package com.phaos.cert;

import com.phaos.ASN1.ASN1BitString;
import com.phaos.ASN1.ASN1ConstructedInputStream;
import com.phaos.ASN1.ASN1Date;
import com.phaos.ASN1.ASN1GenericConstructed;
import com.phaos.ASN1.ASN1Integer;
import com.phaos.ASN1.ASN1Object;
import com.phaos.ASN1.ASN1ObjectID;
import com.phaos.ASN1.ASN1Sequence;
import com.phaos.ASN1.ASN1SequenceInputStream;
import com.phaos.cert.extension.BasicConstraintsExtension;
import com.phaos.cert.extension.KeyUsageExtension;
import com.phaos.crypto.AlgID;
import com.phaos.crypto.AlgorithmIdentifier;
import com.phaos.crypto.AlgorithmIdentifierException;
import com.phaos.crypto.AuthenticationException;
import com.phaos.crypto.InvalidKeyException;
import com.phaos.crypto.MessageDigest;
import com.phaos.crypto.PrivateKey;
import com.phaos.crypto.PublicKey;
import com.phaos.crypto.RandomBitsSource;
import com.phaos.crypto.Signature;
import com.phaos.crypto.SignatureException;
import com.phaos.utils.CryptoUtils;
import com.phaos.utils.InvalidInputException;
import com.phaos.utils.OutputGenerationException;
import com.phaos.utils.StreamableOutputException;
import com.phaos.utils.UnsyncByteArrayInputStream;
import com.phaos.utils.Utils;
import java.io.Externalizable;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInput;
import java.io.ObjectOutput;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.URL;
import java.util.Calendar;
import java.util.Date;
import java.util.Enumeration;
import java.util.Vector;

/* loaded from: input_file:com/phaos/cert/X509.class */
public class X509 extends Certificate implements ASN1Object, Externalizable {
    private ASN1Sequence g;
    private AlgorithmIdentifier h;
    private transient MessageDigest i;
    private PrivateKey j;
    private X500Name k;
    private CRL l;
    private BigInteger m;
    private byte[] n;
    protected boolean isDecoded;
    private Date o;
    private X509 p;
    private Date q;
    private ASN1Sequence r;
    private X509ExtensionSet s;

    public static byte[] getCertID(X500Name x500Name, BigInteger bigInteger, MessageDigest messageDigest) {
        messageDigest.init();
        messageDigest.updateASCII(x500Name.toString());
        messageDigest.updateASCII(bigInteger.toString());
        messageDigest.computeCurrent();
        return messageDigest.getDigestBits();
    }

    private boolean a(X509 x509) {
        if (!this.isDecoded) {
            decode();
        }
        return Utils.areEqual(Utils.toBytes(this), Utils.toBytes(x509));
    }

    public X509(InputStream inputStream) throws IOException {
        this.s = null;
        this.isDecoded = false;
        this.g = null;
        this.i = null;
        input(inputStream);
    }

    public void setKey(PublicKey publicKey) {
        setPublicKey(publicKey);
    }

    private void b() {
        e();
        this.r = null;
        this.n = null;
    }

    public X500Name getSubject() {
        if (!this.isDecoded) {
            decode();
        }
        return (X500Name) this.holder;
    }

    public byte[] getCertID(MessageDigest messageDigest) {
        if (!this.isDecoded) {
            decode();
        }
        return getCertID(this.k, this.m, messageDigest);
    }

    @Override // com.phaos.cert.Certificate
    public PublicKey getPublicKey() {
        if (!this.isDecoded) {
            decode();
        }
        return this.key;
    }

    @Override // com.phaos.cert.Certificate
    public PublicKey getKey() {
        return getPublicKey();
    }

    public void input(ASN1Sequence aSN1Sequence) throws IOException {
        input(Utils.toStream(aSN1Sequence));
    }

    public X509ExtensionSet getExtensionSet() {
        if (!this.isDecoded) {
            decode();
        }
        return this.s;
    }

    public void setPublicKey(PublicKey publicKey) {
        this.key = publicKey;
        b();
    }

    public void sign() throws SignatureException {
        sign(RandomBitsSource.getDefault());
    }

    public void setIssuerCertificate(X509 x509) {
        this.p = x509;
        if (this.k == null) {
            setIssuer(x509.getSubject());
        }
    }

    public X509(X500Name x500Name, PublicKey publicKey, X500Name x500Name2, PrivateKey privateKey, BigInteger bigInteger, int i) throws SignatureException {
        this();
        this.holder = x500Name;
        this.key = publicKey;
        this.k = x500Name2;
        this.j = privateKey;
        this.m = bigInteger;
        setValidity(i);
        sign();
    }

    public void setSigAlgID(AlgorithmIdentifier algorithmIdentifier) {
        this.h = algorithmIdentifier;
        b();
    }

    public void setNotAfterDate(Date date) {
        this.q = date;
        b();
    }

    public void initialize(InputStream inputStream) throws IOException {
        input(inputStream);
    }

    public X509(File file) throws IOException {
        this.s = null;
        this.isDecoded = false;
        this.g = null;
        this.i = null;
        FileInputStream fileInputStream = new FileInputStream(file);
        input(fileInputStream);
        fileInputStream.close();
    }

    public X509Attributes getAttributes() {
        if (!this.isDecoded) {
            decode();
        }
        return X509Attributes.fromExtensionSet(this.s, 0);
    }

    private boolean c() {
        if (!this.isDecoded) {
            decode();
        }
        BasicConstraintsExtension basicConstraintsExtension = (BasicConstraintsExtension) this.p.getExtension(PKIX.id_ce_basicConstraints);
        if (basicConstraintsExtension != null && !basicConstraintsExtension.getCA()) {
            return false;
        }
        KeyUsageExtension keyUsageExtension = (KeyUsageExtension) this.p.getExtension(PKIX.id_ce_keyUsage);
        return keyUsageExtension == null || !keyUsageExtension.getCritical() || keyUsageExtension.hasUsageFlag(5);
    }

    public boolean equals(Object obj) {
        if (!this.isDecoded) {
            decode();
        }
        if (obj == null || !(obj instanceof X509)) {
            return false;
        }
        return a((X509) obj);
    }

    public byte[] getEncoded() {
        try {
            return Utils.toBytes(d());
        } catch (SignatureException e) {
            throw new StreamableOutputException(e.toString());
        }
    }

    private ASN1Sequence d() throws SignatureException {
        if (this.g == null) {
            ASN1Sequence aSN1Sequence = new ASN1Sequence();
            aSN1Sequence.addElement(f());
            aSN1Sequence.addElement(this.h);
            aSN1Sequence.addElement(new ASN1BitString(getSigBytes()));
            this.g = aSN1Sequence;
        }
        return this.g;
    }

    public void save(OutputStream outputStream) throws IOException {
        output(outputStream);
    }

    public void setIssuerPrivateKey(PrivateKey privateKey) {
        setIssuerPrivateKey(privateKey, null);
    }

    public void setValidity(int i) {
        this.o = new Date();
        this.q = Utils.daysFrom(this.o, i);
        b();
    }

    public X509() {
        this.s = null;
        this.isDecoded = false;
        this.g = null;
        this.i = null;
    }

    public X509Extension getExtension(ASN1ObjectID aSN1ObjectID) {
        if (!this.isDecoded) {
            decode();
        }
        if (this.s != null) {
            return this.s.getExtension(aSN1ObjectID);
        }
        return null;
    }

    public byte[] getSigBytes() throws SignatureException {
        if (!this.isDecoded) {
            decode();
        }
        if (this.n == null) {
            sign();
        }
        return this.n;
    }

    public boolean verifyCertDate() {
        if (!this.isDecoded) {
            decode();
        }
        Date date = new Date();
        return (date.before(this.o) || date.after(this.q)) ? false : true;
    }

    public boolean verifySignature(byte[] bArr, byte[] bArr2, AlgorithmIdentifier algorithmIdentifier) throws AuthenticationException {
        if (!this.isDecoded) {
            decode();
        }
        try {
            Signature signature = Signature.getInstance(algorithmIdentifier);
            signature.setPublicKey(this.key);
            signature.setDocument(bArr);
            signature.setSigBytes(bArr2);
            return signature.verify();
        } catch (AlgorithmIdentifierException e) {
            throw new AuthenticationException(e.toString());
        } catch (InvalidKeyException e2) {
            throw new AuthenticationException(e2.toString());
        }
    }

    @Override // com.phaos.utils.Streamable
    public void output(OutputStream outputStream) throws IOException {
        try {
            d().output(outputStream);
        } catch (SignatureException e) {
            throw new OutputGenerationException(e.toString());
        }
    }

    public byte[] getFingerprint() {
        if (!this.isDecoded) {
            decode();
        }
        try {
            if (this.i == null) {
                this.i = MessageDigest.getInstance(AlgID.md5);
            }
            return this.i.computeDigest(Utils.toBytes(d()));
        } catch (AlgorithmIdentifierException e) {
            throw new IllegalStateException(new StringBuffer().append("MD5 class not found. ").append(e.toString()).toString());
        } catch (SignatureException e2) {
            throw new IllegalStateException(e2.toString());
        }
    }

    @Override // com.phaos.utils.Streamable
    public void input(InputStream inputStream) throws IOException {
        ASN1SequenceInputStream aSN1SequenceInputStream = new ASN1SequenceInputStream(inputStream);
        this.r = new ASN1Sequence(aSN1SequenceInputStream);
        this.h = new AlgorithmIdentifier(aSN1SequenceInputStream);
        this.n = ASN1BitString.inputValue(aSN1SequenceInputStream);
        aSN1SequenceInputStream.terminate();
        ASN1SequenceInputStream aSN1SequenceInputStream2 = new ASN1SequenceInputStream(Utils.toStream(this.r));
        if (aSN1SequenceInputStream2.getCurrentTag() == 0) {
            ASN1ConstructedInputStream aSN1ConstructedInputStream = new ASN1ConstructedInputStream(aSN1SequenceInputStream2);
            ASN1Integer.inputValue(aSN1ConstructedInputStream);
            aSN1ConstructedInputStream.terminate();
        }
        this.m = ASN1Integer.inputValue(aSN1SequenceInputStream2);
        if (!new AlgorithmIdentifier(aSN1SequenceInputStream2).equals(this.h)) {
            throw new IOException("Inconsistent signature algorithm IDs");
        }
        X500Name x500Name = new X500Name(aSN1SequenceInputStream2);
        if (this.k == null) {
            this.k = x500Name;
        } else if (!this.k.equals(x500Name)) {
            throw new IOException(new StringBuffer().append("Expected issuer {").append(this.k).append("}, got issuer {").append(x500Name).append("}").toString());
        }
        ASN1SequenceInputStream aSN1SequenceInputStream3 = new ASN1SequenceInputStream(aSN1SequenceInputStream2);
        this.o = ASN1Date.inputValue(aSN1SequenceInputStream3);
        this.q = ASN1Date.inputValue(aSN1SequenceInputStream3);
        aSN1SequenceInputStream3.terminate();
        this.holder = new X500Name(aSN1SequenceInputStream2);
        this.key = CryptoUtils.inputSPKI(aSN1SequenceInputStream2);
        if (aSN1SequenceInputStream2.getCurrentTag() == 1) {
            aSN1SequenceInputStream2.setCurrentTag(3);
            ASN1BitString.inputValue(aSN1SequenceInputStream2);
        }
        if (aSN1SequenceInputStream2.getCurrentTag() == 2) {
            aSN1SequenceInputStream2.setCurrentTag(3);
            ASN1BitString.inputValue(aSN1SequenceInputStream2);
        }
        if (aSN1SequenceInputStream2.getCurrentTag() == 3) {
            ASN1ConstructedInputStream aSN1ConstructedInputStream2 = new ASN1ConstructedInputStream(aSN1SequenceInputStream2);
            this.s = new X509ExtensionSet(aSN1ConstructedInputStream2);
            aSN1ConstructedInputStream2.terminate();
        } else {
            this.s = null;
        }
        aSN1SequenceInputStream2.terminate();
        e();
    }

    @Override // com.phaos.cert.Certificate
    public Entity getHolder() {
        if (!this.isDecoded) {
            decode();
        }
        return this.holder;
    }

    public Vector getExtensions() {
        if (!this.isDecoded) {
            decode();
        }
        if (this.s != null) {
            return this.s.getExtensions();
        }
        return null;
    }

    public void setExtensions(Vector vector) {
        setExtensions(new X509ExtensionSet(vector));
    }

    public void setIssuer(X500Name x500Name) {
        this.k = x500Name;
        if (this.l != null && !x500Name.equals(this.l.getIssuer())) {
            throw new IllegalStateException("Certificate issuer does not match CRL issuer");
        }
        b();
    }

    public Date getNotAfterDate() {
        if (!this.isDecoded) {
            decode();
        }
        return this.q;
    }

    public void setIssuerCRL(CRL crl) {
        if (!this.isDecoded) {
            decode();
        }
        this.l = crl;
        if (this.k != null && !this.k.equals(crl.getIssuer())) {
            throw new IllegalStateException("CRL issuer does not match certificate issuer");
        }
    }

    public void setNotBeforeDate(Date date) {
        this.o = date;
        b();
    }

    public BigInteger getSerialNo() {
        if (!this.isDecoded) {
            decode();
        }
        return this.m;
    }

    public boolean verifySignature(byte[] bArr, byte[] bArr2) throws AuthenticationException {
        if (!this.isDecoded) {
            decode();
        }
        return CryptoUtils.verifySignature(this.key, bArr, bArr2);
    }

    public void setIssuerPrivateKey(PrivateKey privateKey, AlgorithmIdentifier algorithmIdentifier) {
        this.j = privateKey;
        setSigAlgID(algorithmIdentifier);
    }

    private void e() {
        this.g = null;
    }

    public String getSigAlgString() {
        return getSigAlgOID().toStringCompact();
    }

    public String toString() {
        if (!this.isDecoded) {
            decode();
        }
        String stringBuffer = new StringBuffer().append(new StringBuffer().append(new StringBuffer().append(new StringBuffer().append(new StringBuffer().append(new StringBuffer().append(new StringBuffer().append(new StringBuffer().append("").append("{ fingerprint = ").append(Utils.toHexString(getFingerprint())).toString()).append(", notBefore = ").append(this.o).toString()).append(", notAfter = ").append(this.q).toString()).append(", holder = ").append(this.holder).toString()).append(", issuer = ").append(this.k).toString()).append(", serialNo = ").append(this.m).toString()).append(", sigAlgOID = ").append(getSigAlgString()).toString()).append(", key = ").append(this.key).toString();
        if (this.s != null && this.s.size() > 0) {
            String stringBuffer2 = new StringBuffer().append(stringBuffer).append(", extensions = {").toString();
            boolean z = false;
            Enumeration elements = this.s.getExtensions().elements();
            while (elements.hasMoreElements()) {
                if (z) {
                    stringBuffer2 = new StringBuffer().append(stringBuffer2).append(", ").toString();
                }
                stringBuffer2 = new StringBuffer().append(stringBuffer2).append((X509Extension) elements.nextElement()).toString();
                z = true;
            }
            stringBuffer = new StringBuffer().append(stringBuffer2).append(" }").toString();
        }
        return new StringBuffer().append(stringBuffer).append(" }").toString();
    }

    public void sign(RandomBitsSource randomBitsSource) throws SignatureException {
        if (!this.isDecoded) {
            decode();
        }
        if (this.j == null) {
            throw new SignatureException("Cannot sign certificate, no issuer private key set");
        }
        ASN1Sequence f = f();
        try {
            Signature signature = Signature.getInstance(this.j);
            if (this.h == null) {
                throw new SignatureException("Cannot sign certificate, no signature algorithm set");
            }
            signature.setAlgID(this.h);
            signature.setRandomBitsSource(randomBitsSource);
            signature.setDocument(Utils.toBytes(f));
            this.n = signature.sign();
            e();
        } catch (AlgorithmIdentifierException e) {
            throw new SignatureException(e.toString());
        }
    }

    protected void decode() {
        this.isDecoded = true;
    }

    public boolean verifyCertSignature() throws AuthenticationException {
        if (!this.isDecoded) {
            decode();
        }
        if (this.p == null) {
            throw new IllegalStateException("Issuer certificate not set");
        }
        try {
            Signature signature = Signature.getInstance(new AlgorithmIdentifier(getSigAlgOID()));
            signature.setPublicKey(this.p.getPublicKey());
            signature.setDocument(Utils.toBytes(f()));
            signature.setSigBytes(getSigBytes());
            return signature.verify();
        } catch (AlgorithmIdentifierException e) {
            throw new AuthenticationException(e.toString());
        } catch (AuthenticationException e2) {
            return false;
        } catch (InvalidKeyException e3) {
            throw new AuthenticationException(e3.toString());
        } catch (SignatureException e4) {
            throw new AuthenticationException(e4.toString());
        } catch (StreamableOutputException e5) {
            throw new AuthenticationException(e5.toString());
        }
    }

    public X509(X500Name x500Name, PublicKey publicKey, X500Name x500Name2, PrivateKey privateKey, BigInteger bigInteger, Date date, Date date2) throws SignatureException {
        this();
        this.holder = x500Name;
        this.key = publicKey;
        this.k = x500Name2;
        this.j = privateKey;
        this.m = bigInteger;
        this.o = date;
        this.q = date2;
        sign();
    }

    public void setExtensions(X509ExtensionSet x509ExtensionSet) {
        this.s = x509ExtensionSet;
        b();
    }

    public void setSubject(X500Name x500Name) {
        this.holder = x500Name;
        b();
    }

    public void setHolder(X500Name x500Name) {
        this.holder = x500Name;
        b();
    }

    public boolean hasUnrecognizedCriticalExtension() {
        if (!this.isDecoded) {
            decode();
        }
        return this.s != null && this.s.hasUnrecognizedCriticalExtension();
    }

    public void addExtension(X509Extension x509Extension) {
        if (!this.isDecoded) {
            decode();
        }
        if (this.s == null) {
            this.s = new X509ExtensionSet();
        }
        this.s.addExtension(x509Extension);
        b();
    }

    public void setAttributes(X509Attributes x509Attributes) {
        if (!this.isDecoded) {
            decode();
        }
        X509ExtensionSet x509ExtensionSet = this.s;
        this.s = X509Attributes.toExtensionSet(x509Attributes);
        if (x509ExtensionSet != null) {
            Enumeration elements = x509ExtensionSet.getExtensions().elements();
            while (elements.hasMoreElements()) {
                this.s.addExtension((X509Extension) elements.nextElement());
            }
        }
        b();
    }

    public X500Name getIssuer() {
        if (!this.isDecoded) {
            decode();
        }
        return this.k;
    }

    public X509(CertificateRequest certificateRequest, X509 x509, PrivateKey privateKey, BigInteger bigInteger, int i) throws SignatureException {
        this();
        this.holder = certificateRequest.getSubject();
        this.key = certificateRequest.getPublicKey();
        setIssuerCertificate(x509);
        this.k = (X500Name) x509.getHolder();
        this.j = privateKey;
        this.m = bigInteger;
        setValidity(i);
        sign();
    }

    @Override // com.phaos.utils.Streamable
    public int length() {
        try {
            return d().length();
        } catch (SignatureException e) {
            throw new StreamableOutputException(e.toString());
        }
    }

    public X509(byte[] bArr) throws IOException {
        this(new UnsyncByteArrayInputStream(bArr));
    }

    public void setSerialNo(BigInteger bigInteger) {
        this.m = bigInteger;
        b();
    }

    public X509(X500Name x500Name, SPKAC spkac, X509 x509, PrivateKey privateKey, BigInteger bigInteger, int i) throws SignatureException {
        this();
        this.holder = x500Name;
        this.key = spkac.getPublicKey();
        setIssuerCertificate(x509);
        this.k = (X500Name) x509.getHolder();
        this.j = privateKey;
        this.m = bigInteger;
        setValidity(i);
        sign();
    }

    @Override // java.io.Externalizable
    public void readExternal(ObjectInput objectInput) throws IOException, ClassNotFoundException {
        try {
            input(new UnsyncByteArrayInputStream((byte[]) objectInput.readObject()));
        } catch (ClassCastException e) {
            throw new InvalidInputException(e);
        }
    }

    public boolean verifyCertCRL() {
        if (!this.isDecoded) {
            decode();
        }
        if (this.l == null) {
            throw new IllegalStateException("Issuer CRL not set");
        }
        return !this.l.isRevoked(this.m);
    }

    @Override // com.phaos.cert.Certificate
    public boolean verify() throws AuthenticationException {
        if (!this.isDecoded) {
            decode();
        }
        if (hasUnrecognizedCriticalExtension() || !verifyCertDate()) {
            return false;
        }
        if (this.p == null || (c() && this.k.equals(this.p.getSubject()) && verifyCertSignature())) {
            return this.l == null || verifyCertCRL();
        }
        return false;
    }

    private ASN1Sequence f() throws SignatureException {
        if (!this.isDecoded) {
            decode();
        }
        if (this.r == null) {
            ASN1Sequence aSN1Sequence = new ASN1Sequence();
            if (this.s != null && this.s.size() > 0) {
                aSN1Sequence.addElement(new ASN1GenericConstructed(new ASN1Integer(2L), 0));
            }
            aSN1Sequence.addElement(new ASN1Integer(this.m));
            if (this.h == null && this.j != null) {
                this.h = Signature.getInstance(this.j).getAlgID();
            }
            if (this.h == null) {
                throw new SignatureException("Cannot build to-be-signed certificate, no signature algorithm set");
            }
            aSN1Sequence.addElement(this.h);
            aSN1Sequence.addElement(this.k);
            ASN1Sequence aSN1Sequence2 = new ASN1Sequence();
            Calendar calendar = Calendar.getInstance();
            calendar.setTime(this.o);
            Calendar calendar2 = Calendar.getInstance();
            calendar2.setTime(this.q);
            aSN1Sequence2.addElement(new ASN1Date(this.o, calendar.get(1) > 2049));
            aSN1Sequence2.addElement(new ASN1Date(this.q, calendar2.get(1) > 2049));
            aSN1Sequence.addElement(aSN1Sequence2);
            aSN1Sequence.addElement((X500Name) this.holder);
            aSN1Sequence.addElement(CryptoUtils.subjectPublicKeyInfo(this.key));
            if (this.s != null && this.s.size() > 0) {
                aSN1Sequence.addElement(new ASN1GenericConstructed(this.s, 3));
            }
            this.r = aSN1Sequence;
        }
        return this.r;
    }

    public Date getNotBeforeDate() {
        if (!this.isDecoded) {
            decode();
        }
        return this.o;
    }

    public int hashCode() {
        if (!this.isDecoded) {
            decode();
        }
        return new String(Utils.toBytes(this)).hashCode();
    }

    @Override // java.io.Externalizable
    public void writeExternal(ObjectOutput objectOutput) throws IOException {
        objectOutput.writeObject(Utils.toBytes(this));
    }

    public ASN1ObjectID getSigAlgOID() {
        try {
            f();
            if (this.h != null) {
                return this.h.getOID();
            }
            throw new IllegalStateException("Signature algorithm not defined");
        } catch (SignatureException e) {
            throw new IllegalStateException(e.toString());
        }
    }

    public X509(URL url) throws IOException {
        this.s = null;
        this.isDecoded = false;
        this.g = null;
        this.i = null;
        InputStream openStream = url.openStream();
        input(openStream);
        openStream.close();
    }
}
