package cfca.x509.certificate;

import cfca.internal.tool.MechanismUtil;
import cfca.org.bouncycastle.asn1.x500.X500Name;
import cfca.org.bouncycastle.asn1.x500.X500NameStyle;
import cfca.org.bouncycastle.asn1.x509.CertificateList;
import cfca.org.bouncycastle.asn1.x509.TBSCertList;
import cfca.sadk32.org.bouncycastle.asn1.sm2.ASN1SM2Signature;
import cfca.sm2rsa.common.Mechanism;
import cfca.sm2rsa.common.PKIException;
import cfca.util.cipher.lib.BCSoftLib;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.PublicKey;
import java.util.Date;

/* loaded from: input_file:cfca/x509/certificate/X509CRL.class */
public final class X509CRL {
    static final int maxLengthOfCRLFile = 536870912;
    private CertificateList certList;
    private TBSCertList.CRLEntry[] crlEntries;

    public X509CRL(byte[] bArr) throws PKIException {
        this.certList = null;
        this.crlEntries = null;
        if (bArr == null) {
            throw new PKIException("850416", "解析CRL时初始化CRL失败: required derCRL");
        }
        if (bArr.length > 536870912) {
            throw new PKIException("850416", "解析CRL时初始化CRL失败: limited by 512M");
        }
        try {
            this.certList = CertificateList.getInstance(bArr);
            this.crlEntries = this.certList.getTBSCertList().getRevokedCertificates();
        } catch (Exception e) {
            throw new PKIException("850416", "解析CRL时初始化CRL失败", e);
        } catch (Throwable th) {
            throw new PKIException("850416", "解析CRL时初始化CRL失败", th);
        }
    }

    public X509CRL(CertificateList certificateList) throws PKIException {
        this.certList = null;
        this.crlEntries = null;
        if (certificateList == null) {
            throw new PKIException("850416", "解析CRL时初始化CRL失败: required certList");
        }
        this.certList = certificateList;
        this.crlEntries = certificateList.getTBSCertList().getRevokedCertificates();
    }

    public X509CRL(InputStream inputStream) throws PKIException {
        this.certList = null;
        this.crlEntries = null;
        if (inputStream == null) {
            throw new PKIException("850416", "解析CRL时初始化CRL失败: stream null");
        }
        try {
            int available = inputStream.available();
            if (available > 536870912) {
                throw new PKIException("850416", "解析CRL时初始化CRL失败: stream too large,limited by 512M");
            }
            if (available < 80) {
                throw new PKIException("850416", "解析CRL时初始化CRL失败: stream too small");
            }
            byte[] bArr = new byte[inputStream.available()];
            int i = 0;
            while (i < bArr.length) {
                int read = inputStream.read(bArr, i, bArr.length - i);
                if (read > 0) {
                    i += read;
                }
            }
            this.certList = CertificateList.getInstance(bArr);
            this.crlEntries = this.certList.getTBSCertList().getRevokedCertificates();
        } catch (PKIException e) {
            throw e;
        } catch (Exception e2) {
            throw new PKIException("850416", "解析CRL时初始化CRL失败", e2);
        } catch (Throwable th) {
            throw new PKIException("850416", "解析CRL时初始化CRL失败", th);
        }
    }

    public final CertificateList getCertificateList() {
        return this.certList;
    }

    public final byte[] getEncoded() throws PKIException {
        byte[] bArr = null;
        if (this.certList != null) {
            try {
                bArr = this.certList.getEncoded("DER");
            } catch (Exception e) {
                throw new PKIException("850417", "获得CRL编码失败", e);
            }
        }
        return bArr;
    }

    public final String getIssuer() {
        String str = null;
        if (this.certList != null) {
            str = new X500Name(CFCAStyle.INSTANCE, this.certList.getIssuer()).toString();
        }
        return str;
    }

    public final String getIssuer(X500NameStyle x500NameStyle) {
        String str = null;
        if (this.certList != null) {
            str = new X500Name(x500NameStyle == null ? CFCAStyle.INSTANCE : x500NameStyle, this.certList.getIssuer()).toString();
        }
        return str;
    }

    public final Date getThisUpdate() {
        Date date = null;
        if (this.certList != null) {
            date = this.certList.getThisUpdate().getDate();
        }
        return date;
    }

    public final Date getNextUpdate() {
        Date date = null;
        if (this.certList != null) {
            date = this.certList.getNextUpdate().getDate();
        }
        return date;
    }

    public final byte[] getSignature() {
        byte[] bArr = null;
        if (this.certList != null) {
            bArr = this.certList.getSignature().getBytes();
        }
        return bArr;
    }

    public final boolean isRevoke(String str) {
        boolean z = false;
        if (str != null) {
            z = isRevoke(new BigInteger(str, 16));
        }
        return z;
    }

    public final boolean isRevoke(BigInteger bigInteger) {
        boolean z = false;
        if (bigInteger != null && this.crlEntries != null) {
            int i = 0;
            while (true) {
                if (i >= this.crlEntries.length) {
                    break;
                }
                if (this.crlEntries[i] != null && bigInteger.equals(this.crlEntries[i].getUserCertificate().getValue())) {
                    z = true;
                    break;
                }
                i++;
            }
        }
        return z;
    }

    public final boolean verify(PublicKey publicKey) throws PKIException {
        if (publicKey == null) {
            throw new PKIException("850420", "证书签名校验失败: required pubKey");
        }
        if (this.certList == null) {
            throw new PKIException("850420", "证书签名校验失败: required certificate");
        }
        String id = this.certList.getSignatureAlgorithm().getAlgorithm().getId();
        Mechanism signatureMechanism = MechanismUtil.getSignatureMechanism(id);
        BCSoftLib bCSoftLib = new BCSoftLib();
        try {
            byte[] signature = getSignature();
            if (MechanismUtil.isSM2WithSM3SignatureOID(id)) {
                signature = ASN1SM2Signature.getInstance(signature).getRS();
            }
            return bCSoftLib.verifySign(signatureMechanism, publicKey, getTBSCertList(), signature);
        } catch (PKIException e) {
            throw e;
        } catch (Exception e2) {
            throw new PKIException("850420", "证书签名校验失败", e2);
        }
    }

    public static boolean verify(String str, String str2) throws PKIException {
        if (str == null) {
            throw new PKIException("850420", "证书签名校验失败: required crlPath");
        }
        if (str2 == null) {
            throw new PKIException("850420", "证书签名校验失败: required certPath");
        }
        try {
            return X509CertHelper.crlFrom(str).verify(X509CertHelper.certFrom(str2).getPublicKey());
        } catch (PKIException e) {
            throw e;
        } catch (Exception e2) {
            throw new PKIException("850420", "证书签名校验失败", e2);
        }
    }

    public final byte[] getTBSCertList() throws PKIException {
        byte[] bArr = null;
        if (this.certList != null) {
            try {
                bArr = this.certList.getTBSCertList().getEncoded("DER");
            } catch (Exception e) {
                throw new PKIException("850415", "TBS CRL转byte[]数组失败", e);
            }
        }
        return bArr;
    }
}
