package com.asiainfo.sec.libciss.ciss.seseal;

import cissskfjava.b0;
import cissskfjava.cd;
import cissskfjava.g;
import cissskfjava.h2;
import cissskfjava.i7;
import cissskfjava.m7;
import cissskfjava.xc;
import com.asiainfo.sec.libciss.ciss.seseal.exception.SeSealException;
import com.asiainfo.sec.libciss.ciss.seseal.sealinfo.SESPropertyInfo;
import com.asiainfo.sec.libciss.ciss.seseal.signinfo.SignInfo;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.util.Objects;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.jce.interfaces.ECPrivateKey;

/* loaded from: classes.dex */
public class SESealUtil {
    public static byte[] dataBeforeDegist(SESeal sESeal) throws IOException, CertificateEncodingException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(sESeal.getSealInfo());
        SignInfo signInfo = sESeal.getSignInfo();
        aSN1EncodableVector.add(ASN1Sequence.getInstance(signInfo.getCert().getEncoded()));
        aSN1EncodableVector.add(new ASN1ObjectIdentifier(signInfo.getSignatureAlgorithm()));
        return new DERSequence(aSN1EncodableVector).getEncoded();
    }

    private static String getAlgorithmName(String str) throws NoSuchAlgorithmException {
        return g.a(str);
    }

    public static byte[] makeSignInfoData(SESeal sESeal, PrivateKey privateKey, String str) throws SeSealException, IOException, CertificateEncodingException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        byte[] sign;
        Objects.requireNonNull(sESeal, "SESeal null");
        byte[] dataBeforeDegist = dataBeforeDegist(sESeal);
        if (SealConstant.SM2_SIGNATURE_ALGORITHMID.equals(str)) {
            byte[] a = cd.a("1234567812345678".getBytes(), m7.a(xc.a((ECPrivateKey) privateKey)), dataBeforeDegist);
            if (a == null) {
                throw new SeSealException("sm2签名错误");
            }
            sign = i7.b(a);
        } else {
            Signature signature = Signature.getInstance(getAlgorithmName(str), b0.a());
            signature.initSign(privateKey);
            signature.update(dataBeforeDegist);
            sign = signature.sign();
        }
        if (sign != null) {
            return sign;
        }
        throw new SeSealException("签名错误");
    }

    public static boolean verifySESeal(SESeal sESeal) throws SeSealException, IOException, CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        boolean verify;
        Objects.requireNonNull(sESeal, "SESeal null");
        if (sESeal.getSealInfo() == null || sESeal.getSignInfo() == null) {
            throw new SeSealException("sealInfo null or signInfo null");
        }
        SignInfo signInfo = sESeal.getSignInfo();
        String signatureAlgorithm = signInfo.getSignatureAlgorithm();
        byte[] signData = signInfo.getSignData();
        byte[] dataBeforeDegist = dataBeforeDegist(sESeal);
        Certificate cert = sESeal.getSignInfo().getCert();
        if (SealConstant.SM2_SIGNATURE_ALGORITHMID.equals(signatureAlgorithm)) {
            verify = cd.a("1234567812345678".getBytes(), m7.a(h2.b(cert.getEncoded())), dataBeforeDegist, i7.a(signData));
        } else {
            Signature signature = Signature.getInstance(getAlgorithmName(signatureAlgorithm), b0.a());
            signature.initVerify(cert);
            signature.update(dataBeforeDegist);
            verify = signature.verify(signData);
        }
        if (!verify) {
            throw new SeSealException("电子印章签名值校验失败");
        }
        SESPropertyInfo property = sESeal.getSealInfo().getProperty();
        long currentTimeMillis = System.currentTimeMillis();
        boolean z = property.getValidStart().getTime() <= currentTimeMillis;
        boolean z2 = currentTimeMillis <= property.getValidEnd().getTime();
        if (z && z2) {
            return true;
        }
        throw new SeSealException("电子印章未到有效期或者已过有效期");
    }

    public static boolean verifySESeal(byte[] bArr) {
        try {
            return verifySESeal(SESeal.getInstance(bArr));
        } catch (Exception unused) {
            return false;
        }
    }
}
