package com.cfca.util.pki.crl;

import com.cfca.util.pki.PKIConstant;
import com.cfca.util.pki.PKIException;
import com.cfca.util.pki.Parser;
import com.cfca.util.pki.asn1.ASN1InputStream;
import com.cfca.util.pki.asn1.ASN1Sequence;
import com.cfca.util.pki.asn1.DERObjectIdentifier;
import com.cfca.util.pki.asn1.pkcs.PKCSObjectIdentifiers;
import com.cfca.util.pki.asn1.x509.CertificateList;
import com.cfca.util.pki.asn1.x509.TBSCertList;
import com.cfca.util.pki.asn1.x509.Time;
import com.cfca.util.pki.asn1.x509.X509Extension;
import com.cfca.util.pki.asn1.x509.X509Extensions;
import com.cfca.util.pki.asn1.x9.X9ObjectIdentifiers;
import com.cfca.util.pki.cert.X509Cert;
import com.cfca.util.pki.cipher.JKey;
import com.cfca.util.pki.cipher.Mechanism;
import com.cfca.util.pki.cipher.Session;
import com.cfca.util.pki.extension.AuthorityKeyIdentifierExt;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.math.BigInteger;
import java.util.Date;

/* loaded from: classes.dex */
public class X509CRL {
    private CertificateList certList;
    private TBSCertList.CRLEntry[] crlEntries;

    public X509CRL(CertificateList certificateList) {
        this.certList = null;
        this.crlEntries = null;
        this.certList = certificateList;
        this.crlEntries = certificateList.getTBSCertList().getRevokedCertificates();
    }

    public X509CRL(InputStream inputStream) throws PKIException {
        this.certList = null;
        this.crlEntries = null;
        try {
            CertificateList certificateList = new CertificateList((ASN1Sequence) new ASN1InputStream(inputStream).readObject());
            this.certList = certificateList;
            this.crlEntries = certificateList.getTBSCertList().getRevokedCertificates();
            inputStream.close();
        } catch (Exception e) {
            throw new PKIException(PKIException.INIT_CRL, PKIException.INIT_CRL_DES, e);
        }
    }

    public X509CRL(byte[] bArr) throws PKIException {
        this.certList = null;
        this.crlEntries = null;
        try {
            CertificateList certificateList = new CertificateList((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject());
            this.certList = certificateList;
            this.crlEntries = certificateList.getTBSCertList().getRevokedCertificates();
        } catch (Exception e) {
            throw new PKIException(PKIException.INIT_CRL, PKIException.INIT_CRL_DES, e);
        }
    }

    public AuthorityKeyIdentifierExt getAuthorityKeyIdentifierExt() throws PKIException {
        try {
            this.certList.getDERObject();
            X509Extension extension = this.certList.getTBSCertList().getExtensions().getExtension(X509Extensions.AuthorityKeyIdentifier);
            if (extension == null) {
                return null;
            }
            return new AuthorityKeyIdentifierExt((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(extension.getValue().getOctets())).readObject());
        } catch (Exception e) {
            throw new PKIException(PKIException.ENCODED_CRL, PKIException.ENCODED_CRL_DES, e);
        }
    }

    public CertificateList getCertificateList() {
        return this.certList;
    }

    public byte[] getEncoded() throws PKIException {
        try {
            return Parser.writeDERObj2Bytes(this.certList);
        } catch (Exception e) {
            throw new PKIException(PKIException.ENCODED_CRL, PKIException.ENCODED_CRL_DES, e);
        }
    }

    public String getIssuer() {
        return this.certList.getIssuer().toString();
    }

    public Date getNextUpdate() {
        Time nextUpdate = this.certList.getNextUpdate();
        if (nextUpdate == null) {
            return null;
        }
        return nextUpdate.getDate();
    }

    public byte[] getSignature() {
        return this.certList.getSignature().getBytes();
    }

    public String getSignatureAlgName() {
        DERObjectIdentifier objectId = this.certList.getSignatureAlgorithm().getObjectId();
        return !PKIConstant.oid2SigAlgName.containsKey(objectId) ? getSignatureAlgOID() : (String) PKIConstant.oid2SigAlgName.get(objectId);
    }

    public String getSignatureAlgOID() {
        return this.certList.getSignatureAlgorithm().getObjectId().getId();
    }

    public byte[] getTBSCertList() throws PKIException {
        try {
            return Parser.writeDERObj2Bytes(this.certList.getTBSCertList().getDERObject());
        } catch (Exception e) {
            throw new PKIException(PKIException.TBSCRL_BYTES, PKIException.TBSCRL_BYTES_DES, e);
        }
    }

    public Date getThisUpdate() {
        return this.certList.getThisUpdate().getDate();
    }

    public int getVersion() {
        return this.certList.getVersion();
    }

    public boolean isRevoke(X509Cert x509Cert) {
        if (this.crlEntries == null) {
            return false;
        }
        BigInteger serialNumber = x509Cert.getSerialNumber();
        int i = 0;
        while (true) {
            TBSCertList.CRLEntry[] cRLEntryArr = this.crlEntries;
            if (i >= cRLEntryArr.length) {
                return false;
            }
            if (serialNumber.equals(cRLEntryArr[i].getUserCertificate().getValue())) {
                return true;
            }
            i++;
        }
    }

    public boolean isRevoke(String str) {
        if (this.crlEntries == null) {
            return false;
        }
        BigInteger bigInteger = new BigInteger(str, 16);
        int i = 0;
        while (true) {
            TBSCertList.CRLEntry[] cRLEntryArr = this.crlEntries;
            if (i >= cRLEntryArr.length) {
                return false;
            }
            if (bigInteger.equals(cRLEntryArr[i].getUserCertificate().getValue())) {
                return true;
            }
            i++;
        }
    }

    public boolean isRevoke(BigInteger bigInteger) {
        if (this.crlEntries == null) {
            return false;
        }
        int i = 0;
        while (true) {
            TBSCertList.CRLEntry[] cRLEntryArr = this.crlEntries;
            if (i >= cRLEntryArr.length) {
                return false;
            }
            if (bigInteger.equals(cRLEntryArr[i].getUserCertificate().getValue())) {
                return true;
            }
            i++;
        }
    }

    public boolean verify(JKey jKey, Session session) throws PKIException {
        Mechanism mechanism;
        DERObjectIdentifier objectId = this.certList.getSignatureAlgorithm().getObjectId();
        if (objectId.equals(PKCSObjectIdentifiers.md2WithRSAEncryption)) {
            mechanism = new Mechanism("MD2withRSAEncryption");
        } else if (objectId.equals(PKCSObjectIdentifiers.md5WithRSAEncryption)) {
            mechanism = new Mechanism("MD5withRSAEncryption");
        } else if (objectId.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption)) {
            mechanism = new Mechanism("SHA1withRSAEncryption");
        } else if (objectId.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption)) {
            mechanism = new Mechanism("SHA256withRSAEncryption");
        } else if (objectId.equals(X9ObjectIdentifiers.ecdsa_with_SHA1)) {
            mechanism = new Mechanism("SHA1withECDSA");
        } else if (objectId.equals(X9ObjectIdentifiers.ecdsa_with_SHA256)) {
            mechanism = new Mechanism("SHA256withECDSA");
        } else if (objectId.equals(X9ObjectIdentifiers.sm3_with_SM2)) {
            mechanism = new Mechanism("SCHwithECDSA");
        } else {
            if (!objectId.equals(PKCSObjectIdentifiers.sha1WithDSA)) {
                throw new PKIException(PKIException.NONSUPPORT_SIGALG, "不支持的签名算法:" + objectId.getId());
            }
            mechanism = new Mechanism("SHA1withDSA");
        }
        try {
            return session.verifySign(mechanism, jKey, getTBSCertList(), getSignature());
        } catch (Exception e) {
            throw new PKIException(PKIException.VERIFY_SIGN, PKIException.VERIFY_SIGN_DES, e);
        }
    }
}
