package com.kinggrid.pdfviewer.pdf.electronicseal.impl;

import cn.myapps.runtime.notice.Notification;
import com.KGitextpdf.text.pdf.PdfDictionary;
import com.KGitextpdf.text.pdf.PdfName;
import com.KGitextpdf.text.pdf.PdfString;
import com.KGitextpdf.text.pdf.security.PdfPKCS7;
import com.KGitextpdf.text.xml.xmp.XmpWriter;
import com.alibaba.fastjson.JSONObject;
import com.kgofd.encrypt.SM2;
import com.kinggrid.commons.KGDateUtils;
import com.kinggrid.encrypt.KGBase64;
import com.kinggrid.encrypt.KGSignature;
import com.kinggrid.exception.KGServerInterfaceErrorException;
import com.kinggrid.pdf.executes.customize.DisposeSigndataToClient;
import com.kinggrid.pdf.executes.entity.SignSealInfo;
import com.kinggrid.pdf.utils.AnalyticalSealUtil;
import com.kinggrid.pdfviewer.Contants;
import com.kinggrid.pdfviewer.PVHttpUtil;
import com.kinggrid.pdfviewer.pdf.electronicseal.VerifyDigitalSignature;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.Map;
import org.kg.bouncycastle.asn1.ASN1Integer;
import org.kg.bouncycastle.asn1.ASN1Primitive;
import org.kg.bouncycastle.asn1.ASN1Sequence;
import org.kg.bouncycastle.asn1.DERSequence;
import org.kg.bouncycastle.asn1.x509.TBSCertificateStructure;
import org.kg.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:lib/pdfviewer-3.1.0.232.jar:com/kinggrid/pdfviewer/pdf/electronicseal/impl/VerifyDigitalSignatureSoftVImpl.class */
public class VerifyDigitalSignatureSoftVImpl implements VerifyDigitalSignature {
    private Date date;

    @Override // com.kinggrid.pdfviewer.pdf.electronicseal.VerifyDigitalSignature
    public boolean verify(byte[] bArr, byte[] bArr2, String str, PdfDictionary pdfDictionary, Map<String, String> map, JSONObject jSONObject) {
        boolean sm2Verify;
        try {
            KGBase64 kGBase64 = new KGBase64();
            String str2 = new String(bArr2);
            PdfString asString = pdfDictionary.getAsString(new PdfName("ESType"));
            if (kGBase64.decode(str2)[0] == 48 && pdfDictionary.getAsString(new PdfName("ESType")) == null) {
                PdfPKCS7 pdfPKCS7 = new PdfPKCS7(kGBase64.decode(str2), new PdfName("KG"), BouncyCastleProvider.PROVIDER_NAME);
                sm2Verify = KGSignature.verify((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr)), pdfPKCS7.getDigest(), str.getBytes(), pdfPKCS7.getDigestAlgorithm());
            } else if (asString != null) {
                if (new PdfString("GB").equals(asString) && Contants.CHECK_SEAL_STATS) {
                    Map<String, Object> checkSealStats = new PVHttpUtil().checkSealStats(Contants.URL, str2);
                    if (!"0".equals(checkSealStats.get("code"))) {
                        throw new KGServerInterfaceErrorException("验证印章状态有效性失败：" + checkSealStats.get(Notification.MODULE_MESSAGE));
                    }
                }
                SignSealInfo sealinfo = AnalyticalSealUtil.sealinfo(DERSequence.getInstance(kGBase64.decode(str2)));
                byte[] signData = sealinfo.getSignData();
                if (signData.length != 64) {
                    signData = sigDataAns1To64bit(signData);
                }
                sm2Verify = sm2Verify(sealinfo.getTosignData(), sealinfo.getCert(), signData);
                this.date = KGDateUtils.parseGMT2Date(sealinfo.getSignDate());
                if (sm2Verify) {
                    MessageDigest messageDigest = MessageDigest.getInstance("SM3", BouncyCastleProvider.PROVIDER_NAME);
                    messageDigest.update(str.getBytes());
                    if (!Arrays.equals(sealinfo.getHash(), messageDigest.digest())) {
                        sm2Verify = false;
                    }
                }
            } else {
                byte[] dismantleSigndata = DisposeSigndataToClient.dismantleSigndata(str2.getBytes());
                if (dismantleSigndata.length != 64) {
                    dismantleSigndata = sigDataAns1To64bit(dismantleSigndata);
                }
                sm2Verify = sm2Verify(str.getBytes(XmpWriter.UTF8), bArr, dismantleSigndata);
            }
            return sm2Verify;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.kinggrid.pdfviewer.pdf.electronicseal.VerifyDigitalSignature
    public String esType(PdfDictionary pdfDictionary, Map<String, String> map) {
        return null;
    }

    public Date getSignDate() {
        return this.date;
    }

    private boolean sm2Verify(byte[] bArr, byte[] bArr2, byte[] bArr3) throws IOException {
        return new SM2(true).Verify(bArr, bArr3, getPubkey(getTbsCert(bArr2)));
    }

    public static byte[] getPubkey(TBSCertificateStructure tBSCertificateStructure) {
        byte[] bArr = new byte[64];
        System.arraycopy(tBSCertificateStructure.getSubjectPublicKeyInfo().getPublicKeyData().getBytes(), 1, bArr, 0, 64);
        return bArr;
    }

    public static TBSCertificateStructure getTbsCert(byte[] bArr) throws IOException {
        return TBSCertificateStructure.getInstance(((ASN1Sequence) ASN1Primitive.fromByteArray(bArr)).getObjectAt(0));
    }

    private static byte[] sigDataAns1To64bit(byte[] bArr) throws IOException {
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(bArr);
        ASN1Integer aSN1Integer = (ASN1Integer) aSN1Sequence.getObjectAt(0);
        ASN1Integer aSN1Integer2 = (ASN1Integer) aSN1Sequence.getObjectAt(1);
        byte[] byteArray = aSN1Integer.getValue().toByteArray();
        byte[] byteArray2 = aSN1Integer2.getValue().toByteArray();
        byte[] bArr2 = new byte[64];
        if (byteArray.length < 32) {
            System.arraycopy(byteArray, 0, bArr2, 32 - byteArray.length, byteArray.length);
        } else {
            System.arraycopy(byteArray, byteArray.length == 32 ? 0 : byteArray.length - 32, bArr2, 0, 32);
        }
        if (byteArray2.length < 32) {
            System.arraycopy(byteArray2, 0, bArr2, 32 - byteArray2.length, byteArray2.length);
        } else {
            System.arraycopy(byteArray2, byteArray2.length == 32 ? 0 : byteArray2.length - 32, bArr2, 32, 32);
        }
        return bArr2;
    }
}
