package com.kinggrid.pdf.executes.electronicseal;

import com.KGitextpdf.text.html.HtmlTags;
import com.KGitextpdf.text.pdf.PdfDictionary;
import com.KGitextpdf.text.pdf.PdfName;
import com.KGitextpdf.text.pdf.PdfObject;
import com.KGitextpdf.text.pdf.security.DigestAlgorithms;
import com.KGitextpdf.text.pdf.security.PdfPKCS7;
import com.KGitextpdf.text.pdf.security.SecurityConstants;
import com.KGitextpdf.text.pdf.security.SecurityIDs;
import com.kinggrid.commons.KGDateUtils;
import com.kinggrid.encrypt.KGBase64;
import com.kinggrid.encrypt.KGSignature;
import com.kinggrid.encrypt.SM3Utils;
import com.kinggrid.exception.KGElecDigitalSigVerifyException;
import com.kinggrid.pdf.executes.PdfElectronicSealDetails;
import com.kinggrid.pdf.executes.customize.DisposeSigndataToClient;
import com.kinggrid.pdf.executes.entity.SignSealInfo;
import com.kinggrid.pdf.executes.signature.sm2.SM2;
import com.kinggrid.pdf.signinter.TimeStampValidInter;
import com.kinggrid.pdf.utils.AnalyticalSealUtil;
import com.kinggrid.pdf.utils.VerifySealUtil;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import org.kg.bouncycastle.asn1.ASN1Integer;
import org.kg.bouncycastle.asn1.ASN1Primitive;
import org.kg.bouncycastle.asn1.ASN1Sequence;
import org.kg.bouncycastle.asn1.DERSequence;
import org.kg.bouncycastle.asn1.DLSequence;
import org.kg.bouncycastle.asn1.x509.Certificate;
import org.kg.bouncycastle.asn1.x509.TBSCertificateStructure;

/* loaded from: input_file:com/kinggrid/pdf/executes/electronicseal/VerifyDigitalSignatureSoftVImpl.class */
public class VerifyDigitalSignatureSoftVImpl implements PdfElectronicSealDetails.PdfElecDigitalSigVerify {
    private TimeStampValidInter a;
    private String b;
    private String c;
    private int d = 0;

    public String getCertstartDate() {
        return this.b;
    }

    public void setCertstartDate(String str) {
        this.b = str;
    }

    public String getCertendDate() {
        return this.c;
    }

    public void setCertendDate(String str) {
        this.c = str;
    }

    public TimeStampValidInter getTimeStampValidInter() {
        return this.a;
    }

    public void setTimeStampValidInter(TimeStampValidInter timeStampValidInter) {
        this.a = timeStampValidInter;
    }

    @Override // com.kinggrid.pdf.executes.PdfElectronicSealDetails.PdfElecDigitalSigVerify
    public boolean verify(byte[] bArr, byte[] bArr2, byte[] bArr3, PdfDictionary pdfDictionary) {
        try {
            KGBase64 kGBase64 = new KGBase64();
            String str = new String(bArr);
            byte[] decode = kGBase64.decode(str);
            byte[] dealCertData = dealCertData(bArr3);
            String algorithm = getAlgorithm(dealCertData);
            VerifySealUtil verifySealUtil = new VerifySealUtil();
            if (algorithm.equals(SecurityConstants.RSA) && pdfDictionary.getAsString(new PdfName("ESType")) == null) {
                PdfPKCS7 pdfPKCS7 = new PdfPKCS7(kGBase64.decode(str), new PdfName("KG"), "KGBC");
                if (!KGSignature.verify((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(dealCertData)), pdfPKCS7.getDigest(), bArr2, pdfPKCS7.getDigestAlgorithm())) {
                    throw new KGElecDigitalSigVerifyException("验证电子印章签名值失败！");
                }
            } else if (pdfDictionary.getAsString(new PdfName("ESType")) != null && "GB".equals(pdfDictionary.getAsString(new PdfName("ESType")).toString())) {
                ASN1Sequence dERSequence = DERSequence.getInstance(decode);
                SignSealInfo sealinfo = AnalyticalSealUtil.sealinfo(dERSequence);
                byte[] signData = sealinfo.getSignData();
                byte[] tosignData = sealinfo.getTosignData();
                byte[] hash = sealinfo.getHash();
                String signDate = sealinfo.getSignDate();
                String esId = sealinfo.getEsId();
                verifySealUtil.setVersion(Integer.valueOf(sealinfo.getHeaderVer()).intValue());
                verifySealUtil.setSealinfo(sealinfo);
                if (signData.length != 64) {
                    signData = a(signData);
                }
                if (!verifySealUtil.asn1Complete(dERSequence)) {
                    throw new KGElecDigitalSigVerifyException("验证签章结构体完整性失败！errorCode:" + this.d);
                }
                if (!a(tosignData, dealCertData, signData)) {
                    throw new KGElecDigitalSigVerifyException("验证电子签章失败，验证签名值失败！");
                }
                if (!Arrays.equals(hash, SM3Utils.sm3Digest(bArr2))) {
                    throw new KGElecDigitalSigVerifyException("验证电子签章失败，文档已被篡改！");
                }
                if (!certMatchValid(sealinfo.getCertType(), sealinfo.getCert(), sealinfo.getCertList())) {
                    throw new KGElecDigitalSigVerifyException("验证电子印章签名值失败,签章者证书与电子印章不匹配！");
                }
                if (!cerValid(signDate, esId)) {
                    throw new KGElecDigitalSigVerifyException("验证电子签章失败，签章时间不在证书有效期内！");
                }
            } else if (pdfDictionary.getAsString(new PdfName("ESType")) == null || !"GMV4".equals(pdfDictionary.getAsString(new PdfName("ESType")).toString())) {
                if (decode.length != 64) {
                    if (decode.length == 64 || kGBase64.decode(str)[0] != 48) {
                        decode = DisposeSigndataToClient.dismantleSigndata(str.getBytes());
                        if (decode.length != 64) {
                            decode = a(decode);
                        }
                    } else {
                        decode = a(decode);
                    }
                }
                if (!a(bArr2, dealCertData, decode)) {
                    throw new KGElecDigitalSigVerifyException("验证电子签章失败，验证签名值失败！");
                }
            } else {
                ASN1Sequence dERSequence2 = DERSequence.getInstance(decode);
                SignSealInfo sealinfo2 = AnalyticalSealUtil.sealinfo(dERSequence2);
                byte[] signData2 = sealinfo2.getSignData();
                byte[] tosignData2 = sealinfo2.getTosignData();
                byte[] hash2 = sealinfo2.getHash();
                String signDate2 = sealinfo2.getSignDate();
                String esId2 = sealinfo2.getEsId();
                verifySealUtil.setVersion(Integer.valueOf(sealinfo2.getHeaderVer()).intValue());
                verifySealUtil.setSealinfo(sealinfo2);
                if (signData2.length != 64) {
                    signData2 = a(signData2);
                }
                if (!verifySealUtil.asn1Complete(dERSequence2)) {
                    throw new KGElecDigitalSigVerifyException("验证签章结构体完整性失败！errorCode:" + this.d);
                }
                if (!a(tosignData2, dealCertData, signData2)) {
                    throw new KGElecDigitalSigVerifyException("验证电子签章失败，验证签名值失败！");
                }
                if (!Arrays.equals(hash2, SM3Utils.sm3Digest(bArr2))) {
                    throw new KGElecDigitalSigVerifyException("验证电子签章失败，文档已被篡改！");
                }
                if (!certMatchValid(sealinfo2.getCertType(), sealinfo2.getCert(), sealinfo2.getCertList())) {
                    throw new KGElecDigitalSigVerifyException("验证电子印章签名值失败,签章者证书与电子印章不匹配！");
                }
                if (!cerValid(signDate2, esId2)) {
                    throw new KGElecDigitalSigVerifyException("验证电子签章失败，签章时间不在证书有效期内！");
                }
                String timeStamp = sealinfo2.getTimeStamp();
                byte[] timeData = sealinfo2.getTimeData();
                byte[] signData3 = sealinfo2.getSignData();
                if (this.a != null && timeData != null && (!this.a.valid(timeData, signData3) || !validsigndate(timeStamp, signDate2, esId2))) {
                    throw new KGElecDigitalSigVerifyException("验证电子签章失败，验证时间戳失败！");
                }
            }
            return true;
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (CertificateException e2) {
            throw new RuntimeException(e2);
        }
    }

    private boolean a(byte[] bArr, byte[] bArr2, byte[] bArr3) throws IOException {
        return new SM2(true).Verify(bArr, bArr3, getPubkey(getTbsCert(bArr2)));
    }

    public byte[] dealCertData(byte[] bArr) {
        KGBase64 kGBase64 = new KGBase64();
        String replaceAll = new String(bArr).replaceAll("\r\n", PdfObject.NOTHING).replaceAll("\n", PdfObject.NOTHING);
        if (replaceAll.indexOf("-----BEGIN CERTIFICATE-----") != -1) {
            replaceAll = replaceAll.substring("-----BEGIN CERTIFICATE-----".length(), replaceAll.indexOf("-----END CERTIFICATE-----"));
        }
        return kGBase64.decode(replaceAll);
    }

    public static byte[] getPubkey(TBSCertificateStructure tBSCertificateStructure) {
        byte[] bArr = new byte[64];
        System.arraycopy(tBSCertificateStructure.getSubjectPublicKeyInfo().getPublicKeyData().getBytes(), 1, bArr, 0, 64);
        return bArr;
    }

    public static TBSCertificateStructure getTbsCert(byte[] bArr) throws IOException {
        return TBSCertificateStructure.getInstance(ASN1Primitive.fromByteArray(bArr).getObjectAt(0));
    }

    private static byte[] a(byte[] bArr) throws IOException {
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(bArr);
        ASN1Integer objectAt = aSN1Sequence.getObjectAt(0);
        ASN1Integer objectAt2 = aSN1Sequence.getObjectAt(1);
        byte[] byteArray = objectAt.getValue().toByteArray();
        byte[] byteArray2 = objectAt2.getValue().toByteArray();
        byte[] bArr2 = new byte[64];
        if (byteArray.length < 32) {
            System.arraycopy(byteArray, 0, bArr2, 32 - byteArray.length, byteArray.length);
        } else {
            System.arraycopy(byteArray, byteArray.length == 32 ? 0 : byteArray.length - 32, bArr2, 0, 32);
        }
        if (byteArray2.length < 32) {
            System.arraycopy(byteArray2, 0, bArr2, 32 - byteArray2.length, byteArray2.length);
        } else {
            System.arraycopy(byteArray2, byteArray2.length == 32 ? 0 : byteArray2.length - 32, bArr2, 32, 32);
        }
        return bArr2;
    }

    public boolean cerValid(String str, String str2) {
        String certstartDate = getCertstartDate();
        String certendDate = getCertendDate();
        long parseLong = Long.parseLong(str.substring(0, 14));
        return Long.parseLong(certstartDate.substring(0, 14)) <= parseLong && Long.parseLong(certendDate.substring(0, 14)) >= parseLong;
    }

    public String getAlgorithm(byte[] bArr) throws IOException {
        String str;
        Certificate certificate = Certificate.getInstance(ASN1Primitive.fromByteArray(bArr));
        setCertstartDate(certificate.getStartDate().getTime());
        setCertendDate(certificate.getEndDate().getTime());
        String aSN1ObjectIdentifier = certificate.getSignatureAlgorithm().getAlgorithm().toString();
        if (DigestAlgorithms.getDigest(aSN1ObjectIdentifier).equals(aSN1ObjectIdentifier)) {
        }
        String aSN1ObjectIdentifier2 = certificate.getSubjectPublicKeyInfo().getAlgorithm().getAlgorithm().toString();
        if (SecurityIDs.ID_RSA.equals(aSN1ObjectIdentifier2)) {
            str = SecurityConstants.RSA;
        } else {
            if (!SecurityIDs.ID_ECDSA.equals(aSN1ObjectIdentifier2)) {
                throw new RuntimeException("目前不支持签名算法oid：" + aSN1ObjectIdentifier2);
            }
            str = "SM2";
        }
        return str;
    }

    public boolean validsigndate(String str, String str2, String str3) {
        int length = str3.length();
        String substring = str2.substring(0, 14);
        String substring2 = str.substring(0, 14);
        if (length == 14) {
            substring = KGDateUtils.toTimeStamp(KGDateUtils.dealHour(KGDateUtils.getDate(str2.substring(0, 14)), HtmlTags.SUB, 8));
        }
        return Long.valueOf(Long.parseLong(substring)).longValue() <= Long.valueOf(Long.parseLong(substring2)).longValue();
    }

    public boolean certMatchValid(String str, byte[] bArr, DLSequence dLSequence) {
        int size = dLSequence.size();
        boolean z = false;
        if (str.equals("1")) {
            for (int i = 0; i < size; i++) {
                z = Arrays.equals(bArr, dLSequence.getObjectAt(i).getOctets());
                if (z) {
                    break;
                }
            }
        }
        return z;
    }
}
