package com.huawei.wienerchain.security;

import com.google.common.base.Charsets;
import com.huawei.wienerchain.exception.CryptoException;
import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.CertPathValidator;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.util.ArrayList;
import org.bouncycastle.jcajce.spec.SM2ParameterSpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huawei/wienerchain/security/CryptoSmJava.class */
public class CryptoSmJava extends CryptoSmCom {
    private static final Logger logger = LoggerFactory.getLogger(CryptoSmJava.class);
    private static final String SIGNATURE_ALGORITHM = "SM3withSM2";
    private static final String PROVIDER_SHORT_NAME = "BC";
    private static final String SIGNATURE_USER_ID = "1234567812345678";
    private static final String TYPE = "X.509";

    @Override // com.huawei.wienerchain.security.Crypto
    public byte[] sign(byte[] bArr) throws CryptoException {
        PrivateKey privateKey = getPrivateKey();
        if (privateKey == null) {
            throw new CryptoException("Please load private key first");
        }
        try {
            Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM, PROVIDER_SHORT_NAME);
            signature.setParameter(new SM2ParameterSpec(SIGNATURE_USER_ID.getBytes(Charsets.UTF_8)));
            signature.initSign(privateKey, new SecureRandom());
            signature.update(bArr, 0, bArr.length);
            return signature.sign();
        } catch (GeneralSecurityException e) {
            throw new CryptoException("Sign message error", e);
        }
    }

    @Override // com.huawei.wienerchain.security.Crypto
    public boolean verify(byte[] bArr, byte[] bArr2, byte[] bArr3) throws CryptoException {
        if (this.keyStore == null) {
            throw new CryptoException("Please load ca certificate first! ");
        }
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance(TYPE, PROVIDER_SHORT_NAME);
            Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(bArr3));
            if (generateCertificate == null) {
                logger.error("Certificate is null. ");
                return false;
            }
            PKIXParameters pKIXParameters = new PKIXParameters(this.keyStore);
            pKIXParameters.setRevocationEnabled(false);
            CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType(), PROVIDER_SHORT_NAME);
            ArrayList arrayList = new ArrayList();
            arrayList.add(generateCertificate);
            certPathValidator.validate(certificateFactory.generateCertPath(arrayList), pKIXParameters);
            Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM, PROVIDER_SHORT_NAME);
            signature.setParameter(new SM2ParameterSpec(SIGNATURE_USER_ID.getBytes(Charsets.UTF_8)));
            signature.initVerify(generateCertificate);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (GeneralSecurityException e) {
            logger.error("Verify error:", e);
            return false;
        }
    }
}
