package com.itrus.cert;

import cn.topca.security.sm.TopSMProvider;
import cn.topca.security.x509.AlgorithmId;
import com.itrus.util.CertUtils;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.util.Date;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.x509.CertificateList;
import org.bouncycastle.jce.provider.X509CRLObject;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:com/itrus/cert/X509CRL.class */
public class X509CRL extends X509CRLObject {
    static {
        Security.addProvider(new TopSMProvider());
    }

    public X509CRL(CertificateList certificateList) throws CRLException {
        super(certificateList);
    }

    public static X509CRL getInstanceFromURL(String str) throws IOException, CRLException {
        HttpURLConnection httpURLConnection = null;
        try {
            httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
            httpURLConnection.addRequestProperty("User-agent", "Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)");
            X509CRL x509crl = getInstance(httpURLConnection.getInputStream());
            httpURLConnection.disconnect();
            return x509crl;
        } catch (Throwable th) {
            httpURLConnection.disconnect();
            throw th;
        }
    }

    public static X509CRL getInstanceFromFile(String str) throws FileNotFoundException, CRLException {
        return engineGenerateCRL(new FileInputStream(str));
    }

    public static X509CRL getInstance(java.security.cert.X509CRL x509crl) throws CRLException {
        return getInstance(x509crl.getEncoded());
    }

    public static X509CRL getInstance(String str) throws CRLException {
        return engineGenerateCRL(new ASN1InputStream(str.getBytes()));
    }

    public static X509CRL getInstance(byte[] bArr) throws CRLException {
        return engineGenerateCRL(new ASN1InputStream(bArr));
    }

    public static X509CRL getInstance(InputStream inputStream) throws CRLException {
        return engineGenerateCRL(inputStream);
    }

    public String getIssuerDNString() {
        return CertUtils.getX509NameString(getIssuerX500Principal());
    }

    public boolean isOnValidPeriod() {
        Date thisUpdate = getThisUpdate();
        Date nextUpdate = getNextUpdate();
        Date date = new Date();
        return (date.before(thisUpdate) || date.after(nextUpdate)) ? false : true;
    }

    public static X509CRL engineGenerateCRL(InputStream inputStream) throws CRLException {
        if (!inputStream.markSupported()) {
            inputStream = new BufferedInputStream(inputStream);
        }
        try {
            inputStream.mark(10);
            if (inputStream.read() != 48) {
                inputStream.reset();
                return readPEMCRL(inputStream);
            }
            inputStream.reset();
            return readDERCRL(inputStream);
        } catch (Exception e) {
            throw new CRLException(e.toString());
        }
    }

    private static X509CRL readDERCRL(InputStream inputStream) throws IOException, CRLException {
        return new X509CRL(new CertificateList(new ASN1InputStream(inputStream).readObject()));
    }

    private static X509CRL readPEMCRL(InputStream inputStream) throws IOException, CRLException {
        StringBuffer stringBuffer = new StringBuffer();
        while (true) {
            String readLine = readLine(inputStream);
            if (readLine == null) {
                break;
            }
            if (!readLine.equals("-----BEGIN CRL-----") && !readLine.equals("-----BEGIN X509 CRL-----") && !readLine.equals("-----END CRL-----") && !readLine.equals("-----END X509 CRL-----")) {
                stringBuffer.append(readLine);
            }
        }
        if (stringBuffer.length() != 0) {
            return readDERCRL(new ByteArrayInputStream(Base64.decode(stringBuffer.toString())));
        }
        return null;
    }

    private static String readLine(InputStream inputStream) throws IOException {
        int read;
        StringBuffer stringBuffer = new StringBuffer();
        while (true) {
            read = inputStream.read();
            if (read == 10 || read < 0) {
                break;
            }
            if (read != 13) {
                stringBuffer.append((char) read);
            }
        }
        if (stringBuffer.length() != 0 || read >= 0) {
            return stringBuffer.toString();
        }
        return null;
    }

    public void verify(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        verify(publicKey, "BC");
    }

    public void verify(PublicKey publicKey, String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        if (!AlgorithmId.SM3withSM2_oid.toString().equals(super.getSigAlgOID())) {
            super.verify(publicKey, str);
            return;
        }
        Signature signature = Signature.getInstance("SM3withSM2");
        signature.initVerify(publicKey);
        signature.update(getTBSCertList());
        if (!signature.verify(getSignature())) {
            throw new SignatureException("CRL does not verify with supplied public key.");
        }
    }
}
