package com.huifu.saturn.cfca;

import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.lib.crypto.Session;
import cfca.sadk.util.Signature;
import cfca.sadk.x509.certificate.X509Cert;
import cfca.sadk.x509.certificate.X509CertVerifier;
import com.huifu.saturn.cfca.util.StringUtils;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huifu/saturn/cfca/CFCAVerify.class */
public class CFCAVerify {
    private static Logger logger = LoggerFactory.getLogger(CFCASignature.class);
    static X509Cert x509Cert = null;

    public static void verifyCerDate(X509Cert x509Cert2, String str) throws CFCAException {
        if (str != null) {
            if (X509CertVerifier.verifyCertDate(x509Cert2)) {
                logger.info("userX509Cert date is valid:" + x509Cert2.getNotBefore() + "---" + x509Cert2.getNotAfter());
            } else {
                logger.warn("Cert out of date:" + x509Cert2.getNotBefore() + "---" + x509Cert2.getNotAfter());
                throw new CFCAException(VerifyEnum.CERT_EXPRIED);
            }
        }
    }

    public static void verifyCer(X509Cert x509Cert2, String str) throws CFCAException {
        if (str != null) {
            try {
                if (x509Cert == null) {
                    x509Cert = new X509Cert(new FileInputStream(str));
                }
                X509CertVerifier.updateTrustCertsMap(x509Cert);
                if (!X509CertVerifier.validateCertSign(x509Cert2)) {
                    logger.warn("userX509Cert is wrong!");
                    throw new CFCAException(VerifyEnum.CERT_ILLEGAL);
                }
                logger.info("userX509Cert is right!");
            } catch (PKIException e) {
                logger.error("verifyCer error:", e);
                throw new CFCAException(VerifyEnum.FAILED);
            } catch (FileNotFoundException e2) {
                logger.error("verifyCer FileNotFoundException error:", e2);
                throw new CFCAException(VerifyEnum.FAILED);
            }
        }
    }

    public static void verifyCRL(X509Cert x509Cert2, String str) throws CFCAException {
        if (str != null) {
            try {
                if (!X509CertVerifier.verifyCertByCRLOutLine(x509Cert2, str)) {
                    logger.warn("userX509Cert is revoked in crl");
                    throw new CFCAException(VerifyEnum.CERT_REVOKED);
                }
                logger.info("userX509Cert is valid in crl");
            } catch (PKIException e) {
                logger.error("verifyCRL error:", e);
                throw new CFCAException(VerifyEnum.FAILED);
            }
        }
    }

    public static void verifyMer(Signature signature, String str, byte[] bArr) throws CFCAException {
        try {
            String subject = signature.getSignerX509CertFromP7SignData(bArr).getSubject();
            if (StringUtils.isBlank(str)) {
                logger.warn("merId is blank. merId=" + str);
                throw new CFCAException(VerifyEnum.MER_FAILED);
            }
            if (subject.contains(str)) {
                return;
            }
            logger.warn("subject not contains merId. subject=" + subject + ",merId=" + str);
            throw new CFCAException(VerifyEnum.MER_FAILED);
        } catch (PKIException e) {
            logger.error("verifyMer error:", e);
            throw new CFCAException(VerifyEnum.FAILED);
        }
    }

    public static VerifyResult verifyP7VerifyMessageAttach(Signature signature, byte[] bArr, Session session) throws CFCAException {
        try {
            if (!signature.p7VerifyMessageAttach(bArr, session)) {
                throw new CFCAException(VerifyEnum.SIGN_ERROR);
            }
            logger.info("p7 dig alg with verification: " + signature.getDigestAlgorithm());
            logger.info("p7 cert subject with verification:" + signature.getSignerCert().getSubject());
            logger.info("p7 signature: " + new String(Base64.encodeBase64(signature.getSignature())));
            logger.info("RSA P7 attach verify OK!");
            VerifyResult verifyResult = new VerifyResult(VerifyEnum.SUCCESS);
            verifyResult.setContent(signature.getSourceData());
            return verifyResult;
        } catch (PKIException e) {
            logger.error("verifyP7VerifyMessageAttach error:", e);
            throw new CFCAException(VerifyEnum.FAILED);
        }
    }
}
