package cfca.paperless.util;

import cfca.org.slf4j.Logger;
import cfca.org.slf4j.LoggerFactory;
import cfca.paperless.util.constants.UtilConstants;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.x509.certificate.X509CRL;
import cfca.sadk.x509.certificate.X509Cert;
import cfca.sadk.x509.certificate.X509CertVerifier;
import java.util.Date;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:cfca/paperless/util/CertVerifyUtil.class */
public class CertVerifyUtil {
    protected static final Logger sysLog = LoggerFactory.getLogger(UtilConstants.SYS_LOG);

    public static boolean verifyCertDate(X509Cert x509Cert, Date date) {
        return !x509Cert.getNotAfter().before(date) || x509Cert.getNotBefore().after(date);
    }

    public static int verifyCertDate(X509Cert x509Cert) {
        Date notAfter = x509Cert.getNotAfter();
        Date notBefore = x509Cert.getNotBefore();
        Date currentTime = TimeUtil.getCurrentTime();
        if (notAfter.before(currentTime)) {
            sysLog.error("preCert has expired.");
            return 1;
        }
        if (!notBefore.after(currentTime)) {
            return 0;
        }
        sysLog.error("preCert is unvalid.");
        return 2;
    }

    public static boolean verifyCertDateByX509(X509Cert x509Cert) {
        return X509CertVerifier.verifyCertDate(x509Cert);
    }

    public static boolean verifyCertSign(X509Cert x509Cert, X509Cert x509Cert2) throws Exception {
        X509CertVerifier.clearTrustCertsMap();
        X509CertVerifier.updateTrustCertsMap(x509Cert2);
        return X509CertVerifier.validateCertSign(x509Cert);
    }

    public static boolean verifyCertSign(List<X509Cert> list, List<X509Cert> list2) {
        boolean z = true;
        X509Cert[] x509CertArr = new X509Cert[list2.size()];
        list2.toArray(x509CertArr);
        try {
            X509CertVerifier.clearTrustCertsMap();
            X509CertVerifier.updateTrustCertsMap(x509CertArr);
            Iterator<X509Cert> it = list.iterator();
            while (it.hasNext()) {
                z = z && X509CertVerifier.validateCertSign(it.next());
                if (!z) {
                    break;
                }
            }
        } catch (PKIException e) {
            z = false;
        }
        return z;
    }

    public static boolean verifyByCRL(X509Cert x509Cert, X509CRL x509crl) {
        return x509crl.isRevoke(x509Cert.getStringSerialNumber());
    }
}
