package com.rsa.certj.crmf;

import com.rsa.asn1.ASN1;
import com.rsa.asn1.ASN1Container;
import com.rsa.asn1.ASN1Lengths;
import com.rsa.asn1.ASN1Template;
import com.rsa.asn1.ASN_Exception;
import com.rsa.asn1.AlgorithmID;
import com.rsa.asn1.BitStringContainer;
import com.rsa.asn1.ChoiceContainer;
import com.rsa.asn1.EncodedContainer;
import com.rsa.asn1.EndContainer;
import com.rsa.asn1.SequenceContainer;
import com.rsa.certj.CertJ;
import com.rsa.certj.CertJUtils;
import com.rsa.jsafe.JSAFE_Exception;
import com.rsa.jsafe.JSAFE_Parameters;
import com.rsa.jsafe.JSAFE_PrivateKey;
import com.rsa.jsafe.JSAFE_PublicKey;
import com.rsa.jsafe.JSAFE_Signature;
import java.io.Serializable;
import java.security.SecureRandom;

/* loaded from: input_file:com/rsa/certj/crmf/ProofOfPossession.class */
public class ProofOfPossession implements Cloneable, Serializable {
    public static final int RA_VERIFIED_POP = 0;
    public static final int SIGNATURE_POP = 1;
    public static final int ENCIPHERMENT_POP = 2;
    public static final int AGREEMENT_POP = 3;
    private static final int a = 8389888;
    private static final int b = 8400897;
    private int c;
    private POPOSigningKeyInput d;
    private POPOPrivKey e;
    private byte[] f;
    private byte[] g;
    String h;
    CertRequest i;
    private CertJ j;
    protected JSAFE_PublicKey pubKey;
    protected JSAFE_PrivateKey privKey;
    private ASN1Template k;
    private int l;

    public ProofOfPossession() {
        this.d = null;
        this.e = new POPOPrivKey();
        this.f = null;
        this.g = null;
        this.h = new String();
        this.i = null;
        this.pubKey = null;
        this.privKey = null;
        this.k = null;
        this.l = 0;
    }

    public ProofOfPossession(CertJ certJ) {
        this.d = null;
        this.e = new POPOPrivKey();
        this.f = null;
        this.g = null;
        this.h = new String();
        this.i = null;
        this.pubKey = null;
        this.privKey = null;
        this.k = null;
        this.l = 0;
        this.j = certJ;
    }

    public ProofOfPossession(int i) throws CRMFException {
        this(i, null);
    }

    public ProofOfPossession(int i, CertJ certJ) throws CRMFException {
        this.d = null;
        this.e = new POPOPrivKey();
        this.f = null;
        this.g = null;
        this.h = new String();
        this.i = null;
        this.pubKey = null;
        this.privKey = null;
        this.k = null;
        this.l = 0;
        if (i != 0 && i != 1 && i != 2 && i != 3) {
            throw new CRMFException("This POP is not supported.");
        }
        this.c = i;
        this.j = certJ;
    }

    public void decodeProofOfPossession(byte[] bArr, int i, int i2) throws CRMFException {
        if (bArr == null) {
            throw new CRMFException("ProofOfPossession Encoding is null.");
        }
        ASN1Container choiceContainer = new ChoiceContainer(i2);
        ASN1Container endContainer = new EndContainer();
        ASN1Container encodedContainer = new EncodedContainer(a);
        ASN1Container encodedContainer2 = new EncodedContainer(b);
        ASN1Container encodedContainer3 = new EncodedContainer(10551042);
        ASN1Container encodedContainer4 = new EncodedContainer(10551043);
        try {
            ASN1.berDecode(bArr, i, new ASN1Container[]{choiceContainer, encodedContainer, encodedContainer2, encodedContainer3, encodedContainer4, endContainer});
            if (encodedContainer.dataPresent) {
                this.c = 0;
                return;
            }
            if (encodedContainer2.dataPresent) {
                this.c = 1;
                a(encodedContainer2.data, encodedContainer2.dataOffset);
            } else if (encodedContainer3.dataPresent) {
                this.c = 2;
                this.e.setEnvironment(this.j, this.pubKey, this.privKey);
                this.e.decodePOPOPrivKey(encodedContainer3.data, encodedContainer3.dataOffset, 10485762);
            } else if (encodedContainer4.dataPresent) {
                this.c = 3;
                this.e.setEnvironment(this.j, this.pubKey, this.privKey);
                this.e.decodePOPOPrivKey(encodedContainer4.data, encodedContainer4.dataOffset, 10485763);
            }
        } catch (ASN_Exception e) {
            throw new CRMFException(e.getMessage());
        }
    }

    private void a(byte[] bArr, int i) throws CRMFException {
        if (bArr == null) {
            throw new CRMFException("Signature Proof Of Possession is NULL.");
        }
        ASN1Container sequenceContainer = new SequenceContainer(b);
        ASN1Container endContainer = new EndContainer();
        ASN1Container encodedContainer = new EncodedContainer(8466432);
        ASN1Container encodedContainer2 = new EncodedContainer(12288);
        ASN1Container bitStringContainer = new BitStringContainer(0);
        try {
            ASN1.berDecode(bArr, i, new ASN1Container[]{sequenceContainer, encodedContainer, encodedContainer2, bitStringContainer, endContainer});
            if (encodedContainer.dataPresent) {
                this.d = new POPOSigningKeyInput(encodedContainer.data, encodedContainer.dataOffset);
            }
            this.f = new byte[bitStringContainer.dataLen];
            System.arraycopy(bitStringContainer.data, bitStringContainer.dataOffset, this.f, 0, bitStringContainer.dataLen);
            setSignatureAlgorithm(encodedContainer2.data, encodedContainer2.dataOffset, encodedContainer2.dataLen);
        } catch (ASN_Exception e) {
            throw new CRMFException(new StringBuffer().append("Could not BER decode the POP.").append(e.getMessage()).toString());
        }
    }

    public boolean verifySignature(String str, SecureRandom secureRandom) throws CRMFException {
        JSAFE_PublicKey subjectPublicKey;
        byte[] bArr;
        JSAFE_Signature jSAFE_Signature = null;
        if (this.f == null) {
            throw new CRMFException("Signature is null, cannot verify it.");
        }
        if (this.d != null) {
            int dERLen = this.d.getDERLen();
            if (dERLen == 0) {
                throw new CRMFException("Cannot DER-encode poposkInput.");
            }
            bArr = new byte[dERLen];
            this.d.getDEREncoding(bArr, 0);
            subjectPublicKey = this.d.getSubjectPublicKey();
        } else {
            if (this.i == null) {
                throw new CRMFException("CertRequest is not set.");
            }
            subjectPublicKey = this.i.getCertTemplate().getSubjectPublicKey();
            if (subjectPublicKey == null) {
                throw new CRMFException("Public key is not set in CertRequest; Cannot verify the signature.");
            }
            int dERLen2 = this.i.getDERLen(0);
            if (dERLen2 == 0) {
                throw new CRMFException("Cannot DER-encode CertRequest.");
            }
            bArr = new byte[dERLen2];
            this.i.getDEREncoding(bArr, 0, 0);
        }
        try {
            try {
                jSAFE_Signature = JSAFE_Signature.getInstance(this.h, str);
                if (this.j == null) {
                    jSAFE_Signature.verifyInit(subjectPublicKey, secureRandom);
                } else {
                    jSAFE_Signature.verifyInit(subjectPublicKey, (JSAFE_Parameters) null, secureRandom, this.j.getPKCS11Sessions());
                }
                jSAFE_Signature.verifyUpdate(bArr, 0, bArr.length);
                boolean verifyFinal = jSAFE_Signature.verifyFinal(this.f, 0, this.f.length);
                if (jSAFE_Signature != null) {
                    jSAFE_Signature.clearSensitiveData();
                }
                return verifyFinal;
            } catch (JSAFE_Exception e) {
                throw new CRMFException(new StringBuffer().append("Could not verify the POP's signature: ").append(e.getMessage()).toString());
            }
        } catch (Throwable th) {
            if (jSAFE_Signature != null) {
                jSAFE_Signature.clearSensitiveData();
            }
            throw th;
        }
    }

    public int getPOPType() {
        return this.c;
    }

    public POPOSigningKeyInput getPOPOSigningKeyInput() {
        if (this.c != 1) {
            return null;
        }
        return this.d;
    }

    public void setPOPOSigningKeyInput(POPOSigningKeyInput pOPOSigningKeyInput) throws CRMFException {
        if (this.c != 1) {
            throw new CRMFException("This POP is NOT POPOSigningKey type.");
        }
        if (pOPOSigningKeyInput == null) {
            throw new CRMFException("POPOSigningKeyInput object is null.");
        }
        this.d = pOPOSigningKeyInput;
    }

    public String getAlgTransformation() {
        if (this.c != 1) {
            return null;
        }
        return this.h;
    }

    public byte[] getAlgBER() {
        if (this.c != 1 || this.g == null) {
            return null;
        }
        byte[] bArr = new byte[this.g.length];
        System.arraycopy(this.g, 0, bArr, 0, this.g.length);
        return bArr;
    }

    public void setSignatureAlgorithm(String str) throws CRMFException {
        if (this.c != 1) {
            throw new CRMFException("This POP is NOT POPOSigningKey type.");
        }
        if (str == null) {
            throw new CRMFException("POP Transformation is null.");
        }
        this.h = new String(str);
        try {
            this.g = AlgorithmID.derEncodeAlgID(str, 1, (byte[]) null, 0, 0);
        } catch (ASN_Exception e) {
            throw new CRMFException(new StringBuffer().append("POP Transformation is invalid. ").append(e.getMessage()).toString());
        }
    }

    public void setSignatureAlgorithm(byte[] bArr, int i, int i2) throws CRMFException {
        if (this.c != 1) {
            throw new CRMFException("This POP is NOT POPOSigningKey type.");
        }
        if (bArr == null || i2 == 0) {
            throw new CRMFException("POP Algorithm ID is null.");
        }
        try {
            this.g = new byte[i2];
            System.arraycopy(bArr, i, this.g, 0, i2);
            this.h = AlgorithmID.berDecodeAlgID(bArr, i, 1, (EncodedContainer) null);
            if (this.h == null) {
                throw new CRMFException("Unknown Signature Algorithm in POP.");
            }
        } catch (ASN_Exception e) {
            throw new CRMFException(new StringBuffer().append("Cannot set Signature Algorithm in POP.").append(e.getMessage()).toString());
        }
    }

    public byte[] getSignature() {
        if (this.c != 1 || this.f == null) {
            return null;
        }
        byte[] bArr = new byte[this.f.length];
        System.arraycopy(this.f, 0, bArr, 0, this.f.length);
        return bArr;
    }

    public void setCertRequest(CertRequest certRequest) throws CRMFException {
        if (this.c != 1) {
            throw new CRMFException("This POP is NOT POPOSigningKey type.");
        }
        if (certRequest == null) {
            throw new CRMFException("The request in POP is NULL.");
        }
        CertTemplate certTemplate = certRequest.getCertTemplate();
        if (certTemplate == null) {
            throw new CRMFException("Invalid CertRequest: CertTemplate is missing.");
        }
        if (certTemplate.getSubjectName() == null || certTemplate.getSubjectPublicKey() == null) {
            throw new CRMFException("Subject Name and / or Public Key values are missing.");
        }
        this.i = certRequest;
    }

    public void signPOP(String str, JSAFE_PrivateKey jSAFE_PrivateKey, SecureRandom secureRandom) throws CRMFException {
        byte[] bArr;
        if (this.c != 1) {
            throw new CRMFException("This POP is NOT POPOSigningKey type.");
        }
        if (this.i != null) {
            this.d = null;
            int dERLen = this.i.getDERLen(0);
            if (dERLen == 0) {
                throw new CRMFException("Cannot DER-encode CertRequest in POP.");
            }
            bArr = new byte[dERLen];
            this.i.getDEREncoding(bArr, 0, 0);
        } else {
            if (this.d == null) {
                throw new CRMFException("Data is not set in poposkInput.");
            }
            int dERLen2 = this.d.getDERLen();
            if (dERLen2 == 0) {
                throw new CRMFException("Cannot DER-encode poposkInput.");
            }
            bArr = new byte[dERLen2];
            this.d.getDEREncoding(bArr, 0);
            bArr[0] = 48;
        }
        JSAFE_Signature jSAFE_Signature = null;
        try {
            try {
                jSAFE_Signature = JSAFE_Signature.getInstance(this.h, str);
                if (this.j == null) {
                    jSAFE_Signature.signInit(jSAFE_PrivateKey, secureRandom);
                } else {
                    jSAFE_Signature.signInit(jSAFE_PrivateKey, (JSAFE_Parameters) null, secureRandom, this.j.getPKCS11Sessions());
                }
                jSAFE_Signature.signUpdate(bArr, 0, bArr.length);
                this.f = jSAFE_Signature.signFinal();
                if (jSAFE_Signature != null) {
                    jSAFE_Signature.clearSensitiveData();
                }
            } catch (JSAFE_Exception e) {
                throw new CRMFException(new StringBuffer().append("Could not sign the POP: ").append(e.getMessage()).toString());
            }
        } catch (Throwable th) {
            if (jSAFE_Signature != null) {
                jSAFE_Signature.clearSensitiveData();
            }
            throw th;
        }
    }

    public void setEnvironment(CertJ certJ, JSAFE_PublicKey jSAFE_PublicKey, JSAFE_PrivateKey jSAFE_PrivateKey) {
        this.j = certJ;
        if (jSAFE_PublicKey != null) {
            this.pubKey = jSAFE_PublicKey;
        }
        if (jSAFE_PrivateKey != null) {
            this.privKey = jSAFE_PrivateKey;
        }
    }

    public void setCertJ(CertJ certJ) {
        this.j = certJ;
    }

    public CertJ getCertJ() {
        return this.j;
    }

    public void setKeys(JSAFE_PublicKey jSAFE_PublicKey, JSAFE_PrivateKey jSAFE_PrivateKey) {
        if (jSAFE_PublicKey != null) {
            this.pubKey = jSAFE_PublicKey;
        }
        if (jSAFE_PrivateKey != null) {
            this.privKey = jSAFE_PrivateKey;
        }
    }

    public void setPOPOPrivKey(POPOPrivKey pOPOPrivKey) throws CRMFException {
        if (this.c != 2 && this.c != 3) {
            throw new CRMFException("Wrong POP type.");
        }
        if (pOPOPrivKey == null) {
            throw new CRMFException("POPOPrivateKey object is null.");
        }
        this.e = pOPOPrivKey;
    }

    public POPOPrivKey getPOPOPrivKey() throws CRMFException {
        return this.e;
    }

    public Object clone() throws CloneNotSupportedException {
        try {
            ProofOfPossession proofOfPossession = new ProofOfPossession(this.c);
            if (this.d != null) {
                proofOfPossession.d = (POPOSigningKeyInput) this.d.clone();
            }
            if (this.f != null) {
                proofOfPossession.f = new byte[this.f.length];
                System.arraycopy(this.f, 0, proofOfPossession.f, 0, this.f.length);
            }
            if (this.g != null) {
                proofOfPossession.g = new byte[this.g.length];
                System.arraycopy(this.g, 0, proofOfPossession.g, 0, this.g.length);
            }
            proofOfPossession.h = this.h;
            if (this.i != null) {
                proofOfPossession.i = (CertRequest) this.i.clone();
            }
            if (this.e != null) {
                proofOfPossession.e = (POPOPrivKey) this.e.clone();
            }
            proofOfPossession.setEnvironment(this.j, this.pubKey, this.privKey);
            return proofOfPossession;
        } catch (CRMFException e) {
            throw new CloneNotSupportedException(e.getMessage());
        }
    }

    public boolean equals(Object obj) {
        if (obj == null || !(obj instanceof ProofOfPossession)) {
            return false;
        }
        ProofOfPossession proofOfPossession = (ProofOfPossession) obj;
        if (this.c != proofOfPossession.c) {
            return false;
        }
        if (this.i != null) {
            if (!this.i.equals(proofOfPossession.i)) {
                return false;
            }
        } else if (proofOfPossession.i != null) {
            return false;
        }
        if (this.d != null) {
            if (!this.d.equals(proofOfPossession.d)) {
                return false;
            }
        } else if (proofOfPossession.d != null) {
            return false;
        }
        if (this.h != null) {
            if (!this.h.equals(proofOfPossession.h)) {
                return false;
            }
        } else if (proofOfPossession.h != null) {
            return false;
        }
        if (CertJUtils.byteArraysEqual(this.g, proofOfPossession.g) && CertJUtils.byteArraysEqual(this.f, proofOfPossession.f)) {
            return this.e != null ? this.e.equals(proofOfPossession.e) : proofOfPossession.e == null;
        }
        return false;
    }

    public static int getNextBEROffset(byte[] bArr, int i) throws CRMFException {
        if (bArr == null) {
            throw new CRMFException("Encoding is null.");
        }
        try {
            return i + 1 + ASN1Lengths.determineLengthLen(bArr, i + 1) + ASN1Lengths.determineLength(bArr, i + 1);
        } catch (ASN_Exception e) {
            throw new CRMFException(new StringBuffer().append("Could not read the BER encoding of ProofOfPossession.").append(e.getMessage()).toString());
        }
    }

    public int getDERLen(int i) throws CRMFException {
        this.l = i;
        return a();
    }

    public int getDEREncoding(byte[] bArr, int i, int i2) throws CRMFException {
        this.l = i2;
        if (bArr == null) {
            throw new CRMFException("Specified array in ProofOfPossession is null.");
        }
        if (this.c == 0) {
            bArr[0] = Byte.MIN_VALUE;
            bArr[1] = 0;
            return 2;
        }
        try {
            if (this.k == null) {
                getDERLen(i2);
            }
            int derEncode = this.k.derEncode(bArr, i);
            this.k = null;
            return derEncode;
        } catch (ASN_Exception e) {
            this.k = null;
            throw new CRMFException(new StringBuffer().append("Unable to encode ProofOfPossession.").append(e.getMessage()).toString());
        }
    }

    private int a() throws CRMFException {
        if (this.c == 0) {
            return 2;
        }
        try {
            boolean z = false;
            boolean z2 = false;
            boolean z3 = false;
            int i = 0;
            byte[] bArr = null;
            ASN1Container endContainer = new EndContainer();
            if (this.c == 1) {
                z = true;
                ASN1Container sequenceContainer = new SequenceContainer(b, true, 0);
                boolean z4 = true;
                int i2 = 0;
                byte[] bArr2 = null;
                if (this.d == null) {
                    z4 = false;
                } else {
                    bArr2 = new byte[this.d.getDERLen()];
                    i2 = this.d.getDEREncoding(bArr2, 0);
                }
                ASN1Container encodedContainer = new EncodedContainer(8466432, z4, 0, bArr2, 0, i2);
                if (this.g == null) {
                    throw new CRMFException("Signature Algorithm ID is not set.");
                }
                ASN1Container encodedContainer2 = new EncodedContainer(12288, true, 0, this.g, 0, this.g.length);
                if (this.f == null) {
                    throw new CRMFException("Signature is not set.");
                }
                ASN1Template aSN1Template = new ASN1Template(new ASN1Container[]{sequenceContainer, encodedContainer, encodedContainer2, new BitStringContainer(0, true, 0, this.f, 0, this.f.length), endContainer});
                bArr = new byte[aSN1Template.derEncodeInit()];
                i = aSN1Template.derEncode(bArr, 0);
            } else if (this.c == 2) {
                if (this.e == null) {
                    throw new CRMFException("POPOPrivKey is not set.");
                }
                z2 = true;
                bArr = new byte[this.e.getDERLen(10485762)];
                i = this.e.getDEREncoding(bArr, 0, 10485762);
            } else if (this.c == 3) {
                if (this.e == null) {
                    throw new CRMFException("POPOPrivKey is not set.");
                }
                z3 = true;
                bArr = new byte[this.e.getDERLen(10485763)];
                i = this.e.getDEREncoding(bArr, 0, 10485763);
            }
            this.k = new ASN1Template(new ASN1Container[]{new ChoiceContainer(this.l, 0), new EncodedContainer(b, z, 0, bArr, 0, i), new EncodedContainer(10551042, z2, 0, bArr, 0, i), new EncodedContainer(10551043, z3, 0, bArr, 0, i), endContainer});
            return this.k.derEncodeInit();
        } catch (ASN_Exception e) {
            throw new CRMFException(e.getMessage());
        }
    }
}
