package com.ibm.security.pkcs9;

import com.bangcle.andJni.JniLib1602473862;
import com.ibm.misc.Debug;
import com.ibm.pkcs11.PKCS11Mechanism;
import com.ibm.security.pkcs5.PKCS5;
import com.ibm.security.pkcsutil.PKCSOID;
import com.ibm.security.util.DerInputStream;
import com.ibm.security.util.DerOutputStream;
import com.ibm.security.util.DerValue;
import com.ibm.security.util.ObjectIdentifier;
import com.ibm.security.x509.GeneralName;
import com.ibm.security.x509.GeneralNames;
import com.ibm.security.x509.PolicyInformation;
import com.ibm.security.x509.SerialNumber;
import com.ibm.security.x509.X500Name;
import java.io.IOException;
import java.io.OutputStream;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;

/* loaded from: classes2.dex */
public final class SigningCertificate extends PKCS9DerObject implements Cloneable {
    private static final int MAX_SIZE = 5;
    private volatile int cachedHashVal;
    private ArrayList<ESSCertID> certIds;
    private ArrayList<PolicyInformation> policyInfos;
    private static Debug debug = Debug.getInstance("ibmpkcs");
    private static String className = "com.ibm.security.pkcs9.SigningCertificate";

    public SigningCertificate(String str, boolean z) throws IOException {
        super(str, z);
        this.cachedHashVal = 0;
    }

    public SigningCertificate(String str, boolean z, String str2) throws IOException {
        super(str, z, str2);
        this.cachedHashVal = 0;
    }

    public SigningCertificate(byte[] bArr) throws IOException {
        super(bArr);
        this.cachedHashVal = 0;
    }

    public SigningCertificate(byte[] bArr, String str) throws IOException {
        super(bArr, str);
        this.cachedHashVal = 0;
    }

    public SigningCertificate(X509Certificate[] x509CertificateArr, PolicyInformation[] policyInformationArr, boolean z) throws NoSuchAlgorithmException, CertificateEncodingException {
        this.cachedHashVal = 0;
        if (x509CertificateArr != null && x509CertificateArr.length > 0) {
            java.security.MessageDigest messageDigest = java.security.MessageDigest.getInstance(PKCS5.MESSAGE_DIGEST_SHA);
            for (int i = 0; i < x509CertificateArr.length; i++) {
                messageDigest.update(x509CertificateArr[i].getEncoded());
                byte[] digest = messageDigest.digest();
                messageDigest.reset();
                if (z) {
                    SerialNumber serialNumber = new SerialNumber(x509CertificateArr[i].getSerialNumber());
                    GeneralNames generalNames = new GeneralNames();
                    generalNames.add(new GeneralName((X500Name) x509CertificateArr[i].getIssuerDN()));
                    addCertID(digest, serialNumber, generalNames);
                } else {
                    addCertID(digest, null, null);
                }
            }
        }
        if (policyInformationArr == null || policyInformationArr.length <= 0) {
            return;
        }
        for (PolicyInformation policyInformation : policyInformationArr) {
            addPolicyInfo(policyInformation);
        }
    }

    private void addCertID(byte[] bArr, SerialNumber serialNumber, GeneralNames generalNames) {
        JniLib1602473862.cV(this, bArr, serialNumber, generalNames, 874);
    }

    private void addPolicyInfo(PolicyInformation policyInformation) {
        JniLib1602473862.cV(this, policyInformation, 875);
    }

    public Object clone() {
        return JniLib1602473862.cL(this, Integer.valueOf(PKCS11Mechanism.CONCATENATE_BASE_AND_KEY));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.security.pkcs9.PKCS9DerObject, com.ibm.security.pkcsutil.PKCSDerObject
    public void decode(DerValue derValue) throws IOException {
        super.decode(derValue);
        Debug debug2 = debug;
        if (debug2 != null) {
            debug2.entry(16384L, className, "decode", derValue);
        }
        DerValue[] set = derValue.getTag() == 48 ? new DerInputStream(new DerInputStream(derValue.toByteArray()).getSequence(2)[1].toByteArray()).getSet(1) : new DerInputStream(derValue.toByteArray()).getSet(1);
        if (set[0].getTag() != 48) {
            Debug debug3 = debug;
            if (debug3 != null) {
                debug3.exit(16384L, className, "decode", derValue);
            }
            throw new IOException("Bad encoding for signingCertificate");
        }
        DerValue[] sequence = set[0].getData().getSequence(1);
        this.certIds = new ArrayList<>(sequence.length);
        for (DerValue derValue2 : sequence) {
            this.certIds.add(new ESSCertID(derValue2));
        }
        if (set[0].getData().available() > 0) {
            DerValue[] sequence2 = set[0].getData().getSequence(1);
            this.policyInfos = new ArrayList<>(sequence2.length);
            for (DerValue derValue3 : sequence2) {
                this.policyInfos.add(new PolicyInformation(derValue3.toByteArray()));
            }
        }
        Debug debug4 = debug;
        if (debug4 != null) {
            debug4.exit(16384L, className, "decode", derValue);
        }
    }

    @Override // com.ibm.security.pkcsutil.PKCSDerObject
    public void encode(OutputStream outputStream) throws IOException {
        Debug debug2 = debug;
        if (debug2 != null) {
            debug2.entry(16384L, className, "encode", outputStream);
        }
        if (this.certIds == null) {
            Debug debug3 = debug;
            if (debug3 != null) {
                debug3.text(16384L, className, "encode", "ESSCertID objects not specified.");
            }
            throw new IOException("ESSCertID objects not specified.");
        }
        DerOutputStream derOutputStream = new DerOutputStream();
        DerOutputStream derOutputStream2 = new DerOutputStream();
        Iterator<ESSCertID> it = this.certIds.iterator();
        while (it.hasNext()) {
            it.next().encode(derOutputStream2);
        }
        derOutputStream.write((byte) 48, derOutputStream2);
        ArrayList<PolicyInformation> arrayList = this.policyInfos;
        if (arrayList != null && arrayList.size() > 0) {
            DerOutputStream derOutputStream3 = new DerOutputStream();
            Iterator<PolicyInformation> it2 = this.policyInfos.iterator();
            while (it2.hasNext()) {
                it2.next().encode(derOutputStream3);
            }
            derOutputStream.write((byte) 48, derOutputStream3);
        }
        DerOutputStream[] derOutputStreamArr = {new DerOutputStream()};
        derOutputStreamArr[0].write((byte) 48, derOutputStream);
        DerOutputStream derOutputStream4 = new DerOutputStream();
        derOutputStream4.putOID(getObjectIdentifier());
        derOutputStream4.putOrderedSetOf((byte) 49, derOutputStreamArr);
        DerOutputStream derOutputStream5 = new DerOutputStream();
        derOutputStream5.write((byte) 48, derOutputStream4);
        outputStream.write(derOutputStream5.toByteArray());
        Debug debug4 = debug;
        if (debug4 != null) {
            debug4.exit(16384L, className, "encode");
        }
    }

    @Override // com.ibm.security.pkcsutil.PKCSDerObject
    public boolean equals(Object obj) {
        return JniLib1602473862.cZ(this, obj, 865);
    }

    @Override // com.ibm.security.pkcs9.PKCS9DerObject
    public String getAttributeName() {
        return (String) JniLib1602473862.cL(this, Integer.valueOf(PKCS11Mechanism.CONCATENATE_BASE_AND_DATA));
    }

    @Override // com.ibm.security.pkcsutil.PKCSDerObject, com.ibm.security.pkcs12.Bag
    public ObjectIdentifier getObjectIdentifier() {
        return PKCSOID.SIGNING_CERTIFICATE_OID;
    }

    public Iterator<PolicyInformation> getPolicyInfos() {
        return (Iterator) JniLib1602473862.cL(this, Integer.valueOf(PKCS11Mechanism.CONCATENATE_DATA_AND_BASE));
    }

    @Override // com.ibm.security.pkcs9.PKCS9DerObject
    public Object getValue() {
        return clone();
    }

    public byte[] getVerificationCertificateHash() {
        return (byte[]) JniLib1602473862.cL(this, Integer.valueOf(PKCS11Mechanism.XOR_BASE_AND_DATA));
    }

    public GeneralNames getVerificationCertificateIssuer() {
        return (GeneralNames) JniLib1602473862.cL(this, Integer.valueOf(PKCS11Mechanism.EXTRACT_KEY_FROM_KEY));
    }

    public SerialNumber getVerificationCertificateSerialNumber() throws IOException {
        return (SerialNumber) JniLib1602473862.cL(this, 870);
    }

    @Override // com.ibm.security.pkcsutil.PKCSDerObject
    public int hashCode() {
        return JniLib1602473862.cI(this, 871);
    }

    public boolean isAuthorizationCertificate(X509Certificate x509Certificate) throws IOException, NoSuchAlgorithmException, CertificateEncodingException {
        boolean z;
        ArrayList<ESSCertID> arrayList = this.certIds;
        if (arrayList == null || arrayList.size() == 0) {
            return false;
        }
        if (this.certIds.size() == 1) {
            return true;
        }
        java.security.MessageDigest messageDigest = java.security.MessageDigest.getInstance(PKCS5.MESSAGE_DIGEST_SHA);
        messageDigest.update(x509Certificate.getEncoded());
        byte[] digest = messageDigest.digest();
        SerialNumber serialNumber = new SerialNumber(x509Certificate.getSerialNumber());
        GeneralNames generalNames = new GeneralNames();
        generalNames.add(new GeneralName((X500Name) x509Certificate.getIssuerDN()));
        for (int i = 1; i < this.certIds.size(); i++) {
            ESSCertID eSSCertID = this.certIds.get(i);
            byte[] certHash = eSSCertID.getCertHash();
            if (digest.length == certHash.length) {
                int i2 = 0;
                while (true) {
                    if (i2 >= digest.length) {
                        z = true;
                        break;
                    }
                    if (digest[i2] != certHash[i2]) {
                        z = false;
                        break;
                    }
                    i2++;
                }
                boolean z2 = (eSSCertID.getIssuer() == null || eSSCertID.getSerialNumber() == null) ? true : eSSCertID.getIssuer().equals(generalNames) && eSSCertID.getSerialNumber().getNumber().equals(serialNumber.getNumber());
                if (z && z2) {
                    return true;
                }
            }
        }
        return false;
    }

    @Override // com.ibm.security.pkcs9.PKCS9DerObject
    public boolean isSingleValued() {
        return JniLib1602473862.cZ(this, 872);
    }

    @Override // com.ibm.security.pkcs9.PKCS9DerObject
    public boolean isTagValid(byte b) {
        return JniLib1602473862.cZ(this, Byte.valueOf(b), 873);
    }

    @Override // com.ibm.security.pkcsutil.PKCSDerObject
    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("[\n");
        Iterator<ESSCertID> it = this.certIds.iterator();
        while (it.hasNext()) {
            stringBuffer.append(it.next().toString());
        }
        ArrayList<PolicyInformation> arrayList = this.policyInfos;
        if (arrayList != null && arrayList.size() > 0) {
            Iterator<PolicyInformation> it2 = this.policyInfos.iterator();
            while (it2.hasNext()) {
                stringBuffer.append(it2.next().toString());
            }
        }
        stringBuffer.append("\n]");
        return stringBuffer.toString();
    }
}
