package cn.eseals.certificate;

import cn.eseals.certificate.extensions.AuthorityKeyIdentifier;
import cn.eseals.crypto.ICryptoProvider;
import cn.eseals.crypto.IPrivateKey;
import cn.eseals.crypto.ISignature;
import cn.eseals.data.ex.DerEncoding;
import cn.eseals.data.ex.DerMember;
import cn.eseals.data.ex.DerObject;
import cn.eseals.security.spec.CommonAlgorithmId;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.X509Extension;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;

@DerObject
/* loaded from: input_file:cn/eseals/certificate/SignedObject.class */
public class SignedObject<T> {

    @DerMember(index = 0)
    private T toSign;

    @DerMember(index = 1)
    private CommonAlgorithmId signatureAlgorithm;

    @DerMember(index = 2)
    private byte[] signatureValue;

    public T getToSign() {
        return this.toSign;
    }

    public CommonAlgorithmId getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    public byte[] getSignatureValue() {
        return this.signatureValue;
    }

    public SignedObject(T t, CommonAlgorithmId commonAlgorithmId, byte[] bArr) {
        this.toSign = t;
        this.signatureAlgorithm = commonAlgorithmId;
        this.signatureValue = bArr;
    }

    public SignedObject() {
    }

    public String toString() {
        return "SignedObject [toSign=" + this.toSign + ", signatureAlgorithm=" + this.signatureAlgorithm + ", signatureValue=" + Arrays.toString(this.signatureValue) + "]";
    }

    public SignedObject(T t, IPrivateKey iPrivateKey) throws Exception {
        this.toSign = t;
        this.signatureAlgorithm = new CommonAlgorithmId(iPrivateKey.getAlgorithm());
        this.signatureAlgorithm = new CommonAlgorithmId(this.signatureAlgorithm.getHashedAlgorithm());
        ISignature createSigner = iPrivateKey.getProvider().createSigner(this.signatureAlgorithm.getAlgorithm());
        createSigner.initSign(iPrivateKey);
        createSigner.update(DerEncoding.encode(this.toSign));
        this.signatureValue = createSigner.sign();
    }

    public void verify(CertificateAuthority certificateAuthority) throws Exception {
        byte[] extensionValue;
        if (!(this.toSign instanceof IssuedObject)) {
            throw new Exception("无法确认其发行者。");
        }
        List<byte[]> list = null;
        AuthorityKeyIdentifier authorityKeyIdentifier = null;
        if ((this.toSign instanceof X509Extension) && (extensionValue = ((X509Extension) this.toSign).getExtensionValue("2.5.29.35")) != null && (certificateAuthority instanceof CertificateAuthority2)) {
            authorityKeyIdentifier = (AuthorityKeyIdentifier) DerEncoding.decode(extensionValue, AuthorityKeyIdentifier.class);
        }
        if (authorityKeyIdentifier == null || !(certificateAuthority instanceof CertificateAuthority2)) {
            list = certificateAuthority.getIssuer(((IssuedObject) this.toSign).getIssuer().getName());
        } else {
            byte[] issuer = ((CertificateAuthority2) certificateAuthority).getIssuer(((IssuedObject) this.toSign).getIssuer(), authorityKeyIdentifier);
            if (issuer != null) {
                list = new ArrayList(1);
                list.add(issuer);
            }
        }
        if (list == null || list.size() == 0) {
            throw new Exception("无法找到该吊销列表的颁发机构证书。");
        }
        Iterator<byte[]> it = list.iterator();
        while (it.hasNext()) {
            try {
                verify(new CommonCertificate(it.next()).getPublicKey());
                return;
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        throw new Exception("并非有效吊销列表，其颁发机构签名验证失败。");
    }

    public void verify(PublicKey publicKey) throws NoSuchAlgorithmException, SignatureException {
        try {
            ISignature createSigner = ICryptoProvider.getInstance("default").createSigner(this.signatureAlgorithm.getAlgorithm());
            try {
                createSigner.initVerify(publicKey.getEncoded());
                createSigner.update(DerEncoding.encode(this.toSign));
                createSigner.verify(this.signatureValue);
            } catch (Exception e) {
                throw new SignatureException("Signature verify failed.", e);
            }
        } catch (Exception e2) {
            throw new NoSuchAlgorithmException("不支持的算法类型：" + this.signatureAlgorithm.getAlgorithm(), e2);
        }
    }
}
