package oracle.security.crypto.cmp;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Vector;
import oracle.security.crypto.asn1.ASN1BitString;
import oracle.security.crypto.asn1.ASN1ConstructedInputStream;
import oracle.security.crypto.asn1.ASN1GenericConstructed;
import oracle.security.crypto.asn1.ASN1Object;
import oracle.security.crypto.asn1.ASN1Sequence;
import oracle.security.crypto.asn1.ASN1SequenceInputStream;
import oracle.security.crypto.cert.GeneralName;
import oracle.security.crypto.cert.X509;
import oracle.security.crypto.cmp.transport.ErrorTCPMsg;
import oracle.security.crypto.core.AlgID;
import oracle.security.crypto.core.AlgorithmIdentifier;
import oracle.security.crypto.core.AlgorithmIdentifierException;
import oracle.security.crypto.core.InvalidMACException;
import oracle.security.crypto.core.PasswordBasedMAC;
import oracle.security.crypto.util.Utils;

/* loaded from: input_file:oracle/security/crypto/cmp/PKIMessage.class */
public class PKIMessage implements ASN1Object {
    private PKIMessageHeader header;
    private PKIMessageBody body;
    private byte[] protection;
    private Vector extraCerts;
    private transient ASN1Object contents;

    /* loaded from: input_file:oracle/security/crypto/cmp/PKIMessage$Version.class */
    public static class Version {
        public static final Version CMP1999 = new Version(1);
        public static final Version CMP2000 = new Version(2);
        private int value;

        /* JADX INFO: Access modifiers changed from: package-private */
        public static Version getVersion(int i) {
            switch (i) {
                case ErrorTCPMsg.Code.VERSION_NEGOTIATION /* 1 */:
                    return CMP1999;
                case ErrorTCPMsg.Code.CLIENT_ERROR /* 2 */:
                    return CMP2000;
                default:
                    return null;
            }
        }

        private Version(int i) {
            this.value = i;
        }

        public int getValue() {
            return this.value;
        }

        public String toString() {
            switch (this.value) {
                case ErrorTCPMsg.Code.VERSION_NEGOTIATION /* 1 */:
                    return "CMP1999";
                case ErrorTCPMsg.Code.CLIENT_ERROR /* 2 */:
                    return "CMP2000";
                default:
                    return "CMP v" + this.value;
            }
        }
    }

    public PKIMessage() {
        this.protection = null;
        this.extraCerts = null;
    }

    public PKIMessage(GeneralName generalName, GeneralName generalName2, PKIMessageBody pKIMessageBody) throws CMPException {
        this(generalName, generalName2, pKIMessageBody, Version.CMP2000);
    }

    public PKIMessage(GeneralName generalName, GeneralName generalName2, PKIMessageBody pKIMessageBody, Version version) throws CMPException {
        this(new PKIMessageHeader(generalName, generalName2, version), pKIMessageBody);
    }

    public PKIMessage(PKIMessageHeader pKIMessageHeader, PKIMessageBody pKIMessageBody) {
        this.protection = null;
        this.extraCerts = null;
        this.header = pKIMessageHeader;
        this.body = pKIMessageBody;
    }

    public PKIMessage(InputStream inputStream) throws IOException {
        this.protection = null;
        this.extraCerts = null;
        input(inputStream);
    }

    public PKIMessageHeader getHeader() {
        return this.header;
    }

    public PKIMessageBody getBody() {
        return this.body;
    }

    public Version getVersion() {
        return this.header.getVersion();
    }

    public void addCertificate(X509Certificate x509Certificate) {
        if (this.extraCerts == null) {
            this.extraCerts = new Vector();
        }
        this.extraCerts.addElement(x509Certificate);
        update();
    }

    public Vector getExtraCerts() {
        return this.extraCerts;
    }

    public AlgorithmIdentifier getProtectionAlgID() {
        return this.header.getProtectionAlgID();
    }

    public void computeProtection() throws SignatureException {
        this.protection = this.header.computeProtectionBytes(getProtectedPart());
        update();
    }

    public byte[] getProtectionBytes() throws SignatureException {
        if (this.protection == null && this.header.getProtectionAlgID() != null) {
            computeProtection();
        }
        return this.protection;
    }

    public byte[] getProtectedPart() {
        ASN1Sequence aSN1Sequence = new ASN1Sequence();
        aSN1Sequence.addElement(this.header);
        aSN1Sequence.addElement(this.body);
        return Utils.toBytes(aSN1Sequence);
    }

    public boolean verifyProtection(byte[] bArr) throws InvalidMACException {
        AlgorithmIdentifier protectionAlgID = this.header.getProtectionAlgID();
        if (protectionAlgID == null || this.protection == null) {
            throw new InvalidMACException("Message not protected");
        }
        if (!protectionAlgID.getOID().equals(AlgID.PasswordBasedMac.getOID())) {
            throw new InvalidMACException("Message not protected using PasswordBasedMac");
        }
        try {
            return Utils.areEqual(this.protection, new PasswordBasedMAC(protectionAlgID, bArr).computeDigest(getProtectedPart()));
        } catch (AlgorithmIdentifierException e) {
            throw new InvalidMACException(e.toString());
        }
    }

    public boolean verifyProtection(PublicKey publicKey) throws SignatureException {
        AlgorithmIdentifier protectionAlgID = this.header.getProtectionAlgID();
        if (protectionAlgID == null || this.protection == null) {
            throw new SignatureException("Message not protected");
        }
        try {
            Signature signature = Signature.getInstance(CMPUtils.getAlgoName(protectionAlgID));
            signature.initVerify(publicKey);
            signature.update(getProtectedPart());
            return signature.verify(this.protection);
        } catch (InvalidKeyException e) {
            throw new SignatureException(e.toString());
        } catch (NoSuchAlgorithmException e2) {
            throw new SignatureException(e2.toString());
        }
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("{ header = " + this.header);
        stringBuffer.append(", body = " + this.body);
        if (this.protection != null) {
            stringBuffer.append(", protection = " + Utils.toHexString(this.protection));
        }
        if (this.extraCerts != null) {
            stringBuffer.append(", extraCerts = {");
            int size = this.extraCerts.size();
            for (int i = 0; i < size; i++) {
                X509 x509 = (X509) this.extraCerts.elementAt(i);
                stringBuffer.append(" (subject=" + x509.getSubject());
                stringBuffer.append(", issuer=" + x509.getIssuer() + ")");
                if (i != size - 1) {
                    stringBuffer.append(',');
                }
            }
            stringBuffer.append(" }");
        }
        stringBuffer.append(" }");
        return stringBuffer.toString();
    }

    public void input(InputStream inputStream) throws IOException {
        update();
        this.contents = new ASN1Sequence(inputStream);
        ASN1SequenceInputStream aSN1SequenceInputStream = new ASN1SequenceInputStream(Utils.toStream(this.contents));
        this.header = new PKIMessageHeader(aSN1SequenceInputStream);
        this.body = PKIMessageBody.inputInstance(aSN1SequenceInputStream);
        if (aSN1SequenceInputStream.hasMoreData() && aSN1SequenceInputStream.getCurrentTag() == 0) {
            ASN1ConstructedInputStream aSN1ConstructedInputStream = new ASN1ConstructedInputStream(aSN1SequenceInputStream, 0);
            this.protection = ASN1BitString.inputValue(aSN1ConstructedInputStream);
            aSN1ConstructedInputStream.terminate();
        } else {
            this.protection = null;
        }
        if (aSN1SequenceInputStream.hasMoreData() && aSN1SequenceInputStream.getCurrentTag() == 1) {
            if (this.extraCerts == null) {
                this.extraCerts = new Vector();
            } else {
                this.extraCerts.removeAllElements();
            }
            ASN1ConstructedInputStream aSN1ConstructedInputStream2 = new ASN1ConstructedInputStream(aSN1SequenceInputStream, 1);
            InputStream aSN1SequenceInputStream2 = new ASN1SequenceInputStream(aSN1ConstructedInputStream2);
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                while (aSN1SequenceInputStream2.hasMoreData()) {
                    this.extraCerts.addElement(certificateFactory.generateCertificate(aSN1SequenceInputStream2));
                }
                aSN1SequenceInputStream2.terminate();
                aSN1ConstructedInputStream2.terminate();
            } catch (CertificateException e) {
                throw new IOException(e.toString());
            }
        } else {
            this.extraCerts = null;
        }
        aSN1SequenceInputStream.terminate();
    }

    public void output(OutputStream outputStream) throws IOException {
        toASN1().output(outputStream);
    }

    public int length() {
        return toASN1().length();
    }

    private ASN1Object toASN1() {
        if (this.contents == null) {
            ASN1Sequence aSN1Sequence = new ASN1Sequence();
            aSN1Sequence.addElement(this.header);
            aSN1Sequence.addElement(this.body);
            if (this.protection != null) {
                aSN1Sequence.addElement(new ASN1GenericConstructed(new ASN1BitString(this.protection), 0));
            }
            if (this.extraCerts != null && this.extraCerts.size() > 0) {
                aSN1Sequence.addElement(new ASN1GenericConstructed(new ASN1Sequence(this.extraCerts), 1));
            }
            this.contents = aSN1Sequence;
        }
        return this.contents;
    }

    private void update() {
        this.contents = null;
    }
}
