package iaik.x509.ocsp;

import iaik.asn1.ASN;
import iaik.asn1.ASN1;
import iaik.asn1.ASN1Object;
import iaik.asn1.BIT_STRING;
import iaik.asn1.CON_SPEC;
import iaik.asn1.CodingException;
import iaik.asn1.DerCoder;
import iaik.asn1.INTEGER;
import iaik.asn1.ObjectID;
import iaik.asn1.SEQUENCE;
import iaik.asn1.structures.AlgorithmID;
import iaik.asn1.structures.ChoiceOfTime;
import iaik.asn1.structures.GeneralName;
import iaik.utils.Util;
import iaik.x509.V3Extension;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionException;
import iaik.x509.X509ExtensionInitException;
import iaik.x509.ocsp.extensions.Nonce;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Date;
import java.util.Enumeration;

/* loaded from: input_file:120091-10/SUNWamsci/reloc/SUNWam/lib/iaik_jce_full.jar:iaik/x509/ocsp/BasicOCSPResponse.class */
public class BasicOCSPResponse extends Response {
    static Class j;
    static Class k;
    private boolean h;
    private byte[] b;
    private X509Certificate[] l;
    private AlgorithmID c;
    private OCSPExtensions i;
    private SingleResponse[] d;
    private ChoiceOfTime g;
    private ResponderID f;
    private int a;
    private ASN1 e;
    public static final ObjectID responseType = new ObjectID("1.3.6.1.5.5.7.48.1.1", "id-pkix-ocsp-basic");

    static Class a(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    public void writeTo(OutputStream outputStream) throws IOException {
        c();
        this.e.writeTo(outputStream);
    }

    public void verify(PublicKey publicKey, String str) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException {
        c();
        Signature signatureInstance = this.c.getSignatureInstance(str);
        try {
            byte[] firstObject = this.e.getFirstObject();
            signatureInstance.initVerify(publicKey);
            signatureInstance.update(firstObject);
            if (!signatureInstance.verify(this.b)) {
                throw new SignatureException("Signature verification error!");
            }
        } catch (CodingException e) {
            throw new SignatureException(e.toString());
        }
    }

    public void verify(PublicKey publicKey) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException {
        verify(publicKey, null);
    }

    public X509Certificate verify() throws OCSPException, SignatureException, InvalidKeyException, NoSuchAlgorithmException {
        if (this.l == null || this.l.length <= 0) {
            throw new OCSPException("Cannot verify request. No certificates included.");
        }
        X509Certificate[] arrangeCertificateChain = Util.arrangeCertificateChain(this.l, false);
        if (arrangeCertificateChain == null || arrangeCertificateChain.length <= 0) {
            throw new OCSPException("Cannot verify request. Cannot build chain from included certs.");
        }
        verify(arrangeCertificateChain[0].getPublicKey());
        return arrangeCertificateChain[0];
    }

    public String toString(boolean z) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(new StringBuffer("Version: ").append(this.a).append("\n").toString());
        stringBuffer.append(new StringBuffer("ResponderID: ").append(this.f).append("\n").toString());
        stringBuffer.append(new StringBuffer("ProducedAt: ").append(this.g).append("\n").toString());
        if (z) {
            for (int i = 0; i < this.d.length; i++) {
                stringBuffer.append(new StringBuffer("singleResponse ").append(i).append(": {\n").toString());
                stringBuffer.append(new StringBuffer(String.valueOf(this.d[i].toString(true))).append("}").toString());
            }
        } else {
            stringBuffer.append(new StringBuffer("singleResponses: ").append(this.d.length).toString());
        }
        stringBuffer.append("\n");
        if (this.i != null) {
            if (z) {
                stringBuffer.append(this.i);
            } else {
                stringBuffer.append(new StringBuffer("Extensions: ").append(this.i.countExtensions()).toString());
                stringBuffer.append("\n");
            }
        }
        stringBuffer.append(new StringBuffer("Signature algorithm: ").append(this.c).append("\n").toString());
        if (this.l != null) {
            stringBuffer.append(new StringBuffer("certificates: ").append(this.l.length).append("\n").toString());
        }
        return stringBuffer.toString();
    }

    @Override // iaik.x509.ocsp.Response
    public String toString() {
        return toString(false);
    }

    public ASN1Object toASN1Object() {
        c();
        return this.e.toASN1Object();
    }

    public void sign(AlgorithmID algorithmID, PrivateKey privateKey, String str) throws NoSuchAlgorithmException, InvalidKeyException, OCSPException {
        if (algorithmID == null) {
            throw new OCSPException("Cannot sign response! No signature algorithm specified!");
        }
        this.c = algorithmID;
        Signature signatureInstance = this.c.getSignatureInstance(str);
        ASN1Object a = a();
        signatureInstance.initSign(privateKey);
        try {
            signatureInstance.update(DerCoder.encode(a));
            this.b = signatureInstance.sign();
            BIT_STRING bit_string = new BIT_STRING(this.b);
            SEQUENCE sequence = new SEQUENCE();
            sequence.addComponent(a);
            sequence.addComponent(this.c.toASN1Object());
            sequence.addComponent(bit_string);
            if (this.l != null && this.l.length > 0) {
                sequence.addComponent(new CON_SPEC(0, ASN.createSequenceOf(this.l)));
            }
            this.e = new ASN1(sequence);
            e();
        } catch (CodingException e) {
            throw new OCSPException(e.toString());
        } catch (SignatureException e2) {
            throw new OCSPException(e2.toString());
        }
    }

    public void sign(AlgorithmID algorithmID, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException, OCSPException {
        sign(algorithmID, privateKey, null);
    }

    public void setSingleResponses(SingleResponse[] singleResponseArr) {
        this.d = singleResponseArr;
        d();
        if (this.d != null) {
            for (int i = 0; i < this.d.length; i++) {
                if (this.d[i].getReqCert().getType() != 0) {
                    this.a = 2;
                    return;
                }
            }
        }
    }

    private void e() {
        this.h = false;
    }

    public void setSignature(AlgorithmID algorithmID, byte[] bArr) throws OCSPException {
        if (algorithmID == null) {
            throw new OCSPException("Cannot set signature! No signature algorithm specified!");
        }
        if (bArr == null || bArr.length == 0) {
            throw new OCSPException("Cannot set empty signature value!");
        }
        this.c = algorithmID;
        this.b = bArr;
        ASN1Object a = a();
        try {
            BIT_STRING bit_string = new BIT_STRING(this.b);
            SEQUENCE sequence = new SEQUENCE();
            sequence.addComponent(a);
            sequence.addComponent(this.c.toASN1Object());
            sequence.addComponent(bit_string);
            if (this.l != null && this.l.length > 0) {
                sequence.addComponent(new CON_SPEC(0, ASN.createSequenceOf(this.l)));
            }
            this.e = new ASN1(sequence);
            e();
        } catch (CodingException e) {
            throw new OCSPException(e.toString());
        }
    }

    public void setResponderID(ResponderID responderID) {
        this.f = responderID;
        d();
    }

    public void setProducedAt(Date date) {
        this.g = new ChoiceOfTime(date);
        this.g.setEncodingType(ASN.GeneralizedTime);
        d();
    }

    public void setNonce(byte[] bArr) throws X509ExtensionException {
        addExtension(new Nonce(bArr));
    }

    private void d() {
        this.h = true;
    }

    public void setCertificates(X509Certificate[] x509CertificateArr) {
        this.l = x509CertificateArr;
        d();
    }

    public boolean removeExtension(ObjectID objectID) {
        boolean removeExtension = this.i == null ? false : this.i.removeExtension(objectID);
        if (removeExtension) {
            d();
        }
        return removeExtension;
    }

    public void removeAllExtensions() {
        if (this.i != null) {
            this.i.removeAllExtensions();
            d();
        }
        this.i = null;
    }

    public Enumeration listExtensions() {
        if (this.i == null) {
            return null;
        }
        return this.i.listExtensions();
    }

    private void b() throws X509ExtensionException, CodingException {
        Class a;
        Class a2;
        int i = 0;
        ASN1Object componentAt = this.e.getComponentAt(0);
        this.c = new AlgorithmID(this.e.getComponentAt(1));
        this.b = (byte[]) ((BIT_STRING) this.e.getComponentAt(2)).getValue();
        if (this.e.countComponents() == 4) {
            ASN1Object aSN1Object = (ASN1Object) this.e.getComponentAt(3).getValue();
            if (k != null) {
                a2 = k;
            } else {
                a2 = a("iaik.x509.X509Certificate");
                k = a2;
            }
            this.l = (X509Certificate[]) ASN.parseSequenceOf(aSN1Object, a2);
        }
        ASN1Object componentAt2 = componentAt.getComponentAt(0);
        if (componentAt2.isA(ASN.CON_SPEC) && componentAt2.getAsnType().getTag() == 0) {
            this.a = ((BigInteger) ((ASN1Object) componentAt2.getValue()).getValue()).intValue() + 1;
            i = 0 + 1;
        }
        this.f = new ResponderID(componentAt.getComponentAt(i));
        this.g = new ChoiceOfTime(componentAt.getComponentAt(1 + i));
        ASN1Object componentAt3 = componentAt.getComponentAt(2 + i);
        if (j != null) {
            a = j;
        } else {
            a = a("iaik.x509.ocsp.SingleResponse");
            j = a;
        }
        this.d = (SingleResponse[]) ASN.parseSequenceOf(componentAt3, a);
        int i2 = 3 + i;
        if (i2 < componentAt.countComponents()) {
            this.i = new OCSPExtensions((ASN1Object) componentAt.getComponentAt(i2).getValue());
        }
        this.e.clearASN1Object();
        e();
    }

    public boolean hasUnsupportedCriticalExtension() {
        if (this.i == null) {
            return false;
        }
        return this.i.hasUnsupportedCriticalExtension();
    }

    public boolean hasExtensions() {
        if (this.i == null) {
            return false;
        }
        return this.i.hasExtensions();
    }

    public int getVersion() {
        return this.a;
    }

    public byte[] getTBSResponseData() throws CodingException {
        try {
            return (this.e == null || this.e.toByteArray() == null) ? DerCoder.encode(a()) : this.e.getFirstObject();
        } catch (OCSPException e) {
            throw new CodingException(e.toString());
        }
    }

    public SingleResponse[] getSingleResponses() {
        return this.d;
    }

    public SingleResponse getSingleResponse(ReqCert reqCert) throws OCSPException {
        return (SingleResponse) getCertificateResponse(reqCert);
    }

    public SingleResponse getSingleResponse(X509Certificate x509Certificate, X509Certificate x509Certificate2, GeneralName generalName) throws OCSPException {
        return (SingleResponse) getCertificateResponse(x509Certificate, x509Certificate2, generalName);
    }

    public AlgorithmID getSignatureAlgorithm() {
        return this.c;
    }

    public byte[] getSignature() {
        return this.b;
    }

    @Override // iaik.x509.ocsp.Response
    public ObjectID getResponseType() {
        return responseType;
    }

    public ResponderID getResponderID() {
        return this.f;
    }

    public Date getProducedAt() {
        if (this.g == null) {
            return null;
        }
        return this.g.getDate();
    }

    public byte[] getNonce() throws X509ExtensionInitException {
        Nonce nonce = (Nonce) getExtension(Nonce.oid);
        if (nonce == null) {
            return null;
        }
        return nonce.getValue();
    }

    public V3Extension getExtension(ObjectID objectID) throws X509ExtensionInitException {
        if (this.i == null) {
            return null;
        }
        return this.i.getExtension(objectID);
    }

    @Override // iaik.x509.ocsp.Response
    public byte[] getEncoded() {
        c();
        return this.e.toByteArray();
    }

    public X509Certificate[] getCertificates() {
        return this.l;
    }

    @Override // iaik.x509.ocsp.Response
    public CertificateResponse getCertificateResponse(ReqCert reqCert) throws OCSPException {
        if (this.d == null) {
            return null;
        }
        boolean z = false;
        boolean z2 = false;
        for (int i = 0; i < this.d.length; i++) {
            SingleResponse singleResponse = this.d[i];
            if (singleResponse.isResponseFor(reqCert)) {
                return singleResponse;
            }
            if (reqCert.getType() != singleResponse.getReqCert().getType()) {
                z = true;
            } else if (!z2 && reqCert.getType() == 0) {
                if (!((CertID) reqCert.getReqCert()).getHashAlgorithm().equals(((CertID) singleResponse.getReqCert().getReqCert()).getHashAlgorithm())) {
                    z2 = true;
                }
            }
        }
        if (!z && !z2) {
            return null;
        }
        String str = z2 ? "certIDs with different hash algorithms" : "";
        throw new OCSPException(new StringBuffer(String.valueOf("No response found, but some responses have ")).append(z ? new StringBuffer("different ReqCert types ").append(z2 ? new StringBuffer("or ").append(str).toString() : "").toString() : z2 ? str : "").toString());
    }

    @Override // iaik.x509.ocsp.Response
    public CertificateResponse getCertificateResponse(X509Certificate x509Certificate, X509Certificate x509Certificate2, GeneralName generalName) throws OCSPException {
        if (this.d == null) {
            return null;
        }
        OCSPException oCSPException = null;
        for (int i = 0; i < this.d.length; i++) {
            SingleResponse singleResponse = this.d[i];
            try {
            } catch (OCSPException e) {
                if (oCSPException == null) {
                    oCSPException = e;
                }
            }
            if (singleResponse.isResponseFor(x509Certificate, x509Certificate2, generalName)) {
                return singleResponse;
            }
        }
        if (oCSPException != null) {
            throw new OCSPException(new StringBuffer("Cannot check single responses. ").append(oCSPException.getMessage()).toString());
        }
        return null;
    }

    @Override // iaik.x509.ocsp.Response
    public void decode(byte[] bArr) throws CodingException {
        try {
            this.e = new ASN1(bArr);
            b();
        } catch (X509ExtensionException e) {
            throw new CodingException(e.toString());
        }
    }

    public void decode(InputStream inputStream) throws IOException {
        try {
            this.e = new ASN1(inputStream);
            b();
        } catch (CodingException e) {
            throw new IOException(e.toString());
        } catch (X509ExtensionException e2) {
            throw new IOException(e2.toString());
        }
    }

    public void decode(ASN1Object aSN1Object) throws CodingException {
        this.e = new ASN1(aSN1Object);
        try {
            b();
        } catch (Exception e) {
            throw new CodingException(e.toString());
        }
    }

    private ASN1Object a() throws OCSPException {
        if (this.f == null) {
            throw new OCSPException("Responder ID not set!");
        }
        if (this.g == null) {
            throw new OCSPException("ProducedAt date not set!");
        }
        if (this.d == null || this.d.length == 0) {
            throw new OCSPException("No single responses set!");
        }
        try {
            SEQUENCE sequence = new SEQUENCE();
            if (this.a > 1) {
                sequence.addComponent(new CON_SPEC(0, new INTEGER(this.a - 1)));
            }
            sequence.addComponent(this.f.toASN1Object());
            sequence.addComponent(this.g.toASN1Object());
            sequence.addComponent(ASN.createSequenceOf(this.d));
            if (this.i != null) {
                sequence.addComponent(new CON_SPEC(1, this.i.toASN1Object()));
            }
            return sequence;
        } catch (Exception e) {
            throw new OCSPException(e.toString());
        }
    }

    public int countSingleResponses() {
        return this.d.length;
    }

    public int countExtensions() {
        if (this.i == null) {
            return 0;
        }
        return this.i.countExtensions();
    }

    public boolean containsCertificates() {
        return this.l != null && this.l.length > 0;
    }

    private void c() {
        if (this.h) {
            throw new RuntimeException("Cannot perform operation, certificate has to be signed first");
        }
    }

    public void addExtension(V3Extension v3Extension) throws X509ExtensionException {
        if (this.i == null) {
            this.i = new OCSPExtensions();
        }
        this.i.addExtension(v3Extension);
        d();
    }

    public BasicOCSPResponse(byte[] bArr) throws CodingException {
        decode(bArr);
    }

    public BasicOCSPResponse(InputStream inputStream) throws CodingException, IOException {
        decode(inputStream);
    }

    public BasicOCSPResponse() {
        this.a = 1;
        this.e = new ASN1();
        d();
    }
}
