package cn.org.bjca.gaia.assemb.util;

import cn.org.bjca.gaia.asn1.gm.GMObjectIdentifiers;
import cn.org.bjca.gaia.asn1.pkcs.PKCSObjectIdentifiers;
import cn.org.bjca.gaia.asn1.x509.Certificate;
import cn.org.bjca.gaia.assemb.base.GaiaProvider;
import cn.org.bjca.gaia.assemb.cert.BjcaCert;
import cn.org.bjca.gaia.assemb.exception.ErrorCode;
import cn.org.bjca.gaia.assemb.exception.PkiException;
import cn.org.bjca.gaia.assemb.param.AlgPolicy;
import cn.org.bjca.gaia.assemb.param.BjcaKey;
import cn.org.bjca.gaia.assemb.param.SM3Param;

/* loaded from: input_file:cn/org/bjca/gaia/assemb/util/CertificateUtil.class */
public class CertificateUtil {
    private GaiaProvider provider;

    public CertificateUtil(GaiaProvider gaiaProvider) {
        this.provider = null;
        this.provider = gaiaProvider;
    }

    public static BjcaCert createCert(byte[] bArr) throws PkiException {
        return new BjcaCert(bArr);
    }

    public static Certificate convertToCertificate(byte[] bArr) throws PkiException {
        return Certificate.getInstance(ASN1Util.checkAndGetASN1Object(bArr));
    }

    public boolean validateCert(byte[] bArr, byte[] bArr2) throws PkiException {
        AlgPolicy algPolicy;
        AlgPolicy algPolicy2;
        BjcaKey bjcaKey;
        try {
            byte[] publicKeyData = new BjcaCert(bArr2).getPublicKeyData();
            Certificate certificate = Certificate.getInstance(ASN1Util.checkAndGetASN1Object(bArr));
            byte[] encoded = certificate.getTBSCertificate().getEncoded();
            byte[] bytes = certificate.getSignature().getBytes();
            String id = certificate.getSignatureAlgorithm().getAlgorithm().getId();
            if (id.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId())) {
                algPolicy = new AlgPolicy("SHA1");
                algPolicy2 = new AlgPolicy("SHA1WithRSA");
                bjcaKey = new BjcaKey(BjcaKey.RSA_PUB_KEY, publicKeyData);
            } else if (id.equals(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId())) {
                algPolicy = new AlgPolicy("SHA256");
                algPolicy2 = new AlgPolicy("SHA256WithRSA");
                bjcaKey = new BjcaKey(BjcaKey.RSA_PUB_KEY, publicKeyData);
            } else {
                if (!id.equals(GMObjectIdentifiers.sm2sign_with_sm3.getId())) {
                    throw new PkiException(ErrorCode.Cert.VILADATE_CERT, "验证证书失败 证书类型不支持");
                }
                algPolicy = new AlgPolicy("SM3", new SM3Param(publicKeyData));
                algPolicy2 = new AlgPolicy("SM3WithSM2");
                bjcaKey = new BjcaKey(BjcaKey.SM2_PUB_KEY, publicKeyData);
            }
            return this.provider.verifySignHashedData(algPolicy2, this.provider.hash(algPolicy, encoded), bytes, bjcaKey);
        } catch (Exception e) {
            throw new PkiException(ErrorCode.Cert.VILADATE_CERT, ErrorCode.Cert.VILADATE_CERT_DES, e);
        }
    }
}
