package com.ibm.security.cert;

import com.ibm.misc.Debug;
import com.ibm.security.util.DerInputStream;
import com.ibm.security.util.DerOutputStream;
import com.ibm.security.util.DerValue;
import com.ibm.security.util.ObjectIdentifier;
import com.ibm.security.x509.AlgorithmId;
import com.ibm.security.x509.Extension;
import com.ibm.security.x509.X500Name;
import com.ibm.security.x509.X509CertImpl;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* loaded from: input_file:com/ibm/security/cert/BasicOCSPResponse.class */
class BasicOCSPResponse {
    private static final Debug debug = Debug.getInstance("certpath");
    private X509Certificate[] certs;
    private X500Name id;
    private ResponderID responderid;
    private byte[] keyHash;
    private int version;
    private String algID;
    private byte[] sig;
    private Date producedAt;
    private SingleResponse[] responces;
    private Extension[] ext;
    private byte[] responseData;

    public BasicOCSPResponse(byte[] bArr) throws IOException {
        this.certs = null;
        this.id = null;
        this.responderid = null;
        this.keyHash = null;
        this.version = 1;
        this.algID = "SHA-1";
        this.sig = null;
        this.producedAt = null;
        this.responces = null;
        this.ext = null;
        this.responseData = null;
        DerValue[] sequence = new DerInputStream(bArr).getSequence(4);
        if (debug != null) {
            System.out.println("length of sequence: " + sequence.length);
        }
        DerValue[] sequence2 = new DerInputStream(sequence[0].toByteArray()).getSequence(4);
        this.responseData = sequence[0].toByteArray();
        this.algID = AlgorithmId.parse(sequence[1]).getName();
        this.sig = sequence[2].getBitString();
        if (sequence.length == 4) {
            DerValue[] sequence3 = sequence[3].getData().getSequence(1);
            this.certs = new X509Certificate[sequence3.length];
            for (int i = 0; i < sequence3.length; i++) {
                try {
                    this.certs[i] = new X509CertImpl(sequence3[i]);
                } catch (CertificateException e) {
                    throw new IOException(e.getMessage());
                }
            }
        }
        this.responderid = new ResponderID(sequence2[0]);
        this.id = this.responderid.getName();
        this.producedAt = sequence2[1].getGeneralizedTime();
        DerValue[] sequence4 = new DerInputStream(sequence2[2].toByteArray()).getSequence(4);
        SingleResponse[] singleResponseArr = new SingleResponse[sequence4.length];
        for (int i2 = 0; i2 < sequence4.length; i2++) {
            singleResponseArr[i2] = new SingleResponse(sequence4[i2]);
        }
        this.responces = singleResponseArr;
        if (sequence2.length == 5) {
            switch (sequence2[4].getTag() & 31) {
                case 1:
                    DerValue[] sequence5 = sequence2[4].getData().getSequence(2);
                    this.ext = new Extension[sequence5.length];
                    for (int i3 = 0; i3 < sequence5.length; i3++) {
                        this.ext[i3] = new Extension(sequence5[i3]);
                    }
                    return;
                default:
                    return;
            }
        }
    }

    public BasicOCSPResponse(SingleResponse[] singleResponseArr, String str, byte[] bArr, String str2) {
        this.certs = null;
        this.id = null;
        this.responderid = null;
        this.keyHash = null;
        this.version = 1;
        this.algID = "SHA-1";
        this.sig = null;
        this.producedAt = null;
        this.responces = null;
        this.ext = null;
        this.responseData = null;
        this.algID = str;
        this.sig = bArr;
        this.version = 1;
        this.responces = singleResponseArr;
        this.producedAt = new Date();
        try {
            this.responderid = new ResponderID(str2);
            this.id = this.responderid.getName();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    public BasicOCSPResponse(DerValue derValue) throws IOException {
        this(derValue.toByteArray());
    }

    public byte[] encode() throws IOException {
        ArrayList arrayList = new ArrayList();
        new DerOutputStream();
        DerOutputStream derOutputStream = new DerOutputStream();
        derOutputStream.putInteger(this.version);
        arrayList.add(new DerValue(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 0), derOutputStream.toByteArray()));
        arrayList.add(new DerValue(this.responderid.encode()));
        DerOutputStream derOutputStream2 = new DerOutputStream();
        derOutputStream2.putGeneralizedTime(this.producedAt);
        arrayList.add(new DerValue(derOutputStream2.toByteArray()));
        DerValue[] derValueArr = new DerValue[this.responces.length];
        for (int i = 0; i < this.responces.length; i++) {
            DerOutputStream derOutputStream3 = new DerOutputStream();
            derOutputStream3.write(this.responces[i].encode());
            derValueArr[i] = new DerValue(derOutputStream3.toByteArray());
        }
        DerOutputStream derOutputStream4 = new DerOutputStream();
        derOutputStream4.putSequence(derValueArr);
        this.responseData = derOutputStream4.toByteArray();
        arrayList.add(new DerValue(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 1), derOutputStream4.toByteArray()));
        DerOutputStream derOutputStream5 = new DerOutputStream();
        if (this.ext != null && this.ext.length != 0) {
            for (int i2 = 0; i2 < this.ext.length; i2++) {
                this.ext[i2].encode(derOutputStream5);
            }
        }
        arrayList.add(new DerValue(new DerValue(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 0), derOutputStream5.toByteArray()).toByteArray()));
        DerValue[] derValueArr2 = new DerValue[arrayList.size()];
        arrayList.toArray(derValueArr2);
        DerOutputStream derOutputStream6 = new DerOutputStream();
        derOutputStream6.putSequence(derValueArr2);
        arrayList.clear();
        arrayList.add(new DerValue(new DerValue(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 0), derOutputStream6.toByteArray()).toByteArray()));
        DerValue derValue = null;
        try {
            derValue = new DerValue(AlgorithmId.get(this.algID).encode());
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
        arrayList.add(new DerValue(derValue.toByteArray()));
        DerOutputStream derOutputStream7 = new DerOutputStream();
        derOutputStream7.putBitString(this.sig);
        arrayList.add(new DerValue(derOutputStream7.toByteArray()));
        if (this.certs != null) {
            DerOutputStream derOutputStream8 = new DerOutputStream();
            for (int i3 = 0; i3 < this.certs.length; i3++) {
                try {
                    this.certs[i3].encode(derOutputStream8);
                } catch (CertificateEncodingException e2) {
                    throw new IOException(e2.getMessage());
                }
            }
            arrayList.add(new DerValue(new DerValue(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 0), derOutputStream8.toByteArray()).toByteArray()));
        }
        DerValue[] derValueArr3 = new DerValue[arrayList.size()];
        arrayList.toArray(derValueArr3);
        DerOutputStream derOutputStream9 = new DerOutputStream();
        derOutputStream9.putSequence(derValueArr3);
        return derOutputStream9.toByteArray();
    }

    public X509Certificate[] getCertChain() {
        return this.certs;
    }

    public ResponderID getResponderID() {
        return this.responderid;
    }

    public Date getProducedTime() {
        return this.producedAt;
    }

    public SingleResponse[] getSingleResponses() {
        return this.responces;
    }

    public SingleResponse getSingleResponse(CertID certID) {
        for (int i = 0; i < this.responces.length; i++) {
            if (certID.equals(this.responces[i].getCertID())) {
                return this.responces[i];
            }
        }
        return null;
    }

    public Extension[] getExtensions() {
        return this.ext;
    }

    public void verify(Set set) throws OCSPException {
        Iterator it;
        String name = getClass().getName();
        try {
            new ObjectIdentifier("1.3.6.1.5.5.7.3.9");
            if (this.certs == null) {
                try {
                    TrustAnchor responderTA = getResponderTA(set);
                    PublicKey publicKey = responderTA.getTrustedCert().getPublicKey();
                    if (debug != null) {
                        System.out.println("[" + name + "]:" + publicKey.toString());
                    }
                    X509Certificate trustedCert = responderTA.getTrustedCert();
                    if (debug != null) {
                        System.out.println("[" + name + "]:" + trustedCert.toString());
                        System.out.println("[" + name + "]:" + trustedCert.getPublicKey().toString());
                    }
                    Signature signature = Signature.getInstance(this.algID);
                    signature.initVerify(publicKey);
                    signature.update(this.responseData);
                    if (signature.verify(this.sig)) {
                        if (debug != null) {
                            System.out.println("[" + name + "] : verify signature passwd");
                        }
                        return;
                    } else {
                        if (debug != null) {
                            System.out.println("[" + name + "] : verify signature failed");
                        }
                        throw new OCSPException("verify signature failed");
                    }
                } catch (InvalidKeyException e) {
                    throw new OCSPException(e.getMessage());
                } catch (NoSuchAlgorithmException e2) {
                    throw new OCSPException(e2.getMessage());
                } catch (SignatureException e3) {
                    throw new OCSPException(e3.getMessage());
                }
            }
            if (debug != null) {
                System.out.println("[" + name + "]: cert chain length: " + this.certs.length);
                for (int i = 0; i < this.certs.length; i++) {
                    System.out.println("[" + name + "]" + this.certs[i]);
                }
            }
            boolean z = false;
            for (int i2 = 0; i2 < this.certs.length; i2++) {
                try {
                    List extendedKeyUsage = this.certs[i2].getExtendedKeyUsage();
                    if (extendedKeyUsage != null && (it = extendedKeyUsage.iterator()) != null) {
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            if (((String) it.next()).equals("1.3.6.1.5.5.7.3.9")) {
                                z = true;
                                if (debug != null) {
                                    System.out.println("[" + name + "]: found responder cert");
                                }
                            }
                        }
                        if (z) {
                            PublicKey publicKey2 = this.certs[i2].getPublicKey();
                            Signature signature2 = Signature.getInstance(this.algID);
                            signature2.initVerify(publicKey2);
                            signature2.update(this.responseData);
                            if (!signature2.verify(this.sig)) {
                                if (debug != null) {
                                    System.out.println("[" + name + "]: verify signature failed");
                                }
                                throw new OCSPException("verify signature failed");
                            }
                            if (debug != null) {
                                System.out.println("[" + name + "]: signature verify");
                                return;
                            }
                            return;
                        }
                    }
                } catch (InvalidKeyException e4) {
                    throw new OCSPException(e4.getMessage());
                } catch (NoSuchAlgorithmException e5) {
                    throw new OCSPException(e5.getMessage());
                } catch (SignatureException e6) {
                    throw new OCSPException(e6.getMessage());
                } catch (CertificateParsingException e7) {
                    throw new OCSPException(e7.getMessage());
                }
            }
            if (z) {
                return;
            }
            TrustAnchor responderTA2 = getResponderTA(set);
            X509Certificate trustedCert2 = responderTA2.getTrustedCert();
            if (trustedCert2 != null) {
                for (int i3 = 0; i3 < this.certs.length; i3++) {
                    if (this.certs[i3].equals(trustedCert2)) {
                        if (debug != null) {
                            System.out.println("found the signer cert match the trusted cert");
                            return;
                        }
                        return;
                    }
                }
            } else {
                PublicKey cAPublicKey = responderTA2.getCAPublicKey();
                String cAName = responderTA2.getCAName();
                for (int i4 = 0; i4 < this.certs.length; i4++) {
                    if (this.certs[i4].getSubjectX500Principal().getName("RFC2253").equals(cAName) && this.certs[i4].getPublicKey().equals(cAPublicKey)) {
                        return;
                    }
                }
            }
            if (debug != null) {
                System.out.println("[" + name + "]: missing certificate. Not able to verify signature");
            }
            throw new OCSPException("missing certificate to verify signature");
        } catch (IOException e8) {
            throw new OCSPException(e8.getMessage());
        }
    }

    private TrustAnchor getResponderTA(Set set) {
        X500Name x500Name = this.id;
        if (x500Name != null) {
            Iterator it = set.iterator();
            while (it.hasNext()) {
                TrustAnchor trustAnchor = (TrustAnchor) it.next();
                if (trustAnchor.getCAName() != null) {
                    if (trustAnchor.getCAName().equals(x500Name.getRFC2253Name())) {
                        return trustAnchor;
                    }
                } else if (trustAnchor.getTrustedCert() != null) {
                    return trustAnchor;
                }
            }
            return null;
        }
        byte[] keyHash = this.responderid.getKeyHash();
        Iterator it2 = set.iterator();
        while (it2.hasNext()) {
            TrustAnchor trustAnchor2 = (TrustAnchor) it2.next();
            byte[] encoded = trustAnchor2.getCAPublicKey().getEncoded();
            byte[] bArr = new byte[20];
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
                messageDigest.update(encoded);
                if (Arrays.equals(keyHash, messageDigest.digest())) {
                    return trustAnchor2;
                }
            } catch (NoSuchAlgorithmException e) {
                return null;
            }
        }
        return null;
    }
}
