package iaik.x509;

import iaik.asn1.ASN;
import iaik.asn1.ASN1;
import iaik.asn1.ASN1Object;
import iaik.asn1.ASN1Type;
import iaik.asn1.BIT_STRING;
import iaik.asn1.CON_SPEC;
import iaik.asn1.CodingException;
import iaik.asn1.DerCoder;
import iaik.asn1.INTEGER;
import iaik.asn1.ObjectID;
import iaik.asn1.SEQUENCE;
import iaik.asn1.structures.AlgorithmID;
import iaik.asn1.structures.ChoiceOfTime;
import iaik.asn1.structures.Name;
import iaik.utils.Util;
import iaik.x509.extensions.BasicConstraints;
import iaik.x509.extensions.KeyUsage;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.io.Serializable;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Date;
import java.util.Enumeration;
import java.util.Set;

/* loaded from: input_file:115766-05/SUNWamsci/reloc/SUNWam/lib/iaik_jce_full.jar:iaik/x509/X509Certificate.class */
public class X509Certificate extends java.security.cert.X509Certificate implements Serializable, ASN1Type {
    private byte[] m;
    private boolean f;
    private X509Extensions n;
    private byte[] b;
    private BigInteger c;
    private BigInteger k;
    private PublicKey h;
    private Name d;
    private ChoiceOfTime j;
    private ChoiceOfTime i;
    private Name l;
    private AlgorithmID e;
    private BigInteger g;
    private int a;
    private transient ASN1 o;

    public void writeTo(OutputStream outputStream) throws IOException {
        d();
        this.o.writeTo(outputStream);
    }

    private void writeObject(ObjectOutputStream objectOutputStream) throws IOException {
        objectOutputStream.write(toByteArray());
    }

    public void verify(PublicKey publicKey, AlgorithmParameterSpec algorithmParameterSpec) throws SignatureException, NoSuchProviderException, InvalidKeyException, NoSuchAlgorithmException, CertificateException {
        d();
        Signature signatureInstance = this.e.getSignatureInstance("IAIK");
        try {
            byte[] firstObject = this.o.getFirstObject();
            signatureInstance.setParameter("DSAParameterSpec", algorithmParameterSpec);
            signatureInstance.initVerify(publicKey);
            signatureInstance.update(firstObject);
            if (!signatureInstance.verify(this.b)) {
                throw new SignatureException("Signature verification error!");
            }
        } catch (CodingException e) {
            throw new SignatureException(e.toString());
        }
    }

    @Override // java.security.cert.Certificate
    public void verify(PublicKey publicKey, String str) throws SignatureException, NoSuchProviderException, InvalidKeyException, NoSuchAlgorithmException, CertificateException {
        d();
        Signature signatureInstance = str == null ? this.e.getSignatureInstance() : this.e.getSignatureInstance(str);
        try {
            byte[] firstObject = this.o.getFirstObject();
            signatureInstance.initVerify(publicKey);
            signatureInstance.update(firstObject);
            if (!signatureInstance.verify(this.b)) {
                throw new SignatureException("Signature verification error!");
            }
        } catch (CodingException e) {
            throw new SignatureException(e.toString());
        }
    }

    @Override // java.security.cert.Certificate
    public void verify(PublicKey publicKey) throws SignatureException, NoSuchProviderException, InvalidKeyException, NoSuchAlgorithmException, CertificateException {
        verify(publicKey, (String) null);
    }

    public void verify() throws SignatureException, NoSuchProviderException, InvalidKeyException, NoSuchAlgorithmException, CertificateException {
        verify(this.h);
    }

    public String toString(boolean z) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(new StringBuffer("Version: ").append(this.a).append("\n").toString());
        if (this.g != null) {
            stringBuffer.append(new StringBuffer("Serial number: ").append(this.g).append("\n").toString());
        }
        if (this.e != null) {
            stringBuffer.append(new StringBuffer("Signature algorithm: ").append(this.e).append("\n").toString());
        }
        if (this.l != null) {
            stringBuffer.append(new StringBuffer("Issuer: ").append(this.l).append("\n").toString());
        }
        if (this.i != null) {
            stringBuffer.append(new StringBuffer("Valid not before: ").append(this.i).append("\n").toString());
        }
        if (this.j != null) {
            stringBuffer.append(new StringBuffer("      not after: ").append(this.j).append("\n").toString());
        }
        if (this.d != null) {
            stringBuffer.append(new StringBuffer("Subject: ").append(this.d).append("\n").toString());
        }
        if (this.h != null) {
            stringBuffer.append(this.h.toString());
        }
        if (this.k != null) {
            stringBuffer.append(new StringBuffer("Issuer Unique ID: ").append(this.k).append("\n").toString());
        }
        if (this.c != null) {
            stringBuffer.append(new StringBuffer("Subject Unique ID: ").append(this.c).append("\n").toString());
        }
        stringBuffer.append("\n");
        stringBuffer.append(new StringBuffer("Certificate Fingerprint (MD5)  : ").append(Util.toString(getFingerprint())).append("\n").toString());
        stringBuffer.append(new StringBuffer("Certificate Fingerprint (SHA-1): ").append(Util.toString(getFingerprintSHA())).append("\n").toString());
        stringBuffer.append("\n");
        if (this.n != null) {
            if (z) {
                stringBuffer.append(this.n);
            } else {
                stringBuffer.append(new StringBuffer("Extensions: ").append(this.n.countExtensions()).append("\n").toString());
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.Certificate
    public String toString() {
        return toString(false);
    }

    public byte[] toByteArray() {
        d();
        return this.o.toByteArray();
    }

    private boolean[] a(String str) {
        boolean[] zArr = new boolean[str.length()];
        for (int i = 0; i < zArr.length; i++) {
            zArr[i] = str.charAt(i) == '1';
        }
        return zArr;
    }

    @Override // iaik.asn1.ASN1Type
    public ASN1Object toASN1Object() {
        d();
        return this.o.toASN1Object();
    }

    public void sign(AlgorithmID algorithmID, PrivateKey privateKey, String str) throws NoSuchAlgorithmException, InvalidKeyException, CertificateException {
        if (algorithmID == null) {
            throw new CertificateException("Cannot sign certificate! No signature algorithm specified!");
        }
        this.e = algorithmID;
        Signature signatureInstance = this.e.getSignatureInstance(str);
        ASN1Object a = a();
        signatureInstance.initSign(privateKey);
        try {
            signatureInstance.update(DerCoder.encode(a));
            this.b = signatureInstance.sign();
            BIT_STRING bit_string = new BIT_STRING(this.b);
            SEQUENCE sequence = new SEQUENCE();
            sequence.addComponent(a);
            sequence.addComponent(this.e.toASN1Object());
            sequence.addComponent(bit_string);
            this.o = new ASN1(sequence);
            e();
            f();
        } catch (CodingException e) {
            throw new CertificateException(e.toString());
        } catch (SignatureException e2) {
            throw new CertificateException(e2.toString());
        }
    }

    public void sign(AlgorithmID algorithmID, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException, CertificateException {
        sign(algorithmID, privateKey, null);
    }

    public void setValidNotBefore(Date date) {
        this.i = new ChoiceOfTime(date, true);
        e();
    }

    public void setValidNotAfter(Date date) {
        this.j = new ChoiceOfTime(date, true);
        e();
    }

    public void setSubjectUniqueID(boolean[] zArr) {
        this.c = new BigInteger(a(zArr), 2);
        this.a = 2;
        e();
    }

    public void setSubjectDN(Principal principal) throws IllegalArgumentException {
        try {
            this.d = (Name) principal;
            e();
        } catch (Exception unused) {
            throw new IllegalArgumentException("Subject is not an instance of Name.");
        }
    }

    private void f() {
        this.f = false;
    }

    public void setSignatureAlgorithm(AlgorithmID algorithmID) {
        this.e = algorithmID;
        e();
    }

    public void setSignature(byte[] bArr) throws CertificateException {
        if (bArr == null) {
            throw new CertificateException("Cannot sign certificate! No signature value specified!");
        }
        this.b = bArr;
        ASN1Object a = a();
        try {
            BIT_STRING bit_string = new BIT_STRING(bArr);
            SEQUENCE sequence = new SEQUENCE();
            sequence.addComponent(a);
            sequence.addComponent(this.e.toASN1Object());
            sequence.addComponent(bit_string);
            this.o = new ASN1(sequence);
            e();
            f();
        } catch (CodingException e) {
            throw new CertificateException(e.toString());
        }
    }

    public void setSerialNumber(BigInteger bigInteger) {
        this.g = bigInteger;
        e();
    }

    public void setPublicKey(PublicKey publicKey) throws InvalidKeyException {
        this.h = publicKey;
        e();
    }

    private void e() {
        this.f = true;
        this.m = null;
    }

    public void setIssuerUniqueID(boolean[] zArr) {
        this.k = new BigInteger(a(zArr), 2);
        this.a = 2;
        e();
    }

    public void setIssuerDN(Principal principal) throws IllegalArgumentException {
        try {
            this.l = (Name) principal;
            e();
        } catch (Exception unused) {
            throw new IllegalArgumentException("Issuer is not an instance of Name.");
        }
    }

    public boolean removeExtension(ObjectID objectID) {
        boolean removeExtension = this.n == null ? false : this.n.removeExtension(objectID);
        if (removeExtension) {
            e();
        }
        return removeExtension;
    }

    public void removeAllExtensions() {
        if (this.n != null) {
            this.n.removeAllExtensions();
            e();
        }
        this.n = null;
    }

    private void readObject(ObjectInputStream objectInputStream) throws ClassNotFoundException, IOException {
        try {
            this.o = new ASN1(objectInputStream);
            b();
        } catch (Exception e) {
            throw new IOException(new StringBuffer("Unable to restore Certificate: ").append(e.toString()).toString());
        }
    }

    public Enumeration listExtensions() {
        if (this.n == null) {
            return null;
        }
        return this.n.listExtensions();
    }

    private void b() throws X509ExtensionException, CertificateException {
        int i = 0;
        try {
            ASN1Object componentAt = this.o.getComponentAt(0);
            AlgorithmID algorithmID = new AlgorithmID(this.o.getComponentAt(1));
            this.b = (byte[]) ((BIT_STRING) this.o.getComponentAt(2)).getValue();
            ASN1Object componentAt2 = componentAt.getComponentAt(0);
            if (componentAt2.isA(ASN.CON_SPEC)) {
                this.a = ((BigInteger) ((ASN1Object) componentAt2.getValue()).getValue()).intValue() + 1;
                i = 0 + 1;
            }
            this.g = (BigInteger) componentAt.getComponentAt(i).getValue();
            this.e = new AlgorithmID(componentAt.getComponentAt(1 + i));
            if (!algorithmID.equals(this.e)) {
                throw new CertificateException("Certificate signature algorithm mismatch");
            }
            this.l = new Name(componentAt.getComponentAt(2 + i));
            ASN1 asn1 = new ASN1(componentAt.getComponentAt(3 + i));
            this.i = new ChoiceOfTime(asn1.getComponentAt(0));
            this.j = new ChoiceOfTime(asn1.getComponentAt(1));
            this.d = new Name(componentAt.getComponentAt(4 + i));
            ASN1Object componentAt3 = componentAt.getComponentAt(5 + i);
            int i2 = 6 + i;
            while (i2 < componentAt.countComponents()) {
                int i3 = i2;
                i2++;
                CON_SPEC con_spec = (CON_SPEC) componentAt.getComponentAt(i3);
                if (con_spec.getAsnType().getTag() == 1) {
                    con_spec.forceImplicitlyTagged(ASN.BIT_STRING);
                    this.k = new BigInteger(1, (byte[]) ((ASN1Object) con_spec.getValue()).getValue());
                } else if (con_spec.getAsnType().getTag() == 2) {
                    con_spec.forceImplicitlyTagged(ASN.BIT_STRING);
                    this.c = new BigInteger(1, (byte[]) ((ASN1Object) con_spec.getValue()).getValue());
                } else if (con_spec.getAsnType().getTag() == 3) {
                    this.n = new X509Extensions((ASN1Object) con_spec.getValue());
                }
            }
            try {
                this.h = PublicKeyInfo.getPublicKey(componentAt3);
                this.o.clearASN1Object();
                f();
            } catch (InvalidKeyException e) {
                throw new CertificateException(e.toString());
            }
        } catch (CodingException e2) {
            throw new CertificateException(e2.toString());
        } catch (RuntimeException e3) {
            throw new CertificateException(new StringBuffer("Certificate format error: ").append(e3.toString()).toString());
        }
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        if (this.n == null) {
            return false;
        }
        return this.n.hasUnsupportedCriticalExtension();
    }

    public boolean hasExtensions() {
        if (this.n == null) {
            return false;
        }
        return this.n.hasExtensions();
    }

    @Override // java.security.cert.X509Certificate
    public int getVersion() {
        return this.a;
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getTBSCertificate() throws CertificateEncodingException {
        try {
            return (this.o == null || this.o.toByteArray() == null) ? DerCoder.encode(a()) : this.o.getFirstObject();
        } catch (CodingException e) {
            throw new CertificateEncodingException(e.toString());
        }
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getSubjectUniqueID() {
        if (this.c == null) {
            return null;
        }
        return a(this.c.toString(2));
    }

    @Override // java.security.cert.X509Certificate
    public Principal getSubjectDN() {
        return this.d;
    }

    public AlgorithmID getSignatureAlgorithm() {
        return this.e;
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSignature() {
        return this.b;
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSigAlgParams() {
        if (this.e == null) {
            return null;
        }
        try {
            ASN1Object parameter = this.e.getParameter();
            if (parameter == null) {
                return null;
            }
            return new ASN1(parameter).toByteArray();
        } catch (CodingException e) {
            throw new RuntimeException(e.toString());
        }
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgOID() {
        if (this.e == null) {
            return null;
        }
        return this.e.getAlgorithm().getID();
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgName() {
        if (this.e == null) {
            return null;
        }
        return this.e.getName();
    }

    @Override // java.security.cert.X509Certificate
    public BigInteger getSerialNumber() {
        return this.g;
    }

    @Override // java.security.cert.Certificate
    public PublicKey getPublicKey() {
        return this.h;
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotBefore() {
        if (this.i == null) {
            return null;
        }
        return this.i.getDate();
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotAfter() {
        if (this.j == null) {
            return null;
        }
        return this.j.getDate();
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        if (this.n == null) {
            return null;
        }
        return this.n.getNonCriticalExtensionOIDs();
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getKeyUsage() {
        if (this.n == null) {
            return null;
        }
        try {
            KeyUsage keyUsage = (KeyUsage) this.n.getExtension(KeyUsage.oid);
            if (keyUsage != null) {
                return keyUsage.getBooleanArray();
            }
            return null;
        } catch (Exception unused) {
            return null;
        }
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getIssuerUniqueID() {
        if (this.k == null) {
            return null;
        }
        return a(this.k.toString(2));
    }

    @Override // java.security.cert.X509Certificate
    public Principal getIssuerDN() {
        return this.l;
    }

    public byte[] getFingerprintSHA() {
        if (this.m == null) {
            try {
                this.m = getFingerprint("SHA");
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException(new StringBuffer("Algorithm SHA not available: ").append(e.toString()).toString());
            }
        }
        return this.m;
    }

    public byte[] getFingerprint(String str) throws NoSuchAlgorithmException {
        d();
        MessageDigest messageDigest = MessageDigest.getInstance(str);
        messageDigest.update(toByteArray());
        return messageDigest.digest();
    }

    public byte[] getFingerprint() {
        d();
        return this.o.fingerprint();
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        if (this.n == null) {
            return null;
        }
        return this.n.getExtensionValue(str);
    }

    public V3Extension getExtension(ObjectID objectID) throws X509ExtensionInitException {
        if (this.n == null) {
            return null;
        }
        return this.n.getExtension(objectID);
    }

    @Override // java.security.cert.Certificate
    public byte[] getEncoded() throws CertificateEncodingException {
        d();
        return toByteArray();
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        if (this.n == null) {
            return null;
        }
        return this.n.getCriticalExtensionOIDs();
    }

    @Override // java.security.cert.X509Certificate
    public int getBasicConstraints() {
        if (this.n == null) {
            return -1;
        }
        try {
            BasicConstraints basicConstraints = (BasicConstraints) this.n.getExtension(BasicConstraints.oid);
            if (basicConstraints == null) {
                return -1;
            }
            int pathLenConstraint = basicConstraints.getPathLenConstraint();
            if (pathLenConstraint == -1) {
                return Integer.MAX_VALUE;
            }
            return pathLenConstraint;
        } catch (Exception unused) {
            return -1;
        }
    }

    private String a(boolean[] zArr) {
        StringBuffer stringBuffer = new StringBuffer();
        for (boolean z : zArr) {
            if (z) {
                stringBuffer.append('1');
            } else {
                stringBuffer.append('0');
            }
        }
        return stringBuffer.toString();
    }

    public void decode(InputStream inputStream) throws CertificateException, IOException {
        if (inputStream == null) {
            throw new NullPointerException("Cannot parse certificate from a null input stream!");
        }
        try {
            this.o = new ASN1(inputStream);
            b();
        } catch (CodingException e) {
            throw new CertificateException(e.toString());
        } catch (X509ExtensionException e2) {
            throw new CertificateException(e2.toString());
        }
    }

    @Override // iaik.asn1.ASN1Type
    public void decode(ASN1Object aSN1Object) throws CodingException {
        if (aSN1Object == null) {
            throw new NullPointerException("Cannot parse certificate from a null object!");
        }
        this.o = new ASN1(aSN1Object);
        try {
            b();
        } catch (Exception e) {
            throw new CodingException(e.toString());
        }
    }

    private ASN1Object a() throws CertificateEncodingException {
        this.a = 1;
        if (this.g == null) {
            throw new CertificateEncodingException("Serial number not set!");
        }
        if (this.e == null) {
            throw new CertificateEncodingException("Signature algorithm not set!");
        }
        if (this.l == null) {
            throw new CertificateEncodingException("Issuer not set!");
        }
        if (this.i == null) {
            throw new CertificateEncodingException("Valid not before not set!");
        }
        if (this.j == null) {
            throw new CertificateEncodingException("Valid not after not set!");
        }
        if (this.d == null) {
            throw new CertificateEncodingException("Subject not set!");
        }
        if (this.h == null) {
            throw new CertificateEncodingException("Public key not set!");
        }
        if (this.k != null || this.c != null) {
            this.a = 2;
        }
        if (this.n != null) {
            if (this.n.hasExtensions()) {
                this.a = 3;
            } else {
                this.n = null;
            }
        }
        try {
            SEQUENCE sequence = new SEQUENCE();
            if (this.a > 1) {
                sequence.addComponent(new CON_SPEC(0, new INTEGER(this.a - 1)));
            }
            sequence.addComponent(new INTEGER(this.g));
            sequence.addComponent(this.e.toASN1Object());
            sequence.addComponent(this.l.toASN1Object());
            SEQUENCE sequence2 = new SEQUENCE();
            sequence2.addComponent(this.i.toASN1Object());
            sequence2.addComponent(this.j.toASN1Object());
            sequence.addComponent(sequence2);
            sequence.addComponent(this.d.toASN1Object());
            sequence.addComponent(DerCoder.decode(this.h.getEncoded()));
            if (this.k != null) {
                sequence.addComponent(new CON_SPEC(1, new BIT_STRING(this.k.toByteArray()), true));
            }
            if (this.c != null) {
                sequence.addComponent(new CON_SPEC(2, new BIT_STRING(this.c.toByteArray()), true));
            }
            if (this.n != null) {
                sequence.addComponent(new CON_SPEC(3, this.n.toASN1Object()));
            }
            return sequence;
        } catch (Exception e) {
            throw new CertificateEncodingException(e.toString());
        }
    }

    public int countExtensions() {
        if (this.n == null) {
            return 0;
        }
        return this.n.countExtensions();
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity(Date date) throws CertificateNotYetValidException, CertificateExpiredException {
        if (this.i == null) {
            throw new CertificateNotYetValidException("ValidNotBefore date not set!");
        }
        if (date.before(this.i.getDate())) {
            throw new CertificateNotYetValidException();
        }
        if (this.j == null) {
            throw new CertificateExpiredException("ValidNotAfter date not set!");
        }
        if (date.after(this.j.getDate())) {
            throw new CertificateExpiredException();
        }
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity() throws CertificateNotYetValidException, CertificateExpiredException {
        checkValidity(new Date());
    }

    private void d() {
        if (this.f) {
            throw new RuntimeException("Cannot perform operation, certificate has to be signed first");
        }
    }

    public void addExtension(V3Extension v3Extension) throws X509ExtensionException {
        if (this.n == null) {
            this.n = new X509Extensions();
        }
        this.n.addExtension(v3Extension);
        this.a = 3;
        e();
    }

    public X509Certificate(byte[] bArr) throws CertificateException {
        if (bArr == null) {
            throw new NullPointerException("Cannot parse certificate from a null byte array!");
        }
        try {
            this.o = new ASN1(bArr);
            b();
        } catch (CodingException e) {
            throw new CertificateException(e.toString());
        } catch (X509ExtensionException e2) {
            throw new CertificateException(e2.toString());
        }
    }

    public X509Certificate(InputStream inputStream) throws CertificateException, IOException {
        if (inputStream == null) {
            throw new NullPointerException("Cannot parse certificate from a null input stream!");
        }
        decode(inputStream);
    }

    public X509Certificate() {
        this.a = 1;
        this.o = new ASN1();
        e();
    }
}
