package kd.imc.aws.ofd.util.ofd;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.text.ParseException;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.imc.aws.ofd.config.exception.VerifyException;
import kd.imc.aws.ofd.util.Base64Util;
import kd.imc.aws.ofd.util.CompressHelper;
import kd.imc.aws.ofd.util.HexUtil;
import kd.imc.aws.ofd.util.OfdErrorType;
import kd.imc.aws.ofd.util.SM3Util;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1StreamParser;
import org.bouncycastle.asn1.DEROctetString;
import org.dom4j.Element;

/* loaded from: input_file:kd/imc/aws/ofd/util/ofd/OfdSignUtil.class */
public class OfdSignUtil {
    private static Log LOGGER = LogFactory.getLog(OfdSignUtil.class);

    public static Map<String, Object> verifySignAndGetCerInfo(byte[] bArr, boolean z, boolean z2) {
        try {
            Map<String, byte[]> decompress = CompressHelper.decompress(bArr);
            String textByPath = OfdReadUtil.getTextByPath(decompress.get("OFD.xml"), "DocBody/Signatures");
            Element elementByByte = OfdReadUtil.getElementByByte(decompress.get(textByPath));
            String dirPath = OfdReadUtil.getDirPath(getSignaturePath(elementByByte.elementText("MaxSignId"), elementByByte), textByPath);
            byte[] bArr2 = decompress.get(dirPath);
            Element elementByByte2 = OfdReadUtil.getElementByByte(bArr2);
            Element element = elementByByte2.element("SignedInfo").element("References");
            checkHashValue(element, element.attributeValue("CheckMethod"), decompress);
            return checkSignValue(decompress.get(OfdReadUtil.getDirPath(elementByByte2.elementText("SignedValue"), dirPath)), SM3Util.doDigestToBase64Str(bArr2), z, z2);
        } catch (Exception e) {
            throw new VerifyException(OfdErrorType.CHECK_SIGN_ERROR.getErrcode(), "验签失败:" + e.getMessage());
        }
    }

    public static boolean verifySign(byte[] bArr, boolean z) {
        verifySignAndGetCerInfo(bArr, false, z);
        return true;
    }

    private static String getSignaturePath(String str, Element element) {
        String str2 = null;
        if (str != null && !"".equals(str.trim())) {
            Iterator it = element.elements("Signature").iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Element element2 = (Element) it.next();
                if (str.equals(element2.attributeValue("ID"))) {
                    str2 = element2.attributeValue("BaseLoc");
                    break;
                }
            }
        }
        if (str2 == null && element != null) {
            str2 = element.element("Signature").attributeValue("BaseLoc");
        }
        if (str2 != null && str2.startsWith("/")) {
            str2 = str2.substring(1);
        }
        return str2;
    }

    private static void checkHashValue(Element element, String str, Map<String, byte[]> map) {
        for (Element element2 : element.elements("Reference")) {
            String attributeValue = element2.attributeValue("FileRef");
            String elementText = element2.elementText("CheckValue");
            if (attributeValue.startsWith("/")) {
                attributeValue = attributeValue.substring(1);
            }
            String doDigestToBase64Str = ("1.2.156.10197.1.401".equals(str) || "sm3".equalsIgnoreCase(str)) ? SM3Util.doDigestToBase64Str(map.get(attributeValue)) : null;
            if (doDigestToBase64Str != null && !doDigestToBase64Str.equals(elementText)) {
                LOGGER.error(OfdErrorType.HASH_NOT_CORRECT.toString());
                throw new VerifyException(OfdErrorType.HASH_NOT_CORRECT);
            }
        }
    }

    private static Map<String, Object> checkSignValue(byte[] bArr, String str, boolean z, boolean z2) {
        try {
            ASN1Sequence aSN1Primitive = new ASN1StreamParser(new ByteArrayInputStream(bArr)).readObject().toASN1Primitive();
            if (aSN1Primitive.getObjectAt(0) instanceof ASN1ObjectIdentifier) {
                return checkStandardSignValue(aSN1Primitive, str, z, z2);
            }
            ASN1Sequence objectAt = aSN1Primitive.getObjectAt(0);
            Map<String, Object> map = null;
            try {
                DEROctetString objectAt2 = aSN1Primitive.getObjectAt(1);
                map = checkCertIsTrue((objectAt2 instanceof DEROctetString ? objectAt2 : objectAt.getObjectAt(5)).getOctets(), z, z2);
            } catch (Exception e) {
                LOGGER.error("获取签章证书出现异常", e);
            }
            if (Base64Util.base64encoder(objectAt.getObjectAt(3).getBytes()).equals(str)) {
                return map;
            }
            LOGGER.error(OfdErrorType.HASH_NOT_CORRECT.getDescription());
            throw new VerifyException(OfdErrorType.HASH_NOT_CORRECT);
        } catch (VerifyException e2) {
            throw e2;
        } catch (Exception e3) {
            e3.printStackTrace();
            LOGGER.error(OfdErrorType.CHECK_SIGN_ERROR.toString(), e3);
            throw new VerifyException(OfdErrorType.CHECK_SIGN_ERROR);
        }
    }

    private static Map<String, Object> checkStandardSignValue(ASN1Sequence aSN1Sequence, String str, boolean z, boolean z2) {
        if (Base64Util.base64encoder(aSN1Sequence.getObjectAt(1).getObject().getObjectAt(4).getObjectAt(0).getObjectAt(3).getObject().getObjectAt(2).getObjectAt(1).getObjectAt(0).getOctets()).equals(str)) {
            return new HashMap();
        }
        LOGGER.error(OfdErrorType.HASH_NOT_CORRECT.toString());
        throw new VerifyException(OfdErrorType.HASH_NOT_CORRECT);
    }

    private static byte[] getCertByte(byte[] bArr) throws IOException {
        return new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject().getObjectAt(0).getObjectAt(6).getEncoded();
    }

    private static Map<String, Object> getCertInfo(byte[] bArr, boolean z) throws IOException, ParseException {
        ASN1Sequence objectAt = new ASN1StreamParser(new ByteArrayInputStream(bArr)).readObject().toASN1Primitive().getObjectAt(0);
        if (objectAt.size() < 7) {
            return null;
        }
        ASN1Sequence object = objectAt.getObjectAt(7).getObject();
        String str = null;
        if (object != null) {
            ASN1Sequence objectAt2 = object.size() == 13 ? (ASN1Sequence) object.getObjectAt(2) : object.getObjectAt(4);
            if (objectAt2 == null || !"2.5.29.35".equals(objectAt2.getObjectAt(0))) {
                int i = 0;
                while (true) {
                    if (i >= object.size()) {
                        break;
                    }
                    if ("2.5.29.35".equals(object.getObjectAt(i).getObjectAt(0).toString())) {
                        objectAt2 = (ASN1Sequence) object.getObjectAt(i);
                        break;
                    }
                    i++;
                }
            }
            if (objectAt2 != null) {
                str = HexUtil.encodeHexStr(objectAt2.getObjectAt(1).getOctets()).substring(8);
            }
        }
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        hashMap2.put("FINGER_PRINT", str);
        if (z) {
            ASN1Sequence objectAt3 = objectAt.getObjectAt(3);
            String certInfoStrBySeq = getCertInfoStrBySeq(objectAt3, 0);
            String certInfoStrBySeq2 = getCertInfoStrBySeq(objectAt3, 1);
            String certInfoStrBySeq3 = getCertInfoStrBySeq(objectAt3, 2);
            hashMap2.put("C", certInfoStrBySeq);
            hashMap2.put("OU", certInfoStrBySeq2);
            hashMap2.put("CN", certInfoStrBySeq3);
            ASN1Sequence objectAt4 = objectAt.getObjectAt(4);
            Date date = objectAt4.getObjectAt(0).getDate();
            Date date2 = objectAt4.getObjectAt(1).getDate();
            hashMap2.put("START_TIME", String.valueOf(date.getTime()));
            hashMap2.put("END_TIME", String.valueOf(date2.getTime()));
            ASN1Sequence objectAt5 = objectAt.getObjectAt(5);
            String certInfoStrBySeq4 = getCertInfoStrBySeq(objectAt5, 0);
            String certInfoStrBySeq5 = getCertInfoStrBySeq(objectAt5, 1);
            String certInfoStrBySeq6 = getCertInfoStrBySeq(objectAt5, 2);
            HashMap hashMap3 = new HashMap();
            hashMap3.put("C", certInfoStrBySeq4);
            hashMap3.put("OU", certInfoStrBySeq5);
            hashMap3.put("CN", certInfoStrBySeq6);
            hashMap3.put("FINGER_PRINT", HexUtil.encodeHexStr(object.getObjectAt(3).getObjectAt(1).getOctets()).substring(4));
            hashMap.put("userInfo", hashMap3);
        }
        hashMap.put("issuedInfo", hashMap2);
        return hashMap;
    }

    private static Map<String, Object> checkCertIsTrue(byte[] bArr, boolean z, boolean z2) {
        try {
            Map<String, Object> certInfo = getCertInfo(bArr, z);
            if (z2) {
                String str = (String) ((Map) certInfo.get("issuedInfo")).get("FINGER_PRINT");
                if (!"b8b09a6007ea05b7b0b7e7cb42763129971576b3".equals(str) && !OfdConstants.CZJ_CERT_ID.equals(str)) {
                    LOGGER.error(OfdErrorType.SIGN_CERT_NOT_CORRECT.toString());
                    throw new VerifyException(OfdErrorType.SIGN_CERT_NOT_CORRECT);
                }
            }
            return certInfo;
        } catch (IOException | ParseException e) {
            LOGGER.error(OfdErrorType.SIGN_READ_CERT_ERROR.toString());
            throw new VerifyException(OfdErrorType.SIGN_READ_CERT_ERROR);
        }
    }

    private static String getCertInfoStrBySeq(ASN1Sequence aSN1Sequence, int i) {
        String str = null;
        if (aSN1Sequence != null && aSN1Sequence.size() > i) {
            str = aSN1Sequence.getObjectAt(i).getObjectAt(0).getObjectAt(1).toString();
        }
        return str;
    }
}
