package es.gob.jmulticard.jse.provider;

import es.gob.afirma.core.signers.AOSignConstants;
import es.gob.jmulticard.card.CryptoCardException;
import es.gob.jmulticard.card.PinException;
import es.gob.jmulticard.card.dnie.Dni;
import es.gob.jmulticard.card.dnie.DniePrivateKeyReference;
import java.io.ByteArrayOutputStream;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.SignatureSpi;

/* loaded from: classes.dex */
abstract class DnieSignatureImpl extends SignatureSpi {
    private final String signatureAlgo;
    private final ByteArrayOutputStream data = new ByteArrayOutputStream();
    private Signature signatureVerifier = null;
    private DniePrivateKey privateKey = null;

    /* loaded from: classes.dex */
    public static final class Sha1 extends DnieSignatureImpl {
        public Sha1() {
            super(AOSignConstants.SIGN_ALGORITHM_SHA1WITHRSA);
        }
    }

    /* loaded from: classes.dex */
    public static final class Sha256 extends DnieSignatureImpl {
        public Sha256() {
            super(AOSignConstants.SIGN_ALGORITHM_SHA256WITHRSA);
        }
    }

    /* loaded from: classes.dex */
    public static final class Sha384 extends DnieSignatureImpl {
        public Sha384() {
            super(AOSignConstants.SIGN_ALGORITHM_SHA384WITHRSA);
        }
    }

    /* loaded from: classes.dex */
    public static final class Sha512 extends DnieSignatureImpl {
        public Sha512() {
            super("SHA512withRSA");
        }
    }

    DnieSignatureImpl(String str) {
        this.signatureAlgo = str;
    }

    @Override // java.security.SignatureSpi
    protected Object engineGetParameter(String str) {
        throw new InvalidParameterException("Parametro no soportado");
    }

    @Override // java.security.SignatureSpi
    protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
        if (privateKey == null) {
            throw new InvalidKeyException("La clave proporcionada es nula");
        }
        if (!(privateKey instanceof DniePrivateKey)) {
            throw new InvalidKeyException("La clave proporcionada no es de un DNIe: " + privateKey.getClass().getName());
        }
        this.privateKey = (DniePrivateKey) privateKey;
        this.data.reset();
    }

    @Override // java.security.SignatureSpi
    protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
        this.data.reset();
        try {
            Signature signature = Signature.getInstance(this.signatureAlgo);
            this.signatureVerifier = signature;
            try {
                if (signature.getProvider() instanceof DnieProvider) {
                    this.signatureVerifier = Signature.getInstance(this.signatureAlgo, "SunRsaSign");
                }
                this.signatureVerifier.initVerify(publicKey);
            } catch (NoSuchProviderException e) {
                throw new IllegalStateException("No esta instalado el proveedor SunRsaSign", e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException("No existe un proveedor para validar firmas con el algoritmo " + this.signatureAlgo, e2);
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineSetParameter(String str, Object obj) {
        throw new InvalidParameterException("Parametro no soportado");
    }

    @Override // java.security.SignatureSpi
    protected byte[] engineSign() throws SignatureException {
        if (!(this.privateKey.getCryptoCard() instanceof Dni)) {
            throw new ProviderException("La clave proporcionada no es de un DNIe: " + this.privateKey.getCryptoCard().getClass().getName());
        }
        try {
            return this.privateKey.getCryptoCard().sign(this.data.toByteArray(), this.signatureAlgo, new DniePrivateKeyReference(this.privateKey.getCryptoCard(), this.privateKey.getId(), this.privateKey.getPath(), this.privateKey.toString(), this.privateKey.getKeyReference(), this.privateKey.getKeyBitSize()));
        } catch (CryptoCardException e) {
            throw new SignatureException(e);
        } catch (PinException e2) {
            throw new SignatureAuthException(e2);
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte b) {
        this.data.write(b);
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte[] bArr, int i, int i2) {
        this.data.write(bArr, i, i2);
    }

    @Override // java.security.SignatureSpi
    protected boolean engineVerify(byte[] bArr) throws SignatureException {
        Signature signature = this.signatureVerifier;
        if (signature == null) {
            throw new SignatureException("La verificacion no esta inicializada");
        }
        signature.update(this.data.toByteArray());
        this.data.reset();
        return this.signatureVerifier.verify(bArr);
    }
}
