package cfca.sadk.x509.certificate;

import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.algorithm.util.SM2OIDUtil;
import cfca.sadk.asn1.parser.ASN1Parser;
import cfca.sadk.org.bouncycastle.asn1.ASN1InputStream;
import cfca.sadk.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import cfca.sadk.org.bouncycastle.asn1.ASN1Sequence;
import cfca.sadk.org.bouncycastle.asn1.x500.X500Name;
import cfca.sadk.org.bouncycastle.asn1.x500.X500NameStyle;
import cfca.sadk.org.bouncycastle.asn1.x509.CertificateList;
import cfca.sadk.org.bouncycastle.asn1.x509.TBSCertList;
import cfca.sadk.org.bouncycastle.asn1.x509.Time;
import cfca.sadk.signature.rsa.RSASignUtil;
import cfca.sadk.signature.sm2.SM2SignUtil;
import cfca.sadk.system.Mechanisms;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.PublicKey;
import java.util.Date;

/* loaded from: input_file:cfca/sadk/x509/certificate/X509CRL.class */
public class X509CRL {
    private CertificateList certList;
    private TBSCertList.CRLEntry[] crlEntries;

    public X509CRL(byte[] bArr) throws PKIException {
        this.certList = null;
        this.crlEntries = null;
        ASN1InputStream aSN1InputStream = null;
        try {
            try {
                aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(bArr));
                this.certList = CertificateList.getInstance((ASN1Sequence) aSN1InputStream.readObject());
                this.crlEntries = this.certList.getTBSCertList().getRevokedCertificates();
                if (aSN1InputStream != null) {
                    try {
                        aSN1InputStream.close();
                    } catch (Exception e) {
                        throw new PKIException("X509CRL Decoded Failure", e);
                    }
                }
            } catch (Throwable th) {
                if (aSN1InputStream != null) {
                    try {
                        aSN1InputStream.close();
                    } catch (Exception e2) {
                        throw new PKIException("X509CRL Decoded Failure", e2);
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            throw new PKIException(PKIException.INIT_CRL, PKIException.INIT_CRL_DES, e3);
        } catch (Throwable th2) {
            throw new PKIException(PKIException.INIT_CRL, PKIException.INIT_CRL_DES);
        }
    }

    public X509CRL(CertificateList certificateList) {
        this.certList = null;
        this.crlEntries = null;
        this.certList = certificateList;
        this.crlEntries = certificateList.getTBSCertList().getRevokedCertificates();
    }

    public X509CRL(String str) throws PKIException {
        this.certList = null;
        this.crlEntries = null;
        FileInputStream fileInputStream = null;
        ASN1InputStream aSN1InputStream = null;
        try {
            try {
                try {
                    fileInputStream = new FileInputStream(str);
                    aSN1InputStream = new ASN1InputStream(fileInputStream);
                    this.certList = CertificateList.getInstance((ASN1Sequence) aSN1InputStream.readObject());
                    this.crlEntries = this.certList.getTBSCertList().getRevokedCertificates();
                    if (aSN1InputStream != null) {
                        try {
                            aSN1InputStream.close();
                        } catch (Exception e) {
                        }
                    }
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (Exception e2) {
                        }
                    }
                } catch (Throwable th) {
                    if (aSN1InputStream != null) {
                        try {
                            aSN1InputStream.close();
                        } catch (Exception e3) {
                        }
                    }
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (Exception e4) {
                        }
                    }
                    throw th;
                }
            } catch (Throwable th2) {
                throw new PKIException(PKIException.INIT_CRL, PKIException.INIT_CRL_DES);
            }
        } catch (Exception e5) {
            throw new PKIException(PKIException.INIT_CRL, PKIException.INIT_CRL_DES, e5);
        }
    }

    public X509CRL(InputStream inputStream) throws PKIException {
        this.certList = null;
        this.crlEntries = null;
        ASN1InputStream aSN1InputStream = null;
        try {
            try {
                aSN1InputStream = new ASN1InputStream(inputStream);
                this.certList = CertificateList.getInstance((ASN1Sequence) aSN1InputStream.readObject());
                this.crlEntries = this.certList.getTBSCertList().getRevokedCertificates();
                inputStream.close();
                if (aSN1InputStream != null) {
                    try {
                        aSN1InputStream.close();
                    } catch (Exception e) {
                    }
                }
            } catch (Throwable th) {
                if (aSN1InputStream != null) {
                    try {
                        aSN1InputStream.close();
                    } catch (Exception e2) {
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            throw new PKIException(PKIException.INIT_CRL, PKIException.INIT_CRL_DES, e3);
        } catch (Throwable th2) {
            throw new PKIException(PKIException.INIT_CRL, PKIException.INIT_CRL_DES);
        }
    }

    public CertificateList getCertificateList() {
        return this.certList;
    }

    public byte[] getEncoded() throws PKIException {
        try {
            return ASN1Parser.parseDERObj2Bytes(this.certList);
        } catch (Exception e) {
            throw new PKIException(PKIException.ENCODED_CRL, PKIException.ENCODED_CRL_DES, e);
        }
    }

    public String getIssuer() {
        return new X500Name(CFCAStyle.INSTANCE, this.certList.getIssuer()).toString();
    }

    public String getIssuer(X500NameStyle x500NameStyle) {
        return new X500Name(x500NameStyle, this.certList.getIssuer()).toString();
    }

    public Date getThisUpdate() {
        return this.certList.getThisUpdate().getDate();
    }

    public Date getNextUpdate() {
        Time nextUpdate = this.certList.getNextUpdate();
        if (nextUpdate == null) {
            return null;
        }
        return nextUpdate.getDate();
    }

    public byte[] getSignature() {
        return this.certList.getSignature().getBytes();
    }

    public boolean isRevoke(String str) {
        if (this.crlEntries == null) {
            return false;
        }
        BigInteger bigInteger = new BigInteger(str, 16);
        for (int i = 0; i < this.crlEntries.length; i++) {
            if (bigInteger.equals(this.crlEntries[i].getUserCertificate().getValue())) {
                return true;
            }
        }
        return false;
    }

    public boolean isRevoke(BigInteger bigInteger) {
        if (this.crlEntries == null) {
            return false;
        }
        for (int i = 0; i < this.crlEntries.length; i++) {
            if (bigInteger.equals(this.crlEntries[i].getUserCertificate().getValue())) {
                return true;
            }
        }
        return false;
    }

    public boolean verify(PublicKey publicKey) throws PKIException {
        ASN1ObjectIdentifier algorithm = this.certList.getSignatureAlgorithm().getAlgorithm();
        if (SM2OIDUtil.isSm3WithSM2Encryption(algorithm)) {
            if (Mechanism.SM2.equalsIgnoreCase(publicKey.getAlgorithm())) {
                return SM2SignUtil.verify(getTBSCertList(), null, getSignature(), publicKey);
            }
            return false;
        }
        String digestAlgorithmName = Mechanisms.getDigestAlgorithmName(algorithm);
        if (digestAlgorithmName == null) {
            throw new PKIException(PKIException.NONSUPPORT_SIGALG, new StringBuffer().append(PKIException.NONSUPPORT_SIGALG_DES).append(":").append(algorithm.getId()).toString());
        }
        return RSASignUtil.verifySign(digestAlgorithmName, publicKey, getTBSCertList(), getSignature());
    }

    public static boolean verify(String str, String str2) throws FileNotFoundException, IOException, PKIException {
        if (str == null || "".equals(str)) {
            return false;
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            X509CRL x509crl = new X509CRL(fileInputStream);
            fileInputStream.close();
            FileInputStream fileInputStream2 = new FileInputStream(str2);
            X509Cert x509Cert = new X509Cert(fileInputStream2);
            fileInputStream2.close();
            return x509crl.verify(x509Cert.getPublicKey());
        } catch (PKIException e) {
            throw e;
        } catch (FileNotFoundException e2) {
            throw e2;
        } catch (IOException e3) {
            throw e3;
        }
    }

    public String getSignatureAlgName() {
        return Mechanism.getSignatureAlgName(this.certList.getSignatureAlgorithm());
    }

    public String getSignatureAlgOID() {
        return this.certList.getSignatureAlgorithm().getAlgorithm().getId();
    }

    public byte[] getTBSCertList() throws PKIException {
        try {
            return ASN1Parser.parseDERObj2Bytes(this.certList.getTBSCertList().toASN1Primitive());
        } catch (Exception e) {
            throw new PKIException(PKIException.TBSCRL_BYTES, PKIException.TBSCRL_BYTES_DES, e);
        }
    }

    public int hashCode() {
        return (31 * 1) + (this.certList == null ? 0 : this.certList.hashCode());
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        X509CRL x509crl = (X509CRL) obj;
        return this.certList == null ? x509crl.certList == null : this.certList.equals(x509crl.certList);
    }
}
