package cn.org.bjca.gaia.assemb.crl;

import cn.org.bjca.gaia.asn1.ASN1InputStream;
import cn.org.bjca.gaia.asn1.gm.GMObjectIdentifiers;
import cn.org.bjca.gaia.asn1.pkcs.PKCSObjectIdentifiers;
import cn.org.bjca.gaia.asn1.x509.Extension;
import cn.org.bjca.gaia.assemb.exception.ErrorCode;
import cn.org.bjca.gaia.assemb.exception.PkiException;
import cn.org.bjca.gaia.assemb.util.CertificateUtil;
import cn.org.bjca.gaia.jce.provider.BJCAJEProvider;
import cn.org.bjca.gaia.util.encoders.Hex;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.cert.CRL;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import sun.security.util.DerValue;
import sun.security.x509.CRLReasonCodeExtension;

/* loaded from: classes.dex */
public class BjcaCrl {
    private X509CRL crl;

    BjcaCrl(X509CRL x509crl) {
        this.crl = x509crl;
    }

    public static BjcaCrl getInstance(Object obj) {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", new BJCAJEProvider());
            if (!(obj instanceof X509CRL)) {
                if (obj instanceof InputStream) {
                    obj = certificateFactory.generateCRL((InputStream) obj);
                } else {
                    if (!(obj instanceof byte[])) {
                        throw new PkiException(ErrorCode.Provider.PARAM_LACK, ErrorCode.Provider.PARAM_ERR_DES);
                    }
                    obj = certificateFactory.generateCRL(new ASN1InputStream((byte[]) obj));
                }
            }
            return new BjcaCrl((X509CRL) obj);
        } catch (PkiException e) {
            throw e;
        } catch (Exception e2) {
            throw new PkiException(ErrorCode.Crl.VERIFY_CERT_FROM_CRL_ERR, ErrorCode.Crl.VERIFY_CERT_FROM_ERR_DES, e2);
        }
    }

    public List<String> getAllRevokedCertSn() {
        ArrayList arrayList = new ArrayList();
        Iterator<? extends X509CRLEntry> it2 = this.crl.getRevokedCertificates().iterator();
        while (it2.hasNext()) {
            arrayList.add(Hex.toHexString(it2.next().getSerialNumber().toByteArray()));
        }
        return arrayList;
    }

    public CRL getCrl() {
        return this.crl;
    }

    public String getCrlIssue() {
        return this.crl.getIssuerDN().getName();
    }

    public Date getCrlNextUpdateTime() {
        return this.crl.getNextUpdate();
    }

    public String getCrlSigAlgName() {
        String sigAlgOID = this.crl.getSigAlgOID();
        if (GMObjectIdentifiers.sm2sign_with_sm3.getId().equals(sigAlgOID)) {
            return "SM3WithSM2";
        }
        if (PKCSObjectIdentifiers.sha1WithRSAEncryption.getId().equals(sigAlgOID)) {
            return "SHA1WithRSA";
        }
        if (PKCSObjectIdentifiers.sha256WithRSAEncryption.getId().equals(sigAlgOID)) {
            return "SHA256WithRSA";
        }
        if (PKCSObjectIdentifiers.sha224WithRSAEncryption.getId().equals(sigAlgOID)) {
            return "SHA224WithRSA";
        }
        if (PKCSObjectIdentifiers.sha512WithRSAEncryption.getId().equals(sigAlgOID)) {
            return "SHA512WithRSA";
        }
        throw new PkiException("not match sigAlgOID:" + sigAlgOID);
    }

    public String getRevokeReason(String str) {
        try {
            return new CRLReasonCodeExtension(Boolean.FALSE, new DerValue(this.crl.getRevokedCertificate(new BigInteger(str, 16)).getExtensionValue(Extension.reasonCode.getId())).getOctetString()).getReasonCode().name();
        } catch (Exception e) {
            throw new PkiException(ErrorCode.Crl.GET_REVOKE_REASON_ERR, ErrorCode.Crl.GET_REVOKE_REASON_ERR_DES, e);
        }
    }

    public Date getRevokeTime(String str) {
        return this.crl.getRevokedCertificate(new BigInteger(str, 16)).getRevocationDate();
    }

    public Date getThisUpdateTime() {
        return this.crl.getThisUpdate();
    }

    public boolean verifyCrl(byte[] bArr) {
        try {
            this.crl.verify(CertificateUtil.createCert(bArr).getSecurityPublicKey());
            return true;
        } catch (Exception unused) {
            return false;
        }
    }
}
