package com.baltimore.jpkiplus.x509;

import com.baltimore.jcrypto.asn1.ASN1BitString;
import com.baltimore.jcrypto.asn1.ASN1Exception;
import com.baltimore.jcrypto.asn1.ASN1Interface;
import com.baltimore.jcrypto.asn1.ASN1Null;
import com.baltimore.jcrypto.asn1.ASN1Object;
import com.baltimore.jcrypto.asn1.ASN1ObjectIdentifier;
import com.baltimore.jcrypto.asn1.ASN1Sequence;
import com.baltimore.jcrypto.coders.CoderException;
import com.baltimore.jcrypto.coders.DERCoder;
import com.baltimore.jcrypto.coders.DERInterface;
import com.baltimore.jcrypto.mpa.mpa_num;
import com.baltimore.jcrypto.pkcs.AlgorithmIdentifier;
import com.baltimore.jcrypto.utils.OIDs;
import com.baltimore.jcrypto.utils.Utils;
import com.baltimore.jpkiplus.x509.extensions.CRLNumber;
import com.baltimore.jpkiplus.x509.extensions.Extension;
import com.baltimore.jpkiplus.x509.extensions.ReasonCode;
import com.baltimore.jpkiplus.x509.utils.TBSCertList;
import com.baltimore.jpkiplus.x509.utils.Validity;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;
import java.util.Vector;

/* compiled from: [DashoPro-V1.3-013000] */
/* loaded from: input_file:com/baltimore/jpkiplus/x509/JCRYPTO_X509CRL.class */
public class JCRYPTO_X509CRL extends X509CRL implements ASN1Interface, DERInterface {
    private TBSCertList a;
    private AlgorithmIdentifier b;
    private byte[] c;
    private byte[] d;
    private byte[] e;

    public JCRYPTO_X509CRL() {
        this.a = null;
        this.c = null;
        this.d = null;
        this.e = null;
        this.a = new TBSCertList();
        a(new AlgorithmIdentifier(OIDs.sha_1WithRSAEncryption, new ASN1Null()));
    }

    public JCRYPTO_X509CRL(TBSCertList tBSCertList, AlgorithmIdentifier algorithmIdentifier, byte[] bArr) {
        this();
        a(tBSCertList);
        a(algorithmIdentifier);
        b(bArr);
        c(null);
    }

    public JCRYPTO_X509CRL(TBSCertList tBSCertList, PrivateKey privateKey) throws CRLException {
        this();
        a(tBSCertList);
        a(tBSCertList.getSignatureAlgorithm());
        sign(privateKey);
    }

    public JCRYPTO_X509CRL(String str, Date date, Date date2) throws CertificateException {
        this();
        setIssuerDN(new Name(str));
        setThisUpdate(date);
        setNextUpdate(date2);
    }

    public JCRYPTO_X509CRL(Principal principal, Date date, Date date2) throws CertificateException {
        this();
        setIssuerDN(principal);
        setThisUpdate(date);
        setNextUpdate(date2);
    }

    public JCRYPTO_X509CRL(X509Certificate x509Certificate) throws NoSuchAlgorithmException, CertificateException {
        this();
        setIssuerDN(x509Certificate.getSubjectDN());
        a(AlgorithmIdentifier.getSignatureAlgorithmIdentifier(x509Certificate.getPublicKey()));
    }

    public JCRYPTO_X509CRL(byte[] bArr) throws CoderException, ASN1Exception {
        this();
        fromDER(bArr);
    }

    public static JCRYPTO_X509CRL cast(X509CRL x509crl) throws CRLException {
        if (x509crl instanceof JCRYPTO_X509CRL) {
            return (JCRYPTO_X509CRL) x509crl;
        }
        try {
            return new JCRYPTO_X509CRL(x509crl.getEncoded());
        } catch (ASN1Exception e) {
            throw new CRLException(e.getMessage());
        } catch (CoderException e2) {
            throw new CRLException(e2.getMessage());
        }
    }

    @Override // com.baltimore.jcrypto.asn1.ASN1Interface
    public void fromASN1Object(ASN1Object aSN1Object) throws ASN1Exception {
        this.e = aSN1Object.getBERBytes();
        ASN1Sequence aSN1Sequence = (ASN1Sequence) aSN1Object;
        try {
            a(new TBSCertList(aSN1Sequence.getComponent(0)));
            a(new AlgorithmIdentifier(aSN1Sequence.getComponent(1)));
            if (aSN1Sequence.getNumberOfComponents() > 2) {
                b(((ASN1BitString) aSN1Sequence.getComponent(2)).getValue());
            }
        } catch (Exception e) {
            throw new ASN1Exception(e);
        }
    }

    @Override // com.baltimore.jcrypto.coders.DERInterface
    public void fromDER(byte[] bArr) throws ASN1Exception, CoderException {
        byte[] component = DERCoder.getComponent(bArr, 0);
        c(component);
        try {
            a(new TBSCertList(component));
            try {
                a(new AlgorithmIdentifier(DERCoder.decode(DERCoder.getComponent(bArr, 1))));
                b(((ASN1BitString) DERCoder.decode(DERCoder.getComponent(bArr, 2))).getValue());
                a(bArr);
            } catch (Exception e) {
                throw new CoderException(e);
            }
        } catch (Exception e2) {
            throw new ASN1Exception(e2);
        }
    }

    private byte[] a() {
        if (this.e == null) {
            a((byte[]) null);
        }
        return this.e;
    }

    public JCRYPTO_X509Extensions getCRLEntryExtensions(JCRYPTO_X509Certificate jCRYPTO_X509Certificate) throws CRLException {
        if (!getIssuerDN().equals(jCRYPTO_X509Certificate.getIssuerDN())) {
            throw new CRLException(new StringBuffer("JCRYPTO_X%)(CRL::getCRLEntryExtensions - this certificate- ").append(jCRYPTO_X509Certificate).append(" does not belong to this CRL.").toString());
        }
        X509CRLEntryImpl x509CRLEntryImpl = (X509CRLEntryImpl) getRevokedCertificate(jCRYPTO_X509Certificate.getSerialNumber());
        if (x509CRLEntryImpl == null) {
            return null;
        }
        return x509CRLEntryImpl.getEntryExtensions();
    }

    public JCRYPTO_X509Extensions getCRLExtensions() {
        return this.a.getCRLExtensions();
    }

    public mpa_num getCRLNumber() {
        CRLNumber cRLNumber = (CRLNumber) this.a.getCRLExtensions().getExtension(OIDs.cRLNumber);
        if (cRLNumber != null) {
            return cRLNumber.getCRLNumber();
        }
        return null;
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        JCRYPTO_X509Extensions cRLExtensions = this.a.getCRLExtensions();
        HashSet hashSet = new HashSet();
        if (cRLExtensions != null) {
            Vector criticalExtensionOIDs = cRLExtensions.getCriticalExtensionOIDs();
            for (int i = 0; i < criticalExtensionOIDs.size(); i++) {
                hashSet.add(criticalExtensionOIDs.elementAt(i));
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509CRL
    public byte[] getEncoded() throws CRLException {
        try {
            return a();
        } catch (Exception e) {
            throw new CRLException(e.getMessage());
        }
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        JCRYPTO_X509Extensions cRLExtensions = this.a.getCRLExtensions();
        if (cRLExtensions == null) {
            return null;
        }
        try {
            return cRLExtensions.getExtensionValue(str);
        } catch (Exception unused) {
            return null;
        }
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        return this.a.getIssuerDN();
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        return this.a.getNextUpdate();
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        JCRYPTO_X509Extensions cRLExtensions = this.a.getCRLExtensions();
        HashSet hashSet = new HashSet();
        if (cRLExtensions != null) {
            Vector nonCriticalExtensionOIDs = cRLExtensions.getNonCriticalExtensionOIDs();
            for (int i = 0; i < nonCriticalExtensionOIDs.size(); i++) {
                hashSet.add(nonCriticalExtensionOIDs.elementAt(i));
            }
        }
        return hashSet;
    }

    public ReasonCode getReasonCode(JCRYPTO_X509Certificate jCRYPTO_X509Certificate) throws CRLException {
        Extension extension = getCRLEntryExtensions(jCRYPTO_X509Certificate).getExtension(OIDs.reasonCode);
        if (extension != null) {
            return (ReasonCode) extension;
        }
        return null;
    }

    public Date getRevocationDate(JCRYPTO_X509Certificate jCRYPTO_X509Certificate) throws CRLException {
        if (!getIssuerDN().equals(jCRYPTO_X509Certificate.getIssuerDN())) {
            throw new CRLException(new StringBuffer("JCRYPTO_X%)(CRL::getRevocationDate - this certificate- ").append(jCRYPTO_X509Certificate).append(" does not belong to this CRL.").toString());
        }
        X509CRLEntry revokedCertificate = getRevokedCertificate(jCRYPTO_X509Certificate.getSerialNumber());
        if (revokedCertificate == null) {
            return null;
        }
        return revokedCertificate.getRevocationDate();
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        return (X509CRLEntry) this.a.getRevokedCertificates().get(bigInteger);
    }

    @Override // java.security.cert.X509CRL
    public Set getRevokedCertificates() {
        return new HashSet(this.a.getRevokedCertificates().values());
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        ASN1ObjectIdentifier algorithm = this.b.getAlgorithm();
        String stringFromOID = OIDs.getStringFromOID(algorithm);
        if (stringFromOID == null) {
            stringFromOID = new StringBuffer("unknown[").append(algorithm).append("]").toString();
        }
        return stringFromOID;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        return this.b.getAlgorithm().toString();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        try {
            return DERCoder.encode(this.b.getParameters());
        } catch (Exception unused) {
            return null;
        }
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        return this.c;
    }

    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() {
        return b();
    }

    private byte[] b() {
        if (this.d == null) {
            c(null);
        }
        return this.d;
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        return this.a.getThisUpdate();
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        return this.a.getVersion();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        JCRYPTO_X509Extensions cRLExtensions = this.a.getCRLExtensions();
        return cRLExtensions != null && cRLExtensions.hasUnsupportedCriticalExtension();
    }

    public boolean isRevoked(BigInteger bigInteger) {
        return this.a.isRevoked(bigInteger);
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        X509Certificate x509Certificate = (X509Certificate) certificate;
        return x509Certificate.getIssuerDN().equals(getIssuerDN()) && this.a.isRevoked(x509Certificate.getSerialNumber());
    }

    public boolean isSigned() {
        return this.c != null;
    }

    public void revokeCertificate(BigInteger bigInteger, Date date, JCRYPTO_X509Extensions jCRYPTO_X509Extensions) {
        this.a.addRevokedCertificate(bigInteger, date, jCRYPTO_X509Extensions);
    }

    public void revokeCertificate(X509Certificate x509Certificate) {
        this.a.addRevokedCertificate(x509Certificate.getSerialNumber(), new Date(), null);
    }

    private void a(byte[] bArr) {
        try {
            if (bArr == null) {
                this.e = DERCoder.encode(this);
            } else {
                this.e = bArr;
            }
        } catch (Exception unused) {
        }
    }

    public void setCRLExtensions(JCRYPTO_X509Extensions jCRYPTO_X509Extensions) {
        this.a.setCRLExtensions(jCRYPTO_X509Extensions);
    }

    public void setIssuerDN(Principal principal) throws CertificateException {
        this.a.setIssuerDN(principal);
    }

    public void setNextUpdate(Date date) {
        this.a.setNextUpdate(date);
    }

    private void b(byte[] bArr) {
        this.c = bArr;
    }

    private void a(AlgorithmIdentifier algorithmIdentifier) {
        this.b = algorithmIdentifier;
        this.a.setSignatureAlgorithm(this.b);
    }

    private void a(TBSCertList tBSCertList) {
        this.a = tBSCertList;
    }

    private void c(byte[] bArr) {
        try {
            if (bArr == null) {
                this.d = DERCoder.encode(this.a);
            } else {
                this.d = bArr;
            }
        } catch (Exception unused) {
        }
    }

    public void setThisUpdate(Date date) {
        this.a.setThisUpdate(date);
    }

    public void sign(PrivateKey privateKey) throws CRLException {
        sign(privateKey, null, null);
    }

    public void sign(PrivateKey privateKey, Validity validity) throws CRLException {
        sign(privateKey, null, validity);
    }

    public void sign(PrivateKey privateKey, String str) throws CRLException {
        sign(privateKey, str, null);
    }

    public void sign(PrivateKey privateKey, String str, Validity validity) throws CRLException {
        try {
            if (this.b == null) {
                a(AlgorithmIdentifier.getSignatureAlgorithmIdentifier(privateKey));
            } else {
                String upperCase = privateKey.getAlgorithm().toUpperCase();
                String upperCase2 = this.b.getAlgorithm().getDescription().toUpperCase();
                if (upperCase2.lastIndexOf(upperCase) == -1) {
                    throw new CRLException(new StringBuffer("The public key algorithm referred to in the private key - ").append(upperCase).append(" - does not match the public key algorithm in the signature algorithm - ").append(upperCase2).toString());
                }
            }
            if (this.a == null && this.d == null) {
                throw new CRLException("JCRYPTO_X509CRL::sign(PrivateKey) - the tbsCertList has not been set.");
            }
            if (!this.b.getAlgorithm().equals(this.a.getSignatureAlgorithm().getAlgorithm())) {
                throw new CRLException("JCRYPTO_X509CRL::sign(PrivateKey) - the signature algorithm inside the TBS Cert List is not the same as the one outside it.");
            }
            if (validity != null) {
                this.a.setThisUpdate(validity.getNotBeforeDate());
                this.a.setNextUpdate(validity.getNotAfterDate());
            } else if (this.a.getThisUpdate() == null) {
                this.a.setThisUpdate(new Date());
            }
            String stringFromOID = OIDs.getStringFromOID(this.b.getAlgorithm());
            if (stringFromOID == null) {
                throw new CRLException("JCRYPTO_X509CRL::sign(PrivateKey) - The Signature Algorithm is not one of the available signature algorithms.");
            }
            Signature signature = str != null ? Signature.getInstance(stringFromOID, str) : Signature.getInstance(stringFromOID);
            byte[] b = b();
            signature.initSign(privateKey);
            signature.update(b);
            b(signature.sign());
        } catch (Exception e) {
            throw new CRLException(e.getMessage());
        }
    }

    @Override // com.baltimore.jcrypto.asn1.ASN1Interface
    public ASN1Object toASN1Object() throws ASN1Exception {
        ASN1Sequence aSN1Sequence = new ASN1Sequence();
        if (this.a != null) {
            aSN1Sequence.addComponent(this.a);
        }
        if (this.b != null) {
            aSN1Sequence.addComponent(this.b);
        }
        if (this.c != null) {
            aSN1Sequence.addComponent(new ASN1BitString(this.c, 0));
        }
        aSN1Sequence.setBERBytes(this.e);
        return aSN1Sequence;
    }

    @Override // java.security.cert.CRL
    public String toString() {
        String stringBuffer;
        String str = "";
        try {
            String stringBuffer2 = new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(str)).append("This crl was issued by: \n\n").toString())).append(getIssuerDN()).append("\n\n").toString())).append("This crl was issued at: \n ").append(Utils.dateToString(getThisUpdate())).append("\n").toString();
            String stringBuffer3 = getNextUpdate() != null ? new StringBuffer(String.valueOf(stringBuffer2)).append("The next crl will be issued before:\n  ").append(Utils.dateToString(getNextUpdate())).append("\n\n\n").toString() : new StringBuffer(String.valueOf(stringBuffer2)).append("No indication of when the next CRL will be issued by.\n\n\n").toString();
            Set<X509CRLEntry> revokedCertificates = getRevokedCertificates();
            int size = revokedCertificates.size();
            if (size > 0) {
                stringBuffer = new StringBuffer(String.valueOf(stringBuffer3)).append("This CRL contains information about ").append(size).append(" certificates.\n").toString();
                for (X509CRLEntry x509CRLEntry : revokedCertificates) {
                    stringBuffer = new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(stringBuffer)).append("Revoked cert:\n").toString())).append(" Serial Number   ").append(x509CRLEntry.getSerialNumber()).append("\n").toString())).append(" Revocation Date ").append(x509CRLEntry.getRevocationDate()).append("\n").toString();
                    if (x509CRLEntry.hasExtensions()) {
                        stringBuffer = new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(stringBuffer)).append(" CRL Entry Critical Extensions:\n  ").append(x509CRLEntry.getCriticalExtensionOIDs()).append("\n").toString())).append(" CRL Entry Non-Critical Extensions:\n  ").append(x509CRLEntry.getNonCriticalExtensionOIDs()).append("\n").toString();
                    }
                }
            } else {
                stringBuffer = new StringBuffer(String.valueOf(stringBuffer3)).append("No revoked certificates in this CRL.\n").toString();
            }
            String stringBuffer4 = new StringBuffer(String.valueOf(stringBuffer)).append("\n").toString();
            str = new StringBuffer(String.valueOf(getCRLExtensions() != null ? new StringBuffer(String.valueOf(stringBuffer4)).append(getCRLExtensions()).toString() : new StringBuffer(String.valueOf(stringBuffer4)).append("This CRL has no CRL extensions.").toString())).append("\n\n").toString();
        } catch (Exception e) {
            e.printStackTrace();
        }
        return str;
    }

    public boolean verify(JCRYPTO_X509Certificate jCRYPTO_X509Certificate) throws CRLException {
        if (!jCRYPTO_X509Certificate.getSubjectDN().equals(getIssuerDN())) {
            throw new CRLException("JCRYPTO_X509CRL::verify(JCRYPTO_X509Certificate cert) - the subject of the certificate is not the issuer of the CRL.");
        }
        try {
            verify(jCRYPTO_X509Certificate.getPublicKey());
            return true;
        } catch (Exception e) {
            throw new CRLException(new StringBuffer("CRL verification error: ").append(e).toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        verify(publicKey, (String) null);
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        if (!this.a.getSignatureAlgorithm().getAlgorithm().equals(this.b.getAlgorithm())) {
            throw new CRLException("JCRYPTO_X509CRL::verify - The Signature Algorithm inside the CRL does not agree with the Signature Algorithm used to sign the CRL");
        }
        if (this.c == null) {
            throw new CRLException("CRL is not signed");
        }
        byte[] b = b();
        String stringFromOID = OIDs.getStringFromOID(this.b.getAlgorithm());
        if (stringFromOID == null) {
            throw new CRLException("JCRYPTO_X509CRL::verify(PublicKey) - The Signature Algorithm is not one of the available signature algorithms.");
        }
        Signature signature = str == null ? Signature.getInstance(stringFromOID) : Signature.getInstance(stringFromOID, str);
        signature.initVerify(publicKey);
        signature.update(b);
        if (!signature.verify(this.c)) {
            throw new SignatureException("CRL signature check failed");
        }
    }
}
