package com.ibm.security.x509;

import com.ibm.misc.Debug;
import com.ibm.security.util.DerInputStream;
import com.ibm.security.util.DerOutputStream;
import com.ibm.security.util.DerValue;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.io.Serializable;
import java.math.BigInteger;
import java.security.Certificate;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Date;

/* loaded from: input_file:efixes/PK67052_Solaris_SPARC/components/prereq.jdk/update.jar:/java/jre/lib/endorsed/ibmpkcs.jar:com/ibm/security/x509/X509Cert.class */
public class X509Cert implements Certificate, Serializable {
    static final long serialVersionUID = -52595524744692374L;
    protected transient AlgorithmId algid;
    private transient byte[] rawCert;
    private transient byte[] signature;
    private transient byte[] signedCert;
    private transient X500Name subject;
    private transient PublicKey pubkey;
    private transient Date notafter;
    private transient Date notbefore;
    private transient int version;
    private transient BigInteger serialnum;
    private transient X500Name issuer;
    private transient AlgorithmId issuerSigAlg;
    private transient boolean parsed = false;
    private static Debug debug = Debug.getInstance("ibmpkcs");
    private static String className = "com.ibm.security.x509.X509Cert";

    public X509Cert() {
        if (debug != null) {
            debug.entry(16384L, className, "X509Cert");
            debug.exit(16384L, className, "X509Cert");
        }
    }

    public X509Cert(byte[] bArr) throws IOException {
        if (debug != null) {
            debug.entry(16384L, className, "X509Cert", bArr);
        }
        DerValue derValue = new DerValue(bArr);
        parse(derValue);
        if (derValue.getData().available() != 0) {
            if (debug != null) {
                debug.text(16384L, className, "X509Cert", "garbage at end");
            }
            throw new CertParseError("garbage at end");
        }
        this.signedCert = bArr;
        if (debug != null) {
            debug.exit(16384L, className, "X509Cert");
        }
    }

    public X509Cert(byte[] bArr, int i, int i2) throws IOException {
        if (debug != null) {
            debug.entry(16384L, (Object) className, "X509Cert", new Object[]{bArr, new Integer(i), new Integer(i2)});
        }
        DerValue derValue = new DerValue(bArr, i, i2);
        parse(derValue);
        if (derValue.getData().available() != 0) {
            if (debug != null) {
                debug.text(16384L, className, "X509Cert", "garbage at end");
            }
            throw new CertParseError("garbage at end");
        }
        this.signedCert = new byte[i2];
        System.arraycopy(bArr, i, this.signedCert, 0, i2);
        if (debug != null) {
            debug.exit(16384L, className, "X509Cert");
        }
    }

    public X509Cert(DerValue derValue) throws IOException {
        if (debug != null) {
            debug.entry(16384L, className, "X509Cert", derValue);
        }
        parse(derValue);
        if (derValue.getData().available() != 0) {
            if (debug != null) {
                debug.text(16384L, className, "X509Cert", "garbage at end");
            }
            throw new CertParseError("garbage at end");
        }
        this.signedCert = derValue.toByteArray();
        if (debug != null) {
            debug.exit(16384L, className, "X509Cert");
        }
    }

    public X509Cert(X500Name x500Name, X509Key x509Key, Date date, Date date2) throws CertException {
        if (debug != null) {
            debug.entry(16384L, (Object) className, "X509Cert", new Object[]{x500Name, x509Key, date, date2});
        }
        this.subject = x500Name;
        if (!(x509Key instanceof PublicKey)) {
            if (debug != null) {
                debug.text(16384L, className, "X509Cert", "Doesn't implement PublicKey interface");
            }
            throw new CertException(9, "Doesn't implement PublicKey interface");
        }
        this.pubkey = x509Key;
        this.notbefore = date;
        this.notafter = date2;
        this.version = 0;
        if (debug != null) {
            debug.exit(16384L, className, "X509Cert");
        }
    }

    @Override // java.security.Certificate
    public void decode(InputStream inputStream) throws IOException {
        if (debug != null) {
            debug.entry(16384L, className, "decode", inputStream);
        }
        DerValue derValue = new DerValue(inputStream);
        parse(derValue);
        this.signedCert = derValue.toByteArray();
        if (debug != null) {
            debug.exit(16384L, className, "decode");
        }
    }

    @Override // java.security.Certificate
    public void encode(OutputStream outputStream) throws IOException {
        if (debug != null) {
            debug.entry(16384L, className, "encode", outputStream);
        }
        outputStream.write(getSignedCert());
        if (debug != null) {
            debug.exit(16384L, className, "encode");
        }
    }

    public boolean equals(Object obj) {
        if (debug != null) {
            debug.entry(16384L, className, "equals", obj);
        }
        boolean z = false;
        if (obj instanceof X509Cert) {
            z = equals((X509Cert) obj);
        }
        if (debug != null) {
            debug.exit(16384L, className, "equals", new Boolean(z));
        }
        return z;
    }

    public boolean equals(X509Cert x509Cert) {
        if (debug != null) {
            debug.entry(16384L, className, "equals", x509Cert);
        }
        boolean z = true;
        if (this == x509Cert) {
            z = true;
        } else if (this.signedCert == null || x509Cert.signedCert == null) {
            z = false;
        } else if (this.signedCert.length != x509Cert.signedCert.length) {
            z = false;
        } else {
            int i = 0;
            while (true) {
                if (i >= this.signedCert.length) {
                    break;
                }
                if (this.signedCert[i] != x509Cert.signedCert[i]) {
                    z = false;
                    break;
                }
                i++;
            }
        }
        if (debug != null) {
            debug.exit(16384L, className, "equals", z);
        }
        return z;
    }

    @Override // java.security.Certificate
    public String getFormat() {
        return "X.509";
    }

    @Override // java.security.Certificate
    public Principal getGuarantor() {
        return getIssuerName();
    }

    @Override // java.security.Certificate
    public Principal getPrincipal() {
        return getSubjectName();
    }

    public void verify(PublicKey publicKey) throws CertException {
        if (debug != null) {
            debug.entry(16384L, className, "verify", publicKey);
        }
        Date date = new Date();
        if (date.before(this.notbefore)) {
            if (debug != null) {
                debug.text(16384L, className, "verify", "Certificate is not yet valid");
            }
            throw new CertException(3);
        }
        if (date.after(this.notafter)) {
            if (debug != null) {
                debug.text(16384L, className, "verify", "Certificate has expired");
            }
            throw new CertException(4);
        }
        if (this.signedCert == null) {
            if (debug != null) {
                debug.text(16384L, className, "verify", "?? certificate is not signed yet ??");
            }
            throw new CertException(1, "?? certificate is not signed yet ??");
        }
        String str = null;
        try {
            str = this.issuerSigAlg.getName();
            Signature signature = Signature.getInstance(str);
            signature.initVerify(publicKey);
            signature.update(this.rawCert, 0, this.rawCert.length);
            if (!signature.verify(this.signature)) {
                if (debug != null) {
                    debug.text(16384L, className, "verify", new StringBuffer().append("Signature ... by <").append(this.issuer).append("> for <").append(this.subject).append(">").toString());
                }
                throw new CertException(1, new StringBuffer().append("Signature ... by <").append(this.issuer).append("> for <").append(this.subject).append(">").toString());
            }
            if (debug != null) {
                debug.exit(16384L, className, "verify");
            }
        } catch (InvalidKeyException e) {
            if (debug != null) {
                debug.text(16384L, className, "verify", new StringBuffer().append("Algorithm (").append(str).append(") rejected public key").toString());
            }
            throw new CertException(9, new StringBuffer().append("Algorithm (").append(str).append(") rejected public key").toString());
        } catch (NoSuchAlgorithmException e2) {
            if (debug != null) {
                debug.text(16384L, className, "verify", new StringBuffer().append("Unsupported signature algorithm (").append(str).append(")").toString());
            }
            throw new CertException(1, new StringBuffer().append("Unsupported signature algorithm (").append(str).append(")").toString());
        } catch (SignatureException e3) {
            if (debug != null) {
                debug.text(16384L, className, "verify", new StringBuffer().append("Signature by <").append(this.issuer).append("> for <").append(this.subject).append(">").toString());
            }
            throw new CertException(1, new StringBuffer().append("Signature by <").append(this.issuer).append("> for <").append(this.subject).append(">").toString());
        }
    }

    public byte[] encodeAndSign(BigInteger bigInteger, X500Signer x500Signer) throws IOException, SignatureException {
        if (debug != null) {
            debug.entry(16384L, className, "encodeAndSign", bigInteger, x500Signer);
        }
        this.rawCert = null;
        this.version = 0;
        this.serialnum = bigInteger;
        this.issuer = x500Signer.getSigner();
        this.issuerSigAlg = x500Signer.getAlgorithmId();
        if (this.subject == null || this.pubkey == null || this.notbefore == null || this.notafter == null) {
            if (debug != null) {
                debug.text(16384L, className, "encodeAndSign", "not enough cert parameters");
            }
            throw new IOException("not enough cert parameters");
        }
        this.rawCert = DERencode();
        this.signedCert = sign(x500Signer, this.rawCert);
        if (debug != null) {
            debug.exit(16384L, className, "encodeAndSign", this.signedCert);
        }
        return this.signedCert;
    }

    public X500Signer getSigner(AlgorithmId algorithmId, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException {
        if (debug != null) {
            debug.entry(16384L, className, "setSigner", algorithmId, privateKey);
        }
        if (!(privateKey instanceof Key)) {
            if (debug != null) {
                debug.text(16384L, className, "setSigner", "private key not a key!");
            }
            throw new InvalidKeyException("private key not a key!");
        }
        String algorithm = privateKey.getAlgorithm();
        Signature signature = Signature.getInstance(algorithmId.getName());
        if (!this.pubkey.getAlgorithm().equals(algorithm)) {
            if (debug != null) {
                debug.text(16384L, className, "setSigner", new StringBuffer().append("Private key algorithm ").append(algorithm).append(" incompatible with certificate ").append(this.pubkey.getAlgorithm()).toString());
            }
            throw new InvalidKeyException(new StringBuffer().append("Private key algorithm ").append(algorithm).append(" incompatible with certificate ").append(this.pubkey.getAlgorithm()).toString());
        }
        signature.initSign(privateKey);
        X500Signer x500Signer = new X500Signer(signature, this.subject);
        if (debug != null) {
            debug.exit(16384L, className, "setSigner", x500Signer);
        }
        return x500Signer;
    }

    public Signature getVerifier(String str) throws NoSuchAlgorithmException, InvalidKeyException {
        if (debug != null) {
            debug.entry(16384L, className, "getVerifier", str);
        }
        Signature signature = Signature.getInstance(str);
        signature.initVerify(this.pubkey);
        if (debug != null) {
            debug.exit(16384L, className, "getVerifier", signature);
        }
        return signature;
    }

    public byte[] getSignedCert() {
        return (byte[]) this.signedCert.clone();
    }

    public BigInteger getSerialNumber() {
        return this.serialnum;
    }

    public X500Name getSubjectName() {
        return this.subject;
    }

    public X500Name getIssuerName() {
        return this.issuer;
    }

    public AlgorithmId getIssuerAlgorithmId() {
        return this.issuerSigAlg;
    }

    public Date getNotBefore() {
        return new Date(this.notbefore.getTime());
    }

    public Date getNotAfter() {
        return new Date(this.notafter.getTime());
    }

    @Override // java.security.Certificate
    public PublicKey getPublicKey() {
        return this.pubkey;
    }

    public int getVersion() {
        return this.version;
    }

    public int hashCode() {
        if (debug != null) {
            debug.entry(16384L, className, "hashCode");
        }
        int i = 0;
        for (int i2 = 0; i2 < this.signedCert.length; i2++) {
            i += this.signedCert[i2] * i2;
        }
        if (debug != null) {
            debug.exit(16384L, (Object) className, "hashCode", i);
        }
        return i;
    }

    public String toString() {
        if (this.subject == null || this.pubkey == null || this.notbefore == null || this.notafter == null || this.issuer == null || this.issuerSigAlg == null || this.serialnum == null) {
            throw new NullPointerException("X.509 cert is incomplete");
        }
        return new StringBuffer().append("[\n").append(new StringBuffer().append(new StringBuffer().append(new StringBuffer().append(new StringBuffer().append(new StringBuffer().append(new StringBuffer().append(new StringBuffer().append("  X.509v").append(this.version + 1).append(" certificate,\n").toString()).append("  Subject is ").append(this.subject).append("\n").toString()).append("  Key:  ").append(this.pubkey).toString()).append("  Validity <").append(this.notbefore).append("> until <").append(this.notafter).append(">\n").toString()).append("  Issuer is ").append(this.issuer).append("\n").toString()).append("  Issuer signature used ").append(this.issuerSigAlg.toString()).append("\n").toString()).append("  Serial number = ").append(this.serialnum).append("\n").toString()).append("]").toString();
    }

    @Override // java.security.Certificate
    public String toString(boolean z) {
        return toString();
    }

    private void parse(DerValue derValue) throws IOException {
        if (debug != null) {
            debug.entry(16384L, className, "parse", derValue);
        }
        if (this.parsed) {
            if (debug != null) {
                debug.text(16384L, className, "parse", "Certificate already parsed");
            }
            throw new IOException("Certificate already parsed");
        }
        DerValue[] derValueArr = {derValue.getData().getDerValue(), derValue.getData().getDerValue(), derValue.getData().getDerValue()};
        if (derValue.getData().available() != 0) {
            if (debug != null) {
                debug.text(16384L, className, "parse", new StringBuffer().append("signed overrun, bytes = ").append(derValue.getData().available()).toString());
            }
            throw new CertParseError(new StringBuffer().append("signed overrun, bytes = ").append(derValue.getData().available()).toString());
        }
        if (derValueArr[0].getTag() != 48) {
            if (debug != null) {
                debug.text(16384L, className, "parse", "signed fields invalid");
            }
            throw new CertParseError("signed fields invalid");
        }
        this.rawCert = derValueArr[0].toByteArray();
        this.issuerSigAlg = AlgorithmId.parse(derValueArr[1]);
        this.signature = derValueArr[2].getBitString();
        if (derValueArr[1].getData().available() != 0) {
            if (debug != null) {
                debug.text(16384L, className, "parse", "algid field overrun");
            }
            throw new CertParseError("algid field overrun");
        }
        if (derValueArr[2].getData().available() != 0) {
            if (debug != null) {
                debug.text(16384L, className, "parse", "signed fields overrun");
            }
            throw new CertParseError("signed fields overrun");
        }
        DerInputStream data = derValueArr[0].getData();
        this.version = 0;
        DerValue derValue2 = data.getDerValue();
        if (derValue2.isConstructed() && derValue2.isContextSpecific()) {
            this.version = derValue2.getData().getInteger().intValue();
            if (derValue2.getData().available() != 0) {
                if (debug != null) {
                    debug.text(16384L, className, "parse", "X.509 version, bad format");
                }
                throw new IOException("X.509 version, bad format");
            }
            derValue2 = data.getDerValue();
        }
        this.serialnum = derValue2.getInteger();
        AlgorithmId parse = AlgorithmId.parse(data.getDerValue());
        if (!parse.equals(this.issuerSigAlg)) {
            if (debug != null) {
                debug.text(16384L, className, "parse", "CA Algorithm mismatch!");
            }
            throw new CertParseError("CA Algorithm mismatch!");
        }
        this.algid = parse;
        this.issuer = new X500Name(data);
        DerValue derValue3 = data.getDerValue();
        if (derValue3.getTag() != 48) {
            if (debug != null) {
                debug.text(16384L, className, "parse", "corrupt validity field");
            }
            throw new CertParseError("corrupt validity field");
        }
        this.notbefore = derValue3.getData().getUTCTime();
        this.notafter = derValue3.getData().getUTCTime();
        if (derValue3.getData().available() != 0) {
            if (debug != null) {
                debug.text(16384L, className, "parse", "excess validity data");
            }
            throw new CertParseError("excess validity data");
        }
        this.subject = new X500Name(data);
        this.pubkey = X509Key.parse(data.getDerValue());
        if (data.available() != 0) {
        }
        this.parsed = true;
        if (debug != null) {
            debug.exit(16384L, className, "parse");
        }
    }

    private byte[] DERencode() throws IOException {
        if (debug != null) {
            debug.exit(16384L, className, "DERencode");
        }
        DerOutputStream derOutputStream = new DerOutputStream();
        encode(derOutputStream);
        byte[] byteArray = derOutputStream.toByteArray();
        if (debug != null) {
            debug.exit(16384L, className, "DERencode", byteArray);
        }
        return byteArray;
    }

    private void encode(DerOutputStream derOutputStream) throws IOException {
        if (debug != null) {
            debug.entry(16384L, className, "encode", derOutputStream);
        }
        DerOutputStream derOutputStream2 = new DerOutputStream();
        derOutputStream2.putInteger(this.serialnum);
        this.issuerSigAlg.encode(derOutputStream2);
        this.issuer.encode(derOutputStream2);
        DerOutputStream derOutputStream3 = new DerOutputStream();
        derOutputStream3.putUTCTime(this.notbefore);
        derOutputStream3.putUTCTime(this.notafter);
        derOutputStream2.write((byte) 48, derOutputStream3);
        this.subject.encode(derOutputStream2);
        derOutputStream2.write(this.pubkey.getEncoded());
        derOutputStream.write((byte) 48, derOutputStream2);
        if (debug != null) {
            debug.exit(16384L, className, "encode");
        }
    }

    private byte[] sign(X500Signer x500Signer, byte[] bArr) throws IOException, SignatureException {
        if (debug != null) {
            debug.entry(16384L, className, "sign", x500Signer, bArr);
        }
        DerOutputStream derOutputStream = new DerOutputStream();
        DerOutputStream derOutputStream2 = new DerOutputStream();
        derOutputStream2.write(bArr);
        x500Signer.getAlgorithmId().encode(derOutputStream2);
        x500Signer.update(bArr, 0, bArr.length);
        this.signature = x500Signer.sign();
        derOutputStream2.putBitString(this.signature);
        derOutputStream.write((byte) 48, derOutputStream2);
        byte[] byteArray = derOutputStream.toByteArray();
        if (debug != null) {
            debug.exit(16384L, className, "sign", byteArray);
        }
        return byteArray;
    }

    private synchronized void writeObject(ObjectOutputStream objectOutputStream) throws IOException {
        encode(objectOutputStream);
    }

    private synchronized void readObject(ObjectInputStream objectInputStream) throws IOException {
        decode(objectInputStream);
    }
}
