package cn.com.jit.ida.util.pki.crl;

import cn.com.jit.ida.util.pki.PKIConstant;
import cn.com.jit.ida.util.pki.PKIException;
import cn.com.jit.ida.util.pki.Parser;
import cn.com.jit.ida.util.pki.asn1.DERObject;
import cn.com.jit.ida.util.pki.asn1.DERObjectIdentifier;
import cn.com.jit.ida.util.pki.asn1.DERSequence;
import cn.com.jit.ida.util.pki.asn1.DERUTCTime;
import cn.com.jit.ida.util.pki.asn1.pkcs.PKCSObjectIdentifiers;
import cn.com.jit.ida.util.pki.asn1.x509.X509Name;
import cn.com.jit.ida.util.pki.cert.X509Cert;
import cn.com.jit.ida.util.pki.cipher.JCrypto;
import cn.com.jit.ida.util.pki.cipher.JKey;
import cn.com.jit.ida.util.pki.cipher.Mechanism;
import cn.com.jit.ida.util.pki.cipher.Session;
import cn.com.jit.ida.util.pki.encoders.Base64;
import java.io.ByteArrayInputStream;
import java.io.EOFException;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.ParsePosition;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;

/* loaded from: classes.dex */
public class X509CRLParser {
    private final String end;
    private final String head;
    private InputStream ins;
    private String issuer;
    private Date nextUpdate;
    private Set revokedCerts;
    private DERObjectIdentifier signAlgOid;
    private byte[] signData;
    private int signDataIndex;
    private int signDataLen;
    private byte[] tbsCertData;
    private int tbsCertDataIndex;
    private int tbsCertDataLen;
    private Date thisUpdate;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public class Length {
        private int byteSize;
        private byte[] dataReaded;
        private byte[] lenData;
        private int value;

        public Length(int i, int i2) {
            this.value = i;
            this.byteSize = i2;
        }

        public int getByteSize() {
            return this.byteSize;
        }

        public byte[] getDataReaded() {
            return this.dataReaded;
        }

        public byte[] getLenData() {
            return this.lenData;
        }

        public int getValue() {
            return this.value;
        }

        public void setByteSize(int i) {
            this.byteSize = i;
        }

        public void setDataReaded(byte[] bArr) {
            this.dataReaded = bArr;
        }

        public void setLenData(byte[] bArr) {
            this.lenData = bArr;
        }

        public void setValue(int i) {
            this.value = i;
        }
    }

    public X509CRLParser(InputStream inputStream) throws PKIException {
        this.revokedCerts = new HashSet();
        this.head = "-----BEGIN X509CRL-----";
        this.end = "-----END X509CRL-----";
        try {
            int available = inputStream.available();
            byte[] bArr = new byte[available];
            int read = inputStream.read(bArr);
            while (read < available) {
                byte[] bArr2 = new byte[available - read];
                int read2 = inputStream.read(bArr2);
                System.arraycopy(bArr2, 0, bArr, read, read2);
                read += read2;
            }
            inputStream.close();
            this.ins = new ByteArrayInputStream(parseCrlData(bArr));
            parseCRL();
        } catch (IOException e) {
            throw new PKIException(PKIException.INIT_CRL, PKIException.INIT_CRL_DES, e);
        }
    }

    public X509CRLParser(InputStream inputStream, JKey jKey, Session session) throws PKIException {
        this(inputStream);
        if (!verify(jKey, session)) {
            throw new PKIException("6", "verify crl failed...");
        }
    }

    public X509CRLParser(byte[] bArr) throws PKIException {
        this.revokedCerts = new HashSet();
        this.head = "-----BEGIN X509CRL-----";
        this.end = "-----END X509CRL-----";
        this.ins = new ByteArrayInputStream(parseCrlData(bArr));
        parseCRL();
    }

    public X509CRLParser(byte[] bArr, JKey jKey, Session session) throws PKIException {
        this(bArr);
        if (!verify(jKey, session)) {
            throw new PKIException("6", "verify crl failed...");
        }
    }

    private int SetTbscertData(int i, Length length, int i2) throws Exception {
        int i3 = i2 + 1;
        this.tbsCertData[i2] = (byte) i;
        byte[] bArr = new byte[length.getValue()];
        System.arraycopy(length.getLenData(), 0, this.tbsCertData, i3, length.getLenData().length);
        int length2 = i3 + length.getLenData().length;
        int read = this.ins.read(bArr);
        System.arraycopy(bArr, 0, this.tbsCertData, length2, read);
        return length2 + read;
    }

    private Date getDate(DERUTCTime dERUTCTime) {
        return new SimpleDateFormat("yyyyMMddHHmmssz").parse(dERUTCTime.getAdjustedTime(), new ParsePosition(0));
    }

    private void init() throws PKIException {
        try {
            readTag();
            this.tbsCertDataIndex += readLength().getByteSize() + 1;
        } catch (Exception e) {
            throw new PKIException(PKIException.INIT_CRL, PKIException.INIT_CRL_DES, e);
        }
    }

    public static void main(String[] strArr) {
        try {
            FileInputStream fileInputStream = new FileInputStream("d:/sm2.crl");
            FileInputStream fileInputStream2 = new FileInputStream("d:/jxca.cer");
            X509CRLParser x509CRLParser = new X509CRLParser(fileInputStream);
            System.out.println("read crl success...");
            JCrypto jCrypto = JCrypto.getInstance();
            jCrypto.initialize(JCrypto.JSOFT_LIB, null);
            jCrypto.initialize(JCrypto.JSJY05B_LIB, "PKITOOL");
            Session openSession = jCrypto.openSession(JCrypto.JSOFT_LIB, "PKITOOL");
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream2);
            fileInputStream2.close();
            X509Cert x509Cert = new X509Cert(x509Certificate.getEncoded());
            Iterator it = x509CRLParser.getRevokedCerts().iterator();
            int i = 0;
            while (it.hasNext()) {
                System.out.println("crl sn " + i + ":" + ((BigInteger) it.next()).toString(16));
                i++;
            }
            System.out.println("crl Issuer:" + x509CRLParser.getIssuer());
            System.out.println("crl SignatureAlgName:" + x509CRLParser.getSignatureAlgName());
            System.out.println("crl SignatureAlgOID:" + x509CRLParser.getSignatureAlgOID());
            if (x509CRLParser.getNextUpdate() != null) {
                System.out.println("crl NextUpdate:" + x509CRLParser.getNextUpdate().toGMTString());
            }
            System.out.println("crl ThisUpdate:" + x509CRLParser.getThisUpdate().toGMTString());
            if (x509CRLParser.isRevoke("236ebed8ebb7d2ce")) {
                System.out.println("sn 236ebed8ebb7d2ceis revoked...");
            } else {
                System.out.println("sn 236ebed8ebb7d2ceis not revoked...");
            }
            if (x509CRLParser.verify(x509Cert.getPublicKey(), openSession)) {
                System.out.println("to verify crl success...");
            } else {
                System.out.println("to verify crl failed...");
            }
            System.out.println("X509CRLParser test is over...");
        } catch (Exception e) {
            e.printStackTrace();
            System.out.println("to test error..." + e.getMessage());
        }
    }

    private void parseCRL() throws PKIException {
        init();
        try {
            readTbsCertList();
            readSignatureAlgorithm();
            readSignatureValue();
        } catch (Exception e) {
            throw new PKIException(PKIException.ENCODED_CRL, PKIException.ENCODED_CRL_DES, e);
        }
    }

    private byte[] parseCrlData(byte[] bArr) throws PKIException {
        try {
            byte[] bArr2 = new byte["-----BEGIN X509CRL-----".length()];
            System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
            if (Parser.isBase64Encode(bArr)) {
                return Base64.decode(Parser.convertBase64(bArr));
            }
            if (!Arrays.equals(bArr2, "-----BEGIN X509CRL-----".getBytes())) {
                return bArr;
            }
            byte[] bArr3 = new byte[bArr.length - "-----BEGIN X509CRL-----".length()];
            System.arraycopy(bArr, "-----BEGIN X509CRL-----".length(), bArr3, 0, bArr3.length);
            byte[] bArr4 = new byte[bArr3.length - ("-----END X509CRL-----".length() + 2)];
            System.arraycopy(bArr3, 0, bArr4, 0, bArr4.length);
            return Base64.decode(Parser.convertBase64(bArr4));
        } catch (Exception e) {
            throw new PKIException(PKIException.INIT_CRL, PKIException.INIT_CRL_DES, e);
        } catch (Throwable th) {
            throw new PKIException(PKIException.INIT_CRL, PKIException.INIT_CRL_DES);
        }
    }

    private DERObject readDerData(int i, Length length) throws Exception {
        byte[] bArr = new byte[length.getByteSize() + 1 + length.getValue()];
        byte[] bArr2 = new byte[length.getValue()];
        this.ins.read(bArr2);
        bArr[0] = (byte) i;
        System.arraycopy(length.dataReaded, 0, bArr, 1, length.dataReaded.length);
        System.arraycopy(bArr2, 0, bArr, length.getByteSize() + 1, bArr2.length);
        return Parser.writeBytes2DERObj(bArr);
    }

    private void readFully(byte[] bArr) throws IOException {
        int length = bArr.length;
        if (length == 0) {
            return;
        }
        while (length > 0) {
            int read = this.ins.read(bArr, bArr.length - length, length);
            if (read < 0) {
                throw new EOFException("unexpected end of stream");
            }
            length -= read;
        }
    }

    private Length readLength() throws IOException {
        int read = this.ins.read();
        int i = 1;
        if (read < 0) {
            throw new IOException("EOF found when length expected");
        }
        if (read == 128) {
            return new Length(-1, 1);
        }
        if (read <= 127) {
            Length length = new Length(read, 1);
            byte[] bArr = {(byte) read};
            new byte[1][0] = (byte) read;
            length.setLenData(bArr);
            length.setDataReaded(bArr);
            return length;
        }
        int i2 = read & 127;
        int i3 = 0;
        byte[] bArr2 = new byte[i2];
        for (int i4 = 0; i4 < i2; i4++) {
            int read2 = this.ins.read();
            bArr2[i4] = (byte) read2;
            i++;
            if (read2 < 0) {
                throw new IOException("EOF found reading length");
            }
            i3 = (i3 << 8) + read2;
        }
        Length length2 = new Length(i3, i);
        length2.setLenData(bArr2);
        byte[] bArr3 = new byte[i];
        bArr3[0] = (byte) read;
        System.arraycopy(bArr2, 0, bArr3, 1, bArr2.length);
        length2.setDataReaded(bArr3);
        return length2;
    }

    private void readSignatureAlgorithm() throws Exception {
        readTag();
        readLength();
        int readTag = readTag();
        Length readLength = readLength();
        int byteSize = this.tbsCertDataIndex + this.tbsCertDataLen + 1 + readLength.getByteSize();
        this.signAlgOid = (DERObjectIdentifier) readDerData(readTag, readLength);
        this.signDataIndex += this.tbsCertDataIndex + this.tbsCertDataLen + 1 + readLength.getByteSize() + readLength.getValue();
    }

    private void readSignatureValue() throws Exception {
        int readTag = readTag();
        this.signDataLen = readLength().getValue();
        if (3 != readTag) {
            this.ins.read(new byte[this.signDataLen]);
            readTag();
            this.signDataLen = readLength().getValue();
        }
        if (this.signDataLen < 1) {
            throw new PKIException(PKIException.ENCODED_CRL, "获得CRL编码失败:get crl signData");
        }
        byte[] bArr = new byte[this.signDataLen];
        this.signData = new byte[this.signDataLen - 1];
        this.ins.read(bArr);
        System.arraycopy(bArr, 1, this.signData, 0, this.signDataLen - 1);
        this.signDataLen--;
        this.ins.close();
    }

    private int readTag() throws Exception {
        int read = this.ins.read();
        if (read == -1) {
            throw new EOFException();
        }
        return read;
    }

    private void readTbsCertList() throws Exception {
        int readTag = readTag();
        Length readLength = readLength();
        int value = readLength.getValue();
        this.tbsCertDataLen = readLength.getByteSize() + 1 + value;
        this.tbsCertData = new byte[this.tbsCertDataLen];
        this.tbsCertData[0] = (byte) readTag;
        System.arraycopy(readLength.getDataReaded(), 0, this.tbsCertData, 0 + 1, readLength.getDataReaded().length);
        int length = readLength.getDataReaded().length + 1;
        int readTag2 = readTag();
        Length readLength2 = readLength();
        if (2 == readTag2) {
            length = SetTbscertData(readTag2, readLength2, length);
            readTag2 = readTag();
            readLength2 = readLength();
        }
        int SetTbscertData = SetTbscertData(readTag2, readLength2, length);
        DERSequence dERSequence = (DERSequence) readDerData(readTag(), readLength());
        this.issuer = new X509Name(dERSequence).toString();
        byte[] writeDERObj2Bytes = Parser.writeDERObj2Bytes(dERSequence);
        System.arraycopy(writeDERObj2Bytes, 0, this.tbsCertData, SetTbscertData, writeDERObj2Bytes.length);
        int length2 = SetTbscertData + writeDERObj2Bytes.length;
        DERUTCTime dERUTCTime = (DERUTCTime) readDerData(readTag(), readLength());
        this.thisUpdate = getDate(dERUTCTime);
        byte[] writeDERObj2Bytes2 = Parser.writeDERObj2Bytes(dERUTCTime);
        System.arraycopy(writeDERObj2Bytes2, 0, this.tbsCertData, length2, writeDERObj2Bytes2.length);
        int length3 = length2 + writeDERObj2Bytes2.length;
        if (value - ((length3 - 1) - readLength.getDataReaded().length) == 0) {
            return;
        }
        int readTag3 = readTag();
        Length readLength3 = readLength();
        if (23 == readTag3) {
            DERUTCTime dERUTCTime2 = (DERUTCTime) readDerData(readTag3, readLength3);
            this.nextUpdate = getDate(dERUTCTime2);
            byte[] writeDERObj2Bytes3 = Parser.writeDERObj2Bytes(dERUTCTime2);
            System.arraycopy(writeDERObj2Bytes3, 0, this.tbsCertData, length3, writeDERObj2Bytes3.length);
            length3 += writeDERObj2Bytes3.length;
            if (length3 >= this.tbsCertData.length || value - ((length3 - 1) - readLength.getDataReaded().length) == 0) {
                return;
            }
            readTag3 = readTag();
            readLength3 = readLength();
        }
        int i = length3 + 1;
        this.tbsCertData[length3] = (byte) readTag3;
        System.arraycopy(readLength3.dataReaded, 0, this.tbsCertData, i, readLength3.dataReaded.length);
        int i2 = i + readLength3.byteSize;
        if (48 == readTag3) {
            int i3 = 0;
            int i4 = 0;
            while (i3 < readLength3.getValue()) {
                int readTag4 = readTag();
                Length readLength4 = readLength();
                int i5 = i2 + 1;
                this.tbsCertData[i2] = (byte) readTag4;
                System.arraycopy(readLength4.getLenData(), 0, this.tbsCertData, i5, readLength4.getLenData().length);
                int length4 = i5 + readLength4.getLenData().length;
                int readTag5 = readTag();
                if (2 != readTag5) {
                    int i6 = length4 + 1;
                    this.tbsCertData[length4] = (byte) readTag5;
                    byte[] bArr = new byte[((readLength3.getValue() - 1) - 1) - readLength4.getLenData().length];
                    readFully(bArr);
                    System.arraycopy(bArr, 0, this.tbsCertData, i6, bArr.length);
                    int length5 = i6 + bArr.length;
                    return;
                }
                Length readLength5 = readLength();
                byte[] bArr2 = new byte[readLength5.getValue()];
                readFully(bArr2);
                int i7 = length4 + 1;
                this.tbsCertData[length4] = (byte) readTag5;
                System.arraycopy(readLength5.getLenData(), 0, this.tbsCertData, i7, readLength5.getLenData().length);
                int length6 = i7 + readLength5.getLenData().length;
                System.arraycopy(bArr2, 0, this.tbsCertData, length6, bArr2.length);
                i2 = length6 + bArr2.length;
                int byteSize = 0 + readLength5.getByteSize() + 1 + readLength5.getValue();
                this.revokedCerts.add(new BigInteger(bArr2));
                i4++;
                int value2 = readLength4.getValue() - byteSize;
                if (value2 > 0) {
                    byte[] bArr3 = new byte[value2];
                    readFully(bArr3);
                    System.arraycopy(bArr3, 0, this.tbsCertData, i2, bArr3.length);
                    i2 += bArr3.length;
                }
                i3 += readLength4.getByteSize() + 1 + readLength4.getValue();
            }
        }
        int length7 = value - ((i2 - 1) - readLength.getDataReaded().length);
        if (length7 > 0) {
            byte[] bArr4 = new byte[length7];
            readFully(bArr4);
            System.arraycopy(bArr4, 0, this.tbsCertData, i2, bArr4.length);
            int length8 = i2 + bArr4.length;
        }
    }

    private void skip(int i) throws Exception {
        this.ins.skip(i);
    }

    private boolean verify(JKey jKey, Session session) throws PKIException {
        Mechanism mechanism;
        if (this.tbsCertData == null) {
            throw new PKIException(PKIException.TBSCRL_BYTES_DES, "crl has already verfied, tbsCertData is null.");
        }
        if (this.signAlgOid.equals(PKCSObjectIdentifiers.md2WithRSAEncryption)) {
            mechanism = new Mechanism("MD2withRSAEncryption");
        } else if (this.signAlgOid.equals(PKCSObjectIdentifiers.md5WithRSAEncryption)) {
            mechanism = new Mechanism("MD5withRSAEncryption");
        } else if (this.signAlgOid.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption) || this.signAlgOid.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption_v1)) {
            mechanism = new Mechanism("SHA1withRSAEncryption");
        } else if (this.signAlgOid.equals(PKCSObjectIdentifiers.sha1WithECEncryption)) {
            mechanism = new Mechanism("SHA1withECDSA");
        } else if (this.signAlgOid.equals(PKCSObjectIdentifiers.sha1WithDSA)) {
            mechanism = new Mechanism("SHA1withDSA");
        } else {
            if (!this.signAlgOid.equals(PKCSObjectIdentifiers.sm2_with_sm3)) {
                throw new PKIException(PKIException.NONSUPPORT_SIGALG, "不支持的签名算法:" + this.signAlgOid.getId());
            }
            mechanism = new Mechanism("SM3withSM2Encryption");
        }
        boolean verifySign = session.verifySign(mechanism, jKey, this.tbsCertData, this.signData);
        this.tbsCertData = null;
        return verifySign;
    }

    public String getIssuer() {
        return this.issuer;
    }

    public Date getNextUpdate() {
        return this.nextUpdate;
    }

    public Set getRevokedCerts() {
        return this.revokedCerts;
    }

    public byte[] getSignature() {
        return this.signData;
    }

    public String getSignatureAlgName() {
        return !PKIConstant.oid2SigAlgName.containsKey(this.signAlgOid) ? getSignatureAlgOID() : (String) PKIConstant.oid2SigAlgName.get(this.signAlgOid);
    }

    public String getSignatureAlgOID() {
        return this.signAlgOid.getId();
    }

    public Date getThisUpdate() {
        return this.thisUpdate;
    }

    public boolean isRevoke(X509Cert x509Cert) {
        return isRevoke(x509Cert.getSerialNumber());
    }

    public boolean isRevoke(String str) {
        return isRevoke(new BigInteger(str, 16));
    }

    public boolean isRevoke(BigInteger bigInteger) {
        return this.revokedCerts != null && this.revokedCerts.contains(bigInteger);
    }
}
