyHash(this.sm3.doFinal(), parse);
        }
        if (this.signObj == null) {
            throw new u("init first");
        }
        try {
            return this.signObj.verify(bArr);
        } catch (SignatureException e) {
            throw new u("SignatureException: " + e.getMessage());
        }
    }
}
