package kd.bos.cfca;

import cfca.sadk.algorithm.sm2.SM2PublicKey;
import cfca.sadk.lib.crypto.Session;
import cfca.sadk.util.Signature;
import cfca.sadk.x509.certificate.X509Cert;
import cfca.svs.api.util.XmlUtil;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import kd.bos.ca.CAConstConfig;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;

/* loaded from: input_file:kd/bos/cfca/CFCAVerifySign.class */
public class CFCAVerifySign {
    private static final Log log = LogFactory.getLog(CFCAVerifySign.class);
    private static final String VERIFY_SUCCESS = "success";
    private static final String VERIFY_MESSAGE = "message";
    private static final String UTF_8 = "UTF-8";
    private static final String SIGNALG = "signAlg";
    private static final String SIGNALG_SM2 = "sm3WithSM2Encryption";
    private static final String SIGNALG_RSA = "sha256WithRSAEncryption";
    private static final String CFCA_SADK = "SADK";
    private static final String CFCA_HARD = "HARD";

    public static Map<String, Object> verifySign(String str, String str2, String str3, Map<String, Object> map) {
        return verifyMessageRawCFCA(str, str2, str3, map);
    }

    private static Map<String, Object> verifyMessageRawCFCA(String str, String str2, String str3, Map<String, Object> map) {
        return CFCA_SADK.equals((map == null || !map.containsKey("signType")) ? CFCA_HARD : (String) map.get("signType")) ? verifyMessageRawSADK(str, str2, str3, map) : verifyMessageRawHard(str, str2, str3, map);
    }

    private static Map<String, Object> verifyMessageRawSADK(String str, String str2, String str3, Map<String, Object> map) {
        boolean p1VerifyMessage;
        HashMap hashMap = new HashMap();
        if (str3 != null) {
            try {
                Session session = SessionFactory.getInstance().getSession();
                SM2PublicKey publicKey = new X509Cert(new ByteArrayInputStream(str3.getBytes(UTF_8))).getPublicKey();
                String str4 = (map == null || !map.containsKey(SIGNALG)) ? SIGNALG_SM2 : (String) map.get(SIGNALG);
                Signature signature = new Signature();
                if ("RSA".equals(str4)) {
                    p1VerifyMessage = signature.p1VerifyMessage(SIGNALG_RSA, str2.getBytes(UTF_8), str.getBytes(UTF_8), publicKey, session);
                    if (!p1VerifyMessage) {
                        log.info("CFCA:SHA-256算法：验签失败，将使用SHA-1算法重新验签");
                        p1VerifyMessage = signature.p1VerifyMessage("sha1WithRSAEncryption", str2.getBytes(UTF_8), str.getBytes(UTF_8), publicKey, session);
                    }
                } else {
                    p1VerifyMessage = signature.p1VerifyMessage(SIGNALG_SM2, str2.getBytes(UTF_8), str.getBytes(UTF_8), publicKey, session);
                }
                if (p1VerifyMessage) {
                    hashMap.put(VERIFY_SUCCESS, Boolean.TRUE);
                    hashMap.put(VERIFY_MESSAGE, ResManager.loadKDString("签名值验证成功，证书有效性验证成功。", "CFCAVerifySign_0", CAConstConfig.PROJECT_NAME, new Object[0]));
                } else {
                    hashMap.put(VERIFY_SUCCESS, Boolean.FALSE);
                    hashMap.put(VERIFY_MESSAGE, ResManager.loadKDString("签名值验证失败。", "CFCAVerifySign_1", CAConstConfig.PROJECT_NAME, new Object[0]));
                }
            } catch (IOException e) {
                hashMap.put(VERIFY_SUCCESS, Boolean.FALSE);
                hashMap.put(VERIFY_MESSAGE, String.format(ResManager.loadKDString("验签失败，请检查证书公钥。%s", "CFCAVerifySign_2", CAConstConfig.PROJECT_NAME, new Object[0]), e.getMessage()));
            } catch (Exception e2) {
                hashMap.put(VERIFY_SUCCESS, Boolean.FALSE);
                hashMap.put(VERIFY_MESSAGE, String.format(ResManager.loadKDString("验签失败，请检查配置中心。%s", "CFCAVerifySign_3", CAConstConfig.PROJECT_NAME, new Object[0]), e2.getMessage()));
            }
        } else {
            hashMap.put(VERIFY_SUCCESS, Boolean.FALSE);
            hashMap.put(VERIFY_MESSAGE, ResManager.loadKDString("未找到该用户对应的证书。", "CFCAVerifySign_4", CAConstConfig.PROJECT_NAME, new Object[0]));
        }
        return hashMap;
    }

    /* JADX WARN: Removed duplicated region for block: B:13:0x008b A[Catch: IOException -> 0x01fb, Exception -> 0x0233, TryCatch #2 {IOException -> 0x01fb, Exception -> 0x0233, blocks: (B:36:0x0014, B:38:0x001d, B:8:0x0037, B:10:0x0047, B:11:0x0052, B:13:0x008b, B:14:0x00c1, B:16:0x00e0, B:18:0x00ea, B:19:0x012f, B:21:0x014e, B:27:0x0175, B:29:0x0191, B:30:0x01ab, B:31:0x010f, B:32:0x01c1, B:33:0x00b0, B:5:0x002a), top: B:35:0x0014 }] */
    /* JADX WARN: Removed duplicated region for block: B:16:0x00e0 A[Catch: IOException -> 0x01fb, Exception -> 0x0233, TryCatch #2 {IOException -> 0x01fb, Exception -> 0x0233, blocks: (B:36:0x0014, B:38:0x001d, B:8:0x0037, B:10:0x0047, B:11:0x0052, B:13:0x008b, B:14:0x00c1, B:16:0x00e0, B:18:0x00ea, B:19:0x012f, B:21:0x014e, B:27:0x0175, B:29:0x0191, B:30:0x01ab, B:31:0x010f, B:32:0x01c1, B:33:0x00b0, B:5:0x002a), top: B:35:0x0014 }] */
    /* JADX WARN: Removed duplicated region for block: B:32:0x01c1 A[Catch: IOException -> 0x01fb, Exception -> 0x0233, TryCatch #2 {IOException -> 0x01fb, Exception -> 0x0233, blocks: (B:36:0x0014, B:38:0x001d, B:8:0x0037, B:10:0x0047, B:11:0x0052, B:13:0x008b, B:14:0x00c1, B:16:0x00e0, B:18:0x00ea, B:19:0x012f, B:21:0x014e, B:27:0x0175, B:29:0x0191, B:30:0x01ab, B:31:0x010f, B:32:0x01c1, B:33:0x00b0, B:5:0x002a), top: B:35:0x0014 }] */
    /* JADX WARN: Removed duplicated region for block: B:33:0x00b0 A[Catch: IOException -> 0x01fb, Exception -> 0x0233, TryCatch #2 {IOException -> 0x01fb, Exception -> 0x0233, blocks: (B:36:0x0014, B:38:0x001d, B:8:0x0037, B:10:0x0047, B:11:0x0052, B:13:0x008b, B:14:0x00c1, B:16:0x00e0, B:18:0x00ea, B:19:0x012f, B:21:0x014e, B:27:0x0175, B:29:0x0191, B:30:0x01ab, B:31:0x010f, B:32:0x01c1, B:33:0x00b0, B:5:0x002a), top: B:35:0x0014 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.util.Map<java.lang.String, java.lang.Object> verifyMessageRawHard(java.lang.String r9, java.lang.String r10, java.lang.String r11, java.util.Map<java.lang.String, java.lang.Object> r12) {
        /*
            Method dump skipped, instructions count: 658
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: kd.bos.cfca.CFCAVerifySign.verifyMessageRawHard(java.lang.String, java.lang.String, java.lang.String, java.util.Map):java.util.Map");
    }

    private static Map<String, Object> dealResponse(String str, String str2) {
        String format;
        boolean z;
        HashMap hashMap = new HashMap(2);
        if ("".equals(str)) {
            String.format(ResManager.loadKDString("%s Socket 可能发生 通讯异常", "CFCAVerifySign_15", CAConstConfig.PROJECT_NAME, new Object[0]), str2);
        }
        String nodeText = XmlUtil.getNodeText(str, "ErrorCode");
        if ("0".equals(nodeText)) {
            format = String.format(ResManager.loadKDString("%s成功", "CFCAVerifySign_16", CAConstConfig.PROJECT_NAME, new Object[0]), str2);
            z = true;
        } else {
            format = String.format(ResManager.loadKDString("%1$s失败，失败信息为:%2$s 错误信息为:%3$s", "CFCAVerifySign_17", CAConstConfig.PROJECT_NAME, new Object[0]), str2, nodeText, XmlUtil.getNodeText(str, "ErrorDesc"));
            z = false;
        }
        hashMap.put(VERIFY_SUCCESS, Boolean.valueOf(z));
        hashMap.put(VERIFY_MESSAGE, format);
        return hashMap;
    }
}
