package net.netca.pki.crypto.android.interfaces.impl;

import android.net.Uri;
import android.text.TextUtils;
import com.alibaba.fastjson.JSON;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.Iterator;
import net.netca.pki.Base64;
import net.netca.pki.Certificate;
import net.netca.pki.Hash;
import net.netca.pki.PkiException;
import net.netca.pki.crypto.android.bean.SignDataBean;
import net.netca.pki.crypto.android.bean.SignedDataBean;
import net.netca.pki.crypto.android.bean.SignedDataRespBean;
import net.netca.pki.crypto.android.http.OkHttpManager;
import net.netca.pki.crypto.android.interfaces.QrcodeSignInterface;
import net.netca.pki.encoding.Hex;

/* loaded from: classes3.dex */
public class QrcodeSignImpl implements QrcodeSignInterface {
    String mApperrurl;
    String mGetdataauth;
    String mGetdataurl;
    SignDataBean mSignData;
    SignedDataBean mSignedData;
    SignedDataRespBean mSignedDataResp;
    String mUrl;
    boolean mIsNeedAuthCode = false;
    String[] mSignformat = {"PKCS1", "PKCS7detached", "PKCS7attached"};
    String[] mSignalgs = {"sha1withrsa", "sha256withrsa", "sm3withsm2"};
    OkHttpManager mHttpManager = new OkHttpManager();

    private int getSignAlgo(Certificate certificate, CertImpl certImpl) throws PkiException {
        boolean isSm2 = certImpl.isSm2(certificate);
        int i = -1;
        if (isSm2) {
            Iterator<String> it = this.mSignData.getSignalgs().iterator();
            while (it.hasNext()) {
                if (it.next().toLowerCase().equals(this.mSignalgs[2])) {
                    i = 25;
                }
            }
        } else {
            Iterator<String> it2 = this.mSignData.getSignalgs().iterator();
            while (it2.hasNext()) {
                if (it2.next().toLowerCase().equals(this.mSignalgs[1])) {
                    i = 4;
                }
            }
        }
        return i;
    }

    private byte[] pkcs1Sign(Certificate certificate, String str, SignatureImpl signatureImpl, int i, byte[] bArr) throws PkiException {
        signatureImpl.init(i, certificate, str);
        signatureImpl.signUpdate(bArr, 0, bArr.length);
        return signatureImpl.sign();
    }

    private byte[] pkcs7Sign(Certificate certificate, String str, boolean z, SignedDataSignImpl signedDataSignImpl, int i, byte[] bArr) throws PkiException {
        signedDataSignImpl.setSignAlgorithm(0, i);
        signedDataSignImpl.setDetached(z);
        signedDataSignImpl.setSignCertificate(certificate);
        signedDataSignImpl.setIncludeCertOption(2);
        return signedDataSignImpl.sign(str, bArr, 0, bArr.length);
    }

    @Override // net.netca.pki.crypto.android.interfaces.QrcodeSignInterface
    public void init(String str) throws PkiException {
        if (TextUtils.isEmpty(str)) {
            throw new PkiException("url is empty");
        }
        if (!str.startsWith("NetcaSignedForm://")) {
            throw new PkiException("url is not start with NetcaSignedForm://");
        }
        try {
            parseUri(Uri.parse(str));
            this.mUrl = str;
            this.mSignedData = null;
            this.mSignData = null;
        } catch (Exception e) {
            e.printStackTrace();
            throw new PkiException(e.getMessage());
        }
    }

    @Override // net.netca.pki.crypto.android.interfaces.QrcodeSignInterface
    public boolean isNeedAuthCode() throws PkiException {
        if (TextUtils.isEmpty(this.mUrl)) {
            throw new PkiException("call init first");
        }
        return this.mIsNeedAuthCode;
    }

    public void parseUri(Uri uri) throws UnsupportedEncodingException, PkiException {
        if (uri != null) {
            if (!TextUtils.isEmpty(uri.getQueryParameter("getdataurl"))) {
                this.mGetdataurl = URLDecoder.decode(uri.getQueryParameter("getdataurl"), "utf8");
            }
            if (!TextUtils.isEmpty(uri.getQueryParameter("apperrurl"))) {
                this.mApperrurl = URLDecoder.decode(uri.getQueryParameter("apperrurl"), "utf8");
            }
            if (!TextUtils.isEmpty(uri.getQueryParameter("getdataauth"))) {
                this.mGetdataauth = uri.getQueryParameter("getdataauth");
            }
            if (TextUtils.isEmpty(this.mGetdataurl)) {
                throw new PkiException("getdataurl is empty");
            }
            if (TextUtils.isEmpty(this.mGetdataauth)) {
                throw new PkiException("getdataauth is empty");
            }
            if ("1".equals(this.mGetdataauth)) {
                this.mIsNeedAuthCode = true;
            }
        }
    }

    @Override // net.netca.pki.crypto.android.interfaces.QrcodeSignInterface
    public String requestSignContent(String str) throws PkiException {
        if (TextUtils.isEmpty(this.mUrl)) {
            throw new PkiException("call init first");
        }
        String str2 = this.mGetdataurl;
        if (this.mIsNeedAuthCode) {
            if (TextUtils.isEmpty(str)) {
                throw new PkiException("need authCode but authCode is empty");
            }
            str2 = !this.mGetdataurl.contains("?") ? String.format("%s?getdataauthcode=%s", this.mGetdataurl, str) : String.format("%s&getdataauthcode=%s", this.mGetdataurl, str);
        }
        try {
            this.mSignData = (SignDataBean) JSON.parseObject(this.mHttpManager.get(str2).h().f(), SignDataBean.class);
            if (this.mSignData == null) {
                throw new PkiException("数据请求异常");
            }
            if (this.mSignData.getErrcode() == 0) {
                return new String(Hex.decode(this.mSignData.getContent()), this.mSignData.getContentcharset());
            }
            throw new PkiException(this.mSignData.getErrinfo());
        } catch (IOException e) {
            throw new PkiException(e.getMessage());
        }
    }

    public int sendSignedContent() throws PkiException {
        if (this.mSignedData == null) {
            throw new PkiException("call signContent first");
        }
        try {
            this.mSignedDataResp = (SignedDataRespBean) JSON.parseObject(this.mHttpManager.postJson(this.mSignData.getSignsubmiturl(), JSON.toJSONString(this.mSignedData)).h().f(), SignedDataRespBean.class);
            if (this.mSignedDataResp == null) {
                throw new PkiException("请求数据异常");
            }
            if (this.mSignedDataResp.getErrcode() == 0) {
                return this.mSignedDataResp.getErrcode();
            }
            throw new PkiException(this.mSignedDataResp.getErrinfo());
        } catch (IOException e) {
            e.printStackTrace();
            throw new PkiException(e.getMessage());
        }
    }

    @Override // net.netca.pki.crypto.android.interfaces.QrcodeSignInterface
    public int signContent(Certificate certificate, String str) throws PkiException {
        byte[] pkcs7Sign;
        SignedDataSignImpl signedDataSignImpl = new SignedDataSignImpl();
        SignatureImpl signatureImpl = new SignatureImpl();
        CertImpl certImpl = new CertImpl();
        if (this.mSignData == null || this.mSignData.getErrcode() != 0) {
            throw new PkiException("call requestSignContent first");
        }
        int signAlgo = getSignAlgo(certificate, certImpl);
        if (signAlgo == -1) {
            throw new PkiException("选择证书与算法不匹配");
        }
        byte[] decode = Hex.decode(this.mSignData.getContent());
        if (this.mSignformat[0].equals(this.mSignData.getSignformat())) {
            pkcs7Sign = pkcs1Sign(certificate, str, signatureImpl, signAlgo, decode);
        } else if (this.mSignformat[1].equals(this.mSignData.getSignformat())) {
            pkcs7Sign = pkcs7Sign(certificate, str, true, signedDataSignImpl, signAlgo, decode);
        } else {
            if (!this.mSignformat[2].equals(this.mSignData.getSignformat())) {
                throw new PkiException("不支持该签名" + this.mSignData.getSignformat());
            }
            pkcs7Sign = pkcs7Sign(certificate, str, false, signedDataSignImpl, signAlgo, decode);
        }
        this.mSignedData = new SignedDataBean();
        this.mSignedData.setSignatureid(this.mSignData.getSignatureid());
        this.mSignedData.setSignatureB64(Base64.encode(0, pkcs7Sign));
        this.mSignedData.setContentsha256(Hex.encode(false, Hash.computeHash(Hash.SHA256, decode)));
        if (certImpl.isSm2(certificate)) {
            this.mSignedData.setSignalg(this.mSignalgs[2]);
        } else {
            this.mSignedData.setSignalg(this.mSignalgs[1]);
        }
        return sendSignedContent();
    }
}
