package com.ibm.oti.security.provider;

import com.ibm.oti.util.ASN1Decoder;
import com.ibm.oti.util.ASN1Encoder;
import com.ibm.oti.util.ASN1Exception;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Set;

/* loaded from: input_file:local/ive-2.1/runtimes/common/ive/lib/jclFoundation/classes.zip:com/ibm/oti/security/provider/X509CRL.class */
public class X509CRL extends java.security.cert.X509CRL {
    private byte[] encoded;
    private int originalOffsetIntoRawBytes;
    private ASN1Decoder.Node tbsNode;
    private int version;
    private String sigAlgOID;
    private byte[] sigAlgParams;
    private byte[] rawSignature;
    private String signatureName;
    private String signatureProviderName;
    private X509Principal issuer;
    private Date thisUpdate;
    private Date nextUpdate;
    private Hashtable revokedCertificates;
    private Hashtable extensions;
    private static final String[] SUPPORTED_CRITICAL_EXTENSIONS = new String[0];

    protected X509CRL() {
    }

    @Override // java.security.cert.X509CRL
    public byte[] getEncoded() throws CRLException {
        return this.encoded;
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        return this.issuer;
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        return this.nextUpdate;
    }

    @Override // java.security.cert.X509CRL
    public java.security.cert.X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        if (this.revokedCertificates == null) {
            return null;
        }
        return (java.security.cert.X509CRLEntry) this.revokedCertificates.get(bigInteger);
    }

    @Override // java.security.cert.X509CRL
    public Set getRevokedCertificates() {
        if (this.revokedCertificates == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Enumeration elements = this.revokedCertificates.elements();
        while (elements.hasMoreElements()) {
            hashSet.add(elements.nextElement());
        }
        return hashSet;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        return this.signatureName;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        return this.sigAlgOID;
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        return this.sigAlgParams;
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        return this.rawSignature;
    }

    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() throws CRLException {
        byte[] bArr = new byte[(this.tbsNode.endPosition - this.tbsNode.startPosition) + 1];
        System.arraycopy(this.encoded, this.tbsNode.startPosition - this.originalOffsetIntoRawBytes, bArr, 0, bArr.length);
        return bArr;
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        return this.thisUpdate;
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        return this.version;
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        if (this.signatureProviderName != null) {
            verify(publicKey, this.signatureProviderName);
        } else {
            if (this.signatureName == null) {
                throw new NoSuchAlgorithmException(this.sigAlgOID);
            }
            verify(publicKey, Signature.getInstance(this.signatureName));
        }
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        if (this.signatureName == null) {
            throw new NoSuchAlgorithmException(this.sigAlgOID);
        }
        verify(publicKey, Signature.getInstance(this.signatureName, str));
    }

    private void verify(PublicKey publicKey, Signature signature) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        signature.initVerify(publicKey);
        signature.update(getTBSCertList());
        if (!signature.verify(getSignature())) {
            throw new SignatureException();
        }
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        try {
            return getRevokedCertificate(((java.security.cert.X509Certificate) certificate).getSerialNumber()) != null;
        } catch (ClassCastException unused) {
            return false;
        }
    }

    @Override // java.security.cert.X509CRL, java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        Set criticalExtensionOIDs = getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        if (criticalExtensionOIDs.size() > SUPPORTED_CRITICAL_EXTENSIONS.length) {
            return true;
        }
        for (int i = 0; i < SUPPORTED_CRITICAL_EXTENSIONS.length; i++) {
            criticalExtensionOIDs.remove(SUPPORTED_CRITICAL_EXTENSIONS[i]);
        }
        return criticalExtensionOIDs.size() != 0;
    }

    private Set getExtensionOIDs(boolean z) {
        if (this.extensions == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Enumeration elements = this.extensions.elements();
        while (elements.hasMoreElements()) {
            X509Extension x509Extension = (X509Extension) elements.nextElement();
            if (x509Extension.isCritical() == z) {
                hashSet.add(x509Extension.name());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509CRL, java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        return getExtensionOIDs(true);
    }

    @Override // java.security.cert.X509CRL, java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        return getExtensionOIDs(false);
    }

    @Override // java.security.cert.X509CRL, java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        X509Extension x509Extension;
        if (this.extensions == null || (x509Extension = (X509Extension) this.extensions.get(str)) == null) {
            return null;
        }
        if (x509Extension.value() == null) {
            byte[] bArr = new byte[0];
        }
        ASN1Decoder.Node node = new ASN1Decoder.Node();
        node.type = 4;
        node.data = x509Extension.value();
        return ASN1Encoder.encodeNode(node);
    }

    @Override // java.security.cert.CRL
    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("X.509 CRL v");
        stringBuffer.append(getVersion());
        stringBuffer.append("\n\tThis update: ");
        stringBuffer.append(getThisUpdate());
        stringBuffer.append("\n\tNext update: ");
        stringBuffer.append(getNextUpdate());
        stringBuffer.append("\n\tExtensions: ");
        stringBuffer.append(this.extensions == null ? 0 : this.extensions.size());
        stringBuffer.append("\n");
        return stringBuffer.toString();
    }

    public static ASN1Decoder CRLDecoder(InputStream inputStream) {
        ASN1Decoder aSN1Decoder = new ASN1Decoder(inputStream);
        aSN1Decoder.configureTypeRedirection(2, new ASN1Decoder.TypeMapper() { // from class: com.ibm.oti.security.provider.X509CRL.1
            @Override // com.ibm.oti.util.ASN1Decoder.TypeMapper
            public int map(int i, int i2, int i3) {
                return 16;
            }
        });
        return aSN1Decoder;
    }

    private void configureRevokedCertificates(ASN1Decoder.Node node, byte[] bArr) throws CRLException {
        ASN1Decoder.Node[] nodeArr = (ASN1Decoder.Node[]) node.data;
        this.revokedCertificates = new Hashtable();
        for (ASN1Decoder.Node node2 : nodeArr) {
            X509CRLEntry X509CRLEntryFromASN1Object = X509CRLEntry.X509CRLEntryFromASN1Object(node2, bArr);
            this.revokedCertificates.put(X509CRLEntryFromASN1Object.getSerialNumber(), X509CRLEntryFromASN1Object);
        }
    }

    private void configureExtensions(ASN1Decoder.Node node) {
        ASN1Decoder.Node[] nodeArr = (ASN1Decoder.Node[]) ((ASN1Decoder.Node[]) node.data)[0].data;
        this.extensions = new Hashtable();
        for (ASN1Decoder.Node node2 : nodeArr) {
            ASN1Decoder.Node[] nodeArr2 = (ASN1Decoder.Node[]) node2.data;
            boolean z = false;
            if (nodeArr2.length > 2) {
                z = ((Boolean) nodeArr2[1].data).booleanValue();
            }
            X509Extension x509Extension = new X509Extension(new ASN1OID((int[]) nodeArr2[0].data), (byte[]) nodeArr2[nodeArr2.length - 1].data, z);
            this.extensions.put(x509Extension.name(), x509Extension);
        }
    }

    private void configureSignature(ASN1Decoder.Node[] nodeArr) {
        ASN1Decoder.Node[] nodeArr2 = (ASN1Decoder.Node[]) nodeArr[1].data;
        this.rawSignature = ((ASN1Decoder.BitString) nodeArr[2].data).data;
        this.sigAlgOID = ASN1OID.OIDToString((int[]) nodeArr2[0].data);
        String[] strArr = new String[1];
        this.signatureName = X509Certificate.getAlias("Alg.Alias.Signature.", this.sigAlgOID, strArr);
        this.signatureProviderName = strArr[0];
        if (nodeArr2.length > 1) {
            ASN1Decoder.Node node = nodeArr2[1];
            if (node.type != 5) {
                this.sigAlgParams = new byte[(node.endPosition - node.startPosition) + 1];
                System.arraycopy(this.encoded, node.startPosition - this.originalOffsetIntoRawBytes, this.sigAlgParams, 0, this.sigAlgParams.length);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static CRL CRLFromASN1Object(ASN1Decoder.Node node, byte[] bArr) throws CRLException {
        int i;
        try {
            X509CRL x509crl = new X509CRL();
            ASN1Decoder.Node[] nodeArr = (ASN1Decoder.Node[]) node.data;
            int i2 = node.startPosition;
            int i3 = node.endPosition;
            if (i2 == 0 && i3 == bArr.length - 1) {
                x509crl.encoded = bArr;
            } else {
                x509crl.encoded = new byte[(i3 - i2) + 1];
                System.arraycopy(bArr, i2, x509crl.encoded, 0, x509crl.encoded.length);
            }
            x509crl.originalOffsetIntoRawBytes = i2;
            x509crl.configureSignature(nodeArr);
            ASN1Decoder.Node node2 = nodeArr[0];
            ASN1Decoder.Node[] nodeArr2 = (ASN1Decoder.Node[]) node2.data;
            x509crl.tbsNode = node2;
            if (nodeArr2[0].type == 2) {
                x509crl.version = ((BigInteger) nodeArr2[0].data).intValue() + 1;
                i = 0;
            } else {
                x509crl.version = 2;
                i = -1;
            }
            X509Principal x509Principal = new X509Principal();
            x509Principal.initFrom(nodeArr2[i + 2]);
            x509crl.issuer = x509Principal;
            x509crl.thisUpdate = (Date) nodeArr2[i + 3].data;
            if (nodeArr2.length <= i + 4) {
                return x509crl;
            }
            ASN1Decoder.Node node3 = nodeArr2[i + 4];
            if (node3.type == 23 || node3.type == 24) {
                x509crl.nextUpdate = (Date) node3.data;
            } else {
                i--;
            }
            if (nodeArr2.length <= i + 5) {
                return x509crl;
            }
            ASN1Decoder.Node node4 = nodeArr2[i + 5];
            if (node4.originalType == 16) {
                x509crl.configureRevokedCertificates(node4, bArr);
            } else {
                i--;
            }
            if (nodeArr2.length <= i + 6) {
                return x509crl;
            }
            ASN1Decoder.Node node5 = nodeArr2[i + 6];
            if (node5.originalType == 0) {
                x509crl.configureExtensions(node5);
            }
            return x509crl;
        } catch (ClassCastException unused) {
            throw new CRLException();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static CRL CRLFromASN1Object(InputStream inputStream) throws CRLException {
        try {
            ASN1Decoder CRLDecoder = CRLDecoder(inputStream);
            CRLDecoder.collectBytes(true);
            return (X509CRL) CRLFromASN1Object(CRLDecoder.readContents(), CRLDecoder.collectedBytes());
        } catch (ASN1Exception unused) {
            throw new CRLException();
        } catch (ClassCastException unused2) {
            throw new CRLException();
        }
    }
}
