package iaik.x509;

import iaik.asn1.ASN;
import iaik.asn1.ASN1;
import iaik.asn1.ASN1Object;
import iaik.asn1.ASN1Type;
import iaik.asn1.BIT_STRING;
import iaik.asn1.CON_SPEC;
import iaik.asn1.CodingException;
import iaik.asn1.DerCoder;
import iaik.asn1.INTEGER;
import iaik.asn1.ObjectID;
import iaik.asn1.SEQUENCE;
import iaik.asn1.structures.AlgorithmID;
import iaik.asn1.structures.ChoiceOfTime;
import iaik.asn1.structures.GeneralName;
import iaik.asn1.structures.GeneralNames;
import iaik.asn1.structures.Name;
import iaik.cms.SecurityProvider;
import iaik.java.security.AlgorithmParameters;
import iaik.java.security.InvalidKeyException;
import iaik.java.security.MessageDigest;
import iaik.java.security.NoSuchAlgorithmException;
import iaik.java.security.NoSuchProviderException;
import iaik.java.security.Principal;
import iaik.java.security.PrivateKey;
import iaik.java.security.PublicKey;
import iaik.java.security.Signature;
import iaik.java.security.SignatureException;
import iaik.java.security.cert.CRLException;
import iaik.java.security.cert.Certificate;
import iaik.java.security.cert.X509CRLEntry;
import iaik.java.util.HashSet;
import iaik.java.util.Set;
import iaik.utils.ConcatEnumeration;
import iaik.x509.extensions.CertificateIssuer;
import iaik.x509.extensions.ReasonCode;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Date;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;

/* loaded from: input_file:firmaFichero5/clienteFirmaAFirma5.zip:iaik_jce_full_ae.jar:iaik/x509/X509CRL.class */
public class X509CRL extends iaik.java.security.cert.X509CRL implements ASN1Type {
    private byte[] l;
    private boolean i;
    private boolean c;
    private X509Extensions j;
    private Hashtable f;
    private byte[] e;
    private ChoiceOfTime g;
    private ChoiceOfTime b;
    private Name h;
    private AlgorithmID d;
    private int a;
    private ASN1 k;

    public void writeTo(OutputStream outputStream) throws IOException {
        d();
        this.k.writeTo(outputStream);
    }

    @Override // iaik.java.security.cert.X509CRL
    public void verify(PublicKey publicKey, String str) throws SignatureException, NoSuchProviderException, InvalidKeyException, NoSuchAlgorithmException, CRLException {
        d();
        if (this.d == null) {
            throw new NoSuchAlgorithmException("Cannot verify crl! No signature algorithm set.");
        }
        Signature signatureInstance = this.d.getSignatureInstance(str);
        try {
            byte[] firstObject = this.k.getFirstObject();
            signatureInstance.initVerify(publicKey);
            signatureInstance.update(firstObject);
            if (!signatureInstance.verify(this.e)) {
                throw new SignatureException("Signature verification error!");
            }
        } catch (CodingException e) {
            throw new SignatureException(e.toString());
        }
    }

    @Override // iaik.java.security.cert.X509CRL
    public void verify(PublicKey publicKey) throws SignatureException, NoSuchProviderException, InvalidKeyException, NoSuchAlgorithmException, CRLException {
        verify(publicKey, null);
    }

    public String toString(boolean z) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(new StringBuffer("X509 version ").append(this.a).append(" CRL\n").toString());
        stringBuffer.append(new StringBuffer("Signature Algorithm: ").append(this.d.getName()).append("\n").toString());
        stringBuffer.append(new StringBuffer("Issuer: ").append(this.h.toString()).append("\n").toString());
        stringBuffer.append(new StringBuffer("this update: ").append(this.b.toString()).append("\n").toString());
        if (this.g != null) {
            stringBuffer.append(new StringBuffer("next update: ").append(this.g.toString()).append("\n").toString());
        }
        if (this.j != null) {
            if (z) {
                stringBuffer.append(this.j);
            } else {
                stringBuffer.append(new StringBuffer("Extensions: ").append(this.j.countExtensions()).append("\n").toString());
            }
        }
        if (z) {
            int i = 1;
            Enumeration listCertificates = listCertificates();
            while (listCertificates.hasMoreElements()) {
                stringBuffer.append(new StringBuffer(String.valueOf(i)).append(": ").append(((RevokedCertificate) listCertificates.nextElement()).toString(z)).append("\n").toString());
                i++;
            }
        } else {
            Enumeration keys = this.f.keys();
            while (keys.hasMoreElements()) {
                Name name = (Name) keys.nextElement();
                stringBuffer.append(new StringBuffer(String.valueOf(name.toString())).append(": ").append(((Hashtable) this.f.get(name)).size()).append(" revoked certificates\n").toString());
            }
        }
        return stringBuffer.toString();
    }

    @Override // iaik.java.security.cert.X509CRL, iaik.java.security.cert.CRL
    public String toString() {
        return toString(false);
    }

    public byte[] toByteArray() {
        d();
        return this.k.toByteArray();
    }

    @Override // iaik.asn1.ASN1Type
    public ASN1Object toASN1Object() {
        d();
        return this.k.toASN1Object();
    }

    public void sign(PrivateKey privateKey, String str) throws NoSuchAlgorithmException, InvalidKeyException, CRLException {
        Object parameter;
        Signature signatureInstance = this.d.getSignatureInstance(str);
        signatureInstance.initSign(privateKey);
        try {
            if (!this.d.hasParameters() && (parameter = signatureInstance.getParameter("")) != null && (parameter instanceof AlgorithmParameters)) {
                this.d.setAlgorithmParameters((AlgorithmParameters) parameter);
            }
        } catch (Exception unused) {
        }
        ASN1Object a = a();
        try {
            signatureInstance.update(DerCoder.encode(a));
            this.e = signatureInstance.sign();
            BIT_STRING bit_string = new BIT_STRING(this.e);
            try {
                SEQUENCE sequence = new SEQUENCE();
                sequence.addComponent(a);
                sequence.addComponent(this.d.toASN1Object());
                sequence.addComponent(bit_string);
                this.k = new ASN1(sequence);
                e();
                f();
            } catch (CodingException e) {
                throw new CRLException(e.toString());
            }
        } catch (SignatureException e2) {
            throw new CRLException(e2.toString());
        }
    }

    public void sign(PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException, CRLException {
        sign(privateKey, null);
    }

    public void setThisUpdate(Date date) {
        this.b = new ChoiceOfTime(date, true);
        e();
    }

    private void f() {
        this.i = false;
    }

    public void setSignatureAlgorithm(AlgorithmID algorithmID) {
        if (algorithmID == null) {
            throw new NullPointerException("Cannot set null signature algorithm for this CRL!");
        }
        this.d = algorithmID;
    }

    public void setSignatureAlgorithm(ObjectID objectID) {
        setSignatureAlgorithm(new AlgorithmID(objectID));
    }

    public void setSignature(byte[] bArr) throws CRLException {
        if (bArr == null) {
            throw new CRLException("Cannot sign crl. No signature value specified!");
        }
        this.e = bArr;
        ASN1Object a = a();
        BIT_STRING bit_string = new BIT_STRING(this.e);
        try {
            SEQUENCE sequence = new SEQUENCE();
            sequence.addComponent(a);
            sequence.addComponent(this.d.toASN1Object());
            sequence.addComponent(bit_string);
            this.k = new ASN1(sequence);
            e();
            f();
        } catch (CodingException e) {
            throw new CRLException(e.toString());
        }
    }

    public void setNextUpdate(Date date) {
        this.g = new ChoiceOfTime(date, true);
        e();
    }

    private void e() {
        this.i = true;
        this.l = null;
    }

    public void setIssuerDN(Principal principal) throws IllegalArgumentException {
        try {
            this.h = (Name) principal;
            e();
        } catch (Exception unused) {
            throw new IllegalArgumentException("Issuer is not an instance of name.");
        }
    }

    public boolean removeExtension(ObjectID objectID) {
        boolean removeExtension = this.j == null ? false : this.j.removeExtension(objectID);
        if (removeExtension) {
            e();
        }
        return removeExtension;
    }

    public boolean removeCertificate(BigInteger bigInteger) {
        return a(this.h, bigInteger);
    }

    public boolean removeCertificate(X509Certificate x509Certificate) {
        return a(x509Certificate.getIssuerDN(), x509Certificate.getSerialNumber());
    }

    private boolean a(Principal principal, BigInteger bigInteger) {
        Hashtable a = a(principal, false);
        if (a == null || a.remove(bigInteger) == null) {
            return false;
        }
        e();
        return true;
    }

    public void removeAllExtensions() {
        if (this.j != null) {
            this.j.removeAllExtensions();
            e();
        }
    }

    public void removeAllCertificates() {
        this.f.clear();
        e();
    }

    private void a(ASN1Object aSN1Object) throws CRLException, CodingException {
        int countComponents = aSN1Object.countComponents();
        Hashtable hashtable = new Hashtable();
        this.f.put(this.h, hashtable);
        for (int i = 0; i < countComponents; i++) {
            RevokedCertificate revokedCertificate = new RevokedCertificate(aSN1Object.getComponentAt(i));
            this.c |= revokedCertificate.hasUnsupportedCriticalExtension();
            Name a = a(revokedCertificate);
            if (a != null) {
                hashtable = a((Principal) a, true);
            }
            hashtable.put(revokedCertificate.getSerialNumber(), revokedCertificate);
        }
    }

    public Enumeration listExtensions() {
        if (this.j == null) {
            return null;
        }
        return this.j.listExtensions();
    }

    public Enumeration listCertificates() {
        Vector vector = new Vector();
        Enumeration elements = this.f.elements();
        while (elements.hasMoreElements()) {
            vector.addElement(((Hashtable) elements.nextElement()).elements());
        }
        return new ConcatEnumeration(vector.elements());
    }

    public boolean isRevoked(BigInteger bigInteger) {
        return b(containsCertificate(bigInteger));
    }

    private boolean b(RevokedCertificate revokedCertificate) {
        if (revokedCertificate == null) {
            return false;
        }
        try {
            ReasonCode reasonCode = (ReasonCode) revokedCertificate.getExtension(ReasonCode.oid);
            if (reasonCode != null) {
                return reasonCode.getReasonCode() != 8;
            }
            return true;
        } catch (X509ExtensionInitException unused) {
            return true;
        }
    }

    @Override // iaik.java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        if (certificate instanceof X509Certificate) {
            return b(containsCertificate((X509Certificate) certificate));
        }
        throw new IllegalArgumentException("Certificate must be instance of iaik.x509.X509Certificate");
    }

    public boolean isIndirectCRL() {
        Enumeration keys = this.f.keys();
        while (keys.hasMoreElements()) {
            Name name = (Name) keys.nextElement();
            if (!name.equals(this.h) && ((Hashtable) this.f.get(name)).size() > 0) {
                return true;
            }
        }
        return false;
    }

    private void c() throws CRLException {
        int i = 0;
        try {
            ASN1Object componentAt = this.k.getComponentAt(0);
            AlgorithmID algorithmID = new AlgorithmID(this.k.getComponentAt(1));
            this.e = (byte[]) ((BIT_STRING) this.k.getComponentAt(2)).getValue();
            ASN1Object componentAt2 = componentAt.getComponentAt(0);
            if (componentAt2.isA(ASN.INTEGER)) {
                this.a = ((BigInteger) componentAt2.getValue()).intValue() + 1;
                i = 0 + 1;
            }
            int i2 = i;
            int i3 = i + 1;
            this.d = new AlgorithmID(componentAt.getComponentAt(i2));
            if (!algorithmID.equals(this.d)) {
                throw new CRLException("CRL signature algorithm mismatch");
            }
            int i4 = i3 + 1;
            this.h = new Name(componentAt.getComponentAt(i3));
            int i5 = i4 + 1;
            this.b = new ChoiceOfTime(componentAt.getComponentAt(i4));
            while (i5 < componentAt.countComponents()) {
                int i6 = i5;
                i5++;
                ASN1Object componentAt3 = componentAt.getComponentAt(i6);
                if (componentAt3.isA(ASN.SEQUENCE)) {
                    a(componentAt3);
                } else if (componentAt3.isA(ASN.CON_SPEC)) {
                    if (componentAt3.getAsnType().getTag() != 0) {
                        throw new CRLException("Unknown CRL format.");
                    }
                    this.j = new X509Extensions((ASN1Object) componentAt3.getValue());
                } else {
                    if (!componentAt3.isA(ASN.UTCTime) && !componentAt3.isA(ASN.GeneralizedTime)) {
                        throw new CRLException("Unknown CRL format.");
                    }
                    this.g = new ChoiceOfTime(componentAt3);
                }
            }
            this.k.clearASN1Object();
            f();
        } catch (CodingException e) {
            throw new CRLException(new StringBuffer("CRL format error: ").append(e.toString()).toString());
        } catch (X509ExtensionException e2) {
            throw new CRLException(new StringBuffer("CRL format error: ").append(e2.toString()).toString());
        } catch (RuntimeException e3) {
            throw new CRLException(new StringBuffer("CRL format error: ").append(e3.toString()).toString());
        }
    }

    @Override // iaik.java.security.cert.X509CRL, iaik.java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        if (this.c) {
            return true;
        }
        if (this.j == null) {
            return false;
        }
        return this.j.hasUnsupportedCriticalExtension();
    }

    public boolean hasExtensions() {
        if (this.j == null) {
            return false;
        }
        return this.j.hasExtensions();
    }

    @Override // iaik.java.security.cert.X509CRL
    public int getVersion() {
        return this.a;
    }

    @Override // iaik.java.security.cert.X509CRL
    public Date getThisUpdate() {
        return this.b.getDate();
    }

    @Override // iaik.java.security.cert.X509CRL
    public byte[] getTBSCertList() throws CRLException {
        try {
            return (this.k == null || this.k.toByteArray() == null) ? DerCoder.encode(a()) : this.k.getFirstObject();
        } catch (CodingException e) {
            throw new CRLException(e.toString());
        }
    }

    public AlgorithmID getSignatureAlgorithm() {
        return this.d;
    }

    @Override // iaik.java.security.cert.X509CRL
    public byte[] getSignature() {
        return this.e;
    }

    @Override // iaik.java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        try {
            ASN1Object parameter = this.d.getParameter();
            if (parameter == null) {
                return null;
            }
            return new ASN1(parameter).toByteArray();
        } catch (CodingException e) {
            throw new RuntimeException(e.toString());
        }
    }

    @Override // iaik.java.security.cert.X509CRL
    public String getSigAlgOID() {
        return this.d.getAlgorithm().getID();
    }

    @Override // iaik.java.security.cert.X509CRL
    public String getSigAlgName() {
        return this.d.getName();
    }

    @Override // iaik.java.security.cert.X509CRL
    public Set getRevokedCertificates() {
        HashSet hashSet = new HashSet();
        Enumeration listCertificates = listCertificates();
        while (listCertificates.hasMoreElements()) {
            hashSet.add((RevokedCertificate) listCertificates.nextElement());
        }
        return hashSet;
    }

    @Override // iaik.java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        return containsCertificate(bigInteger);
    }

    @Override // iaik.java.security.cert.X509CRL, iaik.java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        if (this.j == null) {
            return null;
        }
        return this.j.getNonCriticalExtensionOIDs();
    }

    @Override // iaik.java.security.cert.X509CRL
    public Date getNextUpdate() {
        if (this.g == null) {
            return null;
        }
        return this.g.getDate();
    }

    private Hashtable a(Principal principal, boolean z) {
        Hashtable hashtable = (Hashtable) this.f.get((Name) principal);
        if (hashtable == null && z) {
            hashtable = new Hashtable();
            this.f.put(principal, hashtable);
        }
        return hashtable;
    }

    public Enumeration getIssuerDNs() {
        a((Principal) this.h, true);
        return this.f.keys();
    }

    @Override // iaik.java.security.cert.X509CRL
    public Principal getIssuerDN() {
        return this.h;
    }

    private static Name a(RevokedCertificate revokedCertificate) throws CRLException {
        try {
            CertificateIssuer certificateIssuer = (CertificateIssuer) revokedCertificate.getExtension(CertificateIssuer.oid);
            if (certificateIssuer == null) {
                return null;
            }
            Enumeration names = certificateIssuer.getIssuer().getNames();
            while (names.hasMoreElements()) {
                GeneralName generalName = (GeneralName) names.nextElement();
                if (generalName.getType() == 4) {
                    return (Name) generalName.getName();
                }
            }
            throw new CRLException("Only certificate issuer extensions contains a directory name supported");
        } catch (X509ExtensionInitException e) {
            throw new CRLException(e.toString());
        }
    }

    public byte[] getFingerprintSHA() {
        if (this.l == null) {
            try {
                this.l = getFingerprint(SecurityProvider.ALG_DIGEST_SHA);
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException(new StringBuffer("Algorithm SHA not available: ").append(e.toString()).toString());
            }
        }
        return this.l;
    }

    public byte[] getFingerprint(String str) throws NoSuchAlgorithmException {
        d();
        MessageDigest messageDigest = MessageDigest.getInstance(str);
        messageDigest.update(toByteArray());
        return messageDigest.digest();
    }

    public byte[] getFingerprint() {
        d();
        return this.k.fingerprint();
    }

    @Override // iaik.java.security.cert.X509CRL, iaik.java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        if (this.j == null) {
            return null;
        }
        return this.j.getExtensionValue(str);
    }

    public V3Extension getExtension(ObjectID objectID) throws X509ExtensionInitException {
        if (this.j == null) {
            return null;
        }
        return this.j.getExtension(objectID);
    }

    @Override // iaik.java.security.cert.X509CRL
    public byte[] getEncoded() throws CRLException {
        d();
        return toByteArray();
    }

    @Override // iaik.java.security.cert.X509CRL, iaik.java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        if (this.j == null) {
            return null;
        }
        return this.j.getCriticalExtensionOIDs();
    }

    @Override // iaik.asn1.ASN1Type
    public void decode(ASN1Object aSN1Object) throws CodingException {
        this.k = new ASN1(aSN1Object);
        try {
            c();
        } catch (CRLException e) {
            throw new CodingException(e.toString());
        }
    }

    private ASN1Object b() throws X509ExtensionException, CRLException {
        SEQUENCE sequence = new SEQUENCE();
        if (isIndirectCRL()) {
            Enumeration keys = this.f.keys();
            while (keys.hasMoreElements()) {
                Name name = (Name) keys.nextElement();
                boolean z = true;
                Enumeration elements = a((Principal) name, false).elements();
                while (elements.hasMoreElements()) {
                    RevokedCertificate revokedCertificate = (RevokedCertificate) elements.nextElement();
                    if (z) {
                        z = false;
                        CertificateIssuer certificateIssuer = new CertificateIssuer(new GeneralNames(new GeneralName(4, name)));
                        certificateIssuer.setCritical(true);
                        revokedCertificate.addExtension(certificateIssuer);
                    } else {
                        revokedCertificate.removeExtension(CertificateIssuer.oid);
                    }
                    sequence.addComponent(revokedCertificate.toASN1Object());
                }
            }
        } else {
            Enumeration elements2 = a((Principal) this.h, false).elements();
            while (elements2.hasMoreElements()) {
                sequence.addComponent(((RevokedCertificate) elements2.nextElement()).toASN1Object());
            }
        }
        return sequence;
    }

    private ASN1Object a() throws CRLException {
        this.a = 1;
        if (this.d == null) {
            throw new CRLException("Signature algorithm not set!");
        }
        if (this.h == null) {
            throw new CRLException("Issuer not set!");
        }
        if (this.b == null) {
            throw new CRLException("ThisUpdate not set!");
        }
        if (this.j != null) {
            this.a = 2;
        }
        try {
            SEQUENCE sequence = new SEQUENCE();
            if (this.a > 1) {
                sequence.addComponent(new INTEGER(this.a - 1));
            }
            sequence.addComponent(this.d.toASN1Object());
            sequence.addComponent(this.h.toASN1Object());
            sequence.addComponent(this.b.toASN1Object());
            if (this.g != null) {
                sequence.addComponent(this.g.toASN1Object());
            }
            if (this.f.size() > 0) {
                sequence.addComponent(b());
            }
            if (this.j != null) {
                sequence.addComponent(new CON_SPEC(0, this.j.toASN1Object()));
            }
            return sequence;
        } catch (X509ExtensionException e) {
            throw new CRLException(e.toString());
        }
    }

    public int countExtensions() {
        if (this.j == null) {
            return 0;
        }
        return this.j.countExtensions();
    }

    public RevokedCertificate containsCertificate(BigInteger bigInteger) {
        Hashtable a = a((Principal) this.h, false);
        if (a == null) {
            return null;
        }
        return (RevokedCertificate) a.get(bigInteger);
    }

    public RevokedCertificate containsCertificate(X509Certificate x509Certificate) {
        Hashtable a = a(x509Certificate.getIssuerDN(), false);
        if (a == null) {
            return null;
        }
        return (RevokedCertificate) a.get(x509Certificate.getSerialNumber());
    }

    private void d() {
        if (this.i) {
            throw new RuntimeException("Cannot perform operation, CRL has to be signed first");
        }
    }

    public void addExtension(V3Extension v3Extension) throws X509ExtensionException {
        if (this.j == null) {
            this.j = new X509Extensions();
        }
        this.j.addExtension(v3Extension);
        e();
    }

    public void addCertificate(X509Certificate x509Certificate, Date date) {
        a(x509Certificate.getIssuerDN(), true).put(x509Certificate.getSerialNumber(), new RevokedCertificate(x509Certificate, date));
        e();
    }

    public void addCertificate(RevokedCertificate revokedCertificate) {
        try {
            Name a = a(revokedCertificate);
            if (a == null) {
                a = this.h;
                if (a == null) {
                    throw new NullPointerException("CRL issuer must be set before adding a revoked certificate");
                }
            }
            a((Principal) a, true).put(revokedCertificate.getSerialNumber(), (RevokedCertificate) revokedCertificate.clone());
            e();
        } catch (CRLException e) {
            throw new IllegalArgumentException(e.toString());
        }
    }

    public X509CRL(byte[] bArr) throws CRLException {
        this();
        try {
            this.k = new ASN1(bArr);
            c();
        } catch (CodingException e) {
            throw new CRLException(e.toString());
        }
    }

    public X509CRL(InputStream inputStream) throws CRLException, IOException {
        this();
        try {
            this.k = new ASN1(inputStream);
            c();
        } catch (CodingException e) {
            throw new CRLException(e.toString());
        }
    }

    public X509CRL(ASN1Object aSN1Object) throws CRLException {
        this();
        try {
            decode(aSN1Object);
        } catch (CodingException e) {
            throw new CRLException(e.toString());
        }
    }

    public X509CRL() {
        this.a = 1;
        this.k = new ASN1();
        this.f = new Hashtable(10);
        e();
    }
}
