package oracle.security.crypto.ocsp;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import java.util.Vector;
import javax.security.auth.x500.X500Principal;
import oracle.security.crypto.asn1.ASN1BitString;
import oracle.security.crypto.asn1.ASN1ConstructedInputStream;
import oracle.security.crypto.asn1.ASN1Date;
import oracle.security.crypto.asn1.ASN1FormatException;
import oracle.security.crypto.asn1.ASN1GenericConstructed;
import oracle.security.crypto.asn1.ASN1Integer;
import oracle.security.crypto.asn1.ASN1ObjectID;
import oracle.security.crypto.asn1.ASN1OctetString;
import oracle.security.crypto.asn1.ASN1Sequence;
import oracle.security.crypto.asn1.ASN1SequenceInputStream;
import oracle.security.crypto.cert.X500Name;
import oracle.security.crypto.cert.X509;
import oracle.security.crypto.cert.X509Extension;
import oracle.security.crypto.cert.X509ExtensionSet;
import oracle.security.crypto.core.AlgorithmIdentifier;
import oracle.security.crypto.core.AuthenticationException;
import oracle.security.crypto.util.Utils;
import oracle.security.crypto.util.VersionException;

/* loaded from: input_file:oracle/security/crypto/ocsp/BasicOCSPResponse.class */
public class BasicOCSPResponse extends ResponseInfo {
    private static final ASN1ObjectID respType = OCSP.id_pkix_ocsp_basic;
    private int version;
    private X500Principal responder;
    private byte[] keyHash;
    private Date producedAt;
    private Vector respList;
    private X509ExtensionSet respExts;
    private AlgorithmIdentifier sigAlgID;
    private byte[] sigBytes;
    private Vector sigCerts;
    private Vector X509sigCerts;
    private ASN1Sequence tbs;
    private ASN1Sequence bas;

    public BasicOCSPResponse(X500Principal x500Principal) {
        this.version = 0;
        this.responder = null;
        this.keyHash = null;
        this.respList = new Vector();
        this.respExts = null;
        this.sigCerts = null;
        this.X509sigCerts = null;
        this.responder = x500Principal;
    }

    public BasicOCSPResponse(PublicKey publicKey) throws NoSuchAlgorithmException {
        this.version = 0;
        this.responder = null;
        this.keyHash = null;
        this.respList = new Vector();
        this.respExts = null;
        this.sigCerts = null;
        this.X509sigCerts = null;
        this.keyHash = MessageDigest.getInstance("SHA-1").digest(publicKey.getEncoded());
    }

    public BasicOCSPResponse(InputStream inputStream) throws IOException {
        this.version = 0;
        this.responder = null;
        this.keyHash = null;
        this.respList = new Vector();
        this.respExts = null;
        this.sigCerts = null;
        this.X509sigCerts = null;
        input(inputStream);
    }

    @Override // oracle.security.crypto.ocsp.ResponseInfo
    public ASN1ObjectID getResponseType() {
        return respType;
    }

    public X500Principal getResponder() {
        return this.responder;
    }

    public byte[] getResponderKeyHash() {
        return this.keyHash;
    }

    public Date getProducedAt() {
        return this.producedAt;
    }

    public Enumeration responses() {
        return this.respList.elements();
    }

    public void addResponse(SingleBasicResponse singleBasicResponse) {
        this.respList.addElement(singleBasicResponse);
        reset();
    }

    public void addRespExtension(X509Extension x509Extension) {
        if (this.respExts == null) {
            this.respExts = new X509ExtensionSet();
        }
        this.respExts.addExtension(x509Extension);
        reset();
    }

    public void setRespExtensions(X509ExtensionSet x509ExtensionSet) {
        this.respExts = x509ExtensionSet;
        reset();
    }

    public X509Extension getRespExtension(ASN1ObjectID aSN1ObjectID) {
        if (this.respExts != null) {
            return this.respExts.getExtension(aSN1ObjectID);
        }
        return null;
    }

    public X509ExtensionSet getRespExtensions() {
        return this.respExts;
    }

    public void sign(PrivateKey privateKey) throws SignatureException {
        this.producedAt = new Date();
        try {
            String algorithm = privateKey.getAlgorithm();
            if (algorithm.equals("RSA")) {
                algorithm = "SHA1withRSA";
            } else if (algorithm.equals("DSA")) {
                algorithm = "SHA1withDSA";
            }
            Signature signature = Signature.getInstance(algorithm);
            signature.initSign(privateKey);
            signature.update(Utils.toBytes(tbsResponse()));
            this.sigAlgID = OCSPUtils.getAlgoID(signature.getAlgorithm());
            this.sigBytes = signature.sign();
            resetContents();
        } catch (InvalidKeyException e) {
            throw new SignatureException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new SignatureException(e2);
        }
    }

    public void sign(PrivateKey privateKey, AlgorithmIdentifier algorithmIdentifier) throws SignatureException {
        this.producedAt = new Date();
        try {
            Signature signature = Signature.getInstance(OCSPUtils.getAlgoName(algorithmIdentifier));
            signature.initSign(privateKey);
            signature.update(Utils.toBytes(tbsResponse()));
            this.sigAlgID = OCSPUtils.getAlgoID(signature.getAlgorithm());
            this.sigBytes = signature.sign();
            resetContents();
        } catch (InvalidKeyException e) {
            throw new SignatureException(e.toString());
        } catch (NoSuchAlgorithmException e2) {
            throw new SignatureException(e2.toString());
        }
    }

    public void addSigVerifyCert(X509Certificate x509Certificate) throws CertificateEncodingException {
        if (this.sigCerts == null) {
            this.sigCerts = new Vector();
            this.X509sigCerts = new Vector();
        }
        this.sigCerts.addElement(x509Certificate);
        this.X509sigCerts.addElement(OCSPUtils.convertX509(x509Certificate));
    }

    public Vector getSigVerifyCerts() {
        return this.sigCerts;
    }

    public AlgorithmIdentifier getSigAlgID() {
        return this.sigAlgID;
    }

    public byte[] getSigBytes() {
        return this.sigBytes;
    }

    public boolean verifySignature(PublicKey publicKey) throws AuthenticationException {
        try {
            Signature signature = Signature.getInstance(OCSPUtils.getAlgoName(this.sigAlgID));
            signature.initVerify(publicKey);
            signature.update(Utils.toBytes(tbsResponse()));
            return signature.verify(this.sigBytes);
        } catch (InvalidKeyException e) {
            throw new AuthenticationException(e.toString());
        } catch (NoSuchAlgorithmException e2) {
            throw new AuthenticationException(e2.toString());
        } catch (SignatureException e3) {
            throw new AuthenticationException(e3.toString());
        }
    }

    public void input(InputStream inputStream) throws IOException {
        try {
            reset();
            ASN1SequenceInputStream aSN1SequenceInputStream = new ASN1SequenceInputStream(inputStream);
            inputTbsResponse(aSN1SequenceInputStream);
            this.sigAlgID = new AlgorithmIdentifier(aSN1SequenceInputStream);
            this.sigBytes = ASN1BitString.inputValue(aSN1SequenceInputStream);
            if (aSN1SequenceInputStream.hasMoreData()) {
                ASN1ConstructedInputStream aSN1ConstructedInputStream = new ASN1ConstructedInputStream(aSN1SequenceInputStream, 0);
                ASN1SequenceInputStream aSN1SequenceInputStream2 = new ASN1SequenceInputStream(aSN1ConstructedInputStream);
                this.sigCerts = new Vector();
                this.X509sigCerts = new Vector();
                try {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    while (aSN1SequenceInputStream2.hasMoreData()) {
                        X509 x509 = new X509(aSN1SequenceInputStream2);
                        this.sigCerts.addElement(certificateFactory.generateCertificate(new ByteArrayInputStream(x509.getEncoded())));
                        this.X509sigCerts.addElement(x509);
                    }
                    aSN1SequenceInputStream2.terminate();
                    aSN1ConstructedInputStream.terminate();
                } catch (CertificateEncodingException e) {
                    throw new IOException(e.toString());
                } catch (CertificateException e2) {
                    throw new IOException(e2.toString());
                }
            } else {
                this.sigCerts = null;
                this.X509sigCerts = null;
            }
            aSN1SequenceInputStream.terminate();
        } catch (ClassCastException e3) {
            throw new ASN1FormatException(e3.toString());
        } catch (IndexOutOfBoundsException e4) {
            throw new ASN1FormatException(e4.toString());
        }
    }

    private void inputTbsResponse(InputStream inputStream) throws IOException {
        try {
            reset();
            ASN1SequenceInputStream aSN1SequenceInputStream = new ASN1SequenceInputStream(inputStream);
            if (aSN1SequenceInputStream.getCurrentTag() == 0) {
                ASN1ConstructedInputStream aSN1ConstructedInputStream = new ASN1ConstructedInputStream(aSN1SequenceInputStream, 0);
                this.version = ASN1Integer.inputValue(aSN1ConstructedInputStream).intValue();
                if (this.version != 0) {
                    throw new VersionException("Invalid version number");
                }
                aSN1ConstructedInputStream.terminate();
            }
            if (aSN1SequenceInputStream.getCurrentTag() == 1) {
                ASN1ConstructedInputStream aSN1ConstructedInputStream2 = new ASN1ConstructedInputStream(aSN1SequenceInputStream, 1);
                this.responder = new X500Principal(new X500Name(aSN1ConstructedInputStream2).toString());
                aSN1ConstructedInputStream2.terminate();
                this.keyHash = null;
            } else if (aSN1SequenceInputStream.getCurrentTag() == 2) {
                ASN1ConstructedInputStream aSN1ConstructedInputStream3 = new ASN1ConstructedInputStream(aSN1SequenceInputStream, 2);
                this.keyHash = ASN1OctetString.inputValue(aSN1ConstructedInputStream3);
                aSN1ConstructedInputStream3.terminate();
                this.responder = null;
            }
            this.producedAt = ASN1Date.inputValue(aSN1SequenceInputStream);
            ASN1SequenceInputStream aSN1SequenceInputStream2 = new ASN1SequenceInputStream(aSN1SequenceInputStream);
            this.respList = new Vector();
            while (aSN1SequenceInputStream2.hasMoreData()) {
                this.respList.addElement(new SingleBasicResponse(aSN1SequenceInputStream2));
            }
            aSN1SequenceInputStream2.terminate();
            if (aSN1SequenceInputStream.getCurrentTag() == 1) {
                ASN1ConstructedInputStream aSN1ConstructedInputStream4 = new ASN1ConstructedInputStream(aSN1SequenceInputStream, 1);
                this.respExts = new X509ExtensionSet(aSN1ConstructedInputStream4);
                aSN1ConstructedInputStream4.terminate();
            } else {
                this.respExts = null;
            }
            aSN1SequenceInputStream.terminate();
        } catch (ClassCastException e) {
            throw new ASN1FormatException(e.toString());
        } catch (IndexOutOfBoundsException e2) {
            throw new ASN1FormatException(e2.toString());
        }
    }

    private ASN1Sequence tbsResponse() {
        if (this.tbs != null) {
            return this.tbs;
        }
        this.tbs = new ASN1Sequence();
        if (this.version != 0) {
            this.tbs.addElement(new ASN1Integer(this.version));
        }
        if (this.responder != null && this.keyHash == null) {
            this.tbs.addElement(new ASN1GenericConstructed(new X500Name(OCSPUtils.formatX500Name(this.responder)), 1));
        } else {
            if (this.keyHash == null || this.responder != null) {
                throw new IllegalStateException("Both responder name and public key hash may not be present");
            }
            this.tbs.addElement(new ASN1GenericConstructed(new ASN1OctetString(this.keyHash), 2));
        }
        this.tbs.addElement(new ASN1Date(this.producedAt, true));
        ASN1Sequence aSN1Sequence = new ASN1Sequence();
        Enumeration elements = this.respList.elements();
        while (elements.hasMoreElements()) {
            aSN1Sequence.addElement((SingleBasicResponse) elements.nextElement());
        }
        this.tbs.addElement(aSN1Sequence);
        if (this.respExts != null) {
            this.tbs.addElement(new ASN1GenericConstructed(this.respExts, 1));
        }
        return this.tbs;
    }

    private ASN1Sequence toASN1Sequence() {
        if (this.bas != null) {
            return this.bas;
        }
        if (this.sigBytes == null) {
            throw new IllegalStateException("OCSP response must be signed");
        }
        this.bas = new ASN1Sequence();
        this.bas.addElement(tbsResponse());
        this.bas.addElement(this.sigAlgID);
        this.bas.addElement(new ASN1BitString(this.sigBytes));
        if (this.sigCerts != null && this.sigCerts.size() > 0) {
            ASN1Sequence aSN1Sequence = new ASN1Sequence();
            Enumeration elements = this.X509sigCerts.elements();
            while (elements.hasMoreElements()) {
                aSN1Sequence.addElement((X509) elements.nextElement());
            }
            this.bas.addElement(new ASN1GenericConstructed(aSN1Sequence, 0));
        }
        return this.bas;
    }

    public void output(OutputStream outputStream) throws IOException {
        toASN1Sequence().output(outputStream);
    }

    public int length() {
        return toASN1Sequence().length();
    }

    private void reset() {
        this.tbs = null;
        resetContents();
    }

    private void resetContents() {
        this.bas = null;
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer("Basic OCSP Response: ");
        Enumeration elements = this.respList.elements();
        while (elements.hasMoreElements()) {
            stringBuffer.append(elements.nextElement());
            stringBuffer.append("; ");
        }
        if (this.responder != null) {
            stringBuffer.append("responder = " + this.responder + ";");
        } else {
            stringBuffer.append("key hash = " + Utils.toHexString(this.keyHash));
        }
        stringBuffer.append("produced at = " + this.producedAt + ";");
        if (this.respExts != null) {
            stringBuffer.append("basic response extensions = " + this.respExts);
        }
        return stringBuffer.toString();
    }
}
