package cfca.sadk.ofd.base.seal;

import cfca.org.slf4j.Logger;
import cfca.org.slf4j.LoggerFactory;
import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.lib.crypto.bcsoft.BCSoftLib;
import cfca.sadk.ofd.base.asn1.CertDigestObj;
import cfca.sadk.ofd.base.asn1.GM0031SourceData;
import cfca.sadk.ofd.base.asn1.SES_ESPropertyInfo;
import cfca.sadk.ofd.base.asn1.SES_SealInfo;
import cfca.sadk.ofd.base.asn1.SES_SignInfo;
import cfca.sadk.ofd.base.asn1.SESeal;
import cfca.sadk.ofd.base.common.FileHashUtil;
import cfca.sadk.ofd.base.common.MechanismUtil;
import cfca.sadk.ofd.base.common.ParamCheckUtil;
import cfca.sadk.ofd.base.exception.SealException;
import cfca.sadk.ofd.base.ofd.OFDConstants;
import cfca.sadk.ofd.util.SysEnv;
import cfca.sadk.org.bouncycastle.asn1.ASN1Integer;
import cfca.sadk.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import cfca.sadk.org.bouncycastle.asn1.ASN1OctetString;
import cfca.sadk.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cfca.sadk.org.bouncycastle.asn1.x509.Certificate;
import cfca.sadk.util.Signature;
import cfca.sadk.x509.certificate.X509Cert;
import java.math.BigInteger;
import java.util.Arrays;
import java.util.Date;

/* loaded from: input_file:cfca/sadk/ofd/base/seal/SealCheckUtil.class */
public class SealCheckUtil {
    private static Logger businessLog = LoggerFactory.getLogger(SealCheckUtil.class);

    /* loaded from: input_file:cfca/sadk/ofd/base/seal/SealCheckUtil$CertListType.class */
    public class CertListType {
        public static final String certList = "1";
        public static final String certDigestList = "2";

        public CertListType() {
        }
    }

    public static void checkSeal(SESeal sESeal, X509Cert x509Cert, Date date, int i) throws SealException {
        long currentTimeMillis = System.currentTimeMillis();
        businessLog.info("checkSeal start...");
        try {
            try {
                try {
                    if (null == sESeal) {
                        throw new IllegalArgumentException("eSseal is null");
                    }
                    if (null == x509Cert) {
                        throw new IllegalArgumentException("signCert is null");
                    }
                    SES_SealInfo esealInfo = sESeal.getEsealInfo();
                    SES_SignInfo signInfo = sESeal.getSignInfo();
                    SES_ESPropertyInfo property = esealInfo.getProperty();
                    ParamCheckUtil.checkDateValidity(property.getValidStart(), property.getValidEnd(), date, "ESeal ");
                    ASN1OctetString cert = esealInfo.getCert();
                    if (null == cert) {
                        cert = sESeal.getCert();
                        if (null == cert && signInfo != null) {
                            cert = signInfo.getCert();
                        }
                    }
                    ASN1ObjectIdentifier signatureAlgorithm = esealInfo.getSignatureAlgorithm();
                    if (null == signatureAlgorithm) {
                        signatureAlgorithm = sESeal.getSignatureAlgorithm();
                        if (null == signatureAlgorithm && signInfo != null) {
                            signatureAlgorithm = signInfo.getSignatureAlgorithm();
                        }
                    }
                    X509Cert x509Cert2 = new X509Cert(cert.getOctets());
                    ParamCheckUtil.checkCertValidity(date, x509Cert2, i);
                    byte[] bytes = signInfo != null ? signInfo.getSignData().getBytes() : sESeal.getSignature().getBytes();
                    Signature signature = new Signature();
                    String signatureAlgName = Mechanism.getSignatureAlgName(new AlgorithmIdentifier(signatureAlgorithm));
                    if (!signature.p1VerifyMessage(signatureAlgName, esealInfo.getEncoded(), bytes, x509Cert2.getPublicKey(), BCSoftLib.INSTANCE()) && !signature.p1VerifyMessage(signatureAlgName, new GM0031SourceData(esealInfo, signatureAlgorithm, cert).getEncoded(), bytes, x509Cert2.getPublicKey(), BCSoftLib.INSTANCE())) {
                        throw new IllegalArgumentException("SESeal signature is not valid!");
                    }
                    ASN1Integer certListType = property.getCertListType();
                    boolean z = false;
                    if (certListType != null && certListType.getValue().compareTo(new BigInteger("2")) == 0) {
                        CertDigestObj[] certDigestArray = property.getCertList().getCertDigestList().toCertDigestArray();
                        int i2 = 0;
                        while (true) {
                            if (i2 >= certDigestArray.length) {
                                break;
                            }
                            CertDigestObj certDigestObj = CertDigestObj.getInstance(certDigestArray[i2]);
                            if (Arrays.equals(FileHashUtil.calculateHash(x509Cert.getEncoded(), MechanismUtil.getMechanism(certDigestObj.getObjType()), null), certDigestObj.getCertDigestValue().getOctets())) {
                                z = true;
                                break;
                            }
                            i2++;
                        }
                    } else {
                        Certificate[] certificateArray = property.getCertList().getCertInfoList().toCertificateArray();
                        int i3 = 0;
                        while (true) {
                            if (i3 >= certificateArray.length) {
                                break;
                            }
                            if (x509Cert.getSubject().equals(new X509Cert(certificateArray[i3].getEncoded()).getSubject())) {
                                z = true;
                                break;
                            }
                            i3++;
                        }
                    }
                    if (!z) {
                        throw new IllegalArgumentException("signCert is not in the list of signerCertList,signCert DN=" + x509Cert.getSubject());
                    }
                    businessLog.info("checkSeal end...cost=" + (System.currentTimeMillis() - currentTimeMillis) + " ms");
                } catch (Exception e) {
                    businessLog.error("checkSeal failed:", e);
                    throw new SealException("checkSeal failed:", e);
                }
            } catch (SealException e2) {
                businessLog.error("checkSeal failed:", e2);
                throw e2;
            }
        } catch (Throwable th) {
            businessLog.info("checkSeal end...cost=" + (System.currentTimeMillis() - currentTimeMillis) + " ms");
            throw th;
        }
    }

    public static void checkSealVersion(SESeal sESeal, int i) throws SealException {
        BigInteger value = sESeal.getEsealInfo().getHeader().getVersion().getValue();
        int intValue = value.intValue();
        if (intValue == OFDConstants.GBVersion.intValue()) {
            boolean z = i == 4 || (i == -1 && SysEnv.isGBType());
            boolean z2 = i == 3 || (i == -1 && SysEnv.isGBType() && SysEnv.isForTax());
            if (!z && !z2) {
                throw new SealException("seal's hearder version is not right Type! Seal's version=" + intValue);
            }
            return;
        }
        if (intValue == OFDConstants.GMVersion.intValue()) {
            if (!(i == 1 || (i == -1 && SysEnv.isGM0031()))) {
                throw new SealException("seal's hearder version is not GMType! Seal's version=" + intValue);
            }
        } else if (intValue == OFDConstants.ANKEVersion.intValue()) {
            if (!(i == 2 || (i == -1 && SysEnv.isAnKeType()))) {
                throw new SealException("seal's hearder version is not ANKEType! Seal's version=" + value);
            }
        }
    }
}
