package com.rsa.certj.cert;

import com.bea.security.saml2.util.SAML2Constants;
import com.rsa.asn1.ASN1Lengths;
import com.rsa.asn1.ASN_Exception;
import com.rsa.asn1.AlgorithmID;
import com.rsa.asn1.EncodedContainer;
import com.rsa.asn1.OIDList;
import com.rsa.certj.CertJ;
import com.rsa.certj.internal.JSAFEFactory;
import com.rsa.jsafe.JSAFE_Exception;
import com.rsa.jsafe.JSAFE_MessageDigest;
import com.rsa.jsafe.JSAFE_Parameters;
import com.rsa.jsafe.JSAFE_PrivateKey;
import com.rsa.jsafe.JSAFE_PublicKey;
import com.rsa.jsafe.JSAFE_Session;
import com.rsa.jsafe.JSAFE_Signature;
import java.io.Serializable;
import java.security.SecureRandom;
import weblogic.management.configuration.SNMPAgentMBean;

/* loaded from: input_file:com/rsa/certj/cert/Certificate.class */
public abstract class Certificate implements Cloneable, Serializable {
    private static final String DEFAULT_DEVICE = "Java";
    public static final int RSA_WITH_SHA1_PKCS = 0;
    public static final int RSA_WITH_SHA1_ISO_OIW = 1;
    public static final int DSA_WITH_SHA1_X930 = 2;
    public static final int DSA_WITH_SHA1_X957 = 3;
    protected byte[] subjectPublicKeyInfo;
    protected JSAFE_PublicKey subjectPublicKey;
    protected byte[] signatureAlgorithmBER;
    protected int signatureAlgorithmFormat = -1;
    protected byte[] signature;
    protected String theDevice;
    protected String[] theDeviceList;
    private CertJ theCertJ;

    public final void setCertJ(CertJ certJ) {
        this.theCertJ = certJ;
    }

    public final CertJ getCertJ() {
        return this.theCertJ;
    }

    public String getSignatureAlgorithm() throws CertificateException {
        try {
            if (this.signatureAlgorithmBER == null) {
                throw new CertificateException("Object not set with signature algorithm.");
            }
            return AlgorithmID.berDecodeAlgID(this.signatureAlgorithmBER, 0, 1, (EncodedContainer) null);
        } catch (ASN_Exception e) {
            throw new CertificateException("Invalid Signature Algorithm.", e);
        }
    }

    public byte[] getSignatureAlgorithmDER() throws CertificateException {
        if (this.signatureAlgorithmBER == null) {
            throw new CertificateException("Object not set with signature algorithm.");
        }
        return (byte[]) this.signatureAlgorithmBER.clone();
    }

    public abstract byte[] getSignature() throws CertificateException;

    public String getDevice() throws CertificateException {
        return DEFAULT_DEVICE;
    }

    public String[] getDeviceList() throws CertificateException {
        return new String[]{DEFAULT_DEVICE};
    }

    public void setSignatureStandard(int i) {
        this.signatureAlgorithmFormat = i;
    }

    public int getSignatureStandard() {
        return this.signatureAlgorithmFormat;
    }

    public String getSignatureFormat(String str) {
        if (str == null) {
            return null;
        }
        switch (this.signatureAlgorithmFormat) {
            case 0:
                if (str.equals("SHA1/RSA/PKCS1Block01Pad")) {
                    return "RSAWithSHA1PKCS";
                }
                return null;
            case 1:
                if (str.equals("SHA1/RSA/PKCS1Block01Pad")) {
                    return "RSAWithSHA1ISO_OIW";
                }
                return null;
            case 2:
                if (str.equals("SHA1/DSA") || str.equals("SHA1/DSA/NoPad")) {
                    return "DSAWithSHA1X930";
                }
                return null;
            case 3:
                if (str.equals("SHA1/DSA") || str.equals("SHA1/DSA/NoPad")) {
                    return "DSAWithSHA1X957";
                }
                return null;
            default:
                if (str.equals("SHA1/DSA")) {
                    return "SHA1/DSA/NoPad";
                }
                return null;
        }
    }

    public void setSubjectPublicKey(JSAFE_PublicKey jSAFE_PublicKey) throws CertificateException {
        if (jSAFE_PublicKey == null) {
            throw new CertificateException("Public key is null.");
        }
        clearSignature();
        try {
            this.subjectPublicKey = (JSAFE_PublicKey) jSAFE_PublicKey.clone();
            try {
                this.subjectPublicKeyInfo = (this.signatureAlgorithmFormat == 3 && jSAFE_PublicKey.getAlgorithm().compareTo(SAML2Constants.DSA_KEY_TYPE) == 0) ? jSAFE_PublicKey.getKeyData("DSAPublicKeyX957BER")[0] : jSAFE_PublicKey.getKeyData(jSAFE_PublicKey.getAlgorithm() + "PublicKeyBER")[0];
            } catch (JSAFE_Exception e) {
                throw new CertificateException("Could not read the public key.");
            }
        } catch (CloneNotSupportedException e2) {
            throw new CertificateException(e2);
        }
    }

    public void setSubjectPublicKey(byte[] bArr, int i) throws CertificateException {
        if (bArr == null) {
            throw new CertificateException("Public key encoding is null.");
        }
        try {
            setSubjectPublicKey(JSAFEFactory.getPublicKey(bArr, i, this.theCertJ != null ? this.theCertJ.getDevice() : DEFAULT_DEVICE, this.theCertJ));
        } catch (JSAFE_Exception e) {
            throw new CertificateException("Could not read the public key.");
        }
    }

    public JSAFE_PublicKey getSubjectPublicKey(String str) throws CertificateException {
        if (this.subjectPublicKey == null) {
            throw new CertificateException("Object not set with public key.");
        }
        try {
            return (JSAFE_PublicKey) this.subjectPublicKey.clone();
        } catch (CloneNotSupportedException e) {
            throw new CertificateException(e);
        }
    }

    public byte[] getSubjectPublicKeyBER() throws CertificateException {
        if (this.subjectPublicKeyInfo == null) {
            throw new CertificateException("Object not set with public key.");
        }
        return (byte[]) this.subjectPublicKeyInfo.clone();
    }

    public byte[] getUniqueID() {
        try {
            byte[][] keyData = getSubjectPublicKey(DEFAULT_DEVICE).getKeyData();
            JSAFE_MessageDigest digest = JSAFEFactory.getDigest(SNMPAgentMBean.MD5, DEFAULT_DEVICE, this.theCertJ);
            digest.digestInit();
            for (int i = 0; i < keyData.length; i++) {
                digest.digestUpdate(keyData[i], 0, keyData[i].length);
            }
            return digest.digestFinal();
        } catch (CertificateException | JSAFE_Exception e) {
            return null;
        }
    }

    public abstract void signCertificate(String str, String str2, JSAFE_PrivateKey jSAFE_PrivateKey, SecureRandom secureRandom) throws CertificateException;

    public void signCertificate(byte[] bArr, int i, String str, JSAFE_PrivateKey jSAFE_PrivateKey, SecureRandom secureRandom) throws CertificateException {
        if (bArr == null || str == null || jSAFE_PrivateKey == null) {
            throw new CertificateException("Specified values are null.");
        }
        try {
            signCertificate(OIDList.getTrans(bArr, i, 1 + ASN1Lengths.determineLengthLen(bArr, i + 1) + ASN1Lengths.determineLength(bArr, i + 1), 1), str, jSAFE_PrivateKey, secureRandom);
        } catch (ASN_Exception e) {
            throw new CertificateException("Cannot sign cert:", e);
        }
    }

    public abstract boolean verifyCertificateSignature(String str, JSAFE_PublicKey jSAFE_PublicKey, SecureRandom secureRandom) throws CertificateException;

    public boolean verifyCertificateSignature(String str, byte[] bArr, int i, SecureRandom secureRandom) throws CertificateException {
        if (str == null || bArr == null) {
            throw new CertificateException("Specified values are null.");
        }
        try {
            return verifyCertificateSignature(str, JSAFEFactory.getPublicKey(bArr, i, str, this.theCertJ), secureRandom);
        } catch (JSAFE_Exception e) {
            throw new CertificateException("Cannot verify: ", e);
        }
    }

    public boolean verifyCertificateSignature(String str, Certificate certificate, SecureRandom secureRandom) throws CertificateException {
        if (str == null || certificate == null) {
            throw new CertificateException("Specified values are null.");
        }
        return verifyCertificateSignature(str, certificate.getSubjectPublicKey(str), secureRandom);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] performSignature(String str, String str2, JSAFE_PrivateKey jSAFE_PrivateKey, SecureRandom secureRandom, byte[] bArr, int i, int i2) throws CertificateException {
        if (str == null || str2 == null || jSAFE_PrivateKey == null || bArr == null) {
            throw new CertificateException("Specified values are null.");
        }
        JSAFE_Signature jSAFE_Signature = null;
        try {
            try {
                jSAFE_Signature = JSAFEFactory.getSignature(str, str2, this.theCertJ);
                if (this.theCertJ == null) {
                    jSAFE_Signature.signInit(jSAFE_PrivateKey, (JSAFE_Parameters) null, secureRandom, (JSAFE_Session[]) null);
                } else {
                    jSAFE_Signature.signInit(jSAFE_PrivateKey, (JSAFE_Parameters) null, secureRandom, this.theCertJ.getPKCS11Sessions());
                }
                jSAFE_Signature.signUpdate(bArr, i, i2);
                byte[] signFinal = jSAFE_Signature.signFinal();
                if (jSAFE_Signature != null) {
                    jSAFE_Signature.clearSensitiveData();
                }
                return signFinal;
            } catch (JSAFE_Exception e) {
                throw new CertificateException("Could not sign the certificate: ", e);
            }
        } catch (Throwable th) {
            if (jSAFE_Signature != null) {
                jSAFE_Signature.clearSensitiveData();
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean performSignatureVerification(String str, JSAFE_PublicKey jSAFE_PublicKey, SecureRandom secureRandom, byte[] bArr, int i, int i2, byte[] bArr2, int i3, int i4) throws CertificateException {
        if (str == null || jSAFE_PublicKey == null || bArr == null || bArr2 == null) {
            throw new CertificateException("Specified values are null.");
        }
        JSAFE_Signature jSAFE_Signature = null;
        try {
            try {
                jSAFE_Signature = JSAFEFactory.getSignature(this.signatureAlgorithmBER, 0, str, this.theCertJ);
                if (this.theCertJ == null) {
                    jSAFE_Signature.verifyInit(jSAFE_PublicKey, (JSAFE_Parameters) null, secureRandom, (JSAFE_Session[]) null);
                } else {
                    jSAFE_Signature.verifyInit(jSAFE_PublicKey, (JSAFE_Parameters) null, secureRandom, this.theCertJ.getPKCS11Sessions());
                }
                jSAFE_Signature.verifyUpdate(bArr, i, i2);
                boolean verifyFinal = jSAFE_Signature.verifyFinal(bArr2, i3, i4);
                if (jSAFE_Signature != null) {
                    jSAFE_Signature.clearSensitiveData();
                }
                return verifyFinal;
            } catch (JSAFE_Exception e) {
                throw new CertificateException("Could not verify the certificate: ", e);
            }
        } catch (Throwable th) {
            if (jSAFE_Signature != null) {
                jSAFE_Signature.clearSensitiveData();
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void clearSignature() {
        this.signature = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void clearComponents() {
        clearSignature();
        this.signatureAlgorithmBER = null;
        this.subjectPublicKeyInfo = null;
        if (this.subjectPublicKey != null) {
            this.subjectPublicKey.clearSensitiveData();
        }
        this.subjectPublicKey = null;
    }
}
