package cn.eseals.certificate;

import cn.eseals.certificate.extensions.AuthorityKeyIdentifier;
import cn.eseals.data.ex.DerMember;
import cn.eseals.data.ex.DerObject;
import cn.eseals.security.spec.CommonAlgorithmId;
import java.math.BigInteger;
import java.security.cert.X509Extension;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

@DerObject
/* loaded from: input_file:cn/eseals/certificate/CertificateRevocationList.class */
public class CertificateRevocationList implements X509Extension, IssuedObject {

    @DerMember(index = 0, defaultValue = "0")
    private int vesion;

    @DerMember(index = 1)
    private CommonAlgorithmId signatureAlgorithm;

    @DerMember(index = 2)
    private X509Principal issuer;

    @DerMember(index = 3)
    private Date thisUpdate;

    @DerMember(index = 4)
    private Date nextUpdate;

    @DerMember(index = 5)
    private List<CertificateRevocationEntry> revokedCertificates;

    @DerMember(index = 6, optional = true, contextSpecific = DerMember.EXPLICIT)
    private List<Extension> crlExtensions;

    public int getVesion() {
        return this.vesion;
    }

    public CommonAlgorithmId getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    @Override // cn.eseals.certificate.IssuedObject
    public X509Principal getIssuer() {
        return this.issuer;
    }

    public Date getThisUpdate() {
        return this.thisUpdate;
    }

    public Date getNextUpdate() {
        return this.nextUpdate;
    }

    public List<CertificateRevocationEntry> getRevokedCertificates() {
        return this.revokedCertificates;
    }

    public List<Extension> getCrlExtensions() {
        return this.crlExtensions;
    }

    public String toString() {
        return "CertificateRevocationList [vesion=" + this.vesion + ", signatureAlgorithm=" + this.signatureAlgorithm + ", issuer=" + this.issuer + ", thisUpdate=" + this.thisUpdate + ", nextUpdate=" + this.nextUpdate + ", revokedCertificates=" + this.revokedCertificates + ", crlExtensions=" + this.crlExtensions + "]";
    }

    public CertificateRevocationList() {
        this.vesion = 1;
    }

    public CertificateRevocationList(CommonCertificate commonCertificate, Date date, List<CertificateRevocationEntry> list, List<Extension> list2) throws Exception {
        this.vesion = 1;
        this.signatureAlgorithm = new CommonAlgorithmId(commonCertificate.getSignatureAlgorithm().getHashedAlgorithm());
        this.issuer = (X509Principal) commonCertificate.getSubjectDN();
        this.thisUpdate = new Date();
        this.nextUpdate = date;
        this.revokedCertificates = list;
        this.crlExtensions = list2;
        byte[] subjectKeyIdentifier = commonCertificate.getSubjectKeyIdentifier();
        if (subjectKeyIdentifier != null) {
            if (this.crlExtensions == null) {
                this.crlExtensions = new ArrayList();
            }
            this.crlExtensions.add(new AuthorityKeyIdentifier.AuthorityKeyIdentifierExtension(new AuthorityKeyIdentifier(subjectKeyIdentifier)));
        }
    }

    @Override // java.security.cert.X509Extension
    public Set<String> getCriticalExtensionOIDs() {
        HashSet hashSet = new HashSet();
        for (Extension extension : this.crlExtensions) {
            if (extension.isCritical()) {
                hashSet.add(extension.getExtensionId().toString());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        if (this.crlExtensions == null) {
            return null;
        }
        for (Extension extension : this.crlExtensions) {
            if (extension.getExtensionId().toString().equals(str)) {
                return extension.getExtensionValue();
            }
        }
        return null;
    }

    @Override // java.security.cert.X509Extension
    public Set<String> getNonCriticalExtensionOIDs() {
        HashSet hashSet = new HashSet();
        for (Extension extension : this.crlExtensions) {
            if (!extension.isCritical()) {
                hashSet.add(extension.getExtensionId().toString());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        return false;
    }

    public boolean verify(BigInteger bigInteger, Date date) {
        for (CertificateRevocationEntry certificateRevocationEntry : this.revokedCertificates) {
            if (certificateRevocationEntry.getUserCertificateSerial().equals(bigInteger)) {
                return certificateRevocationEntry.getRevocationDate().after(date);
            }
        }
        return true;
    }
}
