package cn.topca.api.cert;

import cn.topca.security.x509.AlgorithmId;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;

/* loaded from: input_file:cn/topca/api/cert/CRLDownloader.class */
class CRLDownloader extends Thread {
    private String savePath;
    private String crlUrl;
    private X509CRL crl;
    private X509Certificate caCert;
    private int[] retryPolicyTime;
    private DownloaderState downloaderState = DownloaderState.DOWNLOADER_STATE_STOP;

    public DownloaderState getDownloaderState() {
        return this.downloaderState;
    }

    public X509CRL getCRL() {
        return this.crl;
    }

    private void setStateRunning() {
        TCADebugUtil.debugLog("setStateRuning");
        this.downloaderState = DownloaderState.DOWNLOADER_STATE_RUNNING;
    }

    private void setStateStop() {
        TCADebugUtil.debugLog("setStateStop");
        this.downloaderState = DownloaderState.DOWNLOADER_STATE_STOP;
    }

    private void setStateWaiting() {
        TCADebugUtil.debugLog("setStateWaiting");
        this.downloaderState = DownloaderState.DOWNLOADER_STATE_WAITING;
    }

    private void setStateError() {
        TCADebugUtil.debugLog("setStateError");
        this.downloaderState = DownloaderState.DOWNLOADER_STATE_ERROR;
    }

    public CRLDownloader(X509Certificate x509Certificate, String str, String str2, int[] iArr) {
        this.caCert = x509Certificate;
        this.savePath = str;
        this.crlUrl = str2;
        this.retryPolicyTime = iArr;
    }

    @Override // java.lang.Thread, java.lang.Runnable
    public void run() {
        long time;
        while (true) {
            try {
                try {
                    X509CRL runTask = runTask(this.crlUrl, this.savePath, this.retryPolicyTime);
                    if (runTask == null) {
                        time = this.retryPolicyTime[this.retryPolicyTime.length - 1] * 1000;
                        TCADebugUtil.debugLog("runTask ERROR waiting " + time);
                    } else {
                        this.crl = runTask;
                        time = this.crl.getNextUpdate().getTime() - new Date().getTime();
                        TCADebugUtil.debugLog("runTask SUCCESS waiting " + time);
                    }
                    setStateWaiting();
                    Thread.sleep(time);
                } catch (InterruptedException e) {
                    setStateError();
                    e.printStackTrace();
                    setStateStop();
                    return;
                }
            } catch (Throwable th) {
                setStateStop();
                throw th;
            }
        }
    }

    private X509CRL runTask(String str, String str2, int[] iArr) throws InterruptedException {
        TCADebugUtil.debugLog("runTask");
        for (int i : iArr) {
            setStateRunning();
            try {
                X509CRL downloadCRL = downloadCRL(str);
                if (verifyCRL(downloadCRL, this.caCert, new Date()) && TCAUtil.writeByte2File(downloadCRL.getEncoded(), str2)) {
                    TCADebugUtil.debugLog("runTask SUCCESS Exit");
                    return downloadCRL;
                }
            } catch (CertApiException e) {
                e.printStackTrace();
            } catch (CRLException e2) {
                e2.printStackTrace();
            }
            setStateWaiting();
            Thread.sleep(i * 1000);
        }
        TCADebugUtil.debugLog("runTask ERROR Exit");
        return null;
    }

    private X509CRL downloadCRL(String str) throws CertApiException {
        byte[] readURL2Byte = TCAUtil.readURL2Byte(str);
        return (readURL2Byte[0] == 77 || readURL2Byte[0] == 45) ? TCAUtil.convB642CRL(new String(readURL2Byte)) : TCAUtil.convBin2CRL(readURL2Byte);
    }

    private boolean verifyCRL(X509CRL x509crl, X509Certificate x509Certificate, Date date) throws CertApiException {
        if (!date.before(x509crl.getThisUpdate())) {
            try {
                if (!date.after(x509crl.getNextUpdate())) {
                    try {
                        try {
                            if (x509crl.getSigAlgOID().equals(AlgorithmId.SM3withSM2_oid.toString())) {
                                Signature signature = Signature.getInstance("SM3withSM2", Security.getProvider("TopSM"));
                                signature.initVerify(x509Certificate.getPublicKey());
                                signature.update(x509crl.getTBSCertList());
                                signature.verify(x509crl.getSignature());
                            } else {
                                x509crl.verify(x509Certificate.getPublicKey());
                            }
                            TCADebugUtil.debugLog("verify CRL SUCCESS");
                            TCADebugUtil.debugLog("verify CRL ERROR");
                            return true;
                        } catch (NoSuchProviderException e) {
                            throw new CertApiException(TCAErrCode.ERR_BAD_PROVIDER, e);
                        } catch (CRLException e2) {
                            throw new CertApiException(TCAErrCode.ERR_CRL, e2);
                        }
                    } catch (InvalidKeyException e3) {
                        throw new CertApiException(TCAErrCode.ERR_INVALID_KEY, e3);
                    } catch (NoSuchAlgorithmException e4) {
                        throw new CertApiException(TCAErrCode.ERR_UNKNOWN_ALG, e4);
                    } catch (SignatureException e5) {
                        throw new CertApiException(TCAErrCode.ERR_CERT_SIGNATRUE, e5);
                    }
                }
            } catch (Throwable th) {
                TCADebugUtil.debugLog("verify CRL ERROR");
                throw th;
            }
        }
        throw new CertApiException(TCAErrCode.ERR_CRL_OUTDATE);
    }
}
