package code.ponfee.commons.jce.security;

import code.ponfee.commons.jce.Providers;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import org.apache.commons.lang3.tuple.ImmutablePair;
import org.apache.commons.lang3.tuple.Pair;

/* loaded from: input_file:code/ponfee/commons/jce/security/ECDSASigner.class */
public final class ECDSASigner {
    private static final String ALGORITHM = "EC";

    /* loaded from: input_file:code/ponfee/commons/jce/security/ECDSASigner$ECDSASignAlgorithms.class */
    public enum ECDSASignAlgorithms {
        SHA1withECDSA,
        SHA256withECDSA,
        SHA384withECDSA,
        SHA512withECDSA
    }

    public static Pair<ECPublicKey, ECPrivateKey> generateKeyPair() {
        return generateKeyPair(256);
    }

    public static Pair<ECPublicKey, ECPrivateKey> generateKeyPair(int i) {
        KeyPairGenerator keyPairGenerator = Providers.getKeyPairGenerator(ALGORITHM);
        keyPairGenerator.initialize(i);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        return ImmutablePair.of((ECPublicKey) generateKeyPair.getPublic(), (ECPrivateKey) generateKeyPair.getPrivate());
    }

    public static byte[] encode(ECPublicKey eCPublicKey) {
        return eCPublicKey.getEncoded();
    }

    public static byte[] encode(ECPrivateKey eCPrivateKey) {
        return eCPrivateKey.getEncoded();
    }

    public static ECPublicKey decodePublicKey(byte[] bArr) {
        try {
            return (ECPublicKey) Providers.getKeyFactory(ALGORITHM).generatePublic(new X509EncodedKeySpec(bArr));
        } catch (InvalidKeySpecException e) {
            throw new SecurityException(e);
        }
    }

    public static ECPrivateKey decodePrivateKey(byte[] bArr) {
        try {
            return (ECPrivateKey) Providers.getKeyFactory(ALGORITHM).generatePrivate(new PKCS8EncodedKeySpec(bArr));
        } catch (InvalidKeySpecException e) {
            throw new SecurityException(e);
        }
    }

    public static byte[] signSha1(byte[] bArr, ECPrivateKey eCPrivateKey) {
        return sign(bArr, eCPrivateKey, ECDSASignAlgorithms.SHA1withECDSA);
    }

    public static boolean verifySha1(byte[] bArr, byte[] bArr2, ECPublicKey eCPublicKey) {
        return verify(bArr, bArr2, eCPublicKey, ECDSASignAlgorithms.SHA1withECDSA);
    }

    public static byte[] signSha256(byte[] bArr, ECPrivateKey eCPrivateKey) {
        return sign(bArr, eCPrivateKey, ECDSASignAlgorithms.SHA256withECDSA);
    }

    public static boolean verifySha256(byte[] bArr, byte[] bArr2, ECPublicKey eCPublicKey) {
        return verify(bArr, bArr2, eCPublicKey, ECDSASignAlgorithms.SHA256withECDSA);
    }

    public static byte[] signSha512(byte[] bArr, ECPrivateKey eCPrivateKey) {
        return sign(bArr, eCPrivateKey, ECDSASignAlgorithms.SHA512withECDSA);
    }

    public static boolean verifySha512(byte[] bArr, byte[] bArr2, ECPublicKey eCPublicKey) {
        return verify(bArr, bArr2, eCPublicKey, ECDSASignAlgorithms.SHA512withECDSA);
    }

    private static byte[] sign(byte[] bArr, ECPrivateKey eCPrivateKey, ECDSASignAlgorithms eCDSASignAlgorithms) {
        Signature signature = Providers.getSignature(eCDSASignAlgorithms.name());
        try {
            signature.initSign(eCPrivateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | SignatureException e) {
            throw new SecurityException(e);
        }
    }

    private static boolean verify(byte[] bArr, byte[] bArr2, ECPublicKey eCPublicKey, ECDSASignAlgorithms eCDSASignAlgorithms) {
        Signature signature = Providers.getSignature(eCDSASignAlgorithms.name());
        try {
            signature.initVerify(eCPublicKey);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (InvalidKeyException | SignatureException e) {
            throw new SecurityException(e);
        }
    }
}
