package com.sun.midp.pki;

import com.sun.midp.configurator.Constants;
import com.sun.midp.crypto.Cipher;
import com.sun.midp.crypto.GeneralSecurityException;
import com.sun.midp.crypto.MessageDigest;
import com.sun.midp.crypto.PublicKey;
import com.sun.midp.crypto.RSAPublicKey;
import com.sun.midp.log.LogChannels;
import java.io.IOException;
import java.util.Calendar;
import java.util.Date;
import java.util.TimeZone;
import java.util.Vector;
import javax.microedition.pki.Certificate;
import javax.microedition.pki.CertificateException;

/* loaded from: input_file:com/sun/midp/pki/X509Certificate.class */
public class X509Certificate implements Certificate {
    public static final byte NO_ERROR = 0;
    public static final int MISSING_PATH_LENGTH_CONSTRAINT = -1;
    public static final int UNLIMITED_CERT_CHAIN_LENGTH = 65535;
    private static final int MAX_NAME_LENGTH = 300;
    private static final byte ANY_STRING_TYPE = 0;
    private static final byte INTEGER_TYPE = 2;
    private static final byte BITSTRING_TYPE = 3;
    private static final byte OCTETSTR_TYPE = 4;
    private static final byte OID_TYPE = 6;
    private static final byte UTF8STR_TYPE = 12;
    private static final byte UNIVSTR_TYPE = 18;
    private static final byte PRINTSTR_TYPE = 19;
    private static final byte TELETEXSTR_TYPE = 20;
    private static final byte IA5STR_TYPE = 22;
    private static final byte SEQUENCE_TYPE = 48;
    private static final byte SET_TYPE = 49;
    public static final byte TYPE_EMAIL_ADDRESS = 1;
    public static final byte TYPE_DNS_NAME = 2;
    public static final byte TYPE_URI = 6;
    public static final byte TYPE_IP_ADDRESS = 7;
    public static final int DIGITAL_SIG_KEY_USAGE = 1;
    public static final int NON_REPUDIATION_KEY_USAGE = 2;
    public static final int KEY_ENCIPHER_KEY_USAGE = 4;
    public static final int DATA_ENCIPHER_KEY_USAGE = 8;
    public static final int KEY_AGREEMENT_KEY_USAGE = 16;
    public static final int CERT_SIGN_KEY_USAGE = 32;
    public static final int CRL_SIGN_KEY_USAGE = 64;
    public static final int ENCIPHER_ONLY_KEY_USAGE = 128;
    public static final int DECIPHER_ONLY_KEY_USAGE = 256;
    public static final int SERVER_AUTH_EXT_KEY_USAGE = 2;
    public static final int CLIENT_AUTH_EXT_KEY_USAGE = 4;
    public static final int CODE_SIGN_EXT_KEY_USAGE = 8;
    public static final int EMAIL_EXT_KEY_USAGE = 16;
    public static final int IPSEC_END_SYS_EXT_KEY_USAGE = 32;
    public static final int IPSEC_TUNNEL_EXT_KEY_USAGE = 64;
    public static final int IPSEC_USER_EXT_KEY_USAGE = 128;
    public static final int TIME_STAMP_EXT_KEY_USAGE = 256;
    public static final int OCSP_EXT_KEY_USAGE = 512;
    private static final int UTC_LENGTH = 13;
    private static final byte NONE = -1;
    private static final byte RSA_ENCRYPTION = 1;
    private static final byte MD2_RSA = 2;
    private static final byte MD4_RSA = 3;
    private static final byte MD5_RSA = 4;
    private static final byte SHA1_RSA = 5;
    private static final byte DSA_MASK = Byte.MIN_VALUE;
    private boolean selfSigned;
    private byte version;
    private byte[] fp;
    private String serialNumber;
    private byte[] serialNumberBytes;
    private String subject;
    private String issuer;
    private long from;
    private long until;
    private RSAPublicKey pubKey;
    private int idx;
    private byte[] enc;
    private int TBSStart;
    private int TBSLen;
    private byte sigAlg;
    private byte[] signature;
    private byte[] TBSCertHash;
    private boolean badExt;
    Vector subjectAltNames;
    private boolean hasBC;
    private boolean isCA;
    private int pLenConstr;
    private int keyUsage;
    private int extKeyUsage;
    Vector authInfoAccess;
    private static final char[][] nameAttr = {new char[]{0}, new char[]{0}, new char[]{0}, new char[]{'C', 'N'}, new char[]{'S', 'N'}, new char[]{0}, new char[]{'C'}, new char[]{'L'}, new char[]{'S', 'T'}, new char[]{'S', 'T', 'R', 'E', 'E', 'T'}, new char[]{'O'}, new char[]{'O', 'U'}};
    private static final char[] EMAIL_ATTR_LABEL = {'E', 'm', 'a', 'i', 'l', 'A', 'd', 'd', 'r', 'e', 's', 's'};
    private static final byte[] EMAIL_ATTR_OID = {42, -122, 72, -122, -9, 13, 1, 9, 1};
    private static final byte[] PKCS1Seq = {48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1};
    private static final byte[] DSASeq = {6, 7, 42, -122, 72, -50, 56, 4};
    private static final byte[] PREFIX_MD2 = {48, 32, 48, 12, 6, 8, 42, -122, 72, -122, -9, 13, 2, 2, 5, 0, 4, 16};
    private static final byte[] PREFIX_MD5 = {48, 32, 48, 12, 6, 8, 42, -122, 72, -122, -9, 13, 2, 5, 5, 0, 4, 16};
    private static final byte[] PREFIX_SHA1 = {48, 33, 48, 9, 6, 5, 43, 14, 3, 2, 26, 5, 0, 4, 20};
    private static final byte[] NullSeq = {5, 0};
    private static final byte[] ValiditySeq = {48, 30};
    private static final byte[] UTCSeq = {23, 13};
    private static final byte[] ID_KP = {43, 6, 1, 5, 5, 7, 3};
    private static final byte[] ID_AIA = {43, 6, 1, 5, 5, 7, 1, 1};
    private static final String[] KEY_USAGE = {"digitalSignature", "nonRepudiation", "keyEncipherment", "dataEncipherment", "keyAgreement", "keyCertSign", "cRLSign", "encipherOnly", "decipherOnly", "9", "10", "11", "12", "13", "14", "15", "16", "serverAuth", "clientAuth", "codeSigning", "emailProtection", "ipsecEndSystem", "ipsecTunnel", "ipsecUser", "timeStamping"};

    private X509Certificate() {
        this.version = (byte) 1;
        this.fp = null;
        this.from = 0L;
        this.until = 0L;
        this.pubKey = null;
        this.idx = 0;
        this.enc = null;
        this.TBSStart = 0;
        this.TBSLen = 0;
        this.sigAlg = (byte) -1;
        this.signature = null;
        this.TBSCertHash = null;
        this.badExt = false;
        this.subjectAltNames = new Vector(3);
        this.hasBC = false;
        this.isCA = false;
        this.pLenConstr = -1;
        this.keyUsage = -1;
        this.extKeyUsage = -1;
        this.authInfoAccess = new Vector(2);
    }

    public X509Certificate(byte b, byte[] bArr, String str, String str2, long j, long j2, byte[] bArr2, byte[] bArr3, byte[] bArr4, int i) throws Exception {
        this.version = (byte) 1;
        this.fp = null;
        this.from = 0L;
        this.until = 0L;
        this.pubKey = null;
        this.idx = 0;
        this.enc = null;
        this.TBSStart = 0;
        this.TBSLen = 0;
        this.sigAlg = (byte) -1;
        this.signature = null;
        this.TBSCertHash = null;
        this.badExt = false;
        this.subjectAltNames = new Vector(3);
        this.hasBC = false;
        this.isCA = false;
        this.pLenConstr = -1;
        this.keyUsage = -1;
        this.extKeyUsage = -1;
        this.authInfoAccess = new Vector(2);
        this.version = b;
        int length = bArr.length;
        this.serialNumber = Utils.hexEncode(bArr, 0, length);
        if (length > 0) {
            this.serialNumberBytes = new byte[length];
            System.arraycopy(bArr, 0, this.serialNumberBytes, 0, length);
        } else {
            this.serialNumberBytes = null;
        }
        if (bArr4 != null) {
            this.fp = new byte[bArr4.length];
            System.arraycopy(bArr4, 0, this.fp, 0, bArr4.length);
        }
        this.subject = new String(str);
        this.issuer = new String(str2);
        this.from = j;
        this.until = j2;
        this.sigAlg = (byte) -1;
        if (this.subject.compareTo(this.issuer) == 0) {
            this.selfSigned = true;
        }
        this.pubKey = new RSAPublicKey(bArr2, bArr3);
        if (b != 3 || i == -1) {
            return;
        }
        this.isCA = true;
        this.hasBC = true;
        this.pLenConstr = i;
    }

    private void match(byte[] bArr) throws Exception {
        if (this.idx + bArr.length >= this.enc.length) {
            throw new Exception("match() error 2");
        }
        for (byte b : bArr) {
            byte[] bArr2 = this.enc;
            int i = this.idx;
            this.idx = i + 1;
            if (bArr2[i] != b) {
                throw new Exception("match() error 1");
            }
        }
    }

    private int getLen(byte b) throws IOException {
        if (this.enc[this.idx] != b && (b != 0 || (this.enc[this.idx] != 19 && this.enc[this.idx] != 20 && this.enc[this.idx] != 12 && this.enc[this.idx] != 22 && this.enc[this.idx] != 18))) {
            throw new IOException("getLen() err 2");
        }
        this.idx++;
        byte[] bArr = this.enc;
        int i = this.idx;
        this.idx = i + 1;
        int i2 = bArr[i] & 255;
        if (i2 >= 128) {
            int i3 = i2 - 128;
            if (i3 > 2 || this.idx + i3 > this.enc.length) {
                throw new IOException("getLen() err 1");
            }
            i2 = 0;
            while (i3 > 0) {
                byte[] bArr2 = this.enc;
                int i4 = this.idx;
                this.idx = i4 + 1;
                i2 = (i2 << 8) + (bArr2[i4] & 255);
                i3--;
            }
        }
        return i2;
    }

    private byte getAlg() throws IOException {
        byte b;
        try {
            int i = this.idx;
            try {
                match(PKCS1Seq);
                byte[] bArr = this.enc;
                int i2 = this.idx;
                this.idx = i2 + 1;
                b = bArr[i2];
                match(NullSeq);
            } catch (Exception e) {
                this.idx = i;
                int len = getLen((byte) 48);
                match(DSASeq);
                byte[] bArr2 = this.enc;
                int i3 = this.idx;
                this.idx = i3 + 1;
                b = (byte) (bArr2[i3] | Byte.MIN_VALUE);
                this.idx += len;
            }
            return b;
        } catch (Exception e2) {
            throw new IOException("Algorithm Id parsing failed");
        }
    }

    private String getName(int i) throws IOException {
        char[] hexEncodeToChars;
        byte[] bArr = new byte[300];
        int i2 = 0;
        while (this.idx < i) {
            if (i2 != 0) {
                int i3 = i2;
                i2++;
                bArr[i3] = 59;
            }
            getLen((byte) 49);
            getLen((byte) 48);
            int len = getLen((byte) 6);
            int i4 = this.idx;
            this.idx += len;
            if (len == 3 && this.enc[i4] == 85 && this.enc[i4 + 1] == 4) {
                int i5 = this.enc[i4 + 2] & 255;
                hexEncodeToChars = (i5 >= nameAttr.length || nameAttr[i5][0] == 0) ? Utils.hexEncodeToChars(this.enc, i4, len) : nameAttr[i5];
            } else {
                hexEncodeToChars = Utils.byteMatch(this.enc, i4, EMAIL_ATTR_OID, 0, EMAIL_ATTR_OID.length) ? EMAIL_ATTR_LABEL : Utils.hexEncodeToChars(this.enc, i4, len);
            }
            for (char c : hexEncodeToChars) {
                int i6 = i2;
                i2++;
                bArr[i6] = (byte) c;
            }
            int i7 = i2;
            i2++;
            bArr[i7] = 61;
            int len2 = getLen((byte) 0);
            if (len2 > 0) {
                for (int i8 = 0; i8 < len2; i8++) {
                    int i9 = i2;
                    i2++;
                    byte[] bArr2 = this.enc;
                    int i10 = this.idx;
                    this.idx = i10 + 1;
                    bArr[i9] = bArr2[i10];
                }
            }
        }
        return new String(bArr, 0, i2, "UTF-8");
    }

    private static long getUTCTime(byte[] bArr, int i) throws IOException {
        int[] iArr = new int[6];
        if (bArr[(i + 13) - 1] != 90) {
            throw new IOException("getUTCTime() err 1");
        }
        for (int i2 = 0; i2 < 6; i2++) {
            iArr[i2] = 0;
            if (bArr[(2 * i2) + i] < 48 || bArr[(2 * i2) + i] > 57) {
                throw new IOException("getUTCTime() err 2");
            }
            iArr[i2] = bArr[(2 * i2) + i] - 48;
            if (bArr[(2 * i2) + i + 1] < 48 || bArr[(2 * i2) + i + 1] > 57) {
                throw new IOException("getUTCTime() err 3");
            }
            iArr[i2] = (iArr[i2] * 10) + (bArr[((2 * i2) + i) + 1] - 48);
        }
        if (iArr[0] < 50) {
            iArr[0] = iArr[0] + LogChannels.LC_LOWUI;
        } else {
            iArr[0] = iArr[0] + 1900;
        }
        Calendar calendar = Calendar.getInstance(TimeZone.getTimeZone("GMT"));
        calendar.set(1, iArr[0]);
        calendar.set(2, iArr[1] - 1);
        calendar.set(5, iArr[2]);
        calendar.set(11, iArr[3]);
        calendar.set(12, iArr[4]);
        calendar.set(13, iArr[5]);
        calendar.set(14, 0);
        return calendar.getTime().getTime();
    }

    private void parseExtensions(int i) throws IOException {
        Object obj;
        getLen((byte) -93);
        getLen((byte) 48);
        while (this.idx < i) {
            Object obj2 = null;
            getLen((byte) 48);
            int len = getLen((byte) 6);
            int i2 = this.idx;
            this.idx += len;
            boolean z = false;
            if (this.enc[this.idx] == 1 && this.enc[this.idx + 1] == 1) {
                this.idx += 2;
                byte[] bArr = this.enc;
                int i3 = this.idx;
                this.idx = i3 + 1;
                z = bArr[i3] == -1;
            }
            int len2 = getLen((byte) 4);
            int i4 = this.idx;
            if (this.enc[i2] == 85 && this.enc[i2 + 1] == 29) {
                switch (this.enc[i2 + 2] & 255) {
                    case 15:
                        obj2 = "KU";
                        if (this.keyUsage == -1) {
                            this.keyUsage = 0;
                        }
                        int len3 = getLen((byte) 3) - 1;
                        byte[] bArr2 = this.enc;
                        int i5 = this.idx;
                        this.idx = i5 + 1;
                        byte b = bArr2[i5];
                        byte b2 = 0;
                        for (int i6 = 0; i6 < (len3 << 3) - b; i6++) {
                            if (i6 % 8 == 0) {
                                byte[] bArr3 = this.enc;
                                int i7 = this.idx;
                                this.idx = i7 + 1;
                                b2 = bArr3[i7];
                            }
                            if (b2 < 0) {
                                this.keyUsage |= 1 << i6;
                            }
                            b2 = (byte) (b2 << 1);
                        }
                        break;
                    case 17:
                        int i8 = len2 - 4;
                        int i9 = this.idx;
                        obj2 = "SAN";
                        while (i8 > 0) {
                            StringBuffer stringBuffer = new StringBuffer();
                            byte b3 = (byte) (this.enc[i9 + 2] - 128);
                            int i10 = this.enc[i9 + 3];
                            int i11 = i9 + 4;
                            switch (b3) {
                                case 1:
                                case 2:
                                case 6:
                                    for (int i12 = 0; i12 < i10; i12++) {
                                        stringBuffer.append((char) this.enc[i11 + i12]);
                                    }
                                    obj = stringBuffer.toString();
                                    break;
                                default:
                                    obj = new byte[i10];
                                    for (int i13 = 0; i13 < i10; i13++) {
                                        ((byte[]) obj)[i13] = this.enc[i11 + i13];
                                    }
                                    break;
                            }
                            i9 += i10 + 2;
                            i8 -= i10 + 2;
                            this.subjectAltNames.addElement(new SubjectAlternativeName(b3, obj));
                        }
                        break;
                    case 19:
                        this.hasBC = true;
                        obj2 = "BC";
                        if (getLen((byte) 48) != 0) {
                            if (this.enc[this.idx] == 1 && this.enc[this.idx + 1] == 1 && this.enc[this.idx + 2] == -1) {
                                this.isCA = true;
                                this.idx += 3;
                            }
                            if (this.enc[this.idx] != 2 || this.enc[this.idx + 1] == 0) {
                                if (this.isCA) {
                                    this.pLenConstr = 65535;
                                    break;
                                }
                            } else {
                                int len4 = getLen((byte) 2);
                                this.pLenConstr = 0;
                                for (int i14 = 0; i14 < len4; i14++) {
                                    this.pLenConstr = (this.pLenConstr << 16) + this.enc[this.idx + i14];
                                }
                                this.idx += len4;
                                break;
                            }
                        }
                        break;
                    case 37:
                        obj2 = "EKU";
                        if (this.extKeyUsage == -1) {
                            this.extKeyUsage = 0;
                        }
                        getLen((byte) 48);
                        boolean z2 = false;
                        while (this.idx < i4 + len2) {
                            int len5 = getLen((byte) 6);
                            if (len5 != ID_KP.length + 1 || !Utils.byteMatch(this.enc, this.idx, ID_KP, 0, ID_KP.length) || this.enc[this.idx + ID_KP.length] <= 0 || this.enc[this.idx + ID_KP.length] > 9) {
                                z2 = true;
                                if (z) {
                                    this.badExt = true;
                                }
                            } else {
                                this.extKeyUsage |= 1 << this.enc[this.idx + ID_KP.length];
                            }
                            this.idx += len5;
                        }
                        if (!z && z2) {
                            this.extKeyUsage = -1;
                            break;
                        }
                        break;
                }
            } else if (i - i2 > ID_AIA.length && Utils.byteMatch(this.enc, i2, ID_AIA, 0, ID_AIA.length)) {
                obj2 = "AIA";
                getLen((byte) 48);
                while (this.idx < i4 + len2) {
                    String str = Constants.SUITE_VERIFIER_MIDLET;
                    getLen((byte) 48);
                    int len6 = getLen((byte) 6);
                    byte[] bArr4 = new byte[len6];
                    System.arraycopy(this.enc, this.idx, bArr4, 0, len6);
                    this.idx += len6;
                    byte b4 = (byte) (this.enc[this.idx] & 63);
                    if (b4 == 1 || b4 == 2 || b4 == 6) {
                        int len7 = getLen(this.enc[this.idx]);
                        if (len7 > 0) {
                            for (int i15 = 0; i15 < len7; i15++) {
                                StringBuffer append = new StringBuffer().append(str);
                                byte[] bArr5 = this.enc;
                                int i16 = this.idx;
                                this.idx = i16 + 1;
                                str = append.append((char) bArr5[i16]).toString();
                            }
                        }
                        this.authInfoAccess.addElement(new AuthorityInfoAccessEntry(bArr4, str));
                    } else if (z) {
                        this.badExt = true;
                    }
                }
            }
            if (obj2 == null && z) {
                this.badExt = true;
            }
            this.idx = i4 + len2;
        }
        if (this.idx != i) {
            throw new IOException("Extension parsing problem");
        }
    }

    public static X509Certificate generateCertificate(byte[] bArr, int i, int i2) throws IOException {
        int i3 = bArr[i] + bArr[i2 - 1] + bArr[(i + i2) - 1];
        try {
            byte[] bArr2 = new byte[16];
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            messageDigest.update(bArr, i, i2);
            messageDigest.digest(bArr2, 0, bArr2.length);
            X509Certificate x509Certificate = new X509Certificate();
            x509Certificate.idx = 0;
            x509Certificate.enc = new byte[i2];
            System.arraycopy(bArr, i, x509Certificate.enc, 0, i2);
            x509Certificate.fp = new byte[bArr2.length];
            System.arraycopy(bArr2, 0, x509Certificate.fp, 0, bArr2.length);
            x509Certificate.getLen((byte) 48);
            x509Certificate.TBSStart = x509Certificate.idx;
            int len = x509Certificate.idx + x509Certificate.getLen((byte) 48);
            x509Certificate.TBSLen = len - x509Certificate.TBSStart;
            if ((x509Certificate.enc[x509Certificate.idx] & 240) == 160) {
                x509Certificate.idx++;
                byte[] bArr3 = x509Certificate.enc;
                int i4 = x509Certificate.idx;
                x509Certificate.idx = i4 + 1;
                int i5 = bArr3[i4] & 255;
                if (x509Certificate.idx + i5 > x509Certificate.enc.length) {
                    throw new IOException("Version info too long");
                }
                x509Certificate.version = (byte) (x509Certificate.enc[x509Certificate.idx + (i5 - 1)] + 1);
                x509Certificate.idx += i5;
            } else {
                x509Certificate.version = (byte) 1;
            }
            int len2 = x509Certificate.getLen((byte) 2);
            x509Certificate.serialNumber = Utils.hexEncode(x509Certificate.enc, x509Certificate.idx, len2);
            x509Certificate.serialNumberBytes = new byte[len2];
            System.arraycopy(x509Certificate.enc, x509Certificate.idx, x509Certificate.serialNumberBytes, 0, len2);
            x509Certificate.idx += len2;
            x509Certificate.getAlg();
            int i6 = x509Certificate.idx;
            try {
                x509Certificate.issuer = x509Certificate.getName(x509Certificate.idx + x509Certificate.getLen((byte) 48));
                try {
                    x509Certificate.match(ValiditySeq);
                    x509Certificate.match(UTCSeq);
                    x509Certificate.from = getUTCTime(x509Certificate.enc, x509Certificate.idx);
                    x509Certificate.idx += 13;
                    x509Certificate.match(UTCSeq);
                    x509Certificate.until = getUTCTime(x509Certificate.enc, x509Certificate.idx);
                    x509Certificate.idx += 13;
                    int i7 = x509Certificate.idx;
                    int len3 = x509Certificate.getLen((byte) 48);
                    int i8 = x509Certificate.idx + len3;
                    if (len3 != 0) {
                        try {
                            x509Certificate.subject = x509Certificate.getName(i8);
                        } catch (Exception e) {
                            throw new IOException("Could not parse subject name");
                        }
                    }
                    int len4 = x509Certificate.getLen((byte) 48);
                    int i9 = x509Certificate.idx;
                    if (x509Certificate.getAlg() != 1) {
                        x509Certificate.idx = i9 + len4;
                        x509Certificate.pubKey = null;
                    } else {
                        x509Certificate.getLen((byte) 3);
                        byte[] bArr4 = x509Certificate.enc;
                        int i10 = x509Certificate.idx;
                        x509Certificate.idx = i10 + 1;
                        if (bArr4[i10] != 0) {
                            throw new IOException("Bitstring error while parsing public key information");
                        }
                        x509Certificate.getLen((byte) 48);
                        int len5 = x509Certificate.getLen((byte) 2);
                        if (x509Certificate.enc[x509Certificate.idx] == 0) {
                            len5--;
                            x509Certificate.idx++;
                        }
                        int i11 = x509Certificate.idx;
                        int i12 = len5;
                        x509Certificate.idx += len5;
                        int len6 = x509Certificate.getLen((byte) 2);
                        if (x509Certificate.enc[x509Certificate.idx] == 0) {
                            len6--;
                            x509Certificate.idx++;
                        }
                        x509Certificate.pubKey = new RSAPublicKey(x509Certificate.enc, i11, i12, x509Certificate.enc, x509Certificate.idx, len6);
                        x509Certificate.idx += len6;
                    }
                    if (x509Certificate.idx != len) {
                        if (x509Certificate.version < 3) {
                            throw new IOException(new StringBuffer().append("Unexpected extensions in old version cert").append((int) x509Certificate.version).toString());
                        }
                        x509Certificate.parseExtensions(len);
                    }
                    x509Certificate.sigAlg = x509Certificate.getAlg();
                    MessageDigest messageDigest2 = null;
                    if (x509Certificate.sigAlg == 2) {
                        messageDigest2 = MessageDigest.getInstance("MD2");
                    } else if (x509Certificate.sigAlg == 4) {
                        messageDigest2 = MessageDigest.getInstance("MD5");
                    } else if (x509Certificate.sigAlg == 5) {
                        messageDigest2 = MessageDigest.getInstance("SHA-1");
                    }
                    if (messageDigest2 != null) {
                        x509Certificate.TBSCertHash = new byte[messageDigest2.getDigestLength()];
                        messageDigest2.update(bArr, i + x509Certificate.TBSStart, x509Certificate.TBSLen);
                        messageDigest2.digest(x509Certificate.TBSCertHash, 0, x509Certificate.TBSCertHash.length);
                    }
                    int len7 = x509Certificate.getLen((byte) 3);
                    byte[] bArr5 = x509Certificate.enc;
                    int i13 = x509Certificate.idx;
                    x509Certificate.idx = i13 + 1;
                    if (bArr5[i13] != 0) {
                        throw new IOException("Bitstring error in signature parsing");
                    }
                    int i14 = (((len7 - 1) + 7) >>> 3) << 3;
                    x509Certificate.signature = new byte[i14];
                    System.arraycopy(x509Certificate.enc, x509Certificate.idx, x509Certificate.signature, i14 - (len7 - 1), len7 - 1);
                    return x509Certificate;
                } catch (Exception e2) {
                    throw new IOException(new StringBuffer().append("Could not parse validity informationcaught ").append(e2).toString());
                }
            } catch (Exception e3) {
                throw new IOException("Could not parse issuer name");
            }
        } catch (GeneralSecurityException e4) {
            throw new IOException(e4.toString());
        } catch (IndexOutOfBoundsException e5) {
            throw new IOException("Bad length detected in cert DER");
        }
    }

    public static String[] verifyChain(Vector vector, int i, int i2, CertStore certStore) throws CertificateException {
        return verifyChain(vector, i, i2, certStore, null);
    }

    public static String[] verifyChain(Vector vector, int i, int i2, CertStore certStore, Vector vector2) throws CertificateException {
        int i3 = -1;
        Vector vector3 = new Vector();
        X509Certificate x509Certificate = (X509Certificate) vector.elementAt(0);
        checkKeyUsageAndValidity(x509Certificate, i, i2);
        int i4 = 1;
        while (true) {
            X509Certificate[] certificates = certStore.getCertificates(x509Certificate.getIssuer());
            if (certificates != null) {
                boolean z = false;
                int i5 = 0;
                while (true) {
                    if (i5 >= certificates.length) {
                        break;
                    }
                    try {
                        x509Certificate.verify(certificates[i5].getPublicKey());
                        z = true;
                        String subject = x509Certificate.getSubject();
                        if (!subject.equals(x509Certificate.getIssuer())) {
                            vector3.addElement(subject);
                        }
                        vector3.addElement(certificates[i5].getSubject());
                    } catch (CertificateException e) {
                        i5++;
                    }
                }
                if (z) {
                    try {
                        certificates[i5].checkValidity();
                        String[] strArr = new String[vector3.size()];
                        int size = vector3.size() - 1;
                        int i6 = 0;
                        while (size >= 0) {
                            strArr[i6] = (String) vector3.elementAt(size);
                            size--;
                            i6++;
                        }
                        if (vector2 != null) {
                            vector2.addElement(certificates[i5]);
                        }
                        return strArr;
                    } catch (CertificateException e2) {
                        if (e2.getReason() == 3) {
                            throw new CertificateException(certificates[i5], (byte) 12);
                        }
                        throw e2;
                    }
                }
            }
            if (i4 >= vector.size()) {
                throw new CertificateException(x509Certificate, certificates == null ? (byte) 8 : (byte) 14);
            }
            vector3.addElement(x509Certificate.getSubject());
            X509Certificate x509Certificate2 = x509Certificate;
            x509Certificate = (X509Certificate) vector.elementAt(i4);
            checkKeyUsageAndValidity(x509Certificate, 32, i2);
            if (x509Certificate2.getIssuer().compareTo(x509Certificate.getSubject()) != 0) {
                throw new CertificateException(x509Certificate2, (byte) 11);
            }
            int i7 = i3;
            i3 = x509Certificate.getBasicConstraints();
            if (i3 != 65535 && i3 <= i7) {
                if (x509Certificate.getSubject().equals(x509Certificate.getIssuer())) {
                    throw new CertificateException(x509Certificate2, (byte) 8);
                }
                if (i3 == -1) {
                    throw new CertificateException(x509Certificate, (byte) 4);
                }
                throw new CertificateException(x509Certificate, (byte) 2);
            }
            x509Certificate2.verify(x509Certificate.getPublicKey());
            i4++;
        }
    }

    private static void checkKeyUsageAndValidity(X509Certificate x509Certificate, int i, int i2) throws CertificateException {
        x509Certificate.checkExtensions();
        int keyUsage = x509Certificate.getKeyUsage();
        if (i != -1 && keyUsage != -1 && (keyUsage & i) != i) {
            throw new CertificateException(x509Certificate, (byte) 10);
        }
        int extKeyUsage = x509Certificate.getExtKeyUsage();
        if (i2 != -1 && extKeyUsage != -1 && (extKeyUsage & i2) != i2) {
            throw new CertificateException(x509Certificate, (byte) 10);
        }
        x509Certificate.checkValidity();
    }

    public byte[] getFingerprint() {
        byte[] bArr = new byte[16];
        if (this.fp != null) {
            System.arraycopy(this.fp, 0, bArr, 0, bArr.length);
        }
        return bArr;
    }

    @Override // javax.microedition.pki.Certificate
    public String getIssuer() {
        return this.issuer;
    }

    @Override // javax.microedition.pki.Certificate
    public String getSubject() {
        return this.subject;
    }

    @Override // javax.microedition.pki.Certificate
    public long getNotBefore() {
        return this.from;
    }

    @Override // javax.microedition.pki.Certificate
    public long getNotAfter() {
        return this.until;
    }

    public void checkExtensions() throws CertificateException {
        if (this.badExt) {
            throw new CertificateException(this, (byte) 1);
        }
    }

    public void checkValidity() throws CertificateException {
        checkValidity(System.currentTimeMillis());
    }

    public void checkValidity(long j) throws CertificateException {
        if (j < this.from) {
            throw new CertificateException(this, (byte) 6);
        }
        if (j > this.until) {
            throw new CertificateException(this, (byte) 3);
        }
    }

    @Override // javax.microedition.pki.Certificate
    public String getType() {
        return "X.509";
    }

    public PublicKey getPublicKey() throws CertificateException {
        if (this.pubKey == null) {
            throw new CertificateException(this, (byte) 13);
        }
        return this.pubKey;
    }

    @Override // javax.microedition.pki.Certificate
    public String getVersion() {
        return Integer.toString(this.version);
    }

    public int getBasicConstraints() {
        if (this.isCA) {
            return this.pLenConstr;
        }
        return -1;
    }

    public int getKeyUsage() {
        return this.keyUsage;
    }

    public int getExtKeyUsage() {
        return this.extKeyUsage;
    }

    public Vector getSubjectAltNames() {
        return this.subjectAltNames;
    }

    @Override // javax.microedition.pki.Certificate
    public String getSerialNumber() {
        return this.serialNumber;
    }

    public byte[] getRawSerialNumber() {
        return getCopyOfArray(this.serialNumberBytes);
    }

    public boolean hasAuthorityInfoAccess() {
        return this.authInfoAccess.size() > 0;
    }

    public Vector getAuthorityInfoAccess(byte[] bArr) {
        int size = this.authInfoAccess.size();
        if (size == 0 || bArr == null) {
            return null;
        }
        Vector vector = new Vector(size);
        for (int i = 0; i < size; i++) {
            AuthorityInfoAccessEntry authorityInfoAccessEntry = (AuthorityInfoAccessEntry) this.authInfoAccess.elementAt(i);
            byte[] accessMethod = authorityInfoAccessEntry.getAccessMethod();
            if (accessMethod != null && accessMethod.length == bArr.length && Utils.byteMatch(accessMethod, 0, bArr, 0, accessMethod.length)) {
                vector.addElement(authorityInfoAccessEntry);
            }
        }
        if (vector.size() > 0) {
            return vector;
        }
        return null;
    }

    private byte[] getCopyOfArray(byte[] bArr) {
        byte[] bArr2 = null;
        if (bArr != null) {
            int length = bArr.length;
            bArr2 = new byte[length];
            System.arraycopy(bArr, 0, bArr2, 0, length);
        }
        return bArr2;
    }

    public void verify(PublicKey publicKey) throws CertificateException {
        if (!(publicKey instanceof RSAPublicKey)) {
            throw new CertificateException("Issuer key not a public RSA", this, (byte) 14);
        }
        RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
        if (this.selfSigned) {
            if (!this.pubKey.equals(rSAPublicKey)) {
                throw new CertificateException("Bad self signed cert", this, (byte) 14);
            }
            return;
        }
        if (this.signature == null) {
            throw new CertificateException(this, (byte) 5);
        }
        if (this.TBSCertHash == null) {
            throw new CertificateException(this, (byte) 9);
        }
        byte[] bArr = new byte[rSAPublicKey.getModulusLen()];
        try {
            Cipher cipher = Cipher.getInstance("RSA");
            cipher.init(2, rSAPublicKey);
            int doFinal = cipher.doFinal(this.signature, 0, this.signature.length, bArr, 0);
            if (this.sigAlg == 2 && doFinal == PREFIX_MD2.length + this.TBSCertHash.length && Utils.byteMatch(bArr, 0, PREFIX_MD2, 0, PREFIX_MD2.length) && Utils.byteMatch(bArr, PREFIX_MD2.length, this.TBSCertHash, 0, this.TBSCertHash.length)) {
                return;
            }
            if (this.sigAlg == 4 && doFinal == PREFIX_MD5.length + this.TBSCertHash.length && Utils.byteMatch(bArr, 0, PREFIX_MD5, 0, PREFIX_MD5.length) && Utils.byteMatch(bArr, PREFIX_MD5.length, this.TBSCertHash, 0, this.TBSCertHash.length)) {
                return;
            }
            if (this.sigAlg != 5 || doFinal != PREFIX_SHA1.length + this.TBSCertHash.length || !Utils.byteMatch(bArr, 0, PREFIX_SHA1, 0, PREFIX_SHA1.length) || !Utils.byteMatch(bArr, PREFIX_SHA1.length, this.TBSCertHash, 0, this.TBSCertHash.length)) {
                throw new CertificateException(this, (byte) 14);
            }
        } catch (Exception e) {
            throw new CertificateException(this, (byte) 14);
        }
    }

    @Override // javax.microedition.pki.Certificate
    public String getSigAlgName() {
        return this.sigAlg == 4 ? "MD5withRSA" : this.sigAlg == 2 ? "MD2withRSA" : this.sigAlg == 5 ? "SHA1withRSA" : this.sigAlg == -1 ? "None" : this.sigAlg == 3 ? "MD4withRSA" : new StringBuffer().append("Unknown (").append((int) this.sigAlg).append(")").toString();
    }

    private static String date2str(Date date) {
        Calendar calendar = Calendar.getInstance(TimeZone.getTimeZone("GMT"));
        calendar.setTime(date);
        return new StringBuffer().append(calendar.get(2) + 1).append("/").append(calendar.get(5)).append("/").append(calendar.get(1)).append(" ").append(calendar.get(11)).append(":").append(calendar.get(12)).append(":").append(calendar.get(13)).toString();
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("[Type: ");
        stringBuffer.append(getType());
        stringBuffer.append("v");
        stringBuffer.append((int) this.version);
        stringBuffer.append("\n");
        stringBuffer.append("Serial number: ");
        stringBuffer.append(this.serialNumber);
        stringBuffer.append("\n");
        stringBuffer.append("Subject: ");
        stringBuffer.append(this.subject);
        stringBuffer.append("\n");
        stringBuffer.append("Issuer: ");
        stringBuffer.append(this.issuer);
        stringBuffer.append("\n");
        stringBuffer.append("Valid from ");
        stringBuffer.append(date2str(new Date(getNotBefore())));
        stringBuffer.append(" GMT until ");
        stringBuffer.append(date2str(new Date(getNotAfter())));
        stringBuffer.append(" GMT");
        stringBuffer.append("\n");
        stringBuffer.append("Signature Algorithm: ");
        stringBuffer.append(getSigAlgName());
        for (int i = 0; i < this.subjectAltNames.size(); i++) {
            SubjectAlternativeName subjectAlternativeName = (SubjectAlternativeName) this.subjectAltNames.elementAt(i);
            stringBuffer.append("\n");
            stringBuffer.append("SubjectAltName: ");
            stringBuffer.append((String) subjectAlternativeName.getSubjectAltName());
            stringBuffer.append("(type ");
            stringBuffer.append((int) subjectAlternativeName.getSubjectAltNameType());
            stringBuffer.append(")");
        }
        if (this.keyUsage != -1) {
            stringBuffer.append("\n");
            stringBuffer.append("KeyUsage:");
            int i2 = this.keyUsage;
            for (int i3 = 0; i3 < KEY_USAGE.length; i3++) {
                if ((i2 & 1) == 1) {
                    stringBuffer.append(" ");
                    stringBuffer.append(KEY_USAGE[i3]);
                }
                i2 >>>= 1;
            }
        }
        if (this.hasBC) {
            stringBuffer.append("\n");
            stringBuffer.append("BasicConstraints: ");
            stringBuffer.append(this.isCA ? "is a CA" : "not a CA");
            stringBuffer.append(" (pathLengthConstraint ");
            if (this.pLenConstr == -1 || this.pLenConstr == 65535) {
                stringBuffer.append("absent");
            } else {
                stringBuffer.append(this.pLenConstr);
            }
            stringBuffer.append(")");
        }
        stringBuffer.append("]");
        return stringBuffer.toString();
    }
}
