package org.ofdrw.gm.sm2strut;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Provider;
import java.security.Signature;
import java.util.Arrays;
import java.util.Iterator;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.jcajce.provider.digest.SM3;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import org.ofdrw.gm.cert.CertTools;

/* loaded from: input_file:org/ofdrw/gm/sm2strut/GBT35275Validate.class */
public class GBT35275Validate {
    public static VerifyInfo validate(String str, byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        ContentInfo contentInfo = ContentInfo.getInstance(bArr2);
        if (contentInfo == null) {
            throw new IllegalArgumentException("无法解析ContentInfo结构");
        }
        if (!OIDs.signedData.equals(contentInfo.getContentType())) {
            throw new IllegalArgumentException("非法的签名数据类型，类型：" + contentInfo.getContentType());
        }
        SignedData signedData = SignedData.getInstance(contentInfo.getContent());
        if (signedData == null) {
            throw new IllegalArgumentException("无法解析签名值格式，不符 GBT35275");
        }
        byte[] digest = new SM3.Digest().digest(bArr);
        byte[] bArr3 = null;
        ASN1Encodable content = signedData.getContentInfo().getContent();
        if (content != null) {
            bArr3 = DEROctetString.getInstance(content).getOctets();
            if (!Arrays.equals(digest, bArr3)) {
                try {
                    if (!Arrays.equals(digest, Base64.decode(new String(bArr3)))) {
                        return VerifyInfo.Err("待签名原文不符");
                    }
                } catch (Exception e) {
                    return VerifyInfo.Err("待签名原文不符");
                }
            }
        }
        Iterator it = signedData.getSignerInfos().iterator();
        while (it.hasNext()) {
            SignerInfo signerInfo = SignerInfo.getInstance((ASN1Encodable) it.next());
            ASN1Set authenticatedAttributes = signerInfo.getAuthenticatedAttributes();
            if (authenticatedAttributes != null) {
                ASN1OctetString aSN1Primitive = new AttributeTable(authenticatedAttributes).get(CMSAttributes.messageDigest).getAttrValues().getObjectAt(0).toASN1Primitive();
                if (!(aSN1Primitive instanceof ASN1OctetString)) {
                    throw new IllegalArgumentException("PKCS#9 message-digest 属性类型不是 'OCTET STRING'");
                }
                if (!Arrays.equals(digest, aSN1Primitive.getOctets())) {
                    return VerifyInfo.Err("待签名原文不符");
                }
                try {
                    bArr3 = authenticatedAttributes.getEncoded();
                } catch (IOException e2) {
                    bArr3 = null;
                }
            }
            if (bArr3 == null) {
                throw new IllegalArgumentException("GBT35275签名值格式错误");
            }
            Certificate signCert = signedData.getSignCert(signerInfo.getIssuerAngSerialNumber());
            if (signCert == null) {
                return VerifyInfo.Err("没有找到匹配的证书无法验证签名");
            }
            java.security.cert.Certificate obj = CertTools.obj(signCert);
            Signature signature = Signature.getInstance(str, (Provider) new BouncyCastleProvider());
            signature.initVerify(obj.getPublicKey());
            signature.update(bArr3);
            if (!signature.verify(signerInfo.getEncryptedDigest().getOctets())) {
                return VerifyInfo.Err("签名值不一致");
            }
        }
        return VerifyInfo.OK();
    }
}
