package cn.tdchain.tdmsp.manage;

import cn.tdchain.cipher.rsa.RsaUtil;
import cn.tdchain.cipher.sm.Sm2Util;
import cn.tdchain.tdmsp.ca.config.TdMSPMsg;
import cn.tdchain.tdmsp.util.EccUtil;
import cn.tdchain.tdmsp.util.PkiConstant;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;

/* loaded from: input_file:cn/tdchain/tdmsp/manage/TdMSPIdentity.class */
public class TdMSPIdentity {
    public TdMSPMsg validate(String str, String str2, X509Certificate x509Certificate, String str3, TdMSPAcl tdMSPAcl, X509Certificate x509Certificate2, String str4) {
        new TdMSPMsg();
        TdMSPMsg validateCert = validateCert(x509Certificate2, x509Certificate);
        if (validateCert.getType() != 0) {
            return validateCert;
        }
        TdMSPMsg verifySignMsg = verifySignMsg(str, str2, x509Certificate, str4);
        if (verifySignMsg.getType() != 0) {
            return verifySignMsg;
        }
        TdMSPMsg checkCRL = checkCRL(tdMSPAcl, x509Certificate);
        if (checkCRL.getType() != 0) {
            return checkCRL;
        }
        String oUFromCert = getOUFromCert(x509Certificate);
        TdMSPMsg checkOU = checkOU(tdMSPAcl, oUFromCert);
        if (checkOU.getType() != 0) {
            return checkOU;
        }
        TdMSPMsg checkAcl = checkAcl(tdMSPAcl, str3, oUFromCert);
        return checkAcl.getType() != 0 ? checkAcl : checkAcl;
    }

    public TdMSPMsg checkAcl(TdMSPAcl tdMSPAcl, String str, String str2) {
        TdMSPMsg tdMSPMsg = new TdMSPMsg();
        tdMSPMsg.setType(3);
        tdMSPMsg.setMessage("No matching organization Unit");
        ArrayList<Policies> policiesList = tdMSPAcl.getPoliciesList();
        ArrayList<String> policiesByMethod = getPoliciesByMethod(tdMSPAcl, str);
        if (null == policiesByMethod) {
            tdMSPMsg.setType(2);
            tdMSPMsg.setMessage("getPoliciesByMethod is null");
            return tdMSPMsg;
        }
        for (int i = 0; i < policiesByMethod.size(); i++) {
            String str3 = policiesByMethod.get(i);
            for (int i2 = 0; i2 < policiesList.size(); i2++) {
                Policies policies = policiesList.get(i2);
                if (str3.equals(policies.getPoliciesName()) && policies.getPoliciesList().contains(str2)) {
                    tdMSPMsg.setType(0);
                    tdMSPMsg.setMessage("SUCESS");
                    return tdMSPMsg;
                }
            }
        }
        return tdMSPMsg;
    }

    public ArrayList<String> getPoliciesByMethod(TdMSPAcl tdMSPAcl, String str) {
        HashMap<String, ArrayList<String>> aclMap = tdMSPAcl.getAclMap();
        if (null == aclMap) {
            return null;
        }
        return aclMap.get(str);
    }

    public TdMSPMsg checkOU(TdMSPAcl tdMSPAcl, String str) {
        TdMSPMsg tdMSPMsg = new TdMSPMsg();
        if (tdMSPAcl.getOuList().contains(str)) {
            tdMSPMsg.setType(0);
            tdMSPMsg.setMessage("SUCESS");
        } else {
            tdMSPMsg.setType(1);
            tdMSPMsg.setMessage("The certificate Organization Unit Non-existent ");
        }
        return tdMSPMsg;
    }

    public TdMSPMsg checkOU(TdMSPAcl tdMSPAcl, X509Certificate x509Certificate) {
        TdMSPMsg tdMSPMsg = new TdMSPMsg();
        if (tdMSPAcl.getOuList().contains(getOUFromCert(x509Certificate))) {
            tdMSPMsg.setType(0);
            tdMSPMsg.setMessage("SUCESS");
        } else {
            tdMSPMsg.setType(1);
            tdMSPMsg.setMessage("The certificate Organization Unit Non-existent ");
        }
        return tdMSPMsg;
    }

    public String getOUFromCert(X509Certificate x509Certificate) {
        String str = x509Certificate.getSubjectX500Principal().getName().split("OU=")[1];
        return str.substring(0, str.indexOf(","));
    }

    public TdMSPMsg checkCRL(TdMSPAcl tdMSPAcl, X509Certificate x509Certificate) {
        TdMSPMsg tdMSPMsg = new TdMSPMsg();
        if (tdMSPAcl.getCrlList().contains(x509Certificate.getSerialNumber().toString())) {
            tdMSPMsg.setType(1);
            tdMSPMsg.setMessage("The certificate was revoked");
        } else {
            tdMSPMsg.setType(0);
            tdMSPMsg.setMessage("SUCESS");
        }
        return tdMSPMsg;
    }

    public TdMSPMsg verifySignMsg(String str, String str2, X509Certificate x509Certificate, String str3) {
        boolean verify;
        TdMSPMsg tdMSPMsg = new TdMSPMsg();
        if (PkiConstant.RSA.equals(str3)) {
            try {
                verify = RsaUtil.verify(x509Certificate.getPublicKey(), str2, str);
            } catch (Exception e) {
                throw new RuntimeException(e.getMessage());
            }
        } else if (PkiConstant.SM2.equals(str3)) {
            verify = Sm2Util.verify(x509Certificate.getPublicKey(), str2, str);
        } else {
            if (!PkiConstant.ECC.equals(str3)) {
                tdMSPMsg.setType(1);
                tdMSPMsg.setMessage("it won't support this cipherType ");
                return tdMSPMsg;
            }
            verify = EccUtil.verify(str, str2, x509Certificate.getPublicKey());
        }
        if (verify) {
            tdMSPMsg.setType(0);
            tdMSPMsg.setMessage("SUCESS");
        } else {
            tdMSPMsg.setType(1);
            tdMSPMsg.setMessage("verifySignMsg faiure");
        }
        return tdMSPMsg;
    }

    public TdMSPMsg validateCert(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        TdMSPMsg tdMSPMsg = new TdMSPMsg();
        try {
            try {
                try {
                    try {
                        try {
                            x509Certificate2.verify(x509Certificate.getPublicKey());
                            tdMSPMsg.setType(0);
                            tdMSPMsg.setMessage("SUCESS");
                            return tdMSPMsg;
                        } catch (CertificateException e) {
                            tdMSPMsg.setType(2);
                            tdMSPMsg.setMessage(e.getMessage());
                            return tdMSPMsg;
                        }
                    } catch (InvalidKeyException e2) {
                        tdMSPMsg.setType(1);
                        tdMSPMsg.setMessage(e2.getMessage());
                        return tdMSPMsg;
                    }
                } catch (SignatureException e3) {
                    tdMSPMsg.setType(5);
                    tdMSPMsg.setMessage(e3.getMessage());
                    return tdMSPMsg;
                }
            } catch (NoSuchAlgorithmException e4) {
                tdMSPMsg.setType(3);
                tdMSPMsg.setMessage(e4.getMessage());
                return tdMSPMsg;
            } catch (NoSuchProviderException e5) {
                tdMSPMsg.setType(4);
                tdMSPMsg.setMessage(e5.getMessage());
                return tdMSPMsg;
            }
        } catch (Throwable th) {
            return tdMSPMsg;
        }
    }
}
