package cfca.sadk.timestamp.client;

import cfca.sadk.timestamp.client.conf.TscAuthInfoConf;
import cfca.sadk.timestamp.exception.TSAErrorCode;
import cfca.sadk.timestamp.exception.TSAException;
import cfca.sadk.timestamp.exception.TSAVerifiedException;
import cfca.sadk.timestamp.exception.TSAVerifiedSubCode;
import cfca.sadk.x509.certificate.X509CRLFile;
import cfca.sadk.x509.certificate.X509Cert;
import java.io.File;
import java.text.SimpleDateFormat;
import java.util.Date;
import org.apache.http.util.Args;

/* loaded from: input_file:cfca/sadk/timestamp/client/BusinessTrustCerts.class */
public final class BusinessTrustCerts {
    private static final int CRL_CACHE_FILE_SIZE = 5120000;
    private X509CRLFile x509CRL;
    private X509Cert trustCert;

    /* JADX INFO: Access modifiers changed from: package-private */
    public BusinessTrustCerts(TscAuthInfoConf tscAuthInfoConf) throws TSAException {
        Args.notNull(tscAuthInfoConf, "authInfoConf");
        setTrustCertPath(tscAuthInfoConf.getBusinessTrustCertPath());
        setTrustCRLPath(tscAuthInfoConf.getBusinessTrustCRLPath());
    }

    BusinessTrustCerts(String str, String str2) throws TSAException {
        setTrustCertPath(str);
        setTrustCRLPath(str2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final boolean verifyCertSignature(X509Cert x509Cert) throws TSAVerifiedException {
        boolean z;
        if (x509Cert == null || this.trustCert == null) {
            z = true;
        } else {
            try {
                z = x509Cert.verify(this.trustCert.getPublicKey());
            } catch (Exception e) {
                throw new TSAVerifiedException(TSAVerifiedSubCode.timestampSignedCertSignatureInvalid, "x509Cert signature verify failure: " + e.getMessage(), e);
            }
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final boolean verifyCertValidate(X509Cert x509Cert, boolean z) throws TSAVerifiedException {
        Date date = new Date();
        boolean z2 = false;
        if (x509Cert != null) {
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSSZ");
            if (x509Cert.getNotBefore().after(date)) {
                throw new TSAVerifiedException(TSAVerifiedSubCode.timestampSignedCertValidateInvalid, String.format("x509Cert validate notBefore invalid: {signerCert=%s, nowTime=%s}", simpleDateFormat.format(x509Cert.getNotBefore()), simpleDateFormat.format(date)));
            }
            if (x509Cert.getNotAfter().before(date)) {
                throw new TSAVerifiedException(TSAVerifiedSubCode.timestampSignedCertValidateInvalid, String.format("x509Cert validate notAfter invalid: {signerCert=%s, nowTime=%s}", simpleDateFormat.format(x509Cert.getNotAfter()), simpleDateFormat.format(date)));
            }
            if (!z || x509Cert == null || this.trustCert == null) {
                z2 = true;
            } else {
                if (x509Cert.getNotBefore().before(this.trustCert.getNotBefore())) {
                    throw new TSAVerifiedException(TSAVerifiedSubCode.timestampSignedCertValidateInvalid, String.format("x509Cert validate notBefore invalid: {signerCert=%s, trustCert=%s}", simpleDateFormat.format(x509Cert.getNotBefore()), simpleDateFormat.format(this.trustCert.getNotBefore())));
                }
                if (x509Cert.getNotAfter().after(this.trustCert.getNotAfter())) {
                    throw new TSAVerifiedException(TSAVerifiedSubCode.timestampSignedCertValidateInvalid, String.format("x509Cert validate notAfter invalid: {signerCert=%s, trustCert=%s}", simpleDateFormat.format(x509Cert.getNotAfter()), simpleDateFormat.format(this.trustCert.getNotAfter())));
                }
                z2 = true;
            }
        }
        return z2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final boolean isRevoke(X509Cert x509Cert) throws TSAVerifiedException {
        boolean z;
        if (x509Cert == null || this.x509CRL == null) {
            z = false;
        } else {
            try {
                z = this.x509CRL.isRevoke(x509Cert.getSerialNumber());
            } catch (Exception e) {
                throw new TSAVerifiedException(TSAVerifiedSubCode.timestampSignedCertRevokeStatusInvalid, "x509Cert check revoked failure: " + e.getMessage(), e);
            }
        }
        return z;
    }

    public final void setTrustCert(X509Cert x509Cert) {
        this.trustCert = x509Cert;
    }

    public final void setTrustCertPath(String str) throws TSAException {
        X509Cert x509Cert = null;
        if (str != null && str.length() != 0) {
            File file = new File(str);
            if (!file.exists() || !file.isFile()) {
                throw new TSAException(TSAErrorCode.businessTrustCertFileInvalid, "trustCertFile " + file + " invalid!!!");
            }
            try {
                x509Cert = new X509Cert(str);
            } catch (Exception e) {
                throw new TSAException(TSAErrorCode.businessTrustCertFileInvalid, "trustCertFile " + file + " invalid: " + e.getMessage(), e);
            }
        }
        this.trustCert = x509Cert;
    }

    public final void setTrustCRL(X509CRLFile x509CRLFile) {
        this.x509CRL = x509CRLFile;
    }

    public final void setTrustCRLPath(String str) throws TSAException {
        if (str == null || str.length() == 0) {
            return;
        }
        File file = new File(str);
        if (!file.exists() || !file.isFile()) {
            throw new TSAException(TSAErrorCode.businessTrustCertFileInvalid, "trustCRLFile " + file + " invalid!!!");
        }
        try {
            this.x509CRL = new X509CRLFile(str, file.length() < 5120000);
        } catch (Exception e) {
            throw new TSAException(TSAErrorCode.businessTrustCertFileInvalid, "trustCRLFile " + file + " invalid: " + e.getMessage(), e);
        }
    }
}
