package com.ibm.security.pkcs1;

import com.ibm.misc.Debug;
import com.ibm.security.pkcsutil.PKCSException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Locale;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;

/* loaded from: input_file:efixes/PK67052_Linux_i386/components/prereq.jdk/update.jar:/java/jre/lib/ibmpkcs.jar:com/ibm/security/pkcs1/PKCS1.class */
public final class PKCS1 {
    private String version;
    private String provider;
    private String signature;
    private String encryption;
    private String mgf;
    public static final String PKCS1_VERSION_1_5 = "1.5";
    public static final String PKCS1_VERSION2 = "2.0";
    static final String RSA_ALGORITHM = "RSA";
    static final String MESSAGE_DIGEST_MD2 = "MD2";
    static final String MESSAGE_DIGEST_MD5 = "MD5";
    static final String MESSAGE_DIGEST_SHA = "SHA";
    static final String MESSAGE_DIGEST_SHA1 = "SHA1";
    static final String SIGNATURE_SHA_RSA = "SHAwithRSA";
    static final String SIGNATURE_MD2_RSA = "MD2withRSA";
    static final String SIGNATURE_MD5_RSA = "MD5withRSA";
    static final String MGF_NULL = "NO_MGF";
    static final int MD2_RESULT_LENGTH = 16;
    static final int MD5_RESULT_LENGTH = 16;
    static final int SHA_RESULT_LENGTH = 20;
    private static final BigInteger BIG_INT_ZERO = BigInteger.ZERO;
    static final String MESSAGE_DIGEST_SHA_1 = "SHA-1";
    private static final String[] OaepHashAlgorithms = {"SHA", "SHA1", MESSAGE_DIGEST_SHA_1};
    private static final String[] version1_5SignAlgorithms = {"SHA", "SHA1", MESSAGE_DIGEST_SHA_1, "MD2", "MD5"};
    static final String MGF_MGF1 = "MGF1";
    private static final String[] mgfAlgorithms = {MGF_MGF1};
    private static Debug debug = Debug.getInstance("ibmpkcs");
    private static String className = "com.ibm.security.pkcs1.PKCS1";

    public PKCS1(String str, String str2, String str3, String str4, String str5) {
        this(str, str2, str3, str4);
        if (debug != null) {
            debug.entry(16384L, (Object) className, "PKCS1", new Object[]{str, str2, str3, str4, str5});
        }
        if (str5 != null) {
            this.provider = new String(str5);
        }
        if (debug != null) {
            debug.exit(16384L, className, "PKCS1");
        }
    }

    public PKCS1(String str, String str2, String str3, String str4) {
        this.version = PKCS1_VERSION_1_5;
        this.provider = null;
        this.signature = SIGNATURE_SHA_RSA;
        this.encryption = RSA_ALGORITHM;
        this.mgf = MGF_MGF1;
        if (debug != null) {
            debug.entry(16384L, (Object) className, "PKCS1", new Object[]{str, str2, str3, str4});
        }
        if (str != null) {
            try {
                setVersion(str);
            } catch (IllegalArgumentException e) {
            }
        }
        if (str2 != null) {
            setEncryptionAlgorithm(str2);
        }
        if (str4 != null) {
            setMGF(str4);
        }
        if (str3 != null) {
            setSignatureHashAlgorithm(str3);
        }
        if (debug != null) {
            debug.exit(16384L, className, "PKCS1");
        }
    }

    public String getVersion() {
        if (debug != null) {
            debug.entry(16384L, className, "getVersion");
            debug.exit(16384L, className, "getVersion", this.version);
        }
        return this.version;
    }

    public String getEncryptionAlgorithmString() {
        if (debug != null) {
            debug.entry(16384L, className, "getEncryptionAlgorithmString");
            debug.exit(16384L, className, "getEncryptionAlgorithmString", this.encryption);
        }
        return this.encryption;
    }

    public String getSignatureHashAlgorithmString() {
        if (debug != null) {
            debug.entry(16384L, className, "getSignatureHashAlgorithmString");
        }
        String str = SIGNATURE_MD2_RSA.equals(this.signature) ? new String("MD2") : SIGNATURE_MD5_RSA.equals(this.signature) ? new String("MD5") : new String("SHA");
        if (debug != null) {
            debug.exit(16384L, className, "getSignatureHashAlgorithmString", str);
        }
        return str;
    }

    public String getSignatureAlgorithmString() {
        if (debug != null) {
            debug.entry(16384L, className, "getSignatureAlgorithmString");
            debug.exit(16384L, className, "getSignatureAlgorithmString", this.signature);
        }
        return this.signature;
    }

    public String getMGF() {
        if (debug != null) {
            debug.entry(16384L, className, "getMGF");
        }
        if (PKCS1_VERSION2.equalsIgnoreCase(this.version)) {
            if (debug != null) {
                debug.exit(16384L, className, "getMGF", this.mgf);
            }
            return this.mgf;
        }
        if (debug == null) {
            return null;
        }
        debug.exit(16384L, className, "getMGF", (Object) null);
        return null;
    }

    public byte[] encrypt(PublicKey publicKey, byte[] bArr) throws PKCSException, NoSuchAlgorithmException {
        if (debug != null) {
            debug.entry(16384L, className, "encrypt", publicKey, bArr);
        }
        if (publicKey == null) {
            if (debug != null) {
                debug.text(16384L, className, "encrypt", "Public Key must be specified");
            }
            throw new IllegalArgumentException("Public Key must be specified.");
        }
        if (bArr == null) {
            if (debug != null) {
                debug.text(16384L, className, "encrypt", "Message must be specified");
            }
            throw new IllegalArgumentException("Message must be specified.");
        }
        if (publicKey.getAlgorithm() != RSA_ALGORITHM) {
            if (debug != null) {
                debug.text(16384L, className, "encrypt", "Invalid key: RSA public key algorithm expected");
            }
            throw new PKCSException("Invalid key: RSA public key expected");
        }
        if (!(publicKey instanceof RSAPublicKey)) {
            if (debug != null) {
                debug.text(16384L, className, "encrypt", "Invalid key: RSA public key expected");
            }
            throw new PKCSException("Invalid key: RSA public key expected");
        }
        try {
            Cipher cipher = this.provider != null ? Cipher.getInstance(this.encryption, this.provider) : Cipher.getInstance(this.encryption);
            try {
                cipher.init(1, publicKey);
                try {
                    byte[] doFinal = cipher.doFinal(bArr);
                    if (debug != null) {
                        debug.entry(16384L, className, "encrypt", doFinal);
                    }
                    return doFinal;
                } catch (BadPaddingException e) {
                    if (debug != null) {
                        debug.exception(16384L, className, "encrypt", e);
                    }
                    throw new PKCSException(e, new StringBuffer().append("Error : (").append(e.toString()).append(")").toString());
                } catch (IllegalBlockSizeException e2) {
                    if (debug != null) {
                        debug.exception(16384L, className, "encrypt", e2);
                    }
                    throw new PKCSException(e2, new StringBuffer().append("Error : (").append(e2.toString()).append(")").toString());
                }
            } catch (InvalidKeyException e3) {
                if (debug != null) {
                    debug.exception(16384L, className, "encrypt", e3);
                }
                throw new PKCSException(e3, "Invalid key: RSA public key expected");
            }
        } catch (Exception e4) {
            if (debug != null) {
                debug.exception(16384L, className, "encrypt", e4);
            }
            throw new PKCSException(e4, new StringBuffer().append("Error : (").append(e4.toString()).append(")").toString());
        }
    }

    public byte[] encrypt(Certificate certificate, byte[] bArr) throws PKCSException, NoSuchAlgorithmException {
        if (debug != null) {
            debug.entry(16384L, className, "encrypt", certificate, bArr);
        }
        if (certificate == null) {
            if (debug != null) {
                debug.text(16384L, className, "encrypt", "Certificate must be specified");
            }
            throw new IllegalArgumentException("Certificate must be specified.");
        }
        if (!(certificate instanceof X509Certificate)) {
            if (debug != null) {
                debug.text(16384L, className, "encrypt", new StringBuffer().append("Certificate type ").append(certificate.getClass().getName()).append(" not supported. Only instances of java.security.cert.X509Certificate are supported").toString());
            }
            throw new IllegalArgumentException(new StringBuffer().append("Certificate type ").append(certificate.getClass().getName()).append("not supported.  Only instances of ").append("java.security.cert.X509Certificate are supported.").toString());
        }
        try {
            ((X509Certificate) certificate).checkValidity();
            byte[] encrypt = encrypt(certificate.getPublicKey(), bArr);
            if (debug != null) {
                debug.exit(16384L, className, "encrypt", encrypt);
            }
            return encrypt;
        } catch (CertificateExpiredException e) {
            if (debug != null) {
                debug.exception(16384L, className, "encrypt", e);
            }
            throw new PKCSException(e, "Certificate has expired.");
        } catch (CertificateNotYetValidException e2) {
            if (debug != null) {
                debug.exception(16384L, className, "encrypt", e2);
            }
            throw new PKCSException(e2, "Certificate is not yet valid.");
        }
    }

    public byte[] decrypt(PrivateKey privateKey, byte[] bArr) throws PKCSException, NoSuchAlgorithmException {
        if (debug != null) {
            debug.entry(16384L, className, "decrypt", privateKey, bArr);
        }
        if (privateKey == null) {
            if (debug != null) {
                debug.text(16384L, className, "decrypt", "Private Key must be specified");
            }
            throw new IllegalArgumentException("Private Key must be specified.");
        }
        if (bArr == null) {
            if (debug != null) {
                debug.text(16384L, className, "decrypt", "Cipher text must be specified");
            }
            throw new IllegalArgumentException("Cipher text must be specified.");
        }
        if (privateKey.getAlgorithm() != RSA_ALGORITHM) {
            if (debug != null) {
                debug.text(16384L, className, "decrypt", "Invalid key: RSA algorithm expected");
            }
            throw new PKCSException("Invalid key: RSA private key expected");
        }
        if (!(privateKey instanceof RSAPrivateKey) && !(privateKey instanceof RSAPrivateCrtKey)) {
            if (debug != null) {
                debug.text(16384L, className, "decrypt", "Invalid key: RSA private key expected");
            }
            throw new PKCSException("Invalid key: RSA private key expected");
        }
        try {
            Cipher cipher = this.provider != null ? Cipher.getInstance(this.encryption, this.provider) : Cipher.getInstance(this.encryption);
            try {
                cipher.init(2, privateKey);
                try {
                    byte[] doFinal = cipher.doFinal(bArr);
                    if (debug != null) {
                        debug.exit(16384L, className, "decrypt", doFinal);
                    }
                    return doFinal;
                } catch (BadPaddingException e) {
                    if (debug != null) {
                        debug.exception(16384L, className, "decrypt", e);
                    }
                    throw new PKCSException(e, new StringBuffer().append("Error : (").append(e.toString()).append(")").toString());
                } catch (IllegalBlockSizeException e2) {
                    if (debug != null) {
                        debug.exception(16384L, className, "decrypt", e2);
                    }
                    throw new PKCSException(e2, new StringBuffer().append("Error : (").append(e2.toString()).append(")").toString());
                }
            } catch (InvalidKeyException e3) {
                if (debug != null) {
                    debug.exception(16384L, className, "decrypt", e3);
                }
                throw new PKCSException(e3, "Invalid key: RSA private key expected");
            }
        } catch (Exception e4) {
            if (debug != null) {
                debug.exception(16384L, className, "decrypt", e4);
            }
            throw new PKCSException(e4, new StringBuffer().append("Error : (").append(e4.toString()).append(")").toString());
        }
    }

    public byte[] sign(PrivateKey privateKey, byte[] bArr) throws PKCSException, NoSuchAlgorithmException {
        if (debug != null) {
            debug.entry(16384L, className, "sign", privateKey, bArr);
        }
        if (privateKey == null) {
            if (debug != null) {
                debug.text(16384L, className, "sign", "Private Key must be specified.");
            }
            throw new IllegalArgumentException("Private Key must be specified.");
        }
        if (bArr == null) {
            if (debug != null) {
                debug.text(16384L, className, "sign", "Message must be specified.");
            }
            throw new IllegalArgumentException("Message must be specified.");
        }
        if (bArr.length == 0) {
            if (debug != null) {
                debug.text(16384L, className, "sign", "Message length is 0.");
            }
            throw new IllegalArgumentException("Message must be specified.");
        }
        if (privateKey.getAlgorithm() != RSA_ALGORITHM) {
            if (debug != null) {
                debug.text(16384L, className, "sign", "Invalid key: RSA Algorithm expected.");
            }
            throw new PKCSException("Invalid key: RSA private key expected");
        }
        if (!(privateKey instanceof RSAPrivateKey) && !(privateKey instanceof RSAPrivateCrtKey)) {
            if (debug != null) {
                debug.text(16384L, className, "sign", "Invalid key: RSA private key expecited");
            }
            throw new PKCSException("Invalid key: RSA private key expected");
        }
        try {
            Signature signature = this.provider != null ? Signature.getInstance(this.signature, this.provider) : Signature.getInstance(this.signature);
            try {
                signature.initSign(privateKey);
                try {
                    signature.update(bArr);
                    byte[] sign = signature.sign();
                    if (debug != null) {
                        debug.exit(16384L, className, "sign", sign);
                    }
                    return sign;
                } catch (SignatureException e) {
                    if (debug != null) {
                        debug.exception(16384L, className, "sign", e);
                    }
                    throw new PKCSException(e, new StringBuffer().append("Error : (").append(e.toString()).append(")").toString());
                }
            } catch (InvalidKeyException e2) {
                if (debug != null) {
                    debug.exception(16384L, className, "sign", e2);
                }
                throw new PKCSException(e2, "Invalid key: RSA private key expected");
            }
        } catch (Exception e3) {
            if (debug != null) {
                debug.exception(16384L, className, "sign", e3);
            }
            throw new PKCSException(e3, new StringBuffer().append("Error : (").append(e3.toString()).append(")").toString());
        }
    }

    public boolean verify(PublicKey publicKey, byte[] bArr, byte[] bArr2) throws PKCSException, NoSuchAlgorithmException {
        if (debug != null) {
            debug.entry(16384L, (Object) className, "verify", new Object[]{publicKey, bArr, bArr2});
        }
        if (publicKey == null) {
            if (debug != null) {
                debug.text(16384L, className, "verify", "Public Key must be specified");
            }
            throw new IllegalArgumentException("Public Key must be specified.");
        }
        if (bArr == null) {
            if (debug != null) {
                debug.text(16384L, className, "verify", "Message must be specified");
            }
            throw new IllegalArgumentException("Message must be specified.");
        }
        if (bArr.length == 0) {
            if (debug != null) {
                debug.text(16384L, className, "verify", "Message length cannot be 0");
            }
            throw new IllegalArgumentException("Message must be specified.");
        }
        if (bArr2 == null) {
            if (debug != null) {
                debug.text(16384L, className, "verify", "Signature must be specified");
            }
            throw new IllegalArgumentException("Signature must be specified.");
        }
        if (bArr2.length == 0) {
            if (debug != null) {
                debug.text(16384L, className, "verify", "Signature length cannot be 0");
            }
            throw new IllegalArgumentException("Signature must be specified.");
        }
        if (publicKey.getAlgorithm() != RSA_ALGORITHM) {
            if (debug != null) {
                debug.text(16384L, className, "verify", "Invalid key: Public Key Algorithm must be RSA");
            }
            throw new PKCSException("Invalid key: RSA public key expected");
        }
        if (!(publicKey instanceof RSAPublicKey)) {
            if (debug != null) {
                debug.text(16384L, className, "verify", "Invalid key: RSA public key expected");
            }
            throw new PKCSException("Invalid key: RSA public key expected");
        }
        try {
            Signature signature = this.provider != null ? Signature.getInstance(this.signature, this.provider) : Signature.getInstance(this.signature);
            try {
                signature.initVerify(publicKey);
                try {
                    signature.update(bArr);
                    boolean verify = signature.verify(bArr2);
                    if (debug != null) {
                        debug.exit(16384L, className, "verify", verify);
                    }
                    return verify;
                } catch (SignatureException e) {
                    if (debug != null) {
                        debug.exception(16384L, className, "verify", e);
                    }
                    throw new PKCSException(e, new StringBuffer().append("Error : (").append(e.toString()).append(")").toString());
                }
            } catch (InvalidKeyException e2) {
                if (debug != null) {
                    debug.exception(16384L, className, "verify", e2);
                }
                throw new PKCSException(e2, "Invalid key: RSA public key expected");
            }
        } catch (Exception e3) {
            if (debug != null) {
                debug.exception(16384L, className, "verify", e3);
            }
            throw new PKCSException(e3, new StringBuffer().append("Error : (").append(e3.toString()).append(")").toString());
        }
    }

    public boolean verify(Certificate certificate, byte[] bArr, byte[] bArr2) throws PKCSException, NoSuchAlgorithmException {
        if (debug != null) {
            debug.entry(16384L, (Object) className, "verify", new Object[]{certificate, bArr, bArr2});
        }
        if (certificate == null) {
            if (debug != null) {
                debug.text(16384L, className, "verify", "Certificate must be specified");
            }
            throw new IllegalArgumentException("Certificate must be specified.");
        }
        if (!(certificate instanceof X509Certificate)) {
            if (debug != null) {
                debug.text(16384L, className, "verify", new StringBuffer().append("Certificate type ").append(certificate.getClass().getName()).append(" not supported. Only instances of java.security.cert.X509Certificate are supported").toString());
            }
            throw new IllegalArgumentException(new StringBuffer().append("Certificate type ").append(certificate.getClass().getName()).append("not supported.  Only instances of java.security.cert.X509Certificate are supported.").toString());
        }
        try {
            ((X509Certificate) certificate).checkValidity();
            boolean verify = verify(certificate.getPublicKey(), bArr, bArr2);
            if (debug != null) {
                debug.exit(16384L, className, "verify", verify);
            }
            return verify;
        } catch (CertificateExpiredException e) {
            if (debug != null) {
                debug.exception(16384L, className, "verify", e);
            }
            throw new PKCSException(e, "Certificate has expired.");
        } catch (CertificateNotYetValidException e2) {
            if (debug != null) {
                debug.exception(16384L, className, "verify", e2);
            }
            throw new PKCSException(e2, "Certificate is not yet valid.");
        }
    }

    public String toString() {
        return new StringBuffer().append("PKCS1: version: ").append(getVersion()).append("\r\n\tencryption algorithm: ").append(getEncryptionAlgorithmString()).append("\r\n\tsignature algorithm: ").append(getSignatureAlgorithmString()).toString();
    }

    private static boolean inSet(String str, String[] strArr) {
        boolean z = false;
        if (debug != null) {
            debug.entry(8192L, className, "inSet", str, strArr);
        }
        if (strArr != null && str != null && strArr.length > 0) {
            int i = 0;
            while (true) {
                if (i >= strArr.length) {
                    break;
                }
                if (str.equalsIgnoreCase(strArr[i])) {
                    z = true;
                    break;
                }
                i++;
            }
        }
        if (debug != null) {
            debug.exit(8192L, className, "inSet", z);
        }
        return z;
    }

    private void setVersion(String str) {
        if (debug != null) {
            debug.entry(8192L, className, "setVersion", str);
        }
        if (!str.equalsIgnoreCase(PKCS1_VERSION_1_5)) {
            if (debug != null) {
                debug.text(8192L, className, "setVersion", new StringBuffer().append("PKCS #1 version ").append(str).append(" not supported").toString());
            }
            throw new IllegalArgumentException(new StringBuffer().append("PKCS #1 version ").append(str).append(" not supported.").toString());
        }
        this.version = PKCS1_VERSION_1_5;
        if (debug != null) {
            debug.exit(8192L, className, "setVersion");
        }
    }

    private void setEncryptionAlgorithm(String str) {
        if (debug != null) {
            debug.entry(8192L, className, "setEncryptionAlgorithm", str);
        }
        if (PKCS1_VERSION2.equalsIgnoreCase(this.version)) {
            if (!inSet(str, OaepHashAlgorithms)) {
                if (debug != null) {
                    debug.text(8192L, className, "setEncryptionAlgorithm", new StringBuffer().append("Encryption algorithm ").append(str).append(" not supported in version 2.0").toString());
                }
                throw new IllegalArgumentException(new StringBuffer().append("Encryption algorithm ").append(str).append(" not supported in version 2.0").toString());
            }
            this.encryption = str.toUpperCase(Locale.US);
        } else if (!str.equalsIgnoreCase(RSA_ALGORITHM)) {
            if (debug != null) {
                debug.text(8192L, className, "setEncryptionAlgorithm", new StringBuffer().append("Encryption algorithm ").append(str).append(" not supported in version 1.5").toString());
            }
            throw new IllegalArgumentException(new StringBuffer().append("Encryption algorithm ").append(str).append(" not supported in version 1.5.").toString());
        }
        if (debug != null) {
            debug.exit(8192L, className, "setEncryptionAlgorithm");
        }
    }

    private void setSignatureHashAlgorithm(String str) {
        if (debug != null) {
            debug.entry(8192L, className, "setSignatureHashAlgorithm", str);
        }
        if (!inSet(str, version1_5SignAlgorithms)) {
            if (debug != null) {
                debug.text(8192L, className, "setSignatureHashAlgorithm", new StringBuffer().append("Digest algorithm ").append(str).append(" not supported").toString());
            }
            throw new IllegalArgumentException(new StringBuffer().append("Digest algorithm ").append(str).append(" not supported.").toString());
        }
        if (str.equalsIgnoreCase("SHA") || str.equalsIgnoreCase("SHA1") || str.equalsIgnoreCase(MESSAGE_DIGEST_SHA_1)) {
            this.signature = SIGNATURE_SHA_RSA;
            if (debug != null) {
                debug.exit(8192L, className, "setSignatureHashAlgorithm");
                return;
            }
            return;
        }
        if (str.equalsIgnoreCase("MD2")) {
            this.signature = SIGNATURE_MD2_RSA;
            if (debug != null) {
                debug.exit(8192L, className, "setSignatureHashAlgorithm");
                return;
            }
            return;
        }
        this.signature = SIGNATURE_MD5_RSA;
        if (debug != null) {
            debug.exit(8192L, className, "setSignatureHashAlgorithm");
        }
    }

    private void setMGF(String str) {
        if (debug != null) {
            debug.entry(8192L, className, "setMGF", str);
        }
        if (!PKCS1_VERSION2.equalsIgnoreCase(this.version)) {
            if (debug != null) {
                debug.text(8192L, className, "setMGF", new StringBuffer().append("MGF algorithm ").append(str).append(" not supported in PKCS#1 version ").append(this.version).toString());
            }
            throw new IllegalArgumentException(new StringBuffer().append("MGF algorithm  not supported in PKCS#1 version ").append(this.version).toString());
        }
        if (!inSet(str, mgfAlgorithms)) {
            if (debug != null) {
                debug.text(8192L, className, "setMGF", new StringBuffer().append("MGF algorithm ").append(str).append(" not supported").toString());
            }
            throw new IllegalArgumentException(new StringBuffer().append("MGF algorithm ").append(str).append(" not supported.").toString());
        }
        this.mgf = str.toUpperCase(Locale.US);
        if (debug != null) {
            debug.exit(8192L, className, "setMGF");
        }
    }
}
