package com.huawei.wisesecurity.kfs.crypto.signer;

import com.huawei.appmarket.b0;
import com.huawei.appmarket.d0;
import com.huawei.wisesecurity.kfs.crypto.key.KeyStoreProvider;
import com.huawei.wisesecurity.kfs.exception.CryptoException;
import com.huawei.wisesecurity.kfs.util.ByteUtil;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Mac;

/* loaded from: classes4.dex */
public class DefaultSignHandler implements SignHandler {

    /* renamed from: a, reason: collision with root package name */
    private final Key f37829a;

    /* renamed from: b, reason: collision with root package name */
    private final AlgorithmParameterSpec f37830b;

    /* renamed from: c, reason: collision with root package name */
    private final SignText f37831c;

    /* renamed from: d, reason: collision with root package name */
    private final KeyStoreProvider f37832d;

    public DefaultSignHandler(KeyStoreProvider keyStoreProvider, Key key, SignText signText, AlgorithmParameterSpec algorithmParameterSpec) {
        this.f37832d = keyStoreProvider;
        this.f37829a = key;
        this.f37830b = algorithmParameterSpec;
        this.f37831c = signText;
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.signer.SignHandler
    public SignHandler from(String str) throws CryptoException {
        this.f37831c.e(ByteUtil.a(str.getBytes(StandardCharsets.UTF_8)));
        return this;
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.signer.SignHandler
    public SignHandler from(byte[] bArr) throws CryptoException {
        this.f37831c.e(ByteUtil.a(bArr));
        return this;
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.signer.SignHandler
    public byte[] sign() throws CryptoException {
        KeyStoreProvider keyStoreProvider = KeyStoreProvider.ANDROID_KEYSTORE;
        int ordinal = this.f37831c.a().ordinal();
        if (ordinal == 1 || ordinal == 2 || ordinal == 3) {
            try {
                String b2 = this.f37831c.a().b();
                KeyStoreProvider keyStoreProvider2 = this.f37832d;
                Signature signature = keyStoreProvider2 == keyStoreProvider ? Signature.getInstance(b2) : Signature.getInstance(b2, keyStoreProvider2.b());
                AlgorithmParameterSpec algorithmParameterSpec = this.f37830b;
                if (algorithmParameterSpec != null) {
                    signature.setParameter(algorithmParameterSpec);
                }
                Key key = this.f37829a;
                if (!(key instanceof PrivateKey)) {
                    throw new CryptoException("sign key not private key");
                }
                signature.initSign((PrivateKey) key);
                signature.update(this.f37831c.b());
                this.f37831c.f(signature.sign());
            } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException e2) {
                throw new CryptoException(d0.a(e2, b0.a("Fail to sign : ")));
            }
        } else {
            if (ordinal != 4) {
                StringBuilder a2 = b0.a("unsupported sign alg : ");
                a2.append(this.f37831c.a().b());
                throw new CryptoException(a2.toString());
            }
            try {
                String b3 = this.f37831c.a().b();
                KeyStoreProvider keyStoreProvider3 = this.f37832d;
                Mac mac = keyStoreProvider3 == keyStoreProvider ? Mac.getInstance(b3) : Mac.getInstance(b3, keyStoreProvider3.b());
                mac.init(this.f37829a);
                mac.update(this.f37831c.b());
                this.f37831c.f(mac.doFinal());
            } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException e3) {
                throw new CryptoException(d0.a(e3, b0.a("Fail to sign : ")));
            }
        }
        return this.f37831c.c();
    }
}
