package com.novell.service.security.net.ssl;

import com.novell.service.security.net.SecureSocketNotification;
import java.io.ByteArrayInputStream;
import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Date;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import sun.security.x509.X500Name;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/novell/service/security/net/ssl/SSLCertificate.class */
public class SSLCertificate extends HandshakeMessage {
    private static final int OK_NO_NOTIFICATION = 20480;
    private static final int NON_FATAL = 32704;
    private PrivateKey privateKey;
    public SSLState state;
    private String SubjectDN;
    private byte[][] CertData;
    public Vector certificateList;

    private static int verifySignature(X509 x509, X509 x5092) throws IOException {
        try {
            PublicKey a = h.a(x5092.getPublicKey());
            if (a.getAlgorithm().equals("RSA")) {
                return !new RSAMDSignature((h) a, x509.getSignature(), x509.getTBSCertificate()).verify() ? 2 : 0;
            }
            java.security.Signature signature = java.security.Signature.getInstance(x509.getSigAlgName());
            signature.initVerify(a);
            signature.update(x509.getTBSCertificate());
            return !signature.verify(x509.getSignature()) ? 2 : 0;
        } catch (IOException e) {
            throw e;
        } catch (Exception unused) {
            return 2;
        }
    }

    private static int verifyExtensions(X509[] x509Arr) throws IOException {
        int i = 0;
        Hashtable hashtable = new Hashtable(11);
        for (X509 x509 : x509Arr) {
            String[] criticalExtensionOIDs = x509.getCriticalExtensionOIDs();
            if (criticalExtensionOIDs != null) {
                for (int i2 = 0; i2 < criticalExtensionOIDs.length; i2++) {
                    hashtable.put(criticalExtensionOIDs[i2], criticalExtensionOIDs[i2]);
                }
            }
        }
        Enumeration keys = hashtable.keys();
        while (keys.hasMoreElements()) {
            String str = (String) keys.nextElement();
            if (str.equals("2.5.29.19")) {
                int i3 = -1;
                for (int length = x509Arr.length - 1; length > 0; length--) {
                    int basicConstraints = x509Arr[length].getBasicConstraints();
                    if (i3 >= 0 && (basicConstraints < 0 || basicConstraints >= i3)) {
                        i |= 8;
                        break;
                    }
                    i3 = basicConstraints;
                }
                if (x509Arr[0].getBasicConstraints() != -1) {
                    i |= 8;
                }
            } else if (str.equals("2.5.29.15")) {
                for (int i4 = 0; i4 < x509Arr.length; i4++) {
                    boolean[] keyUsage = x509Arr[i4].getKeyUsage();
                    if (keyUsage != null) {
                        if (i4 <= 0) {
                            if (keyUsage.length < 3 || !keyUsage[2]) {
                                i |= 16;
                                break;
                            }
                        } else {
                            if (keyUsage.length < 6 || !keyUsage[5]) {
                                i |= 16;
                                break;
                            }
                        }
                    }
                }
            } else if (!str.equals("2.16.840.1.113719.1.9.4.1")) {
                i |= 64;
            }
        }
        for (X509 x5092 : x509Arr) {
            byte[] extensionValue = x5092.getExtensionValue("2.16.840.1.113719.1.9.4.1");
            if (extensionValue != null) {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(extensionValue);
                ASN1Header aSN1Header = new ASN1Header();
                inputTag(aSN1Header, byteArrayInputStream, 4);
                inputTag(aSN1Header, byteArrayInputStream, 16);
                skipTag(aSN1Header, byteArrayInputStream, 4);
                skipTag(aSN1Header, byteArrayInputStream, 1);
                skipTag(aSN1Header, byteArrayInputStream, 19);
                skipTag(aSN1Header, byteArrayInputStream, 22);
                inputTag(aSN1Header, byteArrayInputStream, 16);
                while (true) {
                    aSN1Header.input(byteArrayInputStream);
                    if (aSN1Header.tagClass == 2 && aSN1Header.tag == 2) {
                        break;
                    }
                    aSN1Header.skipBody(byteArrayInputStream);
                }
                skipTag(aSN1Header, byteArrayInputStream, 2);
                inputTag(aSN1Header, byteArrayInputStream, 1);
                int read = byteArrayInputStream.read();
                if (read == -1) {
                    throw new EOFException();
                }
                if (read == 0) {
                    i |= 32;
                }
            }
        }
        return i;
    }

    private int verify(X509[] x509Arr) throws IOException {
        int i = 0;
        try {
            String lowerCase = x509Arr[0].getSubjectDN().getCommonName().toLowerCase();
            String lowerCase2 = this.state.socket.getExposedSocket().getInetAddress().getHostName().toLowerCase();
            if (lowerCase.indexOf(42) == 0) {
                if (!lowerCase2.endsWith(lowerCase.substring(1))) {
                    i = 0 | SecureSocketNotification.CERTERR_CERTIFICATE_NAME;
                }
            } else if (!lowerCase2.equals(lowerCase)) {
                i = 0 | SecureSocketNotification.CERTERR_CERTIFICATE_NAME;
            }
        } catch (IOException unused) {
            i |= SecureSocketNotification.CERTERR_CERTIFICATE_NAME;
        }
        X509 x509 = null;
        X509 x5092 = null;
        boolean z = false;
        int checkValidity = i | checkValidity(x509Arr[0], false);
        for (int i2 = 0; i2 < x509Arr.length; i2++) {
            x5092 = x509Arr[i2];
            if (x5092.getVersion() > 0) {
                z = true;
            }
            if (x509 != null) {
                checkValidity = checkValidity | verifySignature(x509, x5092) | checkValidity(x5092, true);
                if ((checkValidity & SecureSocketNotification.CERTERR_SUBORDINATE_VALIDITY) == 0) {
                    if (isAfter(x5092.getNotBefore(), x509.getNotBefore())) {
                        checkValidity |= SecureSocketNotification.CERTERR_SUBORDINATE_VALIDITY;
                    } else if (isBefore(x5092.getNotAfter(), x509.getNotAfter())) {
                        checkValidity |= SecureSocketNotification.CERTERR_SUBORDINATE_VALIDITY;
                    }
                }
                if (!new CertificateTag(x509, false).equals(new CertificateTag(x5092, true))) {
                    checkValidity |= 4;
                }
            }
            x509 = x5092;
        }
        int verifySignature = new CertificateTag(x5092, false).equals(new CertificateTag(x5092, true)) ? checkValidity | verifySignature(x5092, x5092) : checkValidity | SecureSocketNotification.CERTERR_NO_ROOT;
        if (z) {
            verifySignature |= verifyExtensions(x509Arr);
        }
        if (!this.state.params.Wallet.isTrusted(x509Arr)) {
            verifySignature |= SecureSocketNotification.CERTERR_NOT_TRUSTED;
        }
        return verifySignature;
    }

    public void verify() throws IOException {
        X509 signer;
        try {
            if (this.state.params.Wallet.wasPreviouslyAccepted((X509) this.certificateList.elementAt(0))) {
                return;
            }
            X509 x509 = (X509) this.certificateList.elementAt(this.certificateList.size() - 1);
            while (!new CertificateTag(x509, true).equals(new CertificateTag(x509, false)) && (signer = this.state.params.Wallet.getSigner((X500Name) x509.getIssuerDN(), x509.getIssuerUniqueID())) != null) {
                this.certificateList.addElement(signer);
                x509 = signer;
            }
            X509[] x509Arr = new X509[this.certificateList.size()];
            this.certificateList.copyInto(x509Arr);
            int verify = verify(x509Arr);
            int i = 0;
            boolean isWritable = this.state.params.Wallet.isWritable();
            if (verify == 0) {
                i = 1;
            } else if ((verify & (-32705)) != 0) {
                sendNotification(verify | SecureSocketNotification.EVENT_FATAL_NOTIFICATION);
            } else if (this.state.canSendNotification()) {
                int i2 = 1073741824;
                if (!isWritable) {
                    i2 = 1073741824 | SecureSocketNotification.FLAG_KEYSTORE_READONLY;
                }
                i = sendNotification(verify | i2);
            } else if ((verify & (-20481)) == 0) {
                i = 1;
            }
            if (i == 0) {
                throw new CertificateException(new StringBuffer("Untrusted certificate: ").append(Integer.toHexString(verify)).toString());
            }
            if (i == 2) {
                this.state.params.Wallet.addCertificate(x509Arr[0], false);
            } else if (i == 3) {
                this.state.params.Wallet.addCertificate(x509Arr[0], isWritable);
            }
        } catch (Throwable th) {
            this.state.socket.sendAlert(2, 42);
            this.state.socket.abort();
            if (th instanceof IOException) {
                throw ((IOException) th);
            }
            if (th instanceof RuntimeException) {
                throw ((RuntimeException) th);
            }
            if (!(th instanceof Error)) {
                throw new IOException(th.toString());
            }
            throw ((Error) th);
        }
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer(new StringBuffer(String.valueOf(this.certificateList.size())).append(" certificate(s):\n").toString());
        Enumeration elements = this.certificateList.elements();
        while (elements.hasMoreElements()) {
            stringBuffer.append(new StringBuffer("  ").append(elements.nextElement()).append("\n").toString());
        }
        return stringBuffer.toString();
    }

    private static void skipTag(ASN1Header aSN1Header, InputStream inputStream, int i) throws IOException {
        inputTag(aSN1Header, inputStream, i);
        aSN1Header.skipBody(inputStream);
    }

    public void setPrivateKey(PrivateKey privateKey) throws IOException {
        this.privateKey = j.a(privateKey);
    }

    int sendNotification(int i) {
        return this.state.sendNotification(getSubject(), getCertChainBytes(), i);
    }

    public X509 rootCA() {
        return (X509) this.certificateList.elementAt(this.certificateList.size() - 1);
    }

    @Override // com.novell.service.security.net.ssl.HandshakeMessage, com.novell.service.security.net.ssl.Streamable
    public void output(OutputStream outputStream) throws IOException {
        Utils.output24bit(length() - 3, outputStream);
        Utils.output24bit(length() - 6, outputStream);
        byte[][] certChainBytes = getCertChainBytes();
        for (int i = 0; i < certChainBytes.length; i++) {
            Utils.output24bit(certChainBytes[i].length, outputStream);
            outputStream.write(certChainBytes[i]);
        }
    }

    @Override // com.novell.service.security.net.ssl.HandshakeMessage, com.novell.service.security.net.ssl.Streamable
    public int length() {
        int i = 6;
        Enumeration elements = this.certificateList.elements();
        while (elements.hasMoreElements()) {
            try {
                i += 3 + ((X509) elements.nextElement()).length();
            } catch (Exception unused) {
                throw new RuntimeException(elements.toString());
            }
        }
        return i;
    }

    private static boolean isBefore(Date date, Date date2) {
        return date.getTime() / 1000 < date2.getTime() / 1000;
    }

    private static boolean isAfter(Date date, Date date2) {
        return date.getTime() / 1000 > date2.getTime() / 1000;
    }

    private static void inputTag(ASN1Header aSN1Header, InputStream inputStream, int i) throws IOException {
        aSN1Header.input(inputStream);
        if (aSN1Header.tag != i) {
            throw new IOException("Wrong tag");
        }
    }

    @Override // com.novell.service.security.net.ssl.HandshakeMessage, com.novell.service.security.net.ssl.Streamable
    public void input(InputStream inputStream) throws IOException {
        Utils.input24bit(inputStream);
        byte[] bArr = new byte[Utils.input24bit(inputStream)];
        Utils.inputByteArray(bArr, inputStream);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        try {
            Vector vector = new Vector();
            while (byteArrayInputStream.available() > 0) {
                try {
                    byte[] bArr2 = new byte[Utils.input24bit(byteArrayInputStream)];
                    Utils.inputByteArray(bArr2, byteArrayInputStream);
                    vector.addElement(bArr2);
                } finally {
                    this.CertData = new byte[vector.size()];
                    vector.copyInto(this.CertData);
                }
            }
            for (int i = 0; i < this.CertData.length; i++) {
                this.certificateList.addElement(new X509(this.CertData[i]));
            }
            verify();
        } catch (Exception e) {
            this.state.socket.sendAlert(2, 42);
            this.state.socket.abort();
            sendNotification(268435457);
            if (!(e instanceof IOException)) {
                throw new IOException(e.toString());
            }
            throw ((IOException) e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getSubject() {
        if (this.SubjectDN == null && this.certificateList.size() > 0) {
            this.SubjectDN = ((X509) this.certificateList.elementAt(0)).getSubjectDN().getName();
        }
        return this.SubjectDN;
    }

    public PublicKey getPublicKey() throws IOException {
        return h.a(getBottomCert().getPublicKey());
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[][] getCertChainBytes() {
        if (this.CertData == null && this.certificateList.size() > 0) {
            byte[][] bArr = new byte[this.certificateList.size()];
            for (int i = 0; i < bArr.length; i++) {
                try {
                    bArr[i] = ((X509) this.certificateList.elementAt(i)).getEncoded();
                } catch (Exception e) {
                    throw new RuntimeException(e.toString());
                }
            }
            this.CertData = bArr;
        }
        return this.CertData;
    }

    public X509 getBottomCert() {
        return (X509) this.certificateList.elementAt(0);
    }

    public String getAlgorithm() {
        return getBottomCert().getPublicKey().getAlgorithm();
    }

    private static int checkValidity(X509 x509, boolean z) {
        try {
            x509.checkValidity();
            return 0;
        } catch (CertificateExpiredException unused) {
            return z ? SecureSocketNotification.CERTERR_SIGNER_EXPIRED : SecureSocketNotification.CERTERR_EXPIRED;
        } catch (CertificateNotYetValidException unused2) {
            return z ? SecureSocketNotification.CERTERR_SIGNER_NOT_EFFECTIVE : SecureSocketNotification.CERTERR_NOT_EFFECTIVE;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLCertificate(PrivateKey privateKey) {
        this((SSLState) null);
        this.privateKey = privateKey;
    }

    public SSLCertificate(SSLState sSLState) {
        this.state = sSLState;
        this.certificateList = new Vector();
    }

    public SSLCertificate() {
        this((SSLState) null);
    }
}
