package com.rsa.certj.cert;

import com.rsa.asn1.ASN1;
import com.rsa.asn1.ASN1Container;
import com.rsa.asn1.ASN1Lengths;
import com.rsa.asn1.ASN1Template;
import com.rsa.asn1.ASN_Exception;
import com.rsa.asn1.AlgorithmID;
import com.rsa.asn1.BitStringContainer;
import com.rsa.asn1.ChoiceContainer;
import com.rsa.asn1.EncodedContainer;
import com.rsa.asn1.EndContainer;
import com.rsa.asn1.GenTimeContainer;
import com.rsa.asn1.IntegerContainer;
import com.rsa.asn1.SequenceContainer;
import com.rsa.asn1.UTCTimeContainer;
import com.rsa.certj.CertJ;
import com.rsa.certj.CertJUtils;
import com.rsa.certj.cert.attributes.V3ExtensionAttribute;
import com.rsa.certj.cert.attributes.X501Attribute;
import com.rsa.certj.cert.extensions.X509V3Extension;
import com.rsa.certj.provider.pki.cmp.CMP;
import com.rsa.jsafe.JSAFE_PrivateKey;
import com.rsa.jsafe.JSAFE_PublicKey;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Date;
import java.util.Vector;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;

/* loaded from: input_file:com/rsa/certj/cert/X509Certificate.class */
public class X509Certificate extends Certificate {
    private static final Date FIRST_GENERALIZED_TIME_DATE = new Date(2524608000000L);
    public static final int X509_VERSION_1 = 0;
    public static final int X509_VERSION_2 = 1;
    public static final int X509_VERSION_3 = 2;
    private byte[] innerDER;
    private int innerDERLen;
    private int theVersion;
    private X500Name subjectName;
    private X500Name issuerName;
    private byte[] serialNumber;
    private byte[] issuerUniqueID;
    private byte[] subjectUniqueID;
    private boolean timeType;
    private boolean timeTypeExplicitlySet;
    private Date notBefore;
    private Date notAfter;
    private X509V3Extensions theExtensions;
    private int special;
    private ASN1Template asn1Template;
    private int innerSpecial;
    private ASN1Template asn1TemplateInner;
    private ASN1Template asn1TemplateValidity;
    private final Lock outerDERLock;
    private final Lock innerDERLock;

    public X509Certificate() {
        this.theVersion = 2;
        this.special = 0;
        this.innerSpecial = 0;
        this.outerDERLock = new ReentrantLock();
        this.innerDERLock = new ReentrantLock();
    }

    public X509Certificate(CertJ certJ) {
        this.theVersion = 2;
        this.special = 0;
        this.innerSpecial = 0;
        this.outerDERLock = new ReentrantLock();
        this.innerDERLock = new ReentrantLock();
        setCertJ(certJ);
    }

    public X509Certificate(byte[] bArr, int i, int i2) throws CertificateException {
        this(bArr, i, i2, null);
    }

    public X509Certificate(byte[] bArr, int i, int i2, CertJ certJ) throws CertificateException {
        this.theVersion = 2;
        this.special = 0;
        this.innerSpecial = 0;
        this.outerDERLock = new ReentrantLock();
        this.innerDERLock = new ReentrantLock();
        if (bArr == null) {
            throw new CertificateException("Encoding is null.");
        }
        setCertBER(bArr, i, i2);
        setCertJ(certJ);
    }

    private void checkSpecial(int i) throws CertificateException {
        if (i != 0 && i != 4194304 && i != 6291456 && i != 12582912 && i != 14680064 && i != 65536 && i != 131072 && i != 8388608 && i != 10485760) {
            throw new CertificateException("Could not encode: Invalid 'special'");
        }
    }

    public static int getNextBEROffset(byte[] bArr, int i) throws CertificateException {
        if (bArr == null) {
            throw new CertificateException("Encoding is null.");
        }
        try {
            return i + 1 + ASN1Lengths.determineLengthLen(bArr, i + 1) + ASN1Lengths.determineLength(bArr, i + 1);
        } catch (ASN_Exception e) {
            throw new CertificateException("Could not read the BER encoding.", e);
        }
    }

    private void setCertBER(byte[] bArr, int i, int i2) throws CertificateException {
        if (bArr == null) {
            throw new CertificateException("Encoding is null.");
        }
        clearComponents();
        ASN1Container[] decodeCert = decodeCert(bArr, i, i2);
        setInnerDER(decodeCert[1].data, decodeCert[1].dataOffset, this.special);
        this.signature = new byte[decodeCert[3].dataLen];
        System.arraycopy(decodeCert[3].data, decodeCert[3].dataOffset, this.signature, 0, decodeCert[3].dataLen);
        setSignatureAlgorithm(decodeCert[2].data, decodeCert[2].dataOffset, decodeCert[2].dataLen);
    }

    protected static ASN1Container[] decodeCert(byte[] bArr, int i, int i2) throws CertificateException {
        if (bArr == null) {
            throw new CertificateException("Encoding is null.");
        }
        ASN1Container[] aSN1ContainerArr = {new SequenceContainer(i2), new EncodedContainer(12288), new EncodedContainer(12288), new EncodedContainer(CMP.CMPTCP_ERROR_SERVER), new EndContainer()};
        try {
            ASN1.berDecode(bArr, i, aSN1ContainerArr);
            return aSN1ContainerArr;
        } catch (ASN_Exception e) {
            throw new CertificateException("Could not BER decode the cert.", e);
        }
    }

    public int getDERLen(int i) {
        this.outerDERLock.lock();
        try {
            outerDERSetSpecial(i);
            int outerDEREncodeInit = outerDEREncodeInit();
            this.outerDERLock.unlock();
            return outerDEREncodeInit;
        } catch (CertificateException e) {
            this.outerDERLock.unlock();
            return 0;
        } catch (Throwable th) {
            this.outerDERLock.unlock();
            throw th;
        }
    }

    public int getDEREncoding(byte[] bArr, int i, int i2) throws CertificateException {
        if (bArr == null) {
            throw new CertificateException("Specified array is null.");
        }
        this.outerDERLock.lock();
        try {
            try {
                outerDERSetSpecial(i2);
                if (this.asn1Template == null && outerDEREncodeInit() == 0) {
                    throw new CertificateException("Could not encode: Possibly some of the required fields of this certificate object are not set.");
                }
                int derEncode = 0 + this.asn1Template.derEncode(bArr, i);
                this.asn1Template = null;
                int innerDER = getInnerDER(bArr, i + derEncode);
                if (innerDER == 0) {
                    throw new CertificateException("Could not encode, missing data.");
                }
                int i3 = derEncode + innerDER;
                System.arraycopy(this.signatureAlgorithmBER, 0, bArr, i + i3, this.signatureAlgorithmBER.length);
                int length = i3 + this.signatureAlgorithmBER.length;
                System.arraycopy(this.signature, 0, bArr, i + length, this.signature.length);
                int length2 = length + this.signature.length;
                this.outerDERLock.unlock();
                return length2;
            } catch (ASN_Exception e) {
                this.asn1Template = null;
                throw new CertificateException("Could not encode: ", e);
            }
        } catch (Throwable th) {
            this.outerDERLock.unlock();
            throw th;
        }
    }

    private int outerDEREncodeInit() {
        if (getInnerDERLen() == 0 || this.signatureAlgorithmBER == null || this.signature == null) {
            return 0;
        }
        try {
            this.asn1Template = new ASN1Template(new ASN1Container[]{new SequenceContainer(this.special, true, 0), new EncodedContainer(12288, true, 0, (byte[]) null, 0, this.innerDERLen), new EncodedContainer(12288, true, 0, (byte[]) null, 0, this.signatureAlgorithmBER.length), new EncodedContainer(CMP.CMPTCP_ERROR_SERVER, true, 0, (byte[]) null, 0, this.signature.length), new EndContainer()});
            return this.asn1Template.derEncodeInit();
        } catch (ASN_Exception e) {
            return 0;
        }
    }

    private void outerDERSetSpecial(int i) throws CertificateException {
        if (i != this.special) {
            checkSpecial(i);
            clearTemplate();
            this.special = i;
        }
    }

    private void outerDERClear() {
        this.outerDERLock.lock();
        this.asn1Template = null;
        this.special = 0;
        this.outerDERLock.unlock();
    }

    protected void setVersionNumber(int i) throws CertificateException {
        if (i != 0 && i != 1 && i != 2) {
            throw new CertificateException("Invalid X.509 Certificate version.");
        }
        this.theVersion = i;
    }

    private void setSignatureAlgorithm(byte[] bArr, int i, int i2) throws CertificateException {
        if (bArr == null || i2 == 0) {
            throw new CertificateException("Unknown or invalid signature algorithm.");
        }
        if (this.signatureAlgorithmBER != null) {
            if (!CertJUtils.byteArraysEqual(bArr, i, i2, this.signatureAlgorithmBER)) {
                throw new CertificateException("Signature algorithms do not match.");
            }
            return;
        }
        this.signatureAlgorithmBER = new byte[i2];
        System.arraycopy(bArr, i, this.signatureAlgorithmBER, 0, i2);
        try {
            if (AlgorithmID.berDecodeAlgID(bArr, i, 1, (EncodedContainer) null) == null) {
                throw new CertificateException("Unknown or invalid signature algorithm.");
            }
        } catch (ASN_Exception e) {
            throw new CertificateException("Cannot decode signature algorithm.");
        }
    }

    public void setInnerDER(byte[] bArr, int i) throws CertificateException {
        setInnerDER(bArr, i, 0);
    }

    private void setInnerDER(byte[] bArr, int i, int i2) throws CertificateException {
        if (bArr == null) {
            throw new CertificateException("Encoding is null.");
        }
        clearSignature();
        clearTemplate();
        this.innerSpecial = i2;
        ASN1Container sequenceContainer = new SequenceContainer(this.innerSpecial);
        ASN1Container endContainer = new EndContainer();
        ASN1Container integerContainer = new IntegerContainer(10616832);
        ASN1Container integerContainer2 = new IntegerContainer(0);
        ASN1Container encodedContainer = new EncodedContainer(12288);
        ASN1Container encodedContainer2 = new EncodedContainer(12288);
        ASN1Container encodedContainer3 = new EncodedContainer(12288);
        ASN1Container encodedContainer4 = new EncodedContainer(12288);
        ASN1Container encodedContainer5 = new EncodedContainer(12288);
        ASN1Container encodedContainer6 = new EncodedContainer(8454913);
        ASN1Container encodedContainer7 = new EncodedContainer(8454914);
        ASN1Container encodedContainer8 = new EncodedContainer(10563587);
        try {
            ASN1.berDecode(bArr, i, new ASN1Container[]{sequenceContainer, integerContainer, integerContainer2, encodedContainer, encodedContainer2, encodedContainer3, encodedContainer4, encodedContainer5, encodedContainer6, encodedContainer7, encodedContainer8, endContainer});
            if (((IntegerContainer) integerContainer).dataPresent) {
                try {
                    setVersionNumber(integerContainer.getValueAsInt());
                } catch (ASN_Exception e) {
                    throw new CertificateException("Invalid version number: ", e);
                }
            }
            setSerialNumber(((IntegerContainer) integerContainer2).data, ((IntegerContainer) integerContainer2).dataOffset, ((IntegerContainer) integerContainer2).dataLen);
            setSignatureAlgorithm(((EncodedContainer) encodedContainer).data, ((EncodedContainer) encodedContainer).dataOffset, ((EncodedContainer) encodedContainer).dataLen);
            try {
                setIssuerName(new X500Name(((EncodedContainer) encodedContainer2).data, ((EncodedContainer) encodedContainer2).dataOffset, 0));
                setValidityBER(((EncodedContainer) encodedContainer3).data, ((EncodedContainer) encodedContainer3).dataOffset);
                try {
                    setSubjectName(new X500Name(((EncodedContainer) encodedContainer4).data, ((EncodedContainer) encodedContainer4).dataOffset, 0));
                    setSubjectPublicKey(((EncodedContainer) encodedContainer5).data, ((EncodedContainer) encodedContainer5).dataOffset);
                    if (((EncodedContainer) encodedContainer6).dataPresent) {
                        if (this.theVersion == 0) {
                            throw new CertificateException("Version 1 certs not allowed to have issuer unique ID.");
                        }
                        this.issuerUniqueID = new byte[((EncodedContainer) encodedContainer6).dataLen];
                        System.arraycopy(((EncodedContainer) encodedContainer6).data, ((EncodedContainer) encodedContainer6).dataOffset, this.issuerUniqueID, 0, ((EncodedContainer) encodedContainer6).dataLen);
                    }
                    if (((EncodedContainer) encodedContainer7).dataPresent) {
                        if (this.theVersion == 0) {
                            throw new CertificateException("Version 1 certs not allowed to have subject unique ID.");
                        }
                        this.subjectUniqueID = new byte[((EncodedContainer) encodedContainer7).dataLen];
                        System.arraycopy(((EncodedContainer) encodedContainer7).data, ((EncodedContainer) encodedContainer7).dataOffset, this.subjectUniqueID, 0, ((EncodedContainer) encodedContainer7).dataLen);
                    }
                    if (((EncodedContainer) encodedContainer8).dataPresent) {
                        setExtensions(new X509V3Extensions(((EncodedContainer) encodedContainer8).data, ((EncodedContainer) encodedContainer8).dataOffset, 10485763, 1));
                    }
                    this.innerDERLen = getNextBEROffset(bArr, i) - i;
                    this.innerDER = new byte[this.innerDERLen];
                    System.arraycopy(bArr, i, this.innerDER, 0, this.innerDERLen);
                } catch (NameException e2) {
                    throw new CertificateException("Invalid subject name: ", e2);
                }
            } catch (NameException e3) {
                throw new CertificateException("Invalid issuer name: ", e3);
            }
        } catch (ASN_Exception e4) {
            throw new CertificateException("Could not BER decode the cert info.", e4);
        }
    }

    public int getInnerDERLen() {
        this.innerDERLock.lock();
        try {
            if (this.innerDERLen != 0) {
                if (this.innerSpecial == this.special) {
                    int i = this.innerDERLen;
                    this.innerDERLock.unlock();
                    return i;
                }
                this.innerSpecial = this.special;
                innerDERClear();
            }
            try {
                innerDEREncodeInit();
                int i2 = this.innerDERLen;
                this.innerDERLock.unlock();
                return i2;
            } catch (CertificateException e) {
                return 0;
            }
        } finally {
            this.innerDERLock.unlock();
        }
    }

    public int getInnerDER(byte[] bArr, int i) throws CertificateException {
        if (bArr == null) {
            throw new CertificateException("Passed array is null");
        }
        this.innerDERLock.lock();
        try {
            innerDEREncode();
            System.arraycopy(this.innerDER, 0, bArr, i, this.innerDERLen);
            int i2 = this.innerDERLen;
            this.innerDERLock.unlock();
            return i2;
        } catch (Throwable th) {
            this.innerDERLock.unlock();
            throw th;
        }
    }

    private void innerDEREncodeInit() throws CertificateException {
        innerDERClear();
        if (this.subjectPublicKeyInfo == null || this.signatureAlgorithmBER == null || this.serialNumber == null || this.notBefore == null || this.notAfter == null) {
            throw new CertificateException("Cannot encode innerDER, information missing.");
        }
        if (this.subjectName == null && !checkExtensions(17)) {
            throw new CertificateException("Cannot encode innerDER, subject name missing.");
        }
        if (this.issuerName == null && !checkExtensions(18)) {
            throw new CertificateException("Cannot encode innerDER, issuer name missing.");
        }
        int validityDERLen = getValidityDERLen();
        try {
            ASN1Container sequenceContainer = new SequenceContainer(this.innerSpecial, true, 0);
            ASN1Container endContainer = new EndContainer();
            boolean z = true;
            if (this.theVersion == 0) {
                z = false;
            }
            ASN1Container integerContainer = new IntegerContainer(10616832, z, 0, this.theVersion);
            IntegerContainer integerContainer2 = ((this.serialNumber[0] & 128) >> 7) == 0 ? new IntegerContainer(0, true, 0, this.serialNumber, 0, this.serialNumber.length, true) : new IntegerContainer(0, true, 0, this.serialNumber, 0, this.serialNumber.length, false);
            ASN1Container encodedContainer = new EncodedContainer(12288, true, 0, this.signatureAlgorithmBER, 0, this.signatureAlgorithmBER.length);
            ASN1Container encodedContainer2 = new EncodedContainer(12288, true, 0, (byte[]) null, 0, validityDERLen);
            ASN1Container encodedContainer3 = new EncodedContainer(12288, true, 0, (byte[]) null, 0, this.subjectPublicKeyInfo.length);
            ASN1Container encodedContainer4 = new EncodedContainer(12288, true, 0, (byte[]) null, 0, this.issuerName != null ? this.issuerName.getDERLen(0) : 2);
            ASN1Container encodedContainer5 = new EncodedContainer(12288, true, 0, (byte[]) null, 0, this.subjectName != null ? this.subjectName.getDERLen(0) : 2);
            boolean z2 = false;
            int i = 0;
            if (this.theVersion != 0 && this.issuerUniqueID != null) {
                z2 = true;
                i = this.issuerUniqueID.length;
            }
            ASN1Container encodedContainer6 = new EncodedContainer(8454913, z2, 0, (byte[]) null, 0, i);
            boolean z3 = false;
            int i2 = 0;
            if (this.theVersion != 0 && this.subjectUniqueID != null) {
                z3 = true;
                i2 = this.subjectUniqueID.length;
            }
            ASN1Container encodedContainer7 = new EncodedContainer(8454914, z3, 0, (byte[]) null, 0, i2);
            boolean z4 = false;
            int i3 = 0;
            if (this.theVersion == 2 && this.theExtensions != null) {
                i3 = this.theExtensions.getDERLen(10551299);
                if (i3 != 0) {
                    z4 = true;
                }
            }
            this.asn1TemplateInner = new ASN1Template(new ASN1Container[]{sequenceContainer, integerContainer, integerContainer2, encodedContainer, encodedContainer4, encodedContainer2, encodedContainer5, encodedContainer3, encodedContainer6, encodedContainer7, new EncodedContainer(10563587, z4, 0, (byte[]) null, 0, i3), endContainer});
            this.innerDERLen = this.asn1TemplateInner.derEncodeInit();
        } catch (ASN_Exception e) {
            throw new CertificateException("Cannot encode innerDER, information missing.");
        }
    }

    private void innerDEREncode() throws CertificateException {
        int i;
        int i2;
        if (this.innerDER == null) {
            try {
                int innerDERLen = getInnerDERLen();
                if (innerDERLen == 0) {
                    throw new CertificateException("Cannot encode innerDER, information missing.");
                }
                this.innerDER = new byte[innerDERLen];
                int derEncode = 0 + this.asn1TemplateInner.derEncode(this.innerDER, 0);
                this.asn1TemplateInner = null;
                try {
                    if (this.issuerName != null) {
                        i = derEncode + this.issuerName.getDEREncoding(this.innerDER, derEncode, 0);
                    } else {
                        this.innerDER[derEncode] = 48;
                        this.innerDER[derEncode + 1] = 0;
                        i = derEncode + 2;
                    }
                    int validityDEREncoding = getValidityDEREncoding(this.innerDER, i);
                    if (validityDEREncoding == 0) {
                        throw new CertificateException("Could not encode Validity.");
                    }
                    int i3 = i + validityDEREncoding;
                    if (this.subjectName != null) {
                        i2 = i3 + this.subjectName.getDEREncoding(this.innerDER, i3, 0);
                    } else {
                        this.innerDER[i3] = 48;
                        this.innerDER[i3 + 1] = 0;
                        i2 = i3 + 2;
                    }
                    System.arraycopy(this.subjectPublicKeyInfo, 0, this.innerDER, i2, this.subjectPublicKeyInfo.length);
                    int length = i2 + this.subjectPublicKeyInfo.length;
                    if (this.theVersion != 0 && this.issuerUniqueID != null) {
                        System.arraycopy(this.issuerUniqueID, 0, this.innerDER, length, this.issuerUniqueID.length);
                        length += this.issuerUniqueID.length;
                    }
                    if (this.theVersion != 0 && this.subjectUniqueID != null) {
                        System.arraycopy(this.subjectUniqueID, 0, this.innerDER, length, this.subjectUniqueID.length);
                        length += this.subjectUniqueID.length;
                    }
                    if (this.theVersion == 2 && this.theExtensions != null) {
                        int dEREncoding = length + this.theExtensions.getDEREncoding(this.innerDER, length, 10551299);
                    }
                } catch (NameException e) {
                    throw new CertificateException("Could not encode a Name: ", e);
                }
            } catch (ASN_Exception e2) {
                this.asn1TemplateInner = null;
                throw new CertificateException("Could not encode: ", e2);
            }
        }
    }

    private void innerDERClear() {
        this.innerDERLock.lock();
        this.asn1TemplateInner = null;
        this.innerDER = null;
        this.innerDERLen = 0;
        this.innerSpecial = 0;
        this.innerDERLock.unlock();
    }

    public void setUnsignedCertFromPKCS10Request(PKCS10CertRequest pKCS10CertRequest) throws CertificateException {
        clearComponents();
        if (pKCS10CertRequest == null) {
            throw new CertificateException("Cert Request is null.");
        }
        setSubjectName(pKCS10CertRequest.getSubjectName());
        setSubjectPublicKey(pKCS10CertRequest.getSubjectPublicKey("Java"));
        X501Attributes attributes = pKCS10CertRequest.getAttributes();
        if (attributes == null) {
            return;
        }
        X501Attribute attributeByType = attributes.getAttributeByType(2);
        if (attributeByType == null) {
            setVersion(0);
        } else {
            setVersion(2);
            setExtensions(((V3ExtensionAttribute) attributeByType).getV3ExtensionAttribute());
        }
    }

    @Override // com.rsa.certj.cert.Certificate
    public byte[] getSignature() throws CertificateException {
        if (this.signature == null) {
            throw new CertificateException("Object not signed.");
        }
        ASN1Container bitStringContainer = new BitStringContainer(0);
        try {
            ASN1.berDecode(this.signature, 0, new ASN1Container[]{bitStringContainer});
            byte[] bArr = new byte[((BitStringContainer) bitStringContainer).dataLen];
            System.arraycopy(((BitStringContainer) bitStringContainer).data, ((BitStringContainer) bitStringContainer).dataOffset, bArr, 0, ((BitStringContainer) bitStringContainer).dataLen);
            return bArr;
        } catch (ASN_Exception e) {
            throw new CertificateException("Cannot extract the signature.", e);
        }
    }

    public void setVersion(int i) throws CertificateException {
        if (i == this.theVersion) {
            return;
        }
        if (i != 0 && i != 1 && i != 2) {
            throw new CertificateException("Invalid cert version: " + i);
        }
        clearSignature();
        clearTemplate();
        switch (i) {
            case 0:
                if (!emptyExtensions(this.theExtensions)) {
                    throw new CertificateException("You can not use X509 V1 version for a certificate with extensions.");
                }
                if (this.issuerUniqueID != null) {
                    throw new CertificateException("You can not use X509 V1 version for a certificate with issuer unique ID.");
                }
                if (this.subjectUniqueID != null) {
                    throw new CertificateException("You can not use X509 V1 version for a certificate with subject unique ID.");
                }
                break;
            case 1:
                if (!emptyExtensions(this.theExtensions)) {
                    throw new CertificateException("You can not use X509 V2 version for a certificate with extensions.");
                }
                break;
        }
        this.theVersion = i;
    }

    public int getVersion() {
        return this.theVersion;
    }

    public void setSubjectName(X500Name x500Name) throws CertificateException {
        clearSignature();
        clearTemplate();
        if (x500Name == null) {
            if (!checkExtensions(17)) {
                throw new CertificateException("Cannot set the cert with the given subjectName.");
            }
        } else {
            try {
                this.subjectName = (X500Name) x500Name.clone();
            } catch (CloneNotSupportedException e) {
                throw new CertificateException("Cannot set the cert with the given subjectName.");
            }
        }
    }

    public X500Name getSubjectName() {
        if (this.subjectName == null) {
            return null;
        }
        try {
            return (X500Name) this.subjectName.clone();
        } catch (CloneNotSupportedException e) {
            return null;
        }
    }

    public void setIssuerName(X500Name x500Name) throws CertificateException {
        clearSignature();
        clearTemplate();
        if (x500Name == null) {
            if (!checkExtensions(18)) {
                throw new CertificateException("Cannot set the cert with the given issuerName.");
            }
        } else {
            try {
                this.issuerName = (X500Name) x500Name.clone();
            } catch (CloneNotSupportedException e) {
                throw new CertificateException("Cannot set the cert with the given issuerName.");
            }
        }
    }

    public X500Name getIssuerName() {
        if (this.issuerName == null) {
            return null;
        }
        try {
            return (X500Name) this.issuerName.clone();
        } catch (CloneNotSupportedException e) {
            return null;
        }
    }

    public void setSerialNumber(byte[] bArr, int i, int i2) {
        clearSignature();
        clearTemplate();
        this.serialNumber = new byte[i2];
        if (bArr == null) {
            return;
        }
        System.arraycopy(bArr, i, this.serialNumber, 0, i2);
    }

    public byte[] getSerialNumber() {
        return this.serialNumber == null ? new byte[0] : (byte[]) this.serialNumber.clone();
    }

    public byte[] getIssuerAndSerialNumber() throws CertificateException {
        if (this.issuerName == null || this.serialNumber == null) {
            throw new CertificateException("Cannot get issuerSerial, not all values set.");
        }
        try {
            byte[] bArr = new byte[this.issuerName.getDERLen(0)];
            int dEREncoding = this.issuerName.getDEREncoding(bArr, 0, 0);
            return ASN1.derEncode(new ASN1Container[]{new SequenceContainer(0, true, 0), new EncodedContainer(12288, true, 0, bArr, 0, dEREncoding), ((this.serialNumber[0] & 128) >> 7) == 0 ? new IntegerContainer(0, true, 0, this.serialNumber, 0, this.serialNumber.length, true) : new IntegerContainer(0, true, 0, this.serialNumber, 0, this.serialNumber.length, false), new EndContainer()});
        } catch (NameException e) {
            throw new CertificateException("Cannot encode issuerSerial: ", e);
        } catch (ASN_Exception e2) {
            throw new CertificateException("Cannot encode issuerSerial: ", e2);
        }
    }

    public boolean compareIssuerAndSerialNumber(byte[] bArr, int i, int i2) {
        if (bArr == null || i2 == 0) {
            return false;
        }
        try {
            byte[] issuerAndSerialNumber = getIssuerAndSerialNumber();
            if (issuerAndSerialNumber.length != i2) {
                return false;
            }
            int i3 = 0;
            while (i3 < i2) {
                if (bArr[i] != issuerAndSerialNumber[i3]) {
                    return false;
                }
                i3++;
                i++;
            }
            return true;
        } catch (CertificateException e) {
            return false;
        }
    }

    public boolean compareSubjectName(X500Name x500Name) {
        if (this.subjectName == null || x500Name == null) {
            return false;
        }
        return this.subjectName.equals(x500Name);
    }

    public void setTimeType(boolean z) {
        this.timeType = z;
        this.timeTypeExplicitlySet = true;
    }

    private void setValidityBER(byte[] bArr, int i) throws CertificateException {
        if (bArr == null) {
            throw new CertificateException("Encoding is null.");
        }
        ASN1Container sequenceContainer = new SequenceContainer(0);
        ASN1Container endContainer = new EndContainer();
        ASN1Container choiceContainer = new ChoiceContainer(0);
        ASN1Container choiceContainer2 = new ChoiceContainer(0);
        ASN1Container uTCTimeContainer = new UTCTimeContainer(0);
        ASN1Container uTCTimeContainer2 = new UTCTimeContainer(0);
        ASN1Container genTimeContainer = new GenTimeContainer(0);
        ASN1Container genTimeContainer2 = new GenTimeContainer(0);
        try {
            ASN1.berDecode(bArr, i, new ASN1Container[]{sequenceContainer, choiceContainer, uTCTimeContainer, genTimeContainer, endContainer, choiceContainer2, uTCTimeContainer2, genTimeContainer2, endContainer, endContainer});
            Date date = ((GenTimeContainer) genTimeContainer).theTime;
            if (!((GenTimeContainer) genTimeContainer).dataPresent) {
                date = ((UTCTimeContainer) uTCTimeContainer).theTime;
            }
            Date date2 = ((GenTimeContainer) genTimeContainer2).theTime;
            if (!((GenTimeContainer) genTimeContainer2).dataPresent) {
                date2 = ((UTCTimeContainer) uTCTimeContainer2).theTime;
            }
            setValidity(date, date2);
        } catch (ASN_Exception e) {
            throw new CertificateException("Cannot extract Validity.", e);
        }
    }

    public void setValidity(Date date, Date date2) throws CertificateException {
        clearSignature();
        clearTemplate();
        clearValidityTemplate();
        if (date == null || date2 == null) {
            throw new CertificateException("Cannot set the validity with the given dates.");
        }
        this.notBefore = new Date(date.getTime());
        this.notAfter = new Date(date2.getTime());
        if (!this.notAfter.after(this.notBefore)) {
            throw new CertificateException("Cannot set the validity with the given dates.");
        }
    }

    private void clearValidityTemplate() {
        this.asn1TemplateValidity = null;
    }

    private int getValidityDERLen() {
        UTCTimeContainer uTCTimeContainer;
        UTCTimeContainer uTCTimeContainer2;
        ASN1Container sequenceContainer = new SequenceContainer(0, true, 0);
        ASN1Container endContainer = new EndContainer();
        if (!this.timeTypeExplicitlySet) {
            uTCTimeContainer = this.notBefore.before(FIRST_GENERALIZED_TIME_DATE) ? new UTCTimeContainer(0, true, 0, this.notBefore) : new GenTimeContainer(0, true, 0, this.notBefore);
            uTCTimeContainer2 = this.notAfter.before(FIRST_GENERALIZED_TIME_DATE) ? new UTCTimeContainer(0, true, 0, this.notAfter) : new GenTimeContainer(0, true, 0, this.notAfter);
        } else if (this.timeType) {
            uTCTimeContainer = new GenTimeContainer(0, true, 0, this.notBefore);
            uTCTimeContainer2 = new GenTimeContainer(0, true, 0, this.notAfter);
        } else {
            uTCTimeContainer = new UTCTimeContainer(0, true, 0, this.notBefore);
            uTCTimeContainer2 = new UTCTimeContainer(0, true, 0, this.notAfter);
        }
        this.asn1TemplateValidity = new ASN1Template(new ASN1Container[]{sequenceContainer, uTCTimeContainer, uTCTimeContainer2, endContainer});
        try {
            return this.asn1TemplateValidity.derEncodeInit();
        } catch (ASN_Exception e) {
            return 0;
        }
    }

    private int getValidityDEREncoding(byte[] bArr, int i) {
        if (this.asn1TemplateValidity == null && getValidityDERLen() == 0) {
            return 0;
        }
        try {
            int derEncode = this.asn1TemplateValidity.derEncode(bArr, i);
            this.asn1TemplateValidity = null;
            return derEncode;
        } catch (ASN_Exception e) {
            this.asn1TemplateValidity = null;
            return 0;
        }
    }

    public Date getStartDate() {
        if (this.notBefore == null) {
            return null;
        }
        return new Date(this.notBefore.getTime());
    }

    public Date getEndDate() {
        if (this.notAfter == null) {
            return null;
        }
        return new Date(this.notAfter.getTime());
    }

    public boolean checkValidityDate(Date date) {
        if (this.notBefore == null || this.notAfter == null || date == null || !this.notBefore.before(date)) {
            return false;
        }
        return this.notAfter.after(date);
    }

    public void setIssuerUniqueID(byte[] bArr, int i, int i2) throws CertificateException {
        clearSignature();
        clearTemplate();
        if (this.theVersion == 0) {
            throw new CertificateException("Cannot set unique ID on a version 1 cert.");
        }
        if (bArr == null) {
            return;
        }
        try {
            this.issuerUniqueID = ASN1.derEncode(new ASN1Container[]{new BitStringContainer(8388609, true, 0, bArr, i, i2, i2 * 8, false)});
        } catch (ASN_Exception e) {
            throw new CertificateException("Cannot set issuerUniqueID: ", e);
        }
    }

    public byte[] getIssuerUniqueID() {
        if (this.issuerUniqueID == null) {
            return null;
        }
        try {
            int determineLengthLen = 2 + ASN1Lengths.determineLengthLen(this.issuerUniqueID, 1);
            byte[] bArr = new byte[this.issuerUniqueID.length - determineLengthLen];
            System.arraycopy(this.issuerUniqueID, determineLengthLen, bArr, 0, bArr.length);
            return bArr;
        } catch (ASN_Exception e) {
            return null;
        }
    }

    public void setSubjectUniqueID(byte[] bArr, int i, int i2) throws CertificateException {
        clearSignature();
        clearTemplate();
        if (this.theVersion == 0) {
            throw new CertificateException("Cannot set unique ID on a version 1 cert.");
        }
        if (bArr == null) {
            return;
        }
        try {
            this.subjectUniqueID = ASN1.derEncode(new ASN1Container[]{new BitStringContainer(8388610, true, 0, bArr, i, i2, i2 * 8, false)});
        } catch (ASN_Exception e) {
            throw new CertificateException("Cannot set subjectUniqueID.", e);
        }
    }

    public byte[] getSubjectUniqueID() {
        if (this.subjectUniqueID == null) {
            return null;
        }
        try {
            int determineLengthLen = 2 + ASN1Lengths.determineLengthLen(this.subjectUniqueID, 1);
            byte[] bArr = new byte[this.subjectUniqueID.length - determineLengthLen];
            System.arraycopy(this.subjectUniqueID, determineLengthLen, bArr, 0, bArr.length);
            return bArr;
        } catch (ASN_Exception e) {
            return null;
        }
    }

    public void setExtensions(X509V3Extensions x509V3Extensions) throws CertificateException {
        if (emptyExtensions(x509V3Extensions)) {
            return;
        }
        if (x509V3Extensions.getExtensionsType() != 1) {
            throw new CertificateException("Wrong extensions type: should be Cert extensions.");
        }
        clearSignature();
        clearTemplate();
        try {
            this.theExtensions = (X509V3Extensions) x509V3Extensions.clone();
            if (this.theVersion != 2) {
                setVersion(2);
            }
        } catch (CloneNotSupportedException e) {
            throw new CertificateException("Cannot set the cert with the given extensions.", e);
        }
    }

    public X509V3Extensions getExtensions() {
        if (this.theExtensions == null) {
            return null;
        }
        try {
            return (X509V3Extensions) this.theExtensions.clone();
        } catch (CloneNotSupportedException e) {
            return null;
        }
    }

    @Override // com.rsa.certj.cert.Certificate
    public void signCertificate(String str, String str2, JSAFE_PrivateKey jSAFE_PrivateKey, SecureRandom secureRandom) throws CertificateException {
        clearSignature();
        clearTemplate();
        if (str == null || str2 == null || jSAFE_PrivateKey == null) {
            throw new CertificateException("Specified values are null.");
        }
        try {
            String signatureFormat = getSignatureFormat(str);
            if (signatureFormat == null) {
                this.signatureAlgorithmBER = AlgorithmID.derEncodeAlgID(str, 1, (byte[]) null, 0, 0);
            } else {
                this.signatureAlgorithmBER = AlgorithmID.derEncodeAlgID(signatureFormat, 1, (byte[]) null, 0, 0);
            }
            this.innerDERLock.lock();
            try {
                innerDEREncode();
                byte[] performSignature = performSignature(str, str2, jSAFE_PrivateKey, secureRandom, this.innerDER, 0, this.innerDERLen);
                this.innerDERLock.unlock();
                try {
                    this.signature = ASN1.derEncode(new ASN1Container[]{new BitStringContainer(0, true, 0, performSignature, 0, performSignature.length, performSignature.length * 8, false)});
                } catch (ASN_Exception e) {
                    clearSignature();
                    throw new CertificateException("Cannot sign the cert as presently set.", e);
                }
            } catch (Throwable th) {
                this.innerDERLock.unlock();
                throw th;
            }
        } catch (ASN_Exception e2) {
            throw new CertificateException("Cannot sign, unknown algorithm.", e2);
        }
    }

    @Override // com.rsa.certj.cert.Certificate
    public boolean verifyCertificateSignature(String str, JSAFE_PublicKey jSAFE_PublicKey, SecureRandom secureRandom) throws CertificateException {
        if (str == null || jSAFE_PublicKey == null) {
            throw new CertificateException("Specified values are null.");
        }
        this.innerDERLock.lock();
        try {
            if (this.innerDER == null) {
                throw new CertificateException("Cannot verify certificate, values not set.");
            }
            byte[] signature = getSignature();
            boolean performSignatureVerification = performSignatureVerification(str, jSAFE_PublicKey, secureRandom, this.innerDER, 0, this.innerDERLen, signature, 0, signature.length);
            this.innerDERLock.unlock();
            return performSignatureVerification;
        } catch (Throwable th) {
            this.innerDERLock.unlock();
            throw th;
        }
    }

    private boolean checkExtensions(int i) {
        if (this.theVersion != 2 || this.theExtensions == null) {
            return false;
        }
        Vector vector = this.theExtensions.theExtensions;
        for (int i2 = 0; i2 < vector.size(); i2++) {
            X509V3Extension x509V3Extension = (X509V3Extension) vector.elementAt(i2);
            if (x509V3Extension.getExtensionType() == i && x509V3Extension.getCriticality()) {
                return true;
            }
        }
        return false;
    }

    public boolean equals(Object obj) {
        if (obj == null || !(obj instanceof X509Certificate)) {
            return false;
        }
        X509Certificate x509Certificate = (X509Certificate) obj;
        try {
            int dERLen = getDERLen(0);
            int dERLen2 = x509Certificate.getDERLen(0);
            if (dERLen != dERLen2) {
                return false;
            }
            byte[] bArr = new byte[dERLen];
            byte[] bArr2 = new byte[dERLen2];
            int dEREncoding = getDEREncoding(bArr, 0, 0);
            if (dEREncoding != x509Certificate.getDEREncoding(bArr2, 0, 0)) {
                return false;
            }
            for (int i = 0; i < dEREncoding; i++) {
                if (bArr[i] != bArr2[i]) {
                    return false;
                }
            }
            return true;
        } catch (CertificateException e) {
            return false;
        }
    }

    public int hashCode() {
        byte[] bArr = new byte[getDERLen(0)];
        try {
            getDEREncoding(bArr, 0, 0);
            return Arrays.hashCode(bArr);
        } catch (CertificateException e) {
            return 0;
        }
    }

    public Object clone() throws CloneNotSupportedException {
        X509Certificate x509Certificate = (X509Certificate) super.clone();
        if (this.subjectPublicKeyInfo != null) {
            x509Certificate.subjectPublicKeyInfo = (byte[]) this.subjectPublicKeyInfo.clone();
        }
        if (this.subjectPublicKey != null) {
            x509Certificate.subjectPublicKey = (JSAFE_PublicKey) this.subjectPublicKey.clone();
        }
        if (this.signatureAlgorithmBER != null) {
            x509Certificate.signatureAlgorithmBER = (byte[]) this.signatureAlgorithmBER.clone();
        }
        if (this.signature != null) {
            x509Certificate.signature = (byte[]) this.signature.clone();
        }
        x509Certificate.signatureAlgorithmFormat = this.signatureAlgorithmFormat;
        x509Certificate.theVersion = this.theVersion;
        if (this.subjectName != null) {
            x509Certificate.subjectName = (X500Name) this.subjectName.clone();
        }
        if (this.issuerName != null) {
            x509Certificate.issuerName = (X500Name) this.issuerName.clone();
        }
        if (this.serialNumber != null) {
            x509Certificate.serialNumber = (byte[]) this.serialNumber.clone();
        }
        if (this.issuerUniqueID != null) {
            x509Certificate.issuerUniqueID = (byte[]) this.issuerUniqueID.clone();
        }
        if (this.subjectUniqueID != null) {
            x509Certificate.subjectUniqueID = (byte[]) this.subjectUniqueID.clone();
        }
        x509Certificate.timeType = this.timeType;
        if (this.notBefore != null) {
            x509Certificate.notBefore = new Date(this.notBefore.getTime());
        }
        if (this.notAfter != null) {
            x509Certificate.notAfter = new Date(this.notAfter.getTime());
        }
        if (this.theExtensions != null) {
            x509Certificate.theExtensions = (X509V3Extensions) this.theExtensions.clone();
        }
        this.innerDERLock.lock();
        try {
            x509Certificate.innerSpecial = this.innerSpecial;
            if (this.innerDER != null) {
                try {
                    x509Certificate.innerDEREncode();
                } catch (CertificateException e) {
                }
            }
            this.outerDERLock.lock();
            try {
                x509Certificate.special = this.special;
                if (this.asn1Template != null) {
                    x509Certificate.outerDEREncodeInit();
                }
                if (this.asn1TemplateValidity != null) {
                    x509Certificate.getValidityDERLen();
                }
                return x509Certificate;
            } finally {
                this.outerDERLock.unlock();
            }
        } finally {
            this.innerDERLock.unlock();
        }
    }

    private void clearTemplate() {
        outerDERClear();
        innerDERClear();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.rsa.certj.cert.Certificate
    public void clearComponents() {
        super.clearComponents();
        clearTemplate();
        this.theVersion = 2;
        this.subjectName = null;
        this.issuerName = null;
        this.serialNumber = null;
        this.issuerUniqueID = null;
        this.subjectUniqueID = null;
        this.notBefore = null;
        this.notAfter = null;
        this.theExtensions = null;
    }

    private boolean emptyExtensions(X509V3Extensions x509V3Extensions) {
        return x509V3Extensions == null || x509V3Extensions.getExtensionCount() == 0;
    }
}
