package com.ibm.mq.ese.prot;

import com.ibm.mq.ese.core.AMBIException;
import com.ibm.mq.ese.core.AMBIHeader;
import com.ibm.mq.ese.core.AlgorithmHelper;
import com.ibm.mq.ese.core.EseUser;
import com.ibm.mq.ese.core.KeyStoreAccess;
import com.ibm.mq.ese.core.MessageProtectionConstants;
import com.ibm.mq.ese.core.SecurityPolicy;
import com.ibm.mq.ese.core.X500NameWrapper;
import com.ibm.mq.ese.intercept.SmqiObject;
import com.ibm.mq.ese.nls.AmsErrorMessageInserts;
import com.ibm.mq.ese.nls.AmsErrorMessages;
import com.ibm.mq.ese.pki.CompositeKeyStoreAccess;
import com.ibm.mq.ese.pki.InvalidCertificateException;
import com.ibm.mq.ese.pki.MissingCertificateException;
import com.ibm.mq.ese.pki.X509CertificateValidator;
import com.ibm.msg.client.commonservices.trace.Trace;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.AccessController;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertStore;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.jar.Manifest;
import javax.crypto.ShortBufferException;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.SignedData;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cert.jcajce.JcaCertStoreBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSAttributeTableGenerator;
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.SignerInfoGenerator;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.cms.jcajce.JcaX509CertSelectorConverter;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.engines.AESFastEngine;
import org.bouncycastle.crypto.engines.DESEngine;
import org.bouncycastle.crypto.engines.DESedeEngine;
import org.bouncycastle.crypto.engines.RC2Engine;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.DefaultAlgorithmNameFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.Selector;

/* loaded from: input_file:com/ibm/mq/ese/prot/MessageProtectionBCImpl.class */
public class MessageProtectionBCImpl implements MessageProtection {
    private static final String DIGEST_ALG_SHA = "SHA";
    private static final String DIGEST_ALG_SHA1 = "SHA1";
    private static final String DIGEST_ALG_SHA2 = "SHA2";
    private static final String DIGEST_ALG_SHA256 = "SHA256";
    private static final String DIGEST_ALG_SHA3 = "SHA3";
    private static final String DIGEST_ALG_SHA384 = "SHA384";
    private static final String DIGEST_ALG_SHA5 = "SHA5";
    private static final String DIGEST_ALG_SHA512 = "SHA512";
    private static final String DIGEST_ALG_MD5 = "MD5";
    private static final String CONFIDENTIALITY_KEY_SIGNING_ALGORITHM = "SHA256WITHRSA";
    private X509CertificateValidator certificateValidator;
    static int pCount;
    Map<String, String> sha2NameMapping = new HashMap<String, String>() { // from class: com.ibm.mq.ese.prot.MessageProtectionBCImpl.1
        private static final long serialVersionUID = 1;

        {
            put(MessageProtectionConstants.SHA2_WITH_RSAENCRYPTION, MessageProtectionBCImpl.CONFIDENTIALITY_KEY_SIGNING_ALGORITHM);
            put(MessageProtectionConstants.SHA3_WITH_RSAENCRYPTION, "SHA384WITHRSA");
            put(MessageProtectionConstants.SHA5_WITH_RSAENCRYPTION, "SHA512WITHRSA");
        }
    };
    private JcaX509CertificateConverter certificateConverter = new JcaX509CertificateConverter();
    private DefaultAlgorithmNameFinder danFinder = new DefaultAlgorithmNameFinder();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/ibm/mq/ese/prot/MessageProtectionBCImpl$AlwaysSelector.class */
    public static class AlwaysSelector implements Selector<Object> {
        private AlwaysSelector() {
        }

        public Object clone() {
            if (Trace.isOn) {
                Trace.entry(this, "AlwaysSelector", "clone()");
            }
            AlwaysSelector alwaysSelector = new AlwaysSelector();
            if (Trace.isOn) {
                Trace.exit(this, "AlwaysSelector", "clone()", alwaysSelector);
            }
            return alwaysSelector;
        }

        public boolean match(Object obj) {
            if (Trace.isOn) {
                Trace.entry(this, "AlwaysSelector", "match(Object)", new Object[]{obj});
            }
            if (!Trace.isOn) {
                return true;
            }
            Trace.exit((Object) this, "AlwaysSelector", "match(Object)", (Object) true);
            return true;
        }
    }

    public MessageProtectionBCImpl(X509CertificateValidator x509CertificateValidator) {
        if (Trace.isOn) {
            Trace.entry(this, "MessageProtectionBCImpl", "<init>(X509CertificateValidator)", new Object[]{x509CertificateValidator});
        }
        this.certificateValidator = x509CertificateValidator;
        if (Trace.isOn) {
            Trace.exit(this, "MessageProtectionBCImpl", "<init>(X509CertificateValidator)");
        }
    }

    @Override // com.ibm.mq.ese.prot.MessageProtection
    public byte[] protect(byte[] bArr, SmqiObject smqiObject, AMBIHeader aMBIHeader, EseUser eseUser) throws MessageProtectionException {
        byte[] makeConfidential;
        if (Trace.isOn) {
            Trace.entry(this, "MessageProtectionBCImpl", "protect(byte [ ],SmqiObject,AMBIHeader,EseUser)", new Object[]{bArr, smqiObject, aMBIHeader, eseUser});
        }
        if (bArr == null || bArr.length == 0) {
            if (Trace.isOn) {
                Trace.traceInfo(this, "com.ibm.mq.ese.prot.MessageProtectionBCImpl", "protect(byte[], SmqiObject, EseUser)", "skipping an empty message body", "");
            }
            if (Trace.isOn) {
                Trace.exit(this, "MessageProtectionBCImpl", "protect(byte [ ],SmqiObject,AMBIHeader,EseUser)", bArr, 1);
            }
            return bArr;
        }
        SecurityPolicy secPolicy = smqiObject.getSecPolicy();
        if (secPolicy == null) {
            MessageProtectionException messageProtectionException = new MessageProtectionException(AmsErrorMessages.mjp_msg_error_msg_protection_failed, new IllegalArgumentException("policy == null"));
            if (Trace.isOn) {
                Trace.throwing(this, "MessageProtectionBCImpl", "protect(byte [ ],SmqiObject,AMBIHeader,EseUser)", messageProtectionException, 1);
            }
            throw messageProtectionException;
        }
        if (eseUser == null) {
            MessageProtectionException messageProtectionException2 = new MessageProtectionException(AmsErrorMessages.mjp_msg_error_msg_protection_failed, new IllegalArgumentException("user == null"));
            if (Trace.isOn) {
                Trace.throwing(this, "MessageProtectionBCImpl", "protect(byte [ ],SmqiObject,AMBIHeader,EseUser)", messageProtectionException2, 2);
            }
            throw messageProtectionException2;
        }
        int qop = secPolicy.getQop();
        validateQop(qop);
        X509Certificate certificate = eseUser.getCertificate();
        if (certificate == null) {
            HashMap hashMap = new HashMap();
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_CREDENTIAL_ALIAS, eseUser.getKeystoreAlias());
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, eseUser.getKeyStoreAccess().toString());
            MessageProtectionException messageProtectionException3 = new MessageProtectionException(AmsErrorMessages.mju_user_certificate_not_found_MessageProtectionException, (HashMap<String, ? extends Object>) hashMap);
            if (Trace.isOn) {
                Trace.throwing(this, "MessageProtectionBCImpl", "protect(byte [ ],SmqiObject,AMBIHeader,EseUser)", messageProtectionException3, 3);
            }
            throw messageProtectionException3;
        }
        try {
            if (!smqiObject.senderCertificateValidated()) {
                validateSenderCertificate(certificate, eseUser, false);
                smqiObject.senderCertificateValidated(true);
            }
            switch (qop) {
                case 0:
                    makeConfidential = bArr;
                    break;
                case 1:
                    makeConfidential = sign(bArr, secPolicy, eseUser).toASN1Structure().getEncoded("DL");
                    break;
                case 2:
                    makeConfidential = envelopeSignedData(sign(bArr, secPolicy, eseUser), secPolicy, eseUser);
                    break;
                case 3:
                    makeConfidential = makeConfidential(bArr, smqiObject, secPolicy, aMBIHeader);
                    break;
                default:
                    IllegalProtectionTypeException create = IllegalProtectionTypeException.create(Integer.toString(qop), null);
                    if (Trace.isOn) {
                        Trace.throwing(this, "MessageProtectionBCImpl", "protect(byte [ ],SmqiObject,AMBIHeader,EseUser)", create, 4);
                    }
                    throw create;
            }
            if (Trace.isOn) {
                Trace.exit(this, "MessageProtectionBCImpl", "protect(byte [ ],SmqiObject,AMBIHeader,EseUser)", makeConfidential, 2);
            }
            return makeConfidential;
        } catch (Exception e) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "MessageProtectionBCImpl", "protect(byte [ ],SmqiObject,AMBIHeader,EseUser)", e);
            }
            AmsErrorMessages.logProtectionException("com.ibm.mq.ese.prot.MessageProtectionBCImpl", "protect(byte [ ],SmqiObject,AMBIHeader,EseUser)", e);
            MessageProtectionException messageProtectionException4 = new MessageProtectionException(AmsErrorMessages.mjp_msg_error_msg_protection_failed, e);
            if (Trace.isOn) {
                Trace.throwing(this, "MessageProtectionBCImpl", "protect(byte [ ],SmqiObject,AMBIHeader,EseUser)", messageProtectionException4, 5);
            }
            throw messageProtectionException4;
        }
    }

    private byte[] makeConfidential(byte[] bArr, SmqiObject smqiObject, SecurityPolicy securityPolicy, AMBIHeader aMBIHeader) throws AMBIException, IOException, InvalidCipherTextException {
        int i;
        byte[] bArr2;
        byte[] bArr3;
        if (Trace.isOn) {
            Trace.entry(this, "MessageProtectionBCImpl", "makeConfidential(byte [ ],SmqiObject,SecurityPolicy,AMBIHeader)", new Object[]{bArr, smqiObject, securityPolicy, aMBIHeader});
        }
        String encAlg = securityPolicy.getEncAlg();
        BlockCipher engineForPut = getEngineForPut(encAlg);
        boolean z = -1;
        switch (encAlg.hashCode()) {
            case 67570:
                if (encAlg.equals(MessageProtectionConstants.ENCRYPTION_DES)) {
                    z = true;
                    break;
                }
                break;
            case 80929:
                if (encAlg.equals(MessageProtectionConstants.ENCRYPTION_RC2)) {
                    z = false;
                    break;
                }
                break;
            case 1927139112:
                if (encAlg.equals(MessageProtectionConstants.ENCRYPTION_AES128)) {
                    z = 3;
                    break;
                }
                break;
            case 1927140164:
                if (encAlg.equals(MessageProtectionConstants.ENCRYPTION_AES256)) {
                    z = 4;
                    break;
                }
                break;
            case 2013078132:
                if (encAlg.equals(MessageProtectionConstants.ENCRYPTION_3DES)) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                i = 128;
                break;
            case true:
                i = 64;
                break;
            case true:
                i = 192;
                break;
            case true:
                i = 128;
                break;
            case true:
                i = 256;
                break;
            default:
                IllegalAlgorithmNameException illegalAlgorithmNameException = new IllegalAlgorithmNameException(encAlg, null);
                if (Trace.isOn) {
                    Trace.throwing(this, "MessageProtectionBCImpl", "makeConfidential(byte [ ],SmqiObject,SecurityPolicy,AMBIHeader)", illegalAlgorithmNameException);
                }
                throw illegalAlgorithmNameException;
        }
        byte[][] secretKeyForPut = smqiObject.getSecretKeyForPut(i);
        if (secretKeyForPut == null) {
            bArr2 = smqiObject.newSecretKeyForPut(i);
            bArr3 = envelopeData(securityPolicy, new CMSProcessableByteArray(new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId()), bArr2));
            smqiObject.cacheSecretKeyForPut(bArr2, bArr3);
        } else {
            bArr2 = secretKeyForPut[0];
            bArr3 = secretKeyForPut[1];
        }
        byte[] write = new CipherWriter(engineForPut).write(bArr, bArr2);
        byte[] bArr4 = new byte[bArr3.length + write.length];
        System.arraycopy(bArr3, 0, bArr4, 0, bArr3.length);
        System.arraycopy(write, 0, bArr4, bArr3.length, write.length);
        aMBIHeader.setVersionMajor((byte) 3);
        if (smqiObject.getKeyUsesRemaining() != 0) {
            aMBIHeader.setReuseKey(true);
        }
        aMBIHeader.setKeyBlockSize(bArr3.length);
        aMBIHeader.setIVBlockSize((short) engineForPut.getBlockSize());
        aMBIHeader.setEncBlockSize(write.length - engineForPut.getBlockSize());
        if (Trace.isOn) {
            Trace.exit(this, "MessageProtectionBCImpl", "makeConfidential(byte [ ],SmqiObject,SecurityPolicy,AMBIHeader)", bArr4);
        }
        return bArr4;
    }

    private BlockCipher getEngineForPut(String str) throws IllegalProtectionTypeException {
        RC2Engine aESFastEngine;
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.prot.MessageProtectionBCImpl", "getEngineForPut(String)", new Object[]{str});
        }
        boolean z = -1;
        switch (str.hashCode()) {
            case 67570:
                if (str.equals(MessageProtectionConstants.ENCRYPTION_DES)) {
                    z = true;
                    break;
                }
                break;
            case 80929:
                if (str.equals(MessageProtectionConstants.ENCRYPTION_RC2)) {
                    z = false;
                    break;
                }
                break;
            case 1927139112:
                if (str.equals(MessageProtectionConstants.ENCRYPTION_AES128)) {
                    z = 3;
                    break;
                }
                break;
            case 1927140164:
                if (str.equals(MessageProtectionConstants.ENCRYPTION_AES256)) {
                    z = 4;
                    break;
                }
                break;
            case 2013078132:
                if (str.equals(MessageProtectionConstants.ENCRYPTION_3DES)) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                aESFastEngine = new RC2Engine();
                break;
            case true:
                aESFastEngine = new DESEngine();
                break;
            case true:
                aESFastEngine = new DESedeEngine();
                break;
            case true:
                aESFastEngine = new AESFastEngine();
                break;
            case true:
                aESFastEngine = new AESFastEngine();
                break;
            default:
                HashMap hashMap = new HashMap();
                hashMap.put(AmsErrorMessageInserts.AMS_INSERT_ENCRYPTION_ALGORITHM_ID, str);
                IllegalProtectionTypeException illegalProtectionTypeException = new IllegalProtectionTypeException(AmsErrorMessages.mjp_msg_error_msg_protection_failed, hashMap);
                if (Trace.isOn) {
                    Trace.throwing(this, "com.ibm.mq.ese.prot.MessageProtectionBCImpl", "getEngineForPut(String)", illegalProtectionTypeException);
                }
                throw illegalProtectionTypeException;
        }
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.prot.MessageProtectionBCImpl", "getEngineForPut(String)", aESFastEngine);
        }
        return aESFastEngine;
    }

    private BlockCipher getEngineForGet(String str) throws IllegalProtectionTypeException {
        RC2Engine aESFastEngine;
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.prot.MessageProtectionBCImpl", "getEngineForGet(String)", new Object[]{str});
        }
        boolean z = -1;
        switch (str.hashCode()) {
            case 67570:
                if (str.equals(MessageProtectionConstants.ENCRYPTION_DES)) {
                    z = true;
                    break;
                }
                break;
            case 80929:
                if (str.equals(MessageProtectionConstants.ENCRYPTION_RC2)) {
                    z = false;
                    break;
                }
                break;
            case 1927139112:
                if (str.equals(MessageProtectionConstants.ENCRYPTION_AES128)) {
                    z = 3;
                    break;
                }
                break;
            case 1927140164:
                if (str.equals(MessageProtectionConstants.ENCRYPTION_AES256)) {
                    z = 4;
                    break;
                }
                break;
            case 2013078132:
                if (str.equals(MessageProtectionConstants.ENCRYPTION_3DES)) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                aESFastEngine = new RC2Engine();
                break;
            case true:
                aESFastEngine = new DESEngine();
                break;
            case true:
                aESFastEngine = new DESedeEngine();
                break;
            case true:
                aESFastEngine = new AESFastEngine();
                break;
            case true:
                aESFastEngine = new AESFastEngine();
                break;
            default:
                HashMap hashMap = new HashMap();
                hashMap.put(AmsErrorMessageInserts.AMS_INSERT_ENCRYPTION_ALGORITHM_ID, str);
                IllegalProtectionTypeException illegalProtectionTypeException = new IllegalProtectionTypeException(AmsErrorMessages.mjp_msg_error_msg_unprotection_failed, hashMap);
                if (Trace.isOn) {
                    Trace.throwing(this, "com.ibm.mq.ese.prot.MessageProtectionBCImpl", "getEngineForGet(String)", illegalProtectionTypeException);
                }
                throw illegalProtectionTypeException;
        }
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.prot.MessageProtectionBCImpl", "getEngineForGet(String)", aESFastEngine);
        }
        return aESFastEngine;
    }

    @Override // com.ibm.mq.ese.prot.MessageProtection
    public MessageUnprotectInfo unprotect(byte[] bArr, SecurityPolicy securityPolicy, AMBIHeader aMBIHeader, SmqiObject smqiObject, EseUser eseUser) throws MessageProtectionException {
        MessageUnprotectInfo unprotectedFromConfidential;
        if (Trace.isOn) {
            Trace.entry(this, "MessageProtectionBCImpl", "unprotect(byte [ ],SecurityPolicy,AMBIHeader,SmqiObject,EseUser)", new Object[]{bArr, securityPolicy, aMBIHeader, smqiObject, eseUser});
        }
        try {
            if (bArr == null) {
                IllegalArgumentException illegalArgumentException = new IllegalArgumentException("protMsg is null");
                if (Trace.isOn) {
                    Trace.throwing(this, "MessageProtectionBCImpl", "unprotect(byte [ ],SecurityPolicy,AMBIHeader,SmqiObject,EseUser)", illegalArgumentException, 1);
                }
                throw illegalArgumentException;
            }
            if (securityPolicy == null) {
                IllegalArgumentException illegalArgumentException2 = new IllegalArgumentException("policy is null");
                if (Trace.isOn) {
                    Trace.throwing(this, "MessageProtectionBCImpl", "unprotect(byte [ ],SecurityPolicy,AMBIHeader,SmqiObject,EseUser)", illegalArgumentException2, 2);
                }
                throw illegalArgumentException2;
            }
            if (eseUser == null) {
                IllegalArgumentException illegalArgumentException3 = new IllegalArgumentException("userInfo is null");
                if (Trace.isOn) {
                    Trace.throwing(this, "MessageProtectionBCImpl", "unprotect(byte [ ],SecurityPolicy,AMBIHeader,SmqiObject,EseUser)", illegalArgumentException3, 3);
                }
                throw illegalArgumentException3;
            }
            int qop = securityPolicy.getQop();
            validateQop(qop);
            if (Trace.isOn) {
                Trace.traceInfo(this, "com.ibm.mq.ese.prot.MessageProtectionBCImpl", "unprotect(byte[], SecurityPolicy, EseUser)", "Protected Message Length: ", Integer.valueOf(bArr.length));
            }
            if (bArr.length < 3) {
                ShortBufferException shortBufferException = new ShortBufferException("protMsg.length = " + bArr.length);
                if (Trace.isOn) {
                    Trace.throwing(this, "MessageProtectionBCImpl", "unprotect(byte [ ],SecurityPolicy,AMBIHeader,SmqiObject,EseUser)", shortBufferException, 4);
                }
                throw shortBufferException;
            }
            int qop2 = aMBIHeader.getQop();
            switch (qop) {
                case 1:
                    switch (qop2) {
                        case 1:
                        case 2:
                            break;
                        default:
                            IllegalProtectionTypeException iPTException = getIPTException(qop, qop2);
                            if (Trace.isOn) {
                                Trace.throwing(this, "MessageProtectionBCImpl", "unprotect(byte [ ],SecurityPolicy,AMBIHeader,SmqiObject,EseUser)", iPTException, 5);
                            }
                            throw iPTException;
                    }
                case 2:
                    switch (qop2) {
                        case 2:
                            break;
                        default:
                            IllegalProtectionTypeException iPTException2 = getIPTException(qop, qop2);
                            if (Trace.isOn) {
                                Trace.throwing(this, "MessageProtectionBCImpl", "unprotect(byte [ ],SecurityPolicy,AMBIHeader,SmqiObject,EseUser)", iPTException2, 6);
                            }
                            throw iPTException2;
                    }
                case 3:
                    switch (qop2) {
                        case 2:
                            securityPolicy.setSignAlg(MessageProtectionConstants.DUMMY_SIGNATURE_ALGORITHM);
                            break;
                        case 3:
                            break;
                        default:
                            IllegalProtectionTypeException iPTException3 = getIPTException(qop, qop2);
                            if (Trace.isOn) {
                                Trace.throwing(this, "MessageProtectionBCImpl", "unprotect(byte [ ],SecurityPolicy,AMBIHeader,SmqiObject,EseUser)", iPTException3, 7);
                            }
                            throw iPTException3;
                    }
                    break;
                default:
                    IllegalProtectionTypeException iPTException4 = getIPTException(qop, qop2);
                    if (Trace.isOn) {
                        Trace.throwing(this, "MessageProtectionBCImpl", "unprotect(byte [ ],SecurityPolicy,AMBIHeader,SmqiObject,EseUser)", iPTException4, 8);
                    }
                    throw iPTException4;
            }
            switch (qop2) {
                case 1:
                    unprotectedFromConfidential = getUnprotectedFromSigned(new CMSSignedData(new ByteArrayInputStream(bArr)), securityPolicy, eseUser, qop2, null, "");
                    break;
                case 2:
                    CMSEnvelopedData cMSEnvelopedData = new CMSEnvelopedData(new ByteArrayInputStream(bArr));
                    String encAlg = getEncAlg(cMSEnvelopedData);
                    validateEncryptionStrength(encAlg, securityPolicy.getEncAlg());
                    if (Trace.isOn) {
                        Trace.traceInfo(this, "com.ibm.mq.ese.prot.MessageProtectionBCImpl", "unprotect(byte[], SecurityPolicy, EseUser)", "Privacy Protection used. Encryption algorithm ", encAlg);
                    }
                    unprotectedFromConfidential = getUnprotectedFromSigned(getFromEnvelope(eseUser, cMSEnvelopedData), securityPolicy, eseUser, qop2, null, encAlg);
                    break;
                case 3:
                    unprotectedFromConfidential = getUnprotectedFromConfidential(bArr, securityPolicy, aMBIHeader, smqiObject, eseUser, null, qop2);
                    break;
                default:
                    IllegalProtectionTypeException iPTException5 = getIPTException(qop, qop2);
                    if (Trace.isOn) {
                        Trace.throwing(this, "MessageProtectionBCImpl", "unprotect(byte [ ],SecurityPolicy,AMBIHeader,SmqiObject,EseUser)", iPTException5, 9);
                    }
                    throw iPTException5;
            }
            if (Trace.isOn) {
                Trace.exit(this, "MessageProtectionBCImpl", "unprotect(byte [ ],SecurityPolicy,AMBIHeader,SmqiObject,EseUser)", unprotectedFromConfidential);
            }
            return unprotectedFromConfidential;
        } catch (Exception e) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "MessageProtectionBCImpl", "unprotect(byte [ ],SecurityPolicy,AMBIHeader,SmqiObject,EseUser)", e);
            }
            Trace.catchBlock(this, "com.ibm.mq.ese.prot.MessageProtectionBCImpl", "unprotect(byte[], SecurityPolicy, EseUser)", e);
            AmsErrorMessages.logProtectionException("com.ibm.mq.ese.prot.MessageProtectionBCImpl", "unprotect(byte [ ],SecurityPolicy,AMBIHeader,SmqiObject,EseUser)", e);
            MessageProtectionException messageProtectionException = new MessageProtectionException(AmsErrorMessages.mjp_msg_error_msg_unprotection_failed, e);
            if (Trace.isOn) {
                Trace.throwing(this, "MessageProtectionBCImpl", "unprotect(byte [ ],SecurityPolicy,AMBIHeader,SmqiObject,EseUser)", messageProtectionException, 10);
            }
            throw messageProtectionException;
        }
    }

    private MessageUnprotectInfo getUnprotectedFromConfidential(byte[] bArr, SecurityPolicy securityPolicy, AMBIHeader aMBIHeader, SmqiObject smqiObject, EseUser eseUser, Date date, int i) throws Exception {
        if (Trace.isOn) {
            Trace.entry(this, "MessageProtectionBCImpl", "getUnprotectedFromConfidential(byte [ ],SecurityPolicy,AMBIHeader,SmqiObject,EseUser,Date,int)", new Object[]{bArr, securityPolicy, aMBIHeader, smqiObject, eseUser, date, Integer.valueOf(i)});
        }
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, aMBIHeader.getKeyBlockSize());
        byte[] checkSecretKeyForGet = aMBIHeader.reuseKeyIsset() ? smqiObject.checkSecretKeyForGet(copyOfRange) : null;
        String encAlgorithmForGet = smqiObject.getEncAlgorithmForGet();
        if (checkSecretKeyForGet == null) {
            CMSEnvelopedData cMSEnvelopedData = new CMSEnvelopedData(new ByteArrayInputStream(copyOfRange));
            encAlgorithmForGet = getEncAlg(cMSEnvelopedData);
            validateEncryptionStrength(encAlgorithmForGet, securityPolicy.getEncAlg());
            checkSecretKeyForGet = getFromEnveloped(eseUser, cMSEnvelopedData);
            if (aMBIHeader.reuseKeyIsset()) {
                smqiObject.cacheSecretKeyForGet(checkSecretKeyForGet, copyOfRange);
                smqiObject.cacheEncAlgorithmForGet(encAlgorithmForGet);
            }
        }
        MessageUnprotectInfo messageUnprotectInfo = new MessageUnprotectInfo(new CipherReader(getEngineForGet(encAlgorithmForGet)).read(aMBIHeader, new ByteArrayInputStream(Arrays.copyOf(bArr, aMBIHeader.getKeyBlockSize() + aMBIHeader.getIVBlockSize() + aMBIHeader.getEncBlockSize())), checkSecretKeyForGet), i, date, encAlgorithmForGet);
        if (Trace.isOn) {
            Trace.exit(this, "MessageProtectionBCImpl", "getUnprotectedFromConfidential(byte [ ],SecurityPolicy,AMBIHeader,SmqiObject,EseUser,Date,int)", messageUnprotectInfo);
        }
        return messageUnprotectInfo;
    }

    private MessageUnprotectInfo getUnprotectedFromSigned(CMSSignedData cMSSignedData, SecurityPolicy securityPolicy, EseUser eseUser, int i, Date date, String str) throws Exception {
        if (Trace.isOn) {
            Trace.entry(this, "MessageProtectionBCImpl", "getUnprotectedFromSigned(CMSSignedData,SecurityPolicy,EseUser,int,Date,String)", new Object[]{cMSSignedData, securityPolicy, eseUser, Integer.valueOf(i), date, str});
        }
        X509Certificate signerCertificate = getSignerCertificate(cMSSignedData);
        String normalizeNames = X500NameWrapper.normalizeNames(signerCertificate.getSubjectDN().getName());
        String algorithmName = this.danFinder.getAlgorithmName(new ASN1ObjectIdentifier(((SignerInformation) cMSSignedData.getSignerInfos().getSigners().iterator().next()).getDigestAlgOID()));
        validateSignatureAlg(algorithmName, getSignAlgForBC(securityPolicy));
        validateSenderCertificate(signerCertificate, eseUser, true);
        validateSignedData(signerCertificate, cMSSignedData, eseUser);
        MessageUnprotectInfo messageUnprotectInfo = new MessageUnprotectInfo(normalizeNames, (byte[]) cMSSignedData.getSignedContent().getContent(), i, date, algorithmName, str);
        if (Trace.isOn) {
            Trace.exit(this, "MessageProtectionBCImpl", "getUnprotectedFromSigned(CMSSignedData,SecurityPolicy,EseUser,int,Date,String)", messageUnprotectInfo);
        }
        return messageUnprotectInfo;
    }

    private IllegalProtectionTypeException getIPTException(int i, int i2) {
        if (Trace.isOn) {
            Trace.entry(this, "MessageProtectionBCImpl", "getIPTException(final int,int)", new Object[]{Integer.valueOf(i), Integer.valueOf(i2)});
        }
        HashMap hashMap = new HashMap();
        hashMap.put(AmsErrorMessageInserts.AMS_INSERT_EXPECTED_QUALITY_OF_PROTECTION, MessageProtectionConstants.QOP_NAMES[i]);
        hashMap.put(AmsErrorMessageInserts.AMS_INSERT_QUALITY_OF_PROTECTION, MessageProtectionConstants.QOP_NAMES[i2]);
        IllegalProtectionTypeException illegalProtectionTypeException = new IllegalProtectionTypeException(AmsErrorMessages.mjp_msg_error_qop_mismatch, hashMap);
        if (Trace.isOn) {
            Trace.exit(this, "MessageProtectionBCImpl", "getIPTException(final int,int)", illegalProtectionTypeException);
        }
        return illegalProtectionTypeException;
    }

    private X509Certificate getSignerCertificate(CMSSignedData cMSSignedData) throws MissingCertificateException, MessageProtectionException, CertificateException {
        if (Trace.isOn) {
            Trace.entry(this, "MessageProtectionBCImpl", "getSignerCertificate(CMSSignedData)", new Object[]{cMSSignedData});
        }
        Collection matches = cMSSignedData.getCertificates().getMatches(new AlwaysSelector());
        if (matches == null || matches.size() < 1) {
            MissingCertificateException missingCertificateException = new MissingCertificateException(AmsErrorMessages.mjp_msg_error_sender_certificate_not_found);
            if (Trace.isOn) {
                Trace.throwing(this, "MessageProtectionBCImpl", "getSignerCertificate(CMSSignedData)", missingCertificateException, 1);
            }
            throw missingCertificateException;
        }
        if (matches.size() > 1) {
            MessageProtectionException messageProtectionException = new MessageProtectionException(AmsErrorMessages.mjp_msg_error_invalid_amount_of_sender_certificate);
            if (Trace.isOn) {
                Trace.throwing(this, "MessageProtectionBCImpl", "getSignerCertificate(CMSSignedData)", messageProtectionException, 2);
            }
            throw messageProtectionException;
        }
        X509Certificate certificate = this.certificateConverter.getCertificate((X509CertificateHolder) matches.iterator().next());
        if (certificate != null) {
            if (Trace.isOn) {
                Trace.exit(this, "MessageProtectionBCImpl", "getSignerCertificate(CMSSignedData)", certificate);
            }
            return certificate;
        }
        MissingCertificateException missingCertificateException2 = new MissingCertificateException(AmsErrorMessages.mjp_msg_error_sender_certificate_not_found);
        if (Trace.isOn) {
            Trace.throwing(this, "MessageProtectionBCImpl", "getSignerCertificate(CMSSignedData)", missingCertificateException2, 3);
        }
        throw missingCertificateException2;
    }

    private String getEncAlg(CMSEnvelopedData cMSEnvelopedData) {
        String str;
        if (Trace.isOn) {
            Trace.entry(this, "MessageProtectionBCImpl", "getEncAlg(CMSEnvelopedData)", new Object[]{cMSEnvelopedData});
        }
        String algorithmName = this.danFinder.getAlgorithmName(cMSEnvelopedData.getContentEncryptionAlgorithm());
        boolean z = -1;
        switch (algorithmName.hashCode()) {
            case -2071450589:
                if (algorithmName.equals(MessageProtectionConstants.ENCRYPTION_RC2_CBC_OID)) {
                    z = 4;
                    break;
                }
                break;
            case -2071450584:
                if (algorithmName.equals(MessageProtectionConstants.ENCRYPTION_3DES_CBC_OID)) {
                    z = 7;
                    break;
                }
                break;
            case -1390837014:
                if (algorithmName.equals(MessageProtectionConstants.ENCRYPTION_AES_256_CBC)) {
                    z = 3;
                    break;
                }
                break;
            case -1225950656:
                if (algorithmName.equals(MessageProtectionConstants.ENCRYPTION_AES128_CBC_OID)) {
                    z = false;
                    break;
                }
                break;
            case 650235440:
                if (algorithmName.equals(MessageProtectionConstants.ENCRYPTION_AES256_CBC_OID)) {
                    z = 2;
                    break;
                }
                break;
            case 1191770042:
                if (algorithmName.equals(MessageProtectionConstants.ENCRYPTION_3DES_ALT)) {
                    z = 8;
                    break;
                }
                break;
            case 1726653654:
                if (algorithmName.equals(MessageProtectionConstants.ENCRYPTION_RC2_CBC)) {
                    z = 5;
                    break;
                }
                break;
            case 1932586190:
                if (algorithmName.equals(MessageProtectionConstants.ENCRYPTION_AES_128_CBC)) {
                    z = true;
                    break;
                }
                break;
            case 2068260589:
                if (algorithmName.equals(MessageProtectionConstants.ENCRYPTION_DES_CBC_OID)) {
                    z = 6;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
                str = MessageProtectionConstants.ENCRYPTION_AES128;
                break;
            case true:
            case true:
                str = MessageProtectionConstants.ENCRYPTION_AES256;
                break;
            case true:
            case true:
                str = MessageProtectionConstants.ENCRYPTION_RC2;
                break;
            case true:
                str = MessageProtectionConstants.ENCRYPTION_DES;
                break;
            case true:
            case true:
                str = MessageProtectionConstants.ENCRYPTION_3DES;
                break;
            default:
                str = algorithmName;
                break;
        }
        if (Trace.isOn) {
            Trace.exit(this, "MessageProtectionBCImpl", "getEncAlg(CMSEnvelopedData)", str);
        }
        return str;
    }

    private CMSSignedData getFromEnvelope(EseUser eseUser, CMSEnvelopedData cMSEnvelopedData) throws MessageProtectionException, InvalidCertificateException, AMBIException, CMSException, IOException {
        if (Trace.isOn) {
            Trace.entry(this, "MessageProtectionBCImpl", "getFromEnvelope(EseUser,CMSEnvelopedData)", new Object[]{eseUser, cMSEnvelopedData});
        }
        CMSSignedData AMSsignedToCMSSignedData = AMSsignedToCMSSignedData(getFromEnveloped(eseUser, cMSEnvelopedData));
        if (Trace.isOn) {
            Trace.exit(this, "MessageProtectionBCImpl", "getFromEnvelope(EseUser,CMSEnvelopedData)", AMSsignedToCMSSignedData);
        }
        return AMSsignedToCMSSignedData;
    }

    private byte[] getFromEnveloped(EseUser eseUser, CMSEnvelopedData cMSEnvelopedData) throws MessageProtectionException, InvalidCertificateException, AMBIException, CMSException {
        if (Trace.isOn) {
            Trace.entry(this, "MessageProtectionBCImpl", "getFromEnveloped(EseUser,CMSEnvelopedData)", new Object[]{eseUser, cMSEnvelopedData});
        }
        X509Certificate certificate = eseUser.getCertificate();
        if (certificate == null) {
            HashMap hashMap = new HashMap();
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_CREDENTIAL_ALIAS, eseUser.getKeystoreAlias());
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, eseUser.getKeyStoreAccess().toString());
            MessageProtectionException messageProtectionException = new MessageProtectionException(AmsErrorMessages.mju_user_certificate_not_found_MessageProtectionException, (HashMap<String, ? extends Object>) hashMap);
            if (Trace.isOn) {
                Trace.throwing(this, "MessageProtectionBCImpl", "getFromEnveloped(EseUser,CMSEnvelopedData)", messageProtectionException, 1);
            }
            throw messageProtectionException;
        }
        validateRecipientCertificate(certificate, eseUser);
        RecipientInformation recipientInformation = cMSEnvelopedData.getRecipientInfos().get(new JceKeyTransRecipientId(eseUser.getCertificate()));
        if (recipientInformation != null) {
            byte[] content = recipientInformation.getContent(new JceKeyTransEnvelopedRecipient(eseUser.getPrivateKey()));
            if (Trace.isOn) {
                Trace.exit(this, "MessageProtectionBCImpl", "getFromEnveloped(EseUser,CMSEnvelopedData)", content);
            }
            return content;
        }
        HashMap hashMap2 = new HashMap();
        hashMap2.put(AmsErrorMessageInserts.AMS_INSERT_DISTINGUISHED_NAME, eseUser.getUserDN());
        AMBIException aMBIException = new AMBIException(AmsErrorMessages.mjp_msg_error_user_not_in_recipient, (HashMap<String, ? extends Object>) hashMap2);
        if (Trace.isOn) {
            Trace.throwing(this, "MessageProtectionBCImpl", "getFromEnveloped(EseUser,CMSEnvelopedData)", aMBIException, 2);
        }
        throw aMBIException;
    }

    private void validateSenderCertificate(X509Certificate x509Certificate, EseUser eseUser, boolean z) throws InvalidCertificateException {
        if (Trace.isOn) {
            Trace.entry(this, "MessageProtectionBCImpl", "validateSenderCertificate(X509Certificate,EseUser, boolean)", new Object[]{x509Certificate, eseUser, Boolean.valueOf(z)});
        }
        try {
            this.certificateValidator.validateX509Certificate(x509Certificate, X509CertificateValidator.SENDER_KEY_USAGE, X509CertificateValidator.SENDER_KEY_USAGE_MATCH, false, z, eseUser);
            if (Trace.isOn) {
                Trace.exit(this, "MessageProtectionBCImpl", "validateSenderCertificate(X509Certificate,EseUser)");
            }
        } catch (InvalidCertificateException e) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "MessageProtectionBCImpl", "validateSenderCertificate(X509Certificate,EseUser)", e, 1);
            }
            HashMap hashMap = new HashMap();
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_CERTIFICATE_SUBJECT, x509Certificate.getSubjectDN().getName());
            InvalidCertificateException invalidCertificateException = new InvalidCertificateException(AmsErrorMessages.mjp_msg_error_msg_sender_cert_not_valid_InvalidCertificateException, hashMap, e.getCause());
            if (Trace.isOn) {
                Trace.throwing(this, "MessageProtectionBCImpl", "validateSenderCertificate(X509Certificate,EseUser)", invalidCertificateException, 1);
            }
            throw invalidCertificateException;
        } catch (Exception e2) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "MessageProtectionBCImpl", "validateSenderCertificate(X509Certificate,EseUser)", e2, 2);
            }
            if (Trace.isOn) {
                Trace.catchBlock(this, "com.ibm.mq.ese.prot.MessageProtectionBCImpl", "validateSenderCertificate(X509Certificate, EseUser)", e2);
            }
            HashMap hashMap2 = new HashMap();
            hashMap2.put(AmsErrorMessageInserts.AMS_INSERT_CERTIFICATE_SUBJECT, x509Certificate.getSubjectDN().getName());
            InvalidCertificateException invalidCertificateException2 = new InvalidCertificateException(AmsErrorMessages.mjp_msg_error_msg_sender_cert_not_valid_InvalidCertificateException, hashMap2, e2);
            if (Trace.isOn) {
                Trace.throwing(this, "MessageProtectionBCImpl", "validateSenderCertificate(X509Certificate,EseUser)", invalidCertificateException2, 2);
            }
            throw invalidCertificateException2;
        }
    }

    private void validateSignedData(X509Certificate x509Certificate, CMSSignedData cMSSignedData, EseUser eseUser) throws Exception {
        PKIXBuilderParameters constructPKIXBuilderParameters;
        if (Trace.isOn) {
            Trace.entry(this, "MessageProtectionBCImpl", "validateSignedData(X509Certificate,CMSSignedData,EseUser)", new Object[]{x509Certificate, cMSSignedData, eseUser});
        }
        CertStore build = new JcaCertStoreBuilder().setProvider("BC").addCertificates(cMSSignedData.getCertificates()).build();
        Iterator it = cMSSignedData.getSignerInfos().getSigners().iterator();
        boolean z = false;
        if (it.hasNext()) {
            SignerInformation signerInformation = (SignerInformation) it.next();
            X509CertSelector certSelector = new JcaX509CertSelectorConverter().getCertSelector(signerInformation.getSID());
            certSelector.setKeyUsage(getKeyUsage(128));
            try {
                if (isSelfSigned(x509Certificate)) {
                    constructPKIXBuilderParameters = constructPKIXBuilderParameters(x509Certificate, certSelector);
                } else {
                    KeyStoreAccess keyStoreAccess = eseUser.getKeyStoreAccess();
                    constructPKIXBuilderParameters = keyStoreAccess instanceof CompositeKeyStoreAccess ? constructPKIXBuilderParameters(((CompositeKeyStoreAccess) keyStoreAccess).getSecondaryKeyStore(), certSelector) : constructPKIXBuilderParameters(keyStoreAccess.getKeyStore(), certSelector);
                }
                configurePKIXBuilderParameters(constructPKIXBuilderParameters, build);
                try {
                    z = signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build((X509Certificate) buildPath(constructPKIXBuilderParameters).getCertPath().getCertificates().get(0)));
                } catch (OperatorCreationException | CMSException e) {
                    if (Trace.isOn) {
                        Trace.catchBlock(this, "MessageProtectionBCImpl", "validateSignedData(X509Certificate,CMSSignedData,EseUser)", e, 1);
                    }
                }
            } catch (CertPathBuilderException e2) {
                if (Trace.isOn) {
                    Trace.catchBlock(this, "MessageProtectionBCImpl", "validateSignedData(X509Certificate,CMSSignedData,EseUser)", e2, 2);
                }
            }
        }
        if (z) {
            if (Trace.isOn) {
                Trace.exit(this, "MessageProtectionBCImpl", "validateSignedData(X509Certificate,CMSSignedData,EseUser)");
            }
        } else {
            Exception exc = new Exception("No suitable trust path found");
            if (Trace.isOn) {
                Trace.throwing(this, "MessageProtectionBCImpl", "validateSignedData(X509Certificate,CMSSignedData,EseUser)", exc);
            }
            throw exc;
        }
    }

    private static boolean isSelfSigned(X509Certificate x509Certificate) {
        if (Trace.isOn) {
            Trace.entry("MessageProtectionBCImpl", "isSelfSigned(X509Certificate)", new Object[]{x509Certificate});
        }
        boolean equals = x509Certificate.getIssuerDN().equals(x509Certificate.getSubjectDN());
        if (equals) {
            try {
                x509Certificate.verify(x509Certificate.getPublicKey());
            } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e) {
                if (Trace.isOn) {
                    Trace.catchBlock(MessageProtectionBCImpl.class, "MessageProtectionBCImpl", "isSelfSigned(X509Certificate)", e, 1);
                }
                equals = false;
            }
        }
        if (Trace.isOn) {
            Trace.exit("MessageProtectionBCImpl", "isSelfSigned(X509Certificate)", Boolean.valueOf(equals));
        }
        return equals;
    }

    private static PKIXCertPathBuilderResult buildPath(PKIXBuilderParameters pKIXBuilderParameters) throws NoSuchAlgorithmException, NoSuchProviderException, CertPathBuilderException, InvalidAlgorithmParameterException {
        if (Trace.isOn) {
            Trace.entry("MessageProtectionBCImpl", "buildPath(PKIXBuilderParameters)", new Object[]{pKIXBuilderParameters});
        }
        PKIXCertPathBuilderResult pKIXCertPathBuilderResult = (PKIXCertPathBuilderResult) CertPathBuilder.getInstance("PKIX", "BC").build(pKIXBuilderParameters);
        if (Trace.isOn) {
            Trace.exit("MessageProtectionBCImpl", "buildPath(PKIXBuilderParameters)", pKIXCertPathBuilderResult);
        }
        return pKIXCertPathBuilderResult;
    }

    private static PKIXBuilderParameters constructPKIXBuilderParameters(X509Certificate x509Certificate, X509CertSelector x509CertSelector) throws InvalidAlgorithmParameterException {
        return new PKIXBuilderParameters((Set<TrustAnchor>) Collections.singleton(new TrustAnchor(x509Certificate, null)), x509CertSelector);
    }

    private static PKIXBuilderParameters constructPKIXBuilderParameters(KeyStore keyStore, X509CertSelector x509CertSelector) throws KeyStoreException, InvalidAlgorithmParameterException {
        return new PKIXBuilderParameters(keyStore, x509CertSelector);
    }

    private static void configurePKIXBuilderParameters(PKIXBuilderParameters pKIXBuilderParameters, CertStore certStore) {
        pKIXBuilderParameters.addCertStore(certStore);
        pKIXBuilderParameters.setRevocationEnabled(false);
    }

    private static boolean[] getKeyUsage(int i) {
        if (Trace.isOn) {
            Trace.entry("MessageProtectionBCImpl", "getKeyUsage(int)", new Object[]{Integer.valueOf(i)});
        }
        byte[] bArr = {(byte) (i & 255), (byte) ((i & 65280) >> 8)};
        boolean[] zArr = new boolean[9];
        for (int i2 = 0; i2 != 9; i2++) {
            zArr[i2] = (bArr[i2 / 8] & (128 >>> (i2 % 8))) != 0;
        }
        if (Trace.isOn) {
            Trace.exit("MessageProtectionBCImpl", "getKeyUsage(int)", zArr);
        }
        return zArr;
    }

    private void validateQop(int i) throws IllegalProtectionTypeException {
        if (Trace.isOn) {
            Trace.entry(this, "MessageProtectionBCImpl", "validateQop(int)", new Object[]{Integer.valueOf(i)});
        }
        switch (i) {
            case 1:
            case 2:
            case 3:
                if (Trace.isOn) {
                    Trace.exit(this, "MessageProtectionBCImpl", "validateQop(int)");
                    return;
                }
                return;
            default:
                String num = i < MessageProtectionConstants.QOP_NAMES.length ? MessageProtectionConstants.QOP_NAMES[i] : Integer.toString(i);
                IllegalProtectionTypeException create = IllegalProtectionTypeException.create(num, new IllegalArgumentException(num));
                if (Trace.isOn) {
                    Trace.throwing(this, "MessageProtectionBCImpl", "validateQop(int)", create);
                }
                throw create;
        }
    }

    @Override // com.ibm.mq.ese.prot.MessageProtection
    public boolean isValid() {
        if (!Trace.isOn) {
            return true;
        }
        Trace.data(this, "MessageProtectionBCImpl", "isValid()", "getter", true);
        return true;
    }

    private CMSSignedData sign(byte[] bArr, SecurityPolicy securityPolicy, EseUser eseUser) throws AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "MessageProtectionBCImpl", "sign(byte [ ],SecurityPolicy,EseUser)", new Object[]{bArr, securityPolicy, eseUser});
        }
        CMSSignedData sign = sign(bArr, getSignAlgForBC(securityPolicy), eseUser);
        if (Trace.isOn) {
            Trace.exit(this, "MessageProtectionBCImpl", "sign(byte [ ],SecurityPolicy,EseUser)", sign);
        }
        return sign;
    }

    private CMSSignedData sign(byte[] bArr, String str, EseUser eseUser) throws AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "MessageProtectionBCImpl", "sign(byte [ ],String,EseUser)", new Object[]{bArr, str, eseUser});
        }
        PrivateKey privateKey = eseUser.getPrivateKey();
        X509Certificate certificate = eseUser.getCertificate();
        try {
            JcaCertStore jcaCertStore = new JcaCertStore(Arrays.asList(certificate));
            try {
                SignerInfoGenerator build = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build(), new IBMCMSSignatureEncryptionAlgorithmFinder()).build(new JcaContentSignerBuilder(str).build(privateKey), certificate);
                final CMSAttributeTableGenerator signedAttributeTableGenerator = build.getSignedAttributeTableGenerator();
                SignerInfoGenerator signerInfoGenerator = new SignerInfoGenerator(build, new DefaultSignedAttributeTableGenerator() { // from class: com.ibm.mq.ese.prot.MessageProtectionBCImpl.3
                    public AttributeTable getAttributes(Map map) {
                        return makeRFC3851Compliant(signedAttributeTableGenerator.getAttributes(map));
                    }

                    private AttributeTable makeRFC3851Compliant(AttributeTable attributeTable) {
                        return attributeTable.remove(CMSAttributes.cmsAlgorithmProtect);
                    }
                }, build.getUnsignedAttributeTableGenerator());
                CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
                cMSSignedDataGenerator.addSignerInfoGenerator(signerInfoGenerator);
                cMSSignedDataGenerator.addCertificates(jcaCertStore);
                CMSSignedData generate = cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), true);
                if (Trace.isOn) {
                    Trace.exit(this, "MessageProtectionBCImpl", "sign(byte [ ],String,EseUser)", generate);
                }
                return generate;
            } catch (IllegalArgumentException e) {
                if (Trace.isOn) {
                    Trace.catchBlock(this, "MessageProtectionBCImpl", "sign(byte [ ],String,EseUser)", e, 1);
                }
                IllegalAlgorithmNameException illegalAlgorithmNameException = new IllegalAlgorithmNameException(str, null);
                if (Trace.isOn) {
                    Trace.throwing(this, "MessageProtectionBCImpl", "sign(byte [ ],String,EseUser)", illegalAlgorithmNameException, 1);
                }
                throw illegalAlgorithmNameException;
            }
        } catch (CMSException | CertificateEncodingException | OperatorCreationException e2) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "MessageProtectionBCImpl", "sign(byte [ ],String,EseUser)", e2, 2);
            }
            MessageProtectionException messageProtectionException = new MessageProtectionException(AmsErrorMessages.mjp_msg_error_msg_protection_failed, (Throwable) e2);
            if (Trace.isOn) {
                Trace.throwing(this, "MessageProtectionBCImpl", "sign(byte [ ],String,EseUser)", messageProtectionException, 2);
            }
            throw messageProtectionException;
        }
    }

    private String getSignAlgForBC(SecurityPolicy securityPolicy) {
        if (Trace.isOn) {
            Trace.entry(this, "MessageProtectionBCImpl", "getSignAlgForBC(SecurityPolicy)", new Object[]{securityPolicy});
        }
        String signAlg = securityPolicy.getSignAlg();
        String str = this.sha2NameMapping.get(signAlg);
        if (str == null) {
            str = signAlg;
        }
        if (Trace.isOn) {
            Trace.exit(this, "MessageProtectionBCImpl", "getSignAlgForBC(SecurityPolicy)", str);
        }
        return str;
    }

    private byte[] envelopeSignedData(CMSSignedData cMSSignedData, SecurityPolicy securityPolicy, EseUser eseUser) throws AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "MessageProtectionBCImpl", "envelopeSignedData(CMSSignedData,SecurityPolicy,EseUser)", new Object[]{cMSSignedData, securityPolicy, eseUser});
        }
        try {
            try {
                byte[] envelopeData = envelopeData(securityPolicy, new CMSProcessableByteArray(new ASN1ObjectIdentifier(CMSObjectIdentifiers.signedData.getId()), decodeFromDER(cMSSignedData.toASN1Structure().getContent().getEncoded("DER"))));
                if (Trace.isOn) {
                    Trace.exit(this, "MessageProtectionBCImpl", "envelopeSignedData(CMSSignedData,SecurityPolicy,EseUser)", envelopeData);
                }
                return envelopeData;
            } catch (IOException e) {
                if (Trace.isOn) {
                    Trace.catchBlock(this, "MessageProtectionBCImpl", "envelopeSignedData(CMSSignedData,SecurityPolicy,EseUser)", e, 2);
                }
                MessageProtectionException messageProtectionException = new MessageProtectionException(AmsErrorMessages.mjp_msg_error_msg_protection_failed, e);
                if (Trace.isOn) {
                    Trace.throwing(this, "MessageProtectionBCImpl", "envelopeSignedData(CMSSignedData,SecurityPolicy,EseUser)", messageProtectionException, 2);
                }
                throw messageProtectionException;
            }
        } catch (IOException e2) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "MessageProtectionBCImpl", "envelopeSignedData(CMSSignedData,SecurityPolicy,EseUser)", e2, 1);
            }
            MessageProtectionException messageProtectionException2 = new MessageProtectionException(AmsErrorMessages.mjp_msg_error_msg_protection_failed, e2);
            if (Trace.isOn) {
                Trace.throwing(this, "MessageProtectionBCImpl", "envelopeSignedData(CMSSignedData,SecurityPolicy,EseUser)", messageProtectionException2, 1);
            }
            throw messageProtectionException2;
        }
    }

    private byte[] envelopeData(SecurityPolicy securityPolicy, CMSProcessableByteArray cMSProcessableByteArray) throws MessageProtectionException, IllegalAlgorithmNameException {
        if (Trace.isOn) {
            Trace.entry(this, "MessageProtectionBCImpl", "envelopeData(SecurityPolicy,CMSProcessableByteArray)", new Object[]{securityPolicy, cMSProcessableByteArray});
        }
        CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
        for (X509Certificate x509Certificate : securityPolicy.getRecipientsCertificates()) {
            try {
                cMSEnvelopedDataGenerator.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(x509Certificate));
            } catch (CertificateEncodingException e) {
                if (Trace.isOn) {
                    Trace.catchBlock(this, "MessageProtectionBCImpl", "envelopeData(SecurityPolicy,CMSProcessableByteArray)", e, 1);
                }
                MessageProtectionException messageProtectionException = new MessageProtectionException(AmsErrorMessages.mjp_msg_error_msg_protection_failed, e);
                if (Trace.isOn) {
                    Trace.throwing(this, "MessageProtectionBCImpl", "envelopeData(SecurityPolicy,CMSProcessableByteArray)", messageProtectionException, 1);
                }
                throw messageProtectionException;
            }
        }
        String algorithmOID = AlgorithmHelper.getAlgorithmOID(securityPolicy.getEncAlg());
        if (algorithmOID == null) {
            IllegalAlgorithmNameException illegalAlgorithmNameException = new IllegalAlgorithmNameException(securityPolicy.getEncAlg(), null);
            if (Trace.isOn) {
                Trace.throwing(this, "MessageProtectionBCImpl", "envelopeData(SecurityPolicy,CMSProcessableByteArray)", illegalAlgorithmNameException, 2);
            }
            throw illegalAlgorithmNameException;
        }
        try {
            try {
                try {
                    byte[] encoded = cMSEnvelopedDataGenerator.generate(cMSProcessableByteArray, new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(algorithmOID)).setProvider("BC").build()).toASN1Structure().getEncoded("DL");
                    if (Trace.isOn) {
                        Trace.exit(this, "MessageProtectionBCImpl", "envelopeData(SecurityPolicy,CMSProcessableByteArray)", encoded);
                    }
                    return encoded;
                } catch (IOException e2) {
                    if (Trace.isOn) {
                        Trace.catchBlock(this, "MessageProtectionBCImpl", "envelopeData(SecurityPolicy,CMSProcessableByteArray)", e2, 4);
                    }
                    MessageProtectionException messageProtectionException2 = new MessageProtectionException(AmsErrorMessages.mjp_msg_error_msg_protection_failed, e2);
                    if (Trace.isOn) {
                        Trace.throwing(this, "MessageProtectionBCImpl", "envelopeData(SecurityPolicy,CMSProcessableByteArray)", messageProtectionException2, 5);
                    }
                    throw messageProtectionException2;
                }
            } catch (CMSException e3) {
                if (Trace.isOn) {
                    Trace.catchBlock(this, "MessageProtectionBCImpl", "envelopeData(SecurityPolicy,CMSProcessableByteArray)", e3, 3);
                }
                MessageProtectionException messageProtectionException3 = new MessageProtectionException(AmsErrorMessages.mjp_msg_error_msg_protection_failed, (Throwable) e3);
                if (Trace.isOn) {
                    Trace.throwing(this, "MessageProtectionBCImpl", "envelopeData(SecurityPolicy,CMSProcessableByteArray)", messageProtectionException3, 4);
                }
                throw messageProtectionException3;
            }
        } catch (CMSException e4) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "MessageProtectionBCImpl", "envelopeData(SecurityPolicy,CMSProcessableByteArray)", e4, 2);
            }
            MessageProtectionException messageProtectionException4 = new MessageProtectionException(AmsErrorMessages.mjp_msg_error_msg_protection_failed, (Throwable) e4);
            if (Trace.isOn) {
                Trace.throwing(this, "MessageProtectionBCImpl", "envelopeData(SecurityPolicy,CMSProcessableByteArray)", messageProtectionException4, 3);
            }
            throw messageProtectionException4;
        }
    }

    private static byte[] encodeAsDER(byte[] bArr) throws IOException {
        if (Trace.isOn) {
            Trace.entry("MessageProtectionBCImpl", "encodeAsDER(byte [ ])", new Object[]{bArr});
        }
        int length = bArr.length;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(48);
        int i = 0;
        for (int i2 = length; i2 > 0; i2 >>= 8) {
            i++;
        }
        byteArrayOutputStream.write(128 | i);
        for (int i3 = i - 1; i3 >= 0; i3--) {
            byteArrayOutputStream.write((length >> (i3 * 8)) & 255);
        }
        byteArrayOutputStream.write(bArr);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        if (Trace.isOn) {
            Trace.exit("MessageProtectionBCImpl", "encodeAsDER(byte [ ])", byteArray);
        }
        return byteArray;
    }

    private static byte[] decodeFromDER(byte[] bArr) throws IOException {
        if (Trace.isOn) {
            Trace.entry("MessageProtectionBCImpl", "decodeFromDER(byte [ ])", new Object[]{bArr});
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        byteArrayInputStream.read();
        int read = byteArrayInputStream.read() & (-129);
        int i = 0;
        for (int i2 = 0; i2 < read; i2++) {
            i = (i << 8) | byteArrayInputStream.read();
        }
        byte[] bArr2 = new byte[i];
        byteArrayInputStream.read(bArr2);
        if (Trace.isOn) {
            Trace.exit("MessageProtectionBCImpl", "decodeFromDER(byte [ ])", bArr2);
        }
        return bArr2;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v23 */
    /* JADX WARN: Type inference failed for: r0v24 */
    /* JADX WARN: Type inference failed for: r0v26 */
    /* JADX WARN: Type inference failed for: r0v27 */
    /* JADX WARN: Type inference failed for: r0v29 */
    /* JADX WARN: Type inference failed for: r0v30 */
    /* JADX WARN: Type inference failed for: r0v32 */
    /* JADX WARN: Type inference failed for: r0v33 */
    /* JADX WARN: Type inference failed for: r0v35 */
    /* JADX WARN: Type inference failed for: r0v36 */
    private void validateEncryptionStrength(String str, String str2) throws MessageProtectionException {
        if (Trace.isOn) {
            Trace.entry(this, "MessageProtectionBCImpl", "validateEncryptionStrength(String,String)", new Object[]{str, str2});
        }
        boolean z = false;
        boolean z2 = true;
        boolean z3 = false;
        if (str2 != null && str2.length() > 0) {
            boolean z4 = -1;
            switch (str2.hashCode()) {
                case -2071450589:
                    if (str2.equals(MessageProtectionConstants.ENCRYPTION_RC2_CBC_OID)) {
                        z4 = 10;
                        break;
                    }
                    break;
                case -2071450584:
                    if (str2.equals(MessageProtectionConstants.ENCRYPTION_3DES_CBC_OID)) {
                        z4 = 6;
                        break;
                    }
                    break;
                case -1390837014:
                    if (str2.equals(MessageProtectionConstants.ENCRYPTION_AES_256_CBC)) {
                        z4 = 2;
                        break;
                    }
                    break;
                case -1225950656:
                    if (str2.equals(MessageProtectionConstants.ENCRYPTION_AES128_CBC_OID)) {
                        z4 = 3;
                        break;
                    }
                    break;
                case 67570:
                    if (str2.equals(MessageProtectionConstants.ENCRYPTION_DES)) {
                        z4 = 9;
                        break;
                    }
                    break;
                case 80929:
                    if (str2.equals(MessageProtectionConstants.ENCRYPTION_RC2)) {
                        z4 = 11;
                        break;
                    }
                    break;
                case 650235440:
                    if (str2.equals(MessageProtectionConstants.ENCRYPTION_AES256_CBC_OID)) {
                        z4 = false;
                        break;
                    }
                    break;
                case 1927139112:
                    if (str2.equals(MessageProtectionConstants.ENCRYPTION_AES128)) {
                        z4 = 4;
                        break;
                    }
                    break;
                case 1927140164:
                    if (str2.equals(MessageProtectionConstants.ENCRYPTION_AES256)) {
                        z4 = true;
                        break;
                    }
                    break;
                case 1932586190:
                    if (str2.equals(MessageProtectionConstants.ENCRYPTION_AES_128_CBC)) {
                        z4 = 5;
                        break;
                    }
                    break;
                case 2013078132:
                    if (str2.equals(MessageProtectionConstants.ENCRYPTION_3DES)) {
                        z4 = 7;
                        break;
                    }
                    break;
                case 2068260589:
                    if (str2.equals(MessageProtectionConstants.ENCRYPTION_DES_CBC_OID)) {
                        z4 = 8;
                        break;
                    }
                    break;
            }
            switch (z4) {
                case false:
                case true:
                case true:
                    z3 = 5;
                    break;
                case true:
                case true:
                case true:
                    z3 = 4;
                    break;
                case true:
                case true:
                    z3 = 3;
                    break;
                case true:
                case true:
                    z3 = 2;
                    break;
                case true:
                case true:
                    z3 = true;
                    break;
                default:
                    z2 = false;
                    break;
            }
        }
        if (z2) {
            boolean z5 = -1;
            switch (str.hashCode()) {
                case -2071450589:
                    if (str.equals(MessageProtectionConstants.ENCRYPTION_RC2_CBC_OID)) {
                        z5 = 11;
                        break;
                    }
                    break;
                case -2071450584:
                    if (str.equals(MessageProtectionConstants.ENCRYPTION_3DES_CBC_OID)) {
                        z5 = 6;
                        break;
                    }
                    break;
                case -1390837014:
                    if (str.equals(MessageProtectionConstants.ENCRYPTION_AES_256_CBC)) {
                        z5 = 2;
                        break;
                    }
                    break;
                case -1225950656:
                    if (str.equals(MessageProtectionConstants.ENCRYPTION_AES128_CBC_OID)) {
                        z5 = 3;
                        break;
                    }
                    break;
                case 67570:
                    if (str.equals(MessageProtectionConstants.ENCRYPTION_DES)) {
                        z5 = 10;
                        break;
                    }
                    break;
                case 80929:
                    if (str.equals(MessageProtectionConstants.ENCRYPTION_RC2)) {
                        z5 = 13;
                        break;
                    }
                    break;
                case 650235440:
                    if (str.equals(MessageProtectionConstants.ENCRYPTION_AES256_CBC_OID)) {
                        z5 = false;
                        break;
                    }
                    break;
                case 1191770042:
                    if (str.equals(MessageProtectionConstants.ENCRYPTION_3DES_ALT)) {
                        z5 = 8;
                        break;
                    }
                    break;
                case 1726653654:
                    if (str.equals(MessageProtectionConstants.ENCRYPTION_RC2_CBC)) {
                        z5 = 12;
                        break;
                    }
                    break;
                case 1927139112:
                    if (str.equals(MessageProtectionConstants.ENCRYPTION_AES128)) {
                        z5 = 4;
                        break;
                    }
                    break;
                case 1927140164:
                    if (str.equals(MessageProtectionConstants.ENCRYPTION_AES256)) {
                        z5 = true;
                        break;
                    }
                    break;
                case 1932586190:
                    if (str.equals(MessageProtectionConstants.ENCRYPTION_AES_128_CBC)) {
                        z5 = 5;
                        break;
                    }
                    break;
                case 2013078132:
                    if (str.equals(MessageProtectionConstants.ENCRYPTION_3DES)) {
                        z5 = 7;
                        break;
                    }
                    break;
                case 2068260589:
                    if (str.equals(MessageProtectionConstants.ENCRYPTION_DES_CBC_OID)) {
                        z5 = 9;
                        break;
                    }
                    break;
            }
            switch (z5) {
                case false:
                case true:
                case true:
                    if (z3 >= 0 && z3 <= 5) {
                        z = true;
                        break;
                    }
                    break;
                case true:
                case true:
                case true:
                    if (z3 >= 0 && z3 <= 4) {
                        z = true;
                        break;
                    }
                    break;
                case true:
                case true:
                case true:
                    if (z3 >= 0 && z3 <= 3) {
                        z = true;
                        break;
                    }
                    break;
                case true:
                case true:
                    if (z3 >= 0 && z3 <= 2) {
                        z = true;
                        break;
                    }
                    break;
                case true:
                case true:
                case true:
                    if (z3 >= 0 && z3 <= 1) {
                        z = true;
                        break;
                    }
                    break;
            }
        }
        if (z) {
            if (Trace.isOn) {
                Trace.exit(this, "MessageProtectionBCImpl", "validateEncryptionStrength(String,String)");
            }
        } else {
            HashMap hashMap = new HashMap();
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_EXPECTED_ENCRYPTION_STRENGTH, str2.length() == 0 ? "NONE" : str2);
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_ENCRYPTION_STRENGTH, str);
            MessageProtectionException messageProtectionException = new MessageProtectionException(AmsErrorMessages.mjp_msg_error_encryption_strength_mismatch, (HashMap<String, ? extends Object>) hashMap);
            if (Trace.isOn) {
                Trace.throwing(this, "MessageProtectionBCImpl", "validateEncryptionStrength(String,String)", messageProtectionException);
            }
            throw messageProtectionException;
        }
    }

    private void validateRecipientCertificate(X509Certificate x509Certificate, EseUser eseUser) throws InvalidCertificateException {
        if (Trace.isOn) {
            Trace.entry(this, "MessageProtectionBCImpl", "validateRecipientCertificate(X509Certificate,EseUser)", new Object[]{x509Certificate, eseUser});
        }
        try {
            this.certificateValidator.validateX509Certificate(x509Certificate, X509CertificateValidator.RECIPIENT_KEY_USAGE, X509CertificateValidator.RECIPIENT_KEY_USAGE_MATCH, eseUser);
            if (Trace.isOn) {
                Trace.exit(this, "MessageProtectionBCImpl", "validateRecipientCertificate(X509Certificate,EseUser)");
            }
        } catch (InvalidCertificateException e) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "MessageProtectionBCImpl", "validateRecipientCertificate(X509Certificate,EseUser)", e, 1);
            }
            HashMap hashMap = new HashMap();
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_CERTIFICATE_SUBJECT, x509Certificate.getSubjectDN().getName());
            InvalidCertificateException invalidCertificateException = new InvalidCertificateException(AmsErrorMessages.mjp_msg_error_msg_recipient_cert_not_valid, hashMap, e.getCause());
            if (Trace.isOn) {
                Trace.throwing(this, "MessageProtectionBCImpl", "validateRecipientCertificate(X509Certificate,EseUser)", invalidCertificateException, 1);
            }
            throw invalidCertificateException;
        } catch (Exception e2) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "MessageProtectionBCImpl", "validateRecipientCertificate(X509Certificate,EseUser)", e2, 2);
            }
            if (Trace.isOn) {
                Trace.traceInfo(this, "com.ibm.mq.ese.prot.MessageProtectionBCImpl", "validateRecipientCertificate(X509Certificate, EseUser)", "caught exception while validating sender's certificate", "");
            }
            HashMap hashMap2 = new HashMap();
            hashMap2.put(AmsErrorMessageInserts.AMS_INSERT_CERTIFICATE_SUBJECT, x509Certificate.getSubjectDN().getName());
            InvalidCertificateException invalidCertificateException2 = new InvalidCertificateException(AmsErrorMessages.mjp_msg_error_msg_recipient_cert_not_valid, hashMap2, e2);
            if (Trace.isOn) {
                Trace.throwing(this, "MessageProtectionBCImpl", "validateRecipientCertificate(X509Certificate,EseUser)", invalidCertificateException2, 2);
            }
            throw invalidCertificateException2;
        }
    }

    private CMSSignedData AMSsignedToCMSSignedData(byte[] bArr) throws IOException, CMSException {
        if (Trace.isOn) {
            Trace.entry(this, "MessageProtectionBCImpl", "AMSsignedToCMSSignedData(byte [ ])", new Object[]{bArr});
        }
        ASN1InputStream aSN1InputStream = new ASN1InputStream(encodeAsDER(bArr));
        Throwable th = null;
        try {
            ASN1Primitive readObject = aSN1InputStream.readObject();
            if (aSN1InputStream != null) {
                if (0 != 0) {
                    try {
                        aSN1InputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    aSN1InputStream.close();
                }
            }
            CMSSignedData cMSSignedData = new CMSSignedData(new ContentInfo(CMSObjectIdentifiers.signedData, SignedData.getInstance(readObject)));
            if (Trace.isOn) {
                Trace.exit(this, "MessageProtectionBCImpl", "AMSsignedToCMSSignedData(byte [ ])", cMSSignedData);
            }
            return cMSSignedData;
        } catch (Throwable th3) {
            if (aSN1InputStream != null) {
                if (0 != 0) {
                    try {
                        aSN1InputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    aSN1InputStream.close();
                }
            }
            throw th3;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v33 */
    /* JADX WARN: Type inference failed for: r0v34 */
    /* JADX WARN: Type inference failed for: r0v36 */
    /* JADX WARN: Type inference failed for: r0v37 */
    /* JADX WARN: Type inference failed for: r0v39 */
    /* JADX WARN: Type inference failed for: r0v40 */
    /* JADX WARN: Type inference failed for: r0v42 */
    /* JADX WARN: Type inference failed for: r0v43 */
    /* JADX WARN: Type inference failed for: r0v45 */
    /* JADX WARN: Type inference failed for: r0v46 */
    private void validateSignatureAlg(String str, String str2) throws MessageProtectionException {
        if (Trace.isOn) {
            Trace.entry(this, "MessageProtectionBCImpl", "validateSignatureAlg(String,String)", new Object[]{str, str2});
        }
        boolean z = false;
        boolean z2 = true;
        boolean z3 = false;
        boolean z4 = -1;
        switch (str2.hashCode()) {
            case -2096004506:
                if (str2.equals(MessageProtectionConstants.MD5_WITH_RSAENCRYPTION_OID)) {
                    z4 = 19;
                    break;
                }
                break;
            case -2096004505:
                if (str2.equals(MessageProtectionConstants.SHA1_WITH_RSAENCRYPTION_OID)) {
                    z4 = 15;
                    break;
                }
                break;
            case -1850268089:
                if (str2.equals(DIGEST_ALG_SHA256)) {
                    z4 = 14;
                    break;
                }
                break;
            case -1850267037:
                if (str2.equals(DIGEST_ALG_SHA384)) {
                    z4 = 9;
                    break;
                }
                break;
            case -1850265334:
                if (str2.equals(DIGEST_ALG_SHA512)) {
                    z4 = 4;
                    break;
                }
                break;
            case -1563462509:
                if (str2.equals(MessageProtectionConstants.SHA3_WITH_RSAENCRYPTION)) {
                    z4 = 7;
                    break;
                }
                break;
            case -1364698020:
                if (str2.equals(MessageProtectionConstants.MD5_WITH_RSAENCRYPTION)) {
                    z4 = 20;
                    break;
                }
                break;
            case -794853417:
                if (str2.equals(MessageProtectionConstants.SHA384_WITH_RSAENCRYPTION)) {
                    z4 = 6;
                    break;
                }
                break;
            case -754115883:
                if (str2.equals(MessageProtectionConstants.SHA1_WITH_RSAENCRYPTION)) {
                    z4 = 16;
                    break;
                }
                break;
            case -611254448:
                if (str2.equals(MessageProtectionConstants.SHA512_WITH_RSAENCRYPTION)) {
                    z4 = true;
                    break;
                }
                break;
            case -551630290:
                if (str2.equals(MessageProtectionConstants.SHA256_WITH_RSAENCRYPTION_OID)) {
                    z4 = 10;
                    break;
                }
                break;
            case -551630289:
                if (str2.equals(MessageProtectionConstants.SHA384_WITH_RSAENCRYPTION_OID)) {
                    z4 = 5;
                    break;
                }
                break;
            case -551630288:
                if (str2.equals(MessageProtectionConstants.SHA512_WITH_RSAENCRYPTION_OID)) {
                    z4 = false;
                    break;
                }
                break;
            case -280290445:
                if (str2.equals(MessageProtectionConstants.SHA256_WITH_RSAENCRYPTION)) {
                    z4 = 11;
                    break;
                }
                break;
            case 76158:
                if (str2.equals(DIGEST_ALG_MD5)) {
                    z4 = 21;
                    break;
                }
                break;
            case 82060:
                if (str2.equals(DIGEST_ALG_SHA)) {
                    z4 = 17;
                    break;
                }
                break;
            case 2543909:
                if (str2.equals(DIGEST_ALG_SHA1)) {
                    z4 = 18;
                    break;
                }
                break;
            case 2543910:
                if (str2.equals(DIGEST_ALG_SHA2)) {
                    z4 = 13;
                    break;
                }
                break;
            case 2543911:
                if (str2.equals(DIGEST_ALG_SHA3)) {
                    z4 = 8;
                    break;
                }
                break;
            case 2543913:
                if (str2.equals(DIGEST_ALG_SHA5)) {
                    z4 = 3;
                    break;
                }
                break;
            case 65408136:
                if (str2.equals(MessageProtectionConstants.DUMMY_SIGNATURE_ALGORITHM)) {
                    z4 = 22;
                    break;
                }
                break;
            case 988694452:
                if (str2.equals(MessageProtectionConstants.SHA2_WITH_RSAENCRYPTION)) {
                    z4 = 12;
                    break;
                }
                break;
            case 1922158161:
                if (str2.equals(MessageProtectionConstants.SHA5_WITH_RSAENCRYPTION)) {
                    z4 = 2;
                    break;
                }
                break;
        }
        switch (z4) {
            case false:
            case true:
            case true:
            case true:
            case true:
                z3 = 6;
                break;
            case true:
            case true:
            case true:
            case true:
            case true:
                z3 = 5;
                break;
            case true:
            case true:
            case true:
            case true:
            case true:
                z3 = 4;
                break;
            case true:
            case true:
            case true:
            case true:
                z3 = 2;
                break;
            case true:
            case true:
            case true:
                z3 = true;
                break;
            case true:
                z3 = false;
                break;
            default:
                z2 = false;
                break;
        }
        if (z2) {
            boolean z5 = -1;
            switch (str.hashCode()) {
                case -2096004506:
                    if (str.equals(MessageProtectionConstants.MD5_WITH_RSAENCRYPTION_OID)) {
                        z5 = 19;
                        break;
                    }
                    break;
                case -2096004505:
                    if (str.equals(MessageProtectionConstants.SHA1_WITH_RSAENCRYPTION_OID)) {
                        z5 = 15;
                        break;
                    }
                    break;
                case -1850268089:
                    if (str.equals(DIGEST_ALG_SHA256)) {
                        z5 = 14;
                        break;
                    }
                    break;
                case -1850267037:
                    if (str.equals(DIGEST_ALG_SHA384)) {
                        z5 = 9;
                        break;
                    }
                    break;
                case -1850265334:
                    if (str.equals(DIGEST_ALG_SHA512)) {
                        z5 = 4;
                        break;
                    }
                    break;
                case -1563462509:
                    if (str.equals(MessageProtectionConstants.SHA3_WITH_RSAENCRYPTION)) {
                        z5 = 7;
                        break;
                    }
                    break;
                case -1364698020:
                    if (str.equals(MessageProtectionConstants.MD5_WITH_RSAENCRYPTION)) {
                        z5 = 20;
                        break;
                    }
                    break;
                case -794853417:
                    if (str.equals(MessageProtectionConstants.SHA384_WITH_RSAENCRYPTION)) {
                        z5 = 6;
                        break;
                    }
                    break;
                case -754115883:
                    if (str.equals(MessageProtectionConstants.SHA1_WITH_RSAENCRYPTION)) {
                        z5 = 16;
                        break;
                    }
                    break;
                case -611254448:
                    if (str.equals(MessageProtectionConstants.SHA512_WITH_RSAENCRYPTION)) {
                        z5 = true;
                        break;
                    }
                    break;
                case -551630290:
                    if (str.equals(MessageProtectionConstants.SHA256_WITH_RSAENCRYPTION_OID)) {
                        z5 = 10;
                        break;
                    }
                    break;
                case -551630289:
                    if (str.equals(MessageProtectionConstants.SHA384_WITH_RSAENCRYPTION_OID)) {
                        z5 = 5;
                        break;
                    }
                    break;
                case -551630288:
                    if (str.equals(MessageProtectionConstants.SHA512_WITH_RSAENCRYPTION_OID)) {
                        z5 = false;
                        break;
                    }
                    break;
                case -280290445:
                    if (str.equals(MessageProtectionConstants.SHA256_WITH_RSAENCRYPTION)) {
                        z5 = 11;
                        break;
                    }
                    break;
                case 76158:
                    if (str.equals(DIGEST_ALG_MD5)) {
                        z5 = 21;
                        break;
                    }
                    break;
                case 82060:
                    if (str.equals(DIGEST_ALG_SHA)) {
                        z5 = 17;
                        break;
                    }
                    break;
                case 2543909:
                    if (str.equals(DIGEST_ALG_SHA1)) {
                        z5 = 18;
                        break;
                    }
                    break;
                case 2543910:
                    if (str.equals(DIGEST_ALG_SHA2)) {
                        z5 = 13;
                        break;
                    }
                    break;
                case 2543911:
                    if (str.equals(DIGEST_ALG_SHA3)) {
                        z5 = 8;
                        break;
                    }
                    break;
                case 2543913:
                    if (str.equals(DIGEST_ALG_SHA5)) {
                        z5 = 3;
                        break;
                    }
                    break;
                case 988694452:
                    if (str.equals(MessageProtectionConstants.SHA2_WITH_RSAENCRYPTION)) {
                        z5 = 12;
                        break;
                    }
                    break;
                case 1922158161:
                    if (str.equals(MessageProtectionConstants.SHA5_WITH_RSAENCRYPTION)) {
                        z5 = 2;
                        break;
                    }
                    break;
            }
            switch (z5) {
                case false:
                case true:
                case true:
                case true:
                case true:
                    if (z3 >= 0 && z3 <= 6) {
                        z = true;
                        break;
                    }
                    break;
                case true:
                case true:
                case true:
                case true:
                case true:
                    if (z3 >= 0 && z3 <= 5) {
                        z = true;
                        break;
                    }
                    break;
                case true:
                case true:
                case true:
                case true:
                case true:
                    if (z3 >= 0 && z3 <= 4) {
                        z = true;
                        break;
                    }
                    break;
                case true:
                case true:
                case true:
                case true:
                    if (z3 >= 0 && z3 <= 2) {
                        z = true;
                        break;
                    }
                    break;
                case true:
                case true:
                case true:
                    if (z3 >= 0 && z3 <= 1) {
                        z = true;
                        break;
                    }
                    break;
            }
        }
        if (z) {
            if (Trace.isOn) {
                Trace.exit(this, "MessageProtectionBCImpl", "validateSignatureAlg(String,String)");
                return;
            }
            return;
        }
        if (Trace.isOn) {
            Trace.traceInfo(this, "com.ibm.mq.ese.prot.MessageProtectionBCImpl", "validateSignatureAlg(String, String)", "Signature algorithm '" + str + "' does not match policy settings '" + str2 + "'", "");
        }
        HashMap hashMap = new HashMap();
        hashMap.put(AmsErrorMessageInserts.AMS_INSERT_SIGNATURE_ALGORITHM, str);
        MessageProtectionException messageProtectionException = new MessageProtectionException(AmsErrorMessages.mjp_msg_error_invalid_signature_algorithm, (HashMap<String, ? extends Object>) hashMap);
        if (Trace.isOn) {
            Trace.throwing(this, "MessageProtectionBCImpl", "validateSignatureAlg(String,String)", messageProtectionException);
        }
        throw messageProtectionException;
    }

    @Override // com.ibm.mq.ese.prot.MessageProtection
    public boolean initialise() {
        return false;
    }

    static {
        String str;
        if (Trace.isOn) {
            Trace.data("MessageProtectionBCImpl", "static", "SCCS id", (Object) "@(#) MQMBID sn=p920-026-240612 su=_ilMFOyirEe-nc-kqTO-cfg pn=com.ibm.mq.ese/src/com/ibm/mq/ese/prot/MessageProtectionBCImpl.java");
        }
        if (Trace.isOn) {
            Trace.entry("MessageProtectionBCImpl", "static()");
        }
        Security.addProvider(new BouncyCastleProvider());
        if (Trace.isOn) {
            Trace.exit("MessageProtectionBCImpl", "static()");
        }
        if (Trace.isOn && (str = (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: com.ibm.mq.ese.prot.MessageProtectionBCImpl.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public String run() {
                InputStream inputStream = null;
                String str2 = null;
                try {
                    try {
                        String url = BouncyCastleProvider.class.getResource("BouncyCastleProvider.class").toString();
                        if (url.startsWith("jar")) {
                            inputStream = new URL(url.substring(0, url.lastIndexOf("!") + 1) + "/META-INF/MANIFEST.MF").openStream();
                            str2 = new Manifest(inputStream).getMainAttributes().getValue("Implementation-Version");
                            if (str2 == null || str2.length() == 0) {
                                Trace.data("MessageProtectionBCImpl", "static()", "Unable to determine BouncyCastleProvider version - Implementation-Version value was \"" + str2 + "\"", (Object) url);
                            }
                        } else {
                            Trace.data("MessageProtectionBCImpl", "static()", (Object) ("Unable to determine BouncyCastleProvider version. Unexpected resource URI: " + url));
                        }
                        if (inputStream != null) {
                            try {
                                inputStream.close();
                            } catch (IOException e) {
                            }
                        }
                    } catch (Throwable th) {
                        if (0 != 0) {
                            try {
                                inputStream.close();
                            } catch (IOException e2) {
                            }
                        }
                        throw th;
                    }
                } catch (Exception e3) {
                    Trace.data("MessageProtectionBCImpl", "static()", (Object) ("Unable to determine BouncyCastleProvider version due to exception: " + e3));
                    if (0 != 0) {
                        try {
                            inputStream.close();
                        } catch (IOException e4) {
                        }
                    }
                }
                return str2;
            }
        })) != null && str.length() > 0) {
            Trace.data("MessageProtectionBCImpl", "static()", (Object) ("BouncyCastleProvider version: " + str.toString()));
        }
        pCount = 0;
    }
}
