package com.ibm.security.cmp;

import com.ibm.crypto.provider.PBMParameterSpec;
import com.ibm.security.cmputil.CMPDerObject;
import com.ibm.security.util.DerOutputStream;
import com.ibm.security.util.DerValue;
import com.ibm.security.util.ObjectIdentifier;
import com.ibm.security.x509.AlgorithmId;
import com.ibm.security.x509.X509CertImpl;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import java.util.Vector;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:wlp/lib/com.ibm.crypto.ibmkeycert_1.0.21.jar:com/ibm/security/cmp/PKIMessage.class */
public final class PKIMessage extends CMPDerObject {
    private BigInteger version;
    private PKIHeader header;
    private PKIBodyInterface body;
    private byte[] protection;
    private Certificate[] extraCerts;
    private static final String IBMPROVIDER_NAME = "IBMJCE";
    public static final int MESSAGE_BODY_IR = 0;
    public static final int MESSAGE_BODY_IP = 1;
    public static final int MESSAGE_BODY_CR = 2;
    public static final int MESSAGE_BODY_CP = 3;
    public static final int MESSAGE_BODY_P10CR = 4;
    public static final int MESSAGE_BODY_POPDECC = 5;
    public static final int MESSAGE_BODY_POPDECR = 6;
    public static final int MESSAGE_BODY_KUR = 7;
    public static final int MESSAGE_BODY_KUP = 8;
    public static final int MESSAGE_BODY_KRR = 9;
    public static final int MESSAGE_BODY_KRP = 10;
    public static final int MESSAGE_BODY_RR = 11;
    public static final int MESSAGE_BODY_RP = 12;
    public static final int MESSAGE_BODY_CCR = 13;
    public static final int MESSAGE_BODY_CCP = 14;
    public static final int MESSAGE_BODY_CKUANN = 15;
    public static final int MESSAGE_BODY_CANN = 16;
    public static final int MESSAGE_BODY_RANN = 17;
    public static final int MESSAGE_BODY_CRLANN = 18;
    public static final int MESSAGE_BODY_CONF = 19;
    public static final int MESSAGE_BODY_NESTED = 20;
    public static final int MESSAGE_BODY_GENM = 21;
    public static final int MESSAGE_BODY_GENP = 22;
    public static final int MESSAGE_BODY_ERROR = 23;
    public static final int MESSAGE_BODY_CERTCONF = 24;
    private static final byte TAG_PROTECTION = 0;
    private static final byte TAG_EXTRA_CERTS = 1;
    static Class class$com$ibm$crypto$provider$PBMParameterSpec;

    public PKIMessage(PKIHeader pKIHeader, int i, Object obj, byte[] bArr, Certificate[] certificateArr) {
        if (pKIHeader == null) {
            throw new IllegalArgumentException("PKIMessage error, header not specified");
        }
        this.header = pKIHeader;
        this.version = pKIHeader.getPvno();
        if (this.version.compareTo(BigInteger.valueOf(1L)) == 0) {
            this.body = new PKIBody(i, obj);
        } else if (this.version.compareTo(BigInteger.valueOf(2L)) == 0) {
            this.body = new PKIBodyv2(i, obj);
        }
        this.protection = bArr;
        this.extraCerts = certificateArr;
    }

    public PKIMessage(byte[] bArr) throws IOException {
        super(bArr);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    public Object clone() {
        try {
            DerOutputStream derOutputStream = new DerOutputStream();
            encode(derOutputStream);
            return new PKIMessage(derOutputStream.toByteArray());
        } catch (Exception unused) {
            return null;
        }
    }

    @Override // com.ibm.security.cmputil.CMPDerObject
    protected void decode(DerValue derValue) throws IOException {
        if (derValue.getTag() != 48) {
            throw new IOException("PKIMessage parsing error, not a SEQUENCE");
        }
        this.header = null;
        this.body = null;
        this.protection = null;
        this.extraCerts = null;
        this.header = new PKIHeader(derValue.getData().getDerValue().toByteArray());
        this.version = this.header.getPvno();
        try {
            if (this.version.equals(BigInteger.valueOf(1L))) {
                this.body = new PKIBody(derValue.getData().getDerValue().toByteArray());
            } else if (this.version.equals(BigInteger.valueOf(2L))) {
                this.body = new PKIBodyv2(derValue.getData().getDerValue().toByteArray());
            } else {
                this.body = null;
            }
            if (derValue.getData().available() == 0) {
                return;
            }
            DerValue derValue2 = derValue.getData().getDerValue();
            if (derValue2.isContextSpecific((byte) 0) && derValue2.isConstructed()) {
                this.protection = derValue2.getData().getDerValue().getBitString();
                if (derValue.getData().available() == 0) {
                    return;
                } else {
                    derValue2 = derValue.getData().getDerValue();
                }
            }
            if (!derValue2.isContextSpecific((byte) 1) || !derValue2.isConstructed()) {
                throw new IOException("PKIMessage parsing error, data overrun");
            }
            DerValue derValue3 = derValue2.getData().getDerValue();
            Vector vector = new Vector();
            if (derValue3.getTag() != 48) {
                throw new IOException("CertReqMsg sequence parsing error, not a SEQUENCE OF");
            }
            while (derValue3.getData().available() != 0) {
                try {
                    vector.add(new X509CertImpl(derValue3.getData().getDerValue()));
                } catch (CertificateException unused) {
                    throw new IOException("Invalid certificate encoding");
                }
            }
            if (vector.size() > 0) {
                this.extraCerts = new X509CertImpl[vector.size()];
                for (int i = 0; i < vector.size(); i++) {
                    this.extraCerts[i] = (X509CertImpl) vector.elementAt(i);
                }
            }
            if (derValue.getData().available() != 0) {
                throw new IOException("PKIMessage parsing error, data overrun");
            }
        } catch (IllegalArgumentException e) {
            throw new IOException(e.toString());
        }
    }

    private void dhBasedMac(AlgorithmId algorithmId, byte[] bArr, byte[] bArr2) {
        this.protection = null;
    }

    @Override // com.ibm.security.cmputil.CMPDerObject
    public void encode(OutputStream outputStream) throws IOException {
        DerOutputStream derOutputStream = new DerOutputStream();
        DerOutputStream derOutputStream2 = new DerOutputStream();
        if (this.header == null) {
            throw new IOException("PKIMessage encoding error, header not specified");
        }
        this.header.encode(derOutputStream);
        if (this.body == null) {
            throw new IOException("PKIMessage encoding error, body not specified");
        }
        this.body.encode(derOutputStream);
        if (this.protection != null) {
            DerOutputStream derOutputStream3 = new DerOutputStream();
            derOutputStream3.putBitString(this.protection);
            derOutputStream.write(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 0), derOutputStream3);
        }
        if (this.extraCerts != null) {
            DerOutputStream derOutputStream4 = new DerOutputStream();
            DerOutputStream derOutputStream5 = new DerOutputStream();
            for (int i = 0; i < this.extraCerts.length; i++) {
                try {
                    if (!(this.extraCerts[i] instanceof X509Certificate)) {
                        throw new IOException(new StringBuffer("extraCerts[").append(i).append("] has a type of ").append(this.extraCerts[i].getClass().getName()).append(". Only instances of java.secuirty.cert.X509Certificate are supported.").toString());
                    }
                    derOutputStream4.write(((X509Certificate) this.extraCerts[i]).getEncoded());
                } catch (CertificateEncodingException e) {
                    throw new IOException(new StringBuffer("PKIMessage encoding error, ").append(e).toString());
                }
            }
            derOutputStream5.write((byte) 48, derOutputStream4);
            derOutputStream.write(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 1), derOutputStream5);
        }
        derOutputStream2.write((byte) 48, derOutputStream);
        outputStream.write(derOutputStream2.toByteArray());
    }

    public boolean equals(PKIMessage pKIMessage) {
        if (pKIMessage == this) {
            return true;
        }
        try {
            DerOutputStream derOutputStream = new DerOutputStream();
            DerOutputStream derOutputStream2 = new DerOutputStream();
            encode(derOutputStream);
            DerValue derValue = new DerValue(derOutputStream.toByteArray());
            pKIMessage.encode(derOutputStream2);
            return derValue.equals(new DerValue(derOutputStream2.toByteArray()));
        } catch (Exception unused) {
            return false;
        }
    }

    @Override // com.ibm.security.cmputil.CMPDerObject
    public boolean equals(Object obj) {
        if (obj instanceof PKIMessage) {
            return equals((PKIMessage) obj);
        }
        return false;
    }

    public Object getBody() {
        if (this.body == null) {
            return null;
        }
        return this.body.getBody();
    }

    public int getBodyType() {
        if (this.body == null) {
            return -1;
        }
        return this.body.getBodyType();
    }

    public byte[] getEncodedBody() {
        if (this.body == null) {
            return null;
        }
        return this.body.getEncodedBody();
    }

    public PKIHeader getHeader() {
        return (PKIHeader) this.header.clone();
    }

    public byte[] getProtection() {
        if (this.protection == null) {
            return null;
        }
        return (byte[]) this.protection.clone();
    }

    public int getVersion() {
        return this.version.intValue();
    }

    private byte[] passwordBasedMac(AlgorithmId algorithmId, byte[] bArr, byte[] bArr2) throws IOException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException {
        Class class$;
        AlgorithmParameters algParameters = algorithmId.getAlgParameters();
        if (algParameters == null) {
            throw new IllegalArgumentException("PKIMessage error, parameters not specified");
        }
        try {
            if (class$com$ibm$crypto$provider$PBMParameterSpec != null) {
                class$ = class$com$ibm$crypto$provider$PBMParameterSpec;
            } else {
                class$ = class$("com.ibm.crypto.provider.PBMParameterSpec");
                class$com$ibm$crypto$provider$PBMParameterSpec = class$;
            }
            AlgorithmParameterSpec parameterSpec = algParameters.getParameterSpec(class$);
            if (!(parameterSpec instanceof PBMParameterSpec)) {
                throw new InvalidParameterSpecException();
            }
            Mac mac = Mac.getInstance("PBM");
            mac.init(new SecretKeySpec(bArr, "PBM"), (PBMParameterSpec) parameterSpec);
            return mac.doFinal(bArr2);
        } catch (InvalidParameterSpecException unused) {
            throw new IllegalArgumentException("PKIMessage error, invalid parameter spec");
        }
    }

    public PKIMessage protect(byte[] bArr) throws Exception {
        if (this.body == null) {
            return null;
        }
        PKIMessage pKIMessage = (PKIMessage) clone();
        AlgorithmId protectionAlg = this.header.getProtectionAlg();
        String name = protectionAlg.getName();
        ObjectIdentifier oid = protectionAlg.getOID();
        if (!oid.equals(AlgorithmId.PasswordBasedMac_oid)) {
            throw new IllegalArgumentException(new StringBuffer("Unsupported protection algorithm, ").append(name).append(" with OID, ").append(oid).toString());
        }
        DerOutputStream derOutputStream = new DerOutputStream();
        DerOutputStream derOutputStream2 = new DerOutputStream();
        this.header.encode(derOutputStream);
        this.body.encode(derOutputStream);
        derOutputStream2.write((byte) 48, derOutputStream);
        byte[] byteArray = derOutputStream2.toByteArray();
        if (oid.equals(AlgorithmId.PasswordBasedMac_oid)) {
            pKIMessage.protection = passwordBasedMac(protectionAlg, bArr, byteArray);
        }
        return pKIMessage;
    }

    private void signingAlg(AlgorithmId algorithmId, byte[] bArr, byte[] bArr2) throws IOException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        ObjectIdentifier oid = algorithmId.getOID();
        String name = algorithmId.getName();
        if (!oid.equals(AlgorithmId.md5WithRSAEncryption_oid) && !oid.equals(AlgorithmId.md2WithRSAEncryption_oid) && !oid.equals(AlgorithmId.sha1WithRSAEncryption_oid)) {
            oid.equals(AlgorithmId.sha1WithDSA_oid);
        }
        Signature signature = Signature.getInstance(name);
        signature.initSign(null);
        signature.update(bArr2);
        this.protection = signature.sign();
    }

    @Override // com.ibm.security.cmputil.CMPDerObject
    public String toString() {
        String str;
        str = "PKIMessage:";
        str = this.header != null ? new StringBuffer(String.valueOf(str)).append("\r\n\tHeader: ").append(this.header.toString()).toString() : "PKIMessage:";
        if (this.body != null) {
            str = new StringBuffer(String.valueOf(str)).append("\r\n\tBody: ").append(this.body.toString()).toString();
        }
        String stringBuffer = this.protection != null ? new StringBuffer(String.valueOf(str)).append("\r\n\tProtection: exists.").toString() : new StringBuffer(String.valueOf(str)).append("\r\n\tNo Protection.").toString();
        if (this.extraCerts != null) {
            stringBuffer = new StringBuffer(String.valueOf(stringBuffer)).append("\r\n\tExtra Certs ").toString();
            for (int i = 0; i < this.extraCerts.length; i++) {
                stringBuffer = new StringBuffer(String.valueOf(stringBuffer)).append("\r\n\t\tCert[").append(i).append("]: ").append(this.extraCerts[i]).toString();
            }
        }
        return stringBuffer;
    }

    public boolean verify(AlgorithmId algorithmId, byte[] bArr) throws IOException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException {
        return verify(bArr);
    }

    public boolean verify(byte[] bArr) throws IOException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException {
        if (this.body == null) {
            return false;
        }
        if (this.protection == null) {
            throw new IOException("PKIMessage verify error, protection bits not specified");
        }
        AlgorithmId protectionAlg = this.header.getProtectionAlg();
        String name = protectionAlg.getName();
        ObjectIdentifier oid = protectionAlg.getOID();
        if (!oid.equals(AlgorithmId.PasswordBasedMac_oid)) {
            throw new IllegalArgumentException(new StringBuffer("Unsupported protection algorithm, ").append(name).toString());
        }
        DerOutputStream derOutputStream = new DerOutputStream();
        DerOutputStream derOutputStream2 = new DerOutputStream();
        this.header.encode(derOutputStream);
        this.body.encode(derOutputStream);
        derOutputStream2.write((byte) 48, derOutputStream);
        byte[] byteArray = derOutputStream2.toByteArray();
        if (!oid.equals(AlgorithmId.PasswordBasedMac_oid)) {
            return false;
        }
        byte[] passwordBasedMac = passwordBasedMac(protectionAlg, bArr, byteArray);
        return passwordBasedMac.length == this.protection.length && new String(passwordBasedMac).equals(new String(this.protection));
    }
}
