package com.gosign.sdk.managers;

import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.util.Base64;
import java.io.ByteArrayOutputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.operator.ContentSigner;

/* loaded from: classes.dex */
public class SigningManager {
    public static final String DEFAULT_SIGNATURE_ALGORITHM_EC = "SHA256withECDSA";
    public static final String DEFAULT_SIGNATURE_ALGORITHM_RSA = "SHA256withRSA";
    private static SigningManager instance;
    private boolean isDeviceSecurityChanged;
    private KeyStore keyStore;
    private Signature signature;

    /* loaded from: classes.dex */
    public static class DataSigner implements ContentSigner {
        private static Map<String, AlgorithmIdentifier> ALGORITHMS;
        private String algorithm;
        private ByteArrayOutputStream outputStream;
        private Signature signature;

        static {
            HashMap hashMap = new HashMap();
            ALGORITHMS = hashMap;
            hashMap.put("SHA1withECDSA".toLowerCase(), new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.10045.4.1")));
            ALGORITHMS.put(SigningManager.DEFAULT_SIGNATURE_ALGORITHM_EC.toLowerCase(), new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.10045.4.3.2")));
            ALGORITHMS.put("SHA384withECDSA".toLowerCase(), new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.10045.4.3.3")));
            ALGORITHMS.put("SHA512withECDSA".toLowerCase(), new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.10045.4.3.4")));
            ALGORITHMS.put("SHA1withRSA".toLowerCase(), new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.1.1.5")));
            ALGORITHMS.put(SigningManager.DEFAULT_SIGNATURE_ALGORITHM_RSA.toLowerCase(), new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.1.1.11")));
            ALGORITHMS.put("SHA384withRSA".toLowerCase(), new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.1.1.12")));
            ALGORITHMS.put("SHA512withRSA".toLowerCase(), new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.1.1.13")));
        }

        public DataSigner(PrivateKey privateKey, String str, Signature signature) {
            this.signature = signature;
            this.algorithm = str.toLowerCase();
            try {
                this.outputStream = new ByteArrayOutputStream();
            } catch (Exception e) {
                throw new IllegalArgumentException(e.getMessage());
            }
        }

        @Override // org.spongycastle.operator.ContentSigner
        public AlgorithmIdentifier getAlgorithmIdentifier() {
            AlgorithmIdentifier algorithmIdentifier = ALGORITHMS.get(this.algorithm);
            if (algorithmIdentifier != null) {
                return algorithmIdentifier;
            }
            throw new IllegalArgumentException("Does not support algorithm: " + this.algorithm);
        }

        @Override // org.spongycastle.operator.ContentSigner
        public OutputStream getOutputStream() {
            return this.outputStream;
        }

        @Override // org.spongycastle.operator.ContentSigner
        public byte[] getSignature() {
            try {
                this.signature.update(this.outputStream.toByteArray());
                return this.signature.sign();
            } catch (GeneralSecurityException e) {
                e.printStackTrace();
                return null;
            }
        }
    }

    private SigningManager() throws Exception {
        initialize();
    }

    public static SigningManager getInstance() throws Exception {
        if (instance == null) {
            instance = new SigningManager();
        }
        return instance;
    }

    public String decryptData(String str, String str2) throws Exception {
        if (str2 == null || str2.isEmpty()) {
            return str2;
        }
        SecretKey secretKey = (SecretKey) KeypairManager.getInstance().getKey(str, null);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, secretKey, new GCMParameterSpec(128, "GoSignMobile".getBytes()));
        return new String(cipher.doFinal(Base64.decode(str2, 0)));
    }

    public String encryptData(String str, String str2) throws Exception {
        if (str2 == null || str2.isEmpty()) {
            return str2;
        }
        SecretKey secretKey = (SecretKey) KeypairManager.getInstance().getKey(str, null);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, secretKey, new GCMParameterSpec(128, ("GoSignMobile").getBytes()));
        return Base64.encodeToString(cipher.doFinal(str2.getBytes()), 0);
    }

    public Signature getSignature() {
        return this.signature;
    }

    public boolean initSignature(String str) {
        this.isDeviceSecurityChanged = false;
        try {
            PrivateKey privateKey = KeypairManager.getInstance().getPrivateKey();
            if (privateKey == null) {
                this.isDeviceSecurityChanged = true;
                return false;
            }
            Signature signature = Signature.getInstance(str);
            this.signature = signature;
            signature.initSign(privateKey);
            return true;
        } catch (KeyPermanentlyInvalidatedException e) {
            e.printStackTrace();
            this.isDeviceSecurityChanged = true;
            return false;
        } catch (Exception e2) {
            e2.printStackTrace();
            return false;
        }
    }

    public void initialize() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        this.keyStore = keyStore;
        keyStore.load(null);
    }

    public boolean isDeviceSecurityChanged() {
        return this.isDeviceSecurityChanged;
    }

    public void setDeviceSecurityChanged(boolean z) {
        this.isDeviceSecurityChanged = z;
    }

    public byte[] signData(byte[] bArr) throws Exception {
        this.signature.update(bArr);
        return this.signature.sign();
    }

    public boolean verifyData(byte[] bArr, PublicKey publicKey) throws Exception {
        this.signature.initVerify(publicKey);
        this.signature.update(bArr);
        return this.signature.verify(bArr);
    }
}
