package cfca.sadk.ofd.util;

import cfca.org.slf4j.Logger;
import cfca.org.slf4j.LoggerFactory;
import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.ofd.base.asn1.SES_Signature;
import cfca.sadk.ofd.base.asn1.SESeal;
import cfca.sadk.ofd.base.asn1.TBS_Sign;
import cfca.sadk.ofd.base.common.Dom4jUtil;
import cfca.sadk.ofd.base.common.FileHashUtil;
import cfca.sadk.ofd.base.common.MechanismUtil;
import cfca.sadk.ofd.base.common.ZipUtil;
import cfca.sadk.ofd.base.config.VersionInfo;
import cfca.sadk.ofd.base.exception.SealException;
import cfca.sadk.ofd.base.ofd.OFDConstants;
import cfca.sadk.ofd.base.seal.OFDSignatureUtil;
import cfca.sadk.ofd.base.seal.SealCheckUtil;
import cfca.sadk.ofd.base.seal.SealVerifyResult;
import cfca.sadk.ofd.base.seal.SealXMLUtil;
import cfca.sadk.ofd.base.seal.VerifyInfo;
import cfca.sadk.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cfca.sadk.util.Base64;
import cfca.sadk.x509.certificate.X509Cert;
import com.google.gson.Gson;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.dom4j.Element;

/* loaded from: input_file:cfca/sadk/ofd/util/VerifyUtil.class */
public class VerifyUtil {
    private static Logger businessLog = LoggerFactory.getLogger(VerifyUtil.class);

    /* loaded from: input_file:cfca/sadk/ofd/util/VerifyUtil$VerifyFailType.class */
    public interface VerifyFailType {
        public static final int NoSignatureFound = 1;
        public static final int VerifySignatureFail = 2;
        public static final int VerifyCertChainFail = 3;
        public static final int VerifyCRLFail = 4;
        public static final int VerifyKeyUsageFail = 5;
        public static final int VerifyHashFail = 6;
        public static final int VerifyOriginHashFail = 7;
        public static final int FileNotProtected = 8;
        public static final int SignTimeAfterTSATime = 9;
        public static final int OFDProcessError = -1;
    }

    /* loaded from: input_file:cfca/sadk/ofd/util/VerifyUtil$VerifyLevel.class */
    public interface VerifyLevel {
        public static final int verifySignature = 1;
        public static final int verifyCertChain = 2;
        public static final int verifyCRL = 4;
        public static final int verifyKeyUsage = 8;
    }

    public static SealVerifyResult verify(InputStream inputStream, int i) throws SealException {
        long currentTimeMillis = System.currentTimeMillis();
        businessLog.info("verify start...");
        SealVerifyResult sealVerifyResult = new SealVerifyResult();
        HashMap<String, VerifyInfo> verifyInfos = sealVerifyResult.getVerifyInfos();
        if (null == inputStream) {
            throw new IllegalArgumentException("ofdInputStream is null!");
        }
        HashMap hashMap = new HashMap();
        try {
            try {
                Map<String, byte[]> uncompress = ZipUtil.uncompress(inputStream);
                String baseDir = SealXMLUtil.getBaseDir(uncompress);
                if (null == uncompress.get(baseDir + OFDConstants.signaturesFileName)) {
                    boolean z = true;
                    Iterator<String> it = uncompress.keySet().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        if (it.next().endsWith(OFDConstants.signaturesFileName)) {
                            z = false;
                            break;
                        }
                    }
                    if (z) {
                        sealVerifyResult.setFailReason("no signature found!");
                        sealVerifyResult.setFailType(1);
                        checkResult(sealVerifyResult);
                        hashMap.clear();
                        businessLog.info("verify end...cost= " + (System.currentTimeMillis() - currentTimeMillis) + " ms");
                        return sealVerifyResult;
                    }
                }
                boolean z2 = true;
                for (String str : uncompress.keySet()) {
                    if (str.startsWith(baseDir + OFDConstants.defaultSignDir) && str.endsWith(OFDConstants.signatureFileName)) {
                        z2 = false;
                        Element rootElement = Dom4jUtil.parseFile(new ByteArrayInputStream(uncompress.get(str))).getRootElement();
                        Element element = rootElement.element(OFDConstants.SignedInfo);
                        HashMap hashMap2 = new HashMap();
                        VerifyInfo verifyInfo = new VerifyInfo();
                        String text = rootElement.element(OFDConstants.SignedValue).getText();
                        if (!text.contains("/")) {
                            text = str.replace(OFDConstants.signatureFileName, text);
                        } else if (text.startsWith("/")) {
                            text = text.substring(1);
                        }
                        byte[] bArr = uncompress.get(text);
                        SES_Signature sES_Signature = SES_Signature.getInstance(bArr);
                        TBS_Sign toSign = sES_Signature.getToSign();
                        X509Cert x509Cert = new X509Cert(sES_Signature.getCert().getOctets());
                        SESeal eseal = toSign.getEseal();
                        String signatureAlgName = Mechanism.getSignatureAlgName(new AlgorithmIdentifier(sES_Signature.getSignatureAlgorithm()));
                        String string = toSign.getPropertyInfo().getString();
                        int lastIndexOf = string.lastIndexOf("}");
                        String str2 = lastIndexOf != -1 ? (String) ((HashMap) new Gson().fromJson(string.substring(0, lastIndexOf + 1), HashMap.class)).get(OFDConstants.Entry) : string.toString();
                        if (str2.startsWith("/")) {
                            str2 = str2.substring(1);
                        }
                        SealVerifyResult verify = OFDSignatureUtil.verify(uncompress.get(str2), bArr, i);
                        if (!verify.getVerifyResult()) {
                            hashMap.clear();
                            businessLog.info("verify end...cost= " + (System.currentTimeMillis() - currentTimeMillis) + " ms");
                            return verify;
                        }
                        SealCheckUtil.checkSeal(eseal, x509Cert, verify.getSignTime(), i);
                        Element element2 = element.element(OFDConstants.References);
                        Mechanism mechanism = MechanismUtil.getMechanism(element2.attributeValue(OFDConstants.CheckMethod));
                        List elements = element2.elements(OFDConstants.Reference);
                        for (int i2 = 0; i2 < elements.size(); i2++) {
                            Element element3 = (Element) elements.get(i2);
                            String attributeValue = element3.attributeValue(OFDConstants.FileRef);
                            String stringValue = element3.element(OFDConstants.CheckValue).getStringValue();
                            String substring = attributeValue.startsWith("/") ? attributeValue.substring(1) : attributeValue;
                            if (null == hashMap.get(substring)) {
                                byte[] bArr2 = uncompress.get(substring);
                                if (null == bArr2) {
                                    businessLog.error("fileData is null,filename is:" + substring);
                                    throw new SealException("fileData is null,filename is:" + substring);
                                }
                                String str3 = bArr2.length == 0 ? OFDConstants.emptyDataHash : new String(Base64.encode(FileHashUtil.calculateHash(bArr2, mechanism, null)), "UTF-8");
                                if (!stringValue.equals(str3)) {
                                    sealVerifyResult.setFailReason("file=" + substring + " is changed!");
                                    sealVerifyResult.setFailType(7);
                                    checkResult(sealVerifyResult);
                                    hashMap.clear();
                                    businessLog.info("verify end...cost= " + (System.currentTimeMillis() - currentTimeMillis) + " ms");
                                    return sealVerifyResult;
                                }
                                hashMap.put(substring, str3);
                            }
                            hashMap2.put(substring, null);
                        }
                        verifyInfo.setSeal(eseal);
                        verifyInfo.setSignTime(verify.getSignTime());
                        verifyInfo.setX509Cert(x509Cert);
                        verifyInfo.setSignatureName(str);
                        verifyInfo.setSignAlg(signatureAlgName);
                        verifyInfos.put(str, verifyInfo);
                    }
                }
                if (z2) {
                    sealVerifyResult.setFailReason("process failed,please check the file!");
                    sealVerifyResult.setFailType(-1);
                } else {
                    sealVerifyResult.setVerifyResult(true);
                }
                hashMap.clear();
                businessLog.info("verify end...cost= " + (System.currentTimeMillis() - currentTimeMillis) + " ms");
                return sealVerifyResult;
            } catch (SealException e) {
                businessLog.error("verify failed:", e);
                sealVerifyResult.setFailReason(e.getMessage());
                if (e.getMessage().contains("keyUsage not contain digitalSignature")) {
                    sealVerifyResult.setFailType(5);
                } else if (e.getMessage().contains("x509Cert is not trusted")) {
                    sealVerifyResult.setFailType(3);
                } else if (e.getMessage().contains("x509Cert is revoked")) {
                    sealVerifyResult.setFailType(4);
                } else {
                    sealVerifyResult.setFailType(-1);
                }
                if (SysEnv.isVerifyFailedThrowException()) {
                    throw e;
                }
                hashMap.clear();
                businessLog.info("verify end...cost= " + (System.currentTimeMillis() - currentTimeMillis) + " ms");
                return sealVerifyResult;
            } catch (Exception e2) {
                businessLog.error("verify failed:", e2);
                sealVerifyResult.setFailReason(e2.getMessage());
                sealVerifyResult.setFailType(-1);
                if (SysEnv.isVerifyFailedThrowException()) {
                    throw new SealException("verify failed:", e2);
                }
                hashMap.clear();
                businessLog.info("verify end...cost= " + (System.currentTimeMillis() - currentTimeMillis) + " ms");
                return sealVerifyResult;
            }
        } catch (Throwable th) {
            hashMap.clear();
            businessLog.info("verify end...cost= " + (System.currentTimeMillis() - currentTimeMillis) + " ms");
            throw th;
        }
    }

    public static SealVerifyResult verify(byte[] bArr, int i) throws SealException {
        if (null == bArr) {
            throw new IllegalArgumentException("ofdDatas is null!");
        }
        return verify(new ByteArrayInputStream(bArr), i);
    }

    private static void checkResult(SealVerifyResult sealVerifyResult) throws SealException {
        if (!sealVerifyResult.getVerifyResult() && SysEnv.isVerifyFailedThrowException()) {
            throw new SealException(sealVerifyResult.getFailReason());
        }
    }

    static {
        VersionInfo.environments();
    }
}
