package cn.com.infosec.netsign.base.processors;

import cn.com.infosec.isfw2.sfw.Request;
import cn.com.infosec.isfw2.sfw.Response;
import cn.com.infosec.netsign.base.AbstractMessage;
import cn.com.infosec.netsign.base.ErrorInfoRes;
import cn.com.infosec.netsign.base.NSMessage;
import cn.com.infosec.netsign.base.NSMessageOpt;
import cn.com.infosec.netsign.base.channels.ServerChannel;
import cn.com.infosec.netsign.base.processors.util.ProcessUtil;
import cn.com.infosec.netsign.base.util.NetSignImpl;
import cn.com.infosec.netsign.base.util.Utils;
import cn.com.infosec.netsign.base.util.VerifySignatureException;
import cn.com.infosec.netsign.crypto.util.AlgorithmUtil;
import cn.com.infosec.netsign.crypto.util.SoftCryptoImpl;
import cn.com.infosec.netsign.frame.config.ExtendedConfig;
import cn.com.infosec.netsign.isfwimpl.NetSignProcessor;
import cn.com.infosec.netsign.isfwimpl.NetSignRequest;
import cn.com.infosec.netsign.isfwimpl.NetSignResponse;
import cn.com.infosec.netsign.logger.ConsoleLogger;
import cn.com.infosec.oscca.sm2.SM2Certificate;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.X509Certificate;

/* loaded from: input_file:cn/com/infosec/netsign/base/processors/RAWAfterwardsVerifyProcessor.class */
public class RAWAfterwardsVerifyProcessor implements NetSignProcessor {
    private ServerChannel channel;
    private String provider;

    public RAWAfterwardsVerifyProcessor() {
        this.provider = NetSignImpl.PROVIDER_INFOSEC;
    }

    private void setNoCertError(AbstractMessage abstractMessage) {
        abstractMessage.setResult(ErrorInfoRes.NULL_CERTIFICATE_ERROR);
        abstractMessage.setErrMsg(ErrorInfoRes.getErrorInfo(ErrorInfoRes.NULL_CERTIFICATE_ERROR));
    }

    @Override // cn.com.infosec.netsign.isfwimpl.NetSignProcessor
    public void setChannel(ServerChannel serverChannel) {
        if (this.channel != serverChannel) {
            this.channel = serverChannel;
        }
        this.provider = ExtendedConfig.getVerifyProvider();
    }

    public RAWAfterwardsVerifyProcessor(ServerChannel serverChannel) {
        this.provider = NetSignImpl.PROVIDER_INFOSEC;
        this.channel = serverChannel;
        this.provider = ExtendedConfig.getVerifyProvider();
    }

    public Response process(Request request) {
        NetSignRequest netSignRequest = (NetSignRequest) request;
        NSMessage nSMessage = netSignRequest.getNSMessage();
        String stringBuffer = new StringBuffer(String.valueOf(this.channel.getId())).append(" ").append(nSMessage.getAddress()).append(" RAWAfterwardsVerify failed:").toString();
        NSMessageOpt createNSMessageOpt = ProcessUtil.createNSMessageOpt(nSMessage);
        X509Certificate cert = nSMessage.getCert();
        if (cert == null) {
            setNoCertError(createNSMessageOpt);
            ProcessUtil.log(this.channel.getDebugLogger(), this.channel.getId(), nSMessage, createNSMessageOpt);
            ProcessUtil.accessLog(this.channel.getAccessLogger(), new StringBuffer(String.valueOf(stringBuffer)).append(createNSMessageOpt.getResult()).toString(), this.channel.getLogLevel());
            return NetSignResponse.createNetSignResponse(createNSMessageOpt, netSignRequest.getProtocol());
        }
        PublicKey publicKey = null;
        try {
            publicKey = Utils.getCertType(cert) == 1 ? new SM2Certificate(cert, cert.getEncoded(), cert.getTBSCertificate()).getPublicKey() : cert.getPublicKey();
        } catch (Exception e) {
            ConsoleLogger.logException(e);
        }
        byte[] cryptoText = nSMessage.getCryptoText();
        byte[] disassemble = ProcessUtil.disassemble(nSMessage.getPlainText(), this.channel.isCryptoCommunicate(), this.channel.getCryptoUtil(), nSMessage, createNSMessageOpt);
        if (createNSMessageOpt.getResult() < 0) {
            ProcessUtil.log(this.channel.getDebugLogger(), this.channel.getId(), nSMessage, createNSMessageOpt);
            ProcessUtil.accessLog(this.channel.getAccessLogger(), new StringBuffer(String.valueOf(stringBuffer)).append(createNSMessageOpt.getResult()).toString(), this.channel.getLogLevel());
            return NetSignResponse.createNetSignResponse(createNSMessageOpt, netSignRequest.getProtocol());
        }
        String digestAlgoritim = ProcessUtil.getDigestAlgoritim(nSMessage, this.channel, publicKey);
        NetSignImpl netSignImpl = new NetSignImpl();
        try {
            if (AlgorithmUtil.getDigestAlgByName(digestAlgoritim) == null) {
                throw new NoSuchAlgorithmException(new StringBuffer("The DigestAlgorithm ").append(digestAlgoritim).append(" Can not been Supported").toString());
            }
            if (cert != null && this.channel.getService().isVerifyCert()) {
                netSignImpl.afterwardsVerifyCert(cert, this.channel.getTrustConfigs());
            }
            if (!SoftCryptoImpl.verify(publicKey, disassemble, cryptoText, digestAlgoritim, this.provider)) {
                throw new VerifySignatureException(" signature was not verified");
            }
            if (ExtendedConfig.isReturnVerifyResult()) {
                createNSMessageOpt.setDigestAlg(digestAlgoritim);
            }
            ProcessUtil.accessLog(this.channel.getAccessLogger(), new StringBuffer(String.valueOf(this.channel.getId())).append(" ").append(nSMessage.getAddress()).append(" RAWAfterwardsVerifyProcessor success").toString(), this.channel.getLogLevel());
            return NetSignResponse.createNetSignResponse(createNSMessageOpt, netSignRequest.getProtocol());
        } catch (Exception e2) {
            ProcessUtil.throwDetailException(e2, createNSMessageOpt);
            ProcessUtil.log(this.channel.getDebugLogger(), this.channel.getId(), nSMessage, createNSMessageOpt);
            ProcessUtil.accessLog(this.channel.getAccessLogger(), new StringBuffer(String.valueOf(stringBuffer)).append(createNSMessageOpt.getResult()).toString(), this.channel.getLogLevel());
            return NetSignResponse.createNetSignResponse(createNSMessageOpt, netSignRequest.getProtocol());
        }
    }
}
