package com.xdja.pki.gmssl.x509.utils;

import com.xdja.pki.gmssl.crypto.sdf.SdfContentVerifierProvider;
import com.xdja.pki.gmssl.crypto.sdf.SdfCryptoType;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2KeyUtils;
import com.xdja.pki.gmssl.operator.utils.GMSSLSdfContentSignatureAlgorithm;
import com.xdja.pki.gmssl.operator.utils.GMSSLSdfContentSignerUtils;
import com.xdja.pki.gmssl.x509.utils.bean.CRLEntry;
import java.io.IOException;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CRLException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.CRLNumber;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.CertException;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509v2CRLBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CRLConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;

/* loaded from: input_file:WEB-INF/lib/gmssl-pki-utils-0.1-beta.jar:com/xdja/pki/gmssl/x509/utils/GMSSLCRLUtils.class */
public class GMSSLCRLUtils {
    public static X509CRL generateCRLByBC(X509Certificate x509Certificate, PrivateKey privateKey, BigInteger bigInteger, Date date, Date date2, List<Extension> list, List<CRLEntry> list2) throws IOException, OperatorCreationException, CRLException {
        return generateCRL(x509Certificate, GMSSLSdfContentSignerUtils.generateContentSignerByBC(GMSSLSdfContentSignatureAlgorithm.SM3_WITH_SM2, privateKey), bigInteger, date, date2, list, list2);
    }

    public static X509CRL generateCRLByYunhsm(X509Certificate x509Certificate, int i, String str, BigInteger bigInteger, Date date, Date date2, List<Extension> list, List<CRLEntry> list2) throws IOException, OperatorCreationException, CRLException {
        return generateCRL(x509Certificate, GMSSLSdfContentSignerUtils.generateContentSignerByYunhsm(GMSSLSM2KeyUtils.genSdfPrivateKey(i, str)), bigInteger, date, date2, list, list2);
    }

    public static X509CRL generateCRLByPCIE(X509Certificate x509Certificate, int i, String str, BigInteger bigInteger, Date date, Date date2, List<Extension> list, List<CRLEntry> list2) throws IOException, OperatorCreationException, CRLException {
        return generateCRL(x509Certificate, GMSSLSdfContentSignerUtils.generateContentSignerByPcie(GMSSLSM2KeyUtils.genSdfPrivateKey(i, str)), bigInteger, date, date2, list, list2);
    }

    public static X509CRL generateCRL(X509Certificate x509Certificate, ContentSigner contentSigner, BigInteger bigInteger, Date date, Date date2, List<Extension> list, List<CRLEntry> list2) throws IOException, CRLException {
        X509v2CRLBuilder x509v2CRLBuilder = new X509v2CRLBuilder(new X500Name(x509Certificate.getSubjectDN().getName()), date);
        x509v2CRLBuilder.addExtension(Extension.cRLNumber, false, (ASN1Encodable) new CRLNumber(bigInteger));
        x509v2CRLBuilder.setNextUpdate(date2);
        if (list != null) {
            Iterator<Extension> it = list.iterator();
            while (it.hasNext()) {
                x509v2CRLBuilder.addExtension(it.next());
            }
        }
        if (list2 != null) {
            for (CRLEntry cRLEntry : list2) {
                x509v2CRLBuilder.addCRLEntry(new BigInteger(cRLEntry.getUserCertificateSerial(), 16), cRLEntry.getRevocationDate(), cRLEntry.getReason());
            }
        }
        return new JcaX509CRLConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCRL(x509v2CRLBuilder.build(contentSigner));
    }

    public static X509CRL decodeCRLByBC(PublicKey publicKey, byte[] bArr) throws OperatorCreationException, CRLException, IOException, CertException {
        return decodeCRL(new JcaContentVerifierProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(publicKey), bArr);
    }

    public static X509CRL decodeCRLByYunhsm(PublicKey publicKey, byte[] bArr) throws CRLException, IOException, CertException {
        return decodeCRL(new SdfContentVerifierProvider(SdfCryptoType.YUNHSM, publicKey), bArr);
    }

    public static X509CRL decodeCRLByPcie(PublicKey publicKey, byte[] bArr) throws CRLException, IOException, CertException {
        return decodeCRL(new SdfContentVerifierProvider(SdfCryptoType.PCIE, publicKey), bArr);
    }

    public static X509CRL decodeCRLBySdf(SdfCryptoType sdfCryptoType, PublicKey publicKey, byte[] bArr) throws CRLException, IOException, CertException {
        return decodeCRL(new SdfContentVerifierProvider(sdfCryptoType, publicKey), bArr);
    }

    public static X509CRL decodeCRL(ContentVerifierProvider contentVerifierProvider, byte[] bArr) throws IOException, CertException, CRLException {
        X509CRLHolder x509CRLHolder = new X509CRLHolder(bArr);
        x509CRLHolder.isSignatureValid(contentVerifierProvider);
        return new JcaX509CRLConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCRL(x509CRLHolder);
    }

    static {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
