package org.linagora.linsign.utils.sign;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.DigestException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x509.DigestInfo;
import org.linagora.linsign.exceptions.BadKeyTypeException;
import org.linagora.linsign.exceptions.CheckSignerKeyException;
import org.linagora.linsign.exceptions.DecryptSignatureException;
import org.linagora.linsign.exceptions.SignatureException;
import org.linagora.linsign.utils.encode.Base64Utils;
import org.linagora.linsign.utils.encode.HexaEncoding;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.AlgorithmId;

/* JADX WARN: Classes with same name are omitted:
  input_file:applet/linsign.jar:org/linagora/linsign/utils/sign/SignCipher.class
 */
/* loaded from: input_file:WEB-INF/lib/linsign-1.0.jar:org/linagora/linsign/utils/sign/SignCipher.class */
public class SignCipher {
    private static final String SHA1_WITH_RSA_ENCRYPTION = "3021300906052B0E03021A05000414";

    public static Map<String, String> signHash(Map<String, String> map, PrivateKey privateKey) throws SignatureException, BadKeyTypeException {
        return signHash(map, privateKey, (String) null);
    }

    public static Map<String, String> signHash(Map<String, String> map, PrivateKey privateKey, String str) throws SignatureException, BadKeyTypeException {
        HashMap hashMap = new HashMap(map.size());
        for (Map.Entry<String, String> entry : map.entrySet()) {
            hashMap.put(entry.getKey(), signHash(entry.getValue(), privateKey, str));
        }
        return hashMap;
    }

    public static String signHash(String str, PrivateKey privateKey) throws SignatureException, BadKeyTypeException {
        return signHash(str, privateKey, (String) null);
    }

    public static String signHash(String str, PrivateKey privateKey, String str2) throws BadKeyTypeException, SignatureException {
        if (privateKey.getAlgorithm().equalsIgnoreCase("RSA")) {
            return signHashSHAwithRSA(str, privateKey, str2);
        }
        throw new BadKeyTypeException(privateKey.getAlgorithm());
    }

    private static String signHashSHAwithRSA(String str, PrivateKey privateKey, String str2) throws SignatureException {
        return str2 == "LinagoraSunMSCAPI" ? signHashSHAwithCryptoAPI(str, privateKey) : str2 == "Apple" ? encryptHashSHAwithRSA(str, privateKey, null) : encryptHashSHAwithRSA(str, privateKey, str2);
    }

    private static String rawRSASignature(String str, PrivateKey privateKey) throws SignatureException {
        try {
            byte[] encodeSignature = encodeSignature(AlgorithmId.SHA_oid, Base64Utils.decode(str));
            Signature signature = Signature.getInstance("NONEwithRSA");
            signature.initSign(privateKey);
            signature.update(encodeSignature);
            return Base64Utils.encodeBytes(signature.sign());
        } catch (Exception e) {
            throw new SignatureException(e);
        }
    }

    private static String encryptHashSHAwithRSA(String str, PrivateKey privateKey, String str2) throws SignatureException {
        byte[] encodeSignature;
        try {
            byte[] decode = Base64Utils.decode(str);
            if (decode.length == 20) {
                encodeSignature = encodeSignature(AlgorithmId.SHA_oid, decode);
            } else {
                if (decode.length != 32) {
                    throw new DigestException("Bad number of bytes for a SHA1 or SHA256 digest");
                }
                encodeSignature = encodeSignature(AlgorithmId.SHA256_oid, decode);
            }
            Cipher cipher = str2 != null ? Cipher.getInstance("RSA/ECB/PKCS1Padding", str2) : Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, privateKey);
            return Base64Utils.encodeBytes(cipher.doFinal(encodeSignature));
        } catch (Exception e) {
            throw new SignatureException(e);
        }
    }

    private static String signHashSHAwithCryptoAPI(String str, PrivateKey privateKey) throws SignatureException {
        String encodeBytes;
        try {
            byte[] decode = Base64Utils.decode(str);
            if (decode.length == 20) {
                Signature signature = Signature.getInstance("NOSHA1withRSA", "LinagoraSunMSCAPI");
                signature.initSign(privateKey);
                signature.update(decode);
                encodeBytes = Base64Utils.encodeBytes(signature.sign());
            } else {
                if (decode.length != 32) {
                    throw new DigestException("Bad number of bytes for a SHA1 or SHA256 digest");
                }
                Signature signature2 = Signature.getInstance("NOSHA256withRSA", "LinagoraSunMSCAPI");
                signature2.initSign(privateKey);
                signature2.update(decode);
                encodeBytes = Base64Utils.encodeBytes(signature2.sign());
            }
            return encodeBytes;
        } catch (Exception e) {
            throw new SignatureException(e);
        }
    }

    public static byte[] decryptSignature(String str, PublicKey publicKey) throws DecryptSignatureException {
        return decryptSignature(Base64Utils.decode(str), publicKey);
    }

    public static byte[] decryptSignature(byte[] bArr, PublicKey publicKey) throws DecryptSignatureException {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "SunJCE");
            cipher.init(2, publicKey);
            return derDecode(cipher.doFinal(bArr)).getDigest();
        } catch (Exception e) {
            throw new DecryptSignatureException(e);
        }
    }

    private static DigestInfo derDecode(byte[] bArr) throws IOException {
        return new DigestInfo((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject());
    }

    private static byte[] encodeSignature(ObjectIdentifier objectIdentifier, byte[] bArr) throws IOException {
        DerOutputStream derOutputStream = new DerOutputStream();
        new AlgorithmId(objectIdentifier).encode(derOutputStream);
        derOutputStream.putOctetString(bArr);
        return new DerValue((byte) 48, derOutputStream.toByteArray()).toByteArray();
    }

    private static byte[] encodeSignatureSHA1(byte[] bArr) {
        return HexaEncoding.hex2data(SHA1_WITH_RSA_ENCRYPTION + new BigInteger(1, bArr).toString(16));
    }

    public static KeyPair getDummyRSAkeyPair() throws NoSuchAlgorithmException, NoSuchProviderException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(1024);
        return keyPairGenerator.generateKeyPair();
    }

    public static void checkSignerKey(byte[] bArr, byte[] bArr2, X509Certificate x509Certificate) throws CheckSignerKeyException {
        try {
            if (!Arrays.equals(bArr2, decryptSignature(bArr, x509Certificate.getPublicKey()))) {
                throw new CheckSignerKeyException();
            }
        } catch (DecryptSignatureException e) {
            throw new CheckSignerKeyException(e);
        }
    }
}
