package com.rsa.certj.cert;

import com.crystaldecisions.client.helper.DataDefinitionHelper;
import com.rsa.asn1.ASN1;
import com.rsa.asn1.ASN1Container;
import com.rsa.asn1.ASN1Lengths;
import com.rsa.asn1.ASN1Template;
import com.rsa.asn1.ASN_Exception;
import com.rsa.asn1.AlgorithmID;
import com.rsa.asn1.BitStringContainer;
import com.rsa.asn1.ChoiceContainer;
import com.rsa.asn1.EncodedContainer;
import com.rsa.asn1.EndContainer;
import com.rsa.asn1.GenTimeContainer;
import com.rsa.asn1.IntegerContainer;
import com.rsa.asn1.SequenceContainer;
import com.rsa.asn1.UTCTimeContainer;
import com.rsa.certj.CertJ;
import com.rsa.certj.cert.attributes.V3ExtensionAttribute;
import com.rsa.certj.cert.attributes.X501Attribute;
import com.rsa.certj.cert.extensions.X509V3Extension;
import com.rsa.jsafe.JSAFE_PrivateKey;
import com.rsa.jsafe.JSAFE_PublicKey;
import java.io.Serializable;
import java.security.SecureRandom;
import java.util.Date;
import java.util.Vector;

/* loaded from: input_file:lib/external/certj.jar:com/rsa/certj/cert/X509Certificate.class */
public class X509Certificate extends Certificate implements Cloneable, Serializable {
    public static final int X509_VERSION_1 = 0;
    public static final int X509_VERSION_2 = 1;
    public static final int X509_VERSION_3 = 2;
    private byte[] innerDER;
    private int innerDERLen;
    private int theVersion;
    private X500Name subjectName;
    private X500Name issuerName;
    private byte[] serialNumber;
    private byte[] issuerUniqueID;
    private byte[] subjectUniqueID;
    private boolean timeType;
    private Date notBefore;
    private Date notAfter;
    private X509V3Extensions theExtensions;
    protected int special;
    private ASN1Template asn1Template;
    protected int innerSpecial;
    private ASN1Template asn1TemplateInner;
    private ASN1Template asn1TemplateValidity;

    public X509Certificate() {
        this.theVersion = 2;
        this.timeType = false;
    }

    public X509Certificate(CertJ certJ) {
        this.theVersion = 2;
        this.timeType = false;
        setCertJ(certJ);
    }

    public X509Certificate(byte[] bArr, int i, int i2) throws CertificateException {
        this(bArr, i, i2, null);
    }

    public X509Certificate(byte[] bArr, int i, int i2, CertJ certJ) throws CertificateException {
        this.theVersion = 2;
        this.timeType = false;
        if (bArr == null) {
            throw new CertificateException("Encoding is null.");
        }
        setCertBER(bArr, i, i2);
        setCertJ(certJ);
    }

    public static int getNextBEROffset(byte[] bArr, int i) throws CertificateException {
        if (bArr == null) {
            throw new CertificateException("Encoding is null.");
        }
        try {
            return i + 1 + ASN1Lengths.determineLengthLen(bArr, i + 1) + ASN1Lengths.determineLength(bArr, i + 1);
        } catch (ASN_Exception e) {
            throw new CertificateException(new StringBuffer().append("Could not read the BER encoding.").append(e.getMessage()).toString());
        }
    }

    private void setCertBER(byte[] bArr, int i, int i2) throws CertificateException {
        if (bArr == null) {
            throw new CertificateException("Encoding is null.");
        }
        clearComponents();
        ASN1Container[] decodeCert = decodeCert(bArr, i, i2);
        setInnerDER(decodeCert[1].data, decodeCert[1].dataOffset);
        this.signature = new byte[decodeCert[3].dataLen];
        System.arraycopy(decodeCert[3].data, decodeCert[3].dataOffset, this.signature, 0, decodeCert[3].dataLen);
        if (!setSignatureAlgorithm(decodeCert[2].data, decodeCert[2].dataOffset, decodeCert[2].dataLen)) {
            throw new CertificateException("Unknown or invalid signature algorithm.");
        }
    }

    protected static ASN1Container[] decodeCert(byte[] bArr, int i, int i2) throws CertificateException {
        if (bArr == null) {
            throw new CertificateException("Encoding is null.");
        }
        ASN1Container[] aSN1ContainerArr = {new SequenceContainer(i2), new EncodedContainer(12288), new EncodedContainer(12288), new EncodedContainer(768), new EndContainer()};
        try {
            ASN1.berDecode(bArr, i, aSN1ContainerArr);
            return aSN1ContainerArr;
        } catch (ASN_Exception e) {
            throw new CertificateException(new StringBuffer().append("Could not BER decode the cert.").append(e.getMessage()).toString());
        }
    }

    public int getDERLen(int i) {
        return encodeInit(i);
    }

    private int encodeInit(int i) {
        this.special = i;
        if (this.innerDER == null) {
            this.innerDERLen = getInnerDERLen();
        }
        if (this.innerDERLen == 0 || this.signatureAlgorithmBER == null || this.signature == null) {
            return 0;
        }
        try {
            this.asn1Template = new ASN1Template(new ASN1Container[]{new SequenceContainer(i, true, 0), new EncodedContainer(12288, true, 0, null, 0, this.innerDERLen), new EncodedContainer(12288, true, 0, null, 0, this.signatureAlgorithmBER.length), new EncodedContainer(768, true, 0, null, 0, this.signature.length), new EndContainer()});
            return this.asn1Template.derEncodeInit();
        } catch (ASN_Exception e) {
            return 0;
        }
    }

    public int getDEREncoding(byte[] bArr, int i, int i2) throws CertificateException {
        int i3;
        if (bArr == null) {
            throw new CertificateException("Specified array is null.");
        }
        try {
            if ((this.asn1Template == null || i2 != this.special) && encodeInit(i2) == 0) {
                throw new CertificateException("Could not encode: Possibly some of the required fields of this certificate object are not set.");
            }
            int derEncode = 0 + this.asn1Template.derEncode(bArr, i);
            this.asn1Template = null;
            if (this.innerDER == null || this.innerDERLen == 0) {
                int innerDER = getInnerDER(bArr, i + derEncode);
                if (innerDER == 0) {
                    throw new CertificateException("Could not encode, missing data.");
                }
                i3 = derEncode + innerDER;
            } else {
                System.arraycopy(this.innerDER, 0, bArr, i + derEncode, this.innerDERLen);
                i3 = derEncode + this.innerDERLen;
            }
            System.arraycopy(this.signatureAlgorithmBER, 0, bArr, i + i3, this.signatureAlgorithmBER.length);
            int length = i3 + this.signatureAlgorithmBER.length;
            System.arraycopy(this.signature, 0, bArr, i + length, this.signature.length);
            return length + this.signature.length;
        } catch (ASN_Exception e) {
            this.asn1Template = null;
            throw new CertificateException(new StringBuffer().append("Could not encode: ").append(e.getMessage()).toString());
        }
    }

    public void setInnerDER(byte[] bArr, int i) throws CertificateException {
        clearSignature();
        clearTemplate();
        if (bArr == null) {
            throw new CertificateException("Encoding is null.");
        }
        SequenceContainer sequenceContainer = new SequenceContainer(this.special);
        EndContainer endContainer = new EndContainer();
        IntegerContainer integerContainer = new IntegerContainer(10616832);
        IntegerContainer integerContainer2 = new IntegerContainer(0);
        EncodedContainer encodedContainer = new EncodedContainer(12288);
        EncodedContainer encodedContainer2 = new EncodedContainer(12288);
        EncodedContainer encodedContainer3 = new EncodedContainer(12288);
        EncodedContainer encodedContainer4 = new EncodedContainer(12288);
        EncodedContainer encodedContainer5 = new EncodedContainer(12288);
        EncodedContainer encodedContainer6 = new EncodedContainer(8454913);
        EncodedContainer encodedContainer7 = new EncodedContainer(8454914);
        EncodedContainer encodedContainer8 = new EncodedContainer(10563587);
        try {
            ASN1.berDecode(bArr, i, new ASN1Container[]{sequenceContainer, integerContainer, integerContainer2, encodedContainer, encodedContainer2, encodedContainer3, encodedContainer4, encodedContainer5, encodedContainer6, encodedContainer7, encodedContainer8, endContainer});
            if (integerContainer.dataPresent) {
                checkVersionNumber(integerContainer.data, integerContainer.dataOffset, integerContainer.dataLen);
            }
            setSerialNumber(integerContainer2.data, integerContainer2.dataOffset, integerContainer2.dataLen);
            if (!setSignatureAlgorithm(encodedContainer.data, encodedContainer.dataOffset, encodedContainer.dataLen)) {
                throw new CertificateException("Unknown or invalid signature algorithm.");
            }
            try {
                setIssuerName(new X500Name(encodedContainer2.data, encodedContainer2.dataOffset, 0));
                setValidityBER(encodedContainer3.data, encodedContainer3.dataOffset);
                try {
                    setSubjectName(new X500Name(encodedContainer4.data, encodedContainer4.dataOffset, 0));
                    setSubjectPublicKey(encodedContainer5.data, encodedContainer5.dataOffset);
                    if (encodedContainer6.dataPresent) {
                        if (this.theVersion == 0) {
                            throw new CertificateException("Version 1 certs not allowed to have issuer unique ID.");
                        }
                        this.issuerUniqueID = new byte[encodedContainer6.dataLen];
                        System.arraycopy(encodedContainer6.data, encodedContainer6.dataOffset, this.issuerUniqueID, 0, encodedContainer6.dataLen);
                    }
                    if (encodedContainer7.dataPresent) {
                        if (this.theVersion == 0) {
                            throw new CertificateException("Version 1 certs not allowed to have subject unique ID.");
                        }
                        this.subjectUniqueID = new byte[encodedContainer7.dataLen];
                        System.arraycopy(encodedContainer7.data, encodedContainer7.dataOffset, this.subjectUniqueID, 0, encodedContainer7.dataLen);
                    }
                    if (encodedContainer8.dataPresent) {
                        setExtensions(new X509V3Extensions(encodedContainer8.data, encodedContainer8.dataOffset, 10485763, 1));
                    }
                    this.innerDERLen = getNextBEROffset(bArr, i) - i;
                    this.innerDER = new byte[this.innerDERLen];
                    System.arraycopy(bArr, i, this.innerDER, 0, this.innerDERLen);
                } catch (NameException e) {
                    throw new CertificateException(new StringBuffer().append("Invalid subject name: ").append(e.getMessage()).toString());
                }
            } catch (NameException e2) {
                throw new CertificateException(new StringBuffer().append("Invalid issuer name: ").append(e2.getMessage()).toString());
            }
        } catch (ASN_Exception e3) {
            throw new CertificateException(new StringBuffer().append("Could not BER decode the cert info.").append(e3.getMessage()).toString());
        }
    }

    protected void checkVersionNumber(int i) throws CertificateException {
        if (i != 0 && i != 1 && i != 2) {
            throw new CertificateException("Invalid X.509 Certificate version.");
        }
        this.theVersion = i;
    }

    protected void checkVersionNumber(byte[] bArr, int i, int i2) throws CertificateException {
        if (bArr == null || i2 > 4) {
            throw new CertificateException("Invalid X.509 Certificate version.");
        }
        int i3 = 0;
        for (int i4 = i; i4 < i + i2; i4++) {
            i3 = (i3 << 8) | (bArr[i] & 255);
        }
        if (i3 != 0 && i3 != 1 && i3 != 2) {
            throw new CertificateException("Invalid X.509 Certificate version.");
        }
        this.theVersion = i3;
    }

    private boolean setSignatureAlgorithm(byte[] bArr, int i, int i2) {
        if (bArr == null || i2 == 0) {
            return false;
        }
        try {
            if (this.signatureAlgorithmBER == null) {
                this.signatureAlgorithmBER = new byte[i2];
                System.arraycopy(bArr, i, this.signatureAlgorithmBER, 0, i2);
                return AlgorithmID.berDecodeAlgID(bArr, i, 1, null) != null;
            }
            if (i2 != this.signatureAlgorithmBER.length) {
                return false;
            }
            int i3 = 0;
            while (i3 < i2) {
                if (bArr[i] != this.signatureAlgorithmBER[i3]) {
                    return false;
                }
                i3++;
                i++;
            }
            return true;
        } catch (ASN_Exception e) {
            return false;
        }
    }

    public int getInnerDERLen() {
        return this.innerDERLen != 0 ? this.innerDERLen : innerDEREncodeInit();
    }

    private int innerDEREncodeInit() {
        this.innerSpecial = this.special;
        if (this.subjectPublicKeyInfo == null || this.signatureAlgorithmBER == null || this.serialNumber == null || this.notBefore == null || this.notAfter == null) {
            return 0;
        }
        if (this.subjectName == null && !checkExtensions(17)) {
            return 0;
        }
        if (this.issuerName == null && !checkExtensions(18)) {
            return 0;
        }
        int validityDERLen = getValidityDERLen();
        try {
            SequenceContainer sequenceContainer = new SequenceContainer(this.special, true, 0);
            EndContainer endContainer = new EndContainer();
            boolean z = true;
            if (this.theVersion == 0) {
                z = false;
            }
            IntegerContainer integerContainer = new IntegerContainer(10616832, z, 0, this.theVersion);
            IntegerContainer integerContainer2 = ((this.serialNumber[0] & 128) >> 7) == 0 ? new IntegerContainer(0, true, 0, this.serialNumber, 0, this.serialNumber.length, true) : new IntegerContainer(0, true, 0, this.serialNumber, 0, this.serialNumber.length, false);
            EncodedContainer encodedContainer = new EncodedContainer(12288, true, 0, this.signatureAlgorithmBER, 0, this.signatureAlgorithmBER.length);
            EncodedContainer encodedContainer2 = new EncodedContainer(12288, true, 0, null, 0, validityDERLen);
            EncodedContainer encodedContainer3 = new EncodedContainer(12288, true, 0, null, 0, this.subjectPublicKeyInfo.length);
            EncodedContainer encodedContainer4 = new EncodedContainer(12288, true, 0, null, 0, this.issuerName != null ? this.issuerName.getDERLen(0) : 2);
            EncodedContainer encodedContainer5 = new EncodedContainer(12288, true, 0, null, 0, this.subjectName != null ? this.subjectName.getDERLen(0) : 2);
            boolean z2 = false;
            int i = 0;
            if (this.theVersion != 0 && this.issuerUniqueID != null) {
                z2 = true;
                i = this.issuerUniqueID.length;
            }
            EncodedContainer encodedContainer6 = new EncodedContainer(8454913, z2, 0, null, 0, i);
            boolean z3 = false;
            int i2 = 0;
            if (this.theVersion != 0 && this.subjectUniqueID != null) {
                z3 = true;
                i2 = this.subjectUniqueID.length;
            }
            EncodedContainer encodedContainer7 = new EncodedContainer(8454914, z3, 0, null, 0, i2);
            boolean z4 = false;
            int i3 = 0;
            if (this.theVersion == 2 && this.theExtensions != null) {
                i3 = this.theExtensions.getDERLen(10551299);
                if (i3 != 0) {
                    z4 = true;
                }
            }
            this.asn1TemplateInner = new ASN1Template(new ASN1Container[]{sequenceContainer, integerContainer, integerContainer2, encodedContainer, encodedContainer4, encodedContainer2, encodedContainer5, encodedContainer3, encodedContainer6, encodedContainer7, new EncodedContainer(10563587, z4, 0, null, 0, i3), endContainer});
            return this.asn1TemplateInner.derEncodeInit();
        } catch (ASN_Exception e) {
            return 0;
        }
    }

    public int getInnerDER(byte[] bArr, int i) throws CertificateException {
        int i2;
        int i3;
        if (bArr == null) {
            throw new CertificateException("Passed array is null");
        }
        try {
            if (this.asn1TemplateInner == null && innerDEREncodeInit() == 0) {
                throw new CertificateException("Cannot encode innerDER, information missing.");
            }
            int derEncode = 0 + this.asn1TemplateInner.derEncode(bArr, i);
            this.asn1TemplateInner = null;
            try {
                if (this.issuerName != null) {
                    i2 = derEncode + this.issuerName.getDEREncoding(bArr, i + derEncode, 0);
                } else {
                    bArr[i + derEncode] = 48;
                    bArr[i + derEncode + 1] = 0;
                    i2 = derEncode + 2;
                }
                int validityDEREncoding = getValidityDEREncoding(bArr, i + i2);
                if (validityDEREncoding == 0) {
                    throw new CertificateException("Could not encode Validity.");
                }
                int i4 = i2 + validityDEREncoding;
                if (this.subjectName != null) {
                    i3 = i4 + this.subjectName.getDEREncoding(bArr, i + i4, 0);
                } else {
                    bArr[i + i4] = 48;
                    bArr[i + i4 + 1] = 0;
                    i3 = i4 + 2;
                }
                System.arraycopy(this.subjectPublicKeyInfo, 0, bArr, i + i3, this.subjectPublicKeyInfo.length);
                int length = i3 + this.subjectPublicKeyInfo.length;
                if (this.theVersion != 0 && this.issuerUniqueID != null) {
                    System.arraycopy(this.issuerUniqueID, 0, bArr, i + length, this.issuerUniqueID.length);
                    length += this.issuerUniqueID.length;
                }
                if (this.theVersion != 0 && this.subjectUniqueID != null) {
                    System.arraycopy(this.subjectUniqueID, 0, bArr, i + length, this.subjectUniqueID.length);
                    length += this.subjectUniqueID.length;
                }
                if (this.theVersion == 2 && this.theExtensions != null) {
                    length += this.theExtensions.getDEREncoding(bArr, i + length, 10551299);
                }
                return length;
            } catch (NameException e) {
                throw new CertificateException(new StringBuffer().append("Could not encode a Name: ").append(e.getMessage()).toString());
            }
        } catch (ASN_Exception e2) {
            this.asn1TemplateInner = null;
            throw new CertificateException(new StringBuffer().append("Could not encode: ").append(e2.getMessage()).toString());
        }
    }

    public void setUnsignedCertFromPKCS10Request(PKCS10CertRequest pKCS10CertRequest) throws CertificateException {
        clearComponents();
        if (pKCS10CertRequest == null) {
            throw new CertificateException("Cert Request is null.");
        }
        setSubjectName(pKCS10CertRequest.getSubjectName());
        setSubjectPublicKey(pKCS10CertRequest.getSubjectPublicKey("Java"));
        X501Attributes attributes = pKCS10CertRequest.getAttributes();
        if (attributes == null) {
            return;
        }
        X501Attribute attributeByType = attributes.getAttributeByType(2);
        if (attributeByType == null) {
            setVersion(0);
        } else {
            setVersion(2);
            setExtensions(((V3ExtensionAttribute) attributeByType).getV3ExtensionAttribute());
        }
    }

    @Override // com.rsa.certj.cert.Certificate
    public byte[] getSignature() throws CertificateException {
        if (this.signature == null) {
            throw new CertificateException("Object not signed.");
        }
        BitStringContainer bitStringContainer = new BitStringContainer(0);
        try {
            ASN1.berDecode(this.signature, 0, new ASN1Container[]{bitStringContainer});
            byte[] bArr = new byte[bitStringContainer.dataLen];
            System.arraycopy(bitStringContainer.data, bitStringContainer.dataOffset, bArr, 0, bitStringContainer.dataLen);
            return bArr;
        } catch (ASN_Exception e) {
            throw new CertificateException(new StringBuffer().append("Cannot extract the signature.").append(e.getMessage()).toString());
        }
    }

    public void setVersion(int i) throws CertificateException {
        if (i == this.theVersion) {
            return;
        }
        if (i != 0 && i != 1 && i != 2) {
            throw new CertificateException(new StringBuffer().append("Invalid cert version: ").append(i).toString());
        }
        clearSignature();
        clearTemplate();
        switch (i) {
            case 0:
                if (!emptyExtensions(this.theExtensions)) {
                    throw new CertificateException("You can not use X509 V1 version for a certificate with extensions.");
                }
                if (this.issuerUniqueID != null) {
                    throw new CertificateException("You can not use X509 V1 version for a certificate with issuer unique ID.");
                }
                if (this.subjectUniqueID != null) {
                    throw new CertificateException("You can not use X509 V1 version for a certificate with subject unique ID.");
                }
                break;
            case 1:
                if (!emptyExtensions(this.theExtensions)) {
                    throw new CertificateException("You can not use X509 V2 version for a certificate with extensions.");
                }
                break;
        }
        this.theVersion = i;
    }

    public int getVersion() {
        return this.theVersion;
    }

    public void setSubjectName(X500Name x500Name) throws CertificateException {
        clearSignature();
        clearTemplate();
        if (x500Name == null) {
            if (!checkExtensions(17)) {
                throw new CertificateException("Cannot set the cert with the given subjectName.");
            }
        } else {
            try {
                this.subjectName = (X500Name) x500Name.clone();
            } catch (CloneNotSupportedException e) {
                throw new CertificateException("Cannot set the cert with the given subjectName.");
            }
        }
    }

    public X500Name getSubjectName() {
        if (this.subjectName == null) {
            return null;
        }
        try {
            return (X500Name) this.subjectName.clone();
        } catch (CloneNotSupportedException e) {
            return null;
        }
    }

    public void setIssuerName(X500Name x500Name) throws CertificateException {
        clearSignature();
        clearTemplate();
        if (x500Name == null) {
            if (!checkExtensions(18)) {
                throw new CertificateException("Cannot set the cert with the given issuerName.");
            }
        } else {
            try {
                this.issuerName = (X500Name) x500Name.clone();
            } catch (CloneNotSupportedException e) {
                throw new CertificateException("Cannot set the cert with the given issuerName.");
            }
        }
    }

    public X500Name getIssuerName() {
        if (this.issuerName == null) {
            return null;
        }
        try {
            return (X500Name) this.issuerName.clone();
        } catch (CloneNotSupportedException e) {
            return null;
        }
    }

    public void setSerialNumber(byte[] bArr, int i, int i2) {
        clearSignature();
        clearTemplate();
        this.serialNumber = new byte[i2];
        if (bArr == null) {
            return;
        }
        System.arraycopy(bArr, i, this.serialNumber, 0, i2);
    }

    public byte[] getSerialNumber() {
        return this.serialNumber == null ? new byte[0] : (byte[]) this.serialNumber.clone();
    }

    public byte[] getIssuerAndSerialNumber() throws CertificateException {
        if (this.issuerName == null || this.serialNumber == null) {
            throw new CertificateException("Cannot get issuerSerial, not all values set.");
        }
        try {
            byte[] bArr = new byte[this.issuerName.getDERLen(0)];
            int dEREncoding = this.issuerName.getDEREncoding(bArr, 0, 0);
            return ASN1.derEncode(new ASN1Container[]{new SequenceContainer(0, true, 0), new EncodedContainer(12288, true, 0, bArr, 0, dEREncoding), ((this.serialNumber[0] & 128) >> 7) == 0 ? new IntegerContainer(0, true, 0, this.serialNumber, 0, this.serialNumber.length, true) : new IntegerContainer(0, true, 0, this.serialNumber, 0, this.serialNumber.length, false), new EndContainer()});
        } catch (ASN_Exception e) {
            throw new CertificateException(new StringBuffer().append("Cannot encode issuerSerial: ").append(e.getMessage()).toString());
        } catch (NameException e2) {
            throw new CertificateException(new StringBuffer().append("Cannot encode issuerSerial: ").append(e2.getMessage()).toString());
        }
    }

    public boolean compareIssuerAndSerialNumber(byte[] bArr, int i, int i2) {
        if (bArr == null || i2 == 0) {
            return false;
        }
        try {
            byte[] issuerAndSerialNumber = getIssuerAndSerialNumber();
            if (issuerAndSerialNumber.length != i2) {
                return false;
            }
            int i3 = 0;
            while (i3 < i2) {
                if (bArr[i] != issuerAndSerialNumber[i3]) {
                    return false;
                }
                i3++;
                i++;
            }
            return true;
        } catch (CertificateException e) {
            return false;
        }
    }

    public boolean compareSubjectName(X500Name x500Name) {
        if (this.subjectName == null || x500Name == null) {
            return false;
        }
        return this.subjectName.equals(x500Name);
    }

    public void setTimeType(boolean z) {
        this.timeType = z;
    }

    private void setValidityBER(byte[] bArr, int i) throws CertificateException {
        if (bArr == null) {
            throw new CertificateException("Encoding is null.");
        }
        SequenceContainer sequenceContainer = new SequenceContainer(0);
        EndContainer endContainer = new EndContainer();
        ChoiceContainer choiceContainer = new ChoiceContainer(0);
        ChoiceContainer choiceContainer2 = new ChoiceContainer(0);
        UTCTimeContainer uTCTimeContainer = new UTCTimeContainer(0);
        UTCTimeContainer uTCTimeContainer2 = new UTCTimeContainer(0);
        GenTimeContainer genTimeContainer = new GenTimeContainer(0);
        GenTimeContainer genTimeContainer2 = new GenTimeContainer(0);
        try {
            ASN1.berDecode(bArr, i, new ASN1Container[]{sequenceContainer, choiceContainer, uTCTimeContainer, genTimeContainer, endContainer, choiceContainer2, uTCTimeContainer2, genTimeContainer2, endContainer, endContainer});
            Date date = genTimeContainer.theTime;
            if (!genTimeContainer.dataPresent) {
                date = uTCTimeContainer.theTime;
            }
            Date date2 = genTimeContainer2.theTime;
            if (!genTimeContainer2.dataPresent) {
                date2 = uTCTimeContainer2.theTime;
            }
            setValidity(date, date2);
        } catch (ASN_Exception e) {
            throw new CertificateException(new StringBuffer().append("Cannot extract Validity.").append(e.getMessage()).toString());
        }
    }

    public void setValidity(Date date, Date date2) throws CertificateException {
        clearSignature();
        clearTemplate();
        if (date == null || date2 == null) {
            throw new CertificateException("Cannot set the validity with the given dates.");
        }
        this.notBefore = new Date(date.getTime());
        this.notAfter = new Date(date2.getTime());
        if (!this.notAfter.after(this.notBefore)) {
            throw new CertificateException("Cannot set the validity with the given dates.");
        }
    }

    private int getValidityDERLen() {
        ASN1Container uTCTimeContainer;
        ASN1Container uTCTimeContainer2;
        SequenceContainer sequenceContainer = new SequenceContainer(0, true, 0);
        EndContainer endContainer = new EndContainer();
        if (this.timeType) {
            uTCTimeContainer = new GenTimeContainer(0, true, 0, this.notBefore);
            uTCTimeContainer2 = new GenTimeContainer(0, true, 0, this.notAfter);
        } else {
            uTCTimeContainer = new UTCTimeContainer(0, true, 0, this.notBefore);
            uTCTimeContainer2 = new UTCTimeContainer(0, true, 0, this.notAfter);
        }
        this.asn1TemplateValidity = new ASN1Template(new ASN1Container[]{sequenceContainer, uTCTimeContainer, uTCTimeContainer2, endContainer});
        try {
            return this.asn1TemplateValidity.derEncodeInit();
        } catch (ASN_Exception e) {
            return 0;
        }
    }

    private int getValidityDEREncoding(byte[] bArr, int i) {
        if (this.asn1TemplateValidity == null && getValidityDERLen() == 0) {
            return 0;
        }
        try {
            int derEncode = this.asn1TemplateValidity.derEncode(bArr, i);
            this.asn1TemplateValidity = null;
            return derEncode;
        } catch (ASN_Exception e) {
            this.asn1TemplateValidity = null;
            return 0;
        }
    }

    public Date getStartDate() {
        if (this.notBefore == null) {
            return null;
        }
        return new Date(this.notBefore.getTime());
    }

    public Date getEndDate() {
        if (this.notAfter == null) {
            return null;
        }
        return new Date(this.notAfter.getTime());
    }

    public boolean checkValidityDate(Date date) {
        if (this.notBefore == null || this.notAfter == null || date == null || !this.notBefore.before(date)) {
            return false;
        }
        return this.notAfter.after(date);
    }

    public void setIssuerUniqueID(byte[] bArr, int i, int i2) throws CertificateException {
        clearSignature();
        clearTemplate();
        if (this.theVersion == 0) {
            throw new CertificateException("Cannot set unique ID on a version 1 cert.");
        }
        if (bArr == null) {
            return;
        }
        try {
            this.issuerUniqueID = ASN1.derEncode(new ASN1Container[]{new BitStringContainer(8388609, true, 0, bArr, i, i2, i2 * 8, false)});
        } catch (ASN_Exception e) {
            throw new CertificateException(new StringBuffer().append("Cannot set issuerUniqueID: ").append(e.getMessage()).toString());
        }
    }

    public byte[] getIssuerUniqueID() {
        if (this.issuerUniqueID == null) {
            return null;
        }
        try {
            int determineLengthLen = 2 + ASN1Lengths.determineLengthLen(this.issuerUniqueID, 1);
            byte[] bArr = new byte[this.issuerUniqueID.length - determineLengthLen];
            System.arraycopy(this.issuerUniqueID, determineLengthLen, bArr, 0, bArr.length);
            return bArr;
        } catch (ASN_Exception e) {
            return null;
        }
    }

    public void setSubjectUniqueID(byte[] bArr, int i, int i2) throws CertificateException {
        clearSignature();
        clearTemplate();
        if (this.theVersion == 0) {
            throw new CertificateException("Cannot set unique ID on a version 1 cert.");
        }
        if (bArr == null) {
            return;
        }
        try {
            this.subjectUniqueID = ASN1.derEncode(new ASN1Container[]{new BitStringContainer(8388610, true, 0, bArr, i, i2, i2 * 8, false)});
        } catch (ASN_Exception e) {
            throw new CertificateException(new StringBuffer().append("Cannot set subjectUniqueID: ").append(e.getMessage()).toString());
        }
    }

    public byte[] getSubjectUniqueID() {
        if (this.subjectUniqueID == null) {
            return null;
        }
        try {
            int determineLengthLen = 2 + ASN1Lengths.determineLengthLen(this.subjectUniqueID, 1);
            byte[] bArr = new byte[this.subjectUniqueID.length - determineLengthLen];
            System.arraycopy(this.subjectUniqueID, determineLengthLen, bArr, 0, bArr.length);
            return bArr;
        } catch (ASN_Exception e) {
            return null;
        }
    }

    public void setExtensions(X509V3Extensions x509V3Extensions) throws CertificateException {
        if (emptyExtensions(x509V3Extensions)) {
            return;
        }
        if (x509V3Extensions.getExtensionsType() != 1) {
            throw new CertificateException("Wrong extensions type: should be Cert extensions.");
        }
        clearSignature();
        clearTemplate();
        try {
            this.theExtensions = (X509V3Extensions) x509V3Extensions.clone();
            if (this.theVersion != 2) {
                setVersion(2);
            }
        } catch (CloneNotSupportedException e) {
            throw new CertificateException(new StringBuffer().append("Cannot set the cert with the given extensions(").append(e.getMessage()).append(").").toString());
        }
    }

    public X509V3Extensions getExtensions() {
        if (this.theExtensions == null) {
            return null;
        }
        try {
            return (X509V3Extensions) this.theExtensions.clone();
        } catch (CloneNotSupportedException e) {
            return null;
        }
    }

    @Override // com.rsa.certj.cert.Certificate
    public void signCertificate(String str, String str2, JSAFE_PrivateKey jSAFE_PrivateKey, SecureRandom secureRandom) throws CertificateException {
        clearSignature();
        clearTemplate();
        if (str == null || str2 == null || jSAFE_PrivateKey == null) {
            throw new CertificateException("Specified values are null.");
        }
        try {
            String signatureFormat = getSignatureFormat(str);
            if (signatureFormat == null) {
                this.signatureAlgorithmBER = AlgorithmID.derEncodeAlgID(str, 1, null, 0, 0);
            } else {
                this.signatureAlgorithmBER = AlgorithmID.derEncodeAlgID(signatureFormat, 1, null, 0, 0);
            }
            this.innerDERLen = getInnerDERLen();
            if (this.innerDERLen == 0) {
                throw new CertificateException("Cannot sign certificate, values not set.");
            }
            this.innerDER = new byte[this.innerDERLen];
            this.innerDERLen = getInnerDER(this.innerDER, 0);
            byte[] performSignature = performSignature(str, str2, jSAFE_PrivateKey, secureRandom, this.innerDER, 0, this.innerDERLen);
            try {
                this.signature = ASN1.derEncode(new ASN1Container[]{new BitStringContainer(0, true, 0, performSignature, 0, performSignature.length, performSignature.length * 8, false)});
            } catch (ASN_Exception e) {
                clearSignature();
                throw new CertificateException(new StringBuffer().append("Cannot sign the cert as presently set.").append(e.getMessage()).toString());
            }
        } catch (ASN_Exception e2) {
            throw new CertificateException(new StringBuffer().append("Cannot sign, unknown algorithm.(").append(e2.getMessage()).append(DataDefinitionHelper.RANGEOPERATORORCLOSEBRACKET).toString());
        }
    }

    @Override // com.rsa.certj.cert.Certificate
    public boolean verifyCertificateSignature(String str, JSAFE_PublicKey jSAFE_PublicKey, SecureRandom secureRandom) throws CertificateException {
        if (str == null || jSAFE_PublicKey == null) {
            throw new CertificateException("Specified values are null.");
        }
        if (this.innerDER == null) {
            throw new CertificateException("Cannot verify certificate, values not set.");
        }
        byte[] signature = getSignature();
        return performSignatureVerification(str, jSAFE_PublicKey, secureRandom, this.innerDER, 0, this.innerDERLen, signature, 0, signature.length);
    }

    private boolean checkExtensions(int i) {
        if (this.theVersion != 2 || this.theExtensions == null) {
            return false;
        }
        Vector vector = this.theExtensions.theExtensions;
        for (int i2 = 0; i2 < vector.size(); i2++) {
            X509V3Extension x509V3Extension = (X509V3Extension) vector.elementAt(i2);
            if (x509V3Extension.getExtensionType() == i && x509V3Extension.getCriticality()) {
                return true;
            }
        }
        return false;
    }

    public boolean equals(Object obj) {
        if (obj == null || !(obj instanceof X509Certificate)) {
            return false;
        }
        X509Certificate x509Certificate = (X509Certificate) obj;
        try {
            int dERLen = getDERLen(0);
            int dERLen2 = x509Certificate.getDERLen(0);
            if (dERLen != dERLen2) {
                return false;
            }
            byte[] bArr = new byte[dERLen];
            byte[] bArr2 = new byte[dERLen2];
            int dEREncoding = getDEREncoding(bArr, 0, 0);
            if (dEREncoding != x509Certificate.getDEREncoding(bArr2, 0, 0)) {
                return false;
            }
            for (int i = 0; i < dEREncoding; i++) {
                if (bArr[i] != bArr2[i]) {
                    return false;
                }
            }
            return true;
        } catch (CertificateException e) {
            return false;
        }
    }

    public Object clone() throws CloneNotSupportedException {
        X509Certificate x509Certificate = (X509Certificate) super.clone();
        if (this.subjectPublicKeyInfo != null) {
            x509Certificate.subjectPublicKeyInfo = (byte[]) this.subjectPublicKeyInfo.clone();
        }
        if (this.signatureAlgorithmBER != null) {
            x509Certificate.signatureAlgorithmBER = (byte[]) this.signatureAlgorithmBER.clone();
        }
        if (this.signature != null) {
            x509Certificate.signature = (byte[]) this.signature.clone();
        }
        x509Certificate.signatureAlgorithmFormat = this.signatureAlgorithmFormat;
        if (this.theDevice != null) {
            x509Certificate.theDevice = new String(this.theDevice);
        }
        if (this.theDeviceList != null) {
            x509Certificate.theDeviceList = (String[]) this.theDeviceList.clone();
        }
        if (this.innerDER != null) {
            x509Certificate.innerDER = (byte[]) this.innerDER.clone();
        }
        x509Certificate.innerDERLen = this.innerDERLen;
        x509Certificate.theVersion = this.theVersion;
        if (this.subjectName != null) {
            x509Certificate.subjectName = (X500Name) this.subjectName.clone();
        }
        if (this.issuerName != null) {
            x509Certificate.issuerName = (X500Name) this.issuerName.clone();
        }
        if (this.serialNumber != null) {
            x509Certificate.serialNumber = (byte[]) this.serialNumber.clone();
        }
        if (this.issuerUniqueID != null) {
            x509Certificate.issuerUniqueID = (byte[]) this.issuerUniqueID.clone();
        }
        if (this.subjectUniqueID != null) {
            x509Certificate.subjectUniqueID = (byte[]) this.subjectUniqueID.clone();
        }
        x509Certificate.timeType = this.timeType;
        if (this.notBefore != null) {
            x509Certificate.notBefore = new Date(this.notBefore.getTime());
        }
        if (this.notAfter != null) {
            x509Certificate.notAfter = new Date(this.notAfter.getTime());
        }
        if (this.theExtensions != null) {
            x509Certificate.theExtensions = (X509V3Extensions) this.theExtensions.clone();
        }
        x509Certificate.special = this.special;
        x509Certificate.innerSpecial = this.innerSpecial;
        if (this.asn1Template != null) {
            x509Certificate.encodeInit(this.special);
        }
        if (this.asn1TemplateInner != null) {
            x509Certificate.innerDEREncodeInit();
        }
        if (this.asn1TemplateValidity != null) {
            x509Certificate.getValidityDERLen();
        }
        return x509Certificate;
    }

    protected void clearTemplate() {
        this.asn1Template = null;
        this.asn1TemplateInner = null;
        this.innerDER = null;
        this.innerDERLen = 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.rsa.certj.cert.Certificate
    public void clearComponents() {
        super.clearComponents();
        clearTemplate();
        this.innerDER = null;
        this.innerDERLen = 0;
        this.theVersion = 0;
        this.subjectName = null;
        this.issuerName = null;
        this.serialNumber = null;
        this.issuerUniqueID = null;
        this.subjectUniqueID = null;
        this.notBefore = null;
        this.notAfter = null;
        this.theExtensions = null;
    }

    private boolean emptyExtensions(X509V3Extensions x509V3Extensions) {
        return x509V3Extensions == null || x509V3Extensions.getExtensionCount() == 0;
    }
}
