package cn.com.jit.ida.util.pki.crl;

import cn.com.jit.ida.util.pki.PKIConstant;
import cn.com.jit.ida.util.pki.PKIException;
import cn.com.jit.ida.util.pki.Parser;
import cn.com.jit.ida.util.pki.asn1.ASN1EncodableVector;
import cn.com.jit.ida.util.pki.asn1.DERBitString;
import cn.com.jit.ida.util.pki.asn1.DERInteger;
import cn.com.jit.ida.util.pki.asn1.DERNull;
import cn.com.jit.ida.util.pki.asn1.DERObjectIdentifier;
import cn.com.jit.ida.util.pki.asn1.DEROctetString;
import cn.com.jit.ida.util.pki.asn1.DERSequence;
import cn.com.jit.ida.util.pki.asn1.x509.AlgorithmIdentifier;
import cn.com.jit.ida.util.pki.asn1.x509.TBSCertList;
import cn.com.jit.ida.util.pki.asn1.x509.Time;
import cn.com.jit.ida.util.pki.asn1.x509.V2TBSCertListGenerator;
import cn.com.jit.ida.util.pki.asn1.x509.X509Extension;
import cn.com.jit.ida.util.pki.asn1.x509.X509Extensions;
import cn.com.jit.ida.util.pki.asn1.x509.X509Name;
import cn.com.jit.ida.util.pki.cipher.JHandle;
import cn.com.jit.ida.util.pki.cipher.JKey;
import cn.com.jit.ida.util.pki.cipher.Mechanism;
import cn.com.jit.ida.util.pki.cipher.Session;
import cn.com.jit.ida.util.pki.extension.Extension;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.util.Date;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;
import java.util.Vector;

/* loaded from: classes.dex */
public class X509CRLGenerator {
    public static final int AA_COMPROMISE = 10;
    public static final int AFFILIATION_CHANGED = 3;
    public static final int CA_COMPROMISE = 2;
    public static final int CERTIFICATE_HOLD = 6;
    public static final int CESSATION_OF_OPERATION = 5;
    public static final int KEY_COMPROMISE = 1;
    public static final int PRIVILEGE_WITHDRAWN = 9;
    public static final int REMOVE_FROM_CRL = 8;
    public static final int SUPERSEDED = 4;
    public static final int UNSPECIFIED = 0;
    private Hashtable extensionSet;
    private V2TBSCertListGenerator tbsCRLGen;
    private Mechanism mechanism = null;
    private AlgorithmIdentifier sigAlg = null;
    private TBSCertList tbsCRL = null;
    private DERBitString signature = null;
    private String issuerName = null;
    private Date thisUpdate = null;
    private HashMap dnrules = null;

    public X509CRLGenerator() {
        this.tbsCRLGen = null;
        this.extensionSet = null;
        this.tbsCRLGen = new V2TBSCertListGenerator();
        this.extensionSet = new Hashtable();
    }

    private byte[] constructCRL() throws PKIException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(this.tbsCRL);
        aSN1EncodableVector.add(this.sigAlg);
        aSN1EncodableVector.add(this.signature);
        try {
            return Parser.writeDERObj2Bytes(new DERSequence(aSN1EncodableVector).getDERObject());
        } catch (Exception e) {
            throw new PKIException(PKIException.CRL_BYTES, PKIException.CRL_BYTES_DES, e);
        }
    }

    private void generateSignature(JKey jKey, Session session) throws PKIException {
        byte[] sign;
        if (this.extensionSet.size() > 0) {
            this.tbsCRLGen.setExtensions(new X509Extensions(this.extensionSet));
        }
        TBSCertList generateTBSCertList = this.tbsCRLGen.generateTBSCertList();
        this.tbsCRL = generateTBSCertList;
        try {
            byte[] writeDERObj2Bytes = Parser.writeDERObj2Bytes(generateTBSCertList.getDERObject());
            try {
                if (writeDERObj2Bytes.length <= 1024 || !session.getCfgTag().isSupportStream()) {
                    sign = session.sign(this.mechanism, jKey, writeDERObj2Bytes);
                } else {
                    JHandle SignInit = session.SignInit(this.mechanism, jKey);
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(writeDERObj2Bytes);
                    while (byteArrayInputStream.available() > 1024) {
                        byte[] bArr = new byte[1024];
                        byteArrayInputStream.read(bArr);
                        session.SignUpdate(SignInit, bArr);
                    }
                    byte[] bArr2 = new byte[byteArrayInputStream.available()];
                    byteArrayInputStream.read(bArr2);
                    session.SignUpdate(SignInit, bArr2);
                    sign = session.SignFinal(SignInit);
                }
                this.signature = new DERBitString(sign);
            } catch (Exception e) {
                throw new PKIException("5", PKIException.SIGN_DES, e);
            }
        } catch (Exception e2) {
            throw new PKIException(PKIException.TBSCRL_BYTES, PKIException.TBSCRL_BYTES_DES, e2);
        }
    }

    public void SetDnRules(Map map) {
        this.dnrules = (HashMap) map;
    }

    public void addExtension(Extension extension) throws PKIException {
        DERObjectIdentifier dERObjectIdentifier = new DERObjectIdentifier(extension.getOID());
        extension.getCritical();
        try {
            this.extensionSet.put(dERObjectIdentifier, new X509Extension(extension.getCritical(), new DEROctetString(extension.encode())));
        } catch (PKIException e) {
            throw new PKIException(PKIException.EXTENSION_ENCODE, PKIException.EXTENSION_ENCODE_DES, e);
        }
    }

    public void addRevokeCert(String str, Date date) {
        this.tbsCRLGen.addCRLEntry(new DERInteger(new BigInteger(str, 16)), new Time(date), 0);
    }

    public void addRevokeCert(String str, Date date, int i) {
        this.tbsCRLGen.addCRLEntry(new DERInteger(new BigInteger(str, 16)), new Time(date), i);
    }

    public void addRevokeCert(BigInteger bigInteger, Date date) {
        this.tbsCRLGen.addCRLEntry(new DERInteger(bigInteger), new Time(date), 0);
    }

    public void addRevokeCert(BigInteger bigInteger, Date date, int i) {
        this.tbsCRLGen.addCRLEntry(new DERInteger(bigInteger), new Time(date), i);
    }

    public byte[] generateCRL(JKey jKey, Session session) throws PKIException {
        String str = this.issuerName;
        if (str == null || str.equals("")) {
            throw new PKIException(PKIException.ISSUER_NULL, PKIException.ISSUER_NULL_DES);
        }
        if (this.thisUpdate == null) {
            throw new PKIException(PKIException.THIS_UPDATE_NULL, PKIException.THIS_UPDATE_NULL_DES);
        }
        if (this.sigAlg == null) {
            throw new PKIException(PKIException.SIG_ALG_NULL, PKIException.SIG_ALG_NULL_DES);
        }
        generateSignature(jKey, session);
        return constructCRL();
    }

    public void setExtension(Vector vector) throws PKIException {
        int size = vector.size();
        for (int i = 0; i < size; i++) {
            Extension extension = (Extension) vector.get(i);
            DERObjectIdentifier dERObjectIdentifier = new DERObjectIdentifier(extension.getOID());
            extension.getCritical();
            try {
                this.extensionSet.put(dERObjectIdentifier, new X509Extension(extension.getCritical(), new DEROctetString(extension.encode())));
            } catch (PKIException e) {
                throw new PKIException(PKIException.EXTENSION_ENCODE, PKIException.EXTENSION_ENCODE_DES, e);
            }
        }
    }

    public void setIssuer(X509Name x509Name) {
        this.issuerName = x509Name.toString();
        this.tbsCRLGen.setIssuer(x509Name);
    }

    public void setIssuer(String str) {
        this.issuerName = str;
        X509Name x509Name = new X509Name(str);
        HashMap hashMap = this.dnrules;
        if (hashMap != null) {
            x509Name.setRules(hashMap);
        }
        this.tbsCRLGen.setIssuer(x509Name);
    }

    public void setNextUpdate(Date date) {
        this.tbsCRLGen.setNextUpdate(new Time(date));
    }

    public void setSignatureAlg(String str) throws PKIException {
        if (str == null) {
            throw new PKIException(PKIException.SIG_ALG_NULL, PKIException.SIG_ALG_NULL_DES);
        }
        if (str.equals("MD2withRSAEncryption")) {
            this.mechanism = new Mechanism("MD2withRSAEncryption");
        } else if (str.equals("MD5withRSAEncryption")) {
            this.mechanism = new Mechanism("MD5withRSAEncryption");
        } else if (str.equals("SHA1withRSAEncryption")) {
            this.mechanism = new Mechanism("SHA1withRSAEncryption");
        } else if (str.equals("SHA224withRSAEncryption")) {
            this.mechanism = new Mechanism("SHA224withRSAEncryption");
        } else if (str.equals("SHA256withRSAEncryption")) {
            this.mechanism = new Mechanism("SHA256withRSAEncryption");
        } else if (str.equals("SHA384withRSAEncryption")) {
            this.mechanism = new Mechanism("SHA384withRSAEncryption");
        } else if (str.equals("SHA512withRSAEncryption")) {
            this.mechanism = new Mechanism("SHA512withRSAEncryption");
        } else if (str.equals("SHA224withECDSA")) {
            this.mechanism = new Mechanism("SHA224withECDSA");
        } else if (str.equals("SHA256withECDSA")) {
            this.mechanism = new Mechanism("SHA256withECDSA");
        } else if (str.endsWith("SHA384withECDSA")) {
            this.mechanism = new Mechanism("SHA384withECDSA");
        } else if (str.endsWith("SHA512withECDSA")) {
            this.mechanism = new Mechanism("SHA512withECDSA");
        } else if (str.endsWith("SHA1withECDSA")) {
            this.mechanism = new Mechanism("SHA1withECDSA");
        } else if (str.endsWith("SHA1withDSA")) {
            this.mechanism = new Mechanism("SHA1withDSA");
        } else {
            if (!str.endsWith("SM3withSM2Encryption")) {
                throw new PKIException(PKIException.NONSUPPORT_SIGALG, "Unsupported signature algorithm: " + str);
            }
            this.mechanism = new Mechanism("SM3withSM2Encryption");
        }
        DERObjectIdentifier dERObjectIdentifier = PKIConstant.sigAlgName2OID.get(str);
        if (str.equals("SHA224withRSAEncryption") || str.equals("SHA256withRSAEncryption") || str.equals("SHA384withRSAEncryption") || str.equals("SHA512withRSAEncryption")) {
            this.sigAlg = new AlgorithmIdentifier(dERObjectIdentifier, new DERNull());
        } else {
            this.sigAlg = new AlgorithmIdentifier(dERObjectIdentifier);
        }
        this.tbsCRLGen.setSignature(this.sigAlg);
    }

    public void setThisUpdate(Date date) {
        this.thisUpdate = date;
        this.tbsCRLGen.setThisUpdate(new Time(date));
    }
}
