package com.phaos.cert;

import com.phaos.ASN1.ASN1FormatException;
import com.phaos.ASN1.ASN1GenericConstructed;
import com.phaos.ASN1.ASN1Integer;
import com.phaos.ASN1.ASN1Object;
import com.phaos.ASN1.ASN1ObjectID;
import com.phaos.ASN1.ASN1OctetString;
import com.phaos.ASN1.ASN1Sequence;
import com.phaos.ASN1.ASN1Set;
import com.phaos.ASN1.ASN1Utils;
import com.phaos.crypto.AlgID;
import com.phaos.crypto.AlgorithmIdentifier;
import com.phaos.crypto.AlgorithmIdentifierException;
import com.phaos.crypto.AuthenticationException;
import com.phaos.crypto.InvalidKeyException;
import com.phaos.crypto.MessageDigest;
import com.phaos.crypto.RSAPrivateKey;
import com.phaos.crypto.RSAPublicKey;
import com.phaos.crypto.Signature;
import com.phaos.crypto.SignatureException;
import com.phaos.utils.Utils;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Vector;
import oracle.security.pki.PKIConstants;
import oracle.sql.CharacterSet;

/* loaded from: input_file:com/phaos/cert/PKCS7.class */
public class PKCS7 implements ASN1Object {
    private byte[] d;
    private RSAPublicKey e;
    private ASN1Sequence f;
    private AlgorithmIdentifier g;
    private Signature h;
    private Vector i;
    private Vector j;
    private X500Name k;
    protected static final int[] pkcs7 = {1, 2, CharacterSet.KO16KSC5601_CHARSET, 113549, 1, 7};
    private BigInteger l;
    private byte[] m;
    private byte[] n;
    private byte[] o;

    public void sign(X509 x509, RSAPrivateKey rSAPrivateKey, byte[] bArr) throws SignatureException {
        this.k = x509.getIssuer();
        this.l = x509.getSerialNo();
        if (!x509.getPublicKey().getAlgorithm().equals(PKIConstants.RSA)) {
            throw new SignatureException("Only RSA signatures are supported");
        }
        this.e = (RSAPublicKey) x509.getPublicKey();
        this.h = Signature.getInstance(rSAPrivateKey);
        this.g = b(this.h.getAlgID());
        this.h.setDocument(bArr);
        this.h.sign();
        this.n = this.h.getSigBytes();
    }

    @Override // com.phaos.utils.Streamable
    public void output(OutputStream outputStream) throws IOException {
        a().output(outputStream);
    }

    public void input(ASN1Sequence aSN1Sequence) throws IOException {
        try {
            this.f = aSN1Sequence;
            if (!((ASN1ObjectID) aSN1Sequence.elementAt(0)).equals(pkcs7, 2)) {
                throw new IOException("contentType has to be signedData");
            }
            if (aSN1Sequence.elements().size() < 2) {
                throw new IOException("No content");
            }
            ASN1Sequence aSN1Sequence2 = (ASN1Sequence) ((ASN1GenericConstructed) aSN1Sequence.elementAt(1)).elementAt(0);
            this.i = null;
            this.j = null;
            int i = 3;
            while (!(aSN1Sequence2.elementAt(i) instanceof ASN1Set)) {
                ASN1GenericConstructed aSN1GenericConstructed = (ASN1GenericConstructed) aSN1Sequence2.elementAt(i);
                switch (aSN1GenericConstructed.getTag()) {
                    case 0:
                        this.i = new Vector();
                        int size = aSN1GenericConstructed.size();
                        for (int i2 = 0; i2 < size; i2++) {
                            this.i.addElement(new X509(Utils.toStream(aSN1GenericConstructed.elementAt(i2))));
                        }
                        break;
                    case 1:
                        this.j = new Vector();
                        int size2 = aSN1GenericConstructed.size();
                        for (int i3 = 0; i3 < size2; i3++) {
                            this.j.addElement(new CRL(Utils.toStream(aSN1GenericConstructed.elementAt(i3))));
                        }
                        break;
                }
                i++;
            }
            ASN1Set aSN1Set = (ASN1Set) aSN1Sequence2.elementAt(i);
            if (aSN1Set.elements().size() > 0) {
                ASN1Sequence aSN1Sequence3 = (ASN1Sequence) aSN1Set.elementAt(0);
                int i4 = 0 + 1;
                int i5 = i4 + 1;
                ASN1Sequence aSN1Sequence4 = (ASN1Sequence) aSN1Sequence3.elementAt(i4);
                this.k = new X500Name((ASN1Sequence) aSN1Sequence4.elementAt(0));
                this.l = ((ASN1Integer) aSN1Sequence4.elementAt(1)).getValue();
                int i6 = i5 + 1;
                this.g = new AlgorithmIdentifier(Utils.toStream((ASN1Sequence) aSN1Sequence3.elementAt(i5)));
                if (aSN1Sequence3.elementAt(i6) instanceof ASN1GenericConstructed) {
                    i6++;
                    ASN1Set aSN1Set2 = new ASN1Set(((ASN1GenericConstructed) aSN1Sequence3.elementAt(i6)).elements());
                    this.d = Utils.toBytes(aSN1Set2);
                    this.o = null;
                    Vector elements = aSN1Set2.elements();
                    int size3 = elements.size();
                    for (int i7 = 0; i7 < size3; i7++) {
                        ASN1Sequence aSN1Sequence5 = (ASN1Sequence) elements.elementAt(i7);
                        if (((ASN1ObjectID) aSN1Sequence5.elementAt(0)).equals(ASN1Utils.pkcsID, 9, 4)) {
                            this.o = ((ASN1OctetString) ((ASN1Set) aSN1Sequence5.elementAt(1)).elementAt(0)).getValue();
                        }
                    }
                    if (this.o == null) {
                        throw new IOException("No message digest found in authenticatedAttributes");
                    }
                }
                int i8 = i6;
                int i9 = i6 + 1;
                ASN1ObjectID aSN1ObjectID = (ASN1ObjectID) ((ASN1Sequence) aSN1Sequence3.elementAt(i8)).elementAt(0);
                if (!aSN1ObjectID.equals(AlgID.rsaEncryption.getOID())) {
                    throw new IOException(new StringBuffer().append("Unsupported encryption algorithm ").append(aSN1ObjectID).toString());
                }
                int i10 = i9 + 1;
                this.n = ((ASN1OctetString) aSN1Sequence3.elementAt(i9)).getValue();
            }
        } catch (ClassCastException e) {
            throw new ASN1FormatException(e.toString());
        } catch (IndexOutOfBoundsException e2) {
            throw new ASN1FormatException(e2.toString());
        }
    }

    public Vector getCRLs() {
        return this.j;
    }

    public void setPublicKey(RSAPublicKey rSAPublicKey) {
        this.e = rSAPublicKey;
        if (this.d != null) {
            try {
                this.h = Signature.getInstance(c(this.g));
                this.h.setPublicKey(this.e);
                this.h.setDocument(this.d);
                this.h.setSigBytes(this.n);
            } catch (AlgorithmIdentifierException e) {
                throw new IllegalStateException(e.toString());
            } catch (InvalidKeyException e2) {
                throw new IllegalStateException(e2.toString());
            }
        }
    }

    public BigInteger getSerialNo() {
        return this.l;
    }

    @Override // com.phaos.utils.Streamable
    public void input(InputStream inputStream) throws IOException {
        input(new ASN1Sequence(inputStream));
    }

    public PKCS7() {
    }

    private ASN1Sequence a() {
        if (this.f != null) {
            return this.f;
        }
        ASN1Sequence aSN1Sequence = new ASN1Sequence();
        aSN1Sequence.addElement(new ASN1ObjectID(pkcs7, 2));
        ASN1Sequence aSN1Sequence2 = new ASN1Sequence();
        aSN1Sequence2.addElement(new ASN1Integer(1L));
        aSN1Sequence2.addElement(new ASN1Set());
        ASN1Sequence aSN1Sequence3 = new ASN1Sequence();
        aSN1Sequence3.addElement(new ASN1ObjectID(pkcs7, 1));
        aSN1Sequence2.addElement(aSN1Sequence3);
        if (this.i != null) {
            aSN1Sequence2.addElement(new ASN1GenericConstructed(this.i, 0));
        }
        if (this.j != null) {
            aSN1Sequence2.addElement(new ASN1GenericConstructed(this.j, 1));
        }
        if (this.h == null) {
            aSN1Sequence2.addElement(new ASN1Set());
        } else {
            ASN1Sequence aSN1Sequence4 = new ASN1Sequence();
            aSN1Sequence4.addElement(new ASN1Integer(1L));
            ASN1Sequence aSN1Sequence5 = new ASN1Sequence();
            aSN1Sequence5.addElement(this.k);
            aSN1Sequence5.addElement(new ASN1Integer(this.l));
            aSN1Sequence4.addElement(aSN1Sequence5);
            aSN1Sequence4.addElement(this.g);
            aSN1Sequence4.addElement(AlgID.rsaEncryption);
            aSN1Sequence4.addElement(new ASN1OctetString(this.n));
            aSN1Sequence2.addElement(new ASN1Set(aSN1Sequence4));
        }
        aSN1Sequence.addElement(new ASN1GenericConstructed(aSN1Sequence2, 0));
        this.f = aSN1Sequence;
        return aSN1Sequence;
    }

    public void addCertificate(X509 x509) {
        if (this.i == null) {
            this.i = new Vector();
        }
        this.i.addElement(x509);
    }

    public PKCS7(X509 x509, RSAPrivateKey rSAPrivateKey, byte[] bArr) throws SignatureException {
        this();
        sign(x509, rSAPrivateKey, bArr);
    }

    @Override // com.phaos.utils.Streamable
    public int length() {
        return a().length();
    }

    public void addCRL(CRL crl) {
        if (this.j == null) {
            this.j = new Vector();
        }
        this.j.addElement(crl);
    }

    public PKCS7(Vector vector, Vector vector2) {
        this.i = vector;
        this.j = vector2;
    }

    public PKCS7(InputStream inputStream) throws IOException {
        input(inputStream);
    }

    private static AlgorithmIdentifier b(AlgorithmIdentifier algorithmIdentifier) {
        if (algorithmIdentifier.getOID().equals(AlgID.md2WithRSAEncryption.getOID())) {
            return AlgID.md2;
        }
        if (algorithmIdentifier.getOID().equals(AlgID.md5WithRSAEncryption.getOID())) {
            return AlgID.md5;
        }
        if (algorithmIdentifier.getOID().equals(AlgID.sha_1WithRSAEncryption.getOID())) {
            return AlgID.sha_1;
        }
        throw new IllegalStateException("Unsupported signature algorithm identifier");
    }

    public PKCS7(X509 x509) {
        this.i = new Vector();
        this.i.addElement(x509);
    }

    private static AlgorithmIdentifier c(AlgorithmIdentifier algorithmIdentifier) {
        if (algorithmIdentifier.getOID().equals(AlgID.md2.getOID())) {
            return AlgID.md2WithRSAEncryption;
        }
        if (algorithmIdentifier.getOID().equals(AlgID.md5.getOID())) {
            return AlgID.md5WithRSAEncryption;
        }
        if (algorithmIdentifier.getOID().equals(AlgID.sha_1.getOID()) || algorithmIdentifier.getOID().equals(AlgID.sha.getOID())) {
            return AlgID.sha_1WithRSAEncryption;
        }
        throw new IllegalStateException("Unsupported message digest algorithm identifier");
    }

    public void setDocument(byte[] bArr) {
        if (this.e == null) {
            throw new IllegalStateException("The public key is not set");
        }
        if (this.d != null) {
            try {
                MessageDigest messageDigest = MessageDigest.getInstance(this.g);
                messageDigest.update(bArr);
                messageDigest.computeCurrent();
                this.m = messageDigest.digestBits;
                return;
            } catch (AlgorithmIdentifierException e) {
                throw new IllegalStateException(e.toString());
            }
        }
        try {
            this.h = Signature.getInstance(c(this.g));
            this.h.setPublicKey(this.e);
            this.h.setDocument(bArr);
            this.h.setSigBytes(this.n);
        } catch (AlgorithmIdentifierException e2) {
            throw new IllegalStateException(e2.toString());
        } catch (InvalidKeyException e3) {
            throw new IllegalStateException(e3.toString());
        }
    }

    public PKCS7(CRL crl) {
        this.j = new Vector();
        this.j.addElement(this.j);
    }

    public PKCS7(ASN1Sequence aSN1Sequence) throws IOException {
        input(aSN1Sequence);
    }

    public void sign(X509 x509, RSAPrivateKey rSAPrivateKey, AlgorithmIdentifier algorithmIdentifier, byte[] bArr) throws SignatureException {
        this.k = x509.getIssuer();
        this.l = x509.getSerialNo();
        if (!x509.getPublicKey().getAlgorithm().equals(PKIConstants.RSA)) {
            throw new SignatureException("Only RSA signatures are supported");
        }
        this.e = (RSAPublicKey) x509.getPublicKey();
        this.g = b(algorithmIdentifier);
        try {
            this.h = Signature.getInstance(algorithmIdentifier);
            try {
                this.h.setPrivateKey(rSAPrivateKey);
                this.h.setDocument(bArr);
                this.h.sign();
                this.n = this.h.getSigBytes();
            } catch (InvalidKeyException e) {
                throw new SignatureException(e.toString());
            }
        } catch (AlgorithmIdentifierException e2) {
            throw new SignatureException(e2.toString());
        }
    }

    public boolean verify() throws AuthenticationException {
        return this.d == null ? this.h.verify() : this.h.verify() && MessageDigest.isEqual(this.m, this.o);
    }

    public void setSigner(X509 x509) {
        if (this.k == null) {
            this.k = x509.getIssuer();
        } else if (!this.k.equals(x509.getIssuer())) {
            throw new RuntimeException(new StringBuffer().append("The issuer is ").append(this.k).append(", which is not ").append(x509.getIssuer()).toString());
        }
        if (this.l == null) {
            this.l = x509.getSerialNo();
        } else if (!this.l.equals(x509.getSerialNo())) {
            throw new RuntimeException(new StringBuffer().append("The serial number is ").append(this.l).append(", which is not ").append(x509.getSerialNo()).toString());
        }
        setPublicKey((RSAPublicKey) x509.getPublicKey());
    }

    public byte[] getEncoded() {
        return a().getEncoded();
    }

    public Vector getCertificates() {
        return this.i;
    }

    public X500Name getIssuer() {
        return this.k;
    }
}
