package com.rsa.certj.crmf;

import com.rsa.asn1.ASN1;
import com.rsa.asn1.ASN1Container;
import com.rsa.asn1.ASN1Lengths;
import com.rsa.asn1.ASN1Template;
import com.rsa.asn1.ASN_Exception;
import com.rsa.asn1.AlgorithmID;
import com.rsa.asn1.BitStringContainer;
import com.rsa.asn1.ChoiceContainer;
import com.rsa.asn1.EncodedContainer;
import com.rsa.asn1.EndContainer;
import com.rsa.asn1.SequenceContainer;
import com.rsa.certj.CertJ;
import com.rsa.certj.CertJUtils;
import com.rsa.certj.x.d;
import com.rsa.jsafe.JSAFE_Exception;
import com.rsa.jsafe.JSAFE_Parameters;
import com.rsa.jsafe.JSAFE_PrivateKey;
import com.rsa.jsafe.JSAFE_PublicKey;
import com.rsa.jsafe.JSAFE_Signature;
import java.io.Serializable;
import java.security.SecureRandom;

/* loaded from: input_file:com/rsa/certj/crmf/ProofOfPossession.class */
public class ProofOfPossession implements Serializable, Cloneable {
    public static final int RA_VERIFIED_POP = 0;
    public static final int SIGNATURE_POP = 1;
    public static final int ENCIPHERMENT_POP = 2;
    public static final int AGREEMENT_POP = 3;
    private static final int RA_VERIFIED_SPECIAL = 8389888;
    private static final int SIGNATURE_SPECIAL = 8400897;
    private int type;
    private POPOSigningKeyInput poposkInput;
    private POPOPrivKey privPOPKey;
    private byte[] signature;
    private byte[] signatureAlgorithmBER;
    String transformation;
    CertRequest certRequest;
    private CertJ theCertJ;
    protected JSAFE_PublicKey pubKey;
    protected JSAFE_PrivateKey privKey;
    private ASN1Template asn1Template;
    private int special;

    public ProofOfPossession() {
        this.privPOPKey = new POPOPrivKey();
        this.transformation = "";
    }

    public ProofOfPossession(CertJ certJ) {
        this.privPOPKey = new POPOPrivKey();
        this.transformation = "";
        this.theCertJ = certJ;
    }

    public ProofOfPossession(int i) throws CRMFException {
        this(i, null);
    }

    public ProofOfPossession(int i, CertJ certJ) throws CRMFException {
        this.privPOPKey = new POPOPrivKey();
        this.transformation = "";
        if (i != 0 && i != 1 && i != 2 && i != 3) {
            throw new CRMFException("This POP is not supported.");
        }
        this.type = i;
        this.theCertJ = certJ;
    }

    public void decodeProofOfPossession(byte[] bArr, int i, int i2) throws CRMFException {
        if (bArr == null) {
            throw new CRMFException("ProofOfPossession Encoding is null.");
        }
        ASN1Container choiceContainer = new ChoiceContainer(i2);
        ASN1Container endContainer = new EndContainer();
        ASN1Container encodedContainer = new EncodedContainer(RA_VERIFIED_SPECIAL);
        ASN1Container encodedContainer2 = new EncodedContainer(SIGNATURE_SPECIAL);
        ASN1Container encodedContainer3 = new EncodedContainer(10551042);
        ASN1Container encodedContainer4 = new EncodedContainer(10551043);
        try {
            ASN1.berDecode(bArr, i, new ASN1Container[]{choiceContainer, encodedContainer, encodedContainer2, encodedContainer3, encodedContainer4, endContainer});
            if (((EncodedContainer) encodedContainer).dataPresent) {
                this.type = 0;
                return;
            }
            if (((EncodedContainer) encodedContainer2).dataPresent) {
                this.type = 1;
                decodeSignature(((EncodedContainer) encodedContainer2).data, ((EncodedContainer) encodedContainer2).dataOffset);
            } else if (((EncodedContainer) encodedContainer3).dataPresent) {
                this.type = 2;
                this.privPOPKey.setEnvironment(this.theCertJ, this.pubKey, this.privKey);
                this.privPOPKey.decodePOPOPrivKey(((EncodedContainer) encodedContainer3).data, ((EncodedContainer) encodedContainer3).dataOffset, 10485762);
            } else if (((EncodedContainer) encodedContainer4).dataPresent) {
                this.type = 3;
                this.privPOPKey.setEnvironment(this.theCertJ, this.pubKey, this.privKey);
                this.privPOPKey.decodePOPOPrivKey(((EncodedContainer) encodedContainer4).data, ((EncodedContainer) encodedContainer4).dataOffset, 10485763);
            }
        } catch (ASN_Exception e) {
            throw new CRMFException((Exception) e);
        }
    }

    private void decodeSignature(byte[] bArr, int i) throws CRMFException {
        if (bArr == null) {
            throw new CRMFException("Signature Proof Of Possession is NULL.");
        }
        ASN1Container sequenceContainer = new SequenceContainer(SIGNATURE_SPECIAL);
        ASN1Container endContainer = new EndContainer();
        ASN1Container encodedContainer = new EncodedContainer(8466432);
        ASN1Container encodedContainer2 = new EncodedContainer(12288);
        ASN1Container bitStringContainer = new BitStringContainer(0);
        try {
            ASN1.berDecode(bArr, i, new ASN1Container[]{sequenceContainer, encodedContainer, encodedContainer2, bitStringContainer, endContainer});
            if (((EncodedContainer) encodedContainer).dataPresent) {
                this.poposkInput = new POPOSigningKeyInput(((EncodedContainer) encodedContainer).data, ((EncodedContainer) encodedContainer).dataOffset);
            }
            this.signature = new byte[((BitStringContainer) bitStringContainer).dataLen];
            System.arraycopy(((BitStringContainer) bitStringContainer).data, ((BitStringContainer) bitStringContainer).dataOffset, this.signature, 0, ((BitStringContainer) bitStringContainer).dataLen);
            setSignatureAlgorithm(((EncodedContainer) encodedContainer2).data, ((EncodedContainer) encodedContainer2).dataOffset, ((EncodedContainer) encodedContainer2).dataLen);
        } catch (ASN_Exception e) {
            throw new CRMFException("Could not BER decode the POP.", e);
        }
    }

    public boolean verifySignature(String str, SecureRandom secureRandom) throws CRMFException {
        JSAFE_PublicKey subjectPublicKey;
        byte[] bArr;
        JSAFE_Signature jSAFE_Signature = null;
        if (this.signature == null) {
            throw new CRMFException("Signature is null, cannot verify it.");
        }
        if (this.poposkInput != null) {
            int dERLen = this.poposkInput.getDERLen();
            if (dERLen == 0) {
                throw new CRMFException("Cannot DER-encode poposkInput.");
            }
            bArr = new byte[dERLen];
            this.poposkInput.getDEREncoding(bArr, 0);
            bArr[0] = 48;
            subjectPublicKey = this.poposkInput.getSubjectPublicKey();
        } else {
            if (this.certRequest == null) {
                throw new CRMFException("CertRequest is not set.");
            }
            subjectPublicKey = this.certRequest.getCertTemplate().getSubjectPublicKey();
            if (subjectPublicKey == null) {
                throw new CRMFException("Public key is not set in CertRequest; Cannot verify the signature.");
            }
            int dERLen2 = this.certRequest.getDERLen(0);
            if (dERLen2 == 0) {
                throw new CRMFException("Cannot DER-encode CertRequest.");
            }
            bArr = new byte[dERLen2];
            this.certRequest.getDEREncoding(bArr, 0, 0);
        }
        try {
            try {
                jSAFE_Signature = d.b(this.transformation, str, this.theCertJ);
                if (this.theCertJ == null) {
                    jSAFE_Signature.verifyInit(subjectPublicKey, secureRandom);
                } else {
                    jSAFE_Signature.verifyInit(subjectPublicKey, (JSAFE_Parameters) null, secureRandom, this.theCertJ.getPKCS11Sessions());
                }
                jSAFE_Signature.verifyUpdate(bArr, 0, bArr.length);
                boolean verifyFinal = jSAFE_Signature.verifyFinal(this.signature, 0, this.signature.length);
                if (jSAFE_Signature != null) {
                    jSAFE_Signature.clearSensitiveData();
                }
                return verifyFinal;
            } catch (JSAFE_Exception e) {
                throw new CRMFException("Could not verify the POP's signature: ", e);
            }
        } catch (Throwable th) {
            if (jSAFE_Signature != null) {
                jSAFE_Signature.clearSensitiveData();
            }
            throw th;
        }
    }

    public int getPOPType() {
        return this.type;
    }

    public POPOSigningKeyInput getPOPOSigningKeyInput() {
        if (this.type != 1) {
            return null;
        }
        return this.poposkInput;
    }

    public void setPOPOSigningKeyInput(POPOSigningKeyInput pOPOSigningKeyInput) throws CRMFException {
        if (this.type != 1) {
            throw new CRMFException("This POP is NOT POPOSigningKey type.");
        }
        if (pOPOSigningKeyInput == null) {
            throw new CRMFException("POPOSigningKeyInput object is null.");
        }
        this.poposkInput = pOPOSigningKeyInput;
    }

    public String getAlgTransformation() {
        if (this.type != 1) {
            return null;
        }
        return this.transformation;
    }

    public byte[] getAlgBER() {
        if (this.type != 1 || this.signatureAlgorithmBER == null) {
            return null;
        }
        byte[] bArr = new byte[this.signatureAlgorithmBER.length];
        System.arraycopy(this.signatureAlgorithmBER, 0, bArr, 0, this.signatureAlgorithmBER.length);
        return bArr;
    }

    public void setSignatureAlgorithm(String str) throws CRMFException {
        if (this.type != 1) {
            throw new CRMFException("This POP is NOT POPOSigningKey type.");
        }
        if (str == null) {
            throw new CRMFException("POP Transformation is null.");
        }
        this.transformation = str;
        try {
            this.signatureAlgorithmBER = AlgorithmID.derEncodeAlgID(str, 1, (byte[]) null, 0, 0);
        } catch (ASN_Exception e) {
            throw new CRMFException("POP Transformation is invalid. ", e);
        }
    }

    public void setSignatureAlgorithm(byte[] bArr, int i, int i2) throws CRMFException {
        if (this.type != 1) {
            throw new CRMFException("This POP is NOT POPOSigningKey type.");
        }
        if (bArr == null || i2 == 0) {
            throw new CRMFException("POP Algorithm ID is null.");
        }
        try {
            this.signatureAlgorithmBER = new byte[i2];
            System.arraycopy(bArr, i, this.signatureAlgorithmBER, 0, i2);
            this.transformation = AlgorithmID.berDecodeAlgID(bArr, i, 1, (EncodedContainer) null);
            if (this.transformation == null) {
                throw new CRMFException("Unknown Signature Algorithm in POP.");
            }
        } catch (ASN_Exception e) {
            throw new CRMFException("Cannot set Signature Algorithm in POP.", e);
        }
    }

    public byte[] getSignature() {
        if (this.type != 1 || this.signature == null) {
            return null;
        }
        byte[] bArr = new byte[this.signature.length];
        System.arraycopy(this.signature, 0, bArr, 0, this.signature.length);
        return bArr;
    }

    public void setCertRequest(CertRequest certRequest) throws CRMFException {
        if (this.type != 1) {
            throw new CRMFException("This POP is NOT POPOSigningKey type.");
        }
        if (certRequest == null) {
            throw new CRMFException("The request in POP is NULL.");
        }
        CertTemplate certTemplate = certRequest.getCertTemplate();
        if (certTemplate == null) {
            throw new CRMFException("Invalid CertRequest: CertTemplate is missing.");
        }
        if (certTemplate.getSubjectName() == null || certTemplate.getSubjectPublicKey() == null) {
            throw new CRMFException("Subject Name and / or Public Key values are missing.");
        }
        this.certRequest = certRequest;
    }

    public void signPOP(String str, JSAFE_PrivateKey jSAFE_PrivateKey, SecureRandom secureRandom) throws CRMFException {
        byte[] bArr;
        if (this.type != 1) {
            throw new CRMFException("This POP is NOT POPOSigningKey type.");
        }
        if (this.certRequest != null) {
            this.poposkInput = null;
            int dERLen = this.certRequest.getDERLen(0);
            if (dERLen == 0) {
                throw new CRMFException("Cannot DER-encode CertRequest in POP.");
            }
            bArr = new byte[dERLen];
            this.certRequest.getDEREncoding(bArr, 0, 0);
        } else {
            if (this.poposkInput == null) {
                throw new CRMFException("Data is not set in poposkInput.");
            }
            int dERLen2 = this.poposkInput.getDERLen();
            if (dERLen2 == 0) {
                throw new CRMFException("Cannot DER-encode poposkInput.");
            }
            bArr = new byte[dERLen2];
            this.poposkInput.getDEREncoding(bArr, 0);
            bArr[0] = 48;
        }
        JSAFE_Signature jSAFE_Signature = null;
        try {
            try {
                jSAFE_Signature = d.b(this.transformation, str, this.theCertJ);
                if (this.theCertJ == null) {
                    jSAFE_Signature.signInit(jSAFE_PrivateKey, secureRandom);
                } else {
                    jSAFE_Signature.signInit(jSAFE_PrivateKey, (JSAFE_Parameters) null, secureRandom, this.theCertJ.getPKCS11Sessions());
                }
                jSAFE_Signature.signUpdate(bArr, 0, bArr.length);
                this.signature = jSAFE_Signature.signFinal();
                if (jSAFE_Signature != null) {
                    jSAFE_Signature.clearSensitiveData();
                }
            } catch (JSAFE_Exception e) {
                throw new CRMFException("Could not sign the POP: ", e);
            }
        } catch (Throwable th) {
            if (jSAFE_Signature != null) {
                jSAFE_Signature.clearSensitiveData();
            }
            throw th;
        }
    }

    public void setEnvironment(CertJ certJ, JSAFE_PublicKey jSAFE_PublicKey, JSAFE_PrivateKey jSAFE_PrivateKey) {
        this.theCertJ = certJ;
        if (jSAFE_PublicKey != null) {
            this.pubKey = jSAFE_PublicKey;
        }
        if (jSAFE_PrivateKey != null) {
            this.privKey = jSAFE_PrivateKey;
        }
    }

    public void setCertJ(CertJ certJ) {
        this.theCertJ = certJ;
    }

    public CertJ getCertJ() {
        return this.theCertJ;
    }

    public void setKeys(JSAFE_PublicKey jSAFE_PublicKey, JSAFE_PrivateKey jSAFE_PrivateKey) {
        if (jSAFE_PublicKey != null) {
            this.pubKey = jSAFE_PublicKey;
        }
        if (jSAFE_PrivateKey != null) {
            this.privKey = jSAFE_PrivateKey;
        }
    }

    public void setPOPOPrivKey(POPOPrivKey pOPOPrivKey) throws CRMFException {
        if (this.type != 2 && this.type != 3) {
            throw new CRMFException("Wrong POP type.");
        }
        if (pOPOPrivKey == null) {
            throw new CRMFException("POPOPrivateKey object is null.");
        }
        this.privPOPKey = pOPOPrivKey;
    }

    public POPOPrivKey getPOPOPrivKey() throws CRMFException {
        return this.privPOPKey;
    }

    public Object clone() throws CloneNotSupportedException {
        try {
            ProofOfPossession proofOfPossession = new ProofOfPossession(this.type);
            if (this.poposkInput != null) {
                proofOfPossession.poposkInput = (POPOSigningKeyInput) this.poposkInput.clone();
            }
            if (this.signature != null) {
                proofOfPossession.signature = new byte[this.signature.length];
                System.arraycopy(this.signature, 0, proofOfPossession.signature, 0, this.signature.length);
            }
            if (this.signatureAlgorithmBER != null) {
                proofOfPossession.signatureAlgorithmBER = new byte[this.signatureAlgorithmBER.length];
                System.arraycopy(this.signatureAlgorithmBER, 0, proofOfPossession.signatureAlgorithmBER, 0, this.signatureAlgorithmBER.length);
            }
            proofOfPossession.transformation = this.transformation;
            if (this.certRequest != null) {
                proofOfPossession.certRequest = (CertRequest) this.certRequest.clone();
            }
            if (this.privPOPKey != null) {
                proofOfPossession.privPOPKey = (POPOPrivKey) this.privPOPKey.clone();
            }
            proofOfPossession.setEnvironment(this.theCertJ, this.pubKey, this.privKey);
            return proofOfPossession;
        } catch (CRMFException e) {
            throw new CloneNotSupportedException(e.getMessage());
        }
    }

    public boolean equals(Object obj) {
        if (obj == null || !(obj instanceof ProofOfPossession)) {
            return false;
        }
        ProofOfPossession proofOfPossession = (ProofOfPossession) obj;
        if (this.type != proofOfPossession.type) {
            return false;
        }
        if (this.certRequest != null) {
            if (!this.certRequest.equals(proofOfPossession.certRequest)) {
                return false;
            }
        } else if (proofOfPossession.certRequest != null) {
            return false;
        }
        if (this.poposkInput != null) {
            if (!this.poposkInput.equals(proofOfPossession.poposkInput)) {
                return false;
            }
        } else if (proofOfPossession.poposkInput != null) {
            return false;
        }
        if (this.transformation != null) {
            if (!this.transformation.equals(proofOfPossession.transformation)) {
                return false;
            }
        } else if (proofOfPossession.transformation != null) {
            return false;
        }
        if (CertJUtils.byteArraysEqual(this.signatureAlgorithmBER, proofOfPossession.signatureAlgorithmBER) && CertJUtils.byteArraysEqual(this.signature, proofOfPossession.signature)) {
            return this.privPOPKey != null ? this.privPOPKey.equals(proofOfPossession.privPOPKey) : proofOfPossession.privPOPKey == null;
        }
        return false;
    }

    public static int getNextBEROffset(byte[] bArr, int i) throws CRMFException {
        if (bArr == null) {
            throw new CRMFException("Encoding is null.");
        }
        try {
            return i + 1 + ASN1Lengths.determineLengthLen(bArr, i + 1) + ASN1Lengths.determineLength(bArr, i + 1);
        } catch (ASN_Exception e) {
            throw new CRMFException("Could not read the BER encoding of ProofOfPossession.", e);
        }
    }

    public int getDERLen(int i) throws CRMFException {
        this.special = i;
        return encodeInit();
    }

    public int getDEREncoding(byte[] bArr, int i, int i2) throws CRMFException {
        this.special = i2;
        if (bArr == null) {
            throw new CRMFException("Specified array in ProofOfPossession is null.");
        }
        if (this.type == 0) {
            bArr[0] = Byte.MIN_VALUE;
            bArr[1] = 0;
            return 2;
        }
        try {
            if (this.asn1Template == null) {
                getDERLen(i2);
            }
            int derEncode = this.asn1Template.derEncode(bArr, i);
            this.asn1Template = null;
            return derEncode;
        } catch (ASN_Exception e) {
            this.asn1Template = null;
            throw new CRMFException("Unable to encode ProofOfPossession.", e);
        }
    }

    private int encodeInit() throws CRMFException {
        if (this.type == 0) {
            return 2;
        }
        try {
            boolean z = false;
            boolean z2 = false;
            boolean z3 = false;
            int i = 0;
            byte[] bArr = null;
            ASN1Container endContainer = new EndContainer();
            if (this.type == 1) {
                z = true;
                ASN1Container sequenceContainer = new SequenceContainer(SIGNATURE_SPECIAL, true, 0);
                boolean z4 = true;
                int i2 = 0;
                byte[] bArr2 = null;
                if (this.poposkInput == null) {
                    z4 = false;
                } else {
                    bArr2 = new byte[this.poposkInput.getDERLen()];
                    i2 = this.poposkInput.getDEREncoding(bArr2, 0);
                }
                ASN1Container encodedContainer = new EncodedContainer(8466432, z4, 0, bArr2, 0, i2);
                if (this.signatureAlgorithmBER == null) {
                    throw new CRMFException("Signature Algorithm ID is not set.");
                }
                ASN1Container encodedContainer2 = new EncodedContainer(12288, true, 0, this.signatureAlgorithmBER, 0, this.signatureAlgorithmBER.length);
                if (this.signature == null) {
                    throw new CRMFException("Signature is not set.");
                }
                ASN1Template aSN1Template = new ASN1Template(new ASN1Container[]{sequenceContainer, encodedContainer, encodedContainer2, new BitStringContainer(0, true, 0, this.signature, 0, this.signature.length), endContainer});
                bArr = new byte[aSN1Template.derEncodeInit()];
                i = aSN1Template.derEncode(bArr, 0);
            } else if (this.type == 2) {
                if (this.privPOPKey == null) {
                    throw new CRMFException("POPOPrivKey is not set.");
                }
                z2 = true;
                bArr = new byte[this.privPOPKey.getDERLen(10485762)];
                i = this.privPOPKey.getDEREncoding(bArr, 0, 10485762);
            } else if (this.type == 3) {
                if (this.privPOPKey == null) {
                    throw new CRMFException("POPOPrivKey is not set.");
                }
                z3 = true;
                bArr = new byte[this.privPOPKey.getDERLen(10485763)];
                i = this.privPOPKey.getDEREncoding(bArr, 0, 10485763);
            }
            this.asn1Template = new ASN1Template(new ASN1Container[]{new ChoiceContainer(this.special, 0), new EncodedContainer(SIGNATURE_SPECIAL, z, 0, bArr, 0, i), new EncodedContainer(10551042, z2, 0, bArr, 0, i), new EncodedContainer(10551043, z3, 0, bArr, 0, i), endContainer});
            return this.asn1Template.derEncodeInit();
        } catch (ASN_Exception e) {
            throw new CRMFException((Exception) e);
        }
    }
}
