package com.ibm.security.pkcs7;

import com.ibm.misc.Debug;
import com.ibm.misc.HexDumpEncoder;
import com.ibm.security.pkcsutil.PKCSDerObject;
import com.ibm.security.pkcsutil.PKCSException;
import com.ibm.security.pkcsutil.SmudgedBytes;
import com.ibm.security.util.DerOutputStream;
import com.ibm.security.util.DerValue;
import com.ibm.security.x509.AlgorithmId;
import com.ibm.security.x509.X500Name;
import com.ibm.security.x509.X509CertImpl;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.crypto.Cipher;
import org.apache.xml.serialize.LineSeparator;

/* loaded from: input_file:efixes/PK36146_Hpux_PaRISC/components/prereq.jdk/update.jar:/java/jre/lib/endorsed/ibmpkcs.jar:com/ibm/security/pkcs7/RecipientInfo.class */
public final class RecipientInfo extends PKCSDerObject implements Cloneable {
    private static final byte TAG_RKEY = 0;
    private static final byte TAG_MLKEY = 1;
    private static final String ISSUER = "com.ibm.security.pkcs7.IssuerAndSerialNumber";
    private static final String RKEYID = "com.ibm.security.pkcs7.RecipientKeyIdentifier";
    private static final String MLKEYID = "com.ibm.security.pkcs7.MailListKeyIdentifier";
    private static final String SKEYID = "com.ibm.security.pkcs7.SubjectKeyIdentifier";
    private BigInteger version;
    private IssuerAndSerialNumber recipientIdIssuer;
    private RecipientKeyIdentifier recipientIdRKeyId;
    private MailListKeyIdentifier recipientIdMLKeyId;
    private IssuerAndSerialNumber originatorCertIssuer;
    private byte[] originatorCertSKeyId;
    private AlgorithmId keyEncryptionAlgorithm;
    private SmudgedBytes encryptedKey;
    private static Debug debug = Debug.getInstance("ibmpkcs");
    private static String className = "com.ibm.security.pkcs7.RecipientInfo";

    public RecipientInfo(byte[] bArr) throws IOException {
        super(bArr);
        if (debug != null) {
            debug.entry(16384L, className, "RecipientInfo", bArr);
            debug.exit(16384L, className, "RecipientInfo");
        }
    }

    public RecipientInfo(byte[] bArr, String str) throws IOException {
        super(bArr, str);
        if (debug != null) {
            debug.entry(16384L, className, "RecipientInfo", bArr, str);
            debug.exit(16384L, className, "RecipientInfo");
        }
    }

    public RecipientInfo(byte[] bArr, Certificate certificate) throws IOException, PKCSException {
        this(bArr, certificate, (String) null);
        if (debug != null) {
            debug.entry(16384L, className, "RecipientInfo", bArr, certificate);
            debug.exit(16384L, className, "RecipientInfo");
        }
    }

    public RecipientInfo(byte[] bArr, Certificate certificate, String str) throws IOException, PKCSException {
        super(str);
        if (debug != null) {
            debug.entry(16384L, (Object) className, "RecipientInfo", new Object[]{bArr, certificate, str});
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        this.recipientIdIssuer = new IssuerAndSerialNumber(x509Certificate instanceof X509CertImpl ? (X500Name) ((X509CertImpl) x509Certificate).getIssuerDN() : new X500Name(x509Certificate.getIssuerX500Principal().getEncoded()), x509Certificate.getSerialNumber(), str);
        this.recipientIdRKeyId = null;
        this.recipientIdMLKeyId = null;
        this.originatorCertIssuer = null;
        this.originatorCertSKeyId = null;
        try {
            encryptKey(bArr, certificate);
            this.keyEncryptionAlgorithm = AlgorithmId.get(certificate.getPublicKey().getAlgorithm());
            calculateVersion();
            if (debug != null) {
                debug.exit(16384L, className, "RecipientInfo");
            }
        } catch (Exception e) {
            if (debug != null) {
                debug.exception(16384L, className, "RecipientInfo", e);
            }
            throw new PKCSException(e, new StringBuffer().append("Key encryption error (").append(e.toString()).append(")").toString());
        }
    }

    public RecipientInfo(RecipientIdentifier recipientIdentifier, EntityIdentifier entityIdentifier, AlgorithmId algorithmId, byte[] bArr) {
        this(recipientIdentifier, entityIdentifier, algorithmId, bArr, null);
        if (debug != null) {
            debug.entry(16384L, (Object) className, "RecipientInfo", new Object[]{recipientIdentifier, entityIdentifier, algorithmId, bArr});
            debug.exit(16384L, className, "RecipientInfo");
        }
    }

    public RecipientInfo(RecipientIdentifier recipientIdentifier, EntityIdentifier entityIdentifier, AlgorithmId algorithmId, byte[] bArr, String str) {
        super(str);
        if (debug != null) {
            debug.entry(16384L, (Object) className, "RecipientInfo", new Object[]{recipientIdentifier, entityIdentifier, algorithmId, bArr, str});
        }
        String name = recipientIdentifier.getClass().getName();
        if (name.equals(ISSUER)) {
            this.recipientIdIssuer = (IssuerAndSerialNumber) recipientIdentifier;
            this.recipientIdRKeyId = null;
            this.recipientIdMLKeyId = null;
        } else if (name.equals(RKEYID)) {
            this.recipientIdIssuer = null;
            this.recipientIdRKeyId = (RecipientKeyIdentifier) recipientIdentifier;
            this.recipientIdMLKeyId = null;
        } else {
            if (!name.equals(MLKEYID)) {
                if (debug != null) {
                    debug.text(16384L, className, "RecipientInfo", "Invalid RecipientIdentifier");
                }
                throw new IllegalArgumentException("Invalid RecipientIdentifier");
            }
            this.recipientIdIssuer = null;
            this.recipientIdRKeyId = null;
            this.recipientIdMLKeyId = (MailListKeyIdentifier) recipientIdentifier;
        }
        if (entityIdentifier != null) {
            String name2 = entityIdentifier.getClass().getName();
            if (name2.equals(ISSUER)) {
                this.originatorCertIssuer = (IssuerAndSerialNumber) entityIdentifier;
                this.originatorCertSKeyId = null;
            } else {
                if (!name2.equals(SKEYID)) {
                    if (debug != null) {
                        debug.text(16384L, className, "RecipientInfo", "Invalid EntityIdentifier");
                    }
                    throw new IllegalArgumentException("Invalid EntityIdentifier");
                }
                this.originatorCertIssuer = null;
                this.originatorCertSKeyId = ((SubjectKeyIdentifier) entityIdentifier).getIdentifier();
            }
        } else {
            this.originatorCertIssuer = null;
            this.originatorCertSKeyId = null;
        }
        this.keyEncryptionAlgorithm = algorithmId;
        setEncryptedKeyValue(bArr);
        calculateVersion();
        if (debug != null) {
            debug.exit(16384L, className, "RecipientInfo");
        }
    }

    public RecipientInfo(String str, boolean z) throws IOException {
        super(str, z);
        if (debug != null) {
            debug.entry(16384L, className, "RecipientInfo", str, new Boolean(z));
            debug.exit(16384L, className, "RecipientInfo");
        }
    }

    public RecipientInfo(String str, boolean z, String str2) throws IOException {
        super(str, z, str2);
        if (debug != null) {
            debug.entry(16384L, (Object) className, "RecipientInfo", new Object[]{str, new Boolean(z), str2});
            debug.exit(16384L, className, "RecipientInfo");
        }
    }

    @Override // com.ibm.security.pkcsutil.PKCSDerObject
    public void encode(OutputStream outputStream) throws IOException {
        if (debug != null) {
            debug.entry(16384L, className, "encode", outputStream);
        }
        DerOutputStream derOutputStream = new DerOutputStream();
        DerOutputStream derOutputStream2 = new DerOutputStream();
        derOutputStream.putInteger(this.version);
        if (this.recipientIdIssuer != null) {
            this.recipientIdIssuer.encode(derOutputStream);
        } else if (this.recipientIdRKeyId != null) {
            DerOutputStream derOutputStream3 = new DerOutputStream();
            this.recipientIdRKeyId.encode(derOutputStream3);
            derOutputStream.writeImplicit(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 0), derOutputStream3);
        } else {
            if (this.recipientIdMLKeyId == null) {
                if (debug != null) {
                    debug.text(16384L, className, "encode", "RecipientInfo encoding error");
                }
                throw new IOException("RecipientInfo encoding error");
            }
            DerOutputStream derOutputStream4 = new DerOutputStream();
            this.recipientIdMLKeyId.encode(derOutputStream4);
            derOutputStream.writeImplicit(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 1), derOutputStream4);
        }
        if (this.originatorCertIssuer != null) {
            DerOutputStream derOutputStream5 = new DerOutputStream();
            this.originatorCertIssuer.encode(derOutputStream5);
            derOutputStream.write(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 0), derOutputStream5);
        } else if (this.originatorCertSKeyId != null) {
            DerOutputStream derOutputStream6 = new DerOutputStream();
            derOutputStream6.putOctetString(this.originatorCertSKeyId);
            derOutputStream.write(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 0), derOutputStream6);
        }
        this.keyEncryptionAlgorithm.encode(derOutputStream);
        derOutputStream.putOctetString(getEncryptedKeyValue());
        derOutputStream2.write((byte) 48, derOutputStream);
        outputStream.write(derOutputStream2.toByteArray());
        if (debug != null) {
            debug.exit(16384L, className, "encode");
        }
    }

    @Override // com.ibm.security.pkcsutil.PKCSDerObject
    protected void decode(DerValue derValue) throws IOException {
        if (debug != null) {
            debug.entry(16384L, className, "decode", derValue);
        }
        if (derValue.getTag() != 48) {
            if (debug != null) {
                debug.text(16384L, className, "decode", "RecipientInfo parsing error");
            }
            throw new IOException("RecipientInfo parsing error");
        }
        this.version = derValue.getData().getInteger();
        if (this.version.intValue() != 0 && this.version.intValue() != 2) {
            if (debug != null) {
                debug.text(16384L, className, "decode", "RecipientInfo version must be zero or two");
            }
            throw new IOException("RecipientInfo version must be zero or two");
        }
        int peekByte = derValue.getData().peekByte();
        DerValue derValue2 = derValue.getData().getDerValue();
        if (peekByte == 48) {
            this.recipientIdIssuer = new IssuerAndSerialNumber(derValue2.toByteArray(), this.provider);
            this.recipientIdRKeyId = null;
            this.recipientIdMLKeyId = null;
        } else if (((byte) peekByte) == -96) {
            derValue2.resetTag((byte) 48);
            this.recipientIdIssuer = null;
            this.recipientIdRKeyId = new RecipientKeyIdentifier(derValue2.toByteArray(), this.provider);
            this.recipientIdMLKeyId = null;
        } else {
            if (((byte) peekByte) != -95) {
                if (debug != null) {
                    debug.text(16384L, className, "decode", "RecipientInfo parsing error");
                }
                throw new IOException("RecipientInfo parsing error");
            }
            derValue2.resetTag((byte) 48);
            this.recipientIdIssuer = null;
            this.recipientIdRKeyId = null;
            this.recipientIdMLKeyId = new MailListKeyIdentifier(derValue2.toByteArray(), this.provider);
        }
        boolean z = false;
        DerValue derValue3 = derValue.getData().getDerValue();
        if (derValue3.isContextSpecific()) {
            DerValue derValue4 = derValue3.getData().getDerValue();
            if (derValue4.getTag() == 48) {
                this.originatorCertIssuer = new IssuerAndSerialNumber(derValue4.toByteArray(), this.provider);
                this.originatorCertSKeyId = null;
            } else if (derValue4.getTag() == 4) {
                this.originatorCertIssuer = null;
                this.originatorCertSKeyId = derValue4.getOctetString();
            } else {
                this.originatorCertIssuer = null;
                this.originatorCertSKeyId = null;
            }
            z = true;
        }
        if (z) {
            this.keyEncryptionAlgorithm = AlgorithmId.parse(derValue.getData().getDerValue());
        } else {
            this.keyEncryptionAlgorithm = AlgorithmId.parse(derValue3);
        }
        setEncryptedKeyValue(derValue.getData().getOctetString());
        if (debug != null) {
            debug.exit(16384L, className, "decode");
        }
    }

    @Override // com.ibm.security.pkcsutil.PKCSDerObject
    public boolean equals(Object obj) {
        if (debug != null) {
            debug.entry(16384L, className, "equals", obj);
        }
        if (!(obj instanceof RecipientInfo)) {
            if (debug != null) {
                debug.exit(16384L, className, "equals", new Boolean(equals((RecipientInfo) obj)));
            }
            return equals((RecipientInfo) obj);
        }
        if (obj == this) {
            if (debug == null) {
                return true;
            }
            debug.exit(16384L, className, "equals", new Boolean(true));
            return true;
        }
        try {
            DerOutputStream derOutputStream = new DerOutputStream();
            DerOutputStream derOutputStream2 = new DerOutputStream();
            encode(derOutputStream);
            DerValue derValue = new DerValue(derOutputStream.toByteArray());
            ((RecipientInfo) obj).encode(derOutputStream2);
            if (derValue.equals(new DerValue(derOutputStream2.toByteArray()))) {
                if (debug == null) {
                    return true;
                }
                debug.exit(16384L, className, "equals", new Boolean(true));
                return true;
            }
            if (debug == null) {
                return false;
            }
            debug.exit(16384L, className, "equals", new Boolean(false));
            return false;
        } catch (Exception e) {
            if (debug == null) {
                return false;
            }
            debug.exception(16384L, className, "equals", e);
            debug.exit(16384L, className, "equals", new Boolean(false));
            return false;
        }
    }

    @Override // com.ibm.security.pkcsutil.PKCSDerObject
    public String toString() {
        HexDumpEncoder hexDumpEncoder = new HexDumpEncoder();
        String stringBuffer = new StringBuffer().append(new StringBuffer().append("").append("\tversion: ").append(this.version.intValue()).toString()).append("\r\n\trecipient identifier: \r\n").toString();
        if (this.recipientIdIssuer != null) {
            stringBuffer = new StringBuffer().append(stringBuffer).append(this.recipientIdIssuer).toString();
        } else if (this.recipientIdRKeyId != null) {
            stringBuffer = new StringBuffer().append(stringBuffer).append(this.recipientIdRKeyId).toString();
        } else if (this.recipientIdMLKeyId != null) {
            stringBuffer = new StringBuffer().append(stringBuffer).append(this.recipientIdMLKeyId).toString();
        }
        String stringBuffer2 = new StringBuffer().append(stringBuffer).append("\r\n\toriginator certificate: ").toString();
        if (this.originatorCertIssuer == null && this.originatorCertSKeyId == null) {
            stringBuffer2 = new StringBuffer().append(stringBuffer2).append("null").toString();
        } else if (this.originatorCertIssuer != null) {
            stringBuffer2 = new StringBuffer().append(stringBuffer2).append(LineSeparator.Windows).append(this.originatorCertIssuer).toString();
        } else if (this.originatorCertSKeyId != null) {
            stringBuffer2 = new StringBuffer().append(stringBuffer2).append(LineSeparator.Windows).append(hexDumpEncoder.encode(this.originatorCertSKeyId)).toString();
        }
        return new StringBuffer().append(new StringBuffer().append(stringBuffer2).append("\r\n\tkey encryption algorithm: ").append(this.keyEncryptionAlgorithm).toString()).append("\r\n\tencrypted key: \r\n").append(hexDumpEncoder.encode(getEncryptedKeyValue())).toString();
    }

    public Object clone() {
        if (debug != null) {
            debug.entry(16384L, className, "clone");
        }
        try {
            DerOutputStream derOutputStream = new DerOutputStream();
            encode(derOutputStream);
            RecipientInfo recipientInfo = new RecipientInfo(derOutputStream.toByteArray(), this.provider);
            if (debug != null) {
                debug.exit(16384L, className, "clone", recipientInfo);
            }
            return recipientInfo;
        } catch (Exception e) {
            if (debug != null) {
                debug.exit(16384L, className, "clone", (Object) null);
            }
            return (Object) null;
        }
    }

    public BigInteger getVersion() {
        if (debug != null) {
            debug.entry(16384L, className, "getVersion");
            debug.exit(16384L, className, "getVersion", this.version);
        }
        return this.version;
    }

    public byte[] getEncryptedKey() {
        if (debug != null) {
            debug.entry(16384L, className, "getEncryptedKey");
        }
        if (this.encryptedKey == null) {
            if (debug == null) {
                return null;
            }
            debug.exit(16384L, className, "getEncryptedKey", (Object) null);
            return null;
        }
        byte[] bArr = (byte[]) getEncryptedKeyValue().clone();
        if (debug != null) {
            debug.exit(16384L, className, "getEncryptedKey", bArr);
        }
        return bArr;
    }

    public AlgorithmId getKeyEncryptionAlgorithm() throws IOException {
        if (debug != null) {
            debug.entry(16384L, className, "getKeyEncryptionAlgorithm");
        }
        if (this.keyEncryptionAlgorithm == null) {
            if (debug == null) {
                return null;
            }
            debug.exit(16384L, className, "getKeyEncryptionAlgorithm", (Object) null);
            return null;
        }
        AlgorithmId algorithmId = new AlgorithmId(this.keyEncryptionAlgorithm.getOID(), this.keyEncryptionAlgorithm.getParameters(), this.provider);
        if (debug != null) {
            debug.exit(16384L, className, "getKeyEncryptionAlgorithm", algorithmId);
        }
        return algorithmId;
    }

    public RecipientIdentifier getRecipientIdentifier() {
        if (debug != null) {
            debug.entry(16384L, className, "getRecipientIdentifier");
        }
        RecipientIdentifier recipientIdentifier = null;
        if (this.recipientIdIssuer != null) {
            recipientIdentifier = (RecipientIdentifier) this.recipientIdIssuer.clone();
        } else if (this.recipientIdRKeyId != null) {
            recipientIdentifier = (RecipientIdentifier) this.recipientIdRKeyId.clone();
        } else if (this.recipientIdMLKeyId != null) {
            recipientIdentifier = (RecipientIdentifier) this.recipientIdMLKeyId.clone();
        }
        if (debug != null) {
            debug.exit(16384L, className, "getRecipientIdentifier", recipientIdentifier);
        }
        return recipientIdentifier;
    }

    public EntityIdentifier getEntityIdentifier() {
        SubjectKeyIdentifier subjectKeyIdentifier;
        if (debug != null) {
            debug.entry(16384L, className, "getEntityIdentifier");
        }
        if (this.originatorCertIssuer != null) {
            EntityIdentifier entityIdentifier = (EntityIdentifier) this.originatorCertIssuer.clone();
            if (debug != null) {
                debug.exit(16384L, className, "getEntityIdentifier", entityIdentifier);
            }
            return entityIdentifier;
        }
        if (this.originatorCertSKeyId == null) {
            if (debug == null) {
                return null;
            }
            debug.exit(16384L, className, "getEntityIdentifier", (Object) null);
            return null;
        }
        try {
            subjectKeyIdentifier = new SubjectKeyIdentifier(this.provider);
            subjectKeyIdentifier.setIdentifier(this.originatorCertSKeyId);
        } catch (PKCSException e) {
            if (debug != null) {
                debug.exception(16384L, className, "getEntityIdentifier", e);
            }
            subjectKeyIdentifier = null;
        }
        if (debug != null) {
            debug.exit(16384L, className, "getEntityIdentifier", subjectKeyIdentifier);
        }
        return subjectKeyIdentifier;
    }

    public boolean identifies(Certificate certificate) throws IOException {
        if (debug != null) {
            debug.entry(16384L, className, "identifies", certificate);
        }
        if (this.recipientIdIssuer == null) {
            if (debug == null) {
                return false;
            }
            debug.exit(16384L, className, "getEntityIdentifier_1", new Boolean(false));
            return false;
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (!new X500Name(x509Certificate.getIssuerDN().getName()).equals(this.recipientIdIssuer.getIssuer())) {
            if (debug == null) {
                return false;
            }
            debug.exit(16384L, className, "getEntityIdentifier_1", new Boolean(false));
            return false;
        }
        if (x509Certificate.getSerialNumber().equals(this.recipientIdIssuer.getSerialNumber())) {
            if (debug == null) {
                return true;
            }
            debug.exit(16384L, className, "getEntityIdentifier", new Boolean(true));
            return true;
        }
        if (debug == null) {
            return false;
        }
        debug.exit(16384L, className, "getEntityIdentifier_1", new Boolean(false));
        return false;
    }

    private void encryptKey(byte[] bArr, Certificate certificate) throws PKCSException {
        if (debug != null) {
            debug.entry(16384L, className, "encryptKey", bArr, certificate);
        }
        PublicKey publicKey = certificate.getPublicKey();
        String algorithm = certificate.getPublicKey().getAlgorithm();
        try {
            Cipher cipher = this.provider != null ? Cipher.getInstance(algorithm, this.provider) : Cipher.getInstance(algorithm);
            cipher.init(1, publicKey);
            setEncryptedKeyValue(cipher.doFinal(bArr));
            if (debug != null) {
                debug.exit(16384L, className, "encryptKey");
            }
        } catch (Exception e) {
            if (debug != null) {
                debug.exception(16384L, className, "encryptKey", e);
            }
            throw new PKCSException(e, new StringBuffer().append("Key encryption error (").append(e.toString()).append(")").toString());
        }
    }

    public byte[] decryptKey(PrivateKey privateKey) throws PKCSException {
        if (debug != null) {
            debug.entry(16384L, className, "decryptKey", privateKey);
        }
        try {
            String name = this.keyEncryptionAlgorithm.getName();
            Cipher cipher = this.provider != null ? Cipher.getInstance(name, this.provider) : Cipher.getInstance(name);
            cipher.init(2, privateKey);
            byte[] doFinal = cipher.doFinal(getEncryptedKeyValue());
            if (debug != null) {
                debug.exit(16384L, className, "decryptKey", doFinal);
            }
            return doFinal;
        } catch (Exception e) {
            if (debug != null) {
                debug.exception(16384L, className, "decryptKey", e);
            }
            throw new PKCSException(e, new StringBuffer().append("Key decryption error (").append(e.toString()).append(")").toString());
        }
    }

    private void calculateVersion() {
        if (debug != null) {
            debug.entry(8192L, className, "calculateVersion");
        }
        this.version = BigInteger.valueOf(2L);
        if (this.originatorCertIssuer == null && this.originatorCertSKeyId == null && this.recipientIdIssuer != null) {
            this.version = BigInteger.ZERO;
        }
        if (debug != null) {
            debug.exit(8192L, className, "calculateVersion");
        }
    }

    private void setEncryptedKeyValue(byte[] bArr) {
        if (debug != null) {
            debug.entry(8192L, className, "setEncryptedKeyValue", bArr);
        }
        this.encryptedKey = new SmudgedBytes(bArr);
        if (debug != null) {
            debug.exit(8192L, className, "setEncryptedKeyValue");
        }
    }

    private byte[] getEncryptedKeyValue() {
        if (debug != null) {
            debug.entry(8192L, className, "getEncryptedKeyValue");
        }
        if (this.encryptedKey != null) {
            if (debug != null) {
                debug.exit(8192L, className, "getEncryptedKeyValue", this.encryptedKey.getClearText());
            }
            return this.encryptedKey.getClearText();
        }
        if (debug == null) {
            return null;
        }
        debug.exit(8192L, className, "getEncryptedKeyValue", (Object) null);
        return null;
    }

    protected void finalize() {
        this.encryptedKey = null;
    }
}
