package COM.claymoresystems.cert;

import COM.claymoresystems.ptls.SSLDebug;
import COM.claymoresystems.sslg.Certificate;
import COM.claymoresystems.sslg.DistinguishedName;
import cryptix.asn1.encoding.BaseCoder;
import cryptix.asn1.encoding.CoderOperations;
import cryptix.asn1.lang.ASNObject;
import cryptix.util.core.ArrayUtil;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.DSAPublicKey;
import java.util.Date;
import java.util.Hashtable;
import java.util.Vector;
import xjava.security.interfaces.CryptixRSAPublicKey;

/* loaded from: input_file:lib/ptolemy.jar:/ptII/vendors/sun/jxta/jxtaptls.jar:COM/claymoresystems/cert/X509Cert.class */
public class X509Cert implements Certificate {
    ASNObject signedCert;
    ASNObject unsignedCert;
    ASNObject issuer;
    ASNObject subject;
    ASNObject sigAlg;
    ASNObject sig;
    byte[] DER;
    byte[] unsignedCertDER;
    byte[] subjectDER;
    byte[] issuerDER;
    byte[] signature;
    String signatureAlgorithm;
    PublicKey pubKey;
    X509Name subjectName;
    X509Name issuerName;
    BigInteger serialNumber;
    Date notBefore;
    Date notAfter;
    Vector extensions;
    private static Hashtable oid2NameMap = new Hashtable();

    public X509Cert(byte[] bArr) throws CertificateException {
        this.extensions = null;
        this.DER = bArr;
        synchronized (CertContext.getSpec()) {
            ASNObject component = CertContext.getSpec().getComponent("UsefulCertificate");
            CoderOperations baseCoder = BaseCoder.getInstance("DER");
            baseCoder.init(new ByteArrayInputStream(bArr));
            try {
                component.accept(baseCoder, null);
                this.signedCert = component;
                this.unsignedCertDER = (byte[]) component.getComponent("UsefulCertificate.tbsCertificate").getValue();
                this.sigAlg = component.getComponent("UsefulCertificate.signatureAlgorithm");
                this.signatureAlgorithm = (String) ((Vector) ((Vector) this.sigAlg.getValue()).elementAt(0)).elementAt(0);
                SSLDebug.debug(32, new StringBuffer().append("Signed by ").append(this.signatureAlgorithm).toString());
                this.sig = component.getComponent("UsefulCertificate.signature");
                byte[] bArr2 = (byte[]) this.sig.getValue();
                if (bArr2[0] != 0) {
                    throw new IOException();
                }
                this.signature = new byte[bArr2.length - 1];
                System.arraycopy(bArr2, 1, this.signature, 0, this.signature.length);
                SSLDebug.debug(32, "Signature ", this.signature);
                this.unsignedCert = CertContext.getSpec().getComponent("UsefulTBSCertificate");
                SSLDebug.debug(32, "Unsigned cert DER", this.unsignedCertDER);
                baseCoder.init(new ByteArrayInputStream(this.unsignedCertDER));
                this.unsignedCert.accept(baseCoder, null);
                this.issuer = this.unsignedCert.getComponent("UsefulTBSCertificate.issuer");
                this.issuerDER = (byte[]) this.issuer.getValue();
                this.issuerName = new X509Name(this.issuerDER);
                SSLDebug.debug(32, "Issuer DER", this.issuerDER);
                this.subject = this.unsignedCert.getComponent("UsefulTBSCertificate.subject");
                this.subjectDER = (byte[]) this.subject.getValue();
                this.subjectName = new X509Name(this.subjectDER);
                SSLDebug.debug(32, "Subject DER", this.subjectDER);
                this.pubKey = X509SubjectPublicKeyInfo.createPublicKey((byte[]) this.unsignedCert.getComponent("UsefulTBSCertificate.subjectPublicKeyInfo").getValue());
                this.serialNumber = (BigInteger) this.unsignedCert.getComponent("UsefulTBSCertificate.serialNumber").getValue();
                ASNObject component2 = this.unsignedCert.getComponent("UsefulTBSCertificate.validity");
                this.notBefore = (Date) component2.getComponent("Validity.notBefore").getValue();
                this.notAfter = (Date) component2.getComponent("Validity.notAfter").getValue();
                Vector vector = (Vector) this.unsignedCert.getComponent("UsefulTBSCertificate.extensions").getValue();
                if (vector != null) {
                    for (int i = 0; i < vector.size(); i++) {
                        if (i == 0) {
                            this.extensions = new Vector();
                        }
                        this.extensions.addElement(new X509Ext((byte[]) ((Vector) vector.elementAt(i)).elementAt(0)));
                    }
                }
            } catch (IOException e) {
                throw new CertificateDecodeException(e.toString());
            }
        }
    }

    public String getSignatureAlgorithm() {
        return (String) oid2NameMap.get(this.signatureAlgorithm);
    }

    public PublicKey getPublicKey() {
        return this.pubKey;
    }

    @Override // COM.claymoresystems.sslg.Certificate
    public byte[] getDER() {
        return this.DER;
    }

    @Override // COM.claymoresystems.sslg.Certificate
    public byte[] getIssuerDER() {
        return this.issuerDER;
    }

    @Override // COM.claymoresystems.sslg.Certificate
    public byte[] getSubjectDER() {
        return this.subjectDER;
    }

    @Override // COM.claymoresystems.sslg.Certificate
    public DistinguishedName getSubjectName() {
        return this.subjectName;
    }

    @Override // COM.claymoresystems.sslg.Certificate
    public DistinguishedName getIssuerName() {
        return this.issuerName;
    }

    @Override // COM.claymoresystems.sslg.Certificate
    public Date getValidityNotBefore() {
        return this.notBefore;
    }

    @Override // COM.claymoresystems.sslg.Certificate
    public Date getValidityNotAfter() {
        return this.notAfter;
    }

    @Override // COM.claymoresystems.sslg.Certificate
    public Vector getExtensions() {
        return this.extensions;
    }

    @Override // COM.claymoresystems.sslg.Certificate
    public BigInteger getSerial() {
        return this.serialNumber;
    }

    void checkSignatureKey(PublicKey publicKey, String str) throws CertificateVerifyException {
        if (str.equals("MD2/RSA") || str.equals("MD4/RSA") || str.equals("MD5/RSA") || str.equals("SHA-1/RSA/PKCS#1")) {
            if (!(publicKey instanceof CryptixRSAPublicKey)) {
                throw new CertificateVerifyException(new StringBuffer().append("Public key doesn't match algorithm ").append(str).toString());
            }
        } else {
            if (!str.equals("DSA")) {
                throw new CertificateVerifyException(new StringBuffer().append("Unknown algorithm ").append(str).toString());
            }
            if (!(publicKey instanceof DSAPublicKey)) {
                throw new CertificateVerifyException(new StringBuffer().append("Public key doesn't match algorithm ").append(str).toString());
            }
        }
    }

    public boolean verify(PublicKey publicKey) throws CertificateException {
        try {
            String str = (String) oid2NameMap.get(this.signatureAlgorithm);
            if (str != null) {
                SSLDebug.debug(32, new StringBuffer().append("OID ").append(this.signatureAlgorithm).append("mapped to ").append(str).toString());
            }
            checkSignatureKey(publicKey, str);
            Signature signature = Signature.getInstance(str != null ? str : this.signatureAlgorithm);
            signature.initVerify(publicKey);
            signature.update(this.unsignedCertDER);
            return signature.verify(this.signature);
        } catch (InvalidKeyException e) {
            if (!SSLDebug.getDebug(32)) {
                return false;
            }
            e.printStackTrace();
            return false;
        } catch (NoSuchAlgorithmException e2) {
            if (SSLDebug.getDebug(32)) {
                e2.printStackTrace();
            }
            throw new CertificateVerifyException(e2.toString());
        } catch (SignatureException e3) {
            if (SSLDebug.getDebug(32)) {
                e3.printStackTrace();
            }
            throw new CertificateVerifyException(e3.toString());
        }
    }

    public static Vector verifyCertChain(CertContext certContext, Vector vector, boolean z) throws CertificateException {
        int size = vector.size();
        Vector vector2 = new Vector();
        X509Cert x509Cert = null;
        boolean z2 = false;
        for (int i = 0; i < size; i++) {
            X509Cert x509Cert2 = (X509Cert) vector.elementAt(i);
            SSLDebug.debug(32, "Trying to verify", x509Cert2.getDER());
            if (!z2) {
                if (certContext.isRoot(x509Cert2.getDER())) {
                    SSLDebug.debug(32, "Is root");
                    x509Cert = x509Cert2;
                    vector2.addElement(x509Cert);
                    z2 = true;
                } else {
                    SSLDebug.debug(32, "Trying to find root with DN", x509Cert2.getIssuerDER());
                    x509Cert = certContext.signedByRoot(x509Cert2.getIssuerDER());
                    if (x509Cert == null) {
                        SSLDebug.debug(32, "Nope");
                    } else {
                        SSLDebug.debug(32, "Found one");
                        vector2.addElement(x509Cert);
                        z2 = true;
                    }
                }
            }
            if (!x509Cert2.verify(x509Cert.getPublicKey())) {
                throw new CertificateVerifyException("Certificate signature doesn't match");
            }
            if (!ArrayUtil.areEqual(x509Cert.getSubjectDER(), x509Cert2.getIssuerDER())) {
                throw new CertificateVerifyException("Subject and issuer name don't match");
            }
            if (z) {
                checkExpiry(x509Cert2, new Date());
            }
            x509Cert = x509Cert2;
            vector2.addElement(x509Cert2);
        }
        if (x509Cert != null) {
            return vector2;
        }
        return null;
    }

    static void checkExpiry(Certificate certificate, Date date) throws CertificateVerifyException {
        Date validityNotBefore = certificate.getValidityNotBefore();
        Date validityNotAfter = certificate.getValidityNotAfter();
        if (date.before(validityNotBefore)) {
            throw new CertificateVerifyException(new StringBuffer().append("Certificate not yet valid. Not before date ").append(validityNotBefore).toString());
        }
        if (date.after(validityNotAfter)) {
            throw new CertificateVerifyException(new StringBuffer().append("Certificate expired. Not after date ").append(validityNotAfter).toString());
        }
    }

    static {
        oid2NameMap.put("1.2.840.10040.4.3", "DSA");
        oid2NameMap.put("1.2.840.113549.1.1.2", "MD2/RSA");
        oid2NameMap.put("1.2.840.113549.1.1.3", "MD4/RSA");
        oid2NameMap.put("1.2.840.113549.1.1.4", "MD5/RSA");
        oid2NameMap.put("1.2.840.113549.1.1.5", "SHA-1/RSA/PKCS#1");
    }
}
