package com.kinggrid.pdfviewer.action;

import cn.myapps.runtime.notice.Notification;
import com.KGitextpdf.text.Annotation;
import com.KGitextpdf.text.pdf.PRStream;
import com.KGitextpdf.text.pdf.PdfDictionary;
import com.KGitextpdf.text.pdf.PdfIndirectReference;
import com.KGitextpdf.text.pdf.PdfName;
import com.KGitextpdf.text.pdf.PdfObject;
import com.KGitextpdf.text.pdf.PdfReader;
import com.KGitextpdf.text.pdf.security.PdfPKCS7;
import com.KGitextpdf.text.xml.xmp.XmpWriter;
import com.alibaba.fastjson.JSONObject;
import com.kinggrid.commons.KGDateUtils;
import com.kinggrid.encrypt.KGBase64;
import com.kinggrid.exception.KGErrorSm2VerifyException;
import com.kinggrid.exception.KGServerInterfaceErrorException;
import com.kinggrid.pdf.KGElectronicSealName;
import com.kinggrid.pdf.KGPdfHummer;
import com.kinggrid.pdf.executes.electronicseal.KGDefaultMessageDigest;
import com.kinggrid.pdf.executes.electronicseal.KGMessageDigest;
import com.kinggrid.pdf.executes.entity.SignSealInfo;
import com.kinggrid.pdf.executes.signature.VerifySignatureSM2;
import com.kinggrid.pdf.utils.KGPdfUtils;
import com.kinggrid.pdfviewer.Contants;
import com.kinggrid.pdfviewer.License;
import com.kinggrid.pdfviewer.PVHttpUtil;
import com.kinggrid.pdfviewer.PdfActionInter;
import com.kinggrid.pdfviewer.PdfFileResource;
import com.kinggrid.pdfviewer.PdfFileResourceManager;
import com.kinggrid.pdfviewer.pdf.PdfUtils;
import com.kinggrid.pdfviewer.pdf.electronicseal.ElectronicSealFactory;
import com.kinggrid.pdfviewer.pdf.electronicseal.impl.VerifyDigitalSignatureImpl;
import com.kinggrid.pdfviewer.pdf.electronicseal.impl.VerifyDigitalSignatureSoftVImpl;
import com.kinggrid.pdfviewer.utils.CertUtils;
import com.kinggrid.pdfviewer.utils.StampUtils;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.util.Date;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.dom4j.DocumentException;
import org.kg.bouncycastle.cert.X509CertificateHolder;
import org.kg.bouncycastle.cms.SignerInformation;
import org.kg.bouncycastle.tsp.TimeStampToken;

/* loaded from: input_file:lib/pdfviewer-3.1.0.232.jar:com/kinggrid/pdfviewer/action/VerifySealAction.class */
public class VerifySealAction implements PdfActionInter {
    @Override // com.kinggrid.pdfviewer.PdfActionInter
    public void execute(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, JSONObject jSONObject, PdfFileResource pdfFileResource) throws IOException {
        String string = jSONObject.getString("documentId");
        int intValue = jSONObject.getIntValue(Annotation.PAGE);
        float floatValue = jSONObject.getFloatValue("x");
        float floatValue2 = jSONObject.getFloatValue("y");
        if (pdfFileResource == null) {
            pdfFileResource = PdfFileResourceManager.getPdfFileResource();
        }
        pdfFileResource.init(httpServletRequest, httpServletResponse, str, string);
        KGPdfHummer kGPdfHummer = null;
        JSONObject jSONObject2 = new JSONObject();
        try {
            try {
                String pdfFile = pdfFileResource.getPdfFile();
                InputStream pdfFileStream = pdfFileResource.getPdfFileStream();
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                KGPdfHummer pdfHummerOfdqzqRead = PdfUtils.getPdfHummerOfdqzqRead(pdfFile, pdfFileStream, byteArrayOutputStream, jSONObject.getString("pdfPwd"));
                PdfReader pdfReader = pdfHummerOfdqzqRead.getPdfReader();
                Map<String, Object> pdfDictionaryOfXY = PdfUtils.getPdfDictionaryOfXY(pdfReader, intValue, floatValue, floatValue2);
                if (pdfDictionaryOfXY != null) {
                    PdfDictionary pdfDictionary = (PdfDictionary) pdfDictionaryOfXY.get("annot");
                    PdfName asName = pdfDictionary.getAsName(PdfName.SUBTYPE);
                    PdfName asName2 = pdfDictionary.getAsName(PdfName.FT);
                    JSONObject jSONObject3 = null;
                    if (KGElectronicSealName.SEAL.equals(asName)) {
                        PdfIndirectReference asIndirectObject = pdfDictionary.getAsIndirectObject(PdfName.PARENT);
                        if (asIndirectObject != null) {
                            pdfDictionary = (PdfDictionary) PdfReader.getPdfObject(asIndirectObject);
                        }
                        jSONObject3 = parseSeal(pdfDictionary, pdfReader, pdfFileResource.getDocumentName(), jSONObject);
                    } else if (PdfName.WIDGET.equals(asName) && PdfName.SIG.equals(asName2)) {
                        jSONObject3 = parseSig(pdfDictionary, pdfReader, pdfFileResource.getDocumentName());
                    }
                    jSONObject2.put("status", true);
                    jSONObject2.put("seal", jSONObject3);
                } else {
                    jSONObject2.put("status", false);
                    jSONObject2.put(Notification.MODULE_MESSAGE, "印章已被删除，请刷新页面重新加载文档！");
                }
                PdfUtils.close(pdfFileStream);
                PdfUtils.close(byteArrayOutputStream);
                if (pdfHummerOfdqzqRead != null) {
                    pdfHummerOfdqzqRead.close();
                }
            } catch (Exception e) {
                if (!(e instanceof KGServerInterfaceErrorException)) {
                    throw new RuntimeException(e.getMessage(), e);
                }
                jSONObject2.put("status", false);
                jSONObject2.put(Notification.MODULE_MESSAGE, e.getMessage());
                PdfUtils.close(null);
                PdfUtils.close(null);
                if (0 != 0) {
                    kGPdfHummer.close();
                }
            }
            jSONObject2.put("companyName", License.getCompanyName());
            httpServletResponse.getWriter().write(jSONObject2.toJSONString());
        } catch (Throwable th) {
            PdfUtils.close(null);
            PdfUtils.close(null);
            if (0 != 0) {
                kGPdfHummer.close();
            }
            throw th;
        }
    }

    private JSONObject parseSeal(PdfDictionary pdfDictionary, PdfReader pdfReader, String str, JSONObject jSONObject) throws IOException, GeneralSecurityException {
        KGMessageDigest kGMessageDigest;
        String string = jSONObject.getString("certOrigin");
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("stampType", "0");
        Map<String, String> parseSeal = KGPdfUtils.parseSeal(pdfDictionary);
        jSONObject2.put("appName", parseSeal.get("AppName"));
        jSONObject2.put("keySN", parseSeal.get("KeySerial"));
        String str2 = parseSeal.get("UserName");
        if (str2 == null) {
            str2 = PdfObject.NOTHING;
        }
        jSONObject2.put("userName", str2);
        jSONObject2.put("unitName", parseSeal.get("CompName"));
        jSONObject2.put("signSN", parseSeal.get("SealSerial"));
        jSONObject2.put("signName", parseSeal.get("KeyName"));
        jSONObject2.put("createTime", parseSeal.get("CreateTime"));
        jSONObject2.put("documentName", str);
        String str3 = parseSeal.get("strMd5");
        if (Contants.MESSAGE_DIGEST_CLASS != null) {
            try {
                kGMessageDigest = (KGMessageDigest) Contants.MESSAGE_DIGEST_CLASS.newInstance();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        } else {
            kGMessageDigest = new KGDefaultMessageDigest();
        }
        JSONObject verifyEletronicSeal = PdfUtils.verifyEletronicSeal(pdfReader, pdfDictionary, kGMessageDigest, str3);
        jSONObject2.put("effectiveness", verifyEletronicSeal.getBoolean("effectiveness"));
        PdfIndirectReference asIndirectObject = pdfDictionary.getAsIndirectObject(new PdfName("certContext"));
        PdfIndirectReference asIndirectObject2 = pdfDictionary.getAsIndirectObject(new PdfName("certSignMsg"));
        if (asIndirectObject != null && asIndirectObject2 != null && !"-1".equals(string)) {
            PRStream pRStream = (PRStream) pdfReader.getPdfObject(asIndirectObject.getNumber());
            byte[] streamBytesRaw = PdfReader.getStreamBytesRaw(pRStream);
            if (PdfName.FLATEDECODE.equals(pRStream.get(PdfName.FILTER))) {
                streamBytesRaw = PdfReader.FlateDecode(streamBytesRaw);
            }
            String replaceAll = new String(streamBytesRaw, XmpWriter.UTF16LE).replaceAll("\r\n", PdfObject.NOTHING).replaceAll("\n", PdfObject.NOTHING);
            if (replaceAll.indexOf("-----BEGIN CERTIFICATE-----") != -1) {
                replaceAll = replaceAll.substring("-----BEGIN CERTIFICATE-----".length(), replaceAll.indexOf("-----END CERTIFICATE-----"));
            }
            KGBase64 kGBase64 = new KGBase64();
            byte[] decode = kGBase64.decode(replaceAll);
            JSONObject parseCert = CertUtils.parseCert(decode);
            PRStream pRStream2 = (PRStream) pdfReader.getPdfObject(asIndirectObject2.getNumber());
            byte[] streamBytesRaw2 = PdfReader.getStreamBytesRaw(pRStream2);
            if (PdfName.FLATEDECODE.equals(pRStream2.get(PdfName.FILTER))) {
                streamBytesRaw2 = PdfReader.FlateDecode(streamBytesRaw2);
            }
            String str4 = new String(streamBytesRaw2, XmpWriter.UTF16LE);
            String string2 = verifyEletronicSeal.getString("new_hash");
            if (Contants.SOFTVERIFY) {
                VerifyDigitalSignatureSoftVImpl verifyDigitalSignatureSoftVImpl = new VerifyDigitalSignatureSoftVImpl();
                boolean verify = verifyDigitalSignatureSoftVImpl.verify(decode, str4.getBytes(), string2, pdfDictionary, parseSeal, parseCert);
                Date signDate = verifyDigitalSignatureSoftVImpl.getSignDate();
                parseCert.put("sigEffectiveness", Boolean.valueOf(verify));
                if (signDate != null) {
                    jSONObject2.put("stampID", StampUtils.getStampID(signDate, str4));
                }
            } else if ("0".equals(string)) {
                parseCert.put("sigEffectiveness", Boolean.valueOf(new VerifyDigitalSignatureImpl().verify(decode, kGBase64.decode(str4), string2, pdfDictionary, parseSeal, parseCert)));
            } else if ("1".equals(string)) {
                parseCert.put("newHash", string2);
                parseCert.put("sigData", str4);
                if (pdfDictionary.getAsString(new PdfName("bSignByCalibrary")) != null && !PdfObject.NOTHING.equals(pdfDictionary.getAsString(new PdfName("bSignByCalibrary")).toString())) {
                    parseCert.put("bSignByCalibrary", pdfDictionary.getAsString(new PdfName("bSignByCalibrary")));
                }
            } else if ("2".equals(string)) {
                parseCert.put("sigEffectiveness", Boolean.valueOf(ElectronicSealFactory.getVerifyDigitalSignature().verify(decode, kGBase64.decode(str4), string2, pdfDictionary, parseSeal, parseCert)));
            }
            jSONObject2.put("cert", parseCert);
        }
        return jSONObject2;
    }

    private JSONObject parseSig(PdfDictionary pdfDictionary, PdfReader pdfReader, String str) throws IOException, DocumentException, GeneralSecurityException {
        JSONObject parseCert;
        String dateTime;
        JSONObject jSONObject = null;
        PRStream pRStream = (PRStream) pdfDictionary.getAsStream(new PdfName("KGPROPERTY"));
        if (pRStream != null) {
            jSONObject = PdfUtils.parseKgProperty(pRStream);
            jSONObject.put("documentName", str);
        } else {
            PRStream pRStream2 = (PRStream) pdfDictionary.getAsStream(new PdfName("ISP"));
            if (pRStream2 != null) {
                jSONObject = PdfUtils.parseISP(pRStream2);
                jSONObject.put("documentName", str);
            }
        }
        if (jSONObject == null) {
            jSONObject = new JSONObject();
        }
        jSONObject.put("stampType", "1");
        String unicodeString = pdfDictionary.getAsString(PdfName.T).toUnicodeString();
        PdfDictionary asDict = pdfDictionary.getAsDict(PdfName.V);
        boolean z = true;
        if (asDict.getAsName(PdfName.FILTER).toString().toUpperCase().equals("/GM.PkiLite".toUpperCase())) {
            VerifySignatureSM2 verifySignatureSM2 = new VerifySignatureSM2(asDict, null, pdfReader);
            try {
                verifySignatureSM2.verify();
            } catch (KGErrorSm2VerifyException e) {
                z = false;
            }
            SignSealInfo signSealInfo = verifySignatureSM2.getSignSealInfo();
            Date parseZ2Date = KGDateUtils.parseZ2Date(signSealInfo.getSignDate());
            dateTime = KGDateUtils.dateTime(parseZ2Date);
            String esId = signSealInfo.getEsId();
            parseCert = CertUtils.parseCert(signSealInfo.getCert());
            String string = parseCert.getString("subjectDN");
            if (string.length() == 14 && esId.length() == 14 && string.equals(esId) && Contants.CHECK_SEAL_STATS) {
                Map<String, Object> checkSealStats = new PVHttpUtil().checkSealStats(Contants.URL, new KGBase64().encode(signSealInfo.getSesSignature()));
                if (!"0".equals(checkSealStats.get("code"))) {
                    throw new KGServerInterfaceErrorException("验证印章状态有效性失败：" + checkSealStats.get(Notification.MODULE_MESSAGE));
                }
            }
            jSONObject.put("stampID", StampUtils.getStampID(parseZ2Date, signSealInfo.getSesSignature()));
        } else {
            PdfPKCS7 verifySignature = pdfReader.getAcroFields().verifySignature(unicodeString);
            z = verifySignature.verify();
            parseCert = CertUtils.parseCert(verifySignature.getSigningCertificate().getEncoded());
            dateTime = KGDateUtils.dateTime(verifySignature.getSignDate().getTime());
            TimeStampToken timeStampToken = verifySignature.getTimeStampToken();
            if (timeStampToken != null) {
                JSONObject parseCert2 = CertUtils.parseCert(((X509CertificateHolder) timeStampToken.getCertificates().getMatches(((SignerInformation) timeStampToken.toCMSSignedData().getSignerInfos().getSigners().iterator().next()).getSID()).iterator().next()).getEncoded());
                boolean verifyTimestampImprint = verifySignature.verifyTimestampImprint();
                Date time = verifySignature.getTimeStampDate().getTime();
                boolean verifyTsaTime = verifyTsaTime(time, parseCert2.getString("notBefore"), parseCert2.getString("notAfter"));
                JSONObject jSONObject2 = new JSONObject();
                jSONObject2.put("tsaEffectiveness", Boolean.valueOf(verifyTimestampImprint && verifyTsaTime));
                jSONObject2.put("tsaTime", KGDateUtils.dateTime(time));
                jSONObject2.put("tsaCert", parseCert2);
                jSONObject.put("tsaInfo", jSONObject2);
            }
        }
        parseCert.put("effectiveness", Boolean.valueOf(z));
        if (z) {
            if (pdfReader.getAcroFields().signatureCoversWholeDocument(unicodeString)) {
                parseCert.put("appendContent", false);
            } else {
                parseCert.put("appendContent", true);
            }
        }
        jSONObject.put("cert", parseCert);
        jSONObject.put("signDateTime", dateTime);
        return jSONObject;
    }

    private boolean verifyTsaTime(Date date, String str, String str2) {
        return KGDateUtils.compareDate(date, KGDateUtils.parse2Date(str, "yyyy-MM-dd HH:mm:ss")) >= 0 && KGDateUtils.compareDate(date, KGDateUtils.parse2Date(str2, "yyyy-MM-dd HH:mm:ss")) <= 0;
    }
}
