package com.citicbank.baselib.crypto.protocol;

import cfca.sadk.lib.crypto.Session;
import cfca.sadk.lib.crypto.bcsoft.BCSoftLib;
import cfca.sadk.org.bouncycastle.cms.CMSSignedData;
import cfca.sadk.org.bouncycastle.jce.provider.BouncyCastleProvider;
import cfca.sadk.org.bouncycastle.util.encoders.Base64;
import com.citicbank.baselib.crypto.exception.PKCS7SignatureException;
import com.citicbank.baselib.crypto.exception.TimeStampException;
import com.citicbank.baselib.crypto.util.BytesUtil;
import com.citicbank.baselib.crypto.util.CryptUtil;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.PrivateKey;
import java.security.Security;
import java.util.Date;

/* loaded from: input_file:com/citicbank/baselib/crypto/protocol/TimeStamp.class */
public class TimeStamp {
    private static long INTERVAL_TIME = 600000;
    private static Session session;

    public static byte[] makeTimeStamp(byte[] bArr, String str, String str2, long j) throws TimeStampException {
        PrivateKey privateKey = null;
        try {
            java.security.cert.X509Certificate generateX509Certificate = CryptUtil.generateX509Certificate(Base64.decode(str.getBytes()));
            String sigAlgName = generateX509Certificate.getSigAlgName();
            if (sigAlgName.indexOf("RSA") > 0) {
                privateKey = CryptUtil.generatePrivateKey(Base64.decode(str2.getBytes()), "RSA");
            } else if (sigAlgName.indexOf("SM2") > 0) {
                privateKey = CryptUtil.generatePrivateKey(Base64.decode(str2.getBytes()), "SM2");
            }
            return makeTimeStamp(bArr, generateX509Certificate, privateKey, j);
        } catch (Exception e) {
            throw new TimeStampException("无效数字证书", e);
        }
    }

    public static byte[] makeTimeStamp(byte[] bArr, String str, String str2) throws TimeStampException {
        return makeTimeStamp(bArr, str, str2, INTERVAL_TIME);
    }

    public static byte[] makeTimeStamp(byte[] bArr, java.security.cert.X509Certificate x509Certificate, PrivateKey privateKey, long j) throws TimeStampException {
        if (privateKey == null) {
            throw new TimeStampException("无效签名私钥");
        }
        if (bArr == null) {
            bArr = "".getBytes();
        }
        ByteArrayOutputStream byteArrayOutputStream = null;
        try {
            try {
                byteArrayOutputStream = new ByteArrayOutputStream();
                String valueOf = String.valueOf(new Date().getTime());
                String valueOf2 = String.valueOf(new Date().getTime() + j);
                byteArrayOutputStream.write(BytesUtil.intToBytes(bArr.length));
                byteArrayOutputStream.write(bArr);
                byteArrayOutputStream.write(BytesUtil.intToBytes(valueOf.length()));
                byteArrayOutputStream.write(valueOf.getBytes());
                byteArrayOutputStream.write(BytesUtil.intToBytes(valueOf2.length()));
                byteArrayOutputStream.write(valueOf2.getBytes());
                byte[] sign = PKCS7Signature.sign(byteArrayOutputStream.toByteArray(), privateKey, x509Certificate, null, true);
                if (byteArrayOutputStream != null) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Exception e) {
                    }
                }
                return sign;
            } catch (Exception e2) {
                throw new TimeStampException("签名失败", e2);
            }
        } catch (Throwable th) {
            if (byteArrayOutputStream != null) {
                try {
                    byteArrayOutputStream.close();
                } catch (Exception e3) {
                    throw th;
                }
            }
            throw th;
        }
    }

    public static byte[] makeTimeStamp(byte[] bArr, java.security.cert.X509Certificate x509Certificate, PrivateKey privateKey) throws TimeStampException {
        return makeTimeStamp(bArr, x509Certificate, privateKey, INTERVAL_TIME);
    }

    public static boolean verifyTimeStamp(byte[] bArr, String str, String str2) throws TimeStampException {
        return verifyTimeStamp(bArr, str);
    }

    public static boolean verifyTimeStamp(byte[] bArr, String str) throws TimeStampException {
        try {
            return verifyTimeStamp(bArr, CryptUtil.generateX509Certificate(Base64.decode(str.getBytes())));
        } catch (Exception e) {
            throw new TimeStampException("无效数字证书", e);
        }
    }

    public static boolean verifyTimeStamp(byte[] bArr, java.security.cert.X509Certificate x509Certificate, PrivateKey privateKey) throws TimeStampException {
        return verifyTimeStamp(bArr, x509Certificate);
    }

    public static boolean verifyTimeStamp(byte[] bArr, java.security.cert.X509Certificate x509Certificate) throws TimeStampException {
        if (x509Certificate == null) {
            throw new TimeStampException("无效签名数字证书");
        }
        try {
            PKCS7Signature.verifyAttachedSignature(bArr, x509Certificate.getPublicKey());
            ByteArrayInputStream byteArrayInputStream = null;
            try {
                try {
                    try {
                        byteArrayInputStream = new ByteArrayInputStream((byte[]) new CMSSignedData(bArr).getSignedContent().getContent());
                        byte[] bArr2 = new byte[4];
                        byteArrayInputStream.read(bArr2);
                        byteArrayInputStream.read(new byte[BytesUtil.bytesToInt(bArr2)]);
                        byteArrayInputStream.read(bArr2);
                        byteArrayInputStream.read(new byte[BytesUtil.bytesToInt(bArr2)]);
                        byteArrayInputStream.read(bArr2);
                        byte[] bArr3 = new byte[BytesUtil.bytesToInt(bArr2)];
                        byteArrayInputStream.read(bArr3);
                        if (new Date().getTime() > Long.parseLong(new String(bArr3))) {
                            throw new TimeStampException("时间戳已经过期!");
                        }
                        if (byteArrayInputStream != null) {
                            try {
                                byteArrayInputStream.close();
                            } catch (Exception e) {
                            }
                        }
                        return true;
                    } catch (Throwable th) {
                        if (byteArrayInputStream != null) {
                            try {
                                byteArrayInputStream.close();
                            } catch (Exception e2) {
                                throw th;
                            }
                        }
                        throw th;
                    }
                } catch (Exception e3) {
                    throw new TimeStampException("无效的时间戳!", e3);
                }
            } catch (TimeStampException e4) {
                throw e4;
            }
        } catch (PKCS7SignatureException e5) {
            throw new TimeStampException(e5.getMessage());
        }
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        session = null;
        if (session == null) {
            session = new BCSoftLib();
        }
    }
}
