package oracle.security.pki.internal.cert;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInput;
import java.io.ObjectOutput;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import oracle.security.pki.JCEUtil;
import oracle.security.pki.PKIConstants;
import oracle.security.pki.TransitionMode;
import oracle.security.pki.exception.AuthException;
import oracle.security.pki.internal.asn1.ASN1BitString;
import oracle.security.pki.internal.asn1.ASN1ConstructedInputStream;
import oracle.security.pki.internal.asn1.ASN1Date;
import oracle.security.pki.internal.asn1.ASN1GenericConstructed;
import oracle.security.pki.internal.asn1.ASN1Integer;
import oracle.security.pki.internal.asn1.ASN1Object;
import oracle.security.pki.internal.asn1.ASN1ObjectID;
import oracle.security.pki.internal.asn1.ASN1Sequence;
import oracle.security.pki.internal.asn1.ASN1SequenceInputStream;
import oracle.security.pki.internal.cert.ext.BasicConstraintsExtension;
import oracle.security.pki.internal.cert.ext.ExtKeyUsageExtension;
import oracle.security.pki.internal.cert.ext.IssuerAltNameExtension;
import oracle.security.pki.internal.cert.ext.KeyUsageExtension;
import oracle.security.pki.internal.cert.ext.SubjectAltNameExtension;
import oracle.security.pki.internal.core.AlgID;
import oracle.security.pki.internal.core.AlgorithmIdentifier;
import oracle.security.pki.util.CryptoUtils;
import oracle.security.pki.util.KeyWrapper;
import oracle.security.pki.util.StreamableOutputException;
import oracle.security.pki.util.Utils;

/* loaded from: input_file:oracle/security/pki/internal/cert/X509.class */
public class X509 extends Certificate implements ASN1Object {
    private ASN1Sequence e;
    private AlgorithmIdentifier f;
    private byte[] g;
    private BigInteger h;
    private X500Name i;
    private Date j;
    private Date k;
    private X509ExtensionSet l;
    private PrivateKey m;
    private CRL n;
    private X509Certificate o;
    protected boolean c;
    private int p;
    private boolean[] q;
    private boolean[] r;
    private ASN1Sequence s;
    X509CertificateImpl d;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:oracle/security/pki/internal/cert/X509$X509CertificateImpl.class */
    public class X509CertificateImpl extends X509Certificate {
        X509CertificateImpl() {
        }

        @Override // java.security.cert.X509Certificate
        public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
            X509.this.v();
        }

        @Override // java.security.cert.X509Certificate
        public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
            X509.this.c(date);
        }

        @Override // java.security.cert.X509Certificate
        public int getBasicConstraints() {
            return X509.this.w();
        }

        @Override // java.security.cert.X509Certificate
        public Principal getIssuerDN() {
            return X509.this.x();
        }

        @Override // java.security.cert.X509Certificate
        public X500Principal getIssuerX500Principal() {
            return X509.this.y();
        }

        @Override // java.security.cert.X509Certificate
        public X500Principal getSubjectX500Principal() {
            return X509.this.z();
        }

        @Override // java.security.cert.X509Certificate
        public boolean[] getIssuerUniqueID() {
            return X509.this.A();
        }

        @Override // java.security.cert.X509Certificate
        public boolean[] getKeyUsage() {
            return X509.this.B();
        }

        @Override // java.security.cert.X509Certificate
        public Date getNotAfter() {
            return X509.this.C();
        }

        @Override // java.security.cert.X509Certificate
        public Date getNotBefore() {
            return X509.this.D();
        }

        @Override // java.security.cert.X509Certificate
        public BigInteger getSerialNumber() {
            return X509.this.E();
        }

        @Override // java.security.cert.X509Certificate
        public String getSigAlgName() {
            return X509.this.F();
        }

        @Override // java.security.cert.X509Certificate
        public String getSigAlgOID() {
            return X509.this.s().d();
        }

        @Override // java.security.cert.X509Certificate
        public byte[] getSigAlgParams() {
            return X509.this.G();
        }

        @Override // java.security.cert.X509Certificate
        public byte[] getSignature() {
            return X509.this.H();
        }

        @Override // java.security.cert.X509Certificate
        public Principal getSubjectDN() {
            return X509.this.I();
        }

        @Override // java.security.cert.X509Certificate
        public boolean[] getSubjectUniqueID() {
            return X509.this.J();
        }

        @Override // java.security.cert.X509Certificate
        public byte[] getTBSCertificate() throws CertificateEncodingException {
            return X509.this.K();
        }

        @Override // java.security.cert.X509Certificate
        public int getVersion() {
            return X509.this.L();
        }

        @Override // java.security.cert.Certificate
        public byte[] getEncoded() throws CertificateEncodingException {
            return X509.this.g();
        }

        @Override // java.security.cert.Certificate
        public PublicKey getPublicKey() {
            return X509.this.b();
        }

        @Override // java.security.cert.Certificate
        public String toString() {
            return X509.this.toString();
        }

        @Override // java.security.cert.Certificate
        public void verify(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
            X509.this.a(publicKey, str);
        }

        @Override // java.security.cert.Certificate
        public void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
            X509.this.b(publicKey);
        }

        @Override // java.security.cert.X509Extension
        public Set<String> getCriticalExtensionOIDs() {
            return X509.this.M();
        }

        @Override // java.security.cert.X509Extension
        public byte[] getExtensionValue(String str) {
            return X509.this.b(str);
        }

        @Override // java.security.cert.X509Extension
        public Set<String> getNonCriticalExtensionOIDs() {
            return X509.this.N();
        }

        @Override // java.security.cert.X509Extension
        public boolean hasUnsupportedCriticalExtension() {
            return X509.this.O();
        }

        @Override // java.security.cert.X509Certificate
        public List<String> getExtendedKeyUsage() throws CertificateParsingException {
            return X509.this.P();
        }

        @Override // java.security.cert.X509Certificate
        public Collection<List<?>> getIssuerAlternativeNames() throws CertificateParsingException {
            return X509.this.Q();
        }

        @Override // java.security.cert.X509Certificate
        public Collection<List<?>> getSubjectAlternativeNames() throws CertificateParsingException {
            return X509.this.R();
        }

        @Override // java.security.cert.Certificate
        public boolean equals(Object obj) {
            return X509.this.equals(obj);
        }

        @Override // java.security.cert.Certificate
        public int hashCode() {
            return X509.this.hashCode();
        }

        public X509 a() {
            return X509.this;
        }
    }

    public X509() {
        this.l = null;
        this.c = false;
        this.p = 3;
        this.s = null;
        this.d = new X509CertificateImpl();
    }

    public X509(InputStream inputStream) throws IOException {
        this.l = null;
        this.c = false;
        this.p = 3;
        this.s = null;
        this.d = new X509CertificateImpl();
        input(inputStream);
    }

    public X509(File file) throws IOException {
        this.l = null;
        this.c = false;
        this.p = 3;
        this.s = null;
        this.d = new X509CertificateImpl();
        FileInputStream fileInputStream = new FileInputStream(file);
        input(fileInputStream);
        fileInputStream.close();
    }

    public X509(URL url) throws IOException {
        this.l = null;
        this.c = false;
        this.p = 3;
        this.s = null;
        this.d = new X509CertificateImpl();
        InputStream openStream = url.openStream();
        input(openStream);
        openStream.close();
    }

    public static X509 a(X509Certificate x509Certificate) {
        if (x509Certificate instanceof X509CertificateImpl) {
            return ((X509CertificateImpl) x509Certificate).a();
        }
        try {
            return new X509(x509Certificate.getEncoded());
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (CertificateEncodingException e2) {
            throw new RuntimeException(e2);
        }
    }

    public X509(byte[] bArr) throws IOException {
        this(new ByteArrayInputStream(bArr));
    }

    public X509(X500Name x500Name, PublicKey publicKey, X500Name x500Name2, PrivateKey privateKey, BigInteger bigInteger, int i, AlgorithmIdentifier algorithmIdentifier) throws SignatureException {
        this();
        this.a = x500Name;
        this.b = publicKey;
        this.i = x500Name2;
        this.m = privateKey;
        this.h = bigInteger;
        a(i);
        if (algorithmIdentifier != null) {
            a(algorithmIdentifier);
        }
        e();
    }

    public X509(X500Name x500Name, PublicKey publicKey, X500Name x500Name2, PrivateKey privateKey, BigInteger bigInteger, Date date, Date date2, AlgorithmIdentifier algorithmIdentifier) throws SignatureException {
        this();
        this.a = x500Name;
        this.i = x500Name2;
        this.b = publicKey;
        this.m = privateKey;
        this.h = bigInteger;
        this.h = bigInteger;
        this.j = date;
        this.k = date2;
        if (algorithmIdentifier != null) {
            a(algorithmIdentifier);
        }
        e();
    }

    protected void d() {
        this.c = true;
    }

    public void e() throws SignatureException {
        if (!this.c) {
            d();
        }
        if (this.m == null) {
            throw new SignatureException("Cannot sign certificate, no issuer private key set");
        }
        ASN1Sequence S = S();
        try {
            if (this.f == null) {
                throw new SignatureException("Cannot sign certificate, no signature algorithm set");
            }
            if (this.m.getAlgorithm().equals(PKIConstants.RSA) && CryptoUtils.getSignatureAlg(this.f).contains("ECDSA")) {
                throw new SignatureException("Cannot create ECDSA signature using RSA keys");
            }
            Signature signatureInstance = JCEUtil.getSignatureInstance(CryptoUtils.getSignatureAlg(this.f));
            signatureInstance.initSign(this.m);
            signatureInstance.update(Utils.toBytes(S));
            this.g = signatureInstance.sign();
            U();
        } catch (InvalidKeyException e) {
            throw new SignatureException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new SignatureException(e2);
        } catch (SignatureException e3) {
            throw new SignatureException(e3);
        }
    }

    public byte[] f() throws SignatureException {
        if (!this.c) {
            d();
        }
        if (this.g == null) {
            e();
        }
        return this.g;
    }

    @Override // oracle.security.pki.util.Streamable
    public void input(InputStream inputStream) throws IOException {
        ASN1SequenceInputStream aSN1SequenceInputStream = new ASN1SequenceInputStream(inputStream);
        this.e = new ASN1Sequence(aSN1SequenceInputStream);
        this.f = new AlgorithmIdentifier(aSN1SequenceInputStream);
        this.g = ASN1BitString.a(aSN1SequenceInputStream);
        aSN1SequenceInputStream.b();
        ASN1SequenceInputStream aSN1SequenceInputStream2 = new ASN1SequenceInputStream(Utils.toStream(this.e));
        if (aSN1SequenceInputStream2.d() == 0) {
            ASN1ConstructedInputStream aSN1ConstructedInputStream = new ASN1ConstructedInputStream(aSN1SequenceInputStream2);
            this.p = ASN1Integer.b(aSN1ConstructedInputStream).intValue() + 1;
            aSN1ConstructedInputStream.b();
        }
        this.h = ASN1Integer.b(aSN1SequenceInputStream2);
        if (!new AlgorithmIdentifier(aSN1SequenceInputStream2).equals(this.f)) {
            throw new IOException("Inconsistent signature algorithm IDs");
        }
        X500Name x500Name = new X500Name(aSN1SequenceInputStream2);
        if (this.i == null) {
            this.i = x500Name;
        } else if (!this.i.equals(x500Name)) {
            throw new IOException("Expected issuer {" + this.i + "}, got issuer {" + x500Name + "}");
        }
        ASN1SequenceInputStream aSN1SequenceInputStream3 = new ASN1SequenceInputStream(aSN1SequenceInputStream2);
        this.j = ASN1Date.a(aSN1SequenceInputStream3);
        this.k = ASN1Date.a(aSN1SequenceInputStream3);
        aSN1SequenceInputStream3.b();
        this.a = new X500Name(aSN1SequenceInputStream2);
        this.b = CryptoUtils.inputSPKI(aSN1SequenceInputStream2);
        if (aSN1SequenceInputStream2.d() == 1) {
            ASN1BitString aSN1BitString = new ASN1BitString(aSN1SequenceInputStream2);
            this.q = new boolean[aSN1BitString.e()];
            int e = aSN1BitString.e();
            for (int i = 0; i < e; i++) {
                this.q[i] = aSN1BitString.a(i);
            }
        }
        if (aSN1SequenceInputStream2.d() == 2) {
            aSN1SequenceInputStream2.a(3);
            ASN1BitString aSN1BitString2 = new ASN1BitString(aSN1SequenceInputStream2);
            this.r = new boolean[aSN1BitString2.e()];
            int e2 = aSN1BitString2.e();
            for (int i2 = 0; i2 < e2; i2++) {
                this.r[i2] = aSN1BitString2.a(i2);
            }
        }
        if (aSN1SequenceInputStream2.d() == 3) {
            ASN1ConstructedInputStream aSN1ConstructedInputStream2 = new ASN1ConstructedInputStream(aSN1SequenceInputStream2);
            this.l = new X509ExtensionSet(aSN1ConstructedInputStream2);
            aSN1ConstructedInputStream2.b();
        } else {
            this.l = null;
        }
        aSN1SequenceInputStream2.b();
        U();
    }

    private ASN1Sequence S() throws SignatureException {
        if (!this.c) {
            d();
        }
        if (this.e == null) {
            ASN1Sequence aSN1Sequence = new ASN1Sequence();
            if (this.l != null && this.l.c() > 0) {
                aSN1Sequence.a(new ASN1GenericConstructed(new ASN1Integer(2L), 0));
            }
            aSN1Sequence.a(new ASN1Integer(this.h));
            if (this.f == null && this.m != null) {
                if (!this.m.getAlgorithm().equals(PKIConstants.RSA)) {
                    if (!this.m.getAlgorithm().equals(PKIConstants.DSA)) {
                        if (this.m.getAlgorithm().equals(PKIConstants.EC)) {
                            switch (((ECPrivateKey) this.m).getParams().getCurve().getField().getFieldSize()) {
                                case PKIConstants.AES256_KEY_LENGTH /* 256 */:
                                    this.f = AlgID.I;
                                    break;
                                case 384:
                                    this.f = AlgID.J;
                                    break;
                                case 512:
                                    this.f = AlgID.K;
                                    break;
                                default:
                                    this.f = AlgID.H;
                                    break;
                            }
                        }
                    } else {
                        this.f = AlgID.E;
                    }
                } else {
                    this.f = AlgID.B;
                }
            }
            if (this.f == null) {
                throw new SignatureException("Cannot build to-be-signed certificate, no signature algorithm set");
            }
            aSN1Sequence.a(this.f);
            aSN1Sequence.a(this.i);
            ASN1Sequence aSN1Sequence2 = new ASN1Sequence();
            Calendar calendar = Calendar.getInstance();
            calendar.setTime(this.j);
            Calendar calendar2 = Calendar.getInstance();
            calendar2.setTime(this.k);
            aSN1Sequence2.a(new ASN1Date(this.j, calendar.get(1) > 2049));
            aSN1Sequence2.a(new ASN1Date(this.k, calendar2.get(1) > 2049));
            aSN1Sequence.a(aSN1Sequence2);
            aSN1Sequence.a((X500Name) this.a);
            KeyWrapper keyWrapper = null;
            try {
                keyWrapper = new KeyWrapper();
                keyWrapper.initialize(PKIConstants.PUBLIC, this.b);
            } catch (IOException e) {
                e.printStackTrace();
            }
            aSN1Sequence.a(CryptoUtils.subjectPublicKeyInfo(keyWrapper));
            if (this.l != null && this.l.c() > 0) {
                aSN1Sequence.a(new ASN1GenericConstructed(this.l, 3));
            }
            this.e = aSN1Sequence;
        }
        return this.e;
    }

    private ASN1Sequence T() throws SignatureException {
        if (this.s == null) {
            ASN1Sequence aSN1Sequence = new ASN1Sequence();
            aSN1Sequence.a(S());
            aSN1Sequence.a(this.f);
            aSN1Sequence.a(new ASN1BitString(f()));
            this.s = aSN1Sequence;
        }
        return this.s;
    }

    private void U() {
        this.s = null;
    }

    private void V() {
        U();
        this.e = null;
        this.g = null;
    }

    @Override // oracle.security.pki.util.Streamable
    public void output(OutputStream outputStream) throws IOException {
        try {
            T().output(outputStream);
        } catch (SignatureException e) {
            throw new IOException(e);
        }
    }

    @Override // oracle.security.pki.util.Streamable
    public int length() {
        try {
            return T().length();
        } catch (SignatureException e) {
            throw new StreamableOutputException((Exception) e);
        }
    }

    public byte[] g() {
        try {
            return Utils.toBytes(T());
        } catch (SignatureException e) {
            throw new StreamableOutputException((Exception) e);
        }
    }

    @Override // oracle.security.pki.internal.cert.Certificate
    public boolean a() throws AuthException {
        if (!this.c) {
            d();
        }
        if (p() || !h()) {
            return false;
        }
        if (this.o == null || (W() && this.i.equals(this.o.getSubjectX500Principal()) && i())) {
            return this.n == null || j();
        }
        return false;
    }

    private boolean W() {
        if (!this.c) {
            d();
        }
        boolean[] keyUsage = this.o.getKeyUsage();
        return keyUsage == null || keyUsage[5];
    }

    public boolean h() {
        if (!this.c) {
            d();
        }
        Date date = new Date();
        return (date.before(this.j) || date.after(this.k)) ? false : true;
    }

    public boolean i() throws AuthException {
        if (!this.c) {
            d();
        }
        if (this.o == null) {
            throw new IllegalStateException("Issuer certificate not set");
        }
        try {
            Signature signatureInstance = JCEUtil.getSignatureInstance(CryptoUtils.getSignatureAlg(this.f));
            signatureInstance.initVerify(this.o.getPublicKey());
            signatureInstance.update(Utils.toBytes(S()));
            return signatureInstance.verify(f());
        } catch (InvalidKeyException e) {
            throw new AuthException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new AuthException(e2);
        } catch (SignatureException e3) {
            throw new AuthException(e3);
        } catch (StreamableOutputException e4) {
            throw new AuthException(e4);
        }
    }

    public boolean j() {
        if (!this.c) {
            d();
        }
        if (this.n == null) {
            throw new IllegalStateException("Issuer CRL not set");
        }
        return !this.n.d(this.h);
    }

    @Override // oracle.security.pki.internal.cert.Certificate
    public Entity c() {
        if (!this.c) {
            d();
        }
        return this.a;
    }

    public void a(X500Name x500Name) {
        this.a = x500Name;
        V();
    }

    @Override // oracle.security.pki.internal.cert.Certificate
    public PublicKey b() {
        if (!this.c) {
            d();
        }
        return this.b;
    }

    public void a(PublicKey publicKey) {
        this.b = publicKey;
    }

    public Date k() {
        if (!this.c) {
            d();
        }
        return this.j;
    }

    public void a(Date date) {
        this.j = date;
        V();
    }

    public Date l() {
        if (!this.c) {
            d();
        }
        return this.k;
    }

    public void b(Date date) {
        this.k = date;
        V();
    }

    public void a(int i) {
        this.j = new Date();
        this.k = Utils.daysFrom(this.j, i);
        V();
    }

    public X500Name m() {
        if (!this.c) {
            d();
        }
        return (X500Name) this.a;
    }

    public void b(X500Name x500Name) {
        this.a = x500Name;
        V();
    }

    public X500Name n() {
        if (!this.c) {
            d();
        }
        return this.i;
    }

    public void c(X500Name x500Name) {
        this.i = x500Name;
        if (this.n != null && !x500Name.equals(this.n.a())) {
            throw new IllegalStateException("Certificate issuer does not match CRL issuer");
        }
        V();
    }

    public void a(X509 x509) {
        b(x509.u());
    }

    public void b(X509Certificate x509Certificate) {
        this.o = x509Certificate;
        if (this.i == null) {
            if (x509Certificate instanceof X509CertificateImpl) {
                c(((X509CertificateImpl) x509Certificate).a().n());
            } else {
                c(X500Name.a(x509Certificate.getIssuerX500Principal()));
            }
        }
    }

    public void a(PrivateKey privateKey, AlgorithmIdentifier algorithmIdentifier) {
        this.m = privateKey;
        a(algorithmIdentifier);
    }

    public void a(AlgorithmIdentifier algorithmIdentifier) {
        this.f = algorithmIdentifier;
        V();
    }

    public void a(CRL crl) {
        if (!this.c) {
            d();
        }
        this.n = crl;
        if (this.i != null && !this.i.equals(crl.a())) {
            throw new IllegalStateException("CRL issuer does not match certificate issuer");
        }
    }

    public BigInteger o() {
        if (!this.c) {
            d();
        }
        return this.h;
    }

    public void a(BigInteger bigInteger) {
        this.h = bigInteger;
        V();
    }

    public boolean p() {
        if (!this.c) {
            d();
        }
        return this.l != null && this.l.d();
    }

    public X509ExtensionSet q() {
        if (!this.c) {
            d();
        }
        return this.l;
    }

    public X509Extension a(ASN1ObjectID aSN1ObjectID) {
        if (!this.c) {
            d();
        }
        if (this.l != null) {
            return this.l.a(aSN1ObjectID);
        }
        return null;
    }

    public void a(X509ExtensionSet x509ExtensionSet) {
        this.l = x509ExtensionSet;
        V();
    }

    public void a(X509Extension x509Extension) {
        if (!this.c) {
            d();
        }
        if (this.l == null) {
            this.l = new X509ExtensionSet();
        }
        this.l.a(x509Extension);
        V();
    }

    public byte[] r() {
        if (!this.c) {
            d();
        }
        try {
            return JCEUtil.getMessageDigestInstance(TransitionMode.isFIPS140ModeEnabled() ? "SHA-256" : "MD5").digest(Utils.toBytes(T()));
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("MessageDigest algorithm not available.", e);
        } catch (SignatureException e2) {
            throw new IllegalStateException(e2);
        }
    }

    public static byte[] a(X500Name x500Name, BigInteger bigInteger, MessageDigest messageDigest) {
        try {
            messageDigest.update(x500Name.toString().getBytes("ASCII"));
            messageDigest.update(bigInteger.toString().getBytes("ASCII"));
            return messageDigest.digest();
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    public byte[] a(String str) {
        try {
            MessageDigest messageDigestInstance = JCEUtil.getMessageDigestInstance(str);
            if (!this.c) {
                d();
            }
            messageDigestInstance.update(this.i.toString().getBytes("ASCII"));
            messageDigestInstance.update(this.h.toString().getBytes("ASCII"));
            return messageDigestInstance.digest();
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }

    public ASN1ObjectID s() {
        try {
            S();
            if (this.f != null) {
                return this.f.a();
            }
            throw new IllegalStateException("Signature algorithm not defined");
        } catch (SignatureException e) {
            throw new IllegalStateException(e);
        }
    }

    public String t() {
        String signatureAlg = CryptoUtils.getSignatureAlg(new AlgorithmIdentifier(s()));
        if (signatureAlg == null) {
            signatureAlg = s().d();
        }
        return signatureAlg;
    }

    public boolean a(byte[] bArr, byte[] bArr2, AlgorithmIdentifier algorithmIdentifier) throws AuthException {
        if (!this.c) {
            d();
        }
        try {
            Signature signatureInstance = JCEUtil.getSignatureInstance(CryptoUtils.getSignatureAlg(algorithmIdentifier));
            signatureInstance.initVerify(this.b);
            signatureInstance.update(bArr);
            return signatureInstance.verify(bArr2);
        } catch (InvalidKeyException e) {
            throw new AuthException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new AuthException(e2);
        } catch (SignatureException e3) {
            throw new AuthException(e3);
        }
    }

    public boolean equals(Object obj) {
        if (!this.c) {
            d();
        }
        if (obj == null) {
            return false;
        }
        if (obj instanceof X509) {
            return Utils.areEqual(Utils.toBytes(this), Utils.toBytes((X509) obj));
        }
        if (!(obj instanceof X509Certificate)) {
            return false;
        }
        try {
            return Utils.areEqual(Utils.toBytes(this), ((X509Certificate) obj).getEncoded());
        } catch (CertificateEncodingException e) {
            return false;
        }
    }

    public int hashCode() {
        if (!this.c) {
            d();
        }
        return Arrays.hashCode(Utils.toBytes(this));
    }

    public String toString() {
        String str;
        if (!this.c) {
            d();
        }
        String str2 = ((((((("{ fingerprint = " + Utils.toHexString(r())) + ", notBefore = " + this.j) + ", notAfter = " + this.k) + ", holder = " + this.a) + ", issuer = " + this.i) + ", serialNo = " + this.h) + ", sigAlgOID = " + t()) + ", key = ";
        if (this.b instanceof RSAKey) {
            if (this.b instanceof RSAPublicKey) {
                RSAPublicKey rSAPublicKey = (RSAPublicKey) this.b;
                str = "{ modulus = " + rSAPublicKey.getModulus() + ", exponent = " + rSAPublicKey.getPublicExponent();
            } else {
                RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) this.b;
                str = "{ modulus = " + rSAPrivateCrtKey.getModulus() + ", exponent = " + rSAPrivateCrtKey.getPrivateExponent();
            }
            str2 = str2 + str;
        }
        if (this.l != null && this.l.c() > 0) {
            String str3 = str2 + ", extensions = {";
            boolean z = false;
            Iterator<X509Extension> it = this.l.b().iterator();
            while (it.hasNext()) {
                if (z) {
                    str3 = str3 + ", ";
                }
                str3 = str3 + it.next();
                z = true;
            }
            str2 = str3 + " }";
        }
        return str2 + " }";
    }

    @Override // java.io.Externalizable
    public void writeExternal(ObjectOutput objectOutput) throws IOException {
        objectOutput.writeObject(Utils.toBytes(this));
    }

    @Override // java.io.Externalizable
    public void readExternal(ObjectInput objectInput) throws IOException, ClassNotFoundException {
        try {
            input(new ByteArrayInputStream((byte[]) objectInput.readObject()));
        } catch (ClassCastException e) {
            throw new IOException(e);
        }
    }

    public X509Certificate u() {
        return this.d;
    }

    public void v() throws CertificateExpiredException, CertificateNotYetValidException {
        c(new Date());
    }

    public void c(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
        if (date.before(this.j)) {
            throw new CertificateNotYetValidException("Certificate not yet valid");
        }
        if (date.after(this.k)) {
            throw new CertificateExpiredException("Certificate expired");
        }
    }

    public int w() {
        BasicConstraintsExtension basicConstraintsExtension = (BasicConstraintsExtension) this.l.a(PKIX.H);
        if (basicConstraintsExtension == null) {
            return -1;
        }
        if (!basicConstraintsExtension.e()) {
            return 0;
        }
        if (basicConstraintsExtension.f() == null) {
            return Integer.MAX_VALUE;
        }
        return basicConstraintsExtension.f().intValue();
    }

    public Principal x() {
        return n().g();
    }

    public X500Principal y() {
        return n().g();
    }

    public X500Principal z() {
        return m().g();
    }

    public boolean[] A() {
        return this.q;
    }

    public boolean[] B() {
        return ((KeyUsageExtension) this.l.a(PKIX.E)).f();
    }

    public Date C() {
        return l();
    }

    public Date D() {
        return k();
    }

    public BigInteger E() {
        return o();
    }

    public String F() {
        return CryptoUtils.getSignatureAlg(this.f);
    }

    public byte[] G() {
        return Utils.toBytes(this.f.b());
    }

    public byte[] H() {
        try {
            return f();
        } catch (SignatureException e) {
            throw new RuntimeException(e);
        }
    }

    public Principal I() {
        return z();
    }

    public boolean[] J() {
        return this.r;
    }

    public byte[] K() throws CertificateEncodingException {
        try {
            return Utils.toBytes(S());
        } catch (SignatureException e) {
            throw new RuntimeException(e);
        }
    }

    public int L() {
        return this.p;
    }

    public void a(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        Signature signatureInstance = (str == null || TransitionMode.isFIPS140ModeEnabled()) ? JCEUtil.getSignatureInstance(F()) : Signature.getInstance(F(), str);
        signatureInstance.initVerify(publicKey);
        signatureInstance.update(K());
        if (!signatureInstance.verify(H())) {
            throw new SignatureException("Public key does not match");
        }
    }

    public void b(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        a(publicKey, (String) null);
    }

    public Set<String> M() {
        return this.l.getCriticalExtensionOIDs();
    }

    public byte[] b(String str) {
        return this.l.getExtensionValue(str);
    }

    public Set<String> N() {
        return this.l.getNonCriticalExtensionOIDs();
    }

    public boolean O() {
        return this.l.hasUnsupportedCriticalExtension();
    }

    public List<String> P() throws CertificateParsingException {
        ExtKeyUsageExtension extKeyUsageExtension = (ExtKeyUsageExtension) this.l.a(PKIX.U);
        if (extKeyUsageExtension == null) {
            return null;
        }
        ArrayList<ASN1ObjectID> e = extKeyUsageExtension.e();
        ArrayList arrayList = new ArrayList();
        Iterator<ASN1ObjectID> it = e.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().d());
        }
        return arrayList;
    }

    public Collection<List<?>> Q() throws CertificateParsingException {
        IssuerAltNameExtension issuerAltNameExtension = (IssuerAltNameExtension) this.l.a(PKIX.G);
        if (issuerAltNameExtension == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        Iterator<GeneralName> it = issuerAltNameExtension.e().iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().c());
        }
        return arrayList;
    }

    public Collection<List<?>> R() throws CertificateParsingException {
        SubjectAltNameExtension subjectAltNameExtension = (SubjectAltNameExtension) this.l.a(PKIX.F);
        if (subjectAltNameExtension == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        Iterator<GeneralName> it = subjectAltNameExtension.e().iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().c());
        }
        return arrayList;
    }
}
