package org.ofdrw.sign.verify;

import java.io.Closeable;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.DigestInputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.util.Arrays;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.dom4j.DocumentException;
import org.ofdrw.core.basicType.ST_Loc;
import org.ofdrw.core.signatures.SigType;
import org.ofdrw.core.signatures.Signature;
import org.ofdrw.core.signatures.Signatures;
import org.ofdrw.core.signatures.appearance.Seal;
import org.ofdrw.core.signatures.range.Reference;
import org.ofdrw.core.signatures.range.References;
import org.ofdrw.gm.ses.parse.SESVersion;
import org.ofdrw.gm.ses.parse.SESVersionHolder;
import org.ofdrw.gm.ses.parse.VersionParser;
import org.ofdrw.gm.ses.v4.SES_Signature;
import org.ofdrw.pkg.container.OFDDir;
import org.ofdrw.reader.BadOFDException;
import org.ofdrw.reader.OFDReader;
import org.ofdrw.reader.ResourceLocator;
import org.ofdrw.sign.verify.exceptions.DocNotSignException;
import org.ofdrw.sign.verify.exceptions.FileIntegrityException;
import org.ofdrw.sign.verify.exceptions.OFDVerifyException;

/* loaded from: input_file:org/ofdrw/sign/verify/OFDValidator.class */
public class OFDValidator implements Closeable {
    private Provider provider = new BouncyCastleProvider();
    private OFDDir ofdDir;
    private final OFDReader reader;
    private final ResourceLocator rl;
    private SignedDataValidateContainer validator;

    public OFDValidator(OFDReader oFDReader) {
        this.reader = oFDReader;
        this.ofdDir = oFDReader.getOFDDir();
        this.rl = oFDReader.getResourceLocator();
    }

    public void exeValidate() throws OFDVerifyException, IOException, GeneralSecurityException {
        Seal seal;
        this.rl.save();
        try {
            try {
                this.rl.cd("/");
                ST_Loc defaultDocSignaturesPath = this.reader.getDefaultDocSignaturesPath();
                if (defaultDocSignaturesPath == null) {
                    throw new DocNotSignException("文件未进行电子签名");
                }
                Signatures signatures = (Signatures) this.rl.get(defaultDocSignaturesPath, Signatures::new);
                this.rl.cd(defaultDocSignaturesPath.parent());
                for (Signature signature : signatures.getSignatures()) {
                    SigType type = signature.getType();
                    ST_Loc baseLoc = signature.getBaseLoc();
                    Path file = this.rl.getFile(baseLoc);
                    org.ofdrw.core.signatures.sig.Signature signature2 = (org.ofdrw.core.signatures.sig.Signature) this.rl.get(baseLoc, org.ofdrw.core.signatures.sig.Signature::new);
                    checkFileIntegrity(signature2);
                    this.rl.save();
                    try {
                        this.rl.cd(baseLoc.parent());
                        Path file2 = this.rl.getFile(signature2.getSignedValue());
                        if ((type == null || type == SigType.Seal) && (seal = signature2.getSignedInfo().getSeal()) != null) {
                            checkSealMatch(this.rl.getFile(seal.getBaseLoc()), file2);
                        }
                        checkSignedValue(type, signature2.getSignedInfo().getSignatureMethod(), file, file2);
                        this.rl.restore();
                    } finally {
                    }
                }
                this.rl.restore();
            } catch (DocumentException | FileNotFoundException e) {
                throw new BadOFDException("OFD文件内部结构错误，无法解析。", e);
            }
        } finally {
        }
    }

    public OFDValidator setValidator(SignedDataValidateContainer signedDataValidateContainer) {
        if (signedDataValidateContainer == null) {
            throw new IllegalArgumentException("电子签章数据验证容器（validator）为空");
        }
        this.validator = signedDataValidateContainer;
        return this;
    }

    public void checkSignedValue(SigType sigType, String str, Path path, Path path2) throws IOException, GeneralSecurityException {
        if (this.validator == null) {
            throw new IllegalArgumentException("电子签章数据验证容器（validator）为空,Call #setValidator");
        }
        if (sigType == null) {
            sigType = SigType.Seal;
        }
        this.validator.validate(sigType, str, Files.readAllBytes(path), Files.readAllBytes(path2));
    }

    /* JADX WARN: Finally extract failed */
    private void checkFileIntegrity(org.ofdrw.core.signatures.sig.Signature signature) throws FileIntegrityException, NoSuchAlgorithmException, IOException {
        this.rl.save();
        try {
            References references = signature.getSignedInfo().getReferences();
            MessageDigest messageDigest = MessageDigest.getInstance(references.getCheckMethod(), this.provider);
            for (Reference reference : references.getReferences()) {
                ST_Loc fileRef = reference.getFileRef();
                Path file = this.rl.getFile(fileRef);
                byte[] checkValue = reference.getCheckValue();
                InputStream newInputStream = Files.newInputStream(file, new OpenOption[0]);
                Throwable th = null;
                try {
                    DigestInputStream digestInputStream = new DigestInputStream(newInputStream, messageDigest);
                    Throwable th2 = null;
                    try {
                        try {
                            do {
                            } while (digestInputStream.read(new byte[4096]) > -1);
                            byte[] digest = messageDigest.digest();
                            if (!Arrays.equals(checkValue, digest)) {
                                throw new FileIntegrityException(fileRef, checkValue, digest);
                            }
                            if (digestInputStream != null) {
                                if (0 != 0) {
                                    try {
                                        digestInputStream.close();
                                    } catch (Throwable th3) {
                                        th2.addSuppressed(th3);
                                    }
                                } else {
                                    digestInputStream.close();
                                }
                            }
                            if (newInputStream != null) {
                                if (0 != 0) {
                                    try {
                                        newInputStream.close();
                                    } catch (Throwable th4) {
                                        th.addSuppressed(th4);
                                    }
                                } else {
                                    newInputStream.close();
                                }
                            }
                            messageDigest.reset();
                        } finally {
                        }
                    } catch (Throwable th5) {
                        if (digestInputStream != null) {
                            if (th2 != null) {
                                try {
                                    digestInputStream.close();
                                } catch (Throwable th6) {
                                    th2.addSuppressed(th6);
                                }
                            } else {
                                digestInputStream.close();
                            }
                        }
                        throw th5;
                    }
                } catch (Throwable th7) {
                    if (newInputStream != null) {
                        if (0 != 0) {
                            try {
                                newInputStream.close();
                            } catch (Throwable th8) {
                                th.addSuppressed(th8);
                            }
                        } else {
                            newInputStream.close();
                        }
                    }
                    throw th7;
                }
            }
        } finally {
            this.rl.restore();
        }
    }

    private boolean checkSealMatch(Path path, Path path2) throws IOException, OFDVerifyException {
        byte[] encoded;
        SESVersionHolder parseSES_SignatureVersion = VersionParser.parseSES_SignatureVersion(Files.readAllBytes(path2));
        if (parseSES_SignatureVersion.getVersion() == SESVersion.v4) {
            encoded = SES_Signature.getInstance(parseSES_SignatureVersion.getObjSeq()).getToSign().getEseal().getEncoded("DER");
        } else {
            if (parseSES_SignatureVersion.getVersion() != SESVersion.v1) {
                throw new OFDVerifyException("未知的电子签章数据版本，无法解析");
            }
            encoded = org.ofdrw.gm.ses.v1.SES_Signature.getInstance(parseSES_SignatureVersion.getObjSeq()).getToSign().getEseal().getEncoded("DER");
        }
        return Arrays.equals(encoded, Files.readAllBytes(path));
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        this.reader.close();
    }
}
