package cn.com.infosec.oscca.sm2;

import cn.com.infosec.asn1.ASN1InputStream;
import cn.com.infosec.asn1.ASN1Sequence;
import cn.com.infosec.asn1.x509.X509Extensions;
import cn.com.infosec.asn1.x509.X509Name;
import cn.com.infosec.jce.provider.InfosecProvider;
import cn.com.infosec.netsign.crypto.exception.CryptoException;
import cn.com.infosec.netsign.der.util.DERSegment;
import cn.com.infosec.netsign.frame.config.ExtendedConfig;
import cn.com.infosec.netsign.logger.ConsoleLogger;
import cn.com.infosec.oscca.OID;
import cn.com.infosec.oscca.SDFJNI;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.Serializable;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Set;

/* loaded from: input_file:cn/com/infosec/oscca/sm2/SM2Certificate.class */
public class SM2Certificate extends X509Certificate implements Serializable {
    private SM2PublicKey pubk;
    private byte[] pubKeyEncoded;
    private BigInteger sn;
    private Principal issuerSubject;
    private String issuerSubjectStr;
    private Principal subject;
    private String subjectStr;
    private byte[] certEncoded;
    private String sigAlgOID;
    private String sigAlgName;
    private byte[] signature;
    private byte[] tbsCert;
    private Date notBefore;
    private String notBeforeStr;
    private Date notAfter;
    private String notAfterStr;
    private SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
    private X509Certificate x509Cert;
    private String crldp;

    public SM2Certificate(X509Certificate x509Certificate, byte[] bArr, byte[] bArr2) {
        this.x509Cert = x509Certificate;
        this.certEncoded = bArr;
        this.tbsCert = bArr2;
        parseTBSCert(this.tbsCert);
        this.signature = this.x509Cert.getSignature();
    }

    public SM2Certificate(InputStream inputStream) throws IOException, CertificateException, NoSuchProviderException {
        this.x509Cert = (X509Certificate) CertificateFactory.getInstance("X.509FX", "INFOSEC").generateCertificate(inputStream);
        this.certEncoded = this.x509Cert.getEncoded();
        this.tbsCert = this.x509Cert.getTBSCertificate();
        parseTBSCert(this.tbsCert);
        this.signature = this.x509Cert.getSignature();
    }

    private void parseTBSCert(byte[] bArr) {
        this.sn = this.x509Cert.getSerialNumber();
        this.issuerSubject = this.x509Cert.getIssuerDN();
        this.issuerSubjectStr = this.issuerSubject.toString();
        this.notBefore = this.x509Cert.getNotBefore();
        this.notBeforeStr = this.dateFormat.format(this.notBefore);
        this.notAfter = this.x509Cert.getNotAfter();
        this.notAfterStr = this.dateFormat.format(this.notAfter);
        this.subject = this.x509Cert.getSubjectDN();
        this.subjectStr = this.subject.toString();
        this.sigAlgOID = this.x509Cert.getSigAlgOID();
        this.sigAlgName = OID.getAlgrithmNameByOid(this.sigAlgOID);
        this.pubKeyEncoded = new DERSegment(bArr).getInnerDERSegment().getDERSegment(6).getEncoded();
        this.pubk = new SM2PublicKey(this.pubKeyEncoded);
        parseCRLDP();
    }

    private void parseCRLDP() {
        try {
            byte[] extensionValue = this.x509Cert.getExtensionValue(X509Extensions.CRLDistributionPoints.getId());
            if (extensionValue == null) {
                return;
            }
            DERSegment dERSegment = new DERSegment(extensionValue).getInnerDERSegment().getInnerDERSegment().getDERSegment(0).getInnerDERSegment().getDERSegment(0).getInnerDERSegment().getDERSegment(0).getInnerDERSegment().getDERSegment(0);
            if (dERSegment.getType() == -92) {
                this.crldp = new X509Name(ASN1Sequence.getInstance(new ASN1InputStream(new ByteArrayInputStream(dERSegment.getInnerData())).readObject())).toString().split("CN=")[1].split(",")[0];
            } else if (dERSegment.getType() == -122) {
                this.crldp = new String(dERSegment.getInnerData());
            }
        } catch (Exception e) {
        }
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgOID() {
        return this.sigAlgOID;
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgName() {
        return this.sigAlgName;
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSignature() {
        return this.signature;
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getTBSCertificate() {
        return this.tbsCert;
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotBefore() {
        return this.notBefore;
    }

    public String getNotBeforeStr() {
        return this.notBeforeStr;
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotAfter() {
        return this.notAfter;
    }

    public String getNotAfterStr() {
        return this.notAfterStr;
    }

    public String getCRLDP() {
        return this.crldp;
    }

    public String getSubjectDNStr() {
        return this.subjectStr;
    }

    public String getIssuerDNStr() {
        return this.issuerSubjectStr;
    }

    @Override // java.security.cert.X509Certificate
    public Principal getSubjectDN() {
        return this.subject;
    }

    @Override // java.security.cert.Certificate
    public PublicKey getPublicKey() {
        return this.pubk;
    }

    public SM2PublicKey getSM2PublicKey() {
        return this.pubk;
    }

    public byte[] getPublicKeyEncoded() {
        return this.pubKeyEncoded;
    }

    @Override // java.security.cert.X509Certificate
    public BigInteger getSerialNumber() {
        return this.sn;
    }

    @Override // java.security.cert.X509Certificate
    public Principal getIssuerDN() {
        return this.issuerSubject;
    }

    public X509Certificate getX509Cert() {
        return this.x509Cert;
    }

    @Override // java.security.cert.Certificate
    public byte[] getEncoded() throws CertificateEncodingException {
        return this.certEncoded;
    }

    @Override // java.security.cert.Certificate
    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append("------------------BEGIN CERTIFICATER------------------\n");
        sb.append("ISSUER:").append(this.issuerSubjectStr).append("\n");
        sb.append("SERIAL NUMBER:").append(this.sn.toString()).append("\n");
        sb.append("SUBJECT:").append(this.subjectStr).append("\n");
        sb.append("NOT BEFORE:").append(this.notBeforeStr).append("\n");
        sb.append("NOT AFTER:").append(this.notAfterStr).append("\n");
        sb.append("-------------------END CERTIFICATER------------------\n");
        return sb.toString();
    }

    @Override // java.security.cert.Certificate
    public void verify(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        throw new NoSuchAlgorithmException("Can not support SM2");
    }

    private boolean checkCertValidity(long j, long j2) {
        if (!ExtendedConfig.isCheckCertValidity()) {
            return true;
        }
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        return j <= currentTimeMillis && j2 >= currentTimeMillis;
    }

    @Override // java.security.cert.Certificate
    public void verify(PublicKey publicKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        try {
            verifyWithID(publicKey, null);
        } catch (CryptoException e) {
            throw new SignatureException(e.toString());
        } catch (NoSuchProviderException e2) {
            e2.printStackTrace();
        }
    }

    public void verifyWithID(PublicKey publicKey, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException, CryptoException {
        if (!(publicKey instanceof SM2PublicKey)) {
            throw new InvalidKeyException("Only SM2PublicKey accept");
        }
        SM2PublicKey sM2PublicKey = (SM2PublicKey) publicKey;
        String str = this.sigAlgOID.equals(OID.OID_SHA1withSM2) ? "SHA1" : "SM3";
        if (this.sigAlgOID.equals(OID.OID_SHA256withSM2)) {
            str = "SHA256";
        }
        try {
            if (SDFJNI.SM2VierifyWithExternalKey(this.tbsCert, str, this.signature, sM2PublicKey, bArr)) {
            } else {
                throw new SignatureException("Certificate verify failed by root public key");
            }
        } catch (Exception e) {
            throw new SignatureException("Certificate verify failed by root public key", e);
        }
    }

    public static void main(String[] strArr) {
        try {
            Security.addProvider(new InfosecProvider());
            SM2Certificate sM2Certificate = new SM2Certificate(new FileInputStream("d:/测验/5year.cer"));
            System.out.println(new StringBuffer("sn:").append(sM2Certificate.getSerialNumber().toString(16)).toString());
            System.out.println(new StringBuffer("issuer:").append(sM2Certificate.getIssuerDNStr()).toString());
            System.out.println(new StringBuffer("notBefore:").append(sM2Certificate.notBeforeStr).toString());
            System.out.println(new StringBuffer("notAfter:").append(sM2Certificate.notAfterStr).toString());
            System.out.println(new StringBuffer("alg:").append(sM2Certificate.getSigAlgOID()).toString());
            System.out.println(new StringBuffer("subject:").append(sM2Certificate.subjectStr).toString());
            ConsoleLogger.logBinary("public key", sM2Certificate.getPublicKeyEncoded());
            ConsoleLogger.logBinary("signature", sM2Certificate.signature);
            ConsoleLogger.logString(new StringBuffer("crldp:").append(sM2Certificate.crldp).toString());
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        return this.x509Cert.getCriticalExtensionOIDs();
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        return this.x509Cert.getExtensionValue(str);
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        return this.x509Cert.getNonCriticalExtensionOIDs();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        return this.x509Cert.hasUnsupportedCriticalExtension();
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
        this.x509Cert.checkValidity();
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
        this.x509Cert.checkValidity(date);
    }

    @Override // java.security.cert.X509Certificate
    public int getBasicConstraints() {
        return this.x509Cert.getBasicConstraints();
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getIssuerUniqueID() {
        return this.x509Cert.getIssuerUniqueID();
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getKeyUsage() {
        return this.x509Cert.getKeyUsage();
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSigAlgParams() {
        return null;
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getSubjectUniqueID() {
        return this.x509Cert.getSubjectUniqueID();
    }

    @Override // java.security.cert.X509Certificate
    public int getVersion() {
        return this.x509Cert.getVersion();
    }
}
