package com.cfca.util.pki.crl;

import com.cfca.util.pki.PKIConstant;
import com.cfca.util.pki.PKIException;
import com.cfca.util.pki.Parser;
import com.cfca.util.pki.asn1.ASN1EncodableVector;
import com.cfca.util.pki.asn1.DERBitString;
import com.cfca.util.pki.asn1.DERInteger;
import com.cfca.util.pki.asn1.DERObjectIdentifier;
import com.cfca.util.pki.asn1.DEROctetString;
import com.cfca.util.pki.asn1.DERSequence;
import com.cfca.util.pki.asn1.x509.AlgorithmIdentifier;
import com.cfca.util.pki.asn1.x509.TBSCertList;
import com.cfca.util.pki.asn1.x509.Time;
import com.cfca.util.pki.asn1.x509.V2TBSCertListGenerator;
import com.cfca.util.pki.asn1.x509.X509Extension;
import com.cfca.util.pki.asn1.x509.X509Extensions;
import com.cfca.util.pki.asn1.x509.X509Name;
import com.cfca.util.pki.cipher.JCrypto;
import com.cfca.util.pki.cipher.JKey;
import com.cfca.util.pki.cipher.JKeyPair;
import com.cfca.util.pki.cipher.Mechanism;
import com.cfca.util.pki.cipher.Session;
import com.cfca.util.pki.extension.AuthorityKeyIdentifierExt;
import com.cfca.util.pki.extension.CRLNumberExt;
import com.cfca.util.pki.extension.Extension;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.util.Date;
import java.util.Hashtable;
import java.util.Vector;

/* loaded from: input_file:com/cfca/util/pki/crl/X509CRLGenerator.class */
public class X509CRLGenerator {
    public static final int UNSPECIFIED = 0;
    public static final int KEY_COMPROMISE = 1;
    public static final int CA_COMPROMISE = 2;
    public static final int AFFILIATION_CHANGED = 3;
    public static final int SUPERSEDED = 4;
    public static final int CESSATION_OF_OPERATION = 5;
    public static final int CERTIFICATE_HOLD = 6;
    public static final int REMOVE_FROM_CRL = 8;
    public static final int PRIVILEGE_WITHDRAWN = 9;
    public static final int AA_COMPROMISE = 10;
    private V2TBSCertListGenerator tbsCRLGen;
    private Hashtable extensionSet;
    private Mechanism mechanism = null;
    private AlgorithmIdentifier sigAlg = null;
    private TBSCertList tbsCRL = null;
    private DERBitString signature = null;
    private String issuerName = null;
    private Date thisUpdate = null;

    public X509CRLGenerator() {
        this.tbsCRLGen = null;
        this.extensionSet = null;
        this.tbsCRLGen = new V2TBSCertListGenerator();
        this.extensionSet = new Hashtable();
    }

    public void addRevokeCert(String str, Date date) {
        this.tbsCRLGen.addCRLEntry(new DERInteger(new BigInteger(str, 16)), new Time(date), 0);
    }

    public void addRevokeCert(String str, Date date, int i) {
        this.tbsCRLGen.addCRLEntry(new DERInteger(new BigInteger(str, 16)), new Time(date), i);
    }

    public void addRevokeCert(BigInteger bigInteger, Date date) {
        this.tbsCRLGen.addCRLEntry(new DERInteger(bigInteger), new Time(date), 0);
    }

    public void addRevokeCert(BigInteger bigInteger, Date date, int i) {
        this.tbsCRLGen.addCRLEntry(new DERInteger(bigInteger), new Time(date), i);
    }

    public void setIssuer(String str) {
        this.issuerName = str;
        this.tbsCRLGen.setIssuer(new X509Name(str));
    }

    public void setThisUpdate(Date date) {
        this.thisUpdate = date;
        this.tbsCRLGen.setThisUpdate(new Time(date));
    }

    public void setNextUpdate(Date date) {
        this.tbsCRLGen.setNextUpdate(new Time(date));
    }

    public void setSignatureAlg(String str) throws PKIException {
        if (str == null) {
            throw new PKIException(PKIException.SIG_ALG_NULL, PKIException.SIG_ALG_NULL_DES);
        }
        if (str.equals("MD2withRSAEncryption")) {
            this.mechanism = new Mechanism("MD2withRSAEncryption");
        } else if (str.equals("MD5withRSAEncryption")) {
            this.mechanism = new Mechanism("MD5withRSAEncryption");
        } else if (str.equals("SHA1withRSAEncryption")) {
            this.mechanism = new Mechanism("SHA1withRSAEncryption");
        } else if (str.endsWith("SHA1withECDSA")) {
            this.mechanism = new Mechanism("SHA1withECDSA");
        } else {
            if (!str.endsWith("SHA1withDSA")) {
                throw new PKIException(PKIException.NONSUPPORT_SIGALG, new StringBuffer("不支持的签名算法: ").append(str).toString());
            }
            this.mechanism = new Mechanism("SHA1withDSA");
        }
        this.sigAlg = new AlgorithmIdentifier((DERObjectIdentifier) PKIConstant.sigAlgName2OID.get(str));
        this.tbsCRLGen.setSignature(this.sigAlg);
    }

    public void setExtension(Vector vector) throws PKIException {
        int size = vector.size();
        for (int i = 0; i < size; i++) {
            Extension extension = (Extension) vector.get(i);
            DERObjectIdentifier dERObjectIdentifier = new DERObjectIdentifier(extension.getOID());
            extension.getCritical();
            try {
                this.extensionSet.put(dERObjectIdentifier, new X509Extension(extension.getCritical(), new DEROctetString(extension.encode())));
            } catch (PKIException e) {
                throw new PKIException(PKIException.EXTENSION_ENCODE, PKIException.EXTENSION_ENCODE_DES, e);
            }
        }
    }

    public void addExtension(Extension extension) throws PKIException {
        DERObjectIdentifier dERObjectIdentifier = new DERObjectIdentifier(extension.getOID());
        extension.getCritical();
        try {
            this.extensionSet.put(dERObjectIdentifier, new X509Extension(extension.getCritical(), new DEROctetString(extension.encode())));
        } catch (PKIException e) {
            throw new PKIException(PKIException.EXTENSION_ENCODE, PKIException.EXTENSION_ENCODE_DES, e);
        }
    }

    public byte[] generateCRL(JKey jKey, Session session) throws PKIException {
        if (this.issuerName == null || this.issuerName.equals("")) {
            throw new PKIException(PKIException.ISSUER_NULL, PKIException.ISSUER_NULL_DES);
        }
        if (this.thisUpdate == null) {
            throw new PKIException(PKIException.THIS_UPDATE_NULL, PKIException.THIS_UPDATE_NULL_DES);
        }
        if (this.sigAlg == null) {
            throw new PKIException(PKIException.SIG_ALG_NULL, PKIException.SIG_ALG_NULL_DES);
        }
        generateSignature(jKey, session);
        return constructCRL();
    }

    private void generateSignature(JKey jKey, Session session) throws PKIException {
        if (this.extensionSet.size() > 0) {
            this.tbsCRLGen.setExtensions(new X509Extensions(this.extensionSet));
        }
        this.tbsCRL = this.tbsCRLGen.generateTBSCertList();
        try {
            try {
                this.signature = new DERBitString(session.sign(this.mechanism, jKey, Parser.writeDERObj2Bytes(this.tbsCRL.getDERObject())));
            } catch (Exception e) {
                throw new PKIException("05", PKIException.SIGN_DES, e);
            }
        } catch (Exception e2) {
            throw new PKIException(PKIException.TBSCRL_BYTES, PKIException.TBSCRL_BYTES_DES, e2);
        }
    }

    private byte[] constructCRL() throws PKIException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(this.tbsCRL);
        aSN1EncodableVector.add(this.sigAlg);
        aSN1EncodableVector.add(this.signature);
        DERSequence dERSequence = new DERSequence(aSN1EncodableVector);
        try {
            return Parser.writeDERObj2Bytes(dERSequence.getDERObject());
        } catch (Exception e) {
            throw new PKIException(PKIException.CRL_BYTES, PKIException.CRL_BYTES_DES, e);
        }
    }

    public static void main(String[] strArr) {
        X509CRLGenerator x509CRLGenerator = new X509CRLGenerator();
        try {
            JCrypto jCrypto = JCrypto.getInstance();
            jCrypto.initialize(JCrypto.JSOFT_LIB, null);
            Mechanism mechanism = new Mechanism(Mechanism.RSA);
            Session openSession = jCrypto.openSession(JCrypto.JSOFT_LIB);
            JKeyPair generateKeyPair = openSession.generateKeyPair(mechanism, 1024);
            JKey privateKey = generateKeyPair.getPrivateKey();
            JKey publicKey = generateKeyPair.getPublicKey();
            x509CRLGenerator.setIssuer("CN=IDA,C=CN");
            x509CRLGenerator.setThisUpdate(new Date());
            x509CRLGenerator.setNextUpdate(new Date(System.currentTimeMillis() + 7200000));
            x509CRLGenerator.setSignatureAlg("SHA1withRSAEncryption");
            x509CRLGenerator.addRevokeCert("a11111111111111", new Date(), 2);
            x509CRLGenerator.addRevokeCert("b22222222222222", new Date());
            CRLNumberExt cRLNumberExt = new CRLNumberExt();
            System.out.println(cRLNumberExt.getOID());
            cRLNumberExt.setCritical(true);
            cRLNumberExt.SetCRLNumber(new BigInteger("500"));
            x509CRLGenerator.addExtension(cRLNumberExt);
            AuthorityKeyIdentifierExt authorityKeyIdentifierExt = new AuthorityKeyIdentifierExt(publicKey);
            authorityKeyIdentifierExt.setAuthorityCertIssuer("cn=jfdk,o=jit,c=cn");
            authorityKeyIdentifierExt.setAuthorityCertSerialNumber(new BigInteger("8888"));
            x509CRLGenerator.addExtension(authorityKeyIdentifierExt);
            byte[] generateCRL = x509CRLGenerator.generateCRL(privateKey, openSession);
            FileOutputStream fileOutputStream = new FileOutputStream("D:/TESTCRL.crl");
            fileOutputStream.write(generateCRL);
            fileOutputStream.flush();
            fileOutputStream.close();
            X509CRL x509crl = new X509CRL(generateCRL);
            x509crl.verify(generateKeyPair.getPublicKey(), openSession);
            x509crl.getIssuer();
            x509crl.getSignatureAlgName();
            x509crl.getThisUpdate();
            x509crl.isRevoke("a11111111111111");
        } catch (Exception e) {
        }
    }
}
