package oracle.security.crypto.tsp;

import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import oracle.security.crypto.asn1.ASN1Object;
import oracle.security.crypto.cert.Attribute;
import oracle.security.crypto.cert.AttributeSet;
import oracle.security.crypto.cert.PKIX;
import oracle.security.crypto.cert.X509;
import oracle.security.crypto.cert.X509ExtensionSet;
import oracle.security.crypto.cert.ext.ExtKeyUsageExtension;
import oracle.security.crypto.cmp.PKIStatusInfo;
import oracle.security.crypto.cms.CMS;
import oracle.security.crypto.cms.CMSSignedDataContentInfo;
import oracle.security.crypto.cms.CMSSignerInfo;
import oracle.security.crypto.cms.ESSCertID;
import oracle.security.crypto.core.AlgID;
import oracle.security.crypto.core.AlgorithmIdentifier;
import oracle.security.crypto.core.AuthenticationException;
import oracle.security.crypto.util.Utils;

/* loaded from: input_file:oracle/security/crypto/tsp/TSPUtils.class */
public class TSPUtils {
    private static Hashtable algoNamemap = null;
    private static Hashtable algoIdmap = null;
    private static Hashtable algoOIDmap = null;
    public static final String DEFAULT_RandomGenerator_ALGO = "SHA1PRNG";
    public static final String HASH_ALG_MD5 = "MD5";
    public static final String HASH_ALG_MD2 = "MD2";
    public static final String HASH_ALG_SHA_1 = "SHA1";

    public static void verifyKeyPurposeID(X509Certificate x509Certificate) throws TSPException, IOException {
        ExtKeyUsageExtension extKeyUsageExtension = new ExtKeyUsageExtension();
        X509ExtensionSet extensionSet = getExtensionSet(x509Certificate);
        if (extensionSet == null) {
            throw new TSPException("KeyPurposeID id-kp-timeStamping not present in signing certificate.");
        }
        ExtKeyUsageExtension extension = extensionSet.getExtension(extKeyUsageExtension.getType());
        if (extension == null) {
            throw new TSPException("KeyPurposeID id-kp-timeStamping not present in signing certificate.");
        }
        if (!extension.hasKeyPurpose(PKIX.id_kp_timeStamping)) {
            throw new TSPException("KeyPurposeID id-kp-timeStamping not present in signing certificate.");
        }
        if (!extension.getCritical()) {
            throw new TSPException("KeyPurposeID id-kp-timeStamping is present in signing certificate but extended key usage fiels extension is not marked  critical.");
        }
    }

    public static void validateMessageImprint(MessageImprint messageImprint) throws TSPException, NoSuchAlgorithmException {
        AlgorithmIdentifier hashAlgorithm = messageImprint.getHashAlgorithm();
        byte[] hashedMessage = messageImprint.getHashedMessage();
        int digestLength = MessageDigest.getInstance(getAlgoName(hashAlgorithm)).getDigestLength();
        int length = hashedMessage.length;
        if (digestLength != length) {
            throw new TSPException("Length of hashedMessage (" + length + ") does not match length specified by hashAlgorithm " + hashAlgorithm + ": (" + digestLength + ") for the messageImprint field.");
        }
    }

    public static void validateStatus(TSPTimeStampResp tSPTimeStampResp) throws TSPException {
        PKIStatusInfo status = tSPTimeStampResp.getStatus();
        if (status == null) {
            throw new TSPException("status field is not set");
        }
        int value = status.getStatus().getValue();
        if (value < 0 || value > 5) {
            throw new TSPException("Unsupported value for PKIStatus: " + value);
        }
        CMSSignedDataContentInfo timeStampToken = tSPTimeStampResp.getTimeStampToken();
        if (timeStampToken == null && (value == PKIStatusInfo.Status.GRANTED.getValue() || value == PKIStatusInfo.Status.GRANTED_WITH_MODS.getValue())) {
            throw new TSPException("timeStampToken MUST be present when status contains a PKIStatus value of " + value);
        }
        if (timeStampToken != null && value != PKIStatusInfo.Status.GRANTED.getValue() && value != PKIStatusInfo.Status.GRANTED_WITH_MODS.getValue()) {
            throw new TSPException("timeStampToken MUST NOT be present when status contains a PKIStatus value of " + value);
        }
        if (timeStampToken == null) {
            PKIStatusInfo.Failure[] failures = status.getFailures();
            if (failures == null) {
                throw new TSPException("failInfo missing from status field when timeStampToken is not present");
            }
            for (PKIStatusInfo.Failure failure : failures) {
                int value2 = failure.getValue();
                switch (value2) {
                    case 0:
                    case 2:
                    case 5:
                    case 14:
                    case 15:
                    case 16:
                    case 17:
                    case 25:
                    case 1:
                    case 3:
                    case 4:
                    case 6:
                    case 7:
                    case 8:
                    case 9:
                    case 10:
                    case 11:
                    case 12:
                    case 13:
                    case 18:
                    case 19:
                    case 20:
                    case 21:
                    case 22:
                    case 23:
                    case 24:
                    default:
                        throw new TSPException("Unsupported value for PKIFailureInfo: " + value2);
                }
            }
        }
    }

    public static void verifyTimeStampTokenSignature(CMSSignedDataContentInfo cMSSignedDataContentInfo, X509Certificate x509Certificate) throws TSPException {
        Enumeration signers = cMSSignedDataContentInfo.signers();
        if (signers == null) {
            throw new TSPException("No signatures found.");
        }
        CMSSignerInfo cMSSignerInfo = (CMSSignerInfo) signers.nextElement();
        if (cMSSignerInfo != null && signers.hasMoreElements()) {
            throw new TSPException("Multiple signatures found.");
        }
        Attribute attribute = null;
        AttributeSet unsignedAttributes = cMSSignerInfo.getUnsignedAttributes();
        AttributeSet signedAttributes = cMSSignerInfo.getSignedAttributes();
        if (unsignedAttributes != null) {
            Attribute attribute2 = unsignedAttributes.getAttribute(TSP.id_aa_signingCertificate);
            attribute = attribute2;
            if (attribute2 == null && signedAttributes != null) {
                attribute = signedAttributes.getAttribute(TSP.id_aa_signingCertificate);
            }
        }
        if (attribute == null) {
            throw new TSPException("id-aa-signingCertificate attribute not present");
        }
        Vector values = attribute.getValues();
        if (values == null || values.size() == 0) {
            throw new TSPException("Value for id-aa-signingCertificate attribute not found");
        }
        try {
            try {
                if (!new ESSCertID(Utils.toStream((ASN1Object) values.elementAt(0))).compareTo(x509Certificate)) {
                    throw new TSPException("id-aa-signingCertificate attribute does not correspond to given certificate");
                }
                try {
                    cMSSignedDataContentInfo.verifySignature(x509Certificate);
                } catch (IOException e) {
                    throw new TSPException("IO Exception : Certificate could not be encoded");
                } catch (NoSuchAlgorithmException e2) {
                    throw new TSPException("Unsupported algorithm.");
                } catch (SignatureException e3) {
                    throw new TSPException("Signature does not correspond to certificate.");
                } catch (AuthenticationException e4) {
                    throw new TSPException("Signature could not be verified.");
                } catch (CertificateEncodingException e5) {
                    throw new TSPException("CertificateEncoding Exception : Certificate could not be encoded.");
                }
            } catch (NoSuchAlgorithmException e6) {
                throw new TSPException(e6.getMessage());
            } catch (CertificateEncodingException e7) {
                throw new TSPException(e7.toString());
            }
        } catch (IOException e8) {
            throw new TSPException(e8.getMessage());
        }
    }

    public static X509ExtensionSet getExtensionSet(X509Certificate x509Certificate) throws IOException {
        try {
            return new X509(x509Certificate.getEncoded()).getExtensionSet();
        } catch (CertificateEncodingException e) {
            throw new IOException(e.toString());
        }
    }

    private static void setMapping() {
        algoNamemap = new Hashtable();
        algoIdmap = new Hashtable();
        setAlgoName(HASH_ALG_SHA_1, CMS.sha_1);
        setAlgoName(HASH_ALG_MD5, CMS.md5);
        setAlgoName("SHA-1withDSA", CMS.id_dsa_with_sha_1);
        setAlgoName("SHAwithDSA", CMS.dsaWithSHA);
        setAlgoName("RSA/ /NoPadding", CMS.rsaEncryption);
        setAlgoName("RSA", CMS.rsaEncryption);
        setAlgoName("DESede/ /PKCS5Padding", CMS.id_alg_CMS3DESwrap);
        setAlgoName("DESede", CMS.id_alg_CMS3DESwrap);
        setAlgoName("DES/CBC/PKCS5Padding", AlgID.desCBC);
        setAlgoName("DES/CBC/NoPadding", AlgID.desCBC);
        setAlgoName("RC2/ /PKCS5Padding", CMS.id_alg_CMSRC2wrap);
        setAlgoName("RC2", CMS.id_alg_CMSRC2wrap);
        setAlgoName("DESede/CBC/PKCS5Padding", CMS.des_ede3_cbc);
        setAlgoName("DESede/CBC/NoPadding", CMS.des_ede3_cbc);
        setAlgoName("RC2/CBC/PKCS5Padding", CMS.rc2_cbc);
        setAlgoName("RC2/CBC/NoPadding", CMS.rc2_cbc);
        setAlgoName("HmacSHA1", CMS.hmac_SHA_1);
    }

    private static void setOIDMapping() {
        algoOIDmap = new Hashtable();
        algoOIDmap.put(CMS.sha_1.getOID(), "SHA-1");
        algoOIDmap.put(CMS.md5.getOID(), HASH_ALG_MD5);
        algoOIDmap.put(CMS.id_dsa_with_sha_1.getOID(), "SHA-1withDSA");
        algoOIDmap.put(CMS.dsaWithSHA.getOID(), "SHAwithDSA");
        algoOIDmap.put(CMS.rsaEncryption.getOID(), "RSA");
        algoOIDmap.put(CMS.id_alg_CMS3DESwrap.getOID(), "DESede");
        algoOIDmap.put(AlgID.desCBC.getOID(), "DES/CBC/NoPadding");
        algoOIDmap.put(CMS.id_alg_CMSRC2wrap.getOID(), "RC2");
        algoOIDmap.put(CMS.des_ede3_cbc.getOID(), "DESede/CBC/NoPadding");
        algoOIDmap.put(CMS.rc2_cbc.getOID(), "RC2/CBC/NoPadding");
        algoOIDmap.put(CMS.hmac_SHA_1.getOID(), "HmacSHA1");
    }

    private static AlgorithmIdentifier setAlgoName(String str, AlgorithmIdentifier algorithmIdentifier) {
        algoNamemap.put(algorithmIdentifier, str);
        return (AlgorithmIdentifier) algoIdmap.put(str.toUpperCase(), algorithmIdentifier);
    }

    public static AlgorithmIdentifier getAlgoID(String str) throws NoSuchAlgorithmException {
        if (algoIdmap == null) {
            setMapping();
        }
        AlgorithmIdentifier algorithmIdentifier = (AlgorithmIdentifier) algoIdmap.get(str.toUpperCase());
        if (algorithmIdentifier == null) {
            throw new NoSuchAlgorithmException();
        }
        return algorithmIdentifier;
    }

    public static String getAlgoName(AlgorithmIdentifier algorithmIdentifier) throws NoSuchAlgorithmException {
        return getAlgoName(algorithmIdentifier, false);
    }

    public static String getAlgoName(AlgorithmIdentifier algorithmIdentifier, boolean z) throws NoSuchAlgorithmException {
        if (algoNamemap == null) {
            setMapping();
        }
        String str = (String) algoNamemap.get(algorithmIdentifier);
        if (str != null) {
            return z ? removeMode(str) : str;
        }
        if (algoOIDmap == null) {
            setOIDMapping();
        }
        String str2 = (String) algoOIDmap.get(algorithmIdentifier.getOID());
        if (str2 == null) {
            throw new NoSuchAlgorithmException("Algorithmid " + algorithmIdentifier + "is not supported");
        }
        return z ? removeMode(str2) : str2;
    }

    private static String removeMode(String str) {
        int indexOf = str.indexOf(47);
        return indexOf != -1 ? str.substring(0, indexOf) : str;
    }

    public static X509 convertX509(X509Certificate x509Certificate) throws CertificateEncodingException {
        try {
            return new X509(x509Certificate.getEncoded());
        } catch (IOException e) {
            throw new CertificateEncodingException("IO Exception occured while encoding the certificate");
        }
    }
}
