package ccit.security.bssp.base;

import ccit.security.bssp.common.ErrorConstant;
import ccit.security.bssp.ex.CCITSecurityException;
import ccit.security.bssp.ex.CrypException;
import ccit.security.bssp.util.DERToObj;
import java.io.ByteArrayInputStream;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;

/* loaded from: classes.dex */
public class CertParseBase {
    public static boolean verifyCertificateByCrl(byte[] bArr, byte[] bArr2) throws CCITSecurityException {
        return !DERToObj.getX509CrlFromDer(bArr2).isRevoked(DERToObj.getX509CertificateFromDer(bArr));
    }

    public int VerifyCert(byte[] bArr, byte[] bArr2) throws CrypException {
        ByteArrayInputStream byteArrayInputStream;
        ByteArrayInputStream byteArrayInputStream2;
        ByteArrayInputStream byteArrayInputStream3 = null;
        try {
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                try {
                    byteArrayInputStream = new ByteArrayInputStream(bArr);
                } catch (Exception e) {
                    e = e;
                    byteArrayInputStream = null;
                }
                try {
                    X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                    byteArrayInputStream.close();
                    try {
                        byteArrayInputStream2 = new ByteArrayInputStream(bArr2);
                    } catch (Exception e2) {
                        e = e2;
                    }
                    try {
                        X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream2);
                        PublicKey publicKey = x509Certificate2.getPublicKey();
                        if (byteArrayInputStream2 != null) {
                            byteArrayInputStream2.close();
                        }
                        if (x509Certificate2 == null) {
                            return 6;
                        }
                        x509Certificate.checkValidity();
                        x509Certificate.verify(publicKey);
                        return 0;
                    } catch (Exception e3) {
                        e = e3;
                        byteArrayInputStream3 = byteArrayInputStream2;
                        if (byteArrayInputStream3 != null) {
                            byteArrayInputStream3.close();
                        }
                        throw new CrypException(ErrorConstant.CE_CERTVERIFY_FAIL, "Certificate verify failed!" + e.getMessage());
                    }
                } catch (Exception e4) {
                    e = e4;
                    if (byteArrayInputStream != null) {
                        byteArrayInputStream.close();
                    }
                    throw new CrypException(ErrorConstant.CE_CERTVERIFY_FAIL, "Certificate verify failed!" + e.getMessage());
                }
            } catch (Exception e5) {
                throw new CrypException(ErrorConstant.CE_CERTVERIFY_FAIL, "Certificate verify failed!" + e5.getMessage());
            }
        } catch (CrypException e6) {
            throw e6;
        } catch (SignatureException e7) {
            throw new CrypException(ErrorConstant.CE_CERTVERIFY_FAIL, "Certificate verify failed!" + e7.getMessage());
        } catch (CertificateExpiredException e8) {
            throw new CrypException(ErrorConstant.CE_CERTVERIFY_FAIL, "Certificate verify failed!The certificate are expired!");
        } catch (CertificateNotYetValidException e9) {
            throw new CrypException(ErrorConstant.CE_CERTVERIFY_FAIL, "Certificate verify failed!The certificate are not yet valid!");
        }
    }
}
