package cn.org.bjca.sign.check;

import cn.org.bjca.sign.CodeSignInfo;
import cn.org.bjca.sign.IResource;
import cn.org.bjca.sign.config.APKResult;
import cn.org.bjca.sign.config.CAContainer;
import cn.org.bjca.sign.config.SignInfo;
import cn.org.bjca.sign.task.CRLDownThread;
import cn.org.bjca.sign.util.X509CRLParse;
import java.security.cert.X509CRL;
import org.bjca.asn1.x509.X509CertificateStructure;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public class CertRevokeVerify implements IVerify {
    private static final Logger logger = LoggerFactory.getLogger(CertRevokeVerify.class);

    @Override // cn.org.bjca.sign.check.IVerify
    public boolean apkVerify(APKResult aPKResult, IResource iResource) {
        aPKResult.setCheckSchedule(ICheck.CERT_REVOKE);
        for (SignInfo signInfo : aPKResult.getInfoList()) {
            String issueDN = signInfo.getIssueDN();
            X509CertificateStructure otainUserCert = signInfo.otainUserCert();
            CAContainer obtainCAContainerByDN = iResource.obtainCAContainerByDN(issueDN);
            X509CRL crlDer = obtainCAContainerByDN.getCrlDer();
            if (crlDer == null) {
                if (!CRLDownThread.status() && iResource.obtainMode().equals(IVerify.REMOTE)) {
                    new CRLDownThread(iResource).start();
                }
                aPKResult.setStatus(false);
                aPKResult.setErrorCode(CodeSignInfo.ErrorInfo.SIGN_CRL_NOFOUND_CONFIG);
                logger.error(String.valueOf(obtainCAContainerByDN.getId()) + ":X509CRL==crlBy null");
                return false;
            }
            long time = crlDer.getNextUpdate().getTime();
            long currentTimeMillis = System.currentTimeMillis();
            long crlOverdueTIme = obtainCAContainerByDN.getCrlOverdueTIme();
            if (currentTimeMillis - time > crlOverdueTIme && crlOverdueTIme > 0) {
                aPKResult.setStatus(false);
                aPKResult.setErrorCode(CodeSignInfo.ErrorInfo.SIGN_CRL_OVERDUE);
                logger.error(String.valueOf(obtainCAContainerByDN.getId()) + ":X509CRL==SIGN_CRL_OVERDUE");
                return false;
            }
            if (X509CRLParse.isRevoked(crlDer, otainUserCert.getSerialNumber().getValue().toString(16)) != null) {
                aPKResult.setStatus(false);
                aPKResult.setErrorCode(CodeSignInfo.ErrorInfo.SIGN_CRL_VERIFY_REVOKE);
                logger.error("X509CRL==SIGN_CRL_VERIFY_ERROR");
                return false;
            }
        }
        return true;
    }
}
