package com.xforceplus.taxware.architecture.g1.ofd;

import com.xforceplus.taxware.architecture.g1.endecode.model.ZipFile;
import com.xforceplus.taxware.architecture.g1.ofd.model.basicType.e;
import com.xforceplus.taxware.architecture.g1.ofd.model.ses.v4.g;
import com.xforceplus.taxware.architecture.g1.ofd.model.ses.v4.h;
import com.xforceplus.taxware.architecture.g1.ofd.model.signatures.c;
import java.io.ByteArrayInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.security.Provider;
import java.security.Security;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Base64;
import java.util.Iterator;
import java.util.function.Function;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.jcajce.provider.digest.SM3;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.dom4j.DocumentException;
import org.dom4j.Element;
import org.dom4j.io.SAXReader;

/* compiled from: OFDVerifyUtil.java */
/* loaded from: input_file:com/xforceplus/taxware/architecture/g1/ofd/b.class */
public class b {
    public static void a(InputStream inputStream, String str, com.xforceplus.taxware.architecture.g1.ofd.config.a aVar) throws Exception {
        if ((null == str || "".equals(str)) && aVar.a()) {
            throw new com.xforceplus.taxware.architecture.g1.ofd.exception.b("CA证书Base64信息不能为空");
        }
        a(inputStream, new ByteArrayInputStream(Base64.getDecoder().decode(str)), aVar);
    }

    public static void a(InputStream inputStream, InputStream inputStream2, com.xforceplus.taxware.architecture.g1.ofd.config.a aVar) throws Exception {
        if (null == inputStream || (null == inputStream2 && aVar.a())) {
            throw new com.xforceplus.taxware.architecture.g1.ofd.exception.b("文件流不能为空");
        }
        ZipFile zipFile = new ZipFile(inputStream);
        e g = ((com.xforceplus.taxware.architecture.g1.ofd.model.basicStructure.ofd.b) a("OFD.xml", zipFile, com.xforceplus.taxware.architecture.g1.ofd.model.basicStructure.ofd.b::new)).f().g();
        if (g == null) {
            throw new com.xforceplus.taxware.architecture.g1.ofd.exception.b("文件不存在签名信息");
        }
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
            X509Certificate x509Certificate = null;
            if (aVar.a()) {
                x509Certificate = (X509Certificate) certificateFactory.generateCertificate(inputStream2);
            }
            Iterator<com.xforceplus.taxware.architecture.g1.ofd.model.signatures.b> it = ((c) a(g.a(), zipFile, c::new)).e().iterator();
            while (it.hasNext()) {
                com.xforceplus.taxware.architecture.g1.ofd.model.signatures.sig.b bVar = (com.xforceplus.taxware.architecture.g1.ofd.model.signatures.sig.b) a(it.next().f().a(), zipFile, com.xforceplus.taxware.architecture.g1.ofd.model.signatures.sig.b::new);
                a(bVar.d().g(), zipFile);
                a(g.a((Object) zipFile.getBytes(a(bVar.e().a()))), zipFile, x509Certificate, aVar);
            }
        } catch (FileNotFoundException | DocumentException e) {
            throw new Exception("错误OFD结构和文件格式", e);
        }
    }

    private static void a(g gVar, ZipFile zipFile, X509Certificate x509Certificate, com.xforceplus.taxware.architecture.g1.ofd.config.a aVar) throws Exception {
        X509Certificate x509Certificate2 = (X509Certificate) new org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory().engineGenerateCertificate(gVar.b().getOctetStream());
        if (!a(gVar.c().toString(), x509Certificate2, gVar.a().getEncoded("DER"), gVar.d().getBytes())) {
            throw new com.xforceplus.taxware.architecture.g1.ofd.exception.b("签章数据验签失败");
        }
        com.xforceplus.taxware.architecture.g1.ofd.model.ses.v4.e c = gVar.a().b().a().c();
        boolean z = false;
        if (c.c().getValue().intValue() == 1) {
            Iterator<ASN1OctetString> it = c.d().b().iterator();
            while (it.hasNext()) {
                if (Arrays.equals(gVar.b().getOctets(), it.next().getOctets())) {
                    z = true;
                }
            }
        } else if (c.c().getValue().intValue() == 2) {
            byte[] digest = new SM3.Digest().digest(gVar.b().getOctets());
            Iterator<ASN1OctetString> it2 = c.d().b().iterator();
            while (it2.hasNext()) {
                if (Arrays.equals(digest, it2.next().getOctets())) {
                    z = true;
                }
            }
        }
        if (!z) {
            throw new com.xforceplus.taxware.architecture.g1.ofd.exception.b("签章者证书不在电子印章证书列表");
        }
        a(gVar, x509Certificate, aVar);
        com.xforceplus.taxware.architecture.g1.ofd.model.e b = a.b(x509Certificate2, x509Certificate, aVar);
        long time = gVar.a().c().getDate().getTime();
        if (b != null && time > b.a().getTime()) {
            throw new com.xforceplus.taxware.architecture.g1.ofd.exception.b("签章者证书在签章时间处于失效状态,失效原因:" + b.b());
        }
        long time2 = x509Certificate2.getNotBefore().getTime();
        long time3 = x509Certificate2.getNotAfter().getTime();
        if (time < time2 || time > time3) {
            throw new com.xforceplus.taxware.architecture.g1.ofd.exception.b("签章时间不在证书有效期");
        }
        if (!Arrays.equals(new SM3.Digest().digest(zipFile.getBytes(a(gVar.a().e().getString()))), gVar.a().d().getBytes())) {
            throw new com.xforceplus.taxware.architecture.g1.ofd.exception.b("签章数据属性信息验签失败");
        }
        if (gVar.e() == null) {
        }
    }

    private static void a(g gVar, X509Certificate x509Certificate, com.xforceplus.taxware.architecture.g1.ofd.config.a aVar) throws Exception {
        h b = gVar.a().b();
        if (!"ES".equals(b.a().a().a().getString())) {
            throw new com.xforceplus.taxware.architecture.g1.ofd.exception.b("电子印章数据标识无效");
        }
        if (4 != b.a().a().b().getValue().intValue()) {
            System.out.println("\n********************** 电子印章数据版本号不是4,验签逻辑可能不兼容 *************************\n");
        }
        X509Certificate x509Certificate2 = (X509Certificate) new org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory().engineGenerateCertificate(b.b().getOctetStream());
        if (!a(b.c().toString(), x509Certificate2, b.a().getEncoded("DER"), b.d().getBytes())) {
            throw new com.xforceplus.taxware.architecture.g1.ofd.exception.b("电子印章签名验签失败");
        }
        com.xforceplus.taxware.architecture.g1.ofd.model.e b2 = a.b(x509Certificate2, x509Certificate, aVar);
        long time = gVar.a().c().getDate().getTime();
        if (b2 != null && time > b2.a().getTime()) {
            throw new com.xforceplus.taxware.architecture.g1.ofd.exception.b("制章者证书在签章时间处于失效状态,失效原因:" + b2.b());
        }
        if (time > x509Certificate2.getNotAfter().getTime()) {
            throw new com.xforceplus.taxware.architecture.g1.ofd.exception.b("制章者证书在签章时间已过期");
        }
        long time2 = b.a().c().f().getDate().getTime();
        long time3 = b.a().c().g().getDate().getTime();
        long time4 = b.a().c().e().getDate().getTime();
        if (time4 < time2 || time4 > time3) {
            throw new com.xforceplus.taxware.architecture.g1.ofd.exception.b("电子印章制章时间不在电子印章有效期");
        }
        long currentTimeMillis = System.currentTimeMillis();
        if (currentTimeMillis < time2 || currentTimeMillis > time3) {
            throw new com.xforceplus.taxware.architecture.g1.ofd.exception.b("电子印章不在有效期");
        }
    }

    private static boolean a(String str, Certificate certificate, byte[] bArr, byte[] bArr2) throws Exception {
        if (!GMObjectIdentifiers.sm2sign_with_sm3.toString().equals(str)) {
            throw new com.xforceplus.taxware.architecture.g1.ofd.exception.b("签名算法标识不匹配");
        }
        Signature signature = Signature.getInstance("SM3WithSM2", (Provider) new BouncyCastleProvider());
        signature.initVerify(certificate);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    private static void a(com.xforceplus.taxware.architecture.g1.ofd.model.signatures.range.c cVar, ZipFile zipFile) throws Exception {
        for (com.xforceplus.taxware.architecture.g1.ofd.model.signatures.range.b bVar : cVar.e()) {
            String a = bVar.d().a();
            if (!Arrays.equals(new SM3.Digest().digest(zipFile.getBytes(a(a))), bVar.e())) {
                throw new com.xforceplus.taxware.architecture.g1.ofd.exception.b("文件内容被篡改,节点:" + a);
            }
        }
    }

    private static <R> R a(String str, ZipFile zipFile, Function<Element, R> function) throws Exception {
        return function.apply(new SAXReader().read(zipFile.getInputStream(a(str))).getRootElement());
    }

    private static String a(String str) {
        return str.startsWith("/") ? str.substring(1) : str;
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
