package oracle.security.pki.internal.cert;

import java.io.ByteArrayInputStream;
import java.io.Externalizable;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInput;
import java.io.ObjectOutput;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Vector;
import javax.security.auth.x500.X500Principal;
import oracle.security.pki.JCEUtil;
import oracle.security.pki.PKIConstants;
import oracle.security.pki.TransitionMode;
import oracle.security.pki.exception.AuthException;
import oracle.security.pki.internal.asn1.ASN1BitString;
import oracle.security.pki.internal.asn1.ASN1ConstructedInputStream;
import oracle.security.pki.internal.asn1.ASN1Date;
import oracle.security.pki.internal.asn1.ASN1GenericConstructed;
import oracle.security.pki.internal.asn1.ASN1Integer;
import oracle.security.pki.internal.asn1.ASN1Object;
import oracle.security.pki.internal.asn1.ASN1ObjectID;
import oracle.security.pki.internal.asn1.ASN1Sequence;
import oracle.security.pki.internal.asn1.ASN1SequenceInputStream;
import oracle.security.pki.internal.cert.X509;
import oracle.security.pki.internal.core.AlgID;
import oracle.security.pki.internal.core.AlgorithmIdentifier;
import oracle.security.pki.util.CryptoUtils;
import oracle.security.pki.util.StreamableOutputException;
import oracle.security.pki.util.Utils;

/* loaded from: input_file:oracle/security/pki/internal/cert/CRL.class */
public class CRL implements Externalizable, ASN1Object {
    private ASN1Sequence b;
    private AlgorithmIdentifier c;
    private byte[] d;
    private X500Name e;
    private Date f;
    private Date g;
    private LinkedHashMap<BigInteger, RevokedCertificate> h;
    private X509ExtensionSet i;
    private PrivateKey j;
    private PublicKey k;
    private X509Certificate l;
    private int m;
    private ASN1Sequence n;
    X509CRLImpl a;

    /* loaded from: input_file:oracle/security/pki/internal/cert/CRL$X509CRLImpl.class */
    class X509CRLImpl extends X509CRL {
        X509CRLImpl() {
        }

        @Override // java.security.cert.X509CRL
        public boolean equals(Object obj) {
            return CRL.this.equals(obj);
        }

        @Override // java.security.cert.X509CRL
        public byte[] getEncoded() {
            return CRL.this.n();
        }

        @Override // java.security.cert.X509CRL
        public Principal getIssuerDN() {
            return CRL.this.o();
        }

        @Override // java.security.cert.X509CRL
        public X500Principal getIssuerX500Principal() {
            return CRL.this.p();
        }

        @Override // java.security.cert.X509CRL
        public Date getNextUpdate() {
            return CRL.this.q();
        }

        @Override // java.security.cert.X509CRL
        public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
            return CRL.this.b(bigInteger);
        }

        @Override // java.security.cert.X509CRL
        public X509CRLEntry getRevokedCertificate(X509Certificate x509Certificate) {
            return CRL.this.b(x509Certificate);
        }

        @Override // java.security.cert.X509CRL
        public Set<? extends X509CRLEntry> getRevokedCertificates() {
            return new LinkedHashSet(CRL.this.d());
        }

        @Override // java.security.cert.X509CRL
        public String getSigAlgName() {
            return CRL.this.r();
        }

        @Override // java.security.cert.X509CRL
        public String getSigAlgOID() {
            return CRL.this.s();
        }

        @Override // java.security.cert.X509CRL
        public byte[] getSigAlgParams() {
            return CRL.this.t();
        }

        @Override // java.security.cert.X509CRL
        public byte[] getSignature() {
            return CRL.this.u();
        }

        @Override // java.security.cert.X509CRL
        public byte[] getTBSCertList() {
            try {
                return CRL.this.v();
            } catch (CRLException e) {
                e.printStackTrace();
                return null;
            }
        }

        @Override // java.security.cert.X509CRL
        public Date getThisUpdate() {
            return CRL.this.w();
        }

        @Override // java.security.cert.X509CRL
        public int getVersion() {
            return CRL.this.x();
        }

        @Override // java.security.cert.X509CRL
        public int hashCode() {
            return CRL.this.hashCode();
        }

        @Override // java.security.cert.X509CRL
        public void verify(PublicKey publicKey, String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
            CRL.this.a(publicKey, str);
        }

        @Override // java.security.cert.X509CRL
        public void verify(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
            CRL.this.b(publicKey);
        }

        @Override // java.security.cert.CRL
        public boolean isRevoked(java.security.cert.Certificate certificate) {
            return CRL.this.a(certificate);
        }

        @Override // java.security.cert.CRL
        public String toString() {
            return CRL.this.toString();
        }

        @Override // java.security.cert.X509Extension
        public Set<String> getCriticalExtensionOIDs() {
            return CRL.this.y();
        }

        @Override // java.security.cert.X509Extension
        public byte[] getExtensionValue(String str) {
            return CRL.this.a(str);
        }

        @Override // java.security.cert.X509Extension
        public Set<String> getNonCriticalExtensionOIDs() {
            return CRL.this.z();
        }

        @Override // java.security.cert.X509Extension
        public boolean hasUnsupportedCriticalExtension() {
            return CRL.this.A();
        }

        public CRL a() {
            return CRL.this;
        }
    }

    public CRL() {
        this.b = null;
        this.c = null;
        this.d = null;
        this.f = new Date();
        this.g = null;
        this.h = null;
        this.i = null;
        this.n = null;
        this.a = new X509CRLImpl();
    }

    public CRL(InputStream inputStream) throws IOException {
        this();
        input(inputStream);
    }

    public CRL(File file) throws IOException {
        this(new FileInputStream(file));
    }

    public CRL(URL url) throws IOException {
        this(url.openStream());
    }

    public static CRL a(X509CRL x509crl) {
        if (x509crl instanceof X509CRLImpl) {
            return ((X509CRLImpl) x509crl).a();
        }
        try {
            return new CRL(new ByteArrayInputStream(x509crl.getEncoded()));
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (CRLException e2) {
            throw new RuntimeException(e2);
        }
    }

    public void a(X500Name x500Name) {
        this.e = x500Name;
        E();
    }

    public void a(X509Certificate x509Certificate) {
        this.l = x509Certificate;
        if (this.e == null) {
            if (x509Certificate instanceof X509.X509CertificateImpl) {
                a(((X509.X509CertificateImpl) x509Certificate).a().n());
            } else {
                a(X500Name.a(x509Certificate.getIssuerX500Principal()));
            }
        }
        a(this.l.getPublicKey());
    }

    public X500Name a() {
        return this.e;
    }

    public void a(PublicKey publicKey) {
        this.k = publicKey;
    }

    public void a(PrivateKey privateKey, AlgorithmIdentifier algorithmIdentifier) {
        this.j = privateKey;
        a(algorithmIdentifier);
    }

    public void a(AlgorithmIdentifier algorithmIdentifier) {
        this.c = algorithmIdentifier;
        E();
    }

    public Date b() {
        return this.f;
    }

    public Date c() {
        return this.g;
    }

    public ArrayList<RevokedCertificate> d() {
        if (this.h == null) {
            return null;
        }
        return new ArrayList<>(this.h.values());
    }

    public Map<BigInteger, RevokedCertificate> e() {
        return this.h;
    }

    public Enumeration<BigInteger> f() {
        return this.h != null ? new Vector(this.h.keySet()).elements() : new Vector().elements();
    }

    public void a(List<? extends RevokedCertificate> list) {
        if (list == null || list.size() <= 0) {
            return;
        }
        this.h = new LinkedHashMap<>();
        for (RevokedCertificate revokedCertificate : list) {
            this.h.put(revokedCertificate.a(), revokedCertificate);
        }
        E();
    }

    public void a(Date date) {
        this.f = date;
        E();
    }

    public void a(Date date, Date date2) {
        this.f = date;
        this.g = date2;
        E();
    }

    public void a(int i) {
        a(new Date(), Utils.daysFromNow(i));
    }

    public void a(BigInteger bigInteger) {
        a(bigInteger, new Date());
    }

    public void a(BigInteger bigInteger, Date date) {
        a(new RevokedCertificate(bigInteger, date));
    }

    public void a(RevokedCertificate revokedCertificate) {
        if (this.h == null) {
            this.h = new LinkedHashMap<>();
        }
        this.h.put(revokedCertificate.a(), revokedCertificate);
        E();
    }

    public X509ExtensionSet g() {
        return this.i;
    }

    public X509Extension a(ASN1ObjectID aSN1ObjectID) {
        if (this.i != null) {
            return this.i.a(aSN1ObjectID);
        }
        return null;
    }

    public void a(X509ExtensionSet x509ExtensionSet) {
        this.i = x509ExtensionSet;
        E();
    }

    public void a(X509Extension x509Extension) {
        if (this.i == null) {
            this.i = new X509ExtensionSet();
        }
        this.i.a(x509Extension);
        E();
    }

    public RevokedCertificate b(BigInteger bigInteger) {
        if (this.h != null) {
            return this.h.get(bigInteger);
        }
        return null;
    }

    public Date c(BigInteger bigInteger) {
        RevokedCertificate b = b(bigInteger);
        if (b != null) {
            return b.getRevocationDate();
        }
        return null;
    }

    public boolean d(BigInteger bigInteger) {
        return b(bigInteger) != null;
    }

    public boolean h() {
        X509ExtensionSet b;
        if (this.i != null && this.i.d()) {
            return true;
        }
        if (this.h == null) {
            return false;
        }
        for (RevokedCertificate revokedCertificate : this.h.values()) {
            if (revokedCertificate != null && (b = revokedCertificate.b()) != null && b.d()) {
                return true;
            }
        }
        return false;
    }

    public boolean i() throws AuthException, IOException {
        return !h() && j() && k();
    }

    public boolean j() {
        Date date = new Date();
        if (date.before(this.f)) {
            return false;
        }
        return this.g == null || !date.after(this.g);
    }

    public boolean k() throws AuthException, IOException {
        ASN1Sequence C = C();
        try {
            Signature signatureInstance = JCEUtil.getSignatureInstance(CryptoUtils.getSignatureAlg(this.c));
            signatureInstance.initVerify(this.k);
            signatureInstance.update(Utils.toBytes(C));
            return signatureInstance.verify(u());
        } catch (InvalidKeyException e) {
            throw new AuthException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new AuthException(e2);
        } catch (SignatureException e3) {
            throw new AuthException(e3);
        }
    }

    public void l() throws SignatureException {
        ASN1Sequence C = C();
        try {
            try {
                try {
                    Signature signatureInstance = JCEUtil.getSignatureInstance(CryptoUtils.getSignatureAlg(this.c));
                    signatureInstance.initSign(this.j);
                    signatureInstance.update(Utils.toBytes(C));
                    this.d = signatureInstance.sign();
                    F();
                } catch (SignatureException e) {
                    throw new SignatureException(e);
                }
            } catch (InvalidKeyException e2) {
                throw new SignatureException(e2);
            } catch (NoSuchAlgorithmException e3) {
                throw new SignatureException(e3);
            }
        } catch (Throwable th) {
            F();
            throw th;
        }
    }

    public byte[] m() throws SignatureException {
        if (this.d == null) {
            l();
        }
        return this.d;
    }

    private ASN1Sequence C() {
        if (this.b == null) {
            ASN1Sequence aSN1Sequence = new ASN1Sequence();
            if (this.i != null && this.i.c() > 0) {
                aSN1Sequence.a(new ASN1Integer(1L));
            } else if (this.h != null && this.h.size() > 0) {
                Iterator<RevokedCertificate> it = this.h.values().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    RevokedCertificate next = it.next();
                    if (next.c() != null && next.c().size() > 0) {
                        aSN1Sequence.a(new ASN1Integer(1L));
                        break;
                    }
                }
            }
            if (this.c == null && this.j != null) {
                if (!this.j.getAlgorithm().equals(PKIConstants.RSA)) {
                    if (!this.j.getAlgorithm().equals(PKIConstants.DSA)) {
                        if (this.j.getAlgorithm().equals(PKIConstants.EC)) {
                            switch (((ECPrivateKey) this.j).getParams().getCurve().getField().getFieldSize()) {
                                case PKIConstants.AES256_KEY_LENGTH /* 256 */:
                                    this.c = AlgID.I;
                                    break;
                                case 384:
                                    this.c = AlgID.J;
                                    break;
                                case 512:
                                    this.c = AlgID.K;
                                    break;
                                default:
                                    this.c = AlgID.H;
                                    break;
                            }
                        }
                    } else {
                        this.c = AlgID.E;
                    }
                } else {
                    this.c = AlgID.B;
                }
            }
            aSN1Sequence.a(this.c);
            aSN1Sequence.a(this.e);
            Calendar calendar = Calendar.getInstance();
            calendar.setTime(this.f);
            aSN1Sequence.a(new ASN1Date(this.f, calendar.get(1) > 2049));
            if (this.g != null) {
                Calendar calendar2 = Calendar.getInstance();
                calendar2.setTime(this.g);
                aSN1Sequence.a(new ASN1Date(this.g, calendar2.get(1) > 2049));
            }
            if (this.h != null && this.h.size() > 0) {
                ASN1Sequence aSN1Sequence2 = new ASN1Sequence();
                Iterator<RevokedCertificate> it2 = this.h.values().iterator();
                while (it2.hasNext()) {
                    aSN1Sequence2.a(it2.next());
                }
                aSN1Sequence.a(aSN1Sequence2);
            }
            if (this.i != null && this.i.c() > 0) {
                aSN1Sequence.a(new ASN1GenericConstructed(this.i, 0));
            }
            this.b = aSN1Sequence;
        }
        return this.b;
    }

    private ASN1Sequence D() throws SignatureException {
        if (this.n == null) {
            ASN1Sequence aSN1Sequence = new ASN1Sequence();
            aSN1Sequence.a(C());
            aSN1Sequence.a(this.c);
            aSN1Sequence.a(new ASN1BitString(m()));
            this.n = aSN1Sequence;
        }
        return this.n;
    }

    @Override // oracle.security.pki.util.Streamable
    public void output(OutputStream outputStream) throws IOException {
        try {
            D().output(outputStream);
        } catch (SignatureException e) {
            throw new IOException(e.toString());
        }
    }

    @Override // oracle.security.pki.util.Streamable
    public void input(InputStream inputStream) throws IOException {
        E();
        ASN1SequenceInputStream aSN1SequenceInputStream = new ASN1SequenceInputStream(inputStream);
        this.b = new ASN1Sequence(aSN1SequenceInputStream);
        this.c = new AlgorithmIdentifier(aSN1SequenceInputStream);
        this.d = ASN1BitString.a(aSN1SequenceInputStream);
        aSN1SequenceInputStream.b();
        ASN1SequenceInputStream aSN1SequenceInputStream2 = new ASN1SequenceInputStream(Utils.toStream(this.b));
        if (aSN1SequenceInputStream2.d() == 2) {
            this.m = ASN1Integer.b(aSN1SequenceInputStream2).intValue() + 1;
        }
        if (!new AlgorithmIdentifier(aSN1SequenceInputStream2).equals(this.c)) {
            throw new IOException("Inconsistent signature algorithm IDs");
        }
        X500Name x500Name = new X500Name(aSN1SequenceInputStream2);
        if (this.e == null) {
            this.e = x500Name;
        } else if (!this.e.equals(x500Name)) {
            throw new IOException("Expected issuer {" + this.e + "}, got issuer {" + x500Name + "}");
        }
        this.f = ASN1Date.a(aSN1SequenceInputStream2);
        if (aSN1SequenceInputStream2.d() == 23 || aSN1SequenceInputStream2.d() == 24) {
            this.g = ASN1Date.a(aSN1SequenceInputStream2);
        } else {
            this.g = null;
        }
        if (aSN1SequenceInputStream2.d() == 16) {
            ASN1SequenceInputStream aSN1SequenceInputStream3 = new ASN1SequenceInputStream(aSN1SequenceInputStream2);
            this.h = new LinkedHashMap<>();
            while (aSN1SequenceInputStream3.a()) {
                RevokedCertificate revokedCertificate = new RevokedCertificate(aSN1SequenceInputStream3);
                this.h.put(revokedCertificate.a(), revokedCertificate);
            }
            aSN1SequenceInputStream3.b();
        } else {
            this.h = null;
        }
        if (aSN1SequenceInputStream2.d() == 0) {
            ASN1ConstructedInputStream aSN1ConstructedInputStream = new ASN1ConstructedInputStream(aSN1SequenceInputStream2);
            this.i = new X509ExtensionSet(aSN1ConstructedInputStream);
            aSN1ConstructedInputStream.b();
        } else {
            this.i = null;
        }
        aSN1SequenceInputStream2.b();
    }

    private void E() {
        F();
        this.b = null;
        this.d = null;
    }

    private void F() {
        this.n = null;
    }

    @Override // oracle.security.pki.util.Streamable
    public int length() {
        try {
            return D().length();
        } catch (SignatureException e) {
            throw new StreamableOutputException(e.toString());
        }
    }

    public boolean equals(Object obj) {
        if (obj == null || !(obj instanceof CRL)) {
            return false;
        }
        return a((CRL) obj);
    }

    private boolean a(CRL crl) {
        return Utils.areEqual(Utils.toBytes(this), Utils.toBytes(crl));
    }

    public String toString() {
        String str = "issuer = " + this.e + ", thisUpdate = " + this.f;
        if (this.g != null) {
            str = str + ", nextUpdate = " + this.g;
        }
        String str2 = str + ", revokedCertificates = {";
        if (this.h != null) {
            Iterator<RevokedCertificate> it = this.h.values().iterator();
            while (it.hasNext()) {
                str2 = str2 + "(" + it.next() + ")";
                if (it.hasNext()) {
                    str2 = str2 + ", ";
                }
            }
        }
        String str3 = str2 + "}";
        if (this.i != null && this.i.c() > 0) {
            str3 = str3 + ", extensions = " + this.i;
        }
        return str3;
    }

    public byte[] n() {
        try {
            return Utils.toBytes(D());
        } catch (SignatureException e) {
            throw new StreamableOutputException(e.toString());
        }
    }

    public Principal o() {
        return p();
    }

    public X500Principal p() {
        return a().g();
    }

    public Date q() {
        return c();
    }

    public X509CRLEntry b(X509Certificate x509Certificate) {
        return null;
    }

    public String r() {
        return CryptoUtils.getSignatureAlg(this.c);
    }

    public String s() {
        return this.c.a().d();
    }

    public byte[] t() {
        return Utils.toBytes(this.c.b());
    }

    public byte[] u() {
        try {
            return m();
        } catch (SignatureException e) {
            throw new RuntimeException(e);
        }
    }

    public byte[] v() throws CRLException {
        return Utils.toBytes(C());
    }

    public Date w() {
        return b();
    }

    public int x() {
        return this.m;
    }

    public int hashCode() {
        return Arrays.hashCode(Utils.toBytes(this));
    }

    public void a(PublicKey publicKey, String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        Signature signatureInstance = (str == null || TransitionMode.isFIPS140ModeEnabled()) ? JCEUtil.getSignatureInstance(r()) : Signature.getInstance(r(), str);
        signatureInstance.initVerify(publicKey);
        signatureInstance.update(v());
        if (!signatureInstance.verify(u())) {
            throw new SignatureException("Public key does not match");
        }
    }

    public void b(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        a(publicKey, (String) null);
    }

    public boolean a(java.security.cert.Certificate certificate) {
        BigInteger serialNumber = ((X509Certificate) certificate).getSerialNumber();
        return serialNumber != null && this.h.containsKey(serialNumber);
    }

    public Set<String> y() {
        return this.i.getCriticalExtensionOIDs();
    }

    public byte[] a(String str) {
        return this.i.getExtensionValue(str);
    }

    public Set<String> z() {
        return this.i.getNonCriticalExtensionOIDs();
    }

    public boolean A() {
        return h();
    }

    @Override // java.io.Externalizable
    public void writeExternal(ObjectOutput objectOutput) throws IOException {
        objectOutput.writeObject(Utils.toBytes(this));
    }

    @Override // java.io.Externalizable
    public void readExternal(ObjectInput objectInput) throws IOException, ClassNotFoundException {
        try {
            input(new ByteArrayInputStream((byte[]) objectInput.readObject()));
        } catch (ClassCastException e) {
            throw new IOException(e);
        }
    }

    public X509CRL B() {
        return this.a;
    }
}
