package es.gob.jmulticard.jse.provider.ceres;

import es.gob.jmulticard.card.CryptoCardException;
import es.gob.jmulticard.card.PinException;
import es.gob.jmulticard.card.fnmt.ceres.Ceres;
import es.gob.jmulticard.card.fnmt.ceres.CeresPrivateKeyReference;
import es.gob.jmulticard.jse.provider.ProviderUtil;
import es.gob.jmulticard.jse.provider.SignatureAuthException;
import java.io.ByteArrayOutputStream;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.SignatureSpi;

/* loaded from: input_file:es/gob/jmulticard/jse/provider/ceres/CeresSignatureImpl.class */
abstract class CeresSignatureImpl extends SignatureSpi {
    private final ByteArrayOutputStream data = new ByteArrayOutputStream();
    private Signature signatureVerifier = null;
    private CeresPrivateKey privateKey = null;
    private final String signatureAlgo;

    /* loaded from: input_file:es/gob/jmulticard/jse/provider/ceres/CeresSignatureImpl$Sha1.class */
    public static final class Sha1 extends CeresSignatureImpl {
        public Sha1() {
            super("SHA1withRSA");
        }
    }

    /* loaded from: input_file:es/gob/jmulticard/jse/provider/ceres/CeresSignatureImpl$Sha256.class */
    public static final class Sha256 extends CeresSignatureImpl {
        public Sha256() {
            super("SHA256withRSA");
        }
    }

    /* loaded from: input_file:es/gob/jmulticard/jse/provider/ceres/CeresSignatureImpl$Sha384.class */
    public static final class Sha384 extends CeresSignatureImpl {
        public Sha384() {
            super("SHA384withRSA");
        }
    }

    /* loaded from: input_file:es/gob/jmulticard/jse/provider/ceres/CeresSignatureImpl$Sha512.class */
    public static final class Sha512 extends CeresSignatureImpl {
        public Sha512() {
            super("SHA512withRSA");
        }
    }

    CeresSignatureImpl(String str) {
        this.signatureAlgo = str;
    }

    @Override // java.security.SignatureSpi
    protected Object engineGetParameter(String str) {
        throw new InvalidParameterException("Parametro no soportado");
    }

    @Override // java.security.SignatureSpi
    protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
        if (privateKey == null) {
            throw new InvalidKeyException("La clave proporcionada es nula");
        }
        if (!(privateKey instanceof CeresPrivateKey)) {
            throw new InvalidKeyException("La clave proporcionada no es de una tarjeta CERES: " + privateKey.getClass().getName());
        }
        this.privateKey = (CeresPrivateKey) privateKey;
        this.data.reset();
    }

    @Override // java.security.SignatureSpi
    protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
        this.data.reset();
        try {
            this.signatureVerifier = Signature.getInstance(this.signatureAlgo);
            try {
                if (this.signatureVerifier.getProvider() instanceof CeresProvider) {
                    this.signatureVerifier = Signature.getInstance(this.signatureAlgo, ProviderUtil.getDefaultOtherProvider("Signature", this.signatureAlgo));
                }
                this.signatureVerifier.initVerify(publicKey);
            } catch (NoSuchProviderException e) {
                throw new IllegalStateException("No esta instalado el proveedor por defecto de firma", e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException("No existe un proveedor para validar firmas con el algoritmo " + this.signatureAlgo, e2);
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineSetParameter(String str, Object obj) {
        throw new InvalidParameterException("Parametro no soportado");
    }

    @Override // java.security.SignatureSpi
    protected byte[] engineSign() throws SignatureException {
        if (!(this.privateKey.getCryptoCard() instanceof Ceres)) {
            throw new ProviderException("La clave proporcionada no se corresponde con la de una tarjeta CERES");
        }
        try {
            return this.privateKey.getCryptoCard().sign(this.data.toByteArray(), this.signatureAlgo, new CeresPrivateKeyReference(this.privateKey.getReference().getKeyReference(), this.privateKey.getReference().getKeyBitSize()));
        } catch (PinException e) {
            throw new SignatureAuthException(e);
        } catch (CryptoCardException e2) {
            throw new SignatureException((Throwable) e2);
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte b) {
        this.data.write(b);
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte[] bArr, int i, int i2) {
        this.data.write(bArr, i, i2);
    }

    @Override // java.security.SignatureSpi
    protected boolean engineVerify(byte[] bArr) throws SignatureException {
        if (this.signatureVerifier == null) {
            throw new SignatureException("La verificacion no esta inicializada");
        }
        this.signatureVerifier.update(this.data.toByteArray());
        this.data.reset();
        return this.signatureVerifier.verify(bArr);
    }
}
