package com.xdja.pki.ra.core.util.cert;

import com.xdja.pki.ra.core.common.CommonVariable;
import com.xdja.pki.ra.core.common.Result;
import com.xdja.pki.ra.core.commonenum.ErrorEnum;
import com.xdja.pki.ra.core.pkcs7.SignedDataUtils;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:WEB-INF/lib/ra-core-0.0.1-SNAPSHOT.jar:com/xdja/pki/ra/core/util/cert/VerifyCert.class */
public class VerifyCert {
    protected static final transient Logger logger = LoggerFactory.getLogger((Class<?>) VerifyCert.class);

    public static Result verifyP7bCertList(byte[] bArr) {
        Result result = new Result();
        logger.info("待验证证书链信息 =========== " + Base64.toBase64String(bArr));
        List<X509Certificate> list = null;
        try {
            list = SignedDataUtils.resolveCertChain(bArr);
        } catch (Exception e) {
            logger.error("解析证书链异常", (Throwable) e);
            result.setError(ErrorEnum.CONVERT_CERT_ERROR);
        }
        if (CollectionUtils.isEmpty(list)) {
            logger.info("证书链信息为空");
            result.setError(ErrorEnum.CONVERT_CERT_ERROR);
            return result;
        }
        if (list.size() >= 2) {
            try {
                X509Certificate x509Certificate = list.get(list.size() - 1);
                x509Certificate.verify(x509Certificate.getPublicKey());
                for (int size = list.size() - 1; size > 0; size--) {
                    X509Certificate x509Certificate2 = list.get(size);
                    X509Certificate x509Certificate3 = list.get(size - 1);
                    try {
                        if (!(CommonVariable.isUseHsm() ? HsmUtils.verifyCertByYunHsm(x509Certificate3, x509Certificate2.getPublicKey()) : HsmUtils.verifyCertByBC(x509Certificate3.getSigAlgName(), x509Certificate2.getPublicKey(), x509Certificate3.getSignature(), x509Certificate3.getTBSCertificate()))) {
                            logger.info("证书链验签失败");
                            result.setError(ErrorEnum.CERT_P7B_VERIFY_ERROR);
                            return result;
                        }
                    } catch (Exception e2) {
                        logger.info("证书链验签异常", (Throwable) e2);
                        result.setError(ErrorEnum.CERT_P7B_VERIFY_ERROR);
                        return result;
                    }
                }
            } catch (Exception e3) {
                result.setError(ErrorEnum.CERT_P7B_VERIFY_ERROR);
                return result;
            }
        }
        try {
            Iterator<X509Certificate> it = list.iterator();
            while (it.hasNext()) {
                it.next().checkValidity(new Date());
            }
            return result;
        } catch (Exception e4) {
            logger.info("证书不在有效期", (Throwable) e4);
            result.setError(ErrorEnum.CERT_IS_NOT_VALID);
            return result;
        }
    }
}
