package com.ibm.security.x509;

import com.ibm.misc.Debug;
import com.ibm.security.util.DerOutputStream;
import com.ibm.security.util.DerValue;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.lang.reflect.Array;
import java.util.Enumeration;

/* loaded from: input_file:efixes/PK21259_Linux_i386/components/prereq.jdk/update.jar:/java/jre/lib/ibmpkcs.jar:com/ibm/security/x509/NameConstraintsExtension.class */
public final class NameConstraintsExtension extends Extension implements CertAttrSet {
    public static final String IDENT = "x509.info.extensions.NameConstraints";
    public static final String NAME = "NameConstraints";
    public static final String PERMITTED_SUBTREES = "permitted_subtrees";
    public static final String EXCLUDED_SUBTREES = "excluded_subtrees";
    private static final byte TAG_PERMITTED = 0;
    private static final byte TAG_EXCLUDED = 1;
    private GeneralSubtrees permitted;
    private GeneralSubtrees excluded;
    private boolean hasMin;
    private boolean hasMax;
    private boolean minMaxValid = false;
    private static Debug debug = Debug.getInstance("ibmpkcs");
    private static String className = "com.ibm.security.X509.NameConstraintsExtension";

    private void calcMinMax() throws IOException {
        this.hasMin = false;
        this.hasMax = false;
        if (this.excluded != null) {
            for (int i = 0; i < this.excluded.size(); i++) {
                GeneralSubtree generalSubtree = this.excluded.get(i);
                if (generalSubtree.getMinimum() != 0) {
                    this.hasMin = true;
                }
                if (generalSubtree.getMaximum() != -1) {
                    this.hasMax = true;
                }
            }
        }
        if (this.permitted != null) {
            for (int i2 = 0; i2 < this.permitted.size(); i2++) {
                GeneralSubtree generalSubtree2 = this.permitted.get(i2);
                if (generalSubtree2.getMinimum() != 0) {
                    this.hasMin = true;
                }
                if (generalSubtree2.getMaximum() != -1) {
                    this.hasMax = true;
                }
            }
        }
        this.minMaxValid = true;
    }

    private void encodeThis() throws IOException {
        if (debug != null) {
            debug.entry(8192L, className, "encodeThis");
        }
        if (this.permitted == null && this.excluded == null) {
            this.extensionValue = null;
            if (debug != null) {
                debug.exit(8192L, className, "encodeThis_1");
                return;
            }
            return;
        }
        DerOutputStream derOutputStream = new DerOutputStream();
        DerOutputStream derOutputStream2 = new DerOutputStream();
        if (this.permitted != null) {
            DerOutputStream derOutputStream3 = new DerOutputStream();
            this.permitted.encode(derOutputStream3);
            derOutputStream2.writeImplicit(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 0), derOutputStream3);
        }
        if (this.excluded != null) {
            DerOutputStream derOutputStream4 = new DerOutputStream();
            this.excluded.encode(derOutputStream4);
            derOutputStream2.writeImplicit(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 1), derOutputStream4);
        }
        derOutputStream.write((byte) 48, derOutputStream2);
        this.extensionValue = derOutputStream.toByteArray();
        if (debug != null) {
            debug.exit(8192L, className, "encodeThis_2");
        }
    }

    public NameConstraintsExtension(GeneralSubtrees generalSubtrees, GeneralSubtrees generalSubtrees2) throws IOException {
        this.permitted = null;
        this.excluded = null;
        if (debug != null) {
            debug.entry(16384L, className, "NameConstraintsExtension", generalSubtrees, generalSubtrees2);
        }
        if (generalSubtrees == null && generalSubtrees2 == null) {
            if (debug != null) {
                debug.text(16384L, className, "NameConstraintsExtension", "NameConstraints: Invalid arguments");
            }
            throw new IOException("NameConstraints: Invalid arguments");
        }
        if (generalSubtrees != null) {
            this.permitted = (GeneralSubtrees) generalSubtrees.clone();
        }
        if (generalSubtrees2 != null) {
            this.excluded = (GeneralSubtrees) generalSubtrees2.clone();
        }
        this.extensionId = PKIXExtensions.NameConstraints_Id;
        this.critical = false;
        encodeThis();
        if (debug != null) {
            debug.exit(16384L, className, "NameConstraintsExtension");
        }
    }

    public NameConstraintsExtension(Boolean bool, Object obj) throws IOException {
        this.permitted = null;
        this.excluded = null;
        if (debug != null) {
            debug.entry(16384L, className, "NameConstraintsExtension", bool, obj);
        }
        this.extensionId = PKIXExtensions.NameConstraints_Id;
        this.critical = bool.booleanValue();
        if (!(obj instanceof byte[])) {
            if (debug != null) {
                debug.text(16384L, className, "NameConstraintsExtension", "Illegal argument type");
            }
            throw new IOException("Illegal argument type");
        }
        int length = Array.getLength(obj);
        byte[] bArr = new byte[length];
        System.arraycopy(obj, 0, bArr, 0, length);
        this.extensionValue = bArr;
        DerValue derValue = new DerValue(bArr);
        if (derValue.getTag() != 48) {
            if (debug != null) {
                debug.text(16384L, className, "NameConstraintsExtension", "Invalid encoding for NameConstraintsExtension.");
            }
            throw new IOException("Invalid encoding for NameConstraintsExtension.");
        }
        while (derValue.getData() != null && derValue.getData().available() != 0) {
            DerValue derValue2 = derValue.getData().getDerValue();
            if (derValue2.isContextSpecific((byte) 0) && derValue2.isConstructed()) {
                if (this.permitted != null) {
                    if (debug != null) {
                        debug.text(16384L, className, "NameConstraintsExtension", "Duplicate permitted GeneralSubtrees in NameConstraintsExtension.");
                    }
                    throw new IOException("Duplicate permitted GeneralSubtrees in NameConstraintsExtension.");
                }
                derValue2.resetTag((byte) 48);
                this.permitted = new GeneralSubtrees(derValue2);
            } else {
                if (!derValue2.isContextSpecific((byte) 1) || !derValue2.isConstructed()) {
                    if (debug != null) {
                        debug.text(16384L, className, "NameConstraintsExtension", "Invalid encoding of NameConstraintsExtension.");
                    }
                    throw new IOException("Invalid encoding of NameConstraintsExtension.");
                }
                if (this.excluded != null) {
                    if (debug != null) {
                        debug.text(16384L, className, "NameConstraintsExtension", "Duplicate excluded GeneralSubtrees in NameConstraintsExtension.");
                    }
                    throw new IOException("Duplicate excluded GeneralSubtrees in NameConstraintsExtension.");
                }
                derValue2.resetTag((byte) 48);
                this.excluded = new GeneralSubtrees(derValue2);
            }
        }
        if (debug != null) {
            debug.exit(16384L, className, "NameConstraintsExtension");
        }
    }

    @Override // com.ibm.security.x509.Extension, com.ibm.security.x509.CertAttrSet
    public String toString() {
        if (debug != null) {
            debug.entry(16384L, className, "toString");
            debug.exit(16384L, className, "toString", new StringBuffer().append(super.toString()).append("NameConstraints: [").append(this.permitted == null ? "" : new StringBuffer().append("\n    Permitted:").append(this.permitted.toString()).toString()).append(this.excluded == null ? "" : new StringBuffer().append("\n    Excluded:").append(this.excluded.toString()).toString()).append("   ]\n").toString());
        }
        return new StringBuffer().append(super.toString()).append("NameConstraints: [").append(this.permitted == null ? "" : new StringBuffer().append("\n    Permitted:").append(this.permitted.toString()).toString()).append(this.excluded == null ? "" : new StringBuffer().append("\n    Excluded:").append(this.excluded.toString()).toString()).append("   ]\n").toString();
    }

    @Override // com.ibm.security.x509.CertAttrSet
    public void decode(InputStream inputStream) throws IOException {
        if (debug != null) {
            debug.entry(16384L, className, "decode", inputStream);
            debug.text(16384L, className, "decode", "Method not to be called directly.");
        }
        throw new IOException("Method not to be called directly.");
    }

    @Override // com.ibm.security.x509.CertAttrSet
    public void encode(OutputStream outputStream) throws IOException {
        if (debug != null) {
            debug.entry(16384L, className, "encode", outputStream);
        }
        DerOutputStream derOutputStream = new DerOutputStream();
        if (this.extensionValue == null) {
            this.extensionId = PKIXExtensions.NameConstraints_Id;
            this.critical = false;
            encodeThis();
        }
        super.encode(derOutputStream);
        outputStream.write(derOutputStream.toByteArray());
        if (debug != null) {
            debug.exit(16384L, className, "encode");
        }
    }

    @Override // com.ibm.security.x509.CertAttrSet
    public void set(String str, Object obj) throws IOException {
        if (debug != null) {
            debug.entry(16384L, className, "set", str, obj);
        }
        if (str.equalsIgnoreCase(PERMITTED_SUBTREES)) {
            if (!(obj instanceof GeneralSubtrees)) {
                if (debug != null) {
                    debug.text(16384L, className, "set", "Attribute value should be of type GeneralSubtrees.");
                }
                throw new IOException("Attribute value should be of type GeneralSubtrees.");
            }
            this.permitted = (GeneralSubtrees) obj;
        } else {
            if (!str.equalsIgnoreCase(EXCLUDED_SUBTREES)) {
                if (debug != null) {
                    debug.text(16384L, className, "set", "Attribute name not recognized by CertAttrSet:NameConstraintsExtension.");
                }
                throw new IOException("Attribute name not recognized by CertAttrSet:NameConstraintsExtension.");
            }
            if (!(obj instanceof GeneralSubtrees)) {
                if (debug != null) {
                    debug.text(16384L, className, "set", "Attribute value should be of type GeneralSubtrees.");
                }
                throw new IOException("Attribute value should be of type GeneralSubtrees.");
            }
            this.excluded = (GeneralSubtrees) obj;
        }
        encodeThis();
        if (debug != null) {
            debug.exit(16384L, className, "set");
        }
    }

    @Override // com.ibm.security.x509.CertAttrSet
    public Object get(String str) throws IOException {
        if (debug != null) {
            debug.entry(16384L, className, "get", str);
        }
        if (str.equalsIgnoreCase(PERMITTED_SUBTREES)) {
            if (debug != null) {
                debug.exit(16384L, className, "get_1", this.permitted);
            }
            return this.permitted;
        }
        if (str.equalsIgnoreCase(EXCLUDED_SUBTREES)) {
            if (debug != null) {
                debug.exit(16384L, className, "get_2", this.excluded);
            }
            return this.excluded;
        }
        if (debug != null) {
            debug.text(16384L, className, "get", "Attribute name not recognized by CertAttrSet:NameConstraintsExtension.");
        }
        throw new IOException("Attribute name not recognized by CertAttrSet:NameConstraintsExtension.");
    }

    @Override // com.ibm.security.x509.CertAttrSet
    public void delete(String str) throws IOException {
        if (debug != null) {
            debug.entry(16384L, className, "delete", str);
        }
        if (str.equalsIgnoreCase(PERMITTED_SUBTREES)) {
            this.permitted = null;
        } else {
            if (!str.equalsIgnoreCase(EXCLUDED_SUBTREES)) {
                if (debug != null) {
                    debug.text(16384L, className, "delete", "Attribute name not recognized by CertAttrSet:NameConstraintsExtension.");
                }
                throw new IOException("Attribute name not recognized by CertAttrSet:NameConstraintsExtension.");
            }
            this.excluded = null;
        }
        encodeThis();
        if (debug != null) {
            debug.exit(16384L, className, "delete");
        }
    }

    @Override // com.ibm.security.x509.CertAttrSet
    public Enumeration getElements() {
        if (debug != null) {
            debug.entry(16384L, className, "getElements");
        }
        AttributeNameEnumeration attributeNameEnumeration = new AttributeNameEnumeration();
        attributeNameEnumeration.addElement(PERMITTED_SUBTREES);
        attributeNameEnumeration.addElement(EXCLUDED_SUBTREES);
        if (debug != null) {
            debug.exit(16384L, className, "getElements", attributeNameEnumeration.elements());
        }
        return attributeNameEnumeration.elements();
    }

    @Override // com.ibm.security.x509.CertAttrSet
    public String getName() {
        if (debug == null) {
            return NAME;
        }
        debug.entry(16384L, className, "getName");
        debug.exit(16384L, className, "getName", NAME);
        return NAME;
    }

    public void merge(NameConstraintsExtension nameConstraintsExtension) throws IOException {
        GeneralSubtrees intersect;
        if (nameConstraintsExtension == null) {
            return;
        }
        GeneralSubtrees generalSubtrees = (GeneralSubtrees) nameConstraintsExtension.get(EXCLUDED_SUBTREES);
        if (this.excluded == null) {
            this.excluded = generalSubtrees != null ? (GeneralSubtrees) generalSubtrees.clone() : null;
        } else if (generalSubtrees != null) {
            this.excluded.union(generalSubtrees);
        }
        GeneralSubtrees generalSubtrees2 = (GeneralSubtrees) nameConstraintsExtension.get(PERMITTED_SUBTREES);
        if (this.permitted == null) {
            this.permitted = generalSubtrees2 != null ? (GeneralSubtrees) generalSubtrees2.clone() : null;
        } else if (generalSubtrees2 != null && (intersect = this.permitted.intersect(generalSubtrees2)) != null) {
            if (this.excluded != null) {
                this.excluded.union(intersect);
            } else {
                this.excluded = (GeneralSubtrees) intersect.clone();
            }
        }
        if (this.permitted != null) {
            this.permitted.reduce(this.excluded);
        }
        encodeThis();
    }

    public boolean verify(GeneralNameInterface generalNameInterface) throws IOException {
        GeneralName base;
        GeneralNameInterface name;
        GeneralName base2;
        GeneralNameInterface name2;
        if (generalNameInterface == null) {
            throw new IOException("name is null");
        }
        if (this.excluded != null && this.excluded.size() > 0) {
            for (int i = 0; i < this.excluded.size(); i++) {
                GeneralSubtree generalSubtree = this.excluded.get(i);
                if (generalSubtree != null && (base2 = generalSubtree.getBase()) != null && (name2 = base2.getName()) != null) {
                    switch (name2.constrains(generalNameInterface)) {
                        case 0:
                        case 1:
                            return false;
                    }
                }
            }
        }
        if (this.permitted == null || this.permitted.size() <= 0) {
            return true;
        }
        boolean z = false;
        for (int i2 = 0; i2 < this.permitted.size(); i2++) {
            GeneralSubtree generalSubtree2 = this.permitted.get(i2);
            if (generalSubtree2 != null && (base = generalSubtree2.getBase()) != null && (name = base.getName()) != null) {
                switch (name.constrains(generalNameInterface)) {
                    case 0:
                    case 1:
                        return true;
                    case 2:
                    case 3:
                        z = true;
                        break;
                }
            }
        }
        return !z;
    }

    public boolean verifyRFC822SpecialCase(X500Name x500Name) throws IOException {
        String valueString;
        for (AVA ava : x500Name.allAvas()) {
            if (ava.getObjectIdentifier().equals(X500Name.emailAddress_oid) && (valueString = ava.getValueString()) != null) {
                try {
                    if (!verify(new RFC822Name(valueString))) {
                        return false;
                    }
                } catch (IOException e) {
                }
            }
        }
        return true;
    }
}
