package com.kinggrid.pdf.executes.signature.sm2;

import com.KGitextpdf.text.DocumentException;
import com.KGitextpdf.text.pdf.PdfDate;
import com.KGitextpdf.text.pdf.PdfDictionary;
import com.KGitextpdf.text.pdf.PdfName;
import com.KGitextpdf.text.pdf.PdfSignature;
import com.KGitextpdf.text.pdf.PdfSignatureAppearance;
import com.KGitextpdf.text.pdf.PdfString;
import com.KGitextpdf.text.pdf.security.CrlClient;
import com.KGitextpdf.text.pdf.security.ExternalDigest;
import com.KGitextpdf.text.pdf.security.ExternalSignature;
import com.KGitextpdf.text.pdf.security.MakeSignature;
import com.KGitextpdf.text.pdf.security.OcspClient;
import com.KGitextpdf.text.pdf.security.TSAClient;
import com.KGitextpdf.text.xml.xmp.XmpWriter;
import com.kinggrid.commons.KGDateUtils;
import com.kinggrid.encrypt.KGBase64;
import com.kinggrid.kgcore.gm.SealGM;
import com.kinggrid.kgcore.gm.SealUtil;
import com.kinggrid.pdf.DigitalSignatureByKeySM2;
import com.kinggrid.pdf.signinter.DigitalSignatureByGB;
import com.kinggrid.pdf.signinter.DigitalSignatureSM2;
import com.kinggrid.pdf.utils.VerifyCertUtils;
import com.kinggrid.pdf.utils.VerifySealUtil;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import org.kg.bouncycastle.asn1.DERSequence;

/* loaded from: input_file:lib/iSignature_PDF_API_V6.0.0.680.jar:com/kinggrid/pdf/executes/signature/sm2/MakeSM2Signature.class */
public class MakeSM2Signature {
    public static void signDetached(PdfSignatureAppearance pdfSignatureAppearance, ExternalDigest externalDigest, ExternalSignature externalSignature, byte[] bArr, Certificate[] certificateArr, Collection<CrlClient> collection, OcspClient ocspClient, TSAClient tSAClient, int i, MakeSignature.CryptoStandard cryptoStandard) throws IOException, DocumentException, GeneralSecurityException {
        byte[] encoded;
        SealGM verifyBeforeSign = new MakeSM2Signature().verifyBeforeSign(certificateArr, bArr);
        if (i == 0) {
            i = bArr.length + 8192;
        }
        PdfSignature pdfSignature = new PdfSignature(new PdfName("GM.PkiLite"), new PdfName("GM.sm2seal"));
        pdfSignature.setReason(pdfSignatureAppearance.getReason());
        pdfSignature.setLocation(pdfSignatureAppearance.getLocation());
        pdfSignature.setSignatureCreator(pdfSignatureAppearance.getSignatureCreator());
        pdfSignature.setContact(pdfSignatureAppearance.getContact());
        pdfSignature.setDate(new PdfDate(pdfSignatureAppearance.getSignDate()));
        pdfSignatureAppearance.setCryptoDictionary(pdfSignature);
        HashMap<PdfName, Integer> hashMap = new HashMap<>();
        hashMap.put(PdfName.CONTENTS, new Integer((i * 2) + 2));
        pdfSignatureAppearance.preClose(hashMap);
        byte[] digest = KGDigest.digest(pdfSignatureAppearance.getRangeStream(), externalSignature.getHashAlgorithm());
        byte[] bArr2 = new byte[i];
        Date time = Calendar.getInstance().getTime();
        int version = verifyBeforeSign.getVersion();
        if (externalSignature instanceof DigitalSignatureByKeySM2) {
            DigitalSignatureByKeySM2 digitalSignatureByKeySM2 = (DigitalSignatureByKeySM2) externalSignature;
            digitalSignatureByKeySM2.sign((version == 4 ? SesSignature.getToSignData(bArr, String.valueOf(KGDateUtils.format2GMTTime(time, "yyyyMMddHHmmss")) + "Z", digest, "hash") : GMSesSignature.getGMToSignData(bArr, String.valueOf(KGDateUtils.format2GMTTime(time, KGDateUtils.YYMMDDHHMMSS)) + "Z", digest, "hash", certificateArr[0].getEncoded())).getEncoded());
            digitalSignatureByKeySM2.setSealVersion(version);
            digitalSignatureByKeySM2.setContentsPostion(pdfSignatureAppearance.getContentsPostion());
        } else {
            if (version == 4) {
                String str = String.valueOf(KGDateUtils.format2GMTTime(time, "yyyyMMddHHmmss")) + "Z";
                if (externalSignature instanceof DigitalSignatureByGB) {
                    DigitalSignatureByGB digitalSignatureByGB = (DigitalSignatureByGB) externalSignature;
                    digitalSignatureByGB.setDoSm3("0");
                    byte[] sign = digitalSignatureByGB.sign(digest);
                    VerifyCertUtils.verifySignCert(verifyBeforeSign, digitalSignatureByGB.getCertificate());
                    encoded = new KGBase64().decode(new String(sign, XmpWriter.UTF8));
                } else {
                    DERSequence toSignData = SesSignature.getToSignData(bArr, str, digest, "hash");
                    encoded = SesSignature.getSesSignature(toSignData, certificateArr[0].getEncoded(), externalSignature.sign(toSignData.getEncoded()), null).getEncoded();
                }
            } else {
                DERSequence gMToSignData = GMSesSignature.getGMToSignData(bArr, String.valueOf(KGDateUtils.format2GMTTime(time, KGDateUtils.YYMMDDHHMMSS)) + "Z", digest, "hash", certificateArr[0].getEncoded());
                encoded = GMSesSignature.getGMSesSignature(gMToSignData, externalSignature.sign(gMToSignData.getEncoded())).getEncoded();
            }
            if (i < encoded.length) {
                throw new IOException("Not enough space");
            }
            System.arraycopy(encoded, 0, bArr2, 0, encoded.length);
            if (externalSignature instanceof DigitalSignatureSM2) {
                ((DigitalSignatureSM2) externalSignature).setSesSignature(encoded);
            }
            if (externalSignature instanceof DigitalSignatureByGB) {
                ((DigitalSignatureByGB) externalSignature).setSesSignature(encoded);
            }
        }
        PdfDictionary pdfDictionary = new PdfDictionary();
        pdfDictionary.put(PdfName.CONTENTS, new PdfString(bArr2).setHexWriting(true));
        pdfSignatureAppearance.close(pdfDictionary);
    }

    private SealGM verifyBeforeSign(Certificate[] certificateArr, byte[] bArr) throws IOException, CertificateEncodingException {
        SealGM sealInfo = SealUtil.getSealInfo(bArr);
        VerifySealUtil verifySealUtil = new VerifySealUtil();
        verifySealUtil.asn1SealComplete(DERSequence.getInstance(bArr));
        verifySealUtil.verifySeal(bArr);
        if (certificateArr != null) {
            VerifyCertUtils.verifySignCert(sealInfo, certificateArr);
        }
        return sealInfo;
    }
}
