package oracle.security.crypto.cert;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInput;
import java.io.ObjectOutput;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import oracle.security.crypto.asn1.ASN1BitString;
import oracle.security.crypto.asn1.ASN1ConstructedInputStream;
import oracle.security.crypto.asn1.ASN1Date;
import oracle.security.crypto.asn1.ASN1GenericConstructed;
import oracle.security.crypto.asn1.ASN1Integer;
import oracle.security.crypto.asn1.ASN1Object;
import oracle.security.crypto.asn1.ASN1ObjectID;
import oracle.security.crypto.asn1.ASN1Sequence;
import oracle.security.crypto.asn1.ASN1SequenceInputStream;
import oracle.security.crypto.cert.ext.BasicConstraintsExtension;
import oracle.security.crypto.cert.ext.ExtKeyUsageExtension;
import oracle.security.crypto.cert.ext.IssuerAltNameExtension;
import oracle.security.crypto.cert.ext.KeyUsageExtension;
import oracle.security.crypto.cert.ext.SubjectAltNameExtension;
import oracle.security.crypto.core.AlgID;
import oracle.security.crypto.core.AlgorithmIdentifier;
import oracle.security.crypto.core.AuthenticationException;
import oracle.security.crypto.core.RandomBitsSource;
import oracle.security.crypto.util.CryptoUtils;
import oracle.security.crypto.util.InvalidInputException;
import oracle.security.crypto.util.OutputGenerationException;
import oracle.security.crypto.util.StreamableOutputException;
import oracle.security.crypto.util.UnsyncByteArrayInputStream;
import oracle.security.crypto.util.Utils;
import oracle.security.pki.PKIConstants;
import org.apache.http.protocol.HTTP;

/* loaded from: input_file:BOOT-INF/lib/osdt_core-12.2.0.1.jar:oracle/security/crypto/cert/X509.class */
public class X509 extends Certificate implements ASN1Object {
    private ASN1Sequence tbsCert;
    private AlgorithmIdentifier sigAlgID;
    private byte[] sigBytes;
    private BigInteger serialNo;
    private X500Name issuer;
    private Date notBeforeDate;
    private Date notAfterDate;
    private X509ExtensionSet extensions;
    private PrivateKey issuerPrivateKey;
    private CRL issuerCRL;
    private X509Certificate issuerCertificate;
    protected boolean isDecoded;
    private int version;
    private boolean[] issuerID;
    private boolean[] subjectID;
    private ASN1Sequence contents;
    private transient MessageDigest md5;
    X509CertificateImpl certImpl;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/osdt_core-12.2.0.1.jar:oracle/security/crypto/cert/X509$X509CertificateImpl.class */
    public class X509CertificateImpl extends X509Certificate {
        X509CertificateImpl() {
        }

        @Override // java.security.cert.X509Certificate
        public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
            X509.this.checkValidity();
        }

        @Override // java.security.cert.X509Certificate
        public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
            X509.this.checkValidity(date);
        }

        @Override // java.security.cert.X509Certificate
        public int getBasicConstraints() {
            return X509.this.getBasicConstraints();
        }

        @Override // java.security.cert.X509Certificate
        public Principal getIssuerDN() {
            return X509.this.getIssuerDN();
        }

        @Override // java.security.cert.X509Certificate
        public X500Principal getIssuerX500Principal() {
            return X509.this.getIssuerX500Principal();
        }

        @Override // java.security.cert.X509Certificate
        public X500Principal getSubjectX500Principal() {
            return X509.this.getSubjectX500Principal();
        }

        @Override // java.security.cert.X509Certificate
        public boolean[] getIssuerUniqueID() {
            return X509.this.getIssuerUniqueID();
        }

        @Override // java.security.cert.X509Certificate
        public boolean[] getKeyUsage() {
            return X509.this.getKeyUsage();
        }

        @Override // java.security.cert.X509Certificate
        public Date getNotAfter() {
            return X509.this.getNotAfter();
        }

        @Override // java.security.cert.X509Certificate
        public Date getNotBefore() {
            return X509.this.getNotBefore();
        }

        @Override // java.security.cert.X509Certificate
        public BigInteger getSerialNumber() {
            return X509.this.getSerialNumber();
        }

        @Override // java.security.cert.X509Certificate
        public String getSigAlgName() {
            return X509.this.getSigAlgName();
        }

        @Override // java.security.cert.X509Certificate
        public String getSigAlgOID() {
            return X509.this.getSigAlgOID().toStringCompact();
        }

        @Override // java.security.cert.X509Certificate
        public byte[] getSigAlgParams() {
            return X509.this.getSigAlgParams();
        }

        @Override // java.security.cert.X509Certificate
        public byte[] getSignature() {
            return X509.this.getSignature();
        }

        @Override // java.security.cert.X509Certificate
        public Principal getSubjectDN() {
            return X509.this.getSubjectDN();
        }

        @Override // java.security.cert.X509Certificate
        public boolean[] getSubjectUniqueID() {
            return X509.this.getSubjectUniqueID();
        }

        @Override // java.security.cert.X509Certificate
        public byte[] getTBSCertificate() throws CertificateEncodingException {
            return X509.this.getTBSCertificate();
        }

        @Override // java.security.cert.X509Certificate
        public int getVersion() {
            return X509.this.getVersion();
        }

        @Override // java.security.cert.Certificate
        public byte[] getEncoded() throws CertificateEncodingException {
            return X509.this.getEncoded();
        }

        @Override // java.security.cert.Certificate
        public PublicKey getPublicKey() {
            return X509.this.getPublicKey();
        }

        @Override // java.security.cert.Certificate
        public String toString() {
            return X509.this.toString();
        }

        @Override // java.security.cert.Certificate
        public void verify(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
            X509.this.verify(publicKey, str);
        }

        @Override // java.security.cert.Certificate
        public void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
            X509.this.verify(publicKey);
        }

        @Override // java.security.cert.X509Extension
        public Set<String> getCriticalExtensionOIDs() {
            return X509.this.getCriticalExtensionOIDs();
        }

        @Override // java.security.cert.X509Extension
        public byte[] getExtensionValue(String str) {
            return X509.this.getExtensionValue(str);
        }

        @Override // java.security.cert.X509Extension
        public Set<String> getNonCriticalExtensionOIDs() {
            return X509.this.getNonCriticalExtensionOIDs();
        }

        @Override // java.security.cert.X509Extension
        public boolean hasUnsupportedCriticalExtension() {
            return X509.this.hasUnsupportedCriticalExtension();
        }

        @Override // java.security.cert.X509Certificate
        public List<String> getExtendedKeyUsage() throws CertificateParsingException {
            return X509.this.getExtendedKeyUsage();
        }

        @Override // java.security.cert.X509Certificate
        public Collection<List<?>> getIssuerAlternativeNames() throws CertificateParsingException {
            return X509.this.getIssuerAlternativeNames();
        }

        @Override // java.security.cert.X509Certificate
        public Collection<List<?>> getSubjectAlternativeNames() throws CertificateParsingException {
            return X509.this.getSubjectAlternativeNames();
        }

        @Override // java.security.cert.Certificate
        public boolean equals(Object obj) {
            return X509.this.equals(obj);
        }

        @Override // java.security.cert.Certificate
        public int hashCode() {
            return X509.this.hashCode();
        }

        public X509 toX509() {
            return X509.this;
        }
    }

    public X509() {
        this.extensions = null;
        this.isDecoded = false;
        this.version = 3;
        this.contents = null;
        this.md5 = null;
        this.certImpl = new X509CertificateImpl();
    }

    public X509(InputStream inputStream) throws IOException {
        this.extensions = null;
        this.isDecoded = false;
        this.version = 3;
        this.contents = null;
        this.md5 = null;
        this.certImpl = new X509CertificateImpl();
        input(inputStream);
    }

    public X509(File file) throws IOException {
        this.extensions = null;
        this.isDecoded = false;
        this.version = 3;
        this.contents = null;
        this.md5 = null;
        this.certImpl = new X509CertificateImpl();
        FileInputStream fileInputStream = new FileInputStream(file);
        input(fileInputStream);
        fileInputStream.close();
    }

    public X509(URL url) throws IOException {
        this.extensions = null;
        this.isDecoded = false;
        this.version = 3;
        this.contents = null;
        this.md5 = null;
        this.certImpl = new X509CertificateImpl();
        InputStream openStream = url.openStream();
        input(openStream);
        openStream.close();
    }

    public static X509 toX509(X509Certificate x509Certificate) {
        if (x509Certificate instanceof X509CertificateImpl) {
            return ((X509CertificateImpl) x509Certificate).toX509();
        }
        try {
            return new X509(x509Certificate.getEncoded());
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (CertificateEncodingException e2) {
            throw new RuntimeException(e2);
        }
    }

    public X509(byte[] bArr) throws IOException {
        this(new UnsyncByteArrayInputStream(bArr));
    }

    public X509(CertificateRequest certificateRequest, X509 x509, oracle.security.crypto.core.PrivateKey privateKey, BigInteger bigInteger, int i) throws oracle.security.crypto.core.SignatureException {
        this(certificateRequest, x509, privateKey, bigInteger, i, (AlgorithmIdentifier) null);
    }

    public X509(CertificateRequest certificateRequest, X509 x509, oracle.security.crypto.core.PrivateKey privateKey, BigInteger bigInteger, int i, AlgorithmIdentifier algorithmIdentifier) throws oracle.security.crypto.core.SignatureException {
        this();
        this.holder = certificateRequest.getSubject();
        this.key = certificateRequest.getPublicKey();
        setIssuerCertificate(x509);
        this.issuer = (X500Name) x509.getHolder();
        this.issuerPrivateKey = privateKey;
        this.serialNo = bigInteger;
        setValidity(i);
        if (algorithmIdentifier != null) {
            setSigAlgID(algorithmIdentifier);
        }
        sign();
    }

    public X509(X500Name x500Name, SPKAC spkac, X509 x509, oracle.security.crypto.core.PrivateKey privateKey, BigInteger bigInteger, int i) throws oracle.security.crypto.core.SignatureException {
        this();
        this.holder = x500Name;
        this.key = spkac.getPublicKey();
        setIssuerCertificate(x509);
        this.issuer = (X500Name) x509.getHolder();
        this.issuerPrivateKey = privateKey;
        this.serialNo = bigInteger;
        setValidity(i);
        sign();
    }

    public X509(X500Name x500Name, oracle.security.crypto.core.PublicKey publicKey, X500Name x500Name2, oracle.security.crypto.core.PrivateKey privateKey, BigInteger bigInteger, int i) throws oracle.security.crypto.core.SignatureException {
        this(x500Name, publicKey, x500Name2, privateKey, bigInteger, i, (AlgorithmIdentifier) null);
    }

    public X509(X500Name x500Name, oracle.security.crypto.core.PublicKey publicKey, X500Name x500Name2, oracle.security.crypto.core.PrivateKey privateKey, BigInteger bigInteger, int i, AlgorithmIdentifier algorithmIdentifier) throws oracle.security.crypto.core.SignatureException {
        this();
        this.holder = x500Name;
        this.key = publicKey;
        this.issuer = x500Name2;
        this.issuerPrivateKey = privateKey;
        this.serialNo = bigInteger;
        setValidity(i);
        if (algorithmIdentifier != null) {
            setSigAlgID(algorithmIdentifier);
        }
        sign();
    }

    public X509(X500Name x500Name, PublicKey publicKey, X500Name x500Name2, PrivateKey privateKey, BigInteger bigInteger, int i, AlgorithmIdentifier algorithmIdentifier) throws oracle.security.crypto.core.SignatureException {
        this();
        this.holder = x500Name;
        this.key = CryptoUtils.fromJCEPublicKey(publicKey);
        this.issuer = x500Name2;
        this.issuerPrivateKey = privateKey;
        this.serialNo = bigInteger;
        setValidity(i);
        if (algorithmIdentifier != null) {
            setSigAlgID(algorithmIdentifier);
        }
        sign();
    }

    public X509(X500Name x500Name, oracle.security.crypto.core.PublicKey publicKey, X500Name x500Name2, oracle.security.crypto.core.PrivateKey privateKey, BigInteger bigInteger, Date date, Date date2) throws oracle.security.crypto.core.SignatureException {
        this(x500Name, publicKey, x500Name2, privateKey, bigInteger, date, date2, (AlgorithmIdentifier) null);
    }

    public X509(X500Name x500Name, oracle.security.crypto.core.PublicKey publicKey, X500Name x500Name2, oracle.security.crypto.core.PrivateKey privateKey, BigInteger bigInteger, Date date, Date date2, AlgorithmIdentifier algorithmIdentifier) throws oracle.security.crypto.core.SignatureException {
        this();
        this.holder = x500Name;
        this.key = publicKey;
        this.issuer = x500Name2;
        this.issuerPrivateKey = privateKey;
        this.serialNo = bigInteger;
        this.notBeforeDate = date;
        this.notAfterDate = date2;
        if (algorithmIdentifier != null) {
            setSigAlgID(algorithmIdentifier);
        }
        sign();
    }

    public X509(X500Name x500Name, PublicKey publicKey, X500Name x500Name2, PrivateKey privateKey, BigInteger bigInteger, Date date, Date date2, AlgorithmIdentifier algorithmIdentifier) throws oracle.security.crypto.core.SignatureException {
        this();
        this.holder = x500Name;
        this.key = CryptoUtils.fromJCEPublicKey(publicKey);
        this.issuer = x500Name2;
        this.issuerPrivateKey = privateKey;
        this.serialNo = bigInteger;
        this.notBeforeDate = date;
        this.notAfterDate = date2;
        if (algorithmIdentifier != null) {
            setSigAlgID(algorithmIdentifier);
        }
        sign();
    }

    protected void decode() {
        this.isDecoded = true;
    }

    public void sign() throws oracle.security.crypto.core.SignatureException {
        if (!this.isDecoded) {
            decode();
        }
        if (this.issuerPrivateKey == null) {
            throw new oracle.security.crypto.core.SignatureException("Cannot sign certificate, no issuer private key set");
        }
        ASN1Sequence tBSCert = getTBSCert();
        try {
            if (this.sigAlgID == null) {
                throw new oracle.security.crypto.core.SignatureException("Cannot sign certificate, no signature algorithm set");
            }
            if (this.issuerPrivateKey.getAlgorithm().equals(PKIConstants.RSA) && CryptoUtils.getSignatureAlg(this.sigAlgID).contains("ECDSA")) {
                throw new oracle.security.crypto.core.SignatureException("Cannot create ECDSA signature using RSA keys");
            }
            Signature signature = Signature.getInstance(CryptoUtils.getSignatureAlg(this.sigAlgID));
            signature.initSign(this.issuerPrivateKey);
            signature.update(Utils.toBytes(tBSCert));
            this.sigBytes = signature.sign();
            reset();
        } catch (InvalidKeyException e) {
            throw new oracle.security.crypto.core.SignatureException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new oracle.security.crypto.core.SignatureException(e2);
        } catch (SignatureException e3) {
            throw new oracle.security.crypto.core.SignatureException(e3);
        }
    }

    public void sign(RandomBitsSource randomBitsSource) throws oracle.security.crypto.core.SignatureException {
        sign();
    }

    public byte[] getSigBytes() throws oracle.security.crypto.core.SignatureException {
        if (!this.isDecoded) {
            decode();
        }
        if (this.sigBytes == null) {
            sign();
        }
        return this.sigBytes;
    }

    @Override // oracle.security.crypto.util.Streamable
    public void input(InputStream inputStream) throws IOException {
        ASN1SequenceInputStream aSN1SequenceInputStream = new ASN1SequenceInputStream(inputStream);
        this.tbsCert = new ASN1Sequence(aSN1SequenceInputStream);
        this.sigAlgID = new AlgorithmIdentifier(aSN1SequenceInputStream);
        this.sigBytes = ASN1BitString.inputValue(aSN1SequenceInputStream);
        aSN1SequenceInputStream.terminate();
        ASN1SequenceInputStream aSN1SequenceInputStream2 = new ASN1SequenceInputStream(Utils.toStream(this.tbsCert));
        if (aSN1SequenceInputStream2.getCurrentTag() == 0) {
            ASN1ConstructedInputStream aSN1ConstructedInputStream = new ASN1ConstructedInputStream(aSN1SequenceInputStream2);
            this.version = ASN1Integer.inputValue(aSN1ConstructedInputStream).intValue() + 1;
            aSN1ConstructedInputStream.terminate();
        }
        this.serialNo = ASN1Integer.inputValue(aSN1SequenceInputStream2);
        if (!new AlgorithmIdentifier(aSN1SequenceInputStream2).equals(this.sigAlgID)) {
            throw new IOException("Inconsistent signature algorithm IDs");
        }
        X500Name x500Name = new X500Name(aSN1SequenceInputStream2);
        if (this.issuer == null) {
            this.issuer = x500Name;
        } else if (!this.issuer.equals(x500Name)) {
            throw new IOException("Expected issuer {" + this.issuer + "}, got issuer {" + x500Name + "}");
        }
        ASN1SequenceInputStream aSN1SequenceInputStream3 = new ASN1SequenceInputStream(aSN1SequenceInputStream2);
        this.notBeforeDate = ASN1Date.inputValue(aSN1SequenceInputStream3);
        this.notAfterDate = ASN1Date.inputValue(aSN1SequenceInputStream3);
        aSN1SequenceInputStream3.terminate();
        this.holder = new X500Name(aSN1SequenceInputStream2);
        this.key = CryptoUtils.inputSPKI(aSN1SequenceInputStream2);
        if (aSN1SequenceInputStream2.getCurrentTag() == 1) {
            ASN1BitString aSN1BitString = new ASN1BitString(aSN1SequenceInputStream2);
            this.issuerID = new boolean[aSN1BitString.bitLength()];
            int bitLength = aSN1BitString.bitLength();
            for (int i = 0; i < bitLength; i++) {
                this.issuerID[i] = aSN1BitString.testBit(i);
            }
        }
        if (aSN1SequenceInputStream2.getCurrentTag() == 2) {
            aSN1SequenceInputStream2.setCurrentTag(3);
            ASN1BitString aSN1BitString2 = new ASN1BitString(aSN1SequenceInputStream2);
            this.subjectID = new boolean[aSN1BitString2.bitLength()];
            int bitLength2 = aSN1BitString2.bitLength();
            for (int i2 = 0; i2 < bitLength2; i2++) {
                this.subjectID[i2] = aSN1BitString2.testBit(i2);
            }
        }
        if (aSN1SequenceInputStream2.getCurrentTag() == 3) {
            ASN1ConstructedInputStream aSN1ConstructedInputStream2 = new ASN1ConstructedInputStream(aSN1SequenceInputStream2);
            this.extensions = new X509ExtensionSet(aSN1ConstructedInputStream2);
            aSN1ConstructedInputStream2.terminate();
        } else {
            this.extensions = null;
        }
        aSN1SequenceInputStream2.terminate();
        reset();
    }

    private ASN1Sequence getTBSCert() throws oracle.security.crypto.core.SignatureException {
        if (!this.isDecoded) {
            decode();
        }
        if (this.tbsCert == null) {
            ASN1Sequence aSN1Sequence = new ASN1Sequence();
            if (this.extensions != null && this.extensions.size() > 0) {
                aSN1Sequence.addElement(new ASN1GenericConstructed(new ASN1Integer(2L), 0));
            }
            aSN1Sequence.addElement(new ASN1Integer(this.serialNo));
            if (this.sigAlgID == null && this.issuerPrivateKey != null) {
                if (!this.issuerPrivateKey.getAlgorithm().equals(PKIConstants.RSA)) {
                    if (!this.issuerPrivateKey.getAlgorithm().equals("DSA")) {
                        if (this.issuerPrivateKey.getAlgorithm().equals(PKIConstants.EC)) {
                            switch (((ECPrivateKey) this.issuerPrivateKey).getParams().getCurve().getField().getFieldSize()) {
                                case 256:
                                    this.sigAlgID = AlgID.ecdsaWithSHA256;
                                    break;
                                case 384:
                                    this.sigAlgID = AlgID.ecdsaWithSHA384;
                                    break;
                                case 512:
                                    this.sigAlgID = AlgID.ecdsaWithSHA512;
                                    break;
                                default:
                                    this.sigAlgID = AlgID.ecdsaWithSHA1;
                                    break;
                            }
                        }
                    } else {
                        this.sigAlgID = AlgID.dsaWithSHA1;
                    }
                } else {
                    this.sigAlgID = AlgID.sha256WithRSAEncryption;
                }
            }
            if (this.sigAlgID == null) {
                throw new oracle.security.crypto.core.SignatureException("Cannot build to-be-signed certificate, no signature algorithm set");
            }
            aSN1Sequence.addElement(this.sigAlgID);
            aSN1Sequence.addElement(this.issuer);
            ASN1Sequence aSN1Sequence2 = new ASN1Sequence();
            Calendar calendar = Calendar.getInstance();
            calendar.setTime(this.notBeforeDate);
            Calendar calendar2 = Calendar.getInstance();
            calendar2.setTime(this.notAfterDate);
            aSN1Sequence2.addElement(new ASN1Date(this.notBeforeDate, calendar.get(1) > 2049));
            aSN1Sequence2.addElement(new ASN1Date(this.notAfterDate, calendar2.get(1) > 2049));
            aSN1Sequence.addElement(aSN1Sequence2);
            aSN1Sequence.addElement((X500Name) this.holder);
            aSN1Sequence.addElement(CryptoUtils.subjectPublicKeyInfo(this.key));
            if (this.extensions != null && this.extensions.size() > 0) {
                aSN1Sequence.addElement(new ASN1GenericConstructed(this.extensions, 3));
            }
            this.tbsCert = aSN1Sequence;
        }
        return this.tbsCert;
    }

    private ASN1Sequence toASN1Sequence() throws oracle.security.crypto.core.SignatureException {
        if (this.contents == null) {
            ASN1Sequence aSN1Sequence = new ASN1Sequence();
            aSN1Sequence.addElement(getTBSCert());
            aSN1Sequence.addElement(this.sigAlgID);
            aSN1Sequence.addElement(new ASN1BitString(getSigBytes()));
            this.contents = aSN1Sequence;
        }
        return this.contents;
    }

    private void reset() {
        this.contents = null;
    }

    private void resetAll() {
        reset();
        this.tbsCert = null;
        this.sigBytes = null;
    }

    @Override // oracle.security.crypto.util.Streamable
    public void output(OutputStream outputStream) throws IOException {
        try {
            toASN1Sequence().output(outputStream);
        } catch (oracle.security.crypto.core.SignatureException e) {
            throw new OutputGenerationException((Exception) e);
        }
    }

    @Override // oracle.security.crypto.util.Streamable
    public int length() {
        try {
            return toASN1Sequence().length();
        } catch (oracle.security.crypto.core.SignatureException e) {
            throw new StreamableOutputException((Exception) e);
        }
    }

    public byte[] getEncoded() {
        try {
            return Utils.toBytes(toASN1Sequence());
        } catch (oracle.security.crypto.core.SignatureException e) {
            throw new StreamableOutputException((Exception) e);
        }
    }

    @Override // oracle.security.crypto.cert.Certificate
    public boolean verify() throws AuthenticationException {
        if (!this.isDecoded) {
            decode();
        }
        if (hasUnrecognizedCriticalExtension() || !verifyCertDate()) {
            return false;
        }
        if (this.issuerCertificate == null || (verifyCertSigner() && this.issuer.equals(this.issuerCertificate.getSubjectX500Principal()) && verifyCertSignature())) {
            return this.issuerCRL == null || verifyCertCRL();
        }
        return false;
    }

    private boolean verifyCertSigner() {
        if (!this.isDecoded) {
            decode();
        }
        this.issuerCertificate.getBasicConstraints();
        boolean[] keyUsage = this.issuerCertificate.getKeyUsage();
        return keyUsage == null || keyUsage[5];
    }

    public boolean verifyCertDate() {
        if (!this.isDecoded) {
            decode();
        }
        Date date = new Date();
        return (date.before(this.notBeforeDate) || date.after(this.notAfterDate)) ? false : true;
    }

    public boolean verifyCertSignature() throws AuthenticationException {
        if (!this.isDecoded) {
            decode();
        }
        if (this.issuerCertificate == null) {
            throw new IllegalStateException("Issuer certificate not set");
        }
        try {
            Signature signature = Signature.getInstance(CryptoUtils.getSignatureAlg(this.sigAlgID));
            signature.initVerify(this.issuerCertificate.getPublicKey());
            signature.update(Utils.toBytes(getTBSCert()));
            return signature.verify(getSigBytes());
        } catch (InvalidKeyException e) {
            throw new AuthenticationException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new AuthenticationException(e2);
        } catch (SignatureException e3) {
            throw new AuthenticationException(e3);
        } catch (oracle.security.crypto.core.SignatureException e4) {
            throw new AuthenticationException(e4);
        } catch (StreamableOutputException e5) {
            throw new AuthenticationException(e5);
        }
    }

    public boolean verifyCertCRL() {
        if (!this.isDecoded) {
            decode();
        }
        if (this.issuerCRL == null) {
            throw new IllegalStateException("Issuer CRL not set");
        }
        return !this.issuerCRL.isRevoked(this.serialNo);
    }

    @Override // oracle.security.crypto.cert.Certificate
    public Entity getHolder() {
        if (!this.isDecoded) {
            decode();
        }
        return this.holder;
    }

    public void setHolder(X500Name x500Name) {
        this.holder = x500Name;
        resetAll();
    }

    @Override // oracle.security.crypto.cert.Certificate
    public oracle.security.crypto.core.PublicKey getPublicKey() {
        if (!this.isDecoded) {
            decode();
        }
        return this.key;
    }

    public void setPublicKey(oracle.security.crypto.core.PublicKey publicKey) {
        setPublicKey((PublicKey) publicKey);
    }

    public void setPublicKey(PublicKey publicKey) {
        this.key = CryptoUtils.fromJCEPublicKey(publicKey);
        resetAll();
    }

    public Date getNotBeforeDate() {
        if (!this.isDecoded) {
            decode();
        }
        return this.notBeforeDate;
    }

    public void setNotBeforeDate(Date date) {
        this.notBeforeDate = date;
        resetAll();
    }

    public Date getNotAfterDate() {
        if (!this.isDecoded) {
            decode();
        }
        return this.notAfterDate;
    }

    public void setNotAfterDate(Date date) {
        this.notAfterDate = date;
        resetAll();
    }

    public void setValidity(int i) {
        this.notBeforeDate = new Date();
        this.notAfterDate = Utils.daysFrom(this.notBeforeDate, i);
        resetAll();
    }

    public X500Name getSubject() {
        if (!this.isDecoded) {
            decode();
        }
        return (X500Name) this.holder;
    }

    public void setSubject(X500Name x500Name) {
        this.holder = x500Name;
        resetAll();
    }

    public X500Name getIssuer() {
        if (!this.isDecoded) {
            decode();
        }
        return this.issuer;
    }

    public void setIssuer(X500Name x500Name) {
        this.issuer = x500Name;
        if (this.issuerCRL != null && !x500Name.equals(this.issuerCRL.getIssuer())) {
            throw new IllegalStateException("Certificate issuer does not match CRL issuer");
        }
        resetAll();
    }

    public void setIssuerCertificate(X509 x509) {
        setIssuerCertificate(x509.toX509Certificate());
    }

    public void setIssuerCertificate(X509Certificate x509Certificate) {
        this.issuerCertificate = x509Certificate;
        if (this.issuer == null) {
            if (x509Certificate instanceof X509CertificateImpl) {
                setIssuer(((X509CertificateImpl) x509Certificate).toX509().getIssuer());
            } else {
                setIssuer(X500Name.toX500Name(x509Certificate.getIssuerX500Principal()));
            }
        }
    }

    public void setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey privateKey) {
        setIssuerPrivateKey((PrivateKey) privateKey, (AlgorithmIdentifier) null);
    }

    public void setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey privateKey, AlgorithmIdentifier algorithmIdentifier) {
        setIssuerPrivateKey((PrivateKey) privateKey, (AlgorithmIdentifier) null);
    }

    public void setIssuerPrivateKey(PrivateKey privateKey, AlgorithmIdentifier algorithmIdentifier) {
        this.issuerPrivateKey = privateKey;
        setSigAlgID(algorithmIdentifier);
    }

    public void setSigAlgID(AlgorithmIdentifier algorithmIdentifier) {
        this.sigAlgID = algorithmIdentifier;
        resetAll();
    }

    public void setIssuerCRL(CRL crl) {
        if (!this.isDecoded) {
            decode();
        }
        this.issuerCRL = crl;
        if (this.issuer != null && !this.issuer.equals(crl.getIssuer())) {
            throw new IllegalStateException("CRL issuer does not match certificate issuer");
        }
    }

    public BigInteger getSerialNo() {
        if (!this.isDecoded) {
            decode();
        }
        return this.serialNo;
    }

    public void setSerialNo(BigInteger bigInteger) {
        this.serialNo = bigInteger;
        resetAll();
    }

    public boolean hasUnrecognizedCriticalExtension() {
        if (!this.isDecoded) {
            decode();
        }
        return this.extensions != null && this.extensions.hasUnrecognizedCriticalExtension();
    }

    public X509ExtensionSet getExtensionSet() {
        if (!this.isDecoded) {
            decode();
        }
        return this.extensions;
    }

    public X509Extension getExtension(ASN1ObjectID aSN1ObjectID) {
        if (!this.isDecoded) {
            decode();
        }
        if (this.extensions != null) {
            return this.extensions.getExtension(aSN1ObjectID);
        }
        return null;
    }

    public void setExtensions(X509ExtensionSet x509ExtensionSet) {
        this.extensions = x509ExtensionSet;
        resetAll();
    }

    public void addExtension(X509Extension x509Extension) {
        if (!this.isDecoded) {
            decode();
        }
        if (this.extensions == null) {
            this.extensions = new X509ExtensionSet();
        }
        this.extensions.addExtension(x509Extension);
        resetAll();
    }

    public byte[] getFingerprint() {
        if (!this.isDecoded) {
            decode();
        }
        try {
            if (this.md5 == null) {
                this.md5 = MessageDigest.getInstance("MD5");
            }
            return this.md5.digest(Utils.toBytes(toASN1Sequence()));
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("MD5 class not found. " + e.toString());
        } catch (oracle.security.crypto.core.SignatureException e2) {
            throw new IllegalStateException(e2);
        }
    }

    public static byte[] getCertID(X500Name x500Name, BigInteger bigInteger, oracle.security.crypto.core.MessageDigest messageDigest) {
        messageDigest.init();
        messageDigest.updateASCII(x500Name.toString());
        messageDigest.updateASCII(bigInteger.toString());
        messageDigest.computeCurrent();
        return messageDigest.getDigestBits();
    }

    public byte[] getCertID(oracle.security.crypto.core.MessageDigest messageDigest) {
        if (!this.isDecoded) {
            decode();
        }
        return getCertID(this.issuer, this.serialNo, messageDigest);
    }

    public byte[] getCertID(String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            if (!this.isDecoded) {
                decode();
            }
            messageDigest.update(this.issuer.toString().getBytes(HTTP.ASCII));
            messageDigest.update(this.serialNo.toString().getBytes(HTTP.ASCII));
            return messageDigest.digest();
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }

    public ASN1ObjectID getSigAlgOID() {
        try {
            getTBSCert();
            if (this.sigAlgID != null) {
                return this.sigAlgID.getOID();
            }
            throw new IllegalStateException("Signature algorithm not defined");
        } catch (oracle.security.crypto.core.SignatureException e) {
            throw new IllegalStateException(e);
        }
    }

    public String getSigAlgString() {
        return getSigAlgOID().toStringCompact();
    }

    public boolean verifySignature(byte[] bArr, byte[] bArr2, AlgorithmIdentifier algorithmIdentifier) throws AuthenticationException {
        if (!this.isDecoded) {
            decode();
        }
        try {
            Signature signature = Signature.getInstance(CryptoUtils.getSignatureAlg(algorithmIdentifier));
            signature.initVerify(this.key);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (InvalidKeyException e) {
            throw new AuthenticationException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new AuthenticationException(e2);
        } catch (SignatureException e3) {
            throw new AuthenticationException(e3);
        }
    }

    public boolean equals(Object obj) {
        if (!this.isDecoded) {
            decode();
        }
        if (obj == null) {
            return false;
        }
        if (obj instanceof X509) {
            return Utils.areEqual(Utils.toBytes(this), Utils.toBytes((X509) obj));
        }
        if (!(obj instanceof X509Certificate)) {
            return false;
        }
        try {
            return Utils.areEqual(Utils.toBytes(this), ((X509Certificate) obj).getEncoded());
        } catch (CertificateEncodingException e) {
            return false;
        }
    }

    public int hashCode() {
        if (!this.isDecoded) {
            decode();
        }
        return Arrays.hashCode(Utils.toBytes(this));
    }

    public String toString() {
        if (!this.isDecoded) {
            decode();
        }
        String str = ((((((("{ fingerprint = " + Utils.toHexString(getFingerprint())) + ", notBefore = " + this.notBeforeDate) + ", notAfter = " + this.notAfterDate) + ", holder = " + this.holder) + ", issuer = " + this.issuer) + ", serialNo = " + this.serialNo) + ", sigAlgOID = " + getSigAlgString()) + ", key = " + this.key;
        if (this.extensions != null && this.extensions.size() > 0) {
            String str2 = str + ", extensions = {";
            boolean z = false;
            Iterator<X509Extension> it = this.extensions.getExtensionsAsList().iterator();
            while (it.hasNext()) {
                if (z) {
                    str2 = str2 + ", ";
                }
                str2 = str2 + it.next();
                z = true;
            }
            str = str2 + " }";
        }
        return str + " }";
    }

    @Override // java.io.Externalizable
    public void writeExternal(ObjectOutput objectOutput) throws IOException {
        objectOutput.writeObject(Utils.toBytes(this));
    }

    @Override // java.io.Externalizable
    public void readExternal(ObjectInput objectInput) throws IOException, ClassNotFoundException {
        try {
            input(new UnsyncByteArrayInputStream((byte[]) objectInput.readObject()));
        } catch (ClassCastException e) {
            throw new InvalidInputException((Exception) e);
        }
    }

    public X509Certificate toX509Certificate() {
        return this.certImpl;
    }

    public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
        checkValidity(new Date());
    }

    public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
        if (date.before(this.notBeforeDate)) {
            throw new CertificateNotYetValidException("Certificate not yet valid");
        }
        if (date.after(this.notAfterDate)) {
            throw new CertificateExpiredException("Certificate expired");
        }
    }

    public int getBasicConstraints() {
        BasicConstraintsExtension basicConstraintsExtension = (BasicConstraintsExtension) this.extensions.getExtension(PKIX.id_ce_basicConstraints);
        if (basicConstraintsExtension == null) {
            return -1;
        }
        if (!basicConstraintsExtension.getCA()) {
            return 0;
        }
        if (basicConstraintsExtension.getPathLen() == null) {
            return Integer.MAX_VALUE;
        }
        return basicConstraintsExtension.getPathLen().intValue();
    }

    public Principal getIssuerDN() {
        return getIssuer().toX500Principal();
    }

    public X500Principal getIssuerX500Principal() {
        return getIssuer().toX500Principal();
    }

    public X500Principal getSubjectX500Principal() {
        return getSubject().toX500Principal();
    }

    public boolean[] getIssuerUniqueID() {
        return this.issuerID;
    }

    public boolean[] getKeyUsage() {
        return ((KeyUsageExtension) this.extensions.getExtension(PKIX.id_ce_keyUsage)).getKeyUsage();
    }

    public Date getNotAfter() {
        return getNotAfterDate();
    }

    public Date getNotBefore() {
        return getNotBeforeDate();
    }

    public BigInteger getSerialNumber() {
        return getSerialNo();
    }

    public String getSigAlgName() {
        return CryptoUtils.getSignatureAlg(this.sigAlgID);
    }

    public byte[] getSigAlgParams() {
        return Utils.toBytes(this.sigAlgID.getParameters());
    }

    public byte[] getSignature() {
        try {
            return getSigBytes();
        } catch (oracle.security.crypto.core.SignatureException e) {
            throw new RuntimeException(e);
        }
    }

    public Principal getSubjectDN() {
        return getSubjectX500Principal();
    }

    public boolean[] getSubjectUniqueID() {
        return this.subjectID;
    }

    public byte[] getTBSCertificate() throws CertificateEncodingException {
        try {
            return Utils.toBytes(getTBSCert());
        } catch (oracle.security.crypto.core.SignatureException e) {
            throw new RuntimeException(e);
        }
    }

    public int getVersion() {
        return this.version;
    }

    public void verify(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        Signature signature = str != null ? Signature.getInstance(getSigAlgName(), str) : Signature.getInstance(getSigAlgName());
        signature.initVerify(publicKey);
        signature.update(getTBSCertificate());
        if (!signature.verify(getSignature())) {
            throw new SignatureException("Public key does not match");
        }
    }

    public void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        verify(publicKey, null);
    }

    public Set<String> getCriticalExtensionOIDs() {
        return this.extensions.getCriticalExtensionOIDs();
    }

    public byte[] getExtensionValue(String str) {
        return this.extensions.getExtensionValue(str);
    }

    public Set<String> getNonCriticalExtensionOIDs() {
        return this.extensions.getNonCriticalExtensionOIDs();
    }

    public boolean hasUnsupportedCriticalExtension() {
        return this.extensions.hasUnsupportedCriticalExtension();
    }

    public List<String> getExtendedKeyUsage() throws CertificateParsingException {
        ExtKeyUsageExtension extKeyUsageExtension = (ExtKeyUsageExtension) this.extensions.getExtension(PKIX.id_ce_extKeyUsage);
        if (extKeyUsageExtension == null) {
            return null;
        }
        ArrayList<ASN1ObjectID> keyPurposesAsList = extKeyUsageExtension.getKeyPurposesAsList();
        ArrayList arrayList = new ArrayList();
        Iterator<ASN1ObjectID> it = keyPurposesAsList.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().toStringCompact());
        }
        return arrayList;
    }

    public Collection<List<?>> getIssuerAlternativeNames() throws CertificateParsingException {
        IssuerAltNameExtension issuerAltNameExtension = (IssuerAltNameExtension) this.extensions.getExtension(PKIX.id_ce_issuerAltName);
        if (issuerAltNameExtension == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        Iterator<GeneralName> it = issuerAltNameExtension.getIssuerAltName().iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getTypeAndValue());
        }
        return arrayList;
    }

    public Collection<List<?>> getSubjectAlternativeNames() throws CertificateParsingException {
        SubjectAltNameExtension subjectAltNameExtension = (SubjectAltNameExtension) this.extensions.getExtension(PKIX.id_ce_subjectAltName);
        if (subjectAltNameExtension == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        Iterator<GeneralName> it = subjectAltNameExtension.getSubjectAltName().iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getTypeAndValue());
        }
        return arrayList;
    }
}
