package com.ibm.cfwk.pki;

import com.ibm.asn1.ASN1OID;
import com.ibm.asn1.ASN1Tag;
import com.ibm.asn1.BERDecoder;
import com.ibm.asn1.DEREncoder;
import com.ibm.cfwk.API;
import com.ibm.cfwk.BadParameterException;
import com.ibm.cfwk.FailedException;
import com.ibm.cfwk.Key;
import com.ibm.cfwk.KeyMaterial;
import com.ibm.cfwk.MalformedDataException;
import com.ibm.cfwk.NotFoundException;
import com.ibm.cfwk.key.DSAKey;
import com.ibm.util.BitString;
import com.ibm.util.Util;
import com.ibm.util.x500name.X500Name;
import infospc.rptapi.RPTMap;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.Serializable;
import java.math.BigInteger;
import java.text.SimpleDateFormat;
import java.util.Date;

/* loaded from: input_file:lib/swimport.zip:com/ibm/cfwk/pki/X509Cert.class */
public class X509Cert extends Cert implements Serializable {
    private static final long serialVersionUID = -4962959630067088992L;
    private transient int version;
    private transient BigInteger serialNo;
    private transient AlgId signatureAlgId;
    private transient X500Name issuer;
    private transient long notBefore;
    private transient long notAfter;
    private transient X500Name subject;
    private transient SubjectPublicKeyInfo pubkey;
    private transient BitString issuerUniqueId;
    private transient BitString subjectUniqueId;
    private transient ExtensionProfile profile;
    private transient X509Extensions extensions;
    private transient int toBeSignedStart;
    private transient int toBeSignedLength;
    private transient int extensionsStart;
    private transient int extensionsLength;
    private transient int signatureStart;
    private transient int signatureLength;
    private byte[] derCert;

    public int version() {
        return this.version;
    }

    public X500Name issuer() {
        return this.issuer;
    }

    public AlgId signatureKeyAlgId() {
        return this.signatureAlgId;
    }

    public BigInteger serialNo() {
        return this.serialNo;
    }

    public X500Name subject() {
        return this.subject;
    }

    public Key subjectKey(API api) {
        return Key.importKeyMaterial(this.pubkey.material, api);
    }

    public AlgId subjectKeyAlgId() {
        return this.pubkey.algId;
    }

    public KeyMaterial subjectKeyMaterial() {
        return (KeyMaterial) this.pubkey.material.clone();
    }

    public int subjectKeySize() {
        return this.pubkey.material.keySize();
    }

    public BitString issuerUniqueId() {
        return this.issuerUniqueId;
    }

    public BitString subjectUniqueId() {
        return this.subjectUniqueId;
    }

    public long notBefore() {
        return this.notBefore;
    }

    public long notAfter() {
        return this.notAfter;
    }

    public boolean isValid(long j) {
        return j >= this.notBefore && j <= this.notAfter;
    }

    @Override // com.ibm.cfwk.pki.Cert
    public int verify(Object obj, API api) {
        if (obj instanceof X509Cert) {
            return verify((X509Cert) obj, api);
        }
        return 1;
    }

    public int verifySignature(X509Cert x509Cert, API api) {
        try {
            try {
                return X509Util.toBeVerified(this.signatureAlgId, api, x509Cert.subjectKey(api), this.derCert, this.toBeSignedStart, this.toBeSignedLength, this.derCert, this.signatureStart, this.signatureLength) ? 0 : 2;
            } catch (NotFoundException unused) {
                return 8;
            } catch (Exception unused2) {
                return 2;
            }
        } catch (Exception unused3) {
            return 16;
        }
    }

    public int verify(X509Cert x509Cert, API api) {
        if (!issuer().equals(x509Cert.subject())) {
            return 64;
        }
        if (isValid(System.currentTimeMillis())) {
            return verifySignature(x509Cert, api);
        }
        return 1;
    }

    public void setExtensionProfile(ExtensionProfile extensionProfile) {
        if (extensionProfile == this.profile) {
            return;
        }
        this.extensions = null;
        this.profile = extensionProfile;
    }

    public X509Extensions extensions() {
        if (this.profile == null) {
            this.profile = ExtensionProfile.SYSTEM_PROFILE;
        }
        if (this.extensions == null) {
            this.extensions = extensions(this.profile);
        }
        return this.extensions;
    }

    public X509Extensions extensions(ExtensionProfile extensionProfile) {
        try {
            return new X509Extensions(this.derCert, this.extensionsStart, this.extensionsLength, extensionProfile);
        } catch (Exception e) {
            throw new FailedException("Could not decode certificate extensions", e);
        }
    }

    @Override // com.ibm.cfwk.pki.Cert
    public byte[] encode() {
        return (byte[]) this.derCert.clone();
    }

    public String fingerprint(String str) {
        return X509Util.fingerprint(this.derCert, 0, this.derCert.length, str);
    }

    public boolean equals(Object obj) {
        if (obj == null || !(obj instanceof X509Cert)) {
            return false;
        }
        X509Cert x509Cert = (X509Cert) obj;
        return this.derCert.length == x509Cert.derCert.length && Util.arraycmp(this.derCert, 0, this.derCert.length, x509Cert.derCert, 0, x509Cert.derCert.length) == 0;
    }

    public int hashCode() {
        int i = 0;
        for (int i2 = 0; i2 < this.derCert.length; i2++) {
            i = (i << 5) ^ (this.derCert[i2] & 255);
        }
        return i;
    }

    public String toString() {
        BitString issuerUniqueId = issuerUniqueId();
        BitString subjectUniqueId = subjectUniqueId();
        String prettyString = signatureKeyAlgId().toPrettyString();
        if (prettyString.length() > 60) {
            prettyString = new StringBuffer(String.valueOf(prettyString.substring(0, 60))).append("...").toString();
        }
        String prettyString2 = subjectKeyAlgId().toPrettyString();
        if (prettyString2.length() > 60) {
            prettyString2 = new StringBuffer(String.valueOf(prettyString2.substring(0, 60))).append("...").toString();
        }
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd/hh:mm:ss");
        return new StringBuffer("Version:     ").append(version()).append(RPTMap.NL).append("Serial No.:  ").append(serialNo()).append(RPTMap.NL).append("Sig. Alg.:   ").append(prettyString).append(RPTMap.NL).append("Issuer:      ").append(issuer()).append(RPTMap.NL).append("Validity:    ").append(simpleDateFormat.format(new Date(this.notBefore))).append(" - ").append(simpleDateFormat.format(new Date(this.notAfter))).append(RPTMap.NL).append("Subject:     ").append(subject()).append(RPTMap.NL).append("Key Alg.:    ").append(prettyString2).append(RPTMap.NL).append("Key mat.:    ").append(this.pubkey.material.toString()).append(RPTMap.NL).append("Issuer UID:  ").append(issuerUniqueId == null ? "none" : issuerUniqueId.toBigInteger(true).toString()).append(RPTMap.NL).append("Subject UID: ").append(subjectUniqueId == null ? "none" : subjectUniqueId.toBigInteger(true).toString()).append(RPTMap.NL).append("Signature:   ").append(this.signatureLength * 8).append(" bits = ").append(this.signatureLength).append(" bytes\n").append("Extensions:  ").append(extensions().numberOfExtensions()).append(" (critical: ").append(extensions().numberOfCriticalExtensions()).append(")\n").toString();
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        byte[] bArr = this.derCert;
        this.derCert = null;
        decodeCertificate(bArr, 0, bArr.length);
    }

    public final X509Cert decodeCertificate(byte[] bArr) {
        return decodeCertificate(bArr, 0, bArr.length);
    }

    public X509Cert decodeCertificate(byte[] bArr, int i, int i2) {
        if (this.derCert != null) {
            throw new FailedException("Cannot reinitialize certificate");
        }
        this.derCert = new byte[i2];
        System.arraycopy(bArr, i, this.derCert, 0, i2);
        try {
            BERDecoder bERDecoder = new BERDecoder(this.derCert);
            int decodeSequence = bERDecoder.decodeSequence();
            this.toBeSignedStart = bERDecoder.getTLVOffset();
            this.toBeSignedLength = bERDecoder.getTLVLength();
            int decodeSequence2 = bERDecoder.decodeSequence();
            int makeContextTag = ASN1Tag.makeContextTag(0);
            if (bERDecoder.nextIsDefault(makeContextTag)) {
                this.version = 1;
            } else {
                int decodeExplicit = bERDecoder.decodeExplicit(makeContextTag);
                this.version = bERDecoder.decodeIntegerAsInt() + 1;
                bERDecoder.endOf(decodeExplicit);
            }
            this.serialNo = bERDecoder.decodeInteger();
            this.signatureAlgId = AlgId.make(bERDecoder);
            this.issuer = new X500Name(bERDecoder);
            int decodeSequence3 = bERDecoder.decodeSequence();
            this.notBefore = X509Util.decodeTime(bERDecoder);
            this.notAfter = X509Util.decodeTime(bERDecoder);
            bERDecoder.endOf(decodeSequence3);
            this.subject = new X500Name(bERDecoder);
            SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo();
            this.pubkey = subjectPublicKeyInfo;
            subjectPublicKeyInfo.decode(bERDecoder, this.signatureAlgId);
            int makeContextTag2 = ASN1Tag.makeContextTag(1);
            if (!bERDecoder.nextIsOptional(makeContextTag2)) {
                bERDecoder.nextIsImplicit(makeContextTag2);
                if (this.version == 1) {
                    throw new MalformedDataException("Issuer unique ID not allowed in version 1");
                }
                this.issuerUniqueId = bERDecoder.decodeBitString();
            }
            int makeContextTag3 = ASN1Tag.makeContextTag(2);
            if (!bERDecoder.nextIsOptional(makeContextTag3)) {
                bERDecoder.nextIsImplicit(makeContextTag3);
                if (this.version == 1) {
                    throw new MalformedDataException("Subject unique ID not allowed in version 1");
                }
                this.subjectUniqueId = bERDecoder.decodeBitString();
            }
            int makeContextTag4 = ASN1Tag.makeContextTag(3);
            if (bERDecoder.nextIsOptional(makeContextTag4)) {
                this.extensionsLength = 0;
                this.extensionsStart = 0;
            } else {
                if (this.version < 3) {
                    throw new MalformedDataException("Extensions not allowed in version 1 and 2");
                }
                int decodeExplicit2 = bERDecoder.decodeExplicit(makeContextTag4);
                this.extensionsStart = bERDecoder.getTLVOffset();
                this.extensionsLength = bERDecoder.getTLVLength();
                bERDecoder.skipNext();
                bERDecoder.endOf(decodeExplicit2);
            }
            bERDecoder.endOf(decodeSequence2);
            AlgId.make(bERDecoder);
            this.signatureStart = bERDecoder.getValueOffset() + 1;
            this.signatureLength = bERDecoder.getValueLength() - 1;
            bERDecoder.skipNext();
            if (this.derCert[this.signatureStart - 1] != 0) {
                throw new MalformedDataException("Signature bitstring has odd length - not a multiple of 8");
            }
            bERDecoder.endOf(decodeSequence);
            return this;
        } catch (Exception e) {
            throw new MalformedDataException(new StringBuffer("Could not parse X509 certificate: ").append(e.getMessage()).toString());
        }
    }

    public X509Cert() {
    }

    public X509Cert(byte[] bArr, int i, int i2) {
        decodeCertificate(bArr, i, i2);
    }

    public X509Cert(byte[] bArr) {
        decodeCertificate(bArr, 0, bArr.length);
    }

    public static byte[] makeX509Cert(API api, BigInteger bigInteger, X500Name x500Name, X500Name x500Name2, Object obj, ASN1OID asn1oid, Key key, ASN1OID asn1oid2, Object obj2, long j, long j2, BitString bitString, BitString bitString2, X509Extension[] x509ExtensionArr) {
        AlgId algId;
        if (obj == null) {
            obj = asn1oid;
        }
        if (asn1oid == null) {
            ASN1OID algOID = AssortedIDs.algOID(obj);
            asn1oid = algOID;
            if (algOID == null) {
                throw new BadParameterException(new StringBuffer("Cannot infer algorithm's ASN.1 OID: ").append(obj).toString());
            }
        }
        if (x509ExtensionArr != null) {
            int i = 0;
            for (X509Extension x509Extension : x509ExtensionArr) {
                i += x509Extension == null ? 0 : 1;
            }
            if (i == 0) {
                x509ExtensionArr = null;
            }
        }
        int i2 = 1;
        if (x509ExtensionArr != null && x509ExtensionArr.length > 0) {
            i2 = 3;
        } else if (bitString != null || bitString2 != null) {
            i2 = 2;
        }
        try {
            String keyType = key.keyType();
            if (keyType == Key.RSA_PRIVATE || keyType == Key.RSA_CRT) {
                AlgId algId2 = new AlgId();
                algId = algId2;
                algId2.init(asn1oid, AlgId.NULL);
            } else {
                if (keyType != Key.DSA_PRIVATE) {
                    throw new BadParameterException(new StringBuffer("Don't know how to sign with a `").append(keyType).append("' key").toString());
                }
                try {
                    DSAKey dSAKey = (DSAKey) key.convertKey(Key.DSA_PARAM).exportKeyMaterial(api);
                    algId = new DSAAlgId(asn1oid, dSAKey.prime, dSAKey.subPrime, dSAKey.base);
                } catch (Exception e) {
                    throw new FailedException(new StringBuffer("Unable to construct signer signature AlgId for DSA: ").append(e.getMessage()).toString());
                }
            }
            SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo();
            subjectPublicKeyInfo.material = obj2 instanceof KeyMaterial ? (KeyMaterial) obj2 : ((Key) obj2).exportKeyMaterial(api);
            if ((subjectPublicKeyInfo.material instanceof DSAKey) && (algId instanceof DSAAlgId)) {
                DSAAlgId dSAAlgId = (DSAAlgId) algId;
                DSAKey dSAKey2 = (DSAKey) subjectPublicKeyInfo.material;
                if (dSAAlgId.prime1().equals(dSAKey2.prime) && dSAAlgId.prime2().equals(dSAKey2.subPrime) && dSAAlgId.base().equals(dSAKey2.base)) {
                    AlgId algId3 = new AlgId();
                    subjectPublicKeyInfo.algId = algId3;
                    algId3.init(asn1oid2 == null ? AssortedIDs.x9_57_dsa : asn1oid2, AlgId.NULL);
                }
            }
            DEREncoder dEREncoder = new DEREncoder();
            int encodeSequence = dEREncoder.encodeSequence();
            if (i2 != 1) {
                int encodeExplicit = dEREncoder.encodeExplicit(ASN1Tag.makeContextTag(0));
                dEREncoder.encodeInteger(i2 - 1);
                dEREncoder.endOf(encodeExplicit);
            }
            dEREncoder.encodeInteger(bigInteger);
            algId.encode(dEREncoder);
            x500Name.encode(dEREncoder);
            int encodeSequence2 = dEREncoder.encodeSequence();
            X509Util.encodeTime(j, dEREncoder);
            X509Util.encodeTime(j2, dEREncoder);
            dEREncoder.endOf(encodeSequence2);
            x500Name2.encode(dEREncoder);
            subjectPublicKeyInfo.encode(dEREncoder);
            if (bitString != null) {
                dEREncoder.nextIsImplicit(ASN1Tag.makeContextTag(1));
                dEREncoder.encodeBitString(bitString);
            }
            if (bitString2 != null) {
                dEREncoder.nextIsImplicit(ASN1Tag.makeContextTag(2));
                dEREncoder.encodeBitString(bitString2);
            }
            if (x509ExtensionArr != null && x509ExtensionArr.length > 0) {
                int encodeExplicit2 = dEREncoder.encodeExplicit(ASN1Tag.makeContextTag(3));
                int encodeSequenceOf = dEREncoder.encodeSequenceOf();
                for (int i3 = 0; i3 < x509ExtensionArr.length; i3++) {
                    if (x509ExtensionArr[i3] != null) {
                        x509ExtensionArr[i3].encode(dEREncoder);
                    }
                }
                dEREncoder.endOf(encodeSequenceOf);
                dEREncoder.endOf(encodeExplicit2);
            }
            dEREncoder.endOf(encodeSequence);
            byte[] byteArray = dEREncoder.toByteArray();
            return X509Util.toBeSigned(obj, asn1oid, api, key, byteArray, 0, byteArray.length);
        } catch (Exception e2) {
            throw new FailedException(new StringBuffer("Failed to construct X509.v").append(i2).append(" certificate: ").append(e2).toString());
        }
    }
}
