package com.xdja.pki.itsca.oer.cert;

import com.xdja.pki.gmssl.crypto.sdf.SdfCryptoType;
import com.xdja.pki.gmssl.crypto.sdf.SdfPrivateKey;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2SignUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM3DigestUtils;
import com.xdja.pki.itsca.oer.asn1.CRL;
import com.xdja.pki.itsca.oer.asn1.CertificateDigest;
import com.xdja.pki.itsca.oer.asn1.EccCurve;
import com.xdja.pki.itsca.oer.asn1.HashAlgorithm;
import com.xdja.pki.itsca.oer.asn1.HashedId10;
import com.xdja.pki.itsca.oer.asn1.HashedId8;
import com.xdja.pki.itsca.oer.asn1.IssuerId;
import com.xdja.pki.itsca.oer.asn1.RevokeInfo;
import com.xdja.pki.itsca.oer.asn1.SequenceOfRevokeInfo;
import com.xdja.pki.itsca.oer.asn1.Signature;
import com.xdja.pki.itsca.oer.asn1.Time32;
import com.xdja.pki.itsca.oer.asn1.ToBeSignedCrl;
import com.xdja.pki.itsca.oer.asn1.base.Enumerated;
import com.xdja.pki.itsca.oer.asn1.base.Uint32;
import com.xdja.pki.itsca.oer.cert.bean.CertHashType;
import com.xdja.pki.itsca.oer.cert.bean.OERRevokeInfo;
import com.xdja.pki.itsca.oer.utils.BCUtils;
import com.xdja.pki.itsca.oer.utils.ByteArrayUtils;
import com.xdja.pki.itsca.oer.utils.TimeUtils;
import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;

/* loaded from: input_file:com/xdja/pki/itsca/oer/cert/CRLBuilder.class */
public class CRLBuilder {
    static final /* synthetic */ boolean $assertionsDisabled;

    public CRL build(PrivateKey privateKey, long j, byte[] bArr, List<byte[]> list) throws Exception {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < list.size(); i++) {
            OERRevokeInfo oERRevokeInfo = new OERRevokeInfo();
            oERRevokeInfo.setExpireDate(new Date());
            oERRevokeInfo.setAlgorithm(CertHashType.SGD_SM3);
            oERRevokeInfo.setIssueHashId10s(list.get(i));
            arrayList.add(oERRevokeInfo);
        }
        return build(privateKey, j, arrayList, bArr);
    }

    public CRL build(PrivateKey privateKey, long j, List<OERRevokeInfo> list, byte[] bArr) throws Exception {
        EccCurve eccCurve = new EccCurve(EccCurve.SGD_SM2);
        CRL crl = new CRL();
        IssuerId issuerId = new IssuerId();
        CertificateDigest certificateDigest = new CertificateDigest();
        certificateDigest.setHashAlgorithm(new HashAlgorithm(HashAlgorithm.SGD_SM3));
        certificateDigest.setHashedId8(new HashedId8(ByteArrayUtils.getHashId8(bArr)));
        issuerId.setCertificateDigest(certificateDigest);
        crl.setIssuerId(issuerId);
        ToBeSignedCrl toBeSignedCrl = new ToBeSignedCrl();
        Uint32 uint32 = new Uint32(j);
        Time32 time32 = new Time32(TimeUtils.getNowTime());
        Time32 time322 = new Time32(TimeUtils.getTimeAfterYear(1));
        SequenceOfRevokeInfo sequenceOfRevokeInfo = new SequenceOfRevokeInfo();
        for (OERRevokeInfo oERRevokeInfo : list) {
            RevokeInfo revokeInfo = new RevokeInfo();
            HashAlgorithm hashAlgorithm = new HashAlgorithm(new Enumerated.Value(oERRevokeInfo.getAlgorithm().id, oERRevokeInfo.getAlgorithm().value));
            HashedId10 hashedId10 = new HashedId10(oERRevokeInfo.getIssueHashId10s());
            revokeInfo.setHashAlgorithm(hashAlgorithm);
            revokeInfo.setHashedId10(hashedId10);
            revokeInfo.setExpiry(new Time32(TimeUtils.getTimeFromDate(oERRevokeInfo.getExpireDate())));
            sequenceOfRevokeInfo.addRevokeInfo(revokeInfo);
        }
        toBeSignedCrl.setCrlSerial(uint32);
        toBeSignedCrl.setIssueDate(time32);
        toBeSignedCrl.setNextCrl(time322);
        toBeSignedCrl.setEntries(sequenceOfRevokeInfo);
        crl.setToBeSignedCrl(toBeSignedCrl);
        try {
            byte[] buildUpByte = ByteArrayUtils.buildUpByte(GMSSLSM3DigestUtils.digestByYunhsm(toBeSignedCrl.getEncode()), bArr);
            byte[][] sm2SignDerDecode = BCUtils.sm2SignDerDecode(privateKey instanceof SdfPrivateKey ? GMSSLSM2SignUtils.signBySdfWithUserId(SdfCryptoType.YUNHSM, ((SdfPrivateKey) privateKey).getIndex(), new String(((SdfPrivateKey) privateKey).getPassword()), "China".getBytes(), buildUpByte) : BCUtils.sm2SignByBC(privateKey, buildUpByte));
            if (!$assertionsDisabled && (sm2SignDerDecode == null || sm2SignDerDecode.length != 2)) {
                throw new AssertionError();
            }
            byte[] bArr2 = sm2SignDerDecode[0];
            byte[] bArr3 = sm2SignDerDecode[1];
            Signature signature = new Signature();
            signature.setEccCurve(eccCurve);
            signature.setR(bArr2);
            signature.setS(bArr3);
            crl.setSignature(signature);
            return crl;
        } catch (Exception e) {
            throw new Exception(e);
        }
    }

    static {
        $assertionsDisabled = !CRLBuilder.class.desiredAssertionStatus();
    }
}
