package com.kinggrid.pdf.utils;

import com.kinggrid.commons.KGDateUtils;
import com.kinggrid.encrypt.KGSignature;
import com.kinggrid.exception.KGElecDigitalSigVerifyException;
import com.kinggrid.exception.KGErrorSm2VerifyException;
import com.kinggrid.kgcore.gm.SM2;
import com.kinggrid.kgcore.gm.SealGM;
import com.kinggrid.kgcore.gm.SealUtil;
import com.kinggrid.pdf.executes.entity.SignSealInfo;
import com.kinggrid.pdf.signinter.TimeStampValidInter;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Date;
import org.kg.bouncycastle.asn1.ASN1EncodableVector;
import org.kg.bouncycastle.asn1.ASN1InputStream;
import org.kg.bouncycastle.asn1.ASN1Primitive;
import org.kg.bouncycastle.asn1.ASN1Sequence;
import org.kg.bouncycastle.asn1.DEROctetString;
import org.kg.bouncycastle.asn1.DERSequence;
import org.kg.bouncycastle.asn1.DLSequence;
import org.kg.bouncycastle.asn1.x509.Certificate;
import org.kg.bouncycastle.asn1.x509.TBSCertificateStructure;
import org.kg.bouncycastle.asn1.x509.X509CertificateStructure;
import org.kg.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:com/kinggrid/pdf/utils/VerifySealUtil.class */
public class VerifySealUtil {
    private int b;
    private SignSealInfo c;
    private byte[] d;
    private TimeStampValidInter e;
    private boolean a = true;
    private int f = 0;

    public int getVersion() {
        return this.b;
    }

    public void setVersion(int i) {
        this.b = i;
    }

    public SignSealInfo getSealinfo() {
        return this.c;
    }

    public void setSealinfo(SignSealInfo signSealInfo) {
        this.c = signSealInfo;
    }

    public TimeStampValidInter getTimeStampValidInter() {
        return this.e;
    }

    public void setTimeStampValidInter(TimeStampValidInter timeStampValidInter) {
        this.e = timeStampValidInter;
    }

    public void verifySignatureStructure(SignSealInfo signSealInfo, byte[] bArr) throws IOException {
        this.c = signSealInfo;
        this.d = bArr;
        this.b = Integer.valueOf(signSealInfo.getHeaderVer()).intValue();
        if (this.b == 4) {
            a();
        } else {
            b();
        }
    }

    private void a() throws IOException {
        byte[] signData = this.c.getSignData();
        byte[] cert = this.c.getCert();
        byte[] tosignData = this.c.getTosignData();
        byte[] hash = this.c.getHash();
        byte[] sesSignature = this.c.getSesSignature();
        String signDate = this.c.getSignDate();
        ASN1Sequence dERSequence = DERSequence.getInstance(sesSignature);
        if (signData.length != 64) {
            signData = Asn1Utils.sigDataAns1To64bit(signData);
        }
        if (!asn1Complete(dERSequence)) {
            throw new KGElecDigitalSigVerifyException("验证签章结构体完整性失败！errorCode:" + this.f);
        }
        if (!a(tosignData, cert, signData)) {
            throw new KGErrorSm2VerifyException("验证签名值失败！");
        }
        if (!c()) {
            throw new KGErrorSm2VerifyException("签章者证书与电子印章不匹配！");
        }
        verifySeal(this.c.getEseal(), signDate);
        if (!cerValid()) {
            throw new KGErrorSm2VerifyException("签章时间不在证书有效期内！");
        }
        if (!Arrays.equals(hash, this.d)) {
            throw new KGErrorSm2VerifyException("文档已被篡改！");
        }
        this.c.getTimeStamp();
        byte[] timeData = this.c.getTimeData();
        byte[] signData2 = this.c.getSignData();
        this.c.getSignDate();
        if (this.e != null && timeData != null && !this.e.valid(timeData, signData2)) {
            throw new KGErrorSm2VerifyException("验证时间戳失败！");
        }
    }

    private void b() throws IOException {
        byte[] signData = this.c.getSignData();
        byte[] cert = this.c.getCert();
        byte[] tosignData = this.c.getTosignData();
        byte[] hash = this.c.getHash();
        byte[] sesSignature = this.c.getSesSignature();
        String signDate = this.c.getSignDate();
        ASN1Sequence dERSequence = DERSequence.getInstance(sesSignature);
        if (signData.length != 64) {
            signData = Asn1Utils.sigDataAns1To64bit(signData);
        }
        if (!asn1Complete(dERSequence)) {
            throw new KGElecDigitalSigVerifyException("验证签章结构体完整性失败！errorCode:" + this.f);
        }
        if (!a(tosignData, cert, signData)) {
            throw new KGErrorSm2VerifyException("验证签名值失败！");
        }
        verifySeal(this.c.getEseal(), signDate);
        if (!cerValid()) {
            throw new KGErrorSm2VerifyException("签章时间不在证书有效期内！");
        }
        if (!Arrays.equals(hash, this.d)) {
            throw new KGErrorSm2VerifyException("文档已被篡改！");
        }
    }

    private boolean a(byte[] bArr, byte[] bArr2, byte[] bArr3) throws IOException {
        return new SM2(true).Verify(bArr, bArr3, a(a(bArr2)));
    }

    private static TBSCertificateStructure a(byte[] bArr) throws IOException {
        return TBSCertificateStructure.getInstance(ASN1Primitive.fromByteArray(bArr).getObjectAt(0));
    }

    private static byte[] a(TBSCertificateStructure tBSCertificateStructure) {
        byte[] bArr = new byte[64];
        System.arraycopy(tBSCertificateStructure.getSubjectPublicKeyInfo().getPublicKeyData().getBytes(), 1, bArr, 0, 64);
        return bArr;
    }

    private boolean c() {
        String certType = this.c.getCertType();
        byte[] cert = this.c.getCert();
        DLSequence certList = this.c.getCertList();
        int size = certList.size();
        boolean z = false;
        if (certType.equals("1")) {
            for (int i = 0; i < size; i++) {
                z = Arrays.equals(cert, certList.getObjectAt(i).getOctets());
                if (z) {
                    break;
                }
            }
        }
        return z;
    }

    public boolean cerValid() throws IOException {
        Certificate certificate = Certificate.getInstance(ASN1Primitive.fromByteArray(this.c.getCert()));
        String time = certificate.getStartDate().getTime();
        String time2 = certificate.getEndDate().getTime();
        String signDate = this.c.getSignDate();
        long parseLong = Long.parseLong(this.b == 2 ? ("20" + signDate).substring(0, 14) : signDate.substring(0, 14));
        return Long.parseLong(time.substring(0, 14)) <= parseLong && Long.parseLong(time2.substring(0, 14)) >= parseLong;
    }

    public boolean validsigndate(String str, String str2) {
        return Long.valueOf(Long.parseLong(str2.substring(0, 14))).longValue() <= Long.valueOf(Long.parseLong(str.substring(0, 14))).longValue();
    }

    public void verifySeal(byte[] bArr, String str) throws IOException {
        byte[] encoded;
        ASN1Sequence readObject = new ASN1InputStream(bArr).readObject();
        ASN1Sequence aSN1Sequence = (ASN1Sequence) readObject.getObjectAt(0);
        ASN1Sequence objectAt = aSN1Sequence.getObjectAt(0);
        if (!objectAt.getObjectAt(0).toString().equals("ES")) {
            throw new KGErrorSm2VerifyException("头标识错误！");
        }
        this.b = objectAt.getObjectAt(1).getValue().intValue();
        if (this.b == 4) {
            readObject.getObjectAt(1);
            readObject.getObjectAt(3);
            encoded = aSN1Sequence.getEncoded();
        } else {
            if (this.b != 2) {
                throw new KGErrorSm2VerifyException("印章版本号错误！");
            }
            ASN1Sequence objectAt2 = readObject.getObjectAt(1);
            DEROctetString objectAt3 = objectAt2.getObjectAt(0);
            objectAt2.getObjectAt(2);
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(aSN1Sequence);
            aSN1EncodableVector.add(objectAt3);
            aSN1EncodableVector.add(objectAt2.getObjectAt(1));
            encoded = new DERSequence(aSN1EncodableVector).getEncoded();
        }
        SealGM sealInfo = SealUtil.getSealInfo(bArr);
        a(sealInfo.getSignatureAlgorithm());
        byte[] cert = sealInfo.getCert();
        X509CertificateStructure x509CertificateStructure = new X509CertificateStructure(new ASN1InputStream(cert).readObject());
        a(x509CertificateStructure, encoded, sealInfo.getSignData(), cert);
        a(x509CertificateStructure, sealInfo.getCreateDate());
        a(aSN1Sequence, str);
    }

    private void a(X509CertificateStructure x509CertificateStructure, byte[] bArr, byte[] bArr2, byte[] bArr3) throws IOException {
        boolean verify;
        if (bArr2.length != 64) {
            bArr2 = Asn1Utils.sigDataAns1To64bit(bArr2);
        }
        if (this.a) {
            byte[] bArr4 = new byte[64];
            System.arraycopy(x509CertificateStructure.getSubjectPublicKeyInfo().getPublicKeyData().getBytes(), 1, bArr4, 0, 64);
            verify = new SM2(true).Verify(bArr, bArr2, bArr4);
        } else {
            try {
                PublicKey publicKey = ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr3))).getPublicKey();
                Signature signature = Signature.getInstance(KGSignature.SHA1WITHRSA, (Provider) new BouncyCastleProvider());
                signature.initVerify(publicKey);
                signature.update(bArr);
                verify = signature.verify(bArr2);
            } catch (InvalidKeyException e) {
                throw new RuntimeException(e);
            } catch (GeneralSecurityException e2) {
                throw new RuntimeException(e2);
            }
        }
        if (!verify) {
            throw new KGErrorSm2VerifyException("验证电子印章签名值失败！");
        }
    }

    private void a(X509CertificateStructure x509CertificateStructure, Date date) {
        long parseLong = Long.parseLong(x509CertificateStructure.getStartDate().getTime().substring(2, 14));
        long parseLong2 = Long.parseLong(x509CertificateStructure.getEndDate().getTime().substring(2, 14));
        long parseLong3 = Long.parseLong(KGDateUtils.format(date, KGDateUtils.YYMMDDHHMMSS));
        if (parseLong > parseLong3 || parseLong2 < parseLong3) {
            throw new KGErrorSm2VerifyException("制章时间不在制章人证书有效期内！");
        }
    }

    private void a(ASN1Sequence aSN1Sequence, String str) {
        ASN1Sequence objectAt = aSN1Sequence.getObjectAt(2);
        String timeString = this.b == 4 ? objectAt.getObjectAt(5).getTimeString() : objectAt.getObjectAt(4).toString();
        Long valueOf = Long.valueOf(Long.parseLong(timeString.substring(0, timeString.length() - 1)));
        String timeString2 = this.b == 4 ? objectAt.getObjectAt(6).getTimeString() : objectAt.getObjectAt(5).toString();
        Long valueOf2 = Long.valueOf(Long.parseLong(timeString2.substring(0, timeString2.length() - 1)));
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyMMddHHmmdd");
        if (timeString2.length() == 15) {
            simpleDateFormat = new SimpleDateFormat("yyyyMMddHHmmdd");
        }
        long parseLong = str != null ? Long.parseLong(str.substring(0, str.length() - 1)) : Long.parseLong(simpleDateFormat.format(new Date()));
        if (valueOf.longValue() > parseLong || valueOf2.longValue() < parseLong) {
            throw new KGErrorSm2VerifyException("签章时间不在电子印章的有效期内！");
        }
    }

    private void a(String str) throws IOException {
        if (str.equals("1.2.156.10197.1.501") || str.equals("1.2.156.10197.1.301")) {
            this.a = true;
        } else {
            this.a = false;
        }
    }

    public boolean asn1SealComplete(ASN1Sequence aSN1Sequence) {
        this.b = aSN1Sequence.getObjectAt(0).getObjectAt(0).getObjectAt(1).getValue().intValue();
        if (this.b != 4) {
            if (this.b != 2) {
                return true;
            }
            if (!aSN1Sequence.getObjectAt(1).getObjectAt(1).toString().equals("1.2.156.10197.1.501")) {
                this.f = 9;
                return false;
            }
            ASN1Sequence objectAt = aSN1Sequence.getObjectAt(0);
            if (objectAt.size() != 5) {
                this.f = 5;
                return false;
            }
            if (objectAt.getObjectAt(0).size() != 3) {
                this.f = 6;
                return false;
            }
            if (objectAt.getObjectAt(2).size() != 6) {
                this.f = 7;
                return false;
            }
            if (objectAt.getObjectAt(3).size() == 4) {
                return true;
            }
            this.f = 8;
            return false;
        }
        if (aSN1Sequence.size() != 4) {
            this.f = 4;
            return false;
        }
        if (!aSN1Sequence.getObjectAt(2).toString().equals("1.2.156.10197.1.501")) {
            this.f = 9;
            return false;
        }
        ASN1Sequence objectAt2 = aSN1Sequence.getObjectAt(0);
        int size = objectAt2.size();
        if (size < 4 || size > 5) {
            this.f = 5;
            return false;
        }
        if (objectAt2.getObjectAt(0).size() != 3) {
            this.f = 6;
            return false;
        }
        if (objectAt2.getObjectAt(2).size() != 7) {
            this.f = 7;
            return false;
        }
        if (objectAt2.getObjectAt(3).size() == 4) {
            return true;
        }
        this.f = 8;
        return false;
    }

    public boolean asn1Complete(ASN1Sequence aSN1Sequence) {
        if (!this.c.getHeaderVer().equals(this.c.getVersion())) {
            this.f = 10;
            return false;
        }
        if (this.b != 4) {
            if (this.b != 2) {
                return true;
            }
            if (aSN1Sequence.size() != 2) {
                this.f = 2;
                return false;
            }
            ASN1Sequence objectAt = aSN1Sequence.getObjectAt(0);
            if (objectAt.getObjectAt(6).toString().equals("1.2.156.10197.1.501")) {
                asn1SealComplete((ASN1Sequence) objectAt.getObjectAt(1));
                return true;
            }
            this.f = 1;
            return false;
        }
        if (!aSN1Sequence.getObjectAt(2).toString().equals("1.2.156.10197.1.501")) {
            this.f = 1;
            return false;
        }
        int size = aSN1Sequence.size();
        if (size < 4 || size > 5) {
            this.f = 2;
            return false;
        }
        ASN1Sequence objectAt2 = aSN1Sequence.getObjectAt(0);
        if (objectAt2.size() != 5) {
            this.f = 3;
            return false;
        }
        asn1SealComplete((ASN1Sequence) objectAt2.getObjectAt(1));
        return true;
    }
}
