package com.ibm.security.cert;

import com.ibm.security.util.DerInputStream;
import com.ibm.security.util.DerOutputStream;
import com.ibm.security.util.DerValue;
import com.ibm.security.x509.X509CertImpl;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;

/* loaded from: input_file:efixes/JDKiFix_express_linux_i386/components/prereq.jdk/update.jar:/java/jre/lib/ibmcertpathprovider.jar:com/ibm/security/cert/X509CertificatePair.class */
public class X509CertificatePair {
    private X509Certificate forward;
    private X509Certificate reverse;
    public static final int VALID_STATUS = 0;
    public static final int INVALID_STATUS = 1;
    public static final int UNDETERMINED_STATUS = 2;

    public X509CertificatePair(byte[] bArr) throws CertificateException {
        try {
            decode(bArr);
            if (validate() == 1) {
                throw new CertificateException("Invalid certificate pair");
            }
        } catch (IOException e) {
            throw new CertificateException(e.getMessage());
        }
    }

    public X509CertificatePair(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws CertificateException {
        if (x509Certificate == null && x509Certificate2 == null) {
            throw new CertificateException("At least one certificate can not be null");
        }
        if (x509Certificate != null) {
            this.forward = new X509CertImpl(x509Certificate.getEncoded());
        }
        if (x509Certificate2 != null) {
            this.reverse = new X509CertImpl(x509Certificate2.getEncoded());
        }
        if (validate() == 1) {
            throw new CertificateException("Invalid certificate pair");
        }
    }

    private void decode(byte[] bArr) throws IOException, CertificateException {
        DerValue[] sequence = new DerInputStream(bArr).getSequence(2);
        if (sequence.length > 0) {
            for (int i = 0; i < sequence.length; i++) {
                switch (sequence[i].getTag() & 31) {
                    case 0:
                        this.forward = new X509CertImpl(sequence[i].getData().getDerValue());
                        break;
                    case 1:
                        this.reverse = new X509CertImpl(sequence[i].getData().getDerValue());
                        break;
                    default:
                        throw new IOException("Invalid tag number");
                }
            }
        }
    }

    public byte[] encode() throws IOException {
        ArrayList arrayList = new ArrayList();
        if (this.forward != null) {
            try {
                arrayList.add(new DerValue(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 0), this.forward.getEncoded()));
            } catch (CertificateException e) {
                throw new IOException(e.getMessage());
            }
        }
        if (this.reverse != null) {
            try {
                arrayList.add(new DerValue(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 1), this.reverse.getEncoded()));
            } catch (CertificateException e2) {
                throw new IOException(e2.getMessage());
            }
        }
        DerValue[] derValueArr = new DerValue[arrayList.size()];
        arrayList.toArray(derValueArr);
        DerOutputStream derOutputStream = new DerOutputStream();
        derOutputStream.putSequence(derValueArr);
        return derOutputStream.toByteArray();
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("X509CertificatePair: [\n forward certificate: ");
        if (this.forward != null) {
            stringBuffer.append(this.forward);
        } else {
            stringBuffer.append("null");
        }
        stringBuffer.append("\n reverse certificate: ");
        if (this.reverse != null) {
            stringBuffer.append(this.reverse);
        } else {
            stringBuffer.append("null");
        }
        return stringBuffer.toString();
    }

    public X509Certificate getForward() {
        if (this.forward != null) {
            return this.forward;
        }
        return null;
    }

    public X509Certificate getReverse() {
        if (this.reverse != null) {
            return this.reverse;
        }
        return null;
    }

    int validate() {
        if (this.forward == null || this.reverse == null) {
            return 0;
        }
        if (!this.forward.getIssuerDN().equals(this.reverse.getSubjectDN()) || !this.forward.getSubjectDN().equals(this.reverse.getIssuerDN())) {
            return 1;
        }
        int verifySig = verifySig(this.forward.getPublicKey(), this.reverse);
        if (verifySig == 0) {
            verifySig = verifySig(this.reverse.getPublicKey(), this.forward);
        }
        return verifySig;
    }

    private int verifySig(PublicKey publicKey, X509Certificate x509Certificate) {
        try {
            x509Certificate.verify(publicKey);
            return 0;
        } catch (NoSuchAlgorithmException e) {
            try {
                x509Certificate.verify(publicKey, "IBMJCE");
                return 0;
            } catch (NoSuchAlgorithmException e2) {
                return 2;
            } catch (NoSuchProviderException e3) {
                return 2;
            } catch (Exception e4) {
                return 1;
            }
        } catch (Exception e5) {
            return 1;
        }
    }
}
