package cn.com.jit.ida.util.pki.crl;

import cn.com.jit.ida.util.pki.PKIConstant;
import cn.com.jit.ida.util.pki.PKIException;
import cn.com.jit.ida.util.pki.Parser;
import cn.com.jit.ida.util.pki.asn1.ASN1InputStream;
import cn.com.jit.ida.util.pki.asn1.ASN1Sequence;
import cn.com.jit.ida.util.pki.asn1.DERObjectIdentifier;
import cn.com.jit.ida.util.pki.asn1.pkcs.PKCSObjectIdentifiers;
import cn.com.jit.ida.util.pki.asn1.x509.CertificateList;
import cn.com.jit.ida.util.pki.asn1.x509.TBSCertList;
import cn.com.jit.ida.util.pki.asn1.x509.Time;
import cn.com.jit.ida.util.pki.asn1.x509.X509Name;
import cn.com.jit.ida.util.pki.cert.X509Cert;
import cn.com.jit.ida.util.pki.cipher.JCrypto;
import cn.com.jit.ida.util.pki.cipher.JKey;
import cn.com.jit.ida.util.pki.cipher.Mechanism;
import cn.com.jit.ida.util.pki.cipher.Session;
import cn.com.jit.ida.util.pki.encoders.Base64;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;

/* loaded from: classes.dex */
public class X509CRL {
    private CertificateList certList;
    private TBSCertList.CRLEntry[] crlEntries;
    private final String end;
    private final String head;

    public X509CRL(CertificateList certificateList) {
        this.certList = null;
        this.crlEntries = null;
        this.head = "-----BEGIN X509CRL-----";
        this.end = "-----END X509CRL-----";
        this.certList = certificateList;
        this.crlEntries = certificateList.getTBSCertList().getRevokedCertificates();
    }

    public X509CRL(InputStream inputStream) throws PKIException {
        this.certList = null;
        this.crlEntries = null;
        this.head = "-----BEGIN X509CRL-----";
        this.end = "-----END X509CRL-----";
        try {
            int available = inputStream.available();
            byte[] bArr = new byte[available];
            int read = inputStream.read(bArr);
            while (read < available) {
                byte[] bArr2 = new byte[available - read];
                int read2 = inputStream.read(bArr2);
                System.arraycopy(bArr2, 0, bArr, read, read2);
                read += read2;
            }
            inputStream.close();
            initCRL(bArr);
        } catch (IOException e) {
            throw new PKIException(PKIException.INIT_CRL, PKIException.INIT_CRL_DES, e);
        }
    }

    public X509CRL(byte[] bArr) throws PKIException {
        this.certList = null;
        this.crlEntries = null;
        this.head = "-----BEGIN X509CRL-----";
        this.end = "-----END X509CRL-----";
        initCRL(bArr);
    }

    private void initCRL(byte[] bArr) throws PKIException {
        try {
            CertificateList certificateList = new CertificateList((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(parseCrlData(bArr))).readObject());
            this.certList = certificateList;
            this.crlEntries = certificateList.getTBSCertList().getRevokedCertificates();
        } catch (Exception e) {
            throw new PKIException(PKIException.INIT_CRL, PKIException.INIT_CRL_DES, e);
        }
    }

    public static void main(String[] strArr) {
        try {
            FileInputStream fileInputStream = new FileInputStream("D:/sm2test.crl");
            byte[] bArr = new byte[fileInputStream.available()];
            fileInputStream.read(bArr);
            fileInputStream.close();
            X509CRL x509crl = new X509CRL(bArr);
            System.out.println("to read crl success...");
            JCrypto jCrypto = JCrypto.getInstance();
            jCrypto.initialize(JCrypto.JSOFT_LIB, null);
            jCrypto.initialize(JCrypto.JSJY05B_LIB, "PKITOOL");
            Session openSession = jCrypto.openSession(JCrypto.JSJY05B_LIB, "PKITOOL");
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            FileInputStream fileInputStream2 = new FileInputStream("d:\\rootgfa.cer");
            X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(fileInputStream2);
            fileInputStream2.close();
            X509Cert x509Cert = new X509Cert(x509Certificate.getEncoded());
            String issuer = x509crl.getIssuer();
            System.out.println("crl issuer:" + issuer);
            String signatureAlgName = x509crl.getSignatureAlgName();
            System.out.println("crl signatureAlgName:" + signatureAlgName);
            Date thisUpdate = x509crl.getThisUpdate();
            System.out.println("crl thisUpdate:" + thisUpdate.toGMTString());
            if (x509crl.verify(x509Cert.getPublicKey(), openSession)) {
                System.out.println("crl verify success");
            } else {
                System.out.println("crl verify failed");
            }
            new X509CRL(new FileInputStream("D:/crl/crl112.crl"));
        } catch (Exception e) {
            e.printStackTrace();
            System.out.println("to test error..." + e.getMessage());
        }
    }

    private byte[] parseCrlData(byte[] bArr) throws PKIException {
        try {
            byte[] bArr2 = new byte[23];
            System.arraycopy(bArr, 0, bArr2, 0, 23);
            if (Parser.isBase64Encode(bArr)) {
                return Base64.decode(Parser.convertBase64(bArr));
            }
            if (!Arrays.equals(bArr2, "-----BEGIN X509CRL-----".getBytes())) {
                return bArr;
            }
            int length = bArr.length - 23;
            byte[] bArr3 = new byte[length];
            System.arraycopy(bArr, 23, bArr3, 0, length);
            int i = length - 23;
            byte[] bArr4 = new byte[i];
            System.arraycopy(bArr3, 0, bArr4, 0, i);
            return Base64.decode(Parser.convertBase64(bArr4));
        } catch (Exception e) {
            throw new PKIException(PKIException.INIT_CRL, PKIException.INIT_CRL_DES, e);
        }
    }

    public CertificateList getCertificateList() {
        return this.certList;
    }

    public byte[] getEncoded() throws PKIException {
        try {
            return Parser.writeDERObj2Bytes(this.certList);
        } catch (Exception e) {
            throw new PKIException(PKIException.ENCODED_CRL, PKIException.ENCODED_CRL_DES, e);
        }
    }

    public String getIssuer() {
        return this.certList.getIssuer().toString().trim();
    }

    public Date getNextUpdate() {
        Time nextUpdate = this.certList.getNextUpdate();
        if (nextUpdate == null) {
            return null;
        }
        return nextUpdate.getDate();
    }

    public byte[] getSignature() {
        return this.certList.getSignature().getBytes();
    }

    public String getSignatureAlgName() {
        DERObjectIdentifier objectId = this.certList.getSignatureAlgorithm().getObjectId();
        return !PKIConstant.oid2SigAlgName.containsKey(objectId) ? getSignatureAlgOID() : PKIConstant.oid2SigAlgName.get(objectId);
    }

    public String getSignatureAlgOID() {
        return this.certList.getSignatureAlgorithm().getObjectId().getId();
    }

    public byte[] getTBSCertList() throws PKIException {
        try {
            return Parser.writeDERObj2Bytes(this.certList.getTBSCertList().getDERObject());
        } catch (Exception e) {
            throw new PKIException(PKIException.TBSCRL_BYTES, PKIException.TBSCRL_BYTES_DES, e);
        }
    }

    public Date getThisUpdate() {
        return this.certList.getThisUpdate().getDate();
    }

    public int getVersion() {
        return this.certList.getVersion();
    }

    public X509Name getX509NameIssuer() {
        return this.certList.getIssuer();
    }

    public boolean isRevoke(X509Cert x509Cert) {
        if (this.crlEntries == null) {
            return false;
        }
        BigInteger serialNumber = x509Cert.getSerialNumber();
        int i = 0;
        while (true) {
            TBSCertList.CRLEntry[] cRLEntryArr = this.crlEntries;
            if (i >= cRLEntryArr.length) {
                return false;
            }
            if (serialNumber.equals(cRLEntryArr[i].getUserCertificate().getValue())) {
                return true;
            }
            i++;
        }
    }

    public boolean isRevoke(String str) {
        if (this.crlEntries == null) {
            return false;
        }
        BigInteger bigInteger = new BigInteger(str, 16);
        int i = 0;
        while (true) {
            TBSCertList.CRLEntry[] cRLEntryArr = this.crlEntries;
            if (i >= cRLEntryArr.length) {
                return false;
            }
            if (bigInteger.equals(cRLEntryArr[i].getUserCertificate().getValue())) {
                return true;
            }
            i++;
        }
    }

    public boolean isRevoke(BigInteger bigInteger) {
        if (this.crlEntries == null) {
            return false;
        }
        int i = 0;
        while (true) {
            TBSCertList.CRLEntry[] cRLEntryArr = this.crlEntries;
            if (i >= cRLEntryArr.length) {
                return false;
            }
            if (bigInteger.equals(cRLEntryArr[i].getUserCertificate().getValue())) {
                return true;
            }
            i++;
        }
    }

    public boolean verify(JKey jKey, Session session) throws PKIException {
        Mechanism mechanism;
        DERObjectIdentifier objectId = this.certList.getSignatureAlgorithm().getObjectId();
        if (objectId.equals(PKCSObjectIdentifiers.md2WithRSAEncryption)) {
            mechanism = new Mechanism("MD2withRSAEncryption");
        } else if (objectId.equals(PKCSObjectIdentifiers.md5WithRSAEncryption)) {
            mechanism = new Mechanism("MD5withRSAEncryption");
        } else if (objectId.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption) || objectId.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption_v1)) {
            mechanism = new Mechanism("SHA1withRSAEncryption");
        } else if (objectId.equals(PKCSObjectIdentifiers.sha1WithECEncryption)) {
            mechanism = new Mechanism("SHA1withECDSA");
        } else if (objectId.equals(PKCSObjectIdentifiers.sha1WithDSA)) {
            mechanism = new Mechanism("SHA1withDSA");
        } else if (objectId.equals(PKCSObjectIdentifiers.sm2_with_sm3)) {
            mechanism = new Mechanism("SM3withSM2Encryption");
        } else if (objectId.equals(PKCSObjectIdentifiers.sha224WithRSAEncryption)) {
            mechanism = new Mechanism("SHA224withRSAEncryption");
        } else if (objectId.equals(PKCSObjectIdentifiers.sha256WithRSAEncryption)) {
            mechanism = new Mechanism("SHA256withRSAEncryption");
        } else if (objectId.equals(PKCSObjectIdentifiers.sha384WithRSAEncryption)) {
            mechanism = new Mechanism("SHA384withRSAEncryption");
        } else {
            if (!objectId.equals(PKCSObjectIdentifiers.sha512WithRSAEncryption)) {
                throw new PKIException(PKIException.NONSUPPORT_SIGALG, "Unsupported signature algorithm:" + objectId.getId());
            }
            mechanism = new Mechanism("SHA512withRSAEncryption");
        }
        try {
            return session.verifySign(mechanism, jKey, getTBSCertList(), getSignature());
        } catch (Exception e) {
            throw new PKIException("6", PKIException.VERIFY_SIGN_DES, e);
        }
    }
}
