package code.ponfee.commons.jce.cert;

import java.security.SignatureException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;

/* loaded from: input_file:code/ponfee/commons/jce/cert/CertSignedVerifier.class */
public abstract class CertSignedVerifier {
    protected final X509Certificate rootCert;
    protected final X509CRL crl;
    protected final byte[] info;
    protected X509Certificate[] subjects;
    protected final List<byte[]> signedInfos = new ArrayList();
    private boolean verifySigned = true;

    /* JADX INFO: Access modifiers changed from: protected */
    public CertSignedVerifier(X509Certificate x509Certificate, X509CRL x509crl, byte[] bArr) {
        this.rootCert = x509Certificate;
        this.crl = x509crl;
        this.info = bArr;
    }

    public final void verify() {
        for (X509Certificate x509Certificate : this.subjects) {
            String certInfo = X509CertUtils.getCertInfo(x509Certificate, X509CertInfo.SUBJECT_CN);
            if (this.rootCert == null) {
                throw new SecurityException("[" + certInfo + "]的根证未受信任");
            }
            verifyCertDate(x509Certificate);
            verifyIssuingSign(x509Certificate, this.rootCert);
            if (this.crl != null) {
                verifyCrlRevoke(x509Certificate, this.crl);
            }
        }
        if (this.verifySigned) {
            verifySigned();
        }
    }

    public abstract void verifySigned();

    public static void verifyCertDate(X509Certificate x509Certificate) {
        String str = null;
        try {
            str = X509CertUtils.getCertInfo(x509Certificate, X509CertInfo.SUBJECT_CN);
            x509Certificate.checkValidity(new Date());
        } catch (CertificateExpiredException e) {
            throw new SecurityException("[" + str + "]已过期", e);
        } catch (CertificateNotYetValidException e2) {
            throw new SecurityException("[" + str + "]尚未生效", e2);
        }
    }

    public static void verifyIssuingSign(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        String str = null;
        try {
            str = X509CertUtils.getCertInfo(x509Certificate, X509CertInfo.SUBJECT_CN);
            x509Certificate.verify(x509Certificate2.getPublicKey());
        } catch (SignatureException e) {
            throw new SecurityException("[" + str + "]的根证未受信任", e);
        } catch (Exception e2) {
            throw new SecurityException("根证验签出错", e2);
        }
    }

    public static void verifyCrlRevoke(X509Certificate x509Certificate, X509CRL x509crl) {
        String certInfo = X509CertUtils.getCertInfo(x509Certificate, X509CertInfo.SUBJECT_CN);
        if (x509crl.isRevoked(x509Certificate)) {
            throw new SecurityException("[" + certInfo + "]已被吊销");
        }
    }

    public X509Certificate[] getSubjects() {
        return this.subjects;
    }

    public byte[] getInfo() {
        return this.info;
    }

    public List<byte[]> getSignedInfo() {
        return this.signedInfos;
    }

    public void setVerifySigned(boolean z) {
        this.verifySigned = z;
    }
}
