package ccit.security.cert;

import ccit.security.Encrypt;
import ccit.security.MiscTools;
import ccit.security.PrivateKeyFromDER;
import java.io.ByteArrayInputStream;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.pkcs.ContentInfo;
import org.bouncycastle.asn1.pkcs.SignedData;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.provider.JDKDigestSignature;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:ccit/security/cert/CertTool.class */
public class CertTool {
    private static Base64 base64 = null;
    private static Encrypt tool = null;
    private static CertTool certTool = null;

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    private CertTool() {
        base64 = new Base64();
        tool = new Encrypt();
    }

    public static CertTool getInstance() {
        if (certTool == null) {
            certTool = new CertTool();
        }
        return certTool;
    }

    public int VerifyCert(byte[] bArr, byte[] bArr2) {
        ByteArrayInputStream byteArrayInputStream;
        byte[] checkPEM = MiscTools.checkPEM(bArr);
        if (checkPEM != null) {
            bArr = Base64.decode(checkPEM);
        }
        byte[] checkPEM2 = MiscTools.checkPEM(bArr2);
        if (checkPEM2 != null) {
            bArr2 = Base64.decode(checkPEM2);
        }
        ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(bArr);
        X509Certificate x509Certificate = null;
        PublicKey publicKey = null;
        boolean z = false;
        boolean z2 = false;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            try {
                X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream2);
                byteArrayInputStream2.close();
                byteArrayInputStream2 = null;
                try {
                    byteArrayInputStream2 = new ByteArrayInputStream(bArr2);
                    x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream2);
                    publicKey = x509Certificate.getPublicKey();
                    z = true;
                    if (byteArrayInputStream2 != null) {
                        byteArrayInputStream2.close();
                    }
                    byteArrayInputStream = null;
                } catch (Exception e) {
                    if (byteArrayInputStream2 != null) {
                        byteArrayInputStream2.close();
                    }
                    byteArrayInputStream = null;
                }
                if (!z) {
                    try {
                        ByteArrayInputStream byteArrayInputStream3 = new ByteArrayInputStream(bArr2);
                        ASN1Set certificates = SignedData.getInstance(new ContentInfo(new ASN1InputStream(byteArrayInputStream3).readObject()).getContent()).getCertificates();
                        byteArrayInputStream3.close();
                        byteArrayInputStream = null;
                        int size = certificates.size();
                        int i = 0;
                        X509Certificate[] x509CertificateArr = new X509Certificate[size];
                        for (int i2 = 0; i2 < size; i2++) {
                            ByteArrayInputStream byteArrayInputStream4 = new ByteArrayInputStream(new DERBitString(certificates.getObjectAt(i2)).getBytes());
                            x509CertificateArr[i2] = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream4);
                            byteArrayInputStream4.close();
                            byteArrayInputStream = null;
                        }
                        for (int i3 = 0; i3 < size; i3++) {
                            for (int i4 = 0; i4 < size && !x509CertificateArr[i3].getSubjectDN().equals(x509CertificateArr[i4].getIssuerDN()); i4++) {
                                if (i4 == size - 1) {
                                    i = i3;
                                }
                            }
                        }
                        x509Certificate = x509CertificateArr[i];
                        publicKey = x509Certificate.getPublicKey();
                        z2 = true;
                    } catch (Exception e2) {
                        if (byteArrayInputStream != null) {
                            byteArrayInputStream.close();
                        }
                        byteArrayInputStream = null;
                    }
                    if (!z2 && !z) {
                        try {
                            ByteArrayInputStream byteArrayInputStream5 = new ByteArrayInputStream(bArr2);
                            ASN1Sequence readObject = new ASN1InputStream(byteArrayInputStream5).readObject();
                            byteArrayInputStream5.close();
                            byteArrayInputStream = null;
                            int size2 = readObject.size();
                            int i5 = 0;
                            X509Certificate[] x509CertificateArr2 = new X509Certificate[size2];
                            for (int i6 = 0; i6 < size2; i6++) {
                                ByteArrayInputStream byteArrayInputStream6 = new ByteArrayInputStream(new DERBitString(readObject.getObjectAt(i6)).getBytes());
                                x509CertificateArr2[i6] = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream6);
                                byteArrayInputStream6.close();
                                byteArrayInputStream = null;
                            }
                            for (int i7 = 0; i7 < size2; i7++) {
                                for (int i8 = 0; i8 < size2 && !x509CertificateArr2[i7].getSubjectDN().equals(x509CertificateArr2[i8].getIssuerDN()); i8++) {
                                    if (i8 == size2 - 1) {
                                        i5 = i7;
                                    }
                                }
                            }
                            x509Certificate = x509CertificateArr2[i5];
                            publicKey = x509Certificate.getPublicKey();
                        } catch (Exception e3) {
                            if (byteArrayInputStream != null) {
                                byteArrayInputStream.close();
                            }
                        }
                    }
                }
                if (x509Certificate == null) {
                    return 6;
                }
                x509Certificate2.checkValidity();
                if (!x509Certificate2.getIssuerDN().equals(x509Certificate.getSubjectDN())) {
                    return 3;
                }
                x509Certificate2.verify(publicKey);
                return 0;
            } catch (Exception e4) {
                if (byteArrayInputStream2 != null) {
                    byteArrayInputStream2.close();
                }
                return 7;
            }
        } catch (SignatureException e5) {
            return 1;
        } catch (CertificateExpiredException e6) {
            return 2;
        } catch (CertificateNotYetValidException e7) {
            return 2;
        } catch (Exception e8) {
            e8.printStackTrace();
            return 5;
        }
    }

    public int VerifyCert(String str, String str2) {
        return VerifyCert(str.getBytes(), str2.getBytes());
    }

    public int VerifySignature(byte[] bArr, byte[] bArr2, byte[] bArr3, int i) {
        boolean verify;
        byte[] checkPEM = MiscTools.checkPEM(bArr);
        if (checkPEM != null) {
            bArr = Base64.decode(checkPEM);
        }
        byte[] checkPEM2 = MiscTools.checkPEM(bArr3);
        if (checkPEM2 != null) {
            bArr3 = Base64.decode(checkPEM2);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr3);
        try {
            PublicKey publicKey = ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream)).getPublicKey();
            byteArrayInputStream.close();
            if (i == 2) {
                JDKDigestSignature.MD5WithRSAEncryption mD5WithRSAEncryption = new JDKDigestSignature.MD5WithRSAEncryption();
                mD5WithRSAEncryption.initVerify(publicKey);
                mD5WithRSAEncryption.update(bArr2);
                verify = mD5WithRSAEncryption.verify(bArr);
            } else {
                if (i != 1) {
                    return 4;
                }
                JDKDigestSignature.SHA1WithRSAEncryption sHA1WithRSAEncryption = new JDKDigestSignature.SHA1WithRSAEncryption();
                sHA1WithRSAEncryption.initVerify(publicKey);
                sHA1WithRSAEncryption.update(bArr2);
                verify = sHA1WithRSAEncryption.verify(bArr);
            }
            return !verify ? 1 : 0;
        } catch (Exception e) {
            if (byteArrayInputStream != null) {
                try {
                    byteArrayInputStream.close();
                } catch (Exception e2) {
                }
            }
            e.printStackTrace();
            return 5;
        }
    }

    public int VerifySignature(String str, byte[] bArr, String str2, int i) {
        return VerifySignature(str.getBytes(), bArr, str2.getBytes(), i);
    }

    public int VerifySignature(String str, String str2, String str3, int i) {
        return VerifySignature(str.getBytes(), str2.getBytes(), str3.getBytes(), i);
    }

    public String sign(byte[] bArr, byte[] bArr2, String str, int i) {
        if (str == null || str.length() == 0) {
            return sign(bArr, bArr2, i);
        }
        byte[] decrypt = tool.decrypt(str, bArr2);
        if (decrypt == null) {
            return null;
        }
        return sign(bArr, decrypt, i);
    }

    private String sign(byte[] bArr, byte[] bArr2, int i) {
        try {
            RSAPrivateKey rpks = PrivateKeyFromDER.getRPKS(bArr2);
            byte[] bArr3 = (byte[]) null;
            try {
                if (i != 1) {
                    if (i == 2) {
                        Signature signature = Signature.getInstance("MD5WITHRSA");
                        signature.initSign(rpks);
                        signature.update(bArr);
                        bArr3 = signature.sign();
                    }
                    return new String(Base64.encode(bArr3));
                }
                Signature signature2 = Signature.getInstance("SHA1WITHRSA");
                signature2.initSign(rpks);
                signature2.update(bArr);
                bArr3 = signature2.sign();
                return new String(Base64.encode(bArr3));
            } catch (Exception e) {
                return null;
            }
        } catch (Exception e2) {
            e2.printStackTrace();
            return null;
        }
    }

    public static String base64encode(byte[] bArr) {
        return new String(Base64.encode(bArr));
    }

    public static byte[] base64decode(String str) {
        return Base64.decode(str);
    }
}
