package com.rsa.certj.provider.pki.cmp;

import com.rsa.asn1.ASN1;
import com.rsa.asn1.ASN1Container;
import com.rsa.asn1.ASN1Lengths;
import com.rsa.asn1.ASN_Exception;
import com.rsa.asn1.BitStringContainer;
import com.rsa.asn1.EncodedContainer;
import com.rsa.asn1.EndContainer;
import com.rsa.asn1.IntegerContainer;
import com.rsa.asn1.OIDContainer;
import com.rsa.asn1.OctetStringContainer;
import com.rsa.asn1.OfContainer;
import com.rsa.asn1.SequenceContainer;
import com.rsa.certj.CertJ;
import com.rsa.certj.CertJException;
import com.rsa.certj.cert.Certificate;
import com.rsa.certj.cert.CertificateException;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.cert.extensions.GeneralName;
import com.rsa.certj.spi.path.CertPathCtx;
import com.rsa.certj.spi.pki.PKIResponseMessage;
import com.rsa.certj.spi.pki.PKIStatusInfo;
import com.rsa.jsafe.JSAFE_Exception;
import com.rsa.jsafe.JSAFE_MAC;
import com.rsa.jsafe.JSAFE_SecretKey;
import com.rsa.jsafe.JSAFE_SecureRandom;
import com.rsa.jsafe.JSAFE_Signature;
import java.util.Date;

/* loaded from: input_file:WEB-INF/lib/certjFIPS.jar:com/rsa/certj/provider/pki/cmp/CMPResponseCommon.class */
public abstract class CMPResponseCommon extends PKIResponseMessage {
    private GeneralName a;
    private GeneralName b;
    private byte[] c;
    private byte[] d;
    private byte[] e;
    private byte[] f;
    private TypeAndValue[] g;
    private int h;

    /* JADX INFO: Access modifiers changed from: protected */
    public CMPResponseCommon(int i, PKIHeader pKIHeader, PKIStatusInfo pKIStatusInfo) {
        super(pKIStatusInfo);
        this.a = null;
        this.b = null;
        this.c = null;
        this.d = null;
        this.e = null;
        this.f = null;
        this.g = null;
        this.h = -1;
        this.h = i;
        this.a = pKIHeader.sender;
        this.b = pKIHeader.recipient;
        this.c = pKIHeader.getSenderKID();
        this.d = pKIHeader.getRecipKID();
        this.e = pKIHeader.getSenderNonce();
        this.f = pKIHeader.getRecipNonce();
        this.g = pKIHeader.generalInfo;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int getMessageType() {
        return this.h;
    }

    public GeneralName getSenderName() {
        return this.a;
    }

    public GeneralName getRecipientName() {
        return this.b;
    }

    public byte[] getSenderKID() {
        return this.c;
    }

    public byte[] getRecipKID() {
        return this.d;
    }

    public byte[] getSenderNonce() {
        return this.e;
    }

    public byte[] getRecipNonce() {
        return this.f;
    }

    public TypeAndValue[] getGeneralInfo() {
        return this.g;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static CMPResponseCommon berDecode(byte[] bArr, CMPProtectInfo cMPProtectInfo, CMPRequestCommon cMPRequestCommon, CertJ certJ) throws CMPException {
        try {
            SequenceContainer sequenceContainer = new SequenceContainer(0);
            EncodedContainer encodedContainer = new EncodedContainer(ASN1.SEQUENCE);
            EncodedContainer encodedContainer2 = new EncodedContainer(ASN1.ANY);
            BitStringContainer bitStringContainer = new BitStringContainer(10551296);
            OfContainer ofContainer = new OfContainer(10551297, ASN1.SEQUENCE, new EncodedContainer(ASN1.SEQUENCE));
            ASN1.berDecode(bArr, 0, new ASN1Container[]{sequenceContainer, encodedContainer, encodedContainer2, bitStringContainer, ofContainer, new EndContainer()});
            PKIHeader pKIHeader = new PKIHeader(encodedContainer.data, encodedContainer.dataOffset);
            CMPResponseCommon berDecodeBody = berDecodeBody(pKIHeader, encodedContainer2.data, encodedContainer2.dataOffset, cMPProtectInfo, cMPRequestCommon, certJ);
            Certificate[] a = a(ofContainer);
            berDecodeBody.setExtraCerts(a);
            berDecodeBody.setFreeText(pKIHeader.freeText);
            berDecodeBody.setMessageTime(pKIHeader.messageTime);
            berDecodeBody.setTransactionID(pKIHeader.getTransactionID());
            if (a(cMPProtectInfo, bitStringContainer, encodedContainer, encodedContainer2, pKIHeader, a, berDecodeBody.getCACerts(), certJ)) {
                return berDecodeBody;
            }
            throw new CMPException("CMPResponseCommon.berDecode: unable to verify protection.");
        } catch (ASN_Exception e) {
            throw new CMPException(new StringBuffer().append("CMPResponseCommon.berDecode: unable to decode response message(").append(e.getMessage()).append(").").toString());
        }
    }

    protected static CMPResponseCommon berDecodeBody(PKIHeader pKIHeader, byte[] bArr, int i, CMPProtectInfo cMPProtectInfo, CMPRequestCommon cMPRequestCommon, CertJ certJ) throws CMPException {
        CMPResponseCommon berDecodeBody;
        int i2 = 255 & (bArr[i] - 160);
        switch (i2) {
            case 0:
            case 2:
            case 4:
            case 5:
            case 7:
            case 9:
            case 11:
            case 13:
            case 24:
            default:
                throw new CMPException(new StringBuffer().append("CMPResponseCommon.berDecodeBody: unexpected response message type(").append(i2).append(").").toString());
            case 1:
            case 3:
                berDecodeBody = CMPCertResponseCommon.berDecodeBody(i2, pKIHeader, bArr, i, cMPProtectInfo, cMPRequestCommon, certJ);
                break;
            case 6:
            case 8:
            case 10:
            case 14:
            case 15:
            case 16:
            case 17:
            case 18:
            case 20:
            case 21:
            case 22:
                throw new CMPException(new StringBuffer().append("CMPResponseCommon.berDecodeBody: unsupported response message type(").append(i2).append(").").toString());
            case 12:
                berDecodeBody = CMPRevokeResponseMessage.berDecodeBody(pKIHeader, bArr, i);
                break;
            case 19:
                berDecodeBody = CMPConfirmMessage.berDecodeBody(pKIHeader, bArr, i);
                break;
            case 23:
                berDecodeBody = CMPErrorMessage.berDecodeBody(pKIHeader, bArr, i);
                break;
        }
        return berDecodeBody;
    }

    private static boolean a(CMPProtectInfo cMPProtectInfo, ASN1Container aSN1Container, ASN1Container aSN1Container2, ASN1Container aSN1Container3, PKIHeader pKIHeader, Certificate[] certificateArr, Certificate[] certificateArr2, CertJ certJ) throws CMPException {
        if (!aSN1Container.dataPresent) {
            return true;
        }
        if (cMPProtectInfo == null) {
            throw new CMPException("CMPResponseCommon.verifyProtection: protectInfo should be null.");
        }
        byte[] derEncodeProtectedPart = CMP.derEncodeProtectedPart(aSN1Container2.data, aSN1Container2.dataOffset, aSN1Container2.dataLen, aSN1Container3.data, aSN1Container3.dataOffset, aSN1Container3.dataLen);
        byte[] protectionAlg = pKIHeader.getProtectionAlg();
        JSAFE_Signature jSAFE_Signature = null;
        try {
            jSAFE_Signature = JSAFE_Signature.getInstance(protectionAlg, 1 + ASN1Lengths.determineLengthLen(protectionAlg, 1), certJ.getDevice());
        } catch (ASN_Exception e) {
            throw new CMPException(new StringBuffer().append("CMPResponseCommon.verifyProtection: ").append(e.getMessage()).toString());
        } catch (JSAFE_Exception e2) {
        }
        if (jSAFE_Signature != null) {
            return a(jSAFE_Signature, cMPProtectInfo, aSN1Container, derEncodeProtectedPart, certificateArr, certificateArr2, certJ);
        }
        if (cMPProtectInfo.pbmProtected()) {
            return a(protectionAlg, cMPProtectInfo, aSN1Container, derEncodeProtectedPart, certJ);
        }
        throw new CMPException("CMPResponseCommon.verifyProtection: protectInfo should contain PBM protection info.");
    }

    private static boolean a(JSAFE_Signature jSAFE_Signature, CMPProtectInfo cMPProtectInfo, ASN1Container aSN1Container, byte[] bArr, Certificate[] certificateArr, Certificate[] certificateArr2, CertJ certJ) throws CMPException {
        X509Certificate[] cACerts = cMPProtectInfo.getCACerts();
        CertPathCtx certPathCtx = new CertPathCtx(0, cACerts, (byte[][]) null, new Date(), cMPProtectInfo.getDatabase());
        try {
            JSAFE_SecureRandom randomObject = certJ.getRandomObject();
            X509Certificate recipCert = cMPProtectInfo.getRecipCert();
            if (recipCert != null && a(jSAFE_Signature, certPathCtx, recipCert, bArr, aSN1Container, randomObject, certJ)) {
                return true;
            }
            if (cACerts != null) {
                for (int i = 0; i < cACerts.length; i++) {
                    if (cACerts[i] != null && a(jSAFE_Signature, certPathCtx, cACerts[i], bArr, aSN1Container, randomObject, certJ)) {
                        return true;
                    }
                }
            }
            if (certificateArr2 != null) {
                for (int i2 = 0; i2 < certificateArr2.length; i2++) {
                    if (certificateArr2[i2] != null && a(jSAFE_Signature, certPathCtx, certificateArr2[i2], bArr, aSN1Container, randomObject, certJ)) {
                        return true;
                    }
                }
            }
            if (certificateArr == null) {
                return false;
            }
            for (int i3 = 0; i3 < certificateArr.length; i3++) {
                if (certificateArr[i3] != null && a(jSAFE_Signature, certPathCtx, certificateArr[i3], bArr, aSN1Container, randomObject, certJ)) {
                    return true;
                }
            }
            return false;
        } catch (CertJException e) {
            throw new CMPException(new StringBuffer().append("CMPResponseCommon.verifyProtection: unable to get a registered random service(").append(e.getMessage()).append(").").toString());
        }
    }

    private static boolean a(JSAFE_Signature jSAFE_Signature, CertPathCtx certPathCtx, Certificate certificate, byte[] bArr, ASN1Container aSN1Container, JSAFE_SecureRandom jSAFE_SecureRandom, CertJ certJ) {
        try {
            if (!certJ.verifyCertPath(certPathCtx, certificate)) {
                return false;
            }
            jSAFE_Signature.verifyInit(certificate.getSubjectPublicKey(certJ.getDevice()), null, jSAFE_SecureRandom, certJ.getPKCS11Sessions());
            jSAFE_Signature.verifyUpdate(bArr, 0, bArr.length);
            return jSAFE_Signature.verifyFinal(aSN1Container.data, aSN1Container.dataOffset, aSN1Container.dataLen);
        } catch (CertJException e) {
            return false;
        } catch (CertificateException e2) {
            return false;
        } catch (JSAFE_Exception e3) {
            return false;
        }
    }

    private static boolean a(byte[] bArr, CMPProtectInfo cMPProtectInfo, ASN1Container aSN1Container, byte[] bArr2, CertJ certJ) throws CMPException {
        char[] sharedSecret = cMPProtectInfo.getSharedSecret();
        SequenceContainer sequenceContainer = new SequenceContainer(10551297);
        OIDContainer oIDContainer = new OIDContainer(16777216);
        EncodedContainer encodedContainer = new EncodedContainer(77824);
        try {
            ASN1.berDecode(bArr, 0, new ASN1Container[]{sequenceContainer, oIDContainer, encodedContainer, new EndContainer()});
            if (!a(CMP.PASSWORD_BASED_MAC_OID, 0, CMP.PASSWORD_BASED_MAC_OID.length, oIDContainer.data, oIDContainer.dataOffset, oIDContainer.dataLen)) {
                throw new CMPException("CMPResponseCommon.verifyProtection: unsupported PBM algorithm.");
            }
            SequenceContainer sequenceContainer2 = new SequenceContainer(0);
            OctetStringContainer octetStringContainer = new OctetStringContainer(0);
            EncodedContainer encodedContainer2 = new EncodedContainer(ASN1.SEQUENCE);
            IntegerContainer integerContainer = new IntegerContainer(0);
            try {
                ASN1.berDecode(encodedContainer.data, encodedContainer.dataOffset, new ASN1Container[]{sequenceContainer2, octetStringContainer, encodedContainer2, integerContainer, new EncodedContainer(ASN1.SEQUENCE), new EndContainer()});
                JSAFE_MAC jsafe_mac = null;
                try {
                    try {
                        try {
                            jsafe_mac = JSAFE_MAC.getInstance(new StringBuffer().append("PBE/HMAC/SHA1/PKIXPBE-").append(integerContainer.getValueAsInt()).toString(), certJ.getDevice());
                            jsafe_mac.setSalt(octetStringContainer.data, octetStringContainer.dataOffset, octetStringContainer.dataLen);
                            JSAFE_SecretKey blankKey = jsafe_mac.getBlankKey();
                            blankKey.setPassword(sharedSecret, 0, sharedSecret.length);
                            jsafe_mac.verifyInit(blankKey, null);
                            jsafe_mac.verifyUpdate(bArr2, 0, bArr2.length);
                            boolean verifyFinal = jsafe_mac.verifyFinal(aSN1Container.data, aSN1Container.dataOffset, aSN1Container.dataLen);
                            if (jsafe_mac != null) {
                                jsafe_mac.clearSensitiveData();
                            }
                            return verifyFinal;
                        } catch (JSAFE_Exception e) {
                            throw new CMPException(new StringBuffer().append("CMPResponseCommon.verifyProtection: unable to verify PBM(").append(e.getMessage()).append(").").toString());
                        }
                    } catch (Throwable th) {
                        if (jsafe_mac != null) {
                            jsafe_mac.clearSensitiveData();
                        }
                        throw th;
                    }
                } catch (ASN_Exception e2) {
                    throw new CMPException(new StringBuffer().append("CMPResponseCommon.verifyProtection: unable to get interationCount as integer (").append(e2.getMessage()).append(").").toString());
                }
            } catch (ASN_Exception e3) {
                throw new CMPException(new StringBuffer().append("CMPResponseCommon.verifyProtection: decoding PKIHeader.protectionAlg faild(").append(e3.getMessage()).append(").").toString());
            }
        } catch (ASN_Exception e4) {
            throw new CMPException(new StringBuffer().append("CMPResponseCommon.verifyProtection: Decoding PKIHeader.protectionAlg faild(").append(e4.getMessage()).append(").").toString());
        }
    }

    private static Certificate[] a(OfContainer ofContainer) throws CMPException {
        if (!ofContainer.dataPresent) {
            return null;
        }
        int containerCount = ofContainer.getContainerCount();
        Certificate[] certificateArr = new Certificate[containerCount];
        for (int i = 0; i < containerCount; i++) {
            try {
                ASN1Container containerAt = ofContainer.containerAt(i);
                certificateArr[i] = new X509Certificate(containerAt.data, containerAt.dataOffset, 0);
            } catch (ASN_Exception e) {
                throw new CMPException(new StringBuffer().append("CMPResponseCommon.decodeExtraCerts: unable to get an element container of OfContainer(").append(e.getMessage()).append(").").toString());
            } catch (CertificateException e2) {
                throw new CMPException(new StringBuffer().append("CMPResponseCommon.decodeExtraCerts: unable to decode a certificate(").append(e2.getMessage()).append(").").toString());
            }
        }
        return certificateArr;
    }

    private static boolean a(byte[] bArr, int i, int i2, byte[] bArr2, int i3, int i4) {
        if (i2 != i4) {
            return false;
        }
        for (int i5 = 0; i5 < i2; i5++) {
            if (bArr[i + i5] != bArr2[i3 + i5]) {
                return false;
            }
        }
        return true;
    }
}
