package z1.pdf.verify;

import com.itextpdf.text.pdf.AcroFields;
import com.itextpdf.text.pdf.PdfDictionary;
import com.itextpdf.text.pdf.PdfName;
import com.itextpdf.text.pdf.PdfReader;
import com.itextpdf.text.pdf.PdfString;
import com.itextpdf.text.pdf.parser.PdfTextExtractor;
import com.itextpdf.text.pdf.security.PdfPKCS7;
import com.xforceplus.taxware.architecture.g1.endecode.model.ZipFile;
import com.xforceplus.taxware.architecture.g1.ofd.OFDVerifyUtil;
import com.xforceplus.taxware.architecture.g1.ofd.config.OfdVerifyConfig;
import com.xforceplus.taxware.architecture.g1.ofd.exception.OfdVerifyTerminateException;
import com.xforceplus.taxware.architecture.g1.ofd.model.ses.v4.SES_Signature;
import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.Security;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import z1.pdf.verify.constant.ErrorMsg;
import z1.pdf.verify.exception.PdfVerifyTerminateException;

/* loaded from: input_file:z1/pdf/verify/PdfVerifyUtils.class */
public class PdfVerifyUtils {
    public static void verify(byte[] bArr) throws Exception {
        verify(bArr, true);
    }

    public static void verify(byte[] bArr, boolean z) throws Exception {
        if (bArr == null) {
            throw new PdfVerifyTerminateException(ErrorMsg.BLANK_PARAM);
        }
        if (bArr[0] != 37 || bArr[1] != 80 || bArr[2] != 68) {
            throw new PdfVerifyTerminateException(ErrorMsg.ERROR_FILE_FORMAT);
        }
        PdfReader pdfReader = new PdfReader(bArr);
        AcroFields acroFields = pdfReader.getAcroFields();
        ArrayList<String> signatureNames = acroFields.getSignatureNames();
        if (signatureNames == null || signatureNames.isEmpty()) {
            throw new PdfVerifyTerminateException(ErrorMsg.SIGNATURE_MISSING);
        }
        if (z) {
            if ("".equals(PdfTextExtractor.getTextFromPage(pdfReader, 1).toString())) {
                throw new PdfVerifyTerminateException(ErrorMsg.TEXT_MISSING);
            }
            int totalRevisions = acroFields.getTotalRevisions();
            if (totalRevisions != signatureNames.size()) {
                throw new PdfVerifyTerminateException(ErrorMsg.FILE_TAMPERED);
            }
            for (String str : signatureNames) {
                if (totalRevisions == acroFields.getRevision(str) && !acroFields.signatureCoversWholeDocument(str)) {
                    throw new PdfVerifyTerminateException(ErrorMsg.FILE_TAMPERED);
                }
                PdfDictionary signatureDictionary = acroFields.getSignatureDictionary(str);
                if (signatureDictionary.getAsName(PdfName.SUBFILTER).toString().equals("/GM.sm2seal")) {
                    ofdSm2SignedPdfVerify(signatureDictionary);
                    return;
                }
                commonPdfVerify(acroFields, totalRevisions, str);
            }
        }
    }

    private static void ofdSm2SignedPdfVerify(PdfDictionary pdfDictionary) throws Exception {
        PdfString asString = pdfDictionary.getAsString(PdfName.CONTENTS);
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode("MIIDfDCCAyCgAwIBAgIGAwAAAAAtMAwGCCqBHM9VAYN1BQAwVTELMAkGA1UEBhMCQ04xGzAZBgNVBAsMEuWbveWutueojuWKoeaAu+WxgDEpMCcGA1UEAwwg56iO5Yqh55S15a2Q6K+B5Lmm5LiA57qn5qC5KFNNMikwHhcNMTQwMTAxMDAwMDAwWhcNMzQwMTAxMDAwMDAwWjBYMQswCQYDVQQGEwJDTjEbMBkGA1UECwwS5Zu95a6256iO5Yqh5oC75bGAMSwwKgYDVQQDDCPnqI7liqHnlLXlrZDor4HkuabnrqHnkIbkuK3lv4MoU00yKTBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABEfs2VQb4RNnX2J7WV+K58GyI+NxejPTSZgvPoiTst7vojR1WiUdcEkoxxBm5QucyAlXga5BrDrBeaCZMk2yEWWjggHVMIIB0TARBglghkgBhvhCAQEEBAMCAQYwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHwYDVR0jBBgwFoAUDAQKwUHmQA8RNxHQ6h+TBsOgIrUwHQYDVR0OBBYEFLiwmmAH6gW3sLfny0J2MSmXFXazMBMGCSsGAQQBgjcUAgQGHgQAQwBBMEQGCSqGSIb3DQEJDwQ3MDUwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG9w0DBzB+BgNVHR8EdzB1MHOgcaBvhm1sZGFwOi8vdGF4aWEuY2hpbmF0YXguZ292LmNuOjIzODkvY249Y2FjcmwwMyxvdT1jYWNybCxvdT1jcmwsYz1jbj9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0LCo/YmFzZT9jbj1jYWNybDAzMBoGCisGAQQBqUNkBQYEDAwKQzAwMDAwMDAwMTAaBgorBgEEAalDZAUJBAwMCkMwMDAwMDAwMDEwEQYKKwYBBAGpQ2QCAQQDDAEzMBIGCisGAQQBqUNkAgQEBAwCQ0EwHgYIYIZIAYb4QwkEEgwQMDAwMDAwMDAwMDAwMDAwODAMBggqgRzPVQGDdQUAA0gAMEUCIQCyMS9//FiZaob3P6vw27uSrNmavTWf7mZX6nz++RgQPgIgacgFB0dACbLWFPQ7RGKpgDbppghngcKgxZ2LSxMPJjw=")));
        OfdVerifyConfig ofdVerifyConfig = new OfdVerifyConfig();
        ofdVerifyConfig.setVerifyRootCa(true);
        try {
            byte[] originalBytes = asString.getOriginalBytes();
            int length = originalBytes.length - 1;
            while (length < originalBytes.length && originalBytes[length] == 0) {
                length--;
            }
            OFDVerifyUtil.verifySESealSignature(SES_Signature.getInstance(Arrays.copyOf(originalBytes, length + 1)), (ZipFile) null, x509Certificate, ofdVerifyConfig);
        } catch (OfdVerifyTerminateException e) {
            throw new PdfVerifyTerminateException(e.code, e.getMessage());
        }
    }

    private static void commonPdfVerify(AcroFields acroFields, int i, String str) throws PdfVerifyTerminateException, GeneralSecurityException {
        byte[] bArr = null;
        try {
            PdfPKCS7 verifySignature = acroFields.verifySignature(str);
            if (verifySignature.getSignDate().getTime().getTime() < verifySignature.getSigningCertificate().getNotBefore().getTime()) {
                throw new PdfVerifyTerminateException(ErrorMsg.SIGNDATE_EARLY);
            }
            if (verifySignature.getSignDate().getTime().getTime() > verifySignature.getSigningCertificate().getNotAfter().getTime()) {
                throw new PdfVerifyTerminateException(ErrorMsg.SIGNDATE_LATE);
            }
            try {
                if (!verifySignature.verify()) {
                    throw new PdfVerifyTerminateException(ErrorMsg.INVALID_SIGNATURE);
                }
                if (i > 1) {
                    if (0 == 0) {
                        verifySignature.getSigningCertificate().getEncoded();
                    } else {
                        byte[] encoded = verifySignature.getSigningCertificate().getEncoded();
                        if (encoded.length != bArr.length) {
                            throw new PdfVerifyTerminateException(ErrorMsg.CERT_DIFFERENCES);
                        }
                        for (int i2 = 0; i2 < bArr.length; i2++) {
                            if (bArr[i2] != encoded[i2]) {
                                throw new PdfVerifyTerminateException(ErrorMsg.CERT_DIFFERENCES);
                            }
                        }
                    }
                }
                try {
                    verifySignature.getSigningCertificate().checkValidity();
                } catch (CertificateExpiredException e) {
                    System.out.println("证书过期." + verifySignature.getSigningCertificate().getSubjectDN().toString());
                } catch (CertificateNotYetValidException e2) {
                    System.out.println("证书未到起始有效期." + verifySignature.getSigningCertificate().getSubjectDN().toString());
                }
                if ((verifySignature.getTimeStampToken() != null) && !verifySignature.verifyTimestampImprint()) {
                    throw new PdfVerifyTerminateException(ErrorMsg.INVALID_TIMESTAMP_CERT);
                }
            } catch (Exception e3) {
                throw new PdfVerifyTerminateException(ErrorMsg.INVALID_SIGNATURE);
            }
        } catch (Exception e4) {
            throw new PdfVerifyTerminateException(ErrorMsg.CERT_MISSING);
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
