package com.xdja.pki.ca.core.util.verify;

import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.common.ErrorEnum;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.core.util.CertUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLRSASignUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2SignUtils;
import com.xdja.pki.gmssl.x509.utils.bean.GMSSLSignatureAlgorithm;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:WEB-INF/lib/ca-core-0.0.2-SNAPSHOT.jar:com/xdja/pki/ca/core/util/verify/VerifyCert.class */
public class VerifyCert {
    protected static final transient Logger logger = LoggerFactory.getLogger((Class<?>) VerifyCert.class);

    public static Result verifyP7bCertList(byte[] bArr, int i) {
        Result result = new Result();
        List<X509Certificate> certListFromB64 = CertUtils.getCertListFromB64(bArr);
        if (CollectionUtils.isEmpty(certListFromB64)) {
            logger.info("证书链信息为空");
            result.setError(ErrorEnum.CONVERT_CERT_ERROR);
            return result;
        }
        if (certListFromB64.size() >= 2) {
            try {
                X509Certificate x509Certificate = certListFromB64.get(certListFromB64.size() - 1);
                x509Certificate.verify(x509Certificate.getPublicKey());
                for (int size = certListFromB64.size() - 1; size > 0; size--) {
                    X509Certificate x509Certificate2 = certListFromB64.get(size);
                    X509Certificate x509Certificate3 = certListFromB64.get(size - 1);
                    try {
                        if (!verifyCertByBC(x509Certificate3.getSigAlgName(), x509Certificate2.getPublicKey(), x509Certificate3.getSignature(), x509Certificate3.getTBSCertificate())) {
                            logger.info("证书链验签失败");
                            result.setError(ErrorEnum.CERT_P7B_VERIFY_ERROR);
                            return result;
                        }
                    } catch (Exception e) {
                        logger.info("证书链验签异常", (Throwable) e);
                        result.setError(ErrorEnum.CERT_P7B_VERIFY_ERROR);
                        return result;
                    }
                }
            } catch (Exception e2) {
                result.setError(ErrorEnum.CERT_P7B_VERIFY_ERROR);
                return result;
            }
        }
        try {
            Iterator<X509Certificate> it = certListFromB64.iterator();
            while (it.hasNext()) {
                it.next().checkValidity(new Date());
            }
            return result;
        } catch (Exception e3) {
            logger.info("证书不在有效期", (Throwable) e3);
            result.setError(ErrorEnum.CERT_IS_NOT_VALID);
            return result;
        }
    }

    public static Result verifyCert(String str) {
        Result result = new Result();
        X509Certificate certFromStr = CertUtils.getCertFromStr(str);
        if (certFromStr == null) {
            result.setError(ErrorEnum.NORMAL_CERT_FORMAT_IS_ERROR);
            return result;
        }
        try {
            certFromStr.checkValidity(new Date());
            return result;
        } catch (Exception e) {
            logger.info("证书不在有效期", (Throwable) e);
            result.setError(ErrorEnum.CERT_IS_NOT_VALID);
            return result;
        }
    }

    public static final boolean isEncCert(X509Certificate x509Certificate) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        return keyUsage[2] || keyUsage[3] || keyUsage[7] || keyUsage[8];
    }

    public static final boolean isSignCert(X509Certificate x509Certificate) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        return keyUsage[0] || keyUsage[1];
    }

    public static final boolean isCaCert(X509Certificate x509Certificate) {
        return x509Certificate.getBasicConstraints() != -1;
    }

    private static boolean verifyCertByBC(String str, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws Exception {
        boolean z = false;
        if ("SM3withSM2".equalsIgnoreCase(str)) {
            z = GMSSLSM2SignUtils.verifyByBC(publicKey, bArr2, bArr);
        } else if (Constants.SIGN_ALG_NAME_SHA1_WHIT_RSA.equalsIgnoreCase(str) || Constants.SIGN_ALG_NAME_SHA1_WHIT_RSA_2.equalsIgnoreCase(str)) {
            z = GMSSLRSASignUtils.verifyByBC(GMSSLSignatureAlgorithm.SHA1_WITH_RSA.getSigAlgName(), publicKey, bArr2, bArr);
        } else if (Constants.SIGN_ALG_NAME_SHA256_WHIT_RSA.equalsIgnoreCase(str)) {
            z = GMSSLRSASignUtils.verifyByBC(GMSSLSignatureAlgorithm.SHA256_WITH_RSA.getSigAlgName(), publicKey, bArr2, bArr);
        }
        return z;
    }
}
