package cfca.sadk.timestamp.client;

import cfca.sadk.algorithm.common.GMObjectIdentifiers;
import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.lib.crypto.Session;
import cfca.sadk.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cfca.sadk.org.bouncycastle.crypto.Digest;
import cfca.sadk.org.bouncycastle.crypto.digests.SM3Digest;
import cfca.sadk.org.bouncycastle.operator.ContentVerifier;
import cfca.sadk.org.bouncycastle.operator.OperatorCreationException;
import cfca.sadk.org.bouncycastle.operator.RuntimeOperatorException;
import java.io.OutputStream;
import java.security.PublicKey;
import org.apache.http.util.Args;

/* loaded from: input_file:cfca/sadk/timestamp/client/TSAContentVerifier.class */
final class TSAContentVerifier implements ContentVerifier {
    final DigestOutputStream stream;
    final AlgorithmIdentifier verifierAlgorithmIdentifier;
    final Mechanism mechanism;
    final Session session;
    final PublicKey publicKey;

    /* loaded from: input_file:cfca/sadk/timestamp/client/TSAContentVerifier$DigestOutputStream.class */
    final class DigestOutputStream extends OutputStream {
        private Digest dig;

        DigestOutputStream(Digest digest) {
            this.dig = digest;
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) {
            this.dig.update(bArr, i, i2);
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr) {
            this.dig.update(bArr, 0, bArr.length);
        }

        @Override // java.io.OutputStream
        public void write(int i) {
            this.dig.update((byte) i);
        }

        byte[] getDigest() {
            byte[] bArr = new byte[this.dig.getDigestSize()];
            this.dig.doFinal(bArr, 0);
            return bArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TSAContentVerifier(AlgorithmIdentifier algorithmIdentifier, TSACertHolder tSACertHolder, Session session) throws OperatorCreationException {
        Digest lookup;
        Args.notNull(algorithmIdentifier, "verifierAlgorithmIdentifier");
        if (tSACertHolder == null) {
            throw new OperatorCreationException("missing verifierCert");
        }
        try {
            PublicKey publicKey = tSACertHolder.getPublicKey();
            if (GMObjectIdentifiers.sm3WithSM2Encryption.equals(algorithmIdentifier.getAlgorithm())) {
                lookup = new SM3Digest();
                if (!tSACertHolder.isSM2Cert()) {
                    throw new OperatorCreationException("verifierAlgorithmIdentifier require SM2Cert");
                }
                try {
                    byte[] defaultZ = tSACertHolder.getPublicKey().getDefaultZ();
                    lookup.update(defaultZ, 0, defaultZ.length);
                } catch (Exception e) {
                    throw new OperatorCreationException("invalid SM2Cert", e);
                }
            } else {
                if (!tSACertHolder.isRSACert()) {
                    throw new OperatorCreationException("verifierAlgorithmIdentifier require RSACert");
                }
                lookup = TSADigestProviderHelper.lookup(algorithmIdentifier);
            }
            Mechanism lookupMechanism = TSADigestProviderHelper.lookupMechanism(algorithmIdentifier);
            DigestOutputStream digestOutputStream = new DigestOutputStream(lookup);
            this.verifierAlgorithmIdentifier = algorithmIdentifier;
            this.mechanism = lookupMechanism;
            this.stream = digestOutputStream;
            this.publicKey = publicKey;
            this.session = session;
        } catch (Exception e2) {
            throw new OperatorCreationException("invalid verifierCert: " + e2.getMessage(), e2);
        }
    }

    public AlgorithmIdentifier getAlgorithmIdentifier() {
        return this.verifierAlgorithmIdentifier;
    }

    public OutputStream getOutputStream() {
        if (this.stream == null) {
            throw new IllegalStateException("verifier not initialised");
        }
        return this.stream;
    }

    public boolean verify(byte[] bArr) {
        try {
            return this.session.verifyByHash(this.mechanism, this.publicKey, this.stream.getDigest(), bArr);
        } catch (Exception e) {
            throw new RuntimeOperatorException("done verify signature failure: " + e.getMessage(), e);
        }
    }
}
