package com.kgofd.encrypt;

import com.kgofd.commons.KGDateUtils;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import org.kg.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:lib/iSignature_OFD_API_V2.0.0.128.jar:com/kgofd/encrypt/KGSignature.class */
public class KGSignature {
    public static final String SHA1WITHRSA = "SHA1withRSA";
    private PrivateKey privateKey;
    private Certificate[] chain;
    private Signature signature;

    public KGSignature(PrivateKey privateKey, Certificate[] certificateArr) {
        this.privateKey = privateKey;
        this.chain = certificateArr;
    }

    public KGSignature(InputStream inputStream, String str, String str2) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException {
        KeyStore keyStore = KeyStore.getInstance("PKCS12", BouncyCastleProvider.PROVIDER_NAME);
        keyStore.load(inputStream, str.toCharArray());
        Enumeration<String> aliases = keyStore.aliases();
        String str3 = null;
        while (this.privateKey == null) {
            if (aliases.hasMoreElements()) {
                str3 = aliases.nextElement();
                this.privateKey = (PrivateKey) keyStore.getKey(str3, str2.toCharArray());
            }
        }
        this.chain = keyStore.getCertificateChain(str3);
    }

    public boolean verifyCertificateIsExpired() {
        Boolean bool = true;
        if (this.chain != null && this.chain.length > 0) {
            X509Certificate x509Certificate = (X509Certificate) this.chain[0];
            bool = KGDateUtils.compareDate(new Date(), x509Certificate.getNotBefore()) >= 0 && KGDateUtils.compareDate(new Date(), x509Certificate.getNotAfter()) <= 0;
        }
        return bool.booleanValue();
    }

    public void initSign(String str) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException {
        this.signature = Signature.getInstance(str, BouncyCastleProvider.PROVIDER_NAME);
        this.signature.initSign(this.privateKey);
    }

    public void update(byte[] bArr) throws SignatureException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException {
        if (this.signature == null) {
            initSign("SHA1withRSA");
        }
        this.signature.update(bArr);
    }

    public byte[] sign() throws SignatureException {
        return this.signature.sign();
    }

    public static boolean verify(Certificate certificate, byte[] bArr, byte[] bArr2, String str) {
        PublicKey publicKey = certificate.getPublicKey();
        try {
            Signature signature = Signature.getInstance(str, new BouncyCastleProvider());
            signature.initVerify(publicKey);
            signature.update(bArr2);
            return signature.verify(bArr);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public void setPrivateKey(PrivateKey privateKey) {
        this.privateKey = privateKey;
    }

    public Certificate[] getChain() {
        return this.chain;
    }

    public void setChain(Certificate[] certificateArr) {
        this.chain = certificateArr;
    }
}
