package org.ofdrw.crypto.integrity;

import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Signature;
import java.security.cert.Certificate;
import org.bouncycastle.jcajce.provider.digest.SM3;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import org.jetbrains.annotations.NotNull;
import org.ofdrw.gm.sm2strut.builder.SignedDataBuilder;

/* loaded from: input_file:org/ofdrw/crypto/integrity/GMProtectSigner.class */
public class GMProtectSigner implements ProtectSigner {
    private PrivateKey privateKey;
    private Certificate signCert;

    public GMProtectSigner(@NotNull PrivateKey privateKey, @NotNull Certificate certificate) {
        if (privateKey == null) {
            throw new IllegalArgumentException("版式文件合成者的签名私钥(privateKey)为空");
        }
        if (certificate == null) {
            throw new IllegalArgumentException("版式文件合成者的公钥证书(signCert)为空");
        }
        this.privateKey = privateKey;
        this.signCert = certificate;
    }

    @Override // org.ofdrw.crypto.integrity.ProtectSigner
    public byte[] digestThenSign(Path path) throws GeneralSecurityException, IOException {
        SM3.Digest digest = new SM3.Digest();
        digest.update(Files.readAllBytes(path));
        byte[] digest2 = digest.digest();
        Signature signature = Signature.getInstance("SM3WithSM2", (Provider) new BouncyCastleProvider());
        signature.initSign(this.privateKey);
        signature.update(digest2);
        byte[] encoded = SignedDataBuilder.signedData(digest2, signature.sign(), this.signCert).getEncoded();
        System.out.println(Base64.toBase64String(encoded));
        return encoded;
    }
}
