package com.kinggrid.iapppdf.signature;

import android.util.Log;
import com.kinggrid.signatureserver.SM2;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Date;
import org.kg.bouncycastle.asn1.ASN1EncodableVector;
import org.kg.bouncycastle.asn1.ASN1GeneralizedTime;
import org.kg.bouncycastle.asn1.ASN1InputStream;
import org.kg.bouncycastle.asn1.ASN1Integer;
import org.kg.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.kg.bouncycastle.asn1.ASN1Primitive;
import org.kg.bouncycastle.asn1.ASN1Sequence;
import org.kg.bouncycastle.asn1.ASN1String;
import org.kg.bouncycastle.asn1.ASN1UTCTime;
import org.kg.bouncycastle.asn1.DEROctetString;
import org.kg.bouncycastle.asn1.DERSequence;
import org.kg.bouncycastle.asn1.DLSequence;
import org.kg.bouncycastle.asn1.x509.Certificate;
import org.kg.bouncycastle.asn1.x509.TBSCertificateStructure;
import org.kg.bouncycastle.asn1.x509.X509CertificateStructure;
import org.kg.bouncycastle.crypto.digests.SM3Digest;
import org.kg.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes.dex */
public class VerifySealUtil {
    private int b;
    private GMSignSealInfo c;
    private byte[] d;

    /* renamed from: a, reason: collision with root package name */
    private boolean f259a = true;
    private int e = 0;

    private static TBSCertificateStructure a(byte[] bArr) throws IOException {
        return TBSCertificateStructure.getInstance(((ASN1Sequence) ASN1Primitive.fromByteArray(bArr)).getObjectAt(0));
    }

    private void a() throws IOException {
        byte[] signData = this.c.getSignData();
        byte[] cert = this.c.getCert();
        byte[] tosignData = this.c.getTosignData();
        byte[] hash = this.c.getHash();
        ASN1Sequence dERSequence = DERSequence.getInstance(this.c.getSesSignature());
        if (signData.length != 64) {
            signData = b(signData);
        }
        if (!asn1Complete(dERSequence)) {
            throw new RuntimeException("验证签章结构体完整性失败！errorCode:" + this.e);
        }
        if (!sm2Verify(tosignData, cert, signData)) {
            throw new RuntimeException("验证签名值失败！");
        }
        if (!c()) {
            throw new RuntimeException("签章者证书与电子印章不匹配！");
        }
        verifySeal(this.c.getEseal());
        if (!cerValid()) {
            throw new RuntimeException("签章时间不在证书有效期内！");
        }
        if (!Arrays.equals(hash, this.d)) {
            throw new RuntimeException("验证失败，文档已被篡改！");
        }
    }

    private void a(String str) throws IOException {
        if (str.equals("1.2.156.10197.1.501") || str.equals("1.2.156.10197.1.301")) {
            this.f259a = true;
        } else {
            this.f259a = false;
        }
    }

    private void a(ASN1Sequence aSN1Sequence) {
        ASN1Sequence aSN1Sequence2 = (ASN1Sequence) aSN1Sequence.getObjectAt(2);
        Long valueOf = Long.valueOf(Long.parseLong((this.b == 4 ? ((ASN1GeneralizedTime) aSN1Sequence2.getObjectAt(5)).getTimeString() : ((ASN1UTCTime) aSN1Sequence2.getObjectAt(4)).toString()).substring(0, r1.length() - 1)));
        String timeString = this.b == 4 ? ((ASN1GeneralizedTime) aSN1Sequence2.getObjectAt(6)).getTimeString() : ((ASN1UTCTime) aSN1Sequence2.getObjectAt(5)).toString();
        Long valueOf2 = Long.valueOf(Long.parseLong(timeString.substring(0, timeString.length() - 1)));
        new SimpleDateFormat("yyMMddHHmmdd");
        if (timeString.length() == 15) {
            new SimpleDateFormat("yyyyMMddHHmmdd");
        }
        Log.i("VerifySealUtils", "====validEnd length:" + timeString.length());
        String signDate = this.c.getSignDate();
        int length = timeString.length();
        if (length == 15 && signDate.length() != 15) {
            signDate = "20" + signDate;
        } else if (length == 13 && signDate.length() != 13) {
            signDate = signDate.substring(2, signDate.length());
        }
        long parseLong = Long.parseLong(signDate.substring(0, signDate.length() - 1));
        if (valueOf.longValue() > parseLong || valueOf2.longValue() < parseLong) {
            throw new RuntimeException("验证电子印章失败：验证电子印章的有效期失败！");
        }
    }

    private void a(X509CertificateStructure x509CertificateStructure, Date date) {
        long parseLong = Long.parseLong(x509CertificateStructure.getStartDate().getTime().substring(2, 14));
        long parseLong2 = Long.parseLong(x509CertificateStructure.getEndDate().getTime().substring(2, 14));
        long parseLong3 = Long.parseLong(DateUtil.format(date, DateUtil.YYMMDDHHMMSS));
        if (parseLong > parseLong3 || parseLong2 < parseLong3) {
            throw new RuntimeException("验证电子印章失败：验证电子印章制章人证书有效期失败, 制章时间不在制章人证书有效期内！");
        }
    }

    private void a(X509CertificateStructure x509CertificateStructure, byte[] bArr, byte[] bArr2, byte[] bArr3) throws IOException {
        boolean verify;
        if (bArr2.length != 64) {
            bArr2 = b(bArr2);
        }
        if (this.f259a) {
            byte[] bArr4 = new byte[64];
            System.arraycopy(x509CertificateStructure.getSubjectPublicKeyInfo().getPublicKeyData().getBytes(), 1, bArr4, 0, 64);
            verify = new SM2(true).Verify(bArr, bArr2, bArr4);
        } else {
            try {
                PublicKey publicKey = ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr3))).getPublicKey();
                Signature signature = Signature.getInstance("SHA1withRSA", new BouncyCastleProvider());
                signature.initVerify(publicKey);
                signature.update(bArr);
                verify = signature.verify(bArr2);
            } catch (InvalidKeyException e) {
                throw new RuntimeException(e);
            } catch (GeneralSecurityException e2) {
                throw new RuntimeException(e2);
            }
        }
        if (!verify) {
            throw new RuntimeException("验证电子印章失败：验证电子印章签名值失败！");
        }
    }

    private static byte[] a(TBSCertificateStructure tBSCertificateStructure) {
        byte[] bArr = new byte[64];
        System.arraycopy(tBSCertificateStructure.getSubjectPublicKeyInfo().getPublicKeyData().getBytes(), 1, bArr, 0, 64);
        return bArr;
    }

    private void b() throws IOException {
        byte[] signData = this.c.getSignData();
        byte[] cert = this.c.getCert();
        byte[] tosignData = this.c.getTosignData();
        byte[] hash = this.c.getHash();
        ASN1Sequence dERSequence = DERSequence.getInstance(this.c.getSesSignature());
        if (signData.length != 64) {
            signData = b(signData);
        }
        if (!asn1Complete(dERSequence)) {
            throw new RuntimeException("验证签章结构体完整性失败！errorCode:" + this.e);
        }
        if (!sm2Verify(tosignData, cert, signData)) {
            throw new RuntimeException("验证签名值失败！");
        }
        verifySeal(this.c.getEseal());
        if (!cerValid()) {
            throw new RuntimeException("签章时间不在证书有效期内！");
        }
        if (!Arrays.equals(hash, this.d)) {
            throw new RuntimeException("验证失败，文档已被篡改！");
        }
    }

    private byte[] b(byte[] bArr) throws IOException {
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(bArr);
        ASN1Integer aSN1Integer = (ASN1Integer) aSN1Sequence.getObjectAt(0);
        ASN1Integer aSN1Integer2 = (ASN1Integer) aSN1Sequence.getObjectAt(1);
        byte[] byteArray = aSN1Integer.getValue().toByteArray();
        byte[] byteArray2 = aSN1Integer2.getValue().toByteArray();
        byte[] bArr2 = new byte[64];
        if (byteArray.length < 32) {
            System.arraycopy(byteArray, 0, bArr2, 32 - byteArray.length, byteArray.length);
        } else {
            System.arraycopy(byteArray, byteArray.length == 32 ? 0 : byteArray.length - 32, bArr2, 0, 32);
        }
        if (byteArray2.length < 32) {
            System.arraycopy(byteArray2, 0, bArr2, 32 - byteArray2.length, byteArray2.length);
        } else {
            System.arraycopy(byteArray2, byteArray2.length != 32 ? byteArray2.length - 32 : 0, bArr2, 32, 32);
        }
        return bArr2;
    }

    private boolean c() {
        boolean z;
        String certType = this.c.getCertType();
        byte[] cert = this.c.getCert();
        DLSequence certList = this.c.getCertList();
        int size = certList.size();
        int i = 0;
        if (certType.equals("1")) {
            z = false;
            while (i < size) {
                z = Arrays.equals(cert, ((DEROctetString) certList.getObjectAt(i)).getOctets());
                if (z) {
                    break;
                }
                i++;
            }
        } else {
            SM3Digest sM3Digest = new SM3Digest();
            sM3Digest.update(cert, 0, cert.length);
            byte[] bArr = new byte[sM3Digest.getDigestSize()];
            sM3Digest.doFinal(bArr, 0);
            z = false;
            while (i < size) {
                z = Arrays.equals(bArr, ((DEROctetString) ((ASN1Sequence) certList.getObjectAt(i)).getObjectAt(1)).getOctets());
                if (z) {
                    break;
                }
                i++;
            }
        }
        return z;
    }

    public boolean asn1Complete(ASN1Sequence aSN1Sequence) {
        if (!this.c.getHeaderVer().equals(this.c.getVersion())) {
            this.e = 10;
            return false;
        }
        int i = this.b;
        if (i == 4) {
            if (!((ASN1ObjectIdentifier) aSN1Sequence.getObjectAt(2)).toString().equals("1.2.156.10197.1.501")) {
                this.e = 1;
                return false;
            }
            int size = aSN1Sequence.size();
            if (size < 4 || size > 5) {
                this.e = 2;
                return false;
            }
            ASN1Sequence aSN1Sequence2 = (ASN1Sequence) aSN1Sequence.getObjectAt(0);
            if (aSN1Sequence2.size() != 5) {
                this.e = 3;
                return false;
            }
            asn1SealComplete((ASN1Sequence) aSN1Sequence2.getObjectAt(1));
        } else if (i == 2) {
            if (aSN1Sequence.size() != 2) {
                this.e = 2;
                return false;
            }
            ASN1Sequence aSN1Sequence3 = (ASN1Sequence) aSN1Sequence.getObjectAt(0);
            if (!((ASN1ObjectIdentifier) aSN1Sequence3.getObjectAt(6)).toString().equals("1.2.156.10197.1.501")) {
                this.e = 1;
                return false;
            }
            asn1SealComplete((ASN1Sequence) aSN1Sequence3.getObjectAt(1));
        }
        return true;
    }

    public boolean asn1SealComplete(ASN1Sequence aSN1Sequence) {
        int intValue = ((ASN1Integer) ((ASN1Sequence) ((ASN1Sequence) aSN1Sequence.getObjectAt(0)).getObjectAt(0)).getObjectAt(1)).getValue().intValue();
        this.b = intValue;
        if (intValue == 4) {
            if (aSN1Sequence.size() != 4) {
                this.e = 4;
                return false;
            }
            if (!((ASN1ObjectIdentifier) aSN1Sequence.getObjectAt(2)).toString().equals("1.2.156.10197.1.501")) {
                this.e = 9;
                return false;
            }
            ASN1Sequence aSN1Sequence2 = (ASN1Sequence) aSN1Sequence.getObjectAt(0);
            int size = aSN1Sequence2.size();
            if (size < 4 || size > 5) {
                this.e = 5;
                return false;
            }
            if (((ASN1Sequence) aSN1Sequence2.getObjectAt(0)).size() != 3) {
                this.e = 6;
                return false;
            }
            if (((ASN1Sequence) aSN1Sequence2.getObjectAt(2)).size() != 7) {
                this.e = 7;
                return false;
            }
            if (((ASN1Sequence) aSN1Sequence2.getObjectAt(3)).size() != 4) {
                this.e = 8;
                return false;
            }
        } else if (intValue == 2) {
            if (!((ASN1ObjectIdentifier) ((ASN1Sequence) aSN1Sequence.getObjectAt(1)).getObjectAt(1)).toString().equals("1.2.156.10197.1.501")) {
                this.e = 9;
                return false;
            }
            ASN1Sequence aSN1Sequence3 = (ASN1Sequence) aSN1Sequence.getObjectAt(0);
            if (aSN1Sequence3.size() != 5) {
                this.e = 5;
                return false;
            }
            if (((ASN1Sequence) aSN1Sequence3.getObjectAt(0)).size() != 3) {
                this.e = 6;
                return false;
            }
            if (((ASN1Sequence) aSN1Sequence3.getObjectAt(2)).size() != 6) {
                this.e = 7;
                return false;
            }
            if (((ASN1Sequence) aSN1Sequence3.getObjectAt(3)).size() != 4) {
                this.e = 8;
                return false;
            }
        }
        return true;
    }

    public boolean cerValid() throws IOException {
        String substring;
        Certificate certificate = Certificate.getInstance((ASN1Sequence) ASN1Primitive.fromByteArray(this.c.getCert()));
        String time = certificate.getStartDate().getTime();
        String time2 = certificate.getEndDate().getTime();
        String signDate = this.c.getSignDate();
        if (this.b == 2) {
            substring = ("20" + signDate).substring(0, 14);
        } else {
            substring = signDate.substring(0, 14);
        }
        long parseLong = Long.parseLong(substring);
        return Long.parseLong(time.substring(0, 14)) <= parseLong && Long.parseLong(time2.substring(0, 14)) >= parseLong;
    }

    public GMSignSealInfo getSealinfo() {
        return this.c;
    }

    public int getVersion() {
        return this.b;
    }

    public void setSealinfo(GMSignSealInfo gMSignSealInfo) {
        this.c = gMSignSealInfo;
    }

    public void setVersion(int i) {
        this.b = i;
    }

    public boolean sm2Verify(byte[] bArr, byte[] bArr2, byte[] bArr3) throws IOException {
        return new SM2(true).Verify(bArr, bArr3, a(a(bArr2)));
    }

    public boolean validsigndate(String str, String str2) {
        return Long.valueOf(Long.parseLong(str2.substring(0, 14))).longValue() <= Long.valueOf(Long.parseLong(str.substring(0, 14))).longValue();
    }

    public void verifySeal(byte[] bArr) throws IOException {
        byte[] encoded;
        ASN1Sequence aSN1Sequence = (ASN1Sequence) new ASN1InputStream(bArr).readObject();
        ASN1Sequence aSN1Sequence2 = (ASN1Sequence) aSN1Sequence.getObjectAt(0);
        ASN1Sequence aSN1Sequence3 = (ASN1Sequence) aSN1Sequence2.getObjectAt(0);
        if (!((ASN1String) aSN1Sequence3.getObjectAt(0)).toString().equals("ES")) {
            throw new RuntimeException("验证电子印章失败：头标识错误！");
        }
        int intValue = ((ASN1Integer) aSN1Sequence3.getObjectAt(1)).getValue().intValue();
        this.b = intValue;
        if (intValue == 4) {
            encoded = aSN1Sequence2.getEncoded();
        } else {
            if (intValue != 2) {
                throw new RuntimeException("验证电子印章失败：印章版本号错误！");
            }
            ASN1Sequence aSN1Sequence4 = (ASN1Sequence) aSN1Sequence.getObjectAt(1);
            DEROctetString dEROctetString = (DEROctetString) aSN1Sequence4.getObjectAt(0);
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(aSN1Sequence2);
            aSN1EncodableVector.add(dEROctetString);
            aSN1EncodableVector.add((ASN1ObjectIdentifier) aSN1Sequence4.getObjectAt(1));
            encoded = new DERSequence(aSN1EncodableVector).getEncoded();
        }
        GMSealInfo sealInfo = Asn1GMSealDecode.getSealInfo(bArr);
        a(sealInfo.getSignatureAlgorithm());
        byte[] cert = sealInfo.getCert();
        a(new X509CertificateStructure((ASN1Sequence) new ASN1InputStream(cert).readObject()), encoded, sealInfo.getSignData(), cert);
        a(aSN1Sequence2);
    }

    public void verifySignatureStructure(GMSignSealInfo gMSignSealInfo, byte[] bArr) throws IOException {
        this.c = gMSignSealInfo;
        this.d = bArr;
        int intValue = Integer.valueOf(gMSignSealInfo.getHeaderVer()).intValue();
        this.b = intValue;
        if (intValue == 4) {
            a();
        } else {
            b();
        }
    }
}
