package cn.hutool.crypto.asymmetric;

import cn.hutool.core.codec.Base64;
import cn.hutool.core.collection.CollUtil;
import cn.hutool.crypto.CryptoException;
import cn.hutool.crypto.SecureUtil;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Collection;
import java.util.Set;

/* loaded from: classes.dex */
public class Sign extends BaseAsymmetric<Sign> {
    protected Signature signature;

    public Sign(SignAlgorithm signAlgorithm) {
        this(signAlgorithm, (byte[]) null, (byte[]) null);
    }

    public Sign(SignAlgorithm signAlgorithm, String str, String str2) {
        this(signAlgorithm.getValue(), SecureUtil.decode(str), SecureUtil.decode(str2));
    }

    public Sign(SignAlgorithm signAlgorithm, KeyPair keyPair) {
        this(signAlgorithm.getValue(), keyPair);
    }

    public Sign(SignAlgorithm signAlgorithm, PrivateKey privateKey, PublicKey publicKey) {
        this(signAlgorithm.getValue(), privateKey, publicKey);
    }

    public Sign(SignAlgorithm signAlgorithm, byte[] bArr, byte[] bArr2) {
        this(signAlgorithm.getValue(), bArr, bArr2);
    }

    public Sign(String str) {
        this(str, (byte[]) null, (byte[]) null);
    }

    public Sign(String str, String str2, String str3) {
        this(str, Base64.decode(str2), Base64.decode(str3));
    }

    public Sign(String str, KeyPair keyPair) {
        this(str, keyPair.getPrivate(), keyPair.getPublic());
    }

    public Sign(String str, PrivateKey privateKey, PublicKey publicKey) {
        super(str, privateKey, publicKey);
    }

    public Sign(String str, byte[] bArr, byte[] bArr2) {
        this(str, SecureUtil.generatePrivateKey(str, bArr), SecureUtil.generatePublicKey(str, bArr2));
    }

    public Signature getSignature() {
        return this.signature;
    }

    @Override // cn.hutool.crypto.asymmetric.BaseAsymmetric
    public Sign init(String str, PrivateKey privateKey, PublicKey publicKey) {
        try {
            this.signature = Signature.getInstance(str);
            super.init(str, privateKey, publicKey);
            return this;
        } catch (NoSuchAlgorithmException e10) {
            throw new CryptoException(e10);
        }
    }

    public Sign setCertificate(Certificate certificate) {
        boolean[] keyUsage;
        if (certificate instanceof X509Certificate) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
            if (CollUtil.isNotEmpty((Collection<?>) criticalExtensionOIDs) && criticalExtensionOIDs.contains("2.5.29.15") && (keyUsage = x509Certificate.getKeyUsage()) != null && !keyUsage[0]) {
                throw new CryptoException("Wrong key usage");
            }
        }
        this.publicKey = certificate.getPublicKey();
        return this;
    }

    public Sign setParameter(AlgorithmParameterSpec algorithmParameterSpec) {
        try {
            this.signature.setParameter(algorithmParameterSpec);
            return this;
        } catch (InvalidAlgorithmParameterException e10) {
            throw new CryptoException(e10);
        }
    }

    public Sign setSignature(Signature signature) {
        this.signature = signature;
        return this;
    }

    public byte[] sign(byte[] bArr) {
        this.lock.lock();
        try {
            try {
                this.signature.initSign(this.privateKey);
                this.signature.update(bArr);
                return this.signature.sign();
            } catch (Exception e10) {
                throw new CryptoException(e10);
            }
        } finally {
            this.lock.unlock();
        }
    }

    public boolean verify(byte[] bArr, byte[] bArr2) {
        this.lock.lock();
        try {
            try {
                this.signature.initVerify(this.publicKey);
                this.signature.update(bArr);
                return this.signature.verify(bArr2);
            } catch (Exception e10) {
                throw new CryptoException(e10);
            }
        } finally {
            this.lock.unlock();
        }
    }
}
