package org.ofdrw.sign.verify.container;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Provider;
import java.security.Signature;
import java.util.Arrays;
import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
import org.bouncycastle.jcajce.provider.digest.SM3;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.ofdrw.core.signatures.SigType;
import org.ofdrw.gm.ses.v1.SES_Signature;
import org.ofdrw.gm.ses.v1.TBS_Sign;
import org.ofdrw.sign.verify.SignedDataValidateContainer;
import org.ofdrw.sign.verify.exceptions.InvalidSignedValueException;

/* loaded from: input_file:org/ofdrw/sign/verify/container/SESV1ValidateContainer.class */
public class SESV1ValidateContainer implements SignedDataValidateContainer {
    @Override // org.ofdrw.sign.verify.SignedDataValidateContainer
    public void validate(SigType sigType, String str, byte[] bArr, byte[] bArr2) throws InvalidSignedValueException, IOException, GeneralSecurityException {
        if (sigType == SigType.Sign) {
            throw new IllegalArgumentException("签名类型(type)必须是 Seal，不支持电子印章验证");
        }
        byte[] digest = new SM3.Digest().digest(bArr);
        SES_Signature sES_Signature = SES_Signature.getInstance(bArr2);
        TBS_Sign toSign = sES_Signature.getToSign();
        if (!Arrays.equals(digest, toSign.getDataHash().getOctets())) {
            throw new InvalidSignedValueException("Signature.xml 文件被篡改，电子签章失效。(" + toSign.getPropertyInfo().getString() + ")");
        }
        byte[] octets = sES_Signature.getSignature().getOctets();
        Signature signature = Signature.getInstance(toSign.getSignatureAlgorithm().getId(), (Provider) new BouncyCastleProvider());
        signature.initVerify(new CertificateFactory().engineGenerateCertificate(new ByteArrayInputStream(toSign.getCert().getOctets())));
        signature.update(toSign.getEncoded("DER"));
        if (!signature.verify(octets)) {
            throw new InvalidSignedValueException("电子签章数据签名值不匹配，电子签章数据失效。");
        }
    }
}
