package cfca.sadk.x509.certificate;

import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.algorithm.common.MechanismKit;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.asn1.parser.ASN1Parser;
import cfca.sadk.lib.crypto.Session;
import cfca.sadk.org.bouncycastle.asn1.ASN1EncodableVector;
import cfca.sadk.org.bouncycastle.asn1.ASN1Integer;
import cfca.sadk.org.bouncycastle.asn1.DERBitString;
import cfca.sadk.org.bouncycastle.asn1.DEROctetString;
import cfca.sadk.org.bouncycastle.asn1.DERSequence;
import cfca.sadk.org.bouncycastle.asn1.sm2.ASN1SM2Signature;
import cfca.sadk.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cfca.sadk.org.bouncycastle.asn1.x509.Extension;
import cfca.sadk.org.bouncycastle.asn1.x509.TBSCertList;
import cfca.sadk.org.bouncycastle.asn1.x509.Time;
import cfca.sadk.org.bouncycastle.asn1.x509.V2TBSCertListGenerator;
import cfca.sadk.org.bouncycastle.asn1.x509.X509Extension;
import cfca.sadk.org.bouncycastle.asn1.x509.X509Extensions;
import cfca.sadk.org.bouncycastle.asn1.x509.X509Name;
import cfca.sadk.system.Mechanisms;
import cfca.sadk.system.SADKDebugger;
import cfca.sadk.system.logging.LoggerManager;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.util.Date;
import java.util.Hashtable;
import java.util.Vector;

/* loaded from: input_file:cfca/sadk/x509/certificate/X509CRLGenerator.class */
public class X509CRLGenerator {
    public static final int UNSPECIFIED = 0;
    public static final int KEY_COMPROMISE = 1;
    public static final int CA_COMPROMISE = 2;
    public static final int AFFILIATION_CHANGED = 3;
    public static final int SUPERSEDED = 4;
    public static final int CESSATION_OF_OPERATION = 5;
    public static final int CERTIFICATE_HOLD = 6;
    public static final int REMOVE_FROM_CRL = 8;
    public static final int PRIVILEGE_WITHDRAWN = 9;
    public static final int AA_COMPROMISE = 10;
    private V2TBSCertListGenerator tbsCRLGen;
    private Hashtable extensionSet;
    private Mechanism mechanism = null;
    private AlgorithmIdentifier sigAlg = null;
    private TBSCertList tbsCRL = null;
    private DERBitString signature = null;
    private String issuerName = null;
    private Date thisUpdate = null;

    public X509CRLGenerator() {
        this.tbsCRLGen = null;
        this.extensionSet = null;
        this.tbsCRLGen = new V2TBSCertListGenerator();
        this.extensionSet = new Hashtable();
    }

    public void addRevokeCert(String str, Date date) {
        this.tbsCRLGen.addCRLEntry(new ASN1Integer(new BigInteger(str, 16)), new Time(date), 0);
    }

    public void addRevokeCert(String str, Date date, int i) {
        this.tbsCRLGen.addCRLEntry(new ASN1Integer(new BigInteger(str, 16)), new Time(date), i);
    }

    public void addRevokeCert(BigInteger bigInteger, Date date) {
        this.tbsCRLGen.addCRLEntry(new ASN1Integer(bigInteger), new Time(date), 0);
    }

    public void addRevokeCert(BigInteger bigInteger, Date date, int i) {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("addRevokeCert>>>>>>Running");
            stringBuffer.append("\n serialNumber: ");
            stringBuffer.append(SADKDebugger.dump(bigInteger));
            stringBuffer.append("\n revokeTime: ");
            stringBuffer.append(date);
            stringBuffer.append("\n revokeReason: ");
            stringBuffer.append(i);
            LoggerManager.debugLogger.debug(stringBuffer.toString());
        }
        this.tbsCRLGen.addCRLEntry(new ASN1Integer(bigInteger), new Time(date), i);
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("addRevokeCert<<<<<<Finished");
        }
    }

    public void setIssuer(String str) {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("setIssuer>>>>>>Running: issuerDN=" + str);
        }
        if (str == null) {
            throw new IllegalArgumentException("issuerDN not allowed null");
        }
        this.issuerName = str;
        this.tbsCRLGen.setIssuer(new X509Name(str));
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("setIssuer<<<<<<Finished");
        }
    }

    public void setThisUpdate(Date date) {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("setNextUpdate>>>>>>Running: thisUpdate=" + date);
        }
        if (date == null) {
            throw new IllegalArgumentException("thisUpdate not allowed null");
        }
        this.thisUpdate = date;
        this.tbsCRLGen.setThisUpdate(new Time(date));
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("setNextUpdate<<<<<<Finished");
        }
    }

    public void setNextUpdate(Date date) {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("setNextUpdate>>>>>>Running: nextUpdate=" + date);
        }
        if (date != null) {
            this.tbsCRLGen.setNextUpdate(new Time(date));
        }
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("setNextUpdate<<<<<<Finished");
        }
    }

    public void setSignatureAlg(String str) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("setSignatureAlg>>>>>>Running: signatureAlgorithm=" + str);
        }
        try {
            if (str == null) {
                throw new PKIException(PKIException.SIG_ALG_NULL, PKIException.SIG_ALG_NULL_DES);
            }
            this.mechanism = Mechanisms.signMechanismFrom(str);
            if (this.mechanism == null) {
                throw new PKIException(PKIException.NONSUPPORT_SIGALG, PKIException.NONSUPPORT_SIGALG_DES + ": " + str);
            }
            this.sigAlg = new AlgorithmIdentifier(Mechanism.getObjectIdentifier(str));
            this.tbsCRLGen.setSignature(this.sigAlg);
            if (LoggerManager.debugLogger.isDebugEnabled()) {
                LoggerManager.debugLogger.debug("setSignatureAlg<<<<<<Finished");
            }
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("setSignatureAlg<<<<<<Failure", e);
            throw e;
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("setSignatureAlg<<<<<<Failure", th);
            throw new PKIException("setSignatureAlg Failure: " + th.getMessage(), th);
        }
    }

    public void addExtensions(Vector vector) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("addExtensions>>>>>>Running: extension=" + vector);
        }
        int size = vector.size();
        for (int i = 0; i < size; i++) {
            addExtension((Extension) vector.get(i));
        }
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("addExtension<<<<<<Finished");
        }
    }

    public void addExtension(Extension extension) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("addExtension>>>>>>Running: extension=" + SADKDebugger.dump(extension));
        }
        this.extensionSet.put(extension.getExtnId(), new X509Extension(extension.isCritical(), (DEROctetString) extension.getExtnValue()));
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("addExtension<<<<<<Finished");
        }
    }

    public byte[] generateCRL(PrivateKey privateKey, Session session) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("generateCRL>>>>>>Running: session=" + SADKDebugger.dump(session));
        }
        try {
            if (this.issuerName == null || this.issuerName.equals("")) {
                throw new PKIException(PKIException.ISSUER_NULL, PKIException.ISSUER_NULL_DES);
            }
            if (this.thisUpdate == null) {
                throw new PKIException(PKIException.THIS_UPDATE_NULL, PKIException.THIS_UPDATE_NULL_DES);
            }
            if (this.sigAlg == null) {
                throw new PKIException(PKIException.SIG_ALG_NULL, PKIException.SIG_ALG_NULL_DES);
            }
            generateSignature(privateKey, session);
            byte[] constructCRL = constructCRL();
            if (LoggerManager.debugLogger.isDebugEnabled()) {
                LoggerManager.debugLogger.debug("generateCRL<<<<<<Finished: crlBytes=" + SADKDebugger.dump(constructCRL));
            }
            return constructCRL;
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("generateCRL<<<<<<Failure", e);
            throw e;
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("generateCRL<<<<<<Failure", th);
            throw new PKIException("generateCRL Failure: " + th.getMessage(), th);
        }
    }

    private void generateSignature(PrivateKey privateKey, Session session) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("generateSignature::>>>>>>Running: session=" + SADKDebugger.dump(session));
        }
        try {
            if (this.extensionSet.size() > 0) {
                this.tbsCRLGen.setExtensions(new X509Extensions(this.extensionSet));
            }
            this.tbsCRL = this.tbsCRLGen.generateTBSCertList();
            try {
                try {
                    byte[] sign = session.sign(this.mechanism, privateKey, ASN1Parser.parseDERObj2Bytes(this.tbsCRL.toASN1Primitive()));
                    this.signature = new DERBitString((MechanismKit.SM2.equalsIgnoreCase(privateKey.getAlgorithm()) || this.mechanism.getMechanismType().toUpperCase().contains(MechanismKit.SM2)) ? new ASN1SM2Signature(sign).getEncoded() : sign);
                    if (LoggerManager.debugLogger.isDebugEnabled()) {
                        LoggerManager.debugLogger.debug("generateSignature::<<<<<<Finished: signatureData=" + SADKDebugger.dump(sign));
                    }
                } catch (Exception e) {
                    throw new PKIException(PKIException.SIGN, PKIException.SIGN_DES, e);
                }
            } catch (Exception e2) {
                throw new PKIException(PKIException.TBSCRL_BYTES, PKIException.TBSCRL_BYTES_DES, e2);
            }
        } catch (PKIException e3) {
            LoggerManager.exceptionLogger.error("generateSignature::<<<<<<Failure", e3);
            throw e3;
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("generateSignature::<<<<<<Failure", th);
            throw new PKIException("generateSignature Failure: " + th.getMessage(), th);
        }
    }

    private byte[] constructCRL() throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("constructCRL::>>>>>>Running");
        }
        try {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(this.tbsCRL);
            aSN1EncodableVector.add(this.sigAlg);
            aSN1EncodableVector.add(this.signature);
            try {
                byte[] parseDERObj2Bytes = ASN1Parser.parseDERObj2Bytes(new DERSequence(aSN1EncodableVector).toASN1Primitive());
                if (LoggerManager.debugLogger.isDebugEnabled()) {
                    LoggerManager.debugLogger.debug("constructCRL::<<<<<<Finished: crlData=" + SADKDebugger.dump(parseDERObj2Bytes));
                }
                return parseDERObj2Bytes;
            } catch (Exception e) {
                throw new PKIException(PKIException.CRL_BYTES, PKIException.CRL_BYTES_DES, e);
            }
        } catch (PKIException e2) {
            LoggerManager.exceptionLogger.error("constructCRL::<<<<<<Failure", e2);
            throw e2;
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("constructCRL::<<<<<<Failure", th);
            throw new PKIException("constructCRL Failure: " + th.getMessage(), th);
        }
    }
}
