package org.bdware.doip.audit;

import com.bdware.irp.util.GlobalUtils;
import java.io.ByteArrayOutputStream;
import java.io.ObjectOutputStream;
import java.nio.charset.StandardCharsets;
import org.apache.log4j.Logger;
import org.bdware.doip.codec.doipMessage.DoipMessage;
import org.bdware.doip.codec.doipMessage.MessageCredential;
import org.bdware.doip.codec.exception.MessageCodecException;
import org.bdware.irp.irplib.core.IrpMessage;
import org.zz.gmhelper.BCECUtil;
import org.zz.gmhelper.SM2KeyPair;
import org.zz.gmhelper.SM2Util;

/* loaded from: input_file:org/bdware/doip/audit/SM2Signer.class */
public class SM2Signer {
    static Logger LOGGER = Logger.getLogger(SM2Signer.class);
    SM2KeyPair keyPair;
    boolean enableSign;
    boolean enableVerify;

    public SM2Signer(SM2KeyPair sM2KeyPair) {
        this(sM2KeyPair, sM2KeyPair != null, sM2KeyPair != null);
    }

    public SM2Signer(SM2KeyPair sM2KeyPair, boolean z, boolean z2) {
        this.keyPair = sM2KeyPair;
        this.enableSign = z;
        this.enableVerify = z2;
    }

    public void signIrpMessage(IrpMessage irpMessage) {
        if (this.enableSign) {
            try {
                irpMessage.header.setCertifiedFlag(true);
                byte[] sign = SM2Util.sign(this.keyPair.getPrivateKeyParameter(), irpMessage.getEncodedMessageHeaderBody());
                irpMessage.credential.signerDoid = this.keyPair.getPublicKeyStr().getBytes(StandardCharsets.UTF_8);
                irpMessage.credential.signedInfoType = AuditConstants.CREDENTIAL_SIGNEDINFO_TYPE_SM2;
                irpMessage.credential.signedInfoDigestAlgorithm = AuditConstants.CREDENTIAL_DIGEST_ALG_SM2;
                irpMessage.credential.signature = sign;
                irpMessage.credential.signedInfoLength = irpMessage.credential.signedInfoDigestAlgorithm.length + irpMessage.credential.signature.length;
                irpMessage.encodedMessage = null;
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }

    public boolean verifyIrpMessage(IrpMessage irpMessage) {
        if (!this.enableVerify) {
            return true;
        }
        try {
            return SM2Util.verify(BCECUtil.createECPublicKeyFromStrParameters(GlobalUtils.decodeString(irpMessage.credential.signerDoid), SM2Util.CURVE, SM2Util.DOMAIN_PARAMS), irpMessage.getEncodedMessageHeaderBody(), irpMessage.credential.signature);
        } catch (Exception e) {
            LOGGER.debug(e);
            return false;
        }
    }

    public void signDoipMessage(DoipMessage doipMessage) {
        if (this.enableSign) {
            try {
                doipMessage.credential = new MessageCredential(this.keyPair.getPublicKeyStr(), SM2Util.sign(this.keyPair.getPrivateKeyParameter(), getDoipMessageHeaderBody(doipMessage)));
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }

    static byte[] getDoipMessageHeaderBody(DoipMessage doipMessage) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
            doipMessage.header.parameterLength = doipMessage.header.parameters.length();
            doipMessage.header.bodyLength = doipMessage.body.getLength();
            objectOutputStream.writeInt(doipMessage.header.getFlag());
            objectOutputStream.writeInt(doipMessage.header.parameterLength);
            objectOutputStream.writeInt(doipMessage.header.bodyLength);
            if (doipMessage.header.parameterLength != 0 && doipMessage.header.parameterLength != doipMessage.header.parameters.length()) {
                throw new MessageCodecException("invalid parameter length: " + doipMessage.header.parameterLength);
            }
            objectOutputStream.write(doipMessage.header.parameters.toByteArray());
            if (doipMessage.header.bodyLength != 0 && doipMessage.header.bodyLength != doipMessage.body.getLength()) {
                throw new MessageCodecException("invalid body length: " + doipMessage.header.parameterLength);
            }
            objectOutputStream.write(doipMessage.body.getEncodedData());
            objectOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public boolean verifyDoipMessage(DoipMessage doipMessage) {
        if (!this.enableVerify) {
            return true;
        }
        try {
            String asString = doipMessage.credential.attributes.get("signer").getAsString();
            return SM2Util.verify(BCECUtil.createECPublicKeyFromStrParameters(asString, SM2Util.CURVE, SM2Util.DOMAIN_PARAMS), getDoipMessageHeaderBody(doipMessage), doipMessage.credential.getSignature());
        } catch (Exception e) {
            return false;
        }
    }
}
