package ccit.security.bssp.base;

import ccit.security.bssp.common.ErrorConstant;
import ccit.security.bssp.ex.CCITSecurityException;
import ccit.security.bssp.ex.CrypException;
import ccit.security.bssp.sm2.SM2SignatureDer;
import ccit.security.bssp.sm2.Signature;
import ccit.security.bssp.util.Constants;
import ccit.security.bssp.util.DERToObj;
import java.io.ByteArrayInputStream;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.pkcs.ContentInfo;
import org.bouncycastle.asn1.pkcs.SignedData;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:ccit/security/bssp/base/CertParseBase.class */
public class CertParseBase {
    public int VerifyCert(byte[] bArr, byte[] bArr2) throws CrypException {
        boolean z = false;
        try {
            ByteArrayInputStream byteArrayInputStream = null;
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            try {
                ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(bArr);
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream2);
                byteArrayInputStream2.close();
                byteArrayInputStream = null;
                try {
                    byteArrayInputStream = new ByteArrayInputStream(bArr2);
                    X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                    PublicKey publicKey = x509Certificate2.getPublicKey();
                    if (byteArrayInputStream != null) {
                        byteArrayInputStream.close();
                    }
                    ByteArrayInputStream byteArrayInputStream3 = null;
                    if (!x509Certificate2.getSigAlgName().equals(x509Certificate.getSigAlgOID())) {
                        return 1;
                    }
                    if (x509Certificate.getSigAlgOID().equals(Constants.SM2_SIG_OID)) {
                        byte[] checkCert = checkCert(bArr2);
                        byte[] checkCert2 = checkCert(bArr);
                        X509CertificateStructure contructX509CertStructure = contructX509CertStructure(checkCert);
                        X509CertificateStructure contructX509CertStructure2 = contructX509CertStructure(checkCert2);
                        byte[] bytes = contructX509CertStructure.getSubjectPublicKeyInfo().getPublicKeyData().getBytes();
                        byte[] bArr3 = new byte[64];
                        System.arraycopy(bytes, 1, bArr3, 0, 64);
                        return (check1(contructX509CertStructure.getSubject(), contructX509CertStructure2.getIssuer()) && check2(bArr3, SM2SignatureDer.sm2SignatureDerDecode(contructX509CertStructure2.getSignature().getBytes()), contructX509CertStructure2.getTBSCertificate().getDEREncoded())) ? 0 : 1;
                    }
                    if (1 == 0) {
                        try {
                            ByteArrayInputStream byteArrayInputStream4 = new ByteArrayInputStream(bArr2);
                            ASN1Set certificates = SignedData.getInstance(new ContentInfo((ASN1Sequence) new ASN1InputStream(byteArrayInputStream4).readObject()).getContent()).getCertificates();
                            byteArrayInputStream4.close();
                            byteArrayInputStream3 = null;
                            int size = certificates.size();
                            int i = 0;
                            X509Certificate[] x509CertificateArr = new X509Certificate[size];
                            for (int i2 = 0; i2 < size; i2++) {
                                ByteArrayInputStream byteArrayInputStream5 = new ByteArrayInputStream(new DERBitString(certificates.getObjectAt(i2)).getBytes());
                                x509CertificateArr[i2] = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream5);
                                byteArrayInputStream5.close();
                                byteArrayInputStream3 = null;
                            }
                            for (int i3 = 0; i3 < size; i3++) {
                                for (int i4 = 0; i4 < size && !x509CertificateArr[i3].getSubjectDN().equals(x509CertificateArr[i4].getIssuerDN()); i4++) {
                                    if (i4 == size - 1) {
                                        i = i3;
                                    }
                                }
                            }
                            x509Certificate2 = x509CertificateArr[i];
                            publicKey = x509Certificate2.getPublicKey();
                            z = true;
                        } catch (Exception e) {
                            if (byteArrayInputStream3 != null) {
                                byteArrayInputStream3.close();
                            }
                            byteArrayInputStream3 = null;
                        }
                        if (!z && 1 == 0) {
                            try {
                                ByteArrayInputStream byteArrayInputStream6 = new ByteArrayInputStream(bArr2);
                                ASN1Sequence aSN1Sequence = (ASN1Sequence) new ASN1InputStream(byteArrayInputStream6).readObject();
                                byteArrayInputStream6.close();
                                byteArrayInputStream3 = null;
                                int size2 = aSN1Sequence.size();
                                int i5 = 0;
                                X509Certificate[] x509CertificateArr2 = new X509Certificate[size2];
                                for (int i6 = 0; i6 < size2; i6++) {
                                    ByteArrayInputStream byteArrayInputStream7 = new ByteArrayInputStream(new DERBitString(aSN1Sequence.getObjectAt(i6)).getBytes());
                                    x509CertificateArr2[i6] = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream7);
                                    byteArrayInputStream7.close();
                                    byteArrayInputStream3 = null;
                                }
                                for (int i7 = 0; i7 < size2; i7++) {
                                    for (int i8 = 0; i8 < size2 && !x509CertificateArr2[i7].getSubjectDN().equals(x509CertificateArr2[i8].getIssuerDN()); i8++) {
                                        if (i8 == size2 - 1) {
                                            i5 = i7;
                                        }
                                    }
                                }
                                x509Certificate2 = x509CertificateArr2[i5];
                                publicKey = x509Certificate2.getPublicKey();
                            } catch (Exception e2) {
                                if (byteArrayInputStream3 != null) {
                                    byteArrayInputStream3.close();
                                }
                                throw new CrypException(ErrorConstant.CE_CERTVERIFY_FAIL, "Certificate verify failed!" + e2.getMessage());
                            }
                        }
                    }
                    if (x509Certificate2 == null) {
                        return 6;
                    }
                    x509Certificate.checkValidity();
                    x509Certificate.verify(publicKey);
                    return 0;
                } catch (Exception e3) {
                    if (byteArrayInputStream != null) {
                        byteArrayInputStream.close();
                    }
                    throw new CrypException(ErrorConstant.CE_CERTVERIFY_FAIL, "Certificate verify failed!" + e3.getMessage());
                }
            } catch (Exception e4) {
                if (byteArrayInputStream != null) {
                    byteArrayInputStream.close();
                }
                throw new CrypException(ErrorConstant.CE_CERTVERIFY_FAIL, "Certificate verify failed!" + e4.getMessage());
            }
        } catch (CrypException e5) {
            throw e5;
        } catch (SignatureException e6) {
            throw new CrypException(ErrorConstant.CE_CERTVERIFY_FAIL, "Certificate verify failed!" + e6.getMessage());
        } catch (CertificateExpiredException e7) {
            throw new CrypException(ErrorConstant.CE_CERTVERIFY_FAIL, "Certificate verify failed!The certificate are expired!");
        } catch (CertificateNotYetValidException e8) {
            throw new CrypException(ErrorConstant.CE_CERTVERIFY_FAIL, "Certificate verify failed!The certificate are not yet valid!");
        } catch (Exception e9) {
            throw new CrypException(ErrorConstant.CE_CERTVERIFY_FAIL, "Certificate verify failed!" + e9.getMessage());
        }
    }

    public static boolean verifyCertificateByCrl(byte[] bArr, byte[] bArr2) throws CCITSecurityException {
        return !DERToObj.getX509CrlFromDer(bArr2).isRevoked(DERToObj.getX509CertificateFromDer(bArr));
    }

    private static byte[] checkCert(byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length];
        return (bArr[0] == 48 && bArr[1] == -126) ? bArr : Base64.decode(bArr);
    }

    private static X509CertificateStructure contructX509CertStructure(byte[] bArr) throws Exception {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(bArr));
        X509CertificateStructure x509CertificateStructure = new X509CertificateStructure((ASN1Sequence) aSN1InputStream.readObject());
        aSN1InputStream.close();
        return x509CertificateStructure;
    }

    private static boolean check1(X509Name x509Name, X509Name x509Name2) {
        return x509Name.equals(x509Name2);
    }

    private static boolean check2(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        return new Signature().VerifySm2SignatureByPubKey(bArr, bArr2, bArr3) == 0;
    }
}
