package cn.topca.api.cert;

import cn.tca.TopBasicCrypto.asn1.ASN1ObjectIdentifier;
import cn.tca.TopBasicCrypto.asn1.ASN1Sequence;
import cn.tca.TopBasicCrypto.asn1.cms.AttributeTable;
import cn.tca.TopBasicCrypto.asn1.cms.CMSAttributes;
import cn.tca.TopBasicCrypto.asn1.pkcs.PKCSObjectIdentifiers;
import cn.tca.TopBasicCrypto.cms.CMSException;
import cn.topca.core.ext.bc.asn1.cms.CMSObjectIdentifiers;
import cn.topca.core.ext.bc.cms.CMSSignedData;
import cn.topca.core.ext.bc.cms.SignerInformation;
import cn.topca.security.x509.AlgorithmId;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: input_file:cn/topca/api/cert/LicenseMgr.class */
class LicenseMgr {
    private static String licRule;
    private static String licCert = "MIIDQDCCAuWgAwIBAgIUXyWc2syCu37zBbMAe4uOyb35tfIwDAYIKoEcz1UBg3UFADBVMSYwJAYDVQQDDB3lpKnor5rlronkv6HmtYvor5VTTTLnlKjmiLdDQTEOMAwGA1UECwwFVE9QQ0ExDjAMBgNVBAoMBVRPUENBMQswCQYDVQQGEwJDTjAeFw0xNDA5MjYwNzQ2MDhaFw0xNTA5MjYwNzQ2MDhaMDExGDAWBgNVBAMMD1NpZ25FU0EyMDE0MDkyNzEVMBMGA1UECgwM5aSp6K+a5a6J5L+hMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAElhZ4UuYjL2ZO535qLQsF4ujGGCc7odxAZuxCGXh+94nOhXHQLLO3/G9ZjnLuXeoDB3n0Bsj4iboW2X/AA5KFiaOCAbMwggGvMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgbAMIGKBggrBgEFBQcBAQR+MHwwegYIKwYBBQUHMAKGbmh0dHA6Ly9Zb3VyX1NlcnZlcl9OYW1lOlBvcnQvVG9wQ0EvdXNlckVucm9sbC9jYUNlcnQ/Y2VydFNlcmlhbE51bWJlcj01QTQ3RUNGMTA1ODA0QTVDNkE1QjIyOTI5Qjc1REYwREZCQzBENzk2MFcGA1UdLgRQME4wTKBKoEiGRlBvcnQvVG9wQ0EvcHVibGljL2l0cnVzY3JsP0NBPTVBNDdFQ0YxMDU4MDRBNUM2QTVCMjI5MjlCNzVERjBERkJDMEQ3OTYwbwYDVR0fBGgwZjBkoGKgYIZeaHR0cDovL1lvdXJfU2VydmVyX05hbWU6UG9ydC9Ub3BDQS9wdWJsaWMvaXRydXNjcmw/Q0E9NUE0N0VDRjEwNTgwNEE1QzZBNUIyMjkyOUI3NURGMERGQkMwRDc5NjAfBgNVHSMEGDAWgBQ9icZHy3GFsNk71kiwidnn/u/a2TAdBgNVHQ4EFgQUSzvtf4eChoegEpKxLuYAJdi1EQAwDAYIKoEcz1UBg3UFAANHADBEAiC9tNcXzI0fmOxsbqvtcvksS6kl3yXzH1qTPyuE7ldhggIg6D6HGfkXjg3n7Bqob7UNuzqb3GIgPzdWQeeam10yhHs=";
    private static final LicenseMgr LicenseConfigInstance = new LicenseMgr();

    private LicenseMgr() {
        licRule = null;
    }

    public static synchronized LicenseMgr getInstance() {
        return LicenseConfigInstance;
    }

    private JSONObject verifyLicense(String str) throws CertApiException {
        String str2;
        byte[] SHA256;
        byte[] decode = TCAUtil.decode(str);
        ASN1ObjectIdentifier objectAt = ASN1Sequence.getInstance(decode).getObjectAt(0);
        if (!objectAt.equals(CMSObjectIdentifiers.signedData) && !objectAt.equals(CMSObjectIdentifiers.gm_signedData)) {
            throw new CertApiException(TCAErrCode.ERR_CONTENTTYPE);
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier = PKCSObjectIdentifiers.signedData;
        try {
            CMSSignedData cMSSignedData = new CMSSignedData(decode);
            if (cMSSignedData.getSignedContent() == null) {
                throw new CertApiException(TCAErrCode.ERR_PKCS7_VERIFY_NOPLAIN);
            }
            byte[] bArr = (byte[]) cMSSignedData.getSignedContent().getContent();
            ArrayList arrayList = (ArrayList) cMSSignedData.getSignerInfos().getSigners();
            if (arrayList.size() == 0) {
                throw new CertApiException(TCAErrCode.ERR_PKCS7_NOSIGNER);
            }
            PublicKey publicKey = TCAUtil.convB64Str2Cert(licCert).getPublicKey();
            for (int i = 0; i < arrayList.size(); i++) {
                SignerInformation signerInformation = (SignerInformation) arrayList.get(i);
                String str3 = publicKey.getAlgorithm().equalsIgnoreCase(TCA.SM2) ? TCA.SM2 : "RSA";
                if (signerInformation.getDigestAlgOID().equals(AlgorithmId.SM3_oid.toString())) {
                    str2 = TCA.SM3;
                } else if (signerInformation.getDigestAlgOID().equals(AlgorithmId.SHA_oid.toString())) {
                    str2 = TCA.SHA1;
                } else {
                    if (!signerInformation.getDigestAlgOID().equals(AlgorithmId.SHA256_oid.toString())) {
                        throw new CertApiException(TCAErrCode.ERR_INVALID_ALGPARAMET);
                    }
                    str2 = TCA.SHA256;
                }
                String str4 = str2 + "With" + str3;
                try {
                    Signature signature = str3.equalsIgnoreCase(TCA.SM2) ? Signature.getInstance(str4, TCAUtil.getSm2Provider()) : Signature.getInstance(str4, TCAUtil.getBcProvider());
                    signature.initVerify(publicKey);
                    byte[] bArr2 = bArr;
                    if (signerInformation.getSignedAttributes() != null) {
                        AttributeTable signedAttributes = signerInformation.getSignedAttributes();
                        if (signedAttributes.size() != 3) {
                            throw new CertApiException(TCAErrCode.ERR_PKCS7_ATTR_ERR);
                        }
                        if (signedAttributes.get(CMSAttributes.contentType) == null) {
                            throw new CertApiException(TCAErrCode.ERR_PKCS7_NOFOUND_CT);
                        }
                        if (signedAttributes.get(CMSAttributes.signingTime) == null) {
                            throw new CertApiException(TCAErrCode.ERR_PKCS7_NOFOUND_ST);
                        }
                        if (signedAttributes.get(CMSAttributes.messageDigest) == null) {
                            throw new CertApiException(TCAErrCode.ERR_PKCS7_NOFOUND_MD);
                        }
                        byte[] octets = signerInformation.getSignedAttributes().get(CMSAttributes.messageDigest).getAttrValues().getObjectAt(0).getOctets();
                        signedAttributes.get(CMSAttributes.messageDigest).getAttrValues().getObjectAt(0).getDERObject().toASN1Object();
                        if (str2.equalsIgnoreCase(TCA.SM3)) {
                            SHA256 = TCAUtil.SM3(bArr);
                        } else if (str2.equalsIgnoreCase(TCA.SHA1)) {
                            SHA256 = TCAUtil.SHA1(bArr);
                        } else {
                            if (!str2.equalsIgnoreCase(TCA.SHA256)) {
                                throw new CertApiException(TCAErrCode.ERR_INVALID_ALGPARAMET);
                            }
                            SHA256 = TCAUtil.SHA256(bArr);
                        }
                        if (!Arrays.equals(octets, SHA256)) {
                            throw new CertApiException(TCAErrCode.ERR_PKCS7_MD_VERIFY);
                        }
                        try {
                            bArr2 = signerInformation.getEncodedSignedAttributes();
                        } catch (IOException e) {
                            throw new CertApiException(TCAErrCode.ERR_STREAM, e);
                        }
                    }
                    try {
                        signature.update(bArr2);
                        if (signature.verify(signerInformation.getSignature())) {
                            return new JSONObject(new String(bArr, "UTF-8"));
                        }
                    } catch (UnsupportedEncodingException e2) {
                        throw new CertApiException(TCAErrCode.ERR_ENCODE, e2);
                    } catch (SignatureException e3) {
                        throw new CertApiException(TCAErrCode.ERR_PKCS7_VERIFY_FAILD, e3);
                    } catch (JSONException e4) {
                        throw new CertApiException(TCAErrCode.ERR_JSON_PARSING, e4);
                    }
                } catch (InvalidKeyException e5) {
                    throw new CertApiException(TCAErrCode.ERR_INVALID_KEY, e5);
                } catch (NoSuchAlgorithmException e6) {
                    throw new CertApiException(TCAErrCode.ERR_UNKNOWN_ALG, e6);
                }
            }
            return null;
        } catch (CMSException e7) {
            throw new CertApiException(TCAErrCode.ERR_CMS_BADSIGN, e7);
        }
    }

    private boolean isValidLicense(JSONObject jSONObject) throws CertApiException {
        try {
            String string = jSONObject.getString("notbefore");
            String string2 = jSONObject.getString("notafter");
            String string3 = jSONObject.getString("softVersion");
            String string4 = jSONObject.getString("Issuer");
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd");
            try {
                Date parse = simpleDateFormat.parse(string2);
                Date parse2 = simpleDateFormat.parse(string);
                Date date = new Date();
                if (date.before(parse2) || date.after(parse)) {
                    throw new CertApiException(TCAErrCode.ERR_LICENSE_EXPIRE);
                }
                if (!string3.startsWith(TCA.softVersion.substring(0, 3))) {
                    throw new CertApiException(TCAErrCode.ERR_LICENSE_BADVER);
                }
                licRule = TCADebugUtil.isDebug() ? ".*" : string4;
                return true;
            } catch (ParseException e) {
                throw new CertApiException(TCAErrCode.ERR_DATE_FORMAT, e);
            }
        } catch (JSONException e2) {
            throw new CertApiException(TCAErrCode.ERR_JSON_PARSING, e2);
        }
    }

    public boolean init(String str) throws CertApiException {
        JSONObject verifyLicense = verifyLicense(str);
        if (verifyLicense == null) {
            throw new CertApiException(TCAErrCode.ERR_JSON_PARSING);
        }
        return isValidLicense(verifyLicense);
    }

    public boolean certWithLicense(X509Certificate x509Certificate) {
        return x509Certificate.getIssuerX500Principal().toString().matches(licRule);
    }

    public boolean certWithLicense(java.security.cert.Certificate certificate) throws CertApiException {
        try {
            return TCAUtil.convBin2Cert(certificate.getEncoded()).getIssuerX500Principal().toString().matches(licRule);
        } catch (CertificateEncodingException e) {
            throw new CertApiException(TCAErrCode.ERR_CERT_ENCODING, e);
        }
    }
}
