package org.ofdrw.gm.sm2strut;

import java.security.GeneralSecurityException;
import java.security.Provider;
import java.security.Signature;
import java.util.Arrays;
import java.util.Iterator;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.jcajce.provider.digest.SM3;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.ofdrw.gm.cert.CertTools;

/* loaded from: input_file:org/ofdrw/gm/sm2strut/GBT35275Validate.class */
public class GBT35275Validate {
    public static VerifyInfo validate(String str, byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        SignedData signedData = null;
        try {
            signedData = SignedData.getInstance(bArr2);
        } catch (Exception e) {
        }
        if (signedData == null) {
            throw new IllegalArgumentException("无法解析签名值格式，不符 GBT35275");
        }
        byte[] digest = new SM3.Digest().digest(bArr);
        byte[] octets = DEROctetString.getInstance(signedData.getContentInfo().getContent()).getOctets();
        if (!Arrays.equals(digest, octets)) {
            return VerifyInfo.Err("待签名原文不符");
        }
        Iterator it = signedData.getSignerInfos().iterator();
        while (it.hasNext()) {
            SignerInfo signerInfo = SignerInfo.getInstance((ASN1Encodable) it.next());
            Certificate signCert = signedData.getSignCert(signerInfo.getIssuerAngSerialNumber());
            if (signCert == null) {
                return VerifyInfo.Err("没有找到匹配的证书无法验证签名");
            }
            java.security.cert.Certificate obj = CertTools.obj(signCert);
            Signature signature = Signature.getInstance(str, (Provider) new BouncyCastleProvider());
            signature.initVerify(obj.getPublicKey());
            signature.update(octets);
            if (!signature.verify(signerInfo.getEncryptedDigest().getOctets())) {
                return VerifyInfo.Err("签名值不一致");
            }
        }
        return VerifyInfo.OK();
    }
}
