package com.itrus.cms.jcajce;

import cn.topca.security.x509.AlgorithmId;
import java.io.ByteArrayOutputStream;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.SignerIdentifier;
import org.bouncycastle.asn1.cms.SignerInfo;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.SignerInfoGenerator;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.OperatorCreationException;

/* loaded from: input_file:com/itrus/cms/jcajce/SM2SignerInfoGenerator.class */
public class SM2SignerInfoGenerator extends SignerInfoGenerator {
    private ByteArrayOutputStream _stream;
    private PrivateKey _key;
    private X509Certificate _cert;
    private AlgorithmIdentifier digestAlgId;
    private AlgorithmIdentifier signatureAlgId;

    public SM2SignerInfoGenerator(PrivateKey privateKey, X509Certificate x509Certificate) throws OperatorCreationException {
        super((SignerIdentifier) null, (ContentSigner) null, (DigestCalculatorProvider) null, true);
        this._stream = null;
        this._key = null;
        this._cert = null;
        this.digestAlgId = null;
        this.signatureAlgId = null;
        if (privateKey == null || x509Certificate == null) {
            throw new OperatorCreationException("key and cert can not be null");
        }
        if (privateKey.getAlgorithm() != x509Certificate.getPublicKey().getAlgorithm() || privateKey.getAlgorithm() != "SM2") {
            throw new OperatorCreationException("Not a SM2 key or cert");
        }
        this._stream = new ByteArrayOutputStream();
        this._key = privateKey;
        this._cert = x509Certificate;
        this.digestAlgId = new AlgorithmIdentifier(new DERObjectIdentifier(AlgorithmId.SM3_oid.toString()));
        this.signatureAlgId = new AlgorithmIdentifier(new DERObjectIdentifier(AlgorithmId.SM2_oid.toString()));
    }

    public AlgorithmIdentifier getDigestAlgorithm() {
        return this.digestAlgId;
    }

    public OutputStream getCalculatingOutputStream() {
        return this._stream;
    }

    public SignerInfo generate(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws CMSException {
        try {
            Signature signature = Signature.getInstance("SM3withSM2");
            signature.initSign(this._key);
            signature.update(this._stream.toByteArray());
            return new SignerInfo(new SignerIdentifier(new IssuerAndSerialNumber(new X500Name(this._cert.getIssuerDN().toString()), this._cert.getSerialNumber())), this.digestAlgId, (ASN1Set) null, this.signatureAlgId, new DEROctetString(signature.sign()), (ASN1Set) null);
        } catch (InvalidKeyException e) {
            throw new CMSException("Invalid Key", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new CMSException("No Such Algorithm SM3withSM2", e2);
        } catch (SignatureException e3) {
            throw new CMSException("Calculate signature failed", e3);
        }
    }
}
