package org.xipki.security.util;

import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPrivateKey;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.engines.RSABlindedEngine;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
import org.bouncycastle.crypto.signers.PSSSigner;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcContentVerifierProviderBuilder;
import org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder;
import org.xipki.pkcs11.wrapper.Functions;
import org.xipki.security.DHSigStaticKeyCertPair;
import org.xipki.security.EdECConstants;
import org.xipki.security.HashAlgo;
import org.xipki.security.SignAlgo;
import org.xipki.security.XiSecurityException;
import org.xipki.security.bc.XiECContentVerifierProviderBuilder;
import org.xipki.security.bc.XiEdDSAContentVerifierProvider;
import org.xipki.security.bc.XiRSAContentVerifierProviderBuilder;
import org.xipki.security.bc.XiXDHContentVerifierProvider;
import org.xipki.util.Args;

/* loaded from: input_file:WEB-INF/lib/security-6.3.1.jar:org/xipki/security/util/SignerUtil.class */
public class SignerUtil {
    private static final DigestAlgorithmIdentifierFinder DIGESTALG_IDENTIFIER_FINDER = new DefaultDigestAlgorithmIdentifierFinder();
    private static final Map<String, BcContentVerifierProviderBuilder> VERIFIER_PROVIDER_BUILDER = new HashMap();

    private SignerUtil() {
    }

    public static RSAKeyParameters generateRSAPrivateKeyParameter(RSAPrivateKey rSAPrivateKey) {
        Args.notNull(rSAPrivateKey, "key");
        if (!(rSAPrivateKey instanceof RSAPrivateCrtKey)) {
            return new RSAKeyParameters(true, rSAPrivateKey.getModulus(), rSAPrivateKey.getPrivateExponent());
        }
        RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) rSAPrivateKey;
        return new RSAPrivateCrtKeyParameters(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent(), rSAPrivateCrtKey.getPrivateExponent(), rSAPrivateCrtKey.getPrimeP(), rSAPrivateCrtKey.getPrimeQ(), rSAPrivateCrtKey.getPrimeExponentP(), rSAPrivateCrtKey.getPrimeExponentQ(), rSAPrivateCrtKey.getCrtCoefficient());
    }

    public static Signer createPSSRSASigner(SignAlgo signAlgo) throws XiSecurityException {
        if (!((SignAlgo) Args.notNull(signAlgo, "sigAlgo")).isRSAPSSSigAlgo()) {
            throw new XiSecurityException(signAlgo + " is not an RSAPSS algorithm");
        }
        HashAlgo hashAlgo = signAlgo.getHashAlgo();
        return new PSSSigner(new RSABlindedEngine(), hashAlgo.createDigest(), hashAlgo.createDigest(), hashAlgo.getLength(), (byte) -68);
    }

    public static byte[] dsaSigPlainToX962(byte[] bArr) throws XiSecurityException {
        byte[] dsaSigPlainToX962 = Functions.dsaSigPlainToX962((byte[]) Args.notNull(bArr, "signature"));
        if (Arrays.equals(dsaSigPlainToX962, bArr)) {
            throw new XiSecurityException("signature is not correctly encoded.");
        }
        return dsaSigPlainToX962;
    }

    public static byte[] dsaSigX962ToPlain(byte[] bArr, int i) throws XiSecurityException {
        byte[] dsaSigX962ToPlain = Functions.dsaSigX962ToPlain((byte[]) Args.notNull(bArr, "x962Signature"), (i + 7) / 8);
        if (Arrays.equals(bArr, dsaSigX962ToPlain)) {
            throw new XiSecurityException("x962Signature is not correctly encoded.");
        }
        return dsaSigX962ToPlain;
    }

    public static byte[] dsaSigToPlain(BigInteger bigInteger, BigInteger bigInteger2, int i) throws XiSecurityException {
        int i2 = (i + 7) / 8;
        if ((Math.max(((BigInteger) Args.notNull(bigInteger, "sigR")).bitLength(), ((BigInteger) Args.notNull(bigInteger2, "sigS")).bitLength()) + 7) / 8 > i2) {
            throw new XiSecurityException("signature is too large");
        }
        byte[] bArr = new byte[2 * i2];
        bigIntToBytes(bigInteger, bArr, 0, i2);
        bigIntToBytes(bigInteger2, bArr, i2, i2);
        return bArr;
    }

    private static void bigIntToBytes(BigInteger bigInteger, byte[] bArr, int i, int i2) {
        byte[] byteArray = bigInteger.toByteArray();
        if (byteArray.length == i2) {
            System.arraycopy(byteArray, 0, bArr, i, i2);
        } else if (byteArray.length < i2) {
            System.arraycopy(byteArray, 0, bArr, (i + i2) - byteArray.length, byteArray.length);
        } else {
            System.arraycopy(byteArray, byteArray.length - i2, bArr, i, i2);
        }
    }

    public static ContentVerifierProvider getContentVerifierProvider(PublicKey publicKey, DHSigStaticKeyCertPair dHSigStaticKeyCertPair) throws InvalidKeyException {
        String upperCase = ((PublicKey) Args.notNull(publicKey, "publicKey")).getAlgorithm().toUpperCase();
        if (EdECConstants.ED25519.equals(upperCase) || EdECConstants.ED448.equals(upperCase)) {
            return new XiEdDSAContentVerifierProvider(publicKey);
        }
        if (EdECConstants.X25519.equals(upperCase) || EdECConstants.X448.equals(upperCase)) {
            if (dHSigStaticKeyCertPair == null) {
                throw new InvalidKeyException("ownerKeyAndCert is required but absent");
            }
            return new XiXDHContentVerifierProvider(publicKey, dHSigStaticKeyCertPair);
        }
        BcContentVerifierProviderBuilder bcContentVerifierProviderBuilder = VERIFIER_PROVIDER_BUILDER.get(upperCase);
        if (bcContentVerifierProviderBuilder == null) {
            boolean z = -1;
            switch (upperCase.hashCode()) {
                case 2206:
                    if (upperCase.equals("EC")) {
                        z = 2;
                        break;
                    }
                    break;
                case 67986:
                    if (upperCase.equals("DSA")) {
                        z = true;
                        break;
                    }
                    break;
                case 81440:
                    if (upperCase.equals("RSA")) {
                        z = false;
                        break;
                    }
                    break;
                case 65786932:
                    if (upperCase.equals("ECDSA")) {
                        z = 3;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    bcContentVerifierProviderBuilder = new XiRSAContentVerifierProviderBuilder();
                    break;
                case true:
                    bcContentVerifierProviderBuilder = new BcDSAContentVerifierProviderBuilder(DIGESTALG_IDENTIFIER_FINDER);
                    break;
                case true:
                case true:
                    bcContentVerifierProviderBuilder = new XiECContentVerifierProviderBuilder();
                    break;
                default:
                    throw new InvalidKeyException("unknown key algorithm of the public key " + upperCase);
            }
            VERIFIER_PROVIDER_BUILDER.put(upperCase, bcContentVerifierProviderBuilder);
        }
        try {
            return bcContentVerifierProviderBuilder.build(KeyUtil.generatePublicKeyParameter(publicKey));
        } catch (OperatorCreationException e) {
            throw new InvalidKeyException("could not build ContentVerifierProvider: " + e.getMessage(), e);
        }
    }
}
