package cfca.sadk.ofd.util;

import cfca.org.slf4j.Logger;
import cfca.org.slf4j.LoggerFactory;
import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.algorithm.common.PKCSObjectIdentifiers;
import cfca.sadk.lib.crypto.Session;
import cfca.sadk.ofd.base.asn1.CertDigestList;
import cfca.sadk.ofd.base.asn1.CertDigestObj;
import cfca.sadk.ofd.base.asn1.CertInfoList;
import cfca.sadk.ofd.base.asn1.ExtensionDatas;
import cfca.sadk.ofd.base.asn1.GM0031SourceData;
import cfca.sadk.ofd.base.asn1.SES_CertList;
import cfca.sadk.ofd.base.asn1.SES_ESPictureInfo;
import cfca.sadk.ofd.base.asn1.SES_ESPropertyInfo;
import cfca.sadk.ofd.base.asn1.SES_Header;
import cfca.sadk.ofd.base.asn1.SES_SealInfo;
import cfca.sadk.ofd.base.asn1.SES_SignInfo;
import cfca.sadk.ofd.base.asn1.SESeal;
import cfca.sadk.ofd.base.common.CertVerifyUtil;
import cfca.sadk.ofd.base.common.FileHashUtil;
import cfca.sadk.ofd.base.common.ImageUtil;
import cfca.sadk.ofd.base.common.ParamCheckUtil;
import cfca.sadk.ofd.base.common.StringUtil;
import cfca.sadk.ofd.base.config.VersionInfo;
import cfca.sadk.ofd.base.exception.SealException;
import cfca.sadk.ofd.base.ofd.OFDConstants;
import cfca.sadk.ofd.base.seal.SealInfo;
import cfca.sadk.org.bouncycastle.asn1.ASN1EncodableVector;
import cfca.sadk.org.bouncycastle.asn1.ASN1Integer;
import cfca.sadk.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import cfca.sadk.org.bouncycastle.asn1.ASN1OctetString;
import cfca.sadk.org.bouncycastle.asn1.ASN1Sequence;
import cfca.sadk.org.bouncycastle.asn1.DERBitString;
import cfca.sadk.org.bouncycastle.asn1.DERIA5String;
import cfca.sadk.org.bouncycastle.asn1.DERNull;
import cfca.sadk.org.bouncycastle.asn1.DEROctetString;
import cfca.sadk.org.bouncycastle.asn1.DERPrintableString;
import cfca.sadk.org.bouncycastle.asn1.DERSequence;
import cfca.sadk.org.bouncycastle.asn1.DERUTF8String;
import cfca.sadk.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cfca.sadk.system.Mechanisms;
import cfca.sadk.util.Signature;
import cfca.sadk.x509.certificate.X509Cert;
import java.security.PrivateKey;
import java.util.Arrays;
import java.util.Date;

/* loaded from: input_file:cfca/sadk/ofd/util/MakeSealUtil.class */
public class MakeSealUtil {
    private static Logger businessLog = LoggerFactory.getLogger(MakeSealUtil.class);

    public static byte[] makeSeal(SealInfo sealInfo, Session session) throws SealException {
        SES_CertList sES_CertList;
        long currentTimeMillis = System.currentTimeMillis();
        businessLog.info("makeSeal start...");
        try {
            try {
                if (null == sealInfo) {
                    throw new IllegalArgumentException("sealInfo is null!");
                }
                X509Cert sealSignerCert = sealInfo.getSealSignerCert();
                if (null == sealSignerCert) {
                    sealSignerCert = SysEnv.getSealMakerSignCert();
                }
                ParamCheckUtil.checkCertValidity(sealSignerCert, -1);
                String esID = sealInfo.getEsID();
                if (StringUtil.isEmpty(esID)) {
                    throw new IllegalArgumentException("esID is null!");
                }
                int sealType = sealInfo.getSealType();
                if (sealType <= 0) {
                    throw new IllegalArgumentException("sealType = " + sealType + " is wrong!");
                }
                String sealName = sealInfo.getSealName();
                if (StringUtil.isEmpty(sealName)) {
                    throw new IllegalArgumentException("sealName is null!");
                }
                Date validStart = sealInfo.getValidStart();
                if (null == validStart) {
                    throw new IllegalArgumentException("validStart is null!");
                }
                Date validEnd = sealInfo.getValidEnd();
                if (null == validEnd) {
                    throw new IllegalArgumentException("validEnd is null!");
                }
                if (validEnd.before(validStart)) {
                    throw new IllegalArgumentException("validEnd is before validStart!");
                }
                X509Cert[] certList = sealInfo.getCertList();
                if (null == certList || certList.length == 0) {
                    throw new IllegalArgumentException("certList is null!");
                }
                for (X509Cert x509Cert : certList) {
                    if (x509Cert != null) {
                        if (x509Cert.getSubject().endsWith(sealSignerCert.getSubject())) {
                            throw new IllegalArgumentException("SignCert can not be equals to SealSignerCert!");
                        }
                        boolean[] certKeyUsage = CertVerifyUtil.getCertKeyUsage(x509Cert);
                        if (null == certKeyUsage || !certKeyUsage[0]) {
                            throw new IllegalArgumentException("signCert's keyUsage not contain digitalSignature! " + Arrays.toString(certKeyUsage));
                        }
                        ParamCheckUtil.checkCertValidity(x509Cert, -1);
                        if (x509Cert.getNotAfter().before(validEnd)) {
                            validEnd = x509Cert.getNotAfter();
                        }
                    }
                }
                Mechanism signAlg = sealInfo.getSignAlg();
                if (null == signAlg) {
                    throw new IllegalArgumentException("signAlg is null!");
                }
                String pictureType = sealInfo.getPictureType();
                if (StringUtil.isEmpty(pictureType)) {
                    throw new IllegalArgumentException("pictureType is null!");
                }
                byte[] pictureData = sealInfo.getPictureData();
                if (null == pictureData) {
                    throw new IllegalArgumentException("pictureData is null!");
                }
                int[] imageSize = ImageUtil.getImageSize(pictureData, 0);
                int i = imageSize[0];
                if (i <= 0) {
                    throw new IllegalArgumentException("pictureWidth = " + i + " is wrong!");
                }
                int i2 = imageSize[1];
                if (i2 <= 0) {
                    throw new IllegalArgumentException("pictureHeight = " + i2 + " is wrong!");
                }
                SES_Header sES_Header = new SES_Header();
                DERIA5String dERIA5String = new DERIA5String(esID);
                ASN1Integer aSN1Integer = new ASN1Integer(sealType);
                DERUTF8String dERUTF8String = new DERUTF8String(sealName);
                ASN1Integer aSN1Integer2 = new ASN1Integer(1L);
                ASN1OctetString dEROctetString = new DEROctetString(sealSignerCert.getEncoded());
                ASN1ObjectIdentifier objectIdentifier = Mechanism.getObjectIdentifier(signAlg.getMechanismType());
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                int specification = sealInfo.getSpecification();
                if (!sealInfo.isCertList() && !SysEnv.isCertListForSeal()) {
                    aSN1Integer2 = new ASN1Integer(2L);
                    for (int i3 = 0; i3 < certList.length; i3++) {
                        if (certList[i3] != null) {
                            aSN1EncodableVector.add(new CertDigestObj(signAlg.equals(Mechanisms.M_SM3_SM2) ? new DERPrintableString(new AlgorithmIdentifier(PKCSObjectIdentifiers.sm3, DERNull.INSTANCE).getAlgorithm().getId()) : new DERPrintableString(Mechanisms.getDigestAlgIdentifier(signAlg).getAlgorithm().getId()), new DEROctetString(FileHashUtil.calculateHash(certList[i3].getEncoded(), signAlg, null))).toASN1Primitive());
                        }
                    }
                    sES_CertList = new SES_CertList(CertDigestList.getInstance(new DERSequence(aSN1EncodableVector)));
                } else if (specification == 3 || specification == 2 || ((specification == -1 && SysEnv.isForTax()) || (specification == -1 && SysEnv.isAnKeType()))) {
                    ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                    aSN1EncodableVector2.add(new DEROctetString(certList[0].getEncoded()));
                    sES_CertList = new SES_CertList(CertInfoList.getInstance(new DERSequence(aSN1EncodableVector2)));
                    if (specification == 2 || (specification == -1 && SysEnv.isAnKeType())) {
                        aSN1Integer2 = null;
                        sES_Header.setVersion(new ASN1Integer(OFDConstants.ANKEVersion));
                    } else if (specification == 1 || (specification == -1 && SysEnv.isGM0031())) {
                        aSN1Integer2 = null;
                        sES_Header.setVersion(new ASN1Integer(OFDConstants.GMVersion));
                    }
                } else {
                    for (int i4 = 0; i4 < certList.length; i4++) {
                        if (SysEnv.isCertOctet()) {
                            aSN1EncodableVector.add(new DEROctetString(certList[i4].getEncoded()));
                        } else {
                            aSN1EncodableVector.add(ASN1Sequence.getInstance(certList[i4].getEncoded()));
                        }
                    }
                    sES_CertList = new SES_CertList(CertInfoList.getInstance(new DERSequence(aSN1EncodableVector)));
                    if (specification == 4 || (specification == -1 && SysEnv.isGBType())) {
                        sES_Header.setVersion(new ASN1Integer(OFDConstants.GBVersion));
                    } else {
                        aSN1Integer2 = null;
                        sES_Header.setVersion(new ASN1Integer(OFDConstants.GMVersion));
                    }
                }
                SES_ESPropertyInfo sES_ESPropertyInfo = new SES_ESPropertyInfo(aSN1Integer, dERUTF8String, aSN1Integer2, sES_CertList, new Date(), validStart, validEnd);
                SES_ESPictureInfo sES_ESPictureInfo = new SES_ESPictureInfo(new DERIA5String(pictureType), new DEROctetString(pictureData), new ASN1Integer(i), new ASN1Integer(i2));
                ExtensionDatas extensionDatas = null;
                if (specification == 2 || (specification == -1 && SysEnv.isAnKeType())) {
                    extensionDatas = new ExtensionDatas(new DERSequence());
                }
                PrivateKey sealSignerPrivateKey = sealInfo.getSealSignerPrivateKey();
                if (null == sealSignerPrivateKey) {
                    sealSignerPrivateKey = SysEnv.getSealMakerPrivKey();
                }
                if (null == sealSignerPrivateKey) {
                    throw new IllegalArgumentException("sealSignerPrivateKey is null!");
                }
                Signature signature = new Signature(false);
                String mechanismType = signAlg.getMechanismType();
                SES_SealInfo sES_SealInfo = new SES_SealInfo(sES_Header, dERIA5String, sES_ESPropertyInfo, sES_ESPictureInfo, extensionDatas, null, null);
                byte[] encoded = sES_SealInfo.getEncoded();
                boolean z = specification == 4 || specification == 3 || (specification == -1 && (SysEnv.isGBType() || SysEnv.isForTax()));
                if (!z) {
                    encoded = new GM0031SourceData(sES_SealInfo, objectIdentifier, dEROctetString).getEncoded();
                }
                byte[] p1SignMessage = signature.p1SignMessage(mechanismType, encoded, sealSignerPrivateKey, session);
                DERBitString dERBitString = new DERBitString(p1SignMessage);
                if (!signature.p1VerifyMessage(mechanismType, encoded, p1SignMessage, sealSignerCert.getPublicKey(), session)) {
                    throw new Exception("publicKey and privateKey is Unmatched!");
                }
                SESeal sESeal = new SESeal(sES_SealInfo, new SES_SignInfo(dEROctetString, objectIdentifier, dERBitString));
                if (z) {
                    sESeal.setSignInfo(null);
                    sESeal.setCert(dEROctetString);
                    sESeal.setSignature(dERBitString);
                    sESeal.setSignatureAlgorithm(objectIdentifier);
                }
                byte[] encoded2 = sESeal.getEncoded();
                businessLog.info("makeSeal end...cost=" + (System.currentTimeMillis() - currentTimeMillis) + " ms");
                return encoded2;
            } catch (SealException e) {
                businessLog.error("makeSeal failed", e);
                throw e;
            } catch (Exception e2) {
                businessLog.error("makeSeal failed", e2);
                throw new SealException("makeSeal failed", e2);
            }
        } catch (Throwable th) {
            businessLog.info("makeSeal end...cost=" + (System.currentTimeMillis() - currentTimeMillis) + " ms");
            throw th;
        }
    }

    static {
        VersionInfo.environments();
    }
}
