package com.formosoft.va.util;

import com.formosoft.jpki.util.PEMReader;
import com.formosoft.util.codec.Base64Utils;
import com.formosoft.util.io.FileUtils;
import com.formosoft.util.tools.StringUtils;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.pkcs.ContentInfo;
import org.bouncycastle.asn1.x509.Attribute;
import org.bouncycastle.asn1.x509.AttributeCertificate;
import org.bouncycastle.asn1.x509.IssuerSerial;
import org.bouncycastle.asn1.x509.V2Form;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.asn1.x509.X509Name;

/* loaded from: input_file:com/formosoft/va/util/CGAttrCert.class */
public class CGAttrCert {
    private AttributeCertificate attCert;
    private X509Certificate primary;
    private String ErrMsg;
    private ArrayList lstAP;

    public CGAttrCert(InputStream inputStream) throws IOException, CertificateException {
        this.lstAP = null;
        this.ErrMsg = null;
        ASN1Sequence aSN1Sequence = (ASN1Sequence) ((DERTaggedObject) ((ASN1Sequence) ContentInfo.getInstance(new ASN1InputStream(inputStream).readObject()).getContent()).getObjectAt(3)).getObject();
        this.attCert = AttributeCertificate.getInstance(aSN1Sequence.getObjectAt(1));
        X509CertificateStructure x509CertificateStructure = X509CertificateStructure.getInstance(aSN1Sequence.getObjectAt(0));
        if (x509CertificateStructure != null) {
            this.primary = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(x509CertificateStructure.getEncoded()));
        }
    }

    public CGAttrCert(String str) throws IOException, CertificateException {
        this(new ByteArrayInputStream(Base64Utils.decode(str)));
    }

    public String getHolderIssuer() {
        return X509Name.getInstance(this.attCert.getAcinfo().getHolder().getBaseCertificateID().getIssuer().getNames()[0].getName()).toString(true, X509Name.RFC2253Symbols);
    }

    public BigInteger getHolderSerialNumber() {
        return this.attCert.getAcinfo().getHolder().getBaseCertificateID().getSerial().getPositiveValue();
    }

    public String getIssuerDn() {
        V2Form v2Form = V2Form.getInstance(this.attCert.getAcinfo().getIssuer().getIssuer());
        if (v2Form.getIssuerName() == null) {
            return null;
        }
        return X509Name.getInstance(v2Form.getIssuerName().getNames()[0].getName()).toString(true, X509Name.RFC2253Symbols);
    }

    public String getIssuerIssuer() {
        IssuerSerial baseCertificateID = V2Form.getInstance(this.attCert.getAcinfo().getIssuer().getIssuer()).getBaseCertificateID();
        if (baseCertificateID == null) {
            return null;
        }
        return X509Name.getInstance(baseCertificateID.getIssuer().getNames()[0].getName()).toString(true, X509Name.RFC2253Symbols);
    }

    public BigInteger getIssuerSerial() {
        IssuerSerial baseCertificateID = V2Form.getInstance(this.attCert.getAcinfo().getIssuer().getIssuer()).getBaseCertificateID();
        if (baseCertificateID == null) {
            return null;
        }
        return baseCertificateID.getSerial().getPositiveValue();
    }

    public String getSignatureID() {
        return this.attCert.getAcinfo().getSignature().getObjectId().getId();
    }

    public BigInteger getSerialNumber() {
        return this.attCert.getAcinfo().getSerialNumber().getValue();
    }

    public Date getNotBefore() throws ParseException {
        return this.attCert.getAcinfo().getAttrCertValidityPeriod().getNotBeforeTime().getDate();
    }

    public Date getNotAfter() throws ParseException {
        return this.attCert.getAcinfo().getAttrCertValidityPeriod().getNotAfterTime().getDate();
    }

    public boolean checkAPList(String str) {
        if (this.lstAP == null) {
            GetAPList();
        }
        return this.lstAP.contains(str.trim());
    }

    public String[] GetAPList() {
        String[] strArr = null;
        if (this.lstAP == null) {
            this.lstAP = new ArrayList();
            Enumeration objects = this.attCert.getAcinfo().getAttributes().getObjects();
            while (objects.hasMoreElements()) {
                Attribute attribute = Attribute.getInstance(objects.nextElement());
                if (attribute.getAttrType().getId().compareTo("2.16.886.1.100.2.501") == 0) {
                    ASN1Sequence dERSequence = DERSequence.getInstance(attribute.getAttrValues().getObjectAt(0));
                    for (int i = 0; i < dERSequence.size(); i++) {
                        this.lstAP.add(DERUTF8String.getInstance(dERSequence.getObjectAt(i)).getString().trim());
                    }
                }
            }
        }
        if (this.lstAP != null && this.lstAP.size() > 0) {
            strArr = new String[this.lstAP.size()];
            for (int i2 = 0; i2 < this.lstAP.size(); i2++) {
                strArr[i2] = (String) this.lstAP.get(i2);
            }
        }
        return strArr;
    }

    private String getSignatureAlgorithmID() {
        return this.attCert.getSignatureAlgorithm().getObjectId().getId();
    }

    public String getErrorMsg() {
        return this.ErrMsg;
    }

    public boolean verify(String str, String str2) {
        if (StringUtils.isBlank(str)) {
            this.ErrMsg = "副卡憑證不得為空值";
            return false;
        }
        try {
            PEMReader pEMReader = new PEMReader(str);
            if (StringUtils.isBlank(str2)) {
                try {
                    return verify(pEMReader.getEncoded());
                } catch (Exception e) {
                    this.ErrMsg = e.getMessage();
                    return false;
                }
            }
            try {
                try {
                    return verify(new PEMReader(str2).getEncoded(), pEMReader.getEncoded());
                } catch (Exception e2) {
                    this.ErrMsg = e2.getMessage();
                    return false;
                }
            } catch (Exception e3) {
                this.ErrMsg = e3.getMessage();
                return false;
            }
        } catch (Exception e4) {
            this.ErrMsg = e4.getMessage();
            return false;
        }
    }

    private boolean verify(byte[] bArr) throws CertificateException, IOException, SignatureException, ParseException, NoSuchAlgorithmException, InvalidKeyException {
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(bArr));
        if (this.primary == null) {
            throw new CertificateException("Can't find primary certificate");
        }
        return verify(this.primary, x509Certificate);
    }

    private boolean verify(byte[] bArr, byte[] bArr2) throws CertificateException, InvalidKeyException, SignatureException, NoSuchAlgorithmException, ParseException, IOException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
        return verify((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr)), (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr2)));
    }

    private boolean verify(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws SignatureException, ParseException, IOException, NoSuchAlgorithmException, InvalidKeyException {
        String issuerDn = getIssuerDn();
        if (issuerDn != null) {
            if (issuerDn.compareToIgnoreCase(x509Certificate.getSubjectX500Principal().toString().replaceAll(" ", "").replaceAll("SERIALNUMBER", "2.5.4.5")) != 0) {
                this.ErrMsg = "授權證IssuerDN與正卡憑證SubjectDN不一致";
                return false;
            }
        } else {
            if (getIssuerIssuer() == null) {
                this.ErrMsg = "授權證IssuerDN為空白";
                return false;
            }
            if (getIssuerIssuer().compareToIgnoreCase(x509Certificate.getIssuerX500Principal().getName()) != 0) {
                this.ErrMsg = "授權證Issuer與正卡憑證SubjectDN不一致";
                return false;
            }
            if (getIssuerSerial().compareTo(x509Certificate.getSerialNumber()) != 0) {
                this.ErrMsg = "授權證Serial與正卡憑證Serial不一致";
                return false;
            }
        }
        String holderIssuer = getHolderIssuer();
        if (holderIssuer == null) {
            this.ErrMsg = "授權證HolderIssuer為空白";
            return false;
        }
        if (holderIssuer.compareToIgnoreCase(x509Certificate2.getIssuerX500Principal().getName()) != 0) {
            this.ErrMsg = "授權證HolderIssuer與附卡憑證IssuerDN不一致";
            return false;
        }
        if (getHolderSerialNumber().compareTo(x509Certificate2.getSerialNumber()) != 0) {
            this.ErrMsg = "授權證HolderSN與附卡憑證序號不一致";
            return false;
        }
        if (x509Certificate.getSubjectX500Principal().getName().compareToIgnoreCase(x509Certificate2.getSubjectX500Principal().getName()) != 0) {
            this.ErrMsg = "正附卡憑證的SubjectDN不一致";
            return false;
        }
        if (x509Certificate.getIssuerX500Principal().getName().compareToIgnoreCase(x509Certificate2.getIssuerX500Principal().getName()) != 0) {
            this.ErrMsg = "正附卡憑證的IssuerDN不一致";
            return false;
        }
        Date date = new Date();
        if (getNotBefore().after(date) || getNotAfter().before(date)) {
            this.ErrMsg = "授權證已過期";
            return false;
        }
        Signature signature = Signature.getInstance(getSignatureAlgorithmID());
        signature.initVerify(x509Certificate);
        signature.update(this.attCert.getAcinfo().getEncoded());
        return signature.verify(this.attCert.getSignatureValue().getBytes());
    }

    public static void main(String[] strArr) throws IOException, CertificateException {
        String readFileToString = FileUtils.readFileToString("E:\\temp\\AC_cert\\attCert.cer");
        String readFileToString2 = FileUtils.readFileToString("E:\\temp\\AC_cert\\secCert.cer");
        CGAttrCert cGAttrCert = new CGAttrCert(readFileToString);
        if (!cGAttrCert.verify(readFileToString2, (String) null)) {
            System.out.println(cGAttrCert.getErrorMsg());
        }
        for (String str : cGAttrCert.GetAPList()) {
            System.out.println("aplst-->" + str);
        }
        System.out.println("----------");
        for (String str2 : cGAttrCert.GetAPList()) {
            System.out.println("aplst-->" + str2);
        }
        System.out.println("check http://epaper.hinet.net " + cGAttrCert.checkAPList("http://epaper.hinet.net"));
    }
}
