package signgate.provider.ec.codec.x509;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.text.DateFormat;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.TimeZone;
import signgate.javax.crypto.NoSuchPaddingException;
import signgate.javax.crypto.Signature;
import signgate.provider.ec.codec.asn1.ASN1BitString;
import signgate.provider.ec.codec.asn1.ASN1Choice;
import signgate.provider.ec.codec.asn1.ASN1Exception;
import signgate.provider.ec.codec.asn1.ASN1GeneralizedTime;
import signgate.provider.ec.codec.asn1.ASN1Integer;
import signgate.provider.ec.codec.asn1.ASN1Sequence;
import signgate.provider.ec.codec.asn1.ASN1SequenceOf;
import signgate.provider.ec.codec.asn1.ASN1TaggedType;
import signgate.provider.ec.codec.asn1.ASN1Time;
import signgate.provider.ec.codec.asn1.ASN1Type;
import signgate.provider.ec.codec.asn1.ASN1UTCTime;
import signgate.provider.ec.codec.asn1.Constraint;
import signgate.provider.ec.codec.asn1.ConstraintException;
import signgate.provider.ec.codec.asn1.DERDecoder;
import signgate.provider.ec.codec.asn1.DEREncoder;
import signgate.provider.ec.codec.asn1.Decoder;
import signgate.provider.ec.codec.asn1.Encoder;
import signgate.provider.ec.codec.util.JCA;
import signgate.provider.ec.codec.x501.BadNameException;
import signgate.provider.ec.codec.x501.Name;
import signgate.provider.oid.OID;

/* loaded from: input_file:signgate/provider/ec/codec/x509/X509Crl.class */
public class X509Crl extends X509CRL implements ASN1Type {
    private ASN1Sequence CertificateList;
    private ASN1Sequence TBSCertList;
    private ASN1Integer version;
    private AlgorithmIdentifier signatureAlgorithm;
    private Name issuer;
    private ASN1Choice thisUpdate;
    private ASN1Choice nextUpdate;
    private ASN1SequenceOf revokedCertificates;
    private ASN1SequenceOf crlExtensions;
    private AlgorithmIdentifier signatureAlgorithm2;
    private ASN1BitString signature;
    static Class class$signgate$provider$ec$codec$x509$CRLEntry;
    static Class class$signgate$provider$ec$codec$x509$X509Extension;

    public X509Crl() {
        Class cls;
        Class cls2;
        this.CertificateList = null;
        this.TBSCertList = null;
        this.version = null;
        this.signatureAlgorithm = null;
        this.issuer = null;
        this.thisUpdate = null;
        this.nextUpdate = null;
        this.revokedCertificates = null;
        this.crlExtensions = null;
        this.signatureAlgorithm2 = null;
        this.signature = null;
        this.CertificateList = new ASN1Sequence(3);
        this.TBSCertList = new ASN1Sequence(7);
        this.version = new ASN1Integer(1);
        this.version.setOptional(true);
        this.TBSCertList.add(this.version);
        this.signatureAlgorithm = new AlgorithmIdentifier();
        this.TBSCertList.add(this.signatureAlgorithm);
        this.issuer = new Name();
        this.TBSCertList.add(this.issuer);
        this.thisUpdate = new ASN1Choice();
        this.thisUpdate.addType(new ASN1UTCTime());
        this.thisUpdate.addType(new ASN1GeneralizedTime());
        this.TBSCertList.add(this.thisUpdate);
        this.nextUpdate = new ASN1Choice();
        this.nextUpdate.setOptional(true);
        this.nextUpdate.addType(new ASN1UTCTime());
        this.nextUpdate.addType(new ASN1GeneralizedTime());
        this.TBSCertList.add(this.nextUpdate);
        if (class$signgate$provider$ec$codec$x509$CRLEntry == null) {
            cls = class$("signgate.provider.ec.codec.x509.CRLEntry");
            class$signgate$provider$ec$codec$x509$CRLEntry = cls;
        } else {
            cls = class$signgate$provider$ec$codec$x509$CRLEntry;
        }
        this.revokedCertificates = new ASN1SequenceOf(cls);
        this.revokedCertificates.setOptional(true);
        this.TBSCertList.add(this.revokedCertificates);
        if (class$signgate$provider$ec$codec$x509$X509Extension == null) {
            cls2 = class$("signgate.provider.ec.codec.x509.X509Extension");
            class$signgate$provider$ec$codec$x509$X509Extension = cls2;
        } else {
            cls2 = class$signgate$provider$ec$codec$x509$X509Extension;
        }
        this.crlExtensions = new ASN1SequenceOf(cls2);
        this.TBSCertList.add(new ASN1TaggedType(0, (ASN1Type) this.crlExtensions, true, true));
        this.CertificateList.add(this.TBSCertList);
        this.signatureAlgorithm2 = new AlgorithmIdentifier();
        this.CertificateList.add(this.signatureAlgorithm);
        this.signature = new ASN1BitString();
        this.CertificateList.add(this.signature);
    }

    public X509Crl(Name name, Calendar calendar) {
        this();
        setIssuerDN(name);
        setThisUpdate(calendar);
    }

    public X509Crl(InputStream inputStream) throws ASN1Exception, IOException {
        this();
        decode(new DERDecoder(inputStream));
    }

    @Override // signgate.provider.ec.codec.asn1.ASN1Type
    public void setConstraint(Constraint constraint) {
        this.CertificateList.setConstraint(constraint);
    }

    @Override // signgate.provider.ec.codec.asn1.ASN1Type
    public Constraint getConstraint() {
        return this.CertificateList.getConstraint();
    }

    public void addEntry(CRLEntry cRLEntry) {
        this.revokedCertificates.add(cRLEntry);
        this.revokedCertificates.setOptional(false);
    }

    public void addExtension(X509Extension x509Extension) {
        if (x509Extension == null) {
            throw new NullPointerException("Extension is null!");
        }
        this.crlExtensions.add(x509Extension);
        try {
            this.version.setBigInteger(new BigInteger("1"));
        } catch (ASN1Exception e) {
            System.out.println("shouldnt happen:");
            e.printStackTrace();
        }
    }

    @Override // signgate.provider.ec.codec.asn1.ASN1Type
    public void checkConstraints() throws ConstraintException {
        this.CertificateList.checkConstraints();
    }

    public boolean containsCertificate(BigInteger bigInteger) {
        boolean z = false;
        Iterator it = this.revokedCertificates.iterator();
        while (it.hasNext() && !z) {
            if (((CRLEntry) it.next()).getSerialNumber().equals(bigInteger)) {
                z = true;
            }
        }
        return z;
    }

    @Override // signgate.provider.ec.codec.asn1.ASN1Type
    public void decode(Decoder decoder) throws ASN1Exception, IOException {
        this.CertificateList.decode(decoder);
    }

    @Override // signgate.provider.ec.codec.asn1.ASN1Type
    public void encode(Encoder encoder) throws ASN1Exception, IOException {
        this.CertificateList.encode(encoder);
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        HashSet hashSet = new HashSet();
        Iterator it = this.crlExtensions.iterator();
        while (it.hasNext()) {
            X509Extension x509Extension = (X509Extension) it.next();
            if (x509Extension.isCritical()) {
                hashSet.add(x509Extension.getOID().toString());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509CRL
    public byte[] getEncoded() throws CRLException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            this.CertificateList.encode(new DEREncoder(byteArrayOutputStream));
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            throw new CRLException(e.getMessage());
        }
    }

    public Collection getExtensions() {
        return this.crlExtensions.getCollection();
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        byte[] bArr = null;
        Iterator it = this.crlExtensions.iterator();
        while (it.hasNext()) {
            X509Extension x509Extension = (X509Extension) it.next();
            if (x509Extension.getOID().toString().equals(str)) {
                try {
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    x509Extension.encode(new DEREncoder(byteArrayOutputStream));
                    bArr = byteArrayOutputStream.toByteArray();
                } catch (Exception e) {
                }
            }
        }
        return bArr;
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        return this.issuer;
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        if (this.nextUpdate.isOptional()) {
            return null;
        }
        return ((ASN1Time) this.nextUpdate.getInnerType()).getDate();
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        HashSet hashSet = new HashSet();
        Iterator it = this.crlExtensions.iterator();
        while (it.hasNext()) {
            X509Extension x509Extension = (X509Extension) it.next();
            if (!x509Extension.isCritical()) {
                hashSet.add(x509Extension.getOID().toString());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        CRLEntry cRLEntry = null;
        Iterator it = this.revokedCertificates.iterator();
        while (it.hasNext() && cRLEntry == null) {
            CRLEntry cRLEntry2 = (CRLEntry) it.next();
            if (cRLEntry2.getSerialNumber().equals(bigInteger)) {
                cRLEntry = cRLEntry2;
            }
        }
        return cRLEntry;
    }

    @Override // java.security.cert.X509CRL
    public Set getRevokedCertificates() {
        HashSet hashSet = new HashSet();
        Iterator it = this.revokedCertificates.iterator();
        while (it.hasNext()) {
            hashSet.add((CRLEntry) it.next());
        }
        return hashSet;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        return JCA.getName(getSigAlgOID());
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        return this.signatureAlgorithm.getAlgorithmOID().toString();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        try {
            return this.signatureAlgorithm.getParameters().getEncoded();
        } catch (Exception e) {
            return null;
        }
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        return this.signature.getBytes();
    }

    @Override // signgate.provider.ec.codec.asn1.ASN1Type
    public int getTag() {
        return this.CertificateList.getTag();
    }

    @Override // signgate.provider.ec.codec.asn1.ASN1Type
    public int getTagClass() {
        return this.CertificateList.getTagClass();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() throws CRLException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            this.TBSCertList.encode(new DEREncoder(byteArrayOutputStream));
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            throw new CRLException(e.getMessage());
        }
    }

    public byte[] getTBSCertList(AlgorithmIdentifier algorithmIdentifier) throws CRLException {
        setSignatureAlgorithm(algorithmIdentifier);
        try {
            return getTBSCertList();
        } catch (Exception e) {
            throw new CRLException(e.getMessage());
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        return ((ASN1Time) this.thisUpdate.getInnerType()).getDate();
    }

    @Override // signgate.provider.ec.codec.asn1.ASN1Type
    public Object getValue() {
        return this.CertificateList.getValue();
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        return this.version.getBigInteger().intValue();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        for (String str : getCriticalExtensionOIDs()) {
        }
        return false;
    }

    @Override // signgate.provider.ec.codec.asn1.ASN1Type
    public boolean isExplicit() {
        return this.CertificateList.isExplicit();
    }

    @Override // signgate.provider.ec.codec.asn1.ASN1Type
    public boolean isOptional() {
        return this.CertificateList.isOptional();
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        boolean z = false;
        if (!(certificate instanceof java.security.cert.X509Certificate)) {
            return false;
        }
        try {
            BigInteger serialNumber = ((java.security.cert.X509Certificate) certificate).getSerialNumber();
            Iterator it = this.revokedCertificates.iterator();
            while (it.hasNext() && !z) {
                if (((CRLEntry) it.next()).getSerialNumber().equals(serialNumber)) {
                    z = true;
                }
            }
        } catch (Exception e) {
            z = true;
            System.out.println("Hinweis: sicherheitshalber als revoziert betrachtet!");
        }
        return z;
    }

    @Override // signgate.provider.ec.codec.asn1.ASN1Type
    public boolean isType(int i, int i2) {
        return this.CertificateList.isType(i, i2);
    }

    @Override // signgate.provider.ec.codec.asn1.ASN1Type
    public void setExplicit(boolean z) {
        this.CertificateList.setExplicit(z);
    }

    public void setIssuerDN(Principal principal) {
        if (principal instanceof Name) {
            this.issuer = (Name) principal;
            this.TBSCertList.set(2, principal);
        } else {
            try {
                this.issuer = new Name(principal.toString());
            } catch (BadNameException e) {
                throw new RuntimeException(new StringBuffer().append("bad principal name:").append(e.getMessage()).toString());
            }
        }
    }

    public void setNextUpdate(Calendar calendar) {
        ASN1Time aSN1Time = (ASN1Time) this.nextUpdate.getInnerType();
        if (aSN1Time == null) {
            aSN1Time = new ASN1UTCTime(calendar);
            this.nextUpdate.setInnerType(aSN1Time);
        }
        aSN1Time.setDate(calendar);
        this.nextUpdate.setOptional(false);
    }

    public void setNextUpdate(Date date) {
        Calendar calendar = Calendar.getInstance(TimeZone.getTimeZone("GMT"));
        calendar.setTime(date);
        setNextUpdate(calendar);
    }

    @Override // signgate.provider.ec.codec.asn1.ASN1Type
    public void setOptional(boolean z) {
        this.CertificateList.setOptional(z);
    }

    public void setSignature(byte[] bArr) {
        try {
            this.signature.setBits(bArr, 0);
        } catch (ConstraintException e) {
        }
    }

    public void setSignatureAlgorithm(AlgorithmIdentifier algorithmIdentifier) {
        this.signatureAlgorithm = algorithmIdentifier;
        this.CertificateList.set(1, this.signatureAlgorithm);
        this.signatureAlgorithm2 = (AlgorithmIdentifier) algorithmIdentifier.clone();
        this.TBSCertList.set(1, this.signatureAlgorithm2);
    }

    public void setThisUpdate(Calendar calendar) {
        ASN1Time aSN1Time = (ASN1Time) this.thisUpdate.getInnerType();
        if (aSN1Time == null) {
            aSN1Time = new ASN1UTCTime(calendar);
            this.thisUpdate.setInnerType(aSN1Time);
        }
        aSN1Time.setDate(calendar);
    }

    public void setThisUpdate(Date date) {
        Calendar calendar = Calendar.getInstance(TimeZone.getTimeZone("GMT"));
        calendar.setTime(date);
        setThisUpdate(calendar);
    }

    @Override // java.security.cert.CRL
    public String toString() {
        return toString(OID.nullOID);
    }

    public String toString(String str) {
        String stringBuffer;
        String stringBuffer2 = new StringBuffer().append(new StringBuffer().append(new StringBuffer().append(new StringBuffer().append(str).append("X.509 Certificate Revocation List (V").toString()).append(this.version.getBigInteger().intValue() + 1).append("):").toString()).append("\n").append(str).append("issuer:").append(getIssuerDN().toString()).toString()).append("\n").append(str).append("this update:").append(DateFormat.getDateTimeInstance(0, 0).format(getThisUpdate())).toString();
        if (!this.nextUpdate.isOptional()) {
            stringBuffer2 = new StringBuffer().append(stringBuffer2).append("\n").append(str).append("next update:").append(DateFormat.getDateTimeInstance(0, 0).format(getNextUpdate())).toString();
        }
        if (this.revokedCertificates.isEmpty()) {
            stringBuffer = new StringBuffer().append(stringBuffer2).append("\n").append(str).append("no revoked certificates.").toString();
        } else {
            stringBuffer = new StringBuffer().append(stringBuffer2).append("\n").append(str).append("revoked certificates:").toString();
            int i = 1;
            Iterator it = this.revokedCertificates.iterator();
            while (it.hasNext()) {
                stringBuffer = new StringBuffer().append(new StringBuffer().append(stringBuffer).append("\n").append(str).append(String.valueOf(i)).append(":").toString()).append(((CRLEntry) it.next()).toString(new StringBuffer().append(str).append("  ").toString())).toString();
                i++;
            }
        }
        if (!this.crlExtensions.isEmpty()) {
            stringBuffer = new StringBuffer().append(stringBuffer).append("\n").append(str).append("CRL Extensions:").toString();
            Iterator it2 = this.crlExtensions.iterator();
            while (it2.hasNext()) {
                stringBuffer = new StringBuffer().append(stringBuffer).append("\n").append(((X509Extension) it2.next()).toString(new StringBuffer().append(str).append(" ").toString())).toString();
            }
        }
        return new StringBuffer().append(new StringBuffer().append(stringBuffer).append("\n").append(str).append("signature algorithm:").append(getSigAlgName()).toString()).append("\n").append(str).append("signature:").append(this.signature.toString()).toString();
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        verify(publicKey, OID.nullOID);
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        Signature signature = null;
        String sigAlgOID = getSigAlgOID();
        String sigAlgName = getSigAlgName();
        try {
            if (str.equals(OID.nullOID)) {
                try {
                    signature = Signature.getInstance(sigAlgName);
                } catch (NoSuchProviderException e) {
                    new SignatureException();
                } catch (NoSuchPaddingException e2) {
                    new SignatureException();
                }
            } else {
                signature = Signature.getInstance(sigAlgName, str);
            }
        } catch (NoSuchAlgorithmException e3) {
            if (str.equals(OID.nullOID)) {
                try {
                    signature = Signature.getInstance(sigAlgOID);
                } catch (NoSuchAlgorithmException e4) {
                    new SignatureException();
                } catch (NoSuchProviderException e5) {
                    new SignatureException();
                } catch (NoSuchPaddingException e6) {
                    new SignatureException();
                }
            } else {
                signature = Signature.getInstance(sigAlgOID, str);
            }
        }
        signature.initVerify(publicKey);
        signature.update(getTBSCertList());
        if (!signature.verify(getSignature())) {
            throw new SignatureException("Invalid Signature!");
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }
}
