package com.mindspore.flclient.cipher;

import com.mindspore.flclient.common.FLLoggerGenerater;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.logging.Logger;

/* loaded from: input_file:com/mindspore/flclient/cipher/SignAndVerify.class */
public class SignAndVerify {
    private static final Logger LOGGER = FLLoggerGenerater.getModelLogger(SignAndVerify.class.toString());

    public static byte[] signData(String str, byte[] bArr) {
        Key key;
        if (str == null || str.isEmpty()) {
            LOGGER.severe("[SignAndVerify] the parameter clientID is null or empty, please check!");
            return null;
        }
        if (bArr == null || bArr.length == 0) {
            LOGGER.severe("[SignAndVerify] the parameter data is null or empty, please check!");
            return null;
        }
        byte[] bArr2 = null;
        try {
            KeyStore keyStore = KeyStore.getInstance("HwKeyStore");
            keyStore.load(null);
            key = keyStore.getKey(str, null);
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | UnrecoverableKeyException | CertificateException e) {
            LOGGER.severe("[SignAndVerify] catch Exception: " + e.getMessage());
        }
        if (key == null) {
            LOGGER.info("private key is null");
            return null;
        }
        Signature signature = Signature.getInstance("SHA256withRSA/PSS", "HwUniversalKeyStoreProvider");
        signature.initSign((PrivateKey) key);
        signature.update(bArr);
        bArr2 = signature.sign();
        return bArr2;
    }

    public static boolean verifySignatureByCert(String str, X509Certificate[] x509CertificateArr, byte[] bArr, byte[] bArr2) {
        if (str == null || str.isEmpty()) {
            LOGGER.severe("[SignAndVerify] the parameter clientID is null or empty, please check!");
            return false;
        }
        if (x509CertificateArr == null || x509CertificateArr.length < 1) {
            LOGGER.severe("[SignAndVerify] the parameter x509Certificates is null or the length is not valid: < 1, please check!");
            return false;
        }
        if (bArr == null || bArr.length == 0) {
            LOGGER.severe("[SignAndVerify] the parameter data is null or empty, please check!");
            return false;
        }
        if (bArr2 == null || bArr2.length == 0) {
            LOGGER.severe("[SignAndVerify] the parameter signed is null or empty, please check!");
            return false;
        }
        if (!CertVerify.verifyCertificateChain(str, x509CertificateArr)) {
            LOGGER.info("Verify chain failed!");
            return false;
        }
        LOGGER.info("Verify chain success!");
        try {
            if (x509CertificateArr[0].getPublicKey() == null) {
                LOGGER.severe("[SignAndVerify] get public key failed!");
                return false;
            }
            PublicKey publicKey = x509CertificateArr[0].getPublicKey();
            Signature signature = Signature.getInstance("SHA256withRSA/PSS");
            signature.initVerify(publicKey);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            LOGGER.severe("[SignAndVerify] catch Exception: " + e.getMessage());
            return false;
        }
    }

    public static byte[] getSHA256(byte[] bArr) {
        byte[] bArr2 = new byte[0];
        try {
            bArr2 = MessageDigest.getInstance("SHA-256").digest(bArr);
        } catch (NoSuchAlgorithmException e) {
            LOGGER.severe("[PkiUtil] catch NoSuchAlgorithmException: " + e.getMessage());
        }
        return bArr2;
    }
}
