package cfca.sadk.ofd.base.common;

import cfca.com.google.typography.font.sfntly.table.truetype.CompositeGlyph;
import cfca.org.slf4j.Logger;
import cfca.org.slf4j.LoggerFactory;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.ofd.base.exception.SealException;
import cfca.sadk.ofd.base.ofd.OFDConstants;
import cfca.sadk.ofd.util.SysEnv;
import cfca.sadk.org.bouncycastle.asn1.ASN1Primitive;
import cfca.sadk.org.bouncycastle.asn1.DERBitString;
import cfca.sadk.org.bouncycastle.asn1.x509.Extension;
import cfca.sadk.x509.certificate.X509Cert;
import cfca.sadk.x509.certificate.X509CertVerifier;
import java.util.Date;

/* loaded from: input_file:cfca/sadk/ofd/base/common/CertVerifyUtil.class */
public class CertVerifyUtil {
    private static final Logger logger = LoggerFactory.getLogger(CertVerifyUtil.class);
    public static final String OCA32 = "oca32";

    public static boolean verifyCertSign(X509Cert x509Cert) throws PKIException, SealException {
        if (null == x509Cert) {
            throw new IllegalArgumentException("x509Cert is null!");
        }
        if (SysEnv.isTrustCertLoaded()) {
            return X509CertVerifier.validateCertSign(x509Cert);
        }
        throw new SealException("TrustCerts File is not loaded,invoke SysEnv.loadTrustCerts() first!");
    }

    public static boolean verifyByCRL(X509Cert x509Cert, Date date) throws SealException {
        if (null == x509Cert) {
            throw new IllegalArgumentException("userCert is null!");
        }
        long currentTimeMillis = System.currentTimeMillis();
        logger.info("verifyByCRL start...");
        boolean z = false;
        try {
            try {
                if (formatIssuerKey(x509Cert.getIssuer()).indexOf(OCA32) == -1 && CrlManager.isRevoked(x509Cert.getSerialNumber().toString(16), date)) {
                    z = true;
                }
                boolean z2 = z;
                logger.info("verifyByCRL end...cost=" + (System.currentTimeMillis() - currentTimeMillis) + " ms");
                return z2;
            } catch (Exception e) {
                logger.error("verifyByCRL failed:", e);
                throw new SealException("verifyByCRL failed:", e);
            }
        } catch (Throwable th) {
            logger.info("verifyByCRL end...cost=" + (System.currentTimeMillis() - currentTimeMillis) + " ms");
            throw th;
        }
    }

    public static boolean verifyByCRL(X509Cert x509Cert) throws SealException {
        return verifyByCRL(x509Cert, new Date());
    }

    public static boolean[] getCertKeyUsage(X509Cert x509Cert) throws Exception {
        boolean[] zArr;
        byte[] extensionByteData = x509Cert.getExtensionByteData(Extension.keyUsage);
        if (extensionByteData != null) {
            DERBitString dERBitString = DERBitString.getInstance(ASN1Primitive.fromByteArray(extensionByteData));
            byte[] bytes = dERBitString.getBytes();
            int length = (bytes.length * 8) - dERBitString.getPadBits();
            zArr = new boolean[length < 9 ? 9 : length];
            for (int i = 0; i != length; i++) {
                zArr[i] = (bytes[i / 8] & (CompositeGlyph.FLAG_WE_HAVE_A_TWO_BY_TWO >>> (i % 8))) != 0;
            }
        } else {
            zArr = null;
        }
        return zArr;
    }

    public static boolean verifyKeyUsageForDS(X509Cert x509Cert) throws Exception {
        boolean z = false;
        if (getCertKeyUsage(x509Cert)[0]) {
            z = true;
        }
        return z;
    }

    public static String formatIssuerKey(String str) {
        return formatSubject(str).replaceAll(OFDConstants.splitChar, "_").toLowerCase();
    }

    public static String formatSubject(String str) {
        return clearSpace(clearSpace(str, ","), "=");
    }

    public static String clearSpace(String str, String str2) {
        String[] split = str.split(str2);
        StringBuffer stringBuffer = new StringBuffer();
        for (String str3 : split) {
            stringBuffer.append(str2 + str3.trim());
        }
        return stringBuffer.toString().substring(1);
    }
}
