package cfca.sadk.x509.certificate;

import cfca.sadk.algorithm.common.MechanismKit;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.algorithm.sm2.SM2PublicKey;
import cfca.sadk.lib.crypto.JCrypto;
import cfca.sadk.org.bouncycastle.asn1.sm2.ASN1SM2Signature;
import cfca.sadk.org.bouncycastle.asn1.x500.X500NameStyle;
import cfca.sadk.org.bouncycastle.crypto.Digest;
import cfca.sadk.org.bouncycastle.crypto.digests.SM3Digest;
import cfca.sadk.util.Base64;
import cfca.sadk.util.Signature;
import java.math.BigInteger;
import java.security.PublicKey;
import java.util.Date;

/* loaded from: input_file:cfca/sadk/x509/certificate/X509CRLBase.class */
abstract class X509CRLBase {
    CRLStructure crlStructure;
    byte[] hashValue;

    public final String getIssuer() {
        return this.crlStructure.getIssuer(CFCAStyle.INSTANCE);
    }

    public final String getIssuer(X500NameStyle x500NameStyle) {
        return this.crlStructure.getIssuer(x500NameStyle);
    }

    public final Date getThisUpdate() {
        return this.crlStructure.getThisUpdate();
    }

    public final Date getNextUpdate() {
        return this.crlStructure.getNextUpdate();
    }

    public final byte[] getSignature() {
        return this.crlStructure.getSignature();
    }

    public final String getSignatureAlgName() {
        return this.crlStructure.getSignatureAlgName();
    }

    public final String getSignatureAlgOID() {
        return this.crlStructure.getSignatureAlgOID();
    }

    public final boolean isRevoke(String str) {
        boolean z = false;
        if (str != null) {
            try {
                z = isRevoke(new BigInteger(str, 16));
            } catch (PKIException e) {
                throw new SecurityException(e);
            }
        }
        return z;
    }

    public abstract boolean isRevoke(BigInteger bigInteger) throws PKIException;

    public final boolean verify(PublicKey publicKey) throws PKIException {
        byte[] bArr;
        try {
            String id = this.crlStructure.signatureAlgorithm.getAlgorithm().getId();
            String signType = CRLSignType.getSignType(id);
            Digest digestEngine = CRLSignType.getDigestEngine(id);
            if (signType.toUpperCase().indexOf(publicKey.getAlgorithm().toUpperCase()) < 0) {
                return false;
            }
            boolean z = false;
            if (digestEngine instanceof SM3Digest) {
                if (!MechanismKit.SM2.equalsIgnoreCase(publicKey.getAlgorithm())) {
                    throw new PKIException("CrlFile verify failure with cert not match  signatureAlgorithm --> " + id);
                }
                try {
                    try {
                        byte[] defaultZ = new SM2PublicKey(publicKey.getEncoded()).getDefaultZ();
                        digestEngine.update(defaultZ, 0, defaultZ.length);
                        z = true;
                    } catch (Exception e) {
                        throw new PKIException("CrlFile verify failure with invalid ZValue", e);
                    }
                } catch (Exception e2) {
                    throw new PKIException("CrlFile verify failure with invalid encoding of SM2PublicKey", e2);
                }
            }
            if (this.hashValue == null || z) {
                this.hashValue = hash(digestEngine);
            }
            if (!z || this.crlStructure.signatureValue.length == 64) {
                bArr = this.crlStructure.signatureValue;
            } else {
                try {
                    bArr = new ASN1SM2Signature(this.crlStructure.signatureValue).getRSRaw64Bytes();
                } catch (Exception e3) {
                    throw new PKIException("CrlFile verify failure when find invalid SM2Signature encoding", e3);
                }
            }
            try {
                byte[] encode = Base64.encode(bArr);
                JCrypto.getInstance().initialize(JCrypto.JSOFT_LIB, null);
                return new Signature().p1VerifyByHash(signType, this.hashValue, encode, publicKey, JCrypto.getInstance().openSession(JCrypto.JSOFT_LIB));
            } catch (Exception e4) {
                throw new PKIException("CrlFile verify failure when doing verify", e4);
            }
        } catch (Exception e5) {
            throw new PKIException("CrlFile verify failure with invalid signatureAlgorithm-->" + this.crlStructure.signatureAlgorithm.getAlgorithm(), e5);
        }
    }

    public abstract byte[] hash(Digest digest) throws PKIException;
}
