package ccit.security.bssp.base;

import ccit.security.bssp.bean.CERT_INFO;
import ccit.security.bssp.common.ErrorConstant;
import ccit.security.bssp.ex.CCITSecurityException;
import ccit.security.bssp.ex.CrypException;
import ccit.security.bssp.sm2.SM2SignatureDer;
import ccit.security.bssp.sm2.Signature;
import ccit.security.bssp.util.Constants;
import ccit.security.bssp.util.DERToObj;
import java.io.ByteArrayInputStream;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.pkcs.SignedData;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:ccit/security/bssp/base/CertParseBase.class */
public class CertParseBase {
    public int VerifyCert(byte[] bArr, byte[] bArr2) throws CrypException {
        boolean z = false;
        try {
            ByteArrayInputStream byteArrayInputStream = null;
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", (Provider) new BouncyCastleProvider());
            try {
                X509Certificate x509 = new CERT_INFO(bArr).getX509();
                try {
                    X509Certificate x5092 = new CERT_INFO(bArr2).getX509();
                    if (!x5092.getSigAlgOID().equals(x509.getSigAlgOID())) {
                        return 1;
                    }
                    if (x509.getSigAlgOID().equals(Constants.SM2_SIG_OID)) {
                        byte[] checkCert = checkCert(bArr2);
                        byte[] checkCert2 = checkCert(bArr);
                        X509CertificateStructure contructX509CertStructure = contructX509CertStructure(checkCert);
                        X509CertificateStructure contructX509CertStructure2 = contructX509CertStructure(checkCert2);
                        byte[] bytes = contructX509CertStructure.getSubjectPublicKeyInfo().getPublicKeyData().getBytes();
                        byte[] bArr3 = new byte[64];
                        System.arraycopy(bytes, 1, bArr3, 0, 64);
                        byte[] bytes2 = contructX509CertStructure2.getSignature().getBytes();
                        byte[] sm2SignatureDerDecode = SM2SignatureDer.sm2SignatureDerDecode(bytes2);
                        byte[] encoded = contructX509CertStructure2.getTBSCertificate().getEncoded();
                        if (check1(contructX509CertStructure.getSubject(), contructX509CertStructure2.getIssuer())) {
                            return (check2(bArr3, sm2SignatureDerDecode, encoded) || check2(bArr3, bytes2, encoded)) ? 0 : 1;
                        }
                        return 1;
                    }
                    PublicKey publicKey = x5092.getPublicKey();
                    if (1 == 0) {
                        try {
                            ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(bArr2);
                            ASN1Set certificates = SignedData.getInstance(new ContentInfo(new ASN1InputStream(byteArrayInputStream2).readObject()).getContent()).getCertificates();
                            byteArrayInputStream2.close();
                            byteArrayInputStream = null;
                            int size = certificates.size();
                            int i = 0;
                            X509Certificate[] x509CertificateArr = new X509Certificate[size];
                            for (int i2 = 0; i2 < size; i2++) {
                                ByteArrayInputStream byteArrayInputStream3 = new ByteArrayInputStream(new DERBitString(certificates.getObjectAt(i2)).getBytes());
                                x509CertificateArr[i2] = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream3);
                                byteArrayInputStream3.close();
                                byteArrayInputStream = null;
                            }
                            for (int i3 = 0; i3 < size; i3++) {
                                for (int i4 = 0; i4 < size && !x509CertificateArr[i3].getSubjectDN().equals(x509CertificateArr[i4].getIssuerDN()); i4++) {
                                    if (i4 == size - 1) {
                                        i = i3;
                                    }
                                }
                            }
                            x5092 = x509CertificateArr[i];
                            publicKey = x5092.getPublicKey();
                            z = true;
                        } catch (Exception e) {
                            if (byteArrayInputStream != null) {
                                byteArrayInputStream.close();
                            }
                            byteArrayInputStream = null;
                        }
                        if (!z && 1 == 0) {
                            try {
                                ByteArrayInputStream byteArrayInputStream4 = new ByteArrayInputStream(bArr2);
                                ASN1Sequence readObject = new ASN1InputStream(byteArrayInputStream4).readObject();
                                byteArrayInputStream4.close();
                                byteArrayInputStream = null;
                                int size2 = readObject.size();
                                int i5 = 0;
                                X509Certificate[] x509CertificateArr2 = new X509Certificate[size2];
                                for (int i6 = 0; i6 < size2; i6++) {
                                    ByteArrayInputStream byteArrayInputStream5 = new ByteArrayInputStream(new DERBitString(readObject.getObjectAt(i6)).getBytes());
                                    x509CertificateArr2[i6] = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream5);
                                    byteArrayInputStream5.close();
                                    byteArrayInputStream = null;
                                }
                                for (int i7 = 0; i7 < size2; i7++) {
                                    for (int i8 = 0; i8 < size2 && !x509CertificateArr2[i7].getSubjectDN().equals(x509CertificateArr2[i8].getIssuerDN()); i8++) {
                                        if (i8 == size2 - 1) {
                                            i5 = i7;
                                        }
                                    }
                                }
                                x5092 = x509CertificateArr2[i5];
                                publicKey = x5092.getPublicKey();
                            } catch (Exception e2) {
                                if (byteArrayInputStream != null) {
                                    byteArrayInputStream.close();
                                }
                                throw new CrypException(ErrorConstant.CE_CERTVERIFY_FAIL, "Certificate verify failed!" + e2.getMessage());
                            }
                        }
                    }
                    if (x5092 == null) {
                        return 6;
                    }
                    x509.checkValidity();
                    x509.verify(publicKey);
                    return 0;
                } catch (Exception e3) {
                    throw new CrypException(ErrorConstant.CE_CERTVERIFY_FAIL, "Certificate verify failed!" + e3.getMessage());
                }
            } catch (Exception e4) {
                throw new CrypException(ErrorConstant.CE_CERTVERIFY_FAIL, "Certificate verify failed!" + e4.getMessage());
            }
        } catch (CrypException e5) {
            throw e5;
        } catch (SignatureException e6) {
            throw new CrypException(ErrorConstant.CE_CERTVERIFY_FAIL, "Certificate verify failed!" + e6.getMessage());
        } catch (CertificateExpiredException e7) {
            throw new CrypException(ErrorConstant.CE_CERTVERIFY_FAIL, "Certificate verify failed!The certificate are expired!");
        } catch (CertificateNotYetValidException e8) {
            throw new CrypException(ErrorConstant.CE_CERTVERIFY_FAIL, "Certificate verify failed!The certificate are not yet valid!");
        } catch (Exception e9) {
            throw new CrypException(ErrorConstant.CE_CERTVERIFY_FAIL, "Certificate verify failed!" + e9.getMessage());
        }
    }

    public static boolean verifyCertificateByCrl(byte[] bArr, byte[] bArr2) throws CCITSecurityException {
        return !DERToObj.getX509CrlFromDer(bArr2).isRevoked(DERToObj.getX509CertificateFromDer(bArr));
    }

    private static byte[] checkCert(byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length];
        return (bArr[0] == 48 && bArr[1] == -126) ? bArr : Base64.decode(bArr);
    }

    private static X509CertificateStructure contructX509CertStructure(byte[] bArr) throws Exception {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(bArr));
        X509CertificateStructure x509CertificateStructure = new X509CertificateStructure(aSN1InputStream.readObject());
        aSN1InputStream.close();
        return x509CertificateStructure;
    }

    private static boolean check1(X500Name x500Name, X500Name x500Name2) {
        return x500Name.equals(x500Name2);
    }

    private static boolean check2(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        return new Signature().VerifySm2SignatureByPubKey(bArr, bArr2, bArr3) == 0;
    }
}
