package cfca.sadk.menckit.client;

import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.algorithm.sm2.SM2PublicKey;
import cfca.sadk.menckit.common.Environment;
import cfca.sadk.menckit.common.Errcode;
import cfca.sadk.menckit.common.Loggings;
import cfca.sadk.menckit.common.MenckitException;
import cfca.sadk.menckit.common.util.Args;
import cfca.sadk.menckit.common.util.Strings;
import cfca.sadk.org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import cfca.sadk.org.bouncycastle.crypto.digests.SHA1Digest;
import cfca.sadk.x509.certificate.X509Cert;
import java.security.PublicKey;
import java.util.Date;

/* loaded from: input_file:cfca/sadk/menckit/client/SM2Cert.class */
public class SM2Cert {
    final PublicKey pubkey;
    final X509Cert cert;
    final String keyId;
    private String detail;

    public SM2Cert(String str) throws MenckitException {
        this.detail = null;
        byte[] encodeKeyBytes = encodeKeyBytes(str);
        this.cert = null;
        this.pubkey = keyFrom(encodeKeyBytes);
        this.keyId = keyIdFrom(encodeKeyBytes);
        Loggings.runtimeLogger.info("MenckitClient: {}", Environment.INSTANCE.PLATFORM);
        Loggings.systemLogger.info("MenckitClient: cert={}", this);
    }

    public SM2Cert(byte[] bArr) throws MenckitException {
        this(from(bArr));
    }

    public SM2Cert(X509Cert x509Cert) throws MenckitException {
        this.detail = null;
        this.cert = (X509Cert) Args.notNull(x509Cert, "sm2Cert");
        this.keyId = keyIdFrom(x509Cert);
        this.pubkey = keyFrom(x509Cert);
        Loggings.runtimeLogger.info("MenckitClient: {}", Environment.INSTANCE.PLATFORM);
        Loggings.systemLogger.info("MenckitClient: cert={}", this);
    }

    public PublicKey getPublicKey() throws PKIException {
        return this.pubkey;
    }

    public void validate() {
        if (this.cert != null) {
            Date date = new Date();
            if (date.before(this.cert.getNotBefore()) || date.after(this.cert.getNotAfter())) {
                Loggings.runtimeLogger.error("certDateInvalid: {}", this);
            }
        }
    }

    public String getKeyId() {
        return this.keyId;
    }

    public boolean isFromCFCA() {
        return this.cert == null || this.cert.getIssuer().toUpperCase().contains("CFCA");
    }

    private static String keyIdFrom(X509Cert x509Cert) throws MenckitException {
        try {
            SubjectKeyIdentifier subjectKeyIdentifier = x509Cert.getSubjectKeyIdentifier();
            if (subjectKeyIdentifier == null) {
                throw new MenckitException(Errcode.argumentInvalid);
            }
            return Strings.encodeHex(subjectKeyIdentifier.getKeyIdentifier());
        } catch (Exception e) {
            Loggings.errorLogger.error("keyIdentifierInvalid");
            throw new MenckitException(Errcode.certInvalid, "keyIdentifierInvalid");
        }
    }

    private static PublicKey keyFrom(X509Cert x509Cert) throws MenckitException {
        try {
            return x509Cert.getPublicKey();
        } catch (Exception e) {
            Loggings.errorLogger.error("certInvalid/pubkeyInvalid", e);
            throw new MenckitException(Errcode.certInvalid, "certInvalid/pubkeyInvalid", e);
        }
    }

    private static X509Cert from(byte[] bArr) throws MenckitException {
        Args.notNull(bArr, "certBytes");
        try {
            return new X509Cert(bArr);
        } catch (Exception e) {
            Loggings.errorLogger.error("certInvalid", e);
            throw new MenckitException(Errcode.certInvalid, "certInvalid", e);
        }
    }

    private static PublicKey keyFrom(byte[] bArr) throws MenckitException {
        try {
            return new SM2PublicKey(bArr);
        } catch (Exception e) {
            Loggings.errorLogger.error("pubkeyInvalid: " + Strings.encodeHex(bArr), e);
            throw new MenckitException(Errcode.certInvalid, "pubkeyInvalid", e);
        }
    }

    private static byte[] encodeKeyBytes(String str) throws MenckitException {
        Args.notNull(str, "hexpubkey");
        byte[] decodeHex = Strings.decodeHex(str);
        if (decodeHex != null && (decodeHex.length == 64 || decodeHex.length == 65)) {
            return decodeHex;
        }
        Loggings.errorLogger.error("GenerateRecipientIdentifier failed: keyId==null");
        throw new MenckitException(Errcode.certInvalid, "hexpubkey==null/length!=64/65");
    }

    private static String keyIdFrom(byte[] bArr) throws MenckitException {
        Args.notNull(bArr, "keybytes");
        if (bArr == null || !(bArr.length == 64 || bArr.length == 65)) {
            Loggings.errorLogger.error("GenerateRecipientIdentifier failed: keyId==null");
            throw new MenckitException(Errcode.certInvalid, "hexpubkey==null/length!=64/65");
        }
        byte[] bArr2 = new byte[20];
        SHA1Digest sHA1Digest = new SHA1Digest();
        if (bArr.length == 64) {
            sHA1Digest.update((byte) 4);
        }
        sHA1Digest.update(bArr, 0, bArr.length);
        sHA1Digest.doFinal(bArr2, 0);
        return Strings.encodeHex(bArr2);
    }

    public String toString() {
        if (this.detail == null) {
            if (this.cert != null) {
                this.detail = String.format("SM2Cert[kid=%s, sn=%s; dn=%s; ca=%s; validate=%tF&%tF]", this.keyId, this.cert.getStringSerialNumber(), this.cert.getSubject(), this.cert.getIssuer(), this.cert.getNotBefore(), this.cert.getNotAfter());
            } else {
                this.detail = String.format("SM2Cert[kid=%s]", this.keyId);
            }
        }
        return this.detail;
    }
}
