package com.rsa.certj.provider.pki.cmp;

import com.rsa.asn1.ASN1;
import com.rsa.asn1.ASN1Container;
import com.rsa.asn1.ASN1Lengths;
import com.rsa.asn1.ASN_Exception;
import com.rsa.asn1.BitStringContainer;
import com.rsa.asn1.EncodedContainer;
import com.rsa.asn1.EndContainer;
import com.rsa.asn1.OfContainer;
import com.rsa.asn1.SequenceContainer;
import com.rsa.certj.CertJ;
import com.rsa.certj.CertJException;
import com.rsa.certj.cert.Certificate;
import com.rsa.certj.cert.CertificateException;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.cert.extensions.GeneralName;
import com.rsa.certj.spi.path.CertPathCtx;
import com.rsa.certj.spi.pki.PKIResponseMessage;
import com.rsa.certj.spi.pki.PKIStatusInfo;
import com.rsa.jsafe.JSAFE_Exception;
import com.rsa.jsafe.JSAFE_SecureRandom;
import com.rsa.jsafe.JSAFE_Signature;
import java.util.Date;

/* loaded from: input_file:weblogic.jar:com/rsa/certj/provider/pki/cmp/CMPResponseCommon.class */
public abstract class CMPResponseCommon extends PKIResponseMessage {
    private GeneralName senderName;
    private GeneralName recipientName;
    private byte[] senderKID;
    private byte[] recipKID;
    private byte[] senderNonce;
    private byte[] recipNonce;
    private TypeAndValue[] generalInfo;
    private int messageType;

    /* JADX INFO: Access modifiers changed from: protected */
    public CMPResponseCommon(int i, PKIHeader pKIHeader, PKIStatusInfo pKIStatusInfo) {
        super(pKIStatusInfo);
        this.senderName = null;
        this.recipientName = null;
        this.senderKID = null;
        this.recipKID = null;
        this.senderNonce = null;
        this.recipNonce = null;
        this.generalInfo = null;
        this.messageType = -1;
        this.messageType = i;
        this.senderName = pKIHeader.sender;
        this.recipientName = pKIHeader.recipient;
        this.senderKID = pKIHeader.getSenderKID();
        this.recipKID = pKIHeader.getRecipKID();
        this.senderNonce = pKIHeader.getSenderNonce();
        this.recipNonce = pKIHeader.getRecipNonce();
        this.generalInfo = pKIHeader.generalInfo;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int getMessageType() {
        return this.messageType;
    }

    public GeneralName getSenderName() {
        return this.senderName;
    }

    public GeneralName getRecipientName() {
        return this.recipientName;
    }

    public byte[] getSenderKID() {
        return this.senderKID;
    }

    public byte[] getRecipKID() {
        return this.recipKID;
    }

    public byte[] getSenderNonce() {
        return this.senderNonce;
    }

    public byte[] getRecipNonce() {
        return this.recipNonce;
    }

    public TypeAndValue[] getGeneralInfo() {
        return this.generalInfo;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static CMPResponseCommon berDecode(byte[] bArr, CMPProtectInfo cMPProtectInfo, CMPRequestCommon cMPRequestCommon, CertJ certJ) throws CMPException {
        SequenceContainer sequenceContainer = new SequenceContainer(0, true, 0);
        EncodedContainer encodedContainer = new EncodedContainer(ASN1.SEQUENCE, true, 0, null, 0, 0);
        EncodedContainer encodedContainer2 = new EncodedContainer(ASN1.ANY, true, 0, null, 0, 0);
        BitStringContainer bitStringContainer = new BitStringContainer(10551296, true, 0, 0, 0, 1);
        OfContainer ofContainer = new OfContainer(10551297, true, 0, ASN1.SEQUENCE, ASN1.ENCODED, ASN1.SEQUENCE, 0);
        try {
            ASN1.berDecode(bArr, 0, new ASN1Container[]{sequenceContainer, encodedContainer, encodedContainer2, bitStringContainer, ofContainer, new EndContainer()});
            PKIHeader pKIHeader = new PKIHeader(encodedContainer.data, encodedContainer.dataOffset);
            CMPResponseCommon berDecodeBody = berDecodeBody(pKIHeader, encodedContainer2.data, encodedContainer2.dataOffset, cMPProtectInfo, cMPRequestCommon, certJ);
            Certificate[] decodeExtraCerts = decodeExtraCerts(ofContainer);
            berDecodeBody.setExtraCerts(decodeExtraCerts);
            berDecodeBody.setFreeText(pKIHeader.freeText);
            berDecodeBody.setMessageTime(pKIHeader.messageTime);
            berDecodeBody.setTransactionID(pKIHeader.getTransactionID());
            if (verifyProtection(cMPProtectInfo, bitStringContainer, encodedContainer, encodedContainer2, pKIHeader, decodeExtraCerts, berDecodeBody.getCACerts(), certJ)) {
                return berDecodeBody;
            }
            throw new CMPException("CMPResponseCommon.berDecode: unable to verify protection.");
        } catch (ASN_Exception e) {
            throw new CMPException(new StringBuffer().append("CMPResponseCommon.berDecode: unable to decode response message(").append(e.getMessage()).append(").").toString());
        }
    }

    protected static CMPResponseCommon berDecodeBody(PKIHeader pKIHeader, byte[] bArr, int i, CMPProtectInfo cMPProtectInfo, CMPRequestCommon cMPRequestCommon, CertJ certJ) throws CMPException {
        CMPResponseCommon berDecodeBody;
        int i2 = 255 & (bArr[i] - 160);
        switch (i2) {
            case 0:
            case 2:
            case 4:
            case 5:
            case 7:
            case 9:
            case 11:
            case 13:
            case 24:
            default:
                throw new CMPException(new StringBuffer().append("CMPResponseCommon.berDecodeBody: unexpected response message type(").append(i2).append(").").toString());
            case 1:
            case 3:
                berDecodeBody = CMPCertResponseCommon.berDecodeBody(i2, pKIHeader, bArr, i, cMPProtectInfo, cMPRequestCommon, certJ);
                break;
            case 6:
            case 8:
            case 10:
            case 14:
            case 15:
            case 16:
            case 17:
            case 18:
            case 20:
            case 21:
            case 22:
                throw new CMPException(new StringBuffer().append("CMPResponseCommon.berDecodeBody: unsupported response message type(").append(i2).append(").").toString());
            case 12:
                berDecodeBody = CMPRevokeResponseMessage.berDecodeBody(pKIHeader, bArr, i);
                break;
            case 19:
                berDecodeBody = CMPConfirmMessage.berDecodeBody(pKIHeader, bArr, i);
                break;
            case 23:
                berDecodeBody = CMPErrorMessage.berDecodeBody(pKIHeader, bArr, i);
                break;
        }
        return berDecodeBody;
    }

    private static boolean verifyProtection(CMPProtectInfo cMPProtectInfo, ASN1Container aSN1Container, ASN1Container aSN1Container2, ASN1Container aSN1Container3, PKIHeader pKIHeader, Certificate[] certificateArr, Certificate[] certificateArr2, CertJ certJ) throws CMPException {
        if (!aSN1Container.dataPresent) {
            return true;
        }
        if (cMPProtectInfo == null) {
            throw new CMPException("CMPResponseCommon.verifyProtection: protectInfo should be null.");
        }
        byte[] derEncodeProtectedPart = CMP.derEncodeProtectedPart(aSN1Container2.data, aSN1Container2.dataOffset, aSN1Container2.dataLen, aSN1Container3.data, aSN1Container3.dataOffset, aSN1Container3.dataLen);
        byte[] protectionAlg = pKIHeader.getProtectionAlg();
        JSAFE_Signature jSAFE_Signature = null;
        try {
            jSAFE_Signature = JSAFE_Signature.getInstance(protectionAlg, 1 + ASN1Lengths.determineLengthLen(protectionAlg, 0), certJ.getDevice());
        } catch (JSAFE_Exception e) {
        }
        if (jSAFE_Signature != null) {
            return verifyProtection(jSAFE_Signature, cMPProtectInfo, aSN1Container, derEncodeProtectedPart, certificateArr, certificateArr2, certJ);
        }
        if (cMPProtectInfo.pbmProtected()) {
            return verifyProtection(protectionAlg, cMPProtectInfo, aSN1Container, derEncodeProtectedPart, certJ);
        }
        throw new CMPException("CMPResponseCommon.verifyProtection: protectInfo should contain PBM protection info.");
    }

    private static boolean verifyProtection(JSAFE_Signature jSAFE_Signature, CMPProtectInfo cMPProtectInfo, ASN1Container aSN1Container, byte[] bArr, Certificate[] certificateArr, Certificate[] certificateArr2, CertJ certJ) throws CMPException {
        X509Certificate[] cACerts = cMPProtectInfo.getCACerts();
        CertPathCtx certPathCtx = new CertPathCtx(0, cACerts, null, new Date(), cMPProtectInfo.getDatabase());
        try {
            JSAFE_SecureRandom randomObject = certJ.getRandomObject();
            X509Certificate recipCert = cMPProtectInfo.getRecipCert();
            if (recipCert != null && verifySignature(jSAFE_Signature, certPathCtx, recipCert, bArr, aSN1Container, randomObject, certJ)) {
                return true;
            }
            if (cACerts != null) {
                for (int i = 0; i < cACerts.length; i++) {
                    if (cACerts[i] != null && verifySignature(jSAFE_Signature, certPathCtx, cACerts[i], bArr, aSN1Container, randomObject, certJ)) {
                        return true;
                    }
                }
            }
            if (certificateArr2 != null) {
                for (int i2 = 0; i2 < certificateArr2.length; i2++) {
                    if (certificateArr2[i2] != null && verifySignature(jSAFE_Signature, certPathCtx, certificateArr2[i2], bArr, aSN1Container, randomObject, certJ)) {
                        return true;
                    }
                }
            }
            if (certificateArr == null) {
                return false;
            }
            for (int i3 = 0; i3 < certificateArr.length; i3++) {
                if (certificateArr[i3] != null && verifySignature(jSAFE_Signature, certPathCtx, certificateArr[i3], bArr, aSN1Container, randomObject, certJ)) {
                    return true;
                }
            }
            return false;
        } catch (CertJException e) {
            throw new CMPException(new StringBuffer().append("CMPResponseCommon.verifyProtection: unable to get a registered random service(").append(e.getMessage()).append(").").toString());
        }
    }

    private static boolean verifySignature(JSAFE_Signature jSAFE_Signature, CertPathCtx certPathCtx, Certificate certificate, byte[] bArr, ASN1Container aSN1Container, JSAFE_SecureRandom jSAFE_SecureRandom, CertJ certJ) {
        try {
            if (certJ.verifyCertPath(certPathCtx, certificate)) {
                jSAFE_Signature.verifyInit(certificate.getSubjectPublicKey(certJ.getDevice()), null, jSAFE_SecureRandom, certJ.getPKCS11Sessions());
                jSAFE_Signature.verifyUpdate(bArr, 0, bArr.length);
                if (jSAFE_Signature.verifyFinal(aSN1Container.data, aSN1Container.dataOffset, aSN1Container.dataLen)) {
                    return true;
                }
            }
            return false;
        } catch (CertJException e) {
            return false;
        } catch (CertificateException e2) {
            return false;
        } catch (JSAFE_Exception e3) {
            return false;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:30:0x023a, code lost:
    
        r28.clearSensitiveData();
     */
    /* JADX WARN: Code restructure failed: missing block: B:32:0x0232, code lost:
    
        throw r32;
     */
    /* JADX WARN: Removed duplicated region for block: B:34:0x023f A[REMOVE] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static boolean verifyProtection(byte[] r11, com.rsa.certj.provider.pki.cmp.CMPProtectInfo r12, com.rsa.asn1.ASN1Container r13, byte[] r14, com.rsa.certj.CertJ r15) throws com.rsa.certj.provider.pki.cmp.CMPException {
        /*
            Method dump skipped, instructions count: 577
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.rsa.certj.provider.pki.cmp.CMPResponseCommon.verifyProtection(byte[], com.rsa.certj.provider.pki.cmp.CMPProtectInfo, com.rsa.asn1.ASN1Container, byte[], com.rsa.certj.CertJ):boolean");
    }

    private static Certificate[] decodeExtraCerts(OfContainer ofContainer) throws CMPException {
        if (!ofContainer.dataPresent) {
            return null;
        }
        int containerCount = ofContainer.getContainerCount();
        Certificate[] certificateArr = new Certificate[containerCount];
        for (int i = 0; i < containerCount; i++) {
            try {
                ASN1Container containerAt = ofContainer.containerAt(i);
                certificateArr[i] = new X509Certificate(containerAt.data, containerAt.dataOffset, 0);
            } catch (ASN_Exception e) {
                throw new CMPException(new StringBuffer().append("CMPResponseCommon.decodeExtraCerts: unable to get an element container of OfContainer(").append(e.getMessage()).append(").").toString());
            } catch (CertificateException e2) {
                throw new CMPException(new StringBuffer().append("CMPResponseCommon.decodeExtraCerts: unable to decode a certificate(").append(e2.getMessage()).append(").").toString());
            }
        }
        return certificateArr;
    }

    private static boolean oidsEqual(byte[] bArr, int i, int i2, byte[] bArr2, int i3, int i4) {
        if (i2 != i4) {
            return false;
        }
        for (int i5 = 0; i5 < i2; i5++) {
            if (bArr[i + i5] != bArr2[i3 + i5]) {
                return false;
            }
        }
        return true;
    }
}
