package cryptix.openpgp.provider;

import cryptix.openpgp.PGPCertificate;
import cryptix.openpgp.PGPDataFormatException;
import cryptix.openpgp.PGPFatalDataFormatException;
import cryptix.openpgp.PGPPrincipal;
import cryptix.openpgp.PGPPublicKey;
import cryptix.openpgp.algorithm.PGPAlgorithmFactory;
import cryptix.openpgp.algorithm.PGPSigner;
import cryptix.openpgp.io.PGPHashDataOutputStream;
import cryptix.openpgp.packet.PGPPublicKeyPacket;
import cryptix.openpgp.packet.PGPSignaturePacket;
import cryptix.openpgp.packet.PGPUserIDPacket;
import cryptix.openpgp.signature.PGPBooleanSP;
import cryptix.openpgp.signature.PGPDateSP;
import cryptix.openpgp.signature.PGPKeyFlagsSP;
import cryptix.openpgp.signature.PGPKeyIDSP;
import cryptix.openpgp.signature.PGPNotationDataSP;
import cryptix.openpgp.signature.PGPSignatureSubPacket;
import cryptix.openpgp.signature.PGPStringSP;
import cryptix.openpgp.signature.PGPTrustSP;
import cryptix.pki.KeyBundle;
import cryptix.pki.KeyID;
import cryptix.pki.KeyIDFactory;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.util.Date;
import java.util.Properties;
import java.util.Vector;

/* loaded from: input_file:cryptix/openpgp/provider/PGPCertificateImpl.class */
public class PGPCertificateImpl extends PGPCertificate {
    private PGPSignaturePacket pkt;
    private PGPPrincipal subject;
    private PGPPublicKey key;
    private boolean hasCachedCreationDate;
    private Date cachedCreationDate;
    private boolean hasCachedExpirationDate;
    private Date cachedExpirationDate;
    private boolean hasCachedIsExportable;
    private boolean cachedIsExportable;
    private boolean hasCachedTrust;
    private int cachedTrustLevel;
    private int cachedTrustAmount;
    private boolean hasCachedTrustRegularExpression;
    private String cachedTrustRegularExpression;
    private boolean hasCachedIsRevocable;
    private boolean cachedIsRevocable;
    private boolean hasCachedIssuerKeyID;
    private KeyID cachedIssuerKeyID;
    private boolean hasCachedNotationData;
    private Properties cachedMachineReadableNotationData;
    private Properties cachedHumanReadableNotationData;
    private boolean hasCachedPolicyURL;
    private String cachedPolicyURL;
    private boolean hasCachedKeyFlags;
    private boolean cachedKeyFlagsSpecified;
    private boolean cachedKeyFlagCertification;
    private boolean cachedKeyFlagSignData;
    private boolean cachedKeyFlagEncryptCommunication;
    private boolean cachedKeyFlagEncryptStorage;
    private boolean hasCachedIssuerUserID;
    private PGPPrincipal cachedIssuerUserID;
    private boolean hasCachedPublicKeyID;
    private KeyID cachedPublicKeyID;
    private boolean parsed;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PGPCertificateImpl(PGPSignaturePacket pGPSignaturePacket, PGPPrincipal pGPPrincipal, PGPPublicKey pGPPublicKey) {
        super("OpenPGP");
        this.parsed = false;
        this.pkt = pGPSignaturePacket;
        this.subject = pGPPrincipal;
        this.key = pGPPublicKey;
    }

    private void cacheKeyFlags() throws CertificateParsingException {
        this.hasCachedKeyFlags = true;
        PGPSignatureSubPacket hashedPacket = getHashedPacket((byte) 27);
        if (hashedPacket == null) {
            this.cachedKeyFlagsSpecified = false;
            return;
        }
        this.cachedKeyFlagsSpecified = true;
        this.cachedKeyFlagCertification = ((PGPKeyFlagsSP) hashedPacket).getCertify();
        this.cachedKeyFlagSignData = ((PGPKeyFlagsSP) hashedPacket).getSign();
        this.cachedKeyFlagEncryptCommunication = ((PGPKeyFlagsSP) hashedPacket).getEncryptCommunication();
        this.cachedKeyFlagEncryptStorage = ((PGPKeyFlagsSP) hashedPacket).getEncryptStorage();
    }

    private void cacheNotationData() {
        this.cachedMachineReadableNotationData = new Properties();
        this.cachedHumanReadableNotationData = new Properties();
        if (this.pkt.getVersion() == 3) {
            return;
        }
        Vector hashedSubPackets = this.pkt.getHashedSubPackets();
        for (int i = 0; i < hashedSubPackets.size(); i++) {
            PGPSignatureSubPacket pGPSignatureSubPacket = (PGPSignatureSubPacket) hashedSubPackets.elementAt(i);
            if (pGPSignatureSubPacket instanceof PGPNotationDataSP) {
                PGPNotationDataSP pGPNotationDataSP = (PGPNotationDataSP) pGPSignatureSubPacket;
                String nameData = pGPNotationDataSP.getNameData();
                String valueData = pGPNotationDataSP.getValueData();
                if (pGPNotationDataSP.getHumanReadable()) {
                    this.cachedHumanReadableNotationData.setProperty(nameData, valueData);
                } else {
                    this.cachedMachineReadableNotationData.setProperty(nameData, valueData);
                }
            }
        }
    }

    @Override // cryptix.pki.ExtendedCertificate
    public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException, CertificateParsingException {
        checkValidity(new Date());
    }

    @Override // cryptix.pki.ExtendedCertificate
    public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException, CertificateParsingException {
        if (date.compareTo(getCreationDate()) < 0) {
            throw new CertificateNotYetValidException("date is before creation");
        }
        if (getExpirationDate() != null && date.compareTo(getExpirationDate()) > 0) {
            throw new CertificateExpiredException("date is after expiration");
        }
    }

    @Override // cryptix.openpgp.PGPCertificate
    public Date getCreationDate() throws CertificateParsingException {
        if (this.hasCachedCreationDate) {
            return this.cachedCreationDate;
        }
        if (this.pkt.getVersion() == 3) {
            byte[] time = this.pkt.getTime();
            this.cachedCreationDate = new Date((((time[0] & 255) << 24) + ((time[1] & 255) << 16) + ((time[2] & 255) << 8) + (time[3] & 255)) * 1000);
            this.hasCachedCreationDate = true;
            return this.cachedCreationDate;
        }
        if (this.pkt.getVersion() != 4) {
            throw new CertificateParsingException(new StringBuffer("Invalid sig version ").append((int) this.pkt.getVersion()).toString());
        }
        PGPSignatureSubPacket hashedPacket = getHashedPacket((byte) 2);
        if (hashedPacket == null) {
            throw new CertificateParsingException("No creation time in hashed area.");
        }
        this.cachedCreationDate = ((PGPDateSP) hashedPacket).getValue();
        this.hasCachedCreationDate = true;
        return this.cachedCreationDate;
    }

    @Override // java.security.cert.Certificate
    public byte[] getEncoded() throws CertificateEncodingException {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            this.key.getPacket().encode(byteArrayOutputStream);
            this.subject.getPacket().encode(byteArrayOutputStream);
            this.pkt.encode(byteArrayOutputStream);
            byteArrayOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new InternalError(new StringBuffer("IOException in ByteArrayOutputStream ").append(e).toString());
        }
    }

    @Override // cryptix.openpgp.PGPCertificate
    public Date getExpirationDate() throws CertificateParsingException {
        if (this.hasCachedExpirationDate) {
            return this.cachedExpirationDate;
        }
        PGPSignatureSubPacket hashedPacket = getHashedPacket((byte) 3);
        if (hashedPacket == null) {
            this.cachedExpirationDate = null;
        } else {
            this.cachedExpirationDate = ((PGPDateSP) hashedPacket).getValue();
        }
        this.hasCachedExpirationDate = true;
        return this.cachedExpirationDate;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PGPSignatureSubPacket getHashedPacket(byte b) throws CertificateParsingException {
        parse();
        if (this.pkt.getVersion() == 3) {
            return null;
        }
        if (this.pkt.getVersion() != 4) {
            throw new CertificateParsingException(new StringBuffer("Invalid sig version ").append((int) this.pkt.getVersion()).toString());
        }
        Vector hashedSubPackets = this.pkt.getHashedSubPackets();
        Vector unhashedSubPackets = this.pkt.getUnhashedSubPackets();
        PGPSignatureSubPacket pGPSignatureSubPacket = null;
        for (int i = 0; i < unhashedSubPackets.size(); i++) {
            if (((PGPSignatureSubPacket) unhashedSubPackets.elementAt(i)).getPacketID() == b) {
                throw new CertificateParsingException("Packet found in unhashed area.");
            }
        }
        for (int i2 = 0; i2 < hashedSubPackets.size(); i2++) {
            PGPSignatureSubPacket pGPSignatureSubPacket2 = (PGPSignatureSubPacket) hashedSubPackets.elementAt(i2);
            if (pGPSignatureSubPacket2.getPacketID() == b) {
                if (pGPSignatureSubPacket != null) {
                    throw new CertificateParsingException("Packet found more than once.");
                }
                pGPSignatureSubPacket = pGPSignatureSubPacket2;
            }
        }
        return pGPSignatureSubPacket;
    }

    @Override // cryptix.openpgp.PGPCertificate
    public Properties getHumanReadableNotationData() throws CertificateParsingException {
        if (this.hasCachedNotationData) {
            return this.cachedHumanReadableNotationData;
        }
        cacheNotationData();
        return this.cachedHumanReadableNotationData;
    }

    @Override // cryptix.openpgp.PGPCertificate
    public KeyID getIssuerKeyID() throws CertificateParsingException {
        if (this.hasCachedIssuerKeyID) {
            return this.cachedIssuerKeyID;
        }
        if (this.pkt.getVersion() == 3) {
            this.cachedIssuerKeyID = new PGPKeyIDImpl(null, this.pkt.getKeyID(), 3);
        } else {
            if (this.pkt.getVersion() != 4) {
                throw new CertificateParsingException(new StringBuffer("Invalid sig version ").append((int) this.pkt.getVersion()).toString());
            }
            PGPSignatureSubPacket unhashedPacket = getUnhashedPacket((byte) 16);
            if (unhashedPacket == null) {
                this.cachedIssuerKeyID = null;
            } else {
                this.cachedIssuerKeyID = new PGPKeyIDImpl(null, ((PGPKeyIDSP) unhashedPacket).getValue(), 4);
            }
        }
        this.hasCachedIssuerKeyID = true;
        return this.cachedIssuerKeyID;
    }

    @Override // cryptix.openpgp.PGPCertificate
    public PGPPrincipal getIssuerUserID() throws CertificateParsingException {
        if (this.hasCachedIssuerUserID) {
            return this.cachedIssuerUserID;
        }
        PGPSignatureSubPacket hashedPacket = getHashedPacket((byte) 28);
        if (hashedPacket == null) {
            this.cachedIssuerUserID = null;
        } else {
            String value = ((PGPStringSP) hashedPacket).getValue();
            PGPUserIDPacket pGPUserIDPacket = new PGPUserIDPacket();
            pGPUserIDPacket.setValue(value);
            this.cachedIssuerUserID = new PGPUserIDPrincipal(pGPUserIDPacket);
        }
        this.hasCachedIssuerUserID = true;
        return this.cachedIssuerUserID;
    }

    @Override // cryptix.openpgp.PGPCertificate
    public boolean getKeyFlagCertification() throws CertificateParsingException {
        if (!this.hasCachedKeyFlags) {
            cacheKeyFlags();
        }
        if (this.cachedKeyFlagsSpecified) {
            return this.cachedKeyFlagCertification;
        }
        throw new UnsupportedOperationException("Key flags not specified");
    }

    @Override // cryptix.openpgp.PGPCertificate
    public boolean getKeyFlagEncryptCommunication() throws CertificateParsingException {
        if (!this.hasCachedKeyFlags) {
            cacheKeyFlags();
        }
        if (this.cachedKeyFlagsSpecified) {
            return this.cachedKeyFlagEncryptCommunication;
        }
        throw new UnsupportedOperationException("Key flags not specified");
    }

    @Override // cryptix.openpgp.PGPCertificate
    public boolean getKeyFlagEncryptStorage() throws CertificateParsingException {
        if (!this.hasCachedKeyFlags) {
            cacheKeyFlags();
        }
        if (this.cachedKeyFlagsSpecified) {
            return this.cachedKeyFlagEncryptStorage;
        }
        throw new UnsupportedOperationException("Key flags not specified");
    }

    @Override // cryptix.openpgp.PGPCertificate
    public boolean getKeyFlagSignData() throws CertificateParsingException {
        if (!this.hasCachedKeyFlags) {
            cacheKeyFlags();
        }
        if (this.cachedKeyFlagsSpecified) {
            return this.cachedKeyFlagSignData;
        }
        throw new UnsupportedOperationException("Key flags not specified");
    }

    @Override // cryptix.openpgp.PGPCertificate
    public boolean getKeyFlagsSpecified() throws CertificateParsingException {
        if (!this.hasCachedKeyFlags) {
            cacheKeyFlags();
        }
        return this.cachedKeyFlagsSpecified;
    }

    @Override // cryptix.openpgp.PGPCertificate
    public Properties getMachineReadableNotationData() throws CertificateParsingException {
        if (this.hasCachedNotationData) {
            return this.cachedMachineReadableNotationData;
        }
        cacheNotationData();
        return this.cachedMachineReadableNotationData;
    }

    @Override // cryptix.openpgp.PGPCertificate
    public PGPSignaturePacket getPacket() {
        return this.pkt;
    }

    @Override // cryptix.openpgp.PGPCertificate
    public String getPolicyURL() throws CertificateParsingException {
        if (this.hasCachedPolicyURL) {
            return this.cachedPolicyURL;
        }
        PGPSignatureSubPacket hashedPacket = getHashedPacket((byte) 26);
        if (hashedPacket == null) {
            this.cachedPolicyURL = null;
        } else {
            this.cachedPolicyURL = ((PGPStringSP) hashedPacket).getValue();
        }
        this.hasCachedPolicyURL = true;
        return this.cachedPolicyURL;
    }

    @Override // java.security.cert.Certificate
    public PublicKey getPublicKey() {
        return this.key;
    }

    public KeyID getPublicKeyID() throws CertificateParsingException {
        try {
            if (this.hasCachedPublicKeyID) {
                return this.cachedPublicKeyID;
            }
            this.cachedPublicKeyID = KeyIDFactory.getInstance("OpenPGP").generateKeyID(this.key);
            this.hasCachedPublicKeyID = true;
            return this.cachedPublicKeyID;
        } catch (InvalidKeyException e) {
            throw new CertificateParsingException(String.valueOf(String.valueOf(e)));
        } catch (NoSuchAlgorithmException e2) {
            throw new CertificateParsingException(String.valueOf(String.valueOf(e2)));
        }
    }

    @Override // cryptix.pki.ExtendedCertificate
    public Principal getSubject() {
        return this.subject;
    }

    @Override // cryptix.openpgp.PGPCertificate
    public int getTrustAmount() throws CertificateParsingException {
        if (this.hasCachedTrust) {
            return this.cachedTrustAmount;
        }
        PGPSignatureSubPacket hashedPacket = getHashedPacket((byte) 5);
        if (hashedPacket == null) {
            this.cachedTrustLevel = 0;
            this.cachedTrustAmount = 0;
        } else {
            this.cachedTrustLevel = ((PGPTrustSP) hashedPacket).getDepth();
            this.cachedTrustAmount = ((PGPTrustSP) hashedPacket).getAmount();
        }
        this.hasCachedTrust = true;
        return this.cachedTrustAmount;
    }

    @Override // cryptix.openpgp.PGPCertificate
    public int getTrustLevel() throws CertificateParsingException {
        if (this.hasCachedTrust) {
            return this.cachedTrustLevel;
        }
        PGPSignatureSubPacket hashedPacket = getHashedPacket((byte) 5);
        if (hashedPacket == null) {
            this.cachedTrustLevel = 0;
            this.cachedTrustAmount = 0;
        } else {
            this.cachedTrustLevel = ((PGPTrustSP) hashedPacket).getDepth();
            this.cachedTrustAmount = ((PGPTrustSP) hashedPacket).getAmount();
        }
        this.hasCachedTrust = true;
        return this.cachedTrustLevel;
    }

    @Override // cryptix.openpgp.PGPCertificate
    public String getTrustRegularExpression() throws CertificateParsingException {
        if (this.hasCachedTrustRegularExpression) {
            return this.cachedTrustRegularExpression;
        }
        PGPSignatureSubPacket hashedPacket = getHashedPacket((byte) 6);
        if (hashedPacket == null) {
            this.cachedTrustRegularExpression = null;
        } else {
            this.cachedTrustRegularExpression = ((PGPStringSP) hashedPacket).getValue();
        }
        this.hasCachedTrustRegularExpression = true;
        return this.cachedTrustRegularExpression;
    }

    PGPSignatureSubPacket getUnhashedPacket(byte b) throws CertificateParsingException {
        parse();
        if (this.pkt.getVersion() == 3) {
            return null;
        }
        if (this.pkt.getVersion() != 4) {
            throw new CertificateParsingException(new StringBuffer("Invalid sig version ").append((int) this.pkt.getVersion()).toString());
        }
        Vector allSubPackets = this.pkt.getAllSubPackets();
        PGPSignatureSubPacket pGPSignatureSubPacket = null;
        for (int i = 0; i < allSubPackets.size(); i++) {
            PGPSignatureSubPacket pGPSignatureSubPacket2 = (PGPSignatureSubPacket) allSubPackets.elementAt(i);
            if (pGPSignatureSubPacket2.getPacketID() == b) {
                if (pGPSignatureSubPacket != null) {
                    throw new CertificateParsingException("Packet found more than once.");
                }
                pGPSignatureSubPacket = pGPSignatureSubPacket2;
            }
        }
        return pGPSignatureSubPacket;
    }

    @Override // cryptix.openpgp.PGPCertificate
    public boolean isExportable() throws CertificateParsingException {
        if (this.hasCachedIsExportable) {
            return this.cachedIsExportable;
        }
        PGPSignatureSubPacket hashedPacket = getHashedPacket((byte) 4);
        if (hashedPacket == null) {
            this.cachedIsExportable = true;
        } else {
            this.cachedIsExportable = ((PGPBooleanSP) hashedPacket).getValue();
        }
        this.hasCachedIsExportable = true;
        return this.cachedIsExportable;
    }

    @Override // cryptix.openpgp.PGPCertificate
    public boolean isRevocable() throws CertificateParsingException {
        if (this.hasCachedIsRevocable) {
            return this.cachedIsRevocable;
        }
        PGPSignatureSubPacket hashedPacket = getHashedPacket((byte) 7);
        if (hashedPacket == null) {
            this.cachedIsRevocable = true;
        } else {
            this.cachedIsRevocable = ((PGPBooleanSP) hashedPacket).getValue();
        }
        this.hasCachedIsRevocable = true;
        return this.cachedIsRevocable;
    }

    @Override // cryptix.pki.ExtendedCertificate
    public boolean isSelfSigned() throws CertificateException {
        return getIssuerKeyID().match(getPublicKeyID());
    }

    private void parse() throws CertificateParsingException {
        try {
            if (this.parsed) {
                return;
            }
            if (this.pkt.getVersion() > 3) {
                this.pkt.parseSignatureSubPackets();
            }
            this.parsed = true;
        } catch (PGPDataFormatException e) {
            throw new CertificateParsingException(String.valueOf(String.valueOf(e)));
        } catch (PGPFatalDataFormatException e2) {
            throw new CertificateParsingException(String.valueOf(String.valueOf(e2)));
        }
    }

    @Override // java.security.cert.Certificate
    public String toString() {
        throw new RuntimeException("NYI");
    }

    @Override // cryptix.pki.ExtendedCertificate
    public void verify(KeyBundle keyBundle) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        verify((PublicKey) keyBundle.getPublicKeys().next());
    }

    @Override // java.security.cert.Certificate
    public void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        if (!(publicKey instanceof PGPPublicKey)) {
            throw new InvalidKeyException("Not instance of PGPPublicKey");
        }
        PGPPublicKey pGPPublicKey = (PGPPublicKey) publicKey;
        if (!(pGPPublicKey.getPacket() instanceof PGPPublicKeyPacket)) {
            throw new InvalidKeyException("Not a public signing key");
        }
        PGPPublicKeyPacket pGPPublicKeyPacket = (PGPPublicKeyPacket) this.key.getPacket();
        PGPUserIDPacket pGPUserIDPacket = (PGPUserIDPacket) this.subject.getPacket();
        PGPSigner pGPSigner = (PGPSigner) pGPPublicKey.getPacket().getAlgorithm();
        PGPAlgorithmFactory defaultInstance = PGPAlgorithmFactory.getDefaultInstance();
        MessageDigest hashAlgorithm = defaultInstance.getHashAlgorithm(this.pkt.getHashID());
        pGPSigner.initVerify(this.pkt.getHashID(), defaultInstance);
        PGPHashDataOutputStream pGPHashDataOutputStream = new PGPHashDataOutputStream(hashAlgorithm, pGPSigner);
        try {
            pGPPublicKeyPacket.encodeBody(pGPHashDataOutputStream);
            pGPHashDataOutputStream.close();
            try {
                byte[] bytes = pGPUserIDPacket.getValue().getBytes("UTF-8");
                if (this.pkt.getVersion() == 4) {
                    byte[] bArr = {-76, (byte) ((bytes.length >> 24) & 255), (byte) ((bytes.length >> 16) & 255), (byte) ((bytes.length >> 8) & 255), (byte) (bytes.length & 255)};
                    hashAlgorithm.update(bArr);
                    pGPSigner.update(bArr);
                }
                hashAlgorithm.update(bytes);
                pGPSigner.update(bytes);
                int hashData = this.pkt.hashData(hashAlgorithm, pGPSigner);
                if (this.pkt.getVersion() == 4) {
                    byte[] bArr2 = {this.pkt.getVersion(), -1, (byte) ((hashData >> 24) & 255), (byte) ((hashData >> 16) & 255), (byte) ((hashData >> 8) & 255), (byte) (hashData & 255)};
                    hashAlgorithm.update(bArr2);
                    pGPSigner.update(bArr2);
                }
                byte[] digest = hashAlgorithm.digest();
                byte[] hash = this.pkt.getHash();
                if (!(digest[0] == hash[0] && digest[1] == hash[1])) {
                    throw new SignatureException("Invalid signature");
                }
                try {
                    this.pkt.interpretSignature(pGPSigner);
                    if (!pGPSigner.verifySignature()) {
                        throw new SignatureException("Invalid signature");
                    }
                } catch (PGPDataFormatException unused) {
                    throw new CertificateParsingException("Invalid signature");
                } catch (IOException e) {
                    throw new InternalError(new StringBuffer("IOException while parsing signature ").append(e).toString());
                }
            } catch (UnsupportedEncodingException unused2) {
                throw new InternalError("UTF-8 encoding not supported.");
            }
        } catch (IOException e2) {
            throw new InternalError(new StringBuffer("IOException on hashing key - ").append(e2).toString());
        }
    }

    @Override // java.security.cert.Certificate
    public void verify(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        if (!str.equals("CryptixOpenPGP")) {
            throw new NoSuchProviderException("Only CryptixOpenPGP is supported as a provider.");
        }
        verify(publicKey);
    }
}
