package com.csii.pe.common.security.command;

import com.csii.pe.common.security.DigitalSignatureUtil;
import com.csii.pe.common.util.CsiiUtils;
import com.csii.pe.common.util.Hex2Byte;
import com.csii.pe.core.Context;
import com.csii.pe.core.PeException;
import com.csii.pe.validation.FieldList;
import com.csii.pe.validation.ValidationException;
import com.icoix.baschi.widget.py.HanziToPinyin3;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.Array;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.web.multipart.MultipartFile;

/* loaded from: classes.dex */
public class UIBSDigitalSignatureValidator implements DigitalSignatureValidator {

    /* renamed from: long, reason: not valid java name */
    private List f105long;
    public final String FILE = "FileStyle";

    /* renamed from: char, reason: not valid java name */
    private String f102char = "CSIISignature";

    /* renamed from: goto, reason: not valid java name */
    private String f104goto = "CSIIFileSignature";
    protected Log log = LogFactory.getLog(getClass());

    /* renamed from: else, reason: not valid java name */
    private String f103else = DigitalSignatureUtil.SHA1_RSA;

    /* renamed from: if, reason: not valid java name */
    private boolean m323if(Object obj, Object obj2) {
        return (obj == null || obj2 == null) ? obj == null && obj2 == null : obj.getClass() == obj2.getClass() ? obj.equals(obj2) : obj.toString().equals(obj2.toString());
    }

    protected void doValidation(String str, Object obj, Object obj2, Context context, Map map) throws PeException {
        if (this.log.isDebugEnabled()) {
            this.log.debug(new StringBuffer(String.valueOf(str)).append(HanziToPinyin3.Token.SEPARATOR).append(obj2).append(HanziToPinyin3.Token.SEPARATOR).append(map).toString());
        }
        if (!(obj instanceof String)) {
            if (obj instanceof Map) {
                Map map2 = (Map) obj2;
                for (Object obj3 : ((Map) obj).keySet()) {
                    doValidation(new StringBuffer(String.valueOf(str)).append(obj3).toString(), ((Map) obj).get(obj3), map2.get(obj3), context, map);
                }
                return;
            }
            if (obj instanceof FieldList) {
                FieldList fieldList = (FieldList) obj;
                if (fieldList.isSkipSignature()) {
                    return;
                }
                Map fields = fieldList.getFields();
                int i = 0;
                Iterator it = ((List) obj2).iterator();
                while (it.hasNext()) {
                    doValidation(new StringBuffer(String.valueOf(str)).append("[").append(i).append("]").append(".").toString(), fields, (Map) it.next(), context, map);
                    i++;
                }
                return;
            }
            return;
        }
        if (str.equals("Password") || str.equals("OTPPassword") || str.equals("PayCode") || str.equals("TrsPassword") || ((String) obj).indexOf("skipSignature=true") >= 0) {
            return;
        }
        if (!obj.equals("FileStyle")) {
            Object obj4 = map.get(str);
            if (obj2 == null) {
                if (obj4 != null && ((String) obj4).trim().length() > 0) {
                    throw new ValidationException("invalid_signature", new Object[]{str, obj2});
                }
                return;
            }
            if (obj4 == null) {
                throw new ValidationException("invalid_signature", new Object[]{str, obj2});
            }
            if (!obj2.getClass().isArray()) {
                if (!m323if(obj2, obj4)) {
                    throw new ValidationException("invalid_signature", new Object[]{str, obj2});
                }
                return;
            } else {
                if (!obj4.getClass().isArray()) {
                    throw new ValidationException("invalid_signature", new Object[]{str, obj2});
                }
                if (Array.getLength(obj2) != Array.getLength(obj4)) {
                    throw new ValidationException("invalid_signature", new Object[]{str, obj2});
                }
                for (int i2 = 0; i2 < Array.getLength(obj2); i2++) {
                    if (!m323if(Array.get(obj2, i2), Array.get(obj4, i2))) {
                        throw new ValidationException("invalid_signature", new Object[]{str, obj2});
                    }
                }
                return;
            }
        }
        MultipartFile multipartFile = (MultipartFile) obj2;
        if (multipartFile != null) {
            String str2 = (String) context.getData(this.f104goto);
            if (this.log.isDebugEnabled()) {
                this.log.debug(new StringBuffer("fileSignatureStr:").append(str2).toString());
            }
            if (str2 == null) {
                throw new ValidationException("invalid_file_signature_data");
            }
            if (str2.charAt(0) != 'F') {
                throw new ValidationException("invalid_file_signature");
            }
            int parseInt = Integer.parseInt(str2.substring(2, 10).trim());
            byte[] hex2Byte = Hex2Byte.hex2Byte(str2.substring(10, parseInt + 10));
            if (this.log.isDebugEnabled()) {
                this.log.debug(new StringBuffer("signLen:").append(parseInt).append("bytes:").append(str2.substring(10, parseInt + 10)).toString());
            }
            try {
                byte[] bytes = multipartFile.getBytes();
                Object clientCertificate = CsiiUtils.getClientCertificate(context, this.f105long);
                try {
                    if (clientCertificate instanceof X509Certificate) {
                        if (!verify((X509Certificate) clientCertificate, this.f103else, bytes, hex2Byte)) {
                            throw new ValidationException("invalid_signature");
                        }
                    } else if (!verify((javax.security.cert.X509Certificate) clientCertificate, this.f103else, bytes, hex2Byte)) {
                        throw new ValidationException("invalid_signature");
                    }
                } catch (Exception e) {
                    this.log.error("invalid signature", e);
                    throw new ValidationException("invalid_signature", e);
                }
            } catch (IOException e2) {
                throw new ValidationException("invalid_signature", new Object[]{str, obj2});
            }
        }
    }

    public List getIssuers() {
        return this.f105long;
    }

    public String getSignatureFieldName() {
        return this.f102char;
    }

    public void setFileSignatureFieldName(String str) {
        this.f104goto = str;
    }

    public void setIssuers(List list) {
        this.f105long = list;
    }

    public void setSignatureAlgorithm(String str) {
        this.f103else = str;
    }

    public void setSignatureFieldName(String str) {
        this.f102char = str;
    }

    @Override // com.csii.pe.common.security.command.DigitalSignatureValidator
    public void verify(Context context) throws PeException {
        String str;
        String substring;
        Map fields;
        String str2 = (String) context.getData(this.f102char);
        if (str2 == null) {
            throw new ValidationException("invalid_signature_data");
        }
        if (str2.charAt(0) == 'A') {
            str = "UTF-8";
            substring = str2.substring(2);
        } else {
            if (str2.charAt(0) != 'U' || str2.charAt(1) != 'D') {
                throw new ValidationException("invalid_signature", new Object[]{str2});
            }
            int indexOf = str2.indexOf(58);
            String substring2 = str2.substring(2, indexOf);
            str = substring2.equals("936") ? "gbk" : substring2.equals("950") ? "big5" : substring2.equals("65001") ? "UTF-8" : "8859_1";
            substring = str2.substring(indexOf + 1);
        }
        try {
            byte[] bytes = substring.getBytes(str);
            int parseInt = Integer.parseInt(new String(bytes, 0, 8).trim());
            byte[] bArr = new byte[parseInt];
            System.arraycopy(bytes, 8, bArr, 0, parseInt);
            String str3 = new String(bArr, str);
            String str4 = new String(bytes, parseInt + 8 + 8, Integer.parseInt(new String(bytes, parseInt + 8, 8).trim()), str);
            Object clientCertificate = context.getUser() != null ? context.getUser().getClientCertificate() : CsiiUtils.getClientCertificate(context, this.f105long);
            if (clientCertificate == null) {
                throw new ValidationException("invalid_client_cert", new Object[]{substring});
            }
            byte[] hex2Byte = Hex2Byte.hex2Byte(str4);
            try {
                if (clientCertificate instanceof X509Certificate) {
                    if (!verify((X509Certificate) clientCertificate, this.f103else, bArr, hex2Byte)) {
                        throw new ValidationException("invalid_signature", new Object[]{substring, str3, str4});
                    }
                } else if (!verify((javax.security.cert.X509Certificate) clientCertificate, this.f103else, bArr, hex2Byte)) {
                    throw new ValidationException("invalid_signature", new Object[]{substring, clientCertificate});
                }
                HashMap signedData = DigitalSignatureUtil.getSignedData(str3);
                if (this.log.isDebugEnabled()) {
                    this.log.debug(new StringBuffer("dataMap:").append(signedData).toString());
                }
                long currentTimeMillis = System.currentTimeMillis() - Long.parseLong((String) signedData.get("_PESignTimestamp"));
                if (currentTimeMillis > 300000 || currentTimeMillis < -300000) {
                    throw new ValidationException("invalid_signature_timestamp");
                }
                if (context.getTransactionConfig() == null || (fields = context.getTransactionConfig().getFields()) == null) {
                    return;
                }
                for (String str5 : fields.keySet()) {
                    doValidation(str5, fields.get(str5), context.getData(str5), context, signedData);
                }
            } catch (Exception e) {
                this.log.error("invalid signature", e);
                throw new ValidationException("invalid_signature", e);
            }
        } catch (UnsupportedEncodingException e2) {
            this.log.error("invalid signature", e2);
            throw new ValidationException("invalid_signature", new Object[]{substring});
        }
    }

    protected boolean verify(Certificate certificate, String str, byte[] bArr, byte[] bArr2) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException {
        return DigitalSignatureUtil.verify(certificate, str, bArr, bArr2);
    }

    protected boolean verify(javax.security.cert.Certificate certificate, String str, byte[] bArr, byte[] bArr2) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException {
        return DigitalSignatureUtil.verify(certificate, str, bArr, bArr2);
    }
}
