package cn.org.bjca.gaia.assemb.util;

import cn.org.bjca.gaia.asn1.ASN1ObjectIdentifier;
import cn.org.bjca.gaia.asn1.ASN1Sequence;
import cn.org.bjca.gaia.asn1.cmp.PKIStatus;
import cn.org.bjca.gaia.asn1.cmp.PKIStatusInfo;
import cn.org.bjca.gaia.asn1.cms.ContentInfo;
import cn.org.bjca.gaia.asn1.tsp.TimeStampResp;
import cn.org.bjca.gaia.asn1.x509.Certificate;
import cn.org.bjca.gaia.assemb.base.GaiaProvider;
import cn.org.bjca.gaia.assemb.cert.BjcaCert;
import cn.org.bjca.gaia.assemb.constant.AlgConstant;
import cn.org.bjca.gaia.assemb.exception.ErrorCode;
import cn.org.bjca.gaia.assemb.exception.PkiException;
import cn.org.bjca.gaia.assemb.generator.TsGenerator;
import cn.org.bjca.gaia.assemb.generator.TsReqGenerator;
import cn.org.bjca.gaia.assemb.param.AlgPolicy;
import cn.org.bjca.gaia.assemb.param.BjcaKey;
import cn.org.bjca.gaia.assemb.param.SM3Param;
import cn.org.bjca.gaia.assemb.structure.BjcaTimeStamp;
import cn.org.bjca.gaia.tsp.TSPAlgorithms;
import cn.org.bjca.gaia.tsp.TimeStampRequest;
import cn.org.bjca.gaia.tsp.TimeStampRequestGenerator;
import cn.org.bjca.gaia.util.Arrays;
import cn.org.bjca.gaia.util.encoders.Base64;
import java.math.BigInteger;
import java.util.Date;

/* loaded from: input_file:cn/org/bjca/gaia/assemb/util/TimeStampUtil.class */
public class TimeStampUtil {
    private GaiaProvider provider;

    public TimeStampUtil(GaiaProvider gaiaProvider) {
        this.provider = null;
        this.provider = gaiaProvider;
    }

    public byte[] createTsReq(AlgPolicy algPolicy, byte[] bArr, boolean z) throws PkiException {
        String policyType = algPolicy.getPolicyType();
        if (policyType.equals("SHA1") || policyType.equals("SHA256") || policyType.equals("SM3")) {
            return createTsReqByHash(algPolicy, this.provider.hash(algPolicy, bArr), z);
        }
        throw new PkiException(ErrorCode.Tsp.CREAT_TS_REQ, "产生时间戳请求失败不支持的算法类型 " + policyType);
    }

    public byte[] createTsReqByHash(AlgPolicy algPolicy, byte[] bArr, boolean z) throws PkiException {
        byte[] encoded;
        String policyType = algPolicy.getPolicyType();
        if (!policyType.equals("SHA1") && !policyType.equals("SHA256") && !policyType.equals("SM3")) {
            throw new PkiException(ErrorCode.Tsp.CREAT_TS_REQ, "产生时间戳请求失败不支持的算法类型 " + policyType);
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier = null;
        if (policyType.equals("SHA1")) {
            aSN1ObjectIdentifier = TSPAlgorithms.SHA1;
        } else if (policyType.equals("SHA256")) {
            aSN1ObjectIdentifier = TSPAlgorithms.SHA256;
        } else if (policyType.equals("SM3")) {
            aSN1ObjectIdentifier = TSPAlgorithms.SM3;
        }
        if (policyType.equals("SM3")) {
            try {
                encoded = new TsReqGenerator().generate(aSN1ObjectIdentifier, bArr, z);
            } catch (Exception e) {
                throw new PkiException(ErrorCode.Tsp.CREAT_TS_REQ, "产生时间戳请求失败 " + policyType, e);
            }
        } else {
            TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
            timeStampRequestGenerator.setCertReq(z);
            try {
                encoded = timeStampRequestGenerator.generate(aSN1ObjectIdentifier, bArr, BigInteger.valueOf(System.currentTimeMillis())).getEncoded();
            } catch (Exception e2) {
                throw new PkiException(ErrorCode.Tsp.CREAT_TS_REQ, "产生时间戳请求失败 " + policyType, e2);
            }
        }
        return encoded;
    }

    public byte[] createTsResp(AlgPolicy algPolicy, BjcaKey bjcaKey, byte[] bArr, String str) throws PkiException {
        return createTsResp(algPolicy, bjcaKey, bArr, str, new Date());
    }

    public byte[] createTsResp(AlgPolicy algPolicy, BjcaKey bjcaKey, byte[] bArr, String str, Date date) throws PkiException {
        String policyType = algPolicy.getPolicyType();
        if (!policyType.equals("SM3WithSM2") && !policyType.equals("SHA256WithRSA") && !policyType.equals("SHA1WithRSA")) {
            throw new PkiException(ErrorCode.Tsp.CREAT_TS_RESP, "根据时间戳请求产生时间戳失败 不支持的算法类型 " + policyType);
        }
        try {
            TimeStampRequest convertReqToStandardReq = policyType.equals("SM3WithSM2") ? new TsReqGenerator().convertReqToStandardReq(bArr) : new TimeStampRequest(bArr);
            String convertOidToAlgName = AlgConstant.convertOidToAlgName(convertReqToStandardReq.getMessageImprintAlgOID());
            String convertSignAlgToHashAlg = AlgConstant.convertSignAlgToHashAlg(policyType);
            if (!convertOidToAlgName.equals(convertSignAlgToHashAlg)) {
                throw new PkiException(ErrorCode.Tsp.CREAT_TS_RESP, "根据时间戳请求产生时间戳失败 请求中摘要算法与策略中传入摘要算法不一致，policy hashAlg =" + convertSignAlgToHashAlg + ", req hashAlg = " + convertOidToAlgName);
            }
            byte[] decode = Base64.decode(str);
            TsGenerator tsGenerator = new TsGenerator(convertReqToStandardReq, new Certificate[]{Certificate.getInstance(ASN1Util.checkAndGetASN1Object(decode))}, date);
            byte[] timeStampInfo = tsGenerator.getTimeStampInfo();
            String convertSignAlgToHashAlg2 = AlgConstant.convertSignAlgToHashAlg(algPolicy.getPolicyType());
            AlgPolicy algPolicy2 = new AlgPolicy(convertSignAlgToHashAlg2);
            byte[] assembAttr = tsGenerator.assembAttr(this.provider.hash(algPolicy2, timeStampInfo), this.provider.hash(new AlgPolicy("SHA1"), decode));
            if (convertSignAlgToHashAlg2.equals("SM3")) {
                algPolicy2.setParam(new SM3Param(new BjcaCert(decode).getPublicKeyData()));
            }
            return tsGenerator.getEncoded(this.provider.signHashedData(algPolicy, this.provider.hash(algPolicy2, assembAttr), bjcaKey));
        } catch (Exception e) {
            throw new PkiException(ErrorCode.Tsp.CREAT_TS_RESP, "根据时间戳请求产生时间戳失败 " + policyType, e);
        }
    }

    public byte[] createTsRespCMS(AlgPolicy algPolicy, BjcaKey bjcaKey, byte[] bArr, String str, Date date) throws PkiException {
        try {
            return new TimeStampResp(new PKIStatusInfo(PKIStatus.granted), new ContentInfo(ASN1Sequence.getInstance(createTsResp(algPolicy, bjcaKey, bArr, str, date)))).getEncoded("DER");
        } catch (PkiException e) {
            throw e;
        } catch (Exception e2) {
            throw new PkiException(ErrorCode.Tsp.CREAT_TS_RESP, "根据时间戳请求产生时间戳失败 " + algPolicy.getPolicyType(), e2);
        }
    }

    public byte[] createTsRespCMS(AlgPolicy algPolicy, BjcaKey bjcaKey, byte[] bArr, String str) throws PkiException {
        return createTsRespCMS(algPolicy, bjcaKey, bArr, str, new Date());
    }

    public int verifyCMSTs(byte[] bArr, byte[] bArr2, String str) throws PkiException {
        try {
            return verifyTs(bArr, TimeStampResp.getInstance(bArr2).getTimeStampToken().getEncoded("DER"), str);
        } catch (PkiException e) {
            throw e;
        } catch (Exception e2) {
            throw new PkiException(ErrorCode.Tsp.VERIFY_TS_RESP, ErrorCode.Tsp.VERIFY_TS_RESP_DES, e2);
        }
    }

    public int verifyTs(byte[] bArr, byte[] bArr2, String str) throws PkiException {
        byte[] bArr3;
        BjcaTimeStamp parseTsStructure = parseTsStructure(bArr2);
        byte[] signCert = parseTsStructure.getSignCert();
        if (signCert != null) {
            bArr3 = signCert;
        } else {
            if (str == null) {
                throw new PkiException(ErrorCode.Tsp.VERIFY_TS_RESP, "验证时间戳失败, verify timeStamp fail, need a signCert!");
            }
            bArr3 = Base64.decode(str);
        }
        byte[] attribute = parseTsStructure.getAttribute();
        byte[] signValue = parseTsStructure.getSignValue();
        byte[] hashFromTst = parseTsStructure.getHashFromTst();
        String hashAlg = parseTsStructure.getHashAlg();
        AlgPolicy algPolicy = new AlgPolicy(hashAlg);
        if (!Arrays.areEqual(this.provider.hash(algPolicy, bArr), hashFromTst)) {
            return -2;
        }
        BjcaCert bjcaCert = new BjcaCert(bArr3);
        if (hashAlg.equals("SM3")) {
            algPolicy.setParam(new SM3Param(bjcaCert.getPublicKeyData()));
        }
        if (!this.provider.verifySignHashedData(new AlgPolicy(AlgConstant.convertHashAlgToSignAlg(hashAlg)), this.provider.hash(algPolicy, attribute), signValue, bjcaCert.getPublicKey())) {
            return -1;
        }
        Date signTime = parseTsStructure.getSignTime();
        Date notBefore = bjcaCert.getNotBefore();
        Date notAfter = bjcaCert.getNotAfter();
        if (signTime.before(notBefore)) {
            return -3;
        }
        return signTime.after(notAfter) ? -4 : 1;
    }

    public int verifyCMSTsByHash(byte[] bArr, byte[] bArr2, String str) throws PkiException {
        try {
            return verifyTsByHash(bArr, TimeStampResp.getInstance(bArr2).getTimeStampToken().getEncoded("DER"), str);
        } catch (PkiException e) {
            throw e;
        } catch (Exception e2) {
            throw new PkiException(ErrorCode.Tsp.VERIFY_TS_RESP, ErrorCode.Tsp.VERIFY_TS_RESP_DES, e2);
        }
    }

    public int verifyTsByHash(byte[] bArr, byte[] bArr2, String str) throws PkiException {
        byte[] bArr3;
        BjcaTimeStamp parseTsStructure = parseTsStructure(bArr2);
        byte[] signCert = parseTsStructure.getSignCert();
        if (signCert != null) {
            bArr3 = signCert;
        } else {
            if (str == null) {
                throw new PkiException(ErrorCode.Tsp.VERIFY_TS_RESP, "验证时间戳失败, verify timeStamp fail, need a signCert!");
            }
            bArr3 = Base64.decode(str);
        }
        byte[] attribute = parseTsStructure.getAttribute();
        byte[] signValue = parseTsStructure.getSignValue();
        byte[] hashFromTst = parseTsStructure.getHashFromTst();
        String hashAlg = parseTsStructure.getHashAlg();
        AlgPolicy algPolicy = new AlgPolicy(hashAlg);
        if (!Arrays.areEqual(bArr, hashFromTst)) {
            return -2;
        }
        BjcaCert bjcaCert = new BjcaCert(bArr3);
        if (hashAlg.equals("SM3")) {
            algPolicy.setParam(new SM3Param(bjcaCert.getPublicKeyData()));
        }
        if (!this.provider.verifySignHashedData(new AlgPolicy(AlgConstant.convertHashAlgToSignAlg(hashAlg)), this.provider.hash(algPolicy, attribute), signValue, bjcaCert.getPublicKey())) {
            return -1;
        }
        Date signTime = parseTsStructure.getSignTime();
        Date notBefore = bjcaCert.getNotBefore();
        Date notAfter = bjcaCert.getNotAfter();
        if (signTime.before(notBefore)) {
            return -3;
        }
        return signTime.after(notAfter) ? -4 : 1;
    }

    public BjcaTimeStamp parseTsStructure(byte[] bArr) throws PkiException {
        return new BjcaTimeStamp(bArr);
    }
}
