package com.ibm.security.x509;

import com.ibm.misc.Debug;
import com.ibm.misc.HexDumpEncoder;
import com.ibm.security.util.DerEncoder;
import com.ibm.security.util.DerInputStream;
import com.ibm.security.util.DerOutputStream;
import com.ibm.security.util.DerValue;
import com.ibm.security.util.ObjectIdentifier;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Set;
import sun.tools.java.RuntimeConstants;

/* loaded from: input_file:efixes/PQ88647_nd_win/components/prereq.jdk/update.jar:/java/jre/lib/security.jar:com/ibm/security/x509/X509CRLImpl.class */
public final class X509CRLImpl extends X509CRL implements DerEncoder {
    private static final int V1 = 0;
    private static final int V2 = 1;
    private byte[] signedCRL;
    private byte[] signature;
    private byte[] tbsCertList;
    private AlgorithmId sigAlgId;
    private int version;
    private AlgorithmId infoSigAlgId;
    private X500Name issuer;
    private Date thisUpdate;
    private Date nextUpdate;
    private Hashtable revokedCerts;
    private CRLExtensions extensions;
    private static final boolean isExplicit = true;
    private static final long YR_2050 = 2524636800000L;
    private boolean readOnly;
    private static Debug debug = Debug.getInstance("ibmpkcs");
    private static String className = "com.ibm.security.x509.X509CRLImpl";

    private X509CRLImpl() {
        this.signedCRL = null;
        this.signature = null;
        this.tbsCertList = null;
        this.sigAlgId = null;
        this.issuer = null;
        this.thisUpdate = null;
        this.nextUpdate = null;
        this.revokedCerts = new Hashtable(11);
        this.extensions = null;
        this.readOnly = false;
        if (debug != null) {
            debug.entry(8192L, className, "X509CRLImpl");
            debug.exit(8192L, className, "X509CRLImpl");
        }
    }

    public X509CRLImpl(int i, X500Name x500Name, Date date, Date date2, X509CRLEntry[] x509CRLEntryArr, CRLExtensions cRLExtensions) throws CRLException {
        this.signedCRL = null;
        this.signature = null;
        this.tbsCertList = null;
        this.sigAlgId = null;
        this.issuer = null;
        this.thisUpdate = null;
        this.nextUpdate = null;
        this.revokedCerts = new Hashtable(11);
        this.extensions = null;
        this.readOnly = false;
        if (debug != null) {
            debug.entry(16384L, (Object) className, "X509CRLImpl", new Object[]{new Integer(i), x500Name, date, date2, x509CRLEntryArr, cRLExtensions});
        }
        if (i != 0 && i != 1) {
            throw new CRLException(new StringBuffer("CRL version ").append(i).append(" not supported").toString());
        }
        this.version = i;
        this.issuer = x500Name;
        if (date != null) {
            this.thisUpdate = new Date(date.getTime());
        } else {
            this.thisUpdate = date;
        }
        if (date2 != null) {
            this.nextUpdate = new Date(date2.getTime());
        } else {
            this.nextUpdate = date2;
        }
        if (x509CRLEntryArr != null) {
            for (int i2 = 0; i2 < x509CRLEntryArr.length; i2++) {
                if (x509CRLEntryArr[i2] != null) {
                    this.revokedCerts.put(x509CRLEntryArr[i2].getSerialNumber(), x509CRLEntryArr[i2]);
                    if (x509CRLEntryArr[i2].hasExtensions() && this.version < 1) {
                        throw new CRLException(new StringBuffer("Revoked certs extensions present. Invalid version number: ").append(this.version).toString());
                    }
                }
            }
        }
        if (cRLExtensions != null) {
            if (this.version < 1) {
                throw new CRLException(new StringBuffer("CRL extensions present. Invalid version number: ").append(this.version).toString());
            }
            if (cRLExtensions != null) {
                DerOutputStream derOutputStream = new DerOutputStream();
                cRLExtensions.encode(derOutputStream, false);
                this.extensions = new CRLExtensions(new DerInputStream(derOutputStream.toByteArray()));
                this.version = 1;
            } else {
                this.extensions = cRLExtensions;
            }
        }
        if (debug != null) {
            debug.exit(16384L, className, "X509CRLImpl");
        }
    }

    public X509CRLImpl(DerValue derValue) throws CRLException {
        this.signedCRL = null;
        this.signature = null;
        this.tbsCertList = null;
        this.sigAlgId = null;
        this.issuer = null;
        this.thisUpdate = null;
        this.nextUpdate = null;
        this.revokedCerts = new Hashtable(11);
        this.extensions = null;
        this.readOnly = false;
        if (debug != null) {
            debug.entry(16384L, className, "X509CRLImpl", derValue);
        }
        try {
            parse(derValue);
            if (debug != null) {
                debug.exit(16384L, className, "X509CRLImpl");
            }
        } catch (IOException e) {
            this.signedCRL = null;
            if (debug != null) {
                debug.exception(16384L, className, "X509CRLImpl", e);
            }
            throw new CRLException(new StringBuffer("Parsing error: ").append(e.getMessage()).toString());
        }
    }

    public X509CRLImpl(X500Name x500Name, Date date, Date date2) {
        this.signedCRL = null;
        this.signature = null;
        this.tbsCertList = null;
        this.sigAlgId = null;
        this.issuer = null;
        this.thisUpdate = null;
        this.nextUpdate = null;
        this.revokedCerts = new Hashtable(11);
        this.extensions = null;
        this.readOnly = false;
        if (debug != null) {
            debug.entry(16384L, (Object) className, "X509CRLImpl", new Object[]{x500Name, date, date2});
        }
        this.issuer = x500Name;
        if (date != null) {
            this.thisUpdate = new Date(date.getTime());
        } else {
            this.thisUpdate = date;
        }
        if (date2 != null) {
            this.nextUpdate = new Date(date2.getTime());
        } else {
            this.nextUpdate = date2;
        }
        if (debug != null) {
            debug.exit(16384L, className, "X509CRLImpl");
        }
    }

    public X509CRLImpl(X500Name x500Name, Date date, Date date2, X509CRLEntry[] x509CRLEntryArr) throws CRLException {
        this.signedCRL = null;
        this.signature = null;
        this.tbsCertList = null;
        this.sigAlgId = null;
        this.issuer = null;
        this.thisUpdate = null;
        this.nextUpdate = null;
        this.revokedCerts = new Hashtable(11);
        this.extensions = null;
        this.readOnly = false;
        if (debug != null) {
            debug.entry(16384L, (Object) className, "X509CRLImpl", new Object[]{x500Name, date, date2, x509CRLEntryArr});
        }
        this.issuer = x500Name;
        if (date != null) {
            this.thisUpdate = new Date(date.getTime());
        } else {
            this.thisUpdate = date;
        }
        if (date2 != null) {
            this.nextUpdate = new Date(date2.getTime());
        } else {
            this.nextUpdate = date2;
        }
        if (x509CRLEntryArr != null) {
            for (int i = 0; i < x509CRLEntryArr.length; i++) {
                if (x509CRLEntryArr[i] != null) {
                    this.revokedCerts.put(x509CRLEntryArr[i].getSerialNumber(), x509CRLEntryArr[i]);
                    if (x509CRLEntryArr[i].hasExtensions()) {
                        this.version = 1;
                    }
                }
            }
        }
        if (debug != null) {
            debug.exit(16384L, className, "X509CRLImpl");
        }
    }

    public X509CRLImpl(X500Name x500Name, Date date, Date date2, X509CRLEntry[] x509CRLEntryArr, CRLExtensions cRLExtensions) throws CRLException {
        this(x500Name, date, date2, x509CRLEntryArr);
        if (debug != null) {
            debug.entry(16384L, (Object) className, "X509CRLImpl", new Object[]{x500Name, date, date2, x509CRLEntryArr, cRLExtensions});
        }
        if (cRLExtensions != null) {
            if (cRLExtensions != null) {
                DerOutputStream derOutputStream = new DerOutputStream();
                cRLExtensions.encode(derOutputStream, false);
                this.extensions = new CRLExtensions(new DerInputStream(derOutputStream.toByteArray()));
                this.version = 1;
            } else {
                this.extensions = cRLExtensions;
            }
        }
        if (debug != null) {
            debug.exit(16384L, className, "X509CRLImpl");
        }
    }

    public X509CRLImpl(InputStream inputStream) throws CRLException {
        this.signedCRL = null;
        this.signature = null;
        this.tbsCertList = null;
        this.sigAlgId = null;
        this.issuer = null;
        this.thisUpdate = null;
        this.nextUpdate = null;
        this.revokedCerts = new Hashtable(11);
        this.extensions = null;
        this.readOnly = false;
        if (debug != null) {
            debug.entry(16384L, className, "X509CRLImpl", inputStream);
        }
        try {
            parse(new DerValue(inputStream));
            if (debug != null) {
                debug.exit(16384L, className, "X509CRLImpl");
            }
        } catch (IOException e) {
            this.signedCRL = null;
            if (debug != null) {
                debug.exception(16384L, className, "X509CRLImpl", e);
            }
            throw new CRLException(new StringBuffer("Parsing error: ").append(e.getMessage()).toString());
        }
    }

    public X509CRLImpl(byte[] bArr) throws CRLException {
        this.signedCRL = null;
        this.signature = null;
        this.tbsCertList = null;
        this.sigAlgId = null;
        this.issuer = null;
        this.thisUpdate = null;
        this.nextUpdate = null;
        this.revokedCerts = new Hashtable(11);
        this.extensions = null;
        this.readOnly = false;
        if (debug != null) {
            debug.entry(16384L, className, "X509CRLImpl", bArr);
        }
        try {
            parse(new DerValue(bArr));
            if (debug != null) {
                debug.exit(16384L, className, "X509CRLImpl");
            }
        } catch (IOException e) {
            this.signedCRL = null;
            if (debug != null) {
                debug.exception(16384L, className, "X509CRLImpl", e);
            }
            throw new CRLException(new StringBuffer("Parsing error: ").append(e.getMessage()).toString());
        }
    }

    @Override // com.ibm.security.util.DerEncoder
    public void derEncode(OutputStream outputStream) throws IOException {
        if (debug != null) {
            debug.entry(16384L, className, "derEncode", outputStream);
        }
        try {
            outputStream.write(getEncoded());
            if (debug != null) {
                debug.exit(16384L, className, "derEncode");
            }
        } catch (CRLException e) {
            if (debug != null) {
                debug.exception(16384L, className, "derEncode", e);
            }
            throw new IOException(e.toString());
        }
    }

    public void encodeInfo(OutputStream outputStream) throws CRLException {
        if (debug != null) {
            debug.entry(16384L, className, "encodeInfo", outputStream);
        }
        try {
            DerOutputStream derOutputStream = new DerOutputStream();
            DerOutputStream derOutputStream2 = new DerOutputStream();
            DerOutputStream derOutputStream3 = new DerOutputStream();
            if (this.version != 0) {
                derOutputStream.putInteger(BigInteger.valueOf(this.version));
            }
            this.infoSigAlgId.encode(derOutputStream);
            if (this.version == 0 && this.issuer.toString() == null) {
                if (debug != null) {
                    debug.text(16384L, className, "encodeInfo", "Null Issuer DN not allowed in v1 CRL");
                }
                throw new CRLException("Null Issuer DN not allowed in v1 CRL");
            }
            this.issuer.encode(derOutputStream);
            if (this.thisUpdate.getTime() < YR_2050) {
                derOutputStream.putUTCTime(this.thisUpdate);
            } else {
                derOutputStream.putGeneralizedTime(this.thisUpdate);
            }
            if (this.nextUpdate != null) {
                if (this.nextUpdate.getTime() < YR_2050) {
                    derOutputStream.putUTCTime(this.nextUpdate);
                } else {
                    derOutputStream.putGeneralizedTime(this.nextUpdate);
                }
            }
            if (!this.revokedCerts.isEmpty()) {
                Enumeration elements = this.revokedCerts.elements();
                while (elements.hasMoreElements()) {
                    ((X509CRLEntryImpl) elements.nextElement()).encode(derOutputStream2);
                }
                derOutputStream.write((byte) 48, derOutputStream2);
            }
            if (this.extensions != null) {
                this.extensions.encode(derOutputStream, true);
            }
            derOutputStream3.write((byte) 48, derOutputStream);
            this.tbsCertList = derOutputStream3.toByteArray();
            outputStream.write(this.tbsCertList);
            if (debug != null) {
                debug.exit(16384L, className, "encodeInfo");
            }
        } catch (IOException e) {
            if (debug != null) {
                debug.exception(16384L, className, "encodeInfo", e);
            }
            throw new CRLException(new StringBuffer("Encoding error: ").append(e.getMessage()).toString());
        }
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        if (debug != null) {
            debug.entry(16384L, className, "getCriticalExtensionOIDs");
        }
        if (this.extensions == null) {
            if (debug == null) {
                return null;
            }
            debug.exit(16384L, className, "getCriticalExtensionOIDs", (Object) null);
            return null;
        }
        HashSet hashSet = new HashSet(11);
        Enumeration elements = this.extensions.getElements();
        while (elements.hasMoreElements()) {
            Extension extension = (Extension) elements.nextElement();
            if (extension.isCritical()) {
                hashSet.add(extension.getExtensionId().toString());
            }
        }
        if (debug != null) {
            debug.exit(16384L, className, "getCriticalExtensionOIDs", hashSet);
        }
        return hashSet;
    }

    @Override // java.security.cert.X509CRL
    public byte[] getEncoded() throws CRLException {
        if (debug != null) {
            debug.entry(16384L, className, "getEncoded");
        }
        if (this.signedCRL == null) {
            if (debug != null) {
                debug.text(16384L, className, "getEncoded", "Null CRL to encode");
            }
            throw new CRLException("Null CRL to encode");
        }
        byte[] bArr = new byte[this.signedCRL.length];
        System.arraycopy(this.signedCRL, 0, bArr, 0, bArr.length);
        if (debug != null) {
            debug.entry(16384L, className, "getEncoded", bArr);
        }
        return bArr;
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        if (debug != null) {
            debug.entry(16384L, className, "getExtensionValue", str);
        }
        if (this.extensions == null) {
            if (debug == null) {
                return null;
            }
            debug.exit(16384L, className, "getExtensionValue_1", (Object) null);
            return null;
        }
        try {
            String name = OIDMap.getName(new ObjectIdentifier(str));
            Extension extension = null;
            if (name == null) {
                ObjectIdentifier objectIdentifier = new ObjectIdentifier(str);
                Enumeration elements = this.extensions.getElements();
                while (true) {
                    if (!elements.hasMoreElements()) {
                        break;
                    }
                    Extension extension2 = (Extension) elements.nextElement();
                    if (extension2.getExtensionId().equals(objectIdentifier)) {
                        extension = extension2;
                        break;
                    }
                }
            } else {
                extension = this.extensions.get(name);
            }
            if (extension == null) {
                if (debug == null) {
                    return null;
                }
                debug.exit(16384L, className, "getExtensionValue_2", (Object) null);
                return null;
            }
            byte[] extensionValue = extension.getExtensionValue();
            if (extensionValue == null) {
                if (debug == null) {
                    return null;
                }
                debug.exit(16384L, className, "getExtensionValue_3", (Object) null);
                return null;
            }
            DerOutputStream derOutputStream = new DerOutputStream();
            derOutputStream.putOctetString(extensionValue);
            byte[] byteArray = derOutputStream.toByteArray();
            if (debug != null) {
                debug.exit(16384L, className, "getExtensionValue", byteArray);
            }
            return byteArray;
        } catch (Exception e) {
            if (debug == null) {
                return null;
            }
            debug.exception(16384L, className, "getExtensionValue", e);
            debug.exit(16384L, className, "getExtensionValue_4", (Object) null);
            return null;
        }
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        if (debug != null) {
            debug.entry(16384L, className, "getIssuerDN");
            debug.exit(16384L, className, "getIssuerDN", this.issuer);
        }
        return this.issuer;
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        Date date;
        if (debug != null) {
            debug.entry(16384L, className, "getNextUpdate");
        }
        if (this.nextUpdate == null) {
            if (debug == null) {
                return null;
            }
            debug.exit(16384L, className, "getNextUpdate", (Object) null);
            return null;
        }
        try {
            date = new Date(this.nextUpdate.getTime());
        } catch (Exception unused) {
            date = null;
        }
        if (debug != null) {
            debug.exit(16384L, className, "getNextUpdate_1", date);
        }
        return date;
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        if (debug != null) {
            debug.entry(16384L, className, "getNonCriticalExtensionOIDs");
        }
        if (this.extensions == null) {
            if (debug == null) {
                return null;
            }
            debug.exit(16384L, className, "getNonCriticalExtensionOIDs", (Object) null);
            return null;
        }
        HashSet hashSet = new HashSet(11);
        Enumeration elements = this.extensions.getElements();
        while (elements.hasMoreElements()) {
            Extension extension = (Extension) elements.nextElement();
            if (!extension.isCritical()) {
                hashSet.add(extension.getExtensionId().toString());
            }
        }
        if (debug != null) {
            debug.exit(16384L, className, "getNonCriticalExtensionOIDs", hashSet);
        }
        return hashSet;
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        if (debug != null) {
            debug.entry(16384L, className, "getRevokedCertificate", bigInteger);
        }
        if (this.revokedCerts != null && !this.revokedCerts.isEmpty()) {
            if (debug != null) {
                debug.exit(16384L, className, "getRevokedCertificate", this.revokedCerts.get(bigInteger));
            }
            return (X509CRLEntry) this.revokedCerts.get(bigInteger);
        }
        if (debug == null) {
            return null;
        }
        debug.exit(16384L, className, "getRevokedCertificate", (Object) null);
        return null;
    }

    @Override // java.security.cert.X509CRL
    public Set getRevokedCertificates() {
        if (debug != null) {
            debug.entry(16384L, className, "getRevokedCertificates");
        }
        if (this.revokedCerts == null || this.revokedCerts.isEmpty()) {
            if (debug == null) {
                return null;
            }
            debug.exit(16384L, className, "getRevokedCertificates", (Object) null);
            return null;
        }
        HashSet hashSet = new HashSet(11);
        for (Object obj : this.revokedCerts.values().toArray()) {
            hashSet.add(obj);
        }
        if (debug != null) {
            debug.exit(16384L, className, "getRevokedCertificates", hashSet);
        }
        return hashSet;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        if (debug != null) {
            debug.entry(16384L, className, "getSignature");
        }
        if (this.sigAlgId != null) {
            if (debug != null) {
                debug.exit(16384L, className, "getSignature", this.sigAlgId.getName());
            }
            return this.sigAlgId.getName();
        }
        if (debug == null) {
            return null;
        }
        debug.exit(16384L, className, "getSignature", (Object) null);
        return null;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        if (debug != null) {
            debug.entry(16384L, className, "getSigAlgOID");
        }
        if (this.sigAlgId == null) {
            if (debug == null) {
                return null;
            }
            debug.exit(16384L, className, "getSigAlgOID", (Object) null);
            return null;
        }
        ObjectIdentifier oid = this.sigAlgId.getOID();
        if (debug != null) {
            debug.exit(16384L, className, "getSigAlgOID", oid.toString());
        }
        return oid.toString();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        if (debug != null) {
            debug.entry(16384L, className, "getSigAlgParams");
        }
        if (this.sigAlgId == null) {
            if (debug == null) {
                return null;
            }
            debug.exit(16384L, className, "getSigAlgParams", (Object) null);
            return null;
        }
        try {
            if (debug != null) {
                debug.exit(16384L, className, "getSigAlgParams", this.sigAlgId.getEncodedParams());
            }
            return this.sigAlgId.getEncodedParams();
        } catch (IOException e) {
            if (debug == null) {
                return null;
            }
            debug.exception(16384L, className, "getSigAlgParams", e);
            debug.exit(16384L, className, "getSigAlgParams", (Object) null);
            return null;
        }
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        if (debug != null) {
            debug.entry(16384L, className, "getSignature");
        }
        if (this.signature == null) {
            if (debug == null) {
                return null;
            }
            debug.exit(16384L, className, "getSignature", (Object) null);
            return null;
        }
        byte[] bArr = new byte[this.signature.length];
        System.arraycopy(this.signature, 0, bArr, 0, bArr.length);
        if (debug != null) {
            debug.exit(16384L, className, "getSignature", bArr);
        }
        return bArr;
    }

    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() throws CRLException {
        if (debug != null) {
            debug.entry(16384L, className, "getTBSCertList");
        }
        if (this.tbsCertList == null) {
            if (debug != null) {
                debug.text(16384L, className, "getTBSCertList", "Uninitialized CRL");
            }
            throw new CRLException("Uninitialized CRL");
        }
        byte[] bArr = new byte[this.tbsCertList.length];
        System.arraycopy(this.tbsCertList, 0, bArr, 0, bArr.length);
        if (debug != null) {
            debug.exit(16384L, className, "getTBSCertList", bArr);
        }
        return bArr;
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        if (debug != null) {
            debug.entry(16384L, className, "getThisUpdate");
            debug.exit(16384L, className, "getThisUpdate", new Date(this.thisUpdate.getTime()));
        }
        return new Date(this.thisUpdate.getTime());
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        if (debug != null) {
            debug.entry(16384L, className, "getVersion");
            debug.exit(16384L, className, "getVersion", new Integer(this.version + 1));
        }
        return this.version + 1;
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        if (debug != null) {
            debug.entry(16384L, className, "hasUnsupportedCriticalExtension");
        }
        if (this.extensions != null) {
            if (debug != null) {
                debug.exit(16384L, className, "hasUnsupportedCriticalExtension", new Boolean(this.extensions.hasUnsupportedCriticalExtension()));
            }
            return this.extensions.hasUnsupportedCriticalExtension();
        }
        if (debug == null) {
            return false;
        }
        debug.exit(16384L, className, "hasUnsupportedCriticalExtension", new Boolean(false));
        return false;
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        if (debug != null) {
            debug.entry(16384L, className, "isRevoked", certificate);
        }
        if (this.revokedCerts == null || this.revokedCerts.isEmpty()) {
            if (debug == null) {
                return false;
            }
            debug.exit(16384L, className, "isRevoked", new Boolean(false));
            return false;
        }
        if (certificate instanceof X509Certificate) {
            BigInteger serialNumber = ((X509Certificate) certificate).getSerialNumber();
            if (debug != null) {
                debug.exit(16384L, className, "isRevoked", new Boolean(this.revokedCerts.containsKey(serialNumber)));
            }
            return this.revokedCerts.containsKey(serialNumber);
        }
        if (debug == null) {
            return false;
        }
        debug.exit(16384L, className, "isRevoked", new Boolean(false));
        return false;
    }

    private void parse(DerValue derValue) throws CRLException, IOException {
        if (debug != null) {
            debug.entry(8192L, className, "parse", derValue);
        }
        if (this.readOnly) {
            if (debug != null) {
                debug.exit(8192L, className, "parse", "cannot over-write existing CRL");
            }
            throw new CRLException("cannot over-write existing CRL");
        }
        this.signedCRL = derValue.toByteArray();
        DerValue[] derValueArr = {derValue.getData().getDerValue(), derValue.getData().getDerValue(), derValue.getData().getDerValue()};
        if (derValue.getData().available() != 0) {
            if (debug != null) {
                debug.exit(8192L, className, "parse", new StringBuffer("signed overrun, bytes = ").append(derValue.getData().available()).toString());
            }
            throw new CRLException(new StringBuffer("signed overrun, bytes = ").append(derValue.getData().available()).toString());
        }
        if (derValueArr[0].getTag() != 48) {
            if (debug != null) {
                debug.exit(8192L, className, "parse", "signed CRL fields invalid");
            }
            throw new CRLException("signed CRL fields invalid");
        }
        this.sigAlgId = AlgorithmId.parse(derValueArr[1]);
        this.signature = derValueArr[2].getBitString();
        if (derValueArr[1].getData().available() != 0) {
            if (debug != null) {
                debug.exit(8192L, className, "parse", "AlgorithmId field overrun");
            }
            throw new CRLException("AlgorithmId field overrun");
        }
        if (derValueArr[2].getData().available() != 0) {
            if (debug != null) {
                debug.exit(8192L, className, "parse", "Signature field overrun");
            }
            throw new CRLException("Signature field overrun");
        }
        this.tbsCertList = derValueArr[0].toByteArray();
        DerInputStream data = derValueArr[0].getData();
        this.version = 0;
        if (((byte) data.peekByte()) == 2) {
            this.version = data.getInteger().intValue();
            if (this.version != 1) {
                if (debug != null) {
                    debug.exit(8192L, className, "parse", "Invalid version");
                }
                throw new CRLException("Invalid version");
            }
        }
        AlgorithmId parse = AlgorithmId.parse(data.getDerValue());
        if (!parse.equals(this.sigAlgId)) {
            if (debug != null) {
                debug.exit(8192L, className, "parse", "Signature algorithm mismatch");
            }
            throw new CRLException("Signature algorithm mismatch");
        }
        this.infoSigAlgId = parse;
        this.issuer = new X500Name(data);
        if (this.issuer.toString() == null && this.version == 0) {
            if (debug != null) {
                debug.exit(8192L, className, "parse", "Null Issuer DN allowed only in v2 CRL");
            }
            throw new CRLException("Null Issuer DN allowed only in v2 CRL");
        }
        byte peekByte = (byte) data.peekByte();
        if (peekByte == 23) {
            this.thisUpdate = data.getUTCTime();
        } else {
            if (peekByte != 24) {
                if (debug != null) {
                    debug.exit(8192L, className, "parse", new StringBuffer("Invalid encoding for thisUpdate (tag=").append((int) peekByte).append(RuntimeConstants.SIG_ENDMETHOD).toString());
                }
                throw new CRLException(new StringBuffer("Invalid encoding for thisUpdate (tag=").append((int) peekByte).append(RuntimeConstants.SIG_ENDMETHOD).toString());
            }
            this.thisUpdate = data.getGeneralizedTime();
        }
        byte peekByte2 = (byte) data.peekByte();
        if (peekByte2 == 23) {
            this.nextUpdate = data.getUTCTime();
        } else if (peekByte2 == 24) {
            this.nextUpdate = data.getGeneralizedTime();
        }
        if (data.available() == 0) {
            return;
        }
        byte peekByte3 = (byte) data.peekByte();
        if (peekByte3 == 48 && (peekByte3 & 192) != 128) {
            for (DerValue derValue2 : data.getSequence(4)) {
                X509CRLEntryImpl x509CRLEntryImpl = new X509CRLEntryImpl(derValue2);
                if (x509CRLEntryImpl.hasExtensions() && this.version == 0) {
                    if (debug != null) {
                        debug.exit(8192L, className, "parse", "Invalid encoding, extensions not supported in CRL v1 entries.");
                    }
                    throw new CRLException("Invalid encoding, extensions not supported in CRL v1 entries.");
                }
                this.revokedCerts.put(x509CRLEntryImpl.getSerialNumber(), x509CRLEntryImpl);
            }
        }
        if (data.available() == 0) {
            return;
        }
        DerValue derValue3 = data.getDerValue();
        if (derValue3.isConstructed() && derValue3.isContextSpecific((byte) 0)) {
            if (this.version == 0) {
                if (debug != null) {
                    debug.exit(8192L, className, "parse", "Invalid encoding, extensions not supported in CRL v1.");
                }
                throw new CRLException("Invalid encoding, extensions not supported in CRL v1.");
            }
            this.extensions = new CRLExtensions(derValue3.getData());
        }
        this.readOnly = true;
        if (debug != null) {
            debug.exit(8192L, className, "parse");
        }
    }

    public void sign(PrivateKey privateKey, String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        if (debug != null) {
            debug.entry(16384L, className, "sign", privateKey, str);
        }
        sign(privateKey, str, null);
        if (debug != null) {
            debug.exit(16384L, className, "sign");
        }
    }

    public void sign(PrivateKey privateKey, String str, String str2) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        if (debug != null) {
            debug.entry(16384L, (Object) className, "sign", new Object[]{privateKey, str, str2});
        }
        try {
            if (this.readOnly) {
                if (debug != null) {
                    debug.text(16384L, className, "sign", "cannot over-write existing CRL");
                }
                throw new CRLException("cannot over-write existing CRL");
            }
            Signature signature = (str2 == null || str2.length() == 0) ? Signature.getInstance(str) : Signature.getInstance(str, str2);
            signature.initSign(privateKey);
            this.sigAlgId = AlgorithmId.get(signature.getAlgorithm());
            this.infoSigAlgId = this.sigAlgId;
            DerOutputStream derOutputStream = new DerOutputStream();
            DerOutputStream derOutputStream2 = new DerOutputStream();
            encodeInfo(derOutputStream2);
            this.sigAlgId.encode(derOutputStream2);
            signature.update(this.tbsCertList, 0, this.tbsCertList.length);
            this.signature = signature.sign();
            derOutputStream2.putBitString(this.signature);
            derOutputStream.write((byte) 48, derOutputStream2);
            this.signedCRL = derOutputStream.toByteArray();
            this.readOnly = true;
            if (debug != null) {
                debug.exit(16384L, className, "sign");
            }
        } catch (IOException e) {
            if (debug != null) {
                debug.exception(16384L, className, "sign", e);
            }
            throw new CRLException(new StringBuffer("Error while encoding data: ").append(e.getMessage()).toString());
        }
    }

    @Override // java.security.cert.CRL
    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(new StringBuffer("X.509 CRL v").append(this.version + 1).append("\r\n").toString());
        if (this.sigAlgId != null) {
            stringBuffer.append(new StringBuffer("Signature Algorithm: ").append(this.sigAlgId.toString()).append(", OID=").append(this.sigAlgId.getOID().toString()).append("\r\n").toString());
        }
        if (this.issuer != null) {
            stringBuffer.append(new StringBuffer("Issuer: ").append(this.issuer.toString()).append("\r\n").toString());
        }
        if (this.thisUpdate != null) {
            stringBuffer.append(new StringBuffer("\r\nThis Update: ").append(this.thisUpdate.toString()).append("\r\n").toString());
        }
        if (this.nextUpdate != null) {
            stringBuffer.append(new StringBuffer("Next Update: ").append(this.nextUpdate.toString()).append("\r\n").toString());
        }
        if (this.revokedCerts.isEmpty()) {
            stringBuffer.append("\r\nNO certificates have been revoked\r\n");
        } else {
            stringBuffer.append(new StringBuffer("\r\nRevoked Certificates: ").append(this.revokedCerts.size()).toString());
            int i = 1;
            Enumeration elements = this.revokedCerts.elements();
            while (elements.hasMoreElements()) {
                stringBuffer.append(new StringBuffer("\r\n[").append(i).append("] ").append(((X509CRLEntry) elements.nextElement()).toString()).toString());
                i++;
            }
        }
        if (this.extensions != null) {
            Object[] array = this.extensions.getAllExtensions().toArray();
            stringBuffer.append(new StringBuffer("\r\nCRL Extensions: ").append(array.length).toString());
            for (int i2 = 0; i2 < array.length; i2++) {
                stringBuffer.append(new StringBuffer("\r\n[").append(i2 + 1).append("]: ").toString());
                Extension extension = (Extension) array[i2];
                try {
                    if (OIDMap.getClass(extension.getExtensionId()) == null) {
                        stringBuffer.append(extension.toString());
                        byte[] extensionValue = extension.getExtensionValue();
                        if (extensionValue != null) {
                            DerOutputStream derOutputStream = new DerOutputStream();
                            derOutputStream.putOctetString(extensionValue);
                            stringBuffer.append(new StringBuffer("Extension unknown: DER encoded OCTET string =\r\n").append(new HexDumpEncoder().encodeBuffer(derOutputStream.toByteArray())).append("\r\n").toString());
                        }
                    } else {
                        stringBuffer.append(extension.toString());
                    }
                } catch (Exception unused) {
                    stringBuffer.append(", Error parsing this extension");
                }
            }
        }
        if (this.signature != null) {
            stringBuffer.append(new StringBuffer("\r\nSignature:\r\n").append(new HexDumpEncoder().encodeBuffer(this.signature)).append("\r\n").toString());
        } else {
            stringBuffer.append("NOT signed yet\r\n");
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        if (debug != null) {
            debug.entry(16384L, className, "verify", publicKey);
        }
        verify(publicKey, null);
        if (debug != null) {
            debug.exit(16384L, className, "verify");
        }
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        if (debug != null) {
            debug.entry(16384L, className, "verify", publicKey, str);
        }
        if (this.signedCRL == null) {
            if (debug != null) {
                debug.text(16384L, className, "verify", "Uninitialized CRL");
            }
            throw new CRLException("Uninitialized CRL");
        }
        Signature signature = (str == null || str.length() == 0) ? Signature.getInstance(this.sigAlgId.getName()) : Signature.getInstance(this.sigAlgId.getName(), str);
        signature.initVerify(publicKey);
        if (this.tbsCertList == null) {
            if (debug != null) {
                debug.text(16384L, className, "verify", "Uninitialized CRL");
            }
            throw new CRLException("Uninitialized CRL");
        }
        signature.update(this.tbsCertList, 0, this.tbsCertList.length);
        if (!signature.verify(this.signature)) {
            if (debug != null) {
                debug.text(16384L, className, "verify", "Signature does not match.");
            }
            throw new SignatureException("Signature does not match.");
        }
        if (debug != null) {
            debug.exit(16384L, className, "verify");
        }
    }
}
