package com.xdja.svs.api.timestamp;

import com.xdja.pki.gmssl.crypto.utils.GMSSLSHA1DigestUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSHA256DigestUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM3DigestUtils;
import com.xdja.svs.ErrorBundle;
import com.xdja.svs.Session;
import com.xdja.svs.alg.SignAlg;
import com.xdja.svs.api.BaseExternalApi;
import com.xdja.svs.execption.ApiException;
import com.xdja.svs.execption.SOR_MessageEncodeException;
import com.xdja.svs.execption.SOR_ParameterNotSupportedException;
import com.xdja.svs.execption.ServiceException;
import com.xdja.svs.protocol.signmsg.response.VerifyTimeStampResponse;
import com.xdja.svs.protocol.timestamp.VerifyTimeStampRequest;
import com.xdja.svs.socket.SocketFactory;
import com.xdja.svs.utils.ApiUtils;
import com.xdja.svs.utils.Base64Utils;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.cms.SignedData;
import org.bouncycastle.asn1.tsp.TSTInfo;
import org.bouncycastle.asn1.tsp.TimeStampResp;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.tsp.TSPAlgorithms;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: input_file:com/xdja/svs/api/timestamp/ApiVerifyTimeStamp.class */
public class ApiVerifyTimeStamp extends BaseExternalApi<String, Boolean> {
    Session session;

    public ApiVerifyTimeStamp(Session session) throws SOR_ParameterNotSupportedException {
        this.session = session;
        if (!SignAlg.matchRSAAlg(session.getSignAlg()) && !SignAlg.matchSm2Alg(session.getSignAlg())) {
            throw new SOR_ParameterNotSupportedException("SOF_verifyTimeStamp:sign alg is not support,please set signAlg for session");
        }
    }

    @Override // com.xdja.svs.api.BaseExternalApi
    public Boolean execute(String... strArr) throws Exception {
        byte[] digest;
        nullPointerIntercept(strArr);
        ApiUtils.verifyLevel(this.session.getVerifyLevel());
        String str = strArr[0];
        String str2 = strArr[1];
        checkBase64(str2);
        byte[] decode = Base64Utils.decode(str2);
        SignedData parseTSP = parseTSP(decode);
        try {
            TSTInfo tSTInfo = TSTInfo.getInstance(ASN1Sequence.getInstance(DEROctetString.getInstance(parseTSP.getEncapContentInfo().getContent()).getOctets()));
            String hexString = Hex.toHexString(tSTInfo.getMessageImprint().getHashedMessage());
            boolean useAppSignCert = useAppSignCert(parseTSP);
            AlgorithmIdentifier hashAlgorithm = tSTInfo.getMessageImprint().getHashAlgorithm();
            if (hashAlgorithm.getAlgorithm().getId().equals(TSPAlgorithms.SM3.getId())) {
                digest = GMSSLSM3DigestUtils.digest(str.getBytes());
            } else if (hashAlgorithm.getAlgorithm().getId().equals(TSPAlgorithms.SHA1.getId())) {
                digest = GMSSLSHA1DigestUtils.digest(str.getBytes());
            } else {
                if (!hashAlgorithm.getAlgorithm().getId().equals(TSPAlgorithms.SHA256.getId())) {
                    throw new SOR_ParameterNotSupportedException("unmatched hash alg");
                }
                digest = GMSSLSHA256DigestUtils.digest(str.getBytes());
            }
            if (null == digest || digest.length <= 0) {
                throw new SOR_ParameterNotSupportedException("unmatched hash alg");
            }
            if (Hex.toHexString(digest).equals(hexString)) {
                return Boolean.valueOf(verifyTimeStamp(this.session, decode, useAppSignCert));
            }
            throw new SOR_ParameterNotSupportedException("origin content 's hash value is not equals param's hash value");
        } catch (Exception e) {
            throw new SOR_ParameterNotSupportedException("please check the value of params");
        }
    }

    private SignedData parseTSP(byte[] bArr) throws Exception {
        TimeStampResp timeStampResp = TimeStampResp.getInstance(bArr);
        if (timeStampResp == null) {
            throw new SOR_MessageEncodeException("SOF_verifyTimeStamp:  parse timeStamp error");
        }
        return SignedData.getInstance(timeStampResp.getTimeStampToken().getContent());
    }

    private boolean useAppSignCert(SignedData signedData) {
        ASN1Set certificates = signedData.getCertificates();
        return certificates == null || certificates.size() <= 0;
    }

    public boolean verifyTimeStamp(Session session, byte[] bArr, boolean z) throws Exception {
        ASN1Sequence processing = SocketFactory.processing(session.getSocketFd(), new VerifyTimeStampRequest(bArr, session, z));
        if (processing == null) {
            throw new ServiceException("SOF_verifyTimeStamp : response is null");
        }
        return parseResponse(new VerifyTimeStampResponse(processing.getObjectAt(2)));
    }

    private boolean parseResponse(VerifyTimeStampResponse verifyTimeStampResponse) throws ApiException {
        if (verifyTimeStampResponse == null) {
            throw new ServiceException("SOF_verifyTimeStamp : service internal error");
        }
        if (verifyTimeStampResponse.isSuccess()) {
            return true;
        }
        ApiException exception = ErrorBundle.getException(verifyTimeStampResponse.getRespValue());
        if (exception == null) {
            throw new ServiceException("SOF_verifyTimeStamp : service internal error");
        }
        throw exception;
    }
}
