Red Hat Application Migration Toolkit
package com.lowagie.text.pdf;
import com.lowagie.text.ExceptionConverter;
import com.lowagie.text.pdf.TSAClient;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1OutputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DEREnumerated;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERString;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTCTime;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.tsp.MessageImprint;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.provider.X509CRLParser;
import org.bouncycastle.jce.provider.X509CertParser;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.CertificateID;
import org.bouncycastle.ocsp.SingleResp;
import org.bouncycastle.tsp.TimeStampToken;
public class PdfPKCS7 {
private byte[] sigAttr;
private byte[] digestAttr;
private int version;
private int signerversion;
private Set digestalgos;
private Collection certs;
private Collection crls;
private Collection signCerts;
private X509Certificate signCert;
private byte[] digest;
private MessageDigest messageDigest;
private String digestAlgorithm;
private String digestEncryptionAlgorithm;
private Signature sig;
private transient PrivateKey privKey;
private byte[] RSAdata;
private boolean verified;
private boolean verifyResult;
private byte[] externalDigest;
private byte[] externalRSAdata;
private String provider;
private static final String ID_PKCS7_DATA = "1.2.840.113549.1.7.1";
private static final String ID_PKCS7_SIGNED_DATA = "1.2.840.113549.1.7.2";
private static final String ID_RSA = "1.2.840.113549.1.1.1";
private static final String ID_DSA = "1.2.840.10040.4.1";
private static final String ID_CONTENT_TYPE = "1.2.840.113549.1.9.3";
private static final String ID_MESSAGE_DIGEST = "1.2.840.113549.1.9.4";
private static final String ID_SIGNING_TIME = "1.2.840.113549.1.9.5";
private static final String ID_ADBE_REVOCATION = "1.2.840.113583.1.1.8";
private String reason;
private String location;
private Calendar signDate;
private String signName;
private TimeStampToken timeStampToken;
private static final HashMap digestNames = new HashMap();
private static final HashMap algorithmNames = new HashMap();
private static final HashMap allowedDigests = new HashMap();
private BasicOCSPResp basicResp;
public static String getDigest(String var0) {
String var1 = (String)digestNames.get(var0);
return var1 == null?var0:var1;
}
public static String getAlgorithm(String var0) {
String var1 = (String)algorithmNames.get(var0);
return var1 == null?var0:var1;
}
public TimeStampToken getTimeStampToken() {
return this.timeStampToken;
}
public Calendar getTimeStampDate() {
if(this.timeStampToken == null) {
return null;
} else {
GregorianCalendar var1 = new GregorianCalendar();
Date var2 = this.timeStampToken.getTimeStampInfo().getGenTime();
var1.setTime(var2);
return var1;
}
}
public PdfPKCS7(byte[] var1, byte[] var2, String var3) {
try {
this.provider = var3;
X509CertParser var4 = new X509CertParser();
var4.engineInit(new ByteArrayInputStream(var2));
this.certs = var4.engineReadAll();
this.signCerts = this.certs;
this.signCert = (X509Certificate)this.certs.iterator().next();
this.crls = new ArrayList();
ASN1InputStream var5 = new ASN1InputStream(new ByteArrayInputStream(var1));
this.digest = ((DEROctetString)var5.readObject()).getOctets();
if(var3 == null) {
this.sig = Signature.getInstance("SHA1withRSA");
} else {
this.sig = Signature.getInstance("SHA1withRSA", var3);
}
this.sig.initVerify(this.signCert.getPublicKey());
} catch (Exception var6) {
throw new ExceptionConverter(var6);
}
}
public BasicOCSPResp getOcsp() {
return this.basicResp;
}
private void findOcsp(ASN1Sequence var1) throws IOException {
this.basicResp = null;
boolean var2 = false;
do {
if(var1.getObjectAt(0) instanceof DERObjectIdentifier && ((DERObjectIdentifier)var1.getObjectAt(0)).getId().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic.getId())) {
DEROctetString var6 = (DEROctetString)var1.getObjectAt(1);
ASN1InputStream var7 = new ASN1InputStream(var6.getOctets());
BasicOCSPResponse var5 = BasicOCSPResponse.getInstance(var7.readObject());
this.basicResp = new BasicOCSPResp(var5);
return;
}
var2 = true;
for(int var3 = 0; var3 < var1.size(); ++var3) {
if(var1.getObjectAt(var3) instanceof ASN1Sequence) {
var1 = (ASN1Sequence)var1.getObjectAt(0);
var2 = false;
break;
}
if(var1.getObjectAt(var3) instanceof ASN1TaggedObject) {
ASN1TaggedObject var4 = (ASN1TaggedObject)var1.getObjectAt(var3);
if(!(var4.getObject() instanceof ASN1Sequence)) {
return;
}
var1 = (ASN1Sequence)var4.getObject();
var2 = false;
break;
}
}
} while(!var2);
}
public PdfPKCS7(byte[] var1, String var2) {
try {
this.provider = var2;
ASN1InputStream var3 = new ASN1InputStream(new ByteArrayInputStream(var1));
DERObject var4;
try {
var4 = var3.readObject();
} catch (IOException var26) {
throw new IllegalArgumentException("can\'t decode PKCS7SignedData object");
}
if(!(var4 instanceof ASN1Sequence)) {
throw new IllegalArgumentException("Not a valid PKCS#7 object - not a sequence");
} else {
ASN1Sequence var5 = (ASN1Sequence)var4;
DERObjectIdentifier var6 = (DERObjectIdentifier)var5.getObjectAt(0);
if(!var6.getId().equals("1.2.840.113549.1.7.2")) {
throw new IllegalArgumentException("Not a valid PKCS#7 object - not signed data");
} else {
ASN1Sequence var7 = (ASN1Sequence)((DERTaggedObject)var5.getObjectAt(1)).getObject();
this.version = ((DERInteger)var7.getObjectAt(0)).getValue().intValue();
this.digestalgos = new HashSet();
Enumeration var8 = ((ASN1Set)var7.getObjectAt(1)).getObjects();
while(var8.hasMoreElements()) {
ASN1Sequence var9 = (ASN1Sequence)var8.nextElement();
DERObjectIdentifier var10 = (DERObjectIdentifier)var9.getObjectAt(0);
this.digestalgos.add(var10.getId());
}
X509CertParser var28 = new X509CertParser();
var28.engineInit(new ByteArrayInputStream(var1));
this.certs = var28.engineReadAll();
X509CRLParser var29 = new X509CRLParser();
var29.engineInit(new ByteArrayInputStream(var1));
this.crls = var29.engineReadAll();
ASN1Sequence var11 = (ASN1Sequence)var7.getObjectAt(2);
if(var11.size() > 1) {
DEROctetString var12 = (DEROctetString)((DERTaggedObject)var11.getObjectAt(1)).getObject();
this.RSAdata = var12.getOctets();
}
int var30;
for(var30 = 3; var7.getObjectAt(var30) instanceof DERTaggedObject; ++var30) {
;
}
ASN1Set var13 = (ASN1Set)var7.getObjectAt(var30);
if(var13.size() != 1) {
throw new IllegalArgumentException("This PKCS#7 object has multiple SignerInfos - only one is supported at this time");
} else {
ASN1Sequence var14 = (ASN1Sequence)var13.getObjectAt(0);
this.signerversion = ((DERInteger)var14.getObjectAt(0)).getValue().intValue();
ASN1Sequence var15 = (ASN1Sequence)var14.getObjectAt(1);
BigInteger var16 = ((DERInteger)var15.getObjectAt(1)).getValue();
Iterator var17 = this.certs.iterator();
while(var17.hasNext()) {
X509Certificate var18 = (X509Certificate)var17.next();
if(var16.equals(var18.getSerialNumber())) {
this.signCert = var18;
break;
}
}
if(this.signCert == null) {
throw new IllegalArgumentException("Can\'t find signing certificate with serial " + var16.toString(16));
} else {
this.signCertificateChain();
this.digestAlgorithm = ((DERObjectIdentifier)((ASN1Sequence)var14.getObjectAt(2)).getObjectAt(0)).getId();
var30 = 3;
ASN1Set var21;
ASN1Sequence var22;
ASN1Set var33;
if(var14.getObjectAt(var30) instanceof ASN1TaggedObject) {
ASN1TaggedObject var31 = (ASN1TaggedObject)var14.getObjectAt(var30);
var33 = ASN1Set.getInstance(var31, false);
this.sigAttr = var33.getEncoded("DER");
for(int var19 = 0; var19 < var33.size(); ++var19) {
ASN1Sequence var20 = (ASN1Sequence)var33.getObjectAt(var19);
if(((DERObjectIdentifier)var20.getObjectAt(0)).getId().equals("1.2.840.113549.1.9.4")) {
var21 = (ASN1Set)var20.getObjectAt(1);
this.digestAttr = ((DEROctetString)var21.getObjectAt(0)).getOctets();
} else if(((DERObjectIdentifier)var20.getObjectAt(0)).getId().equals("1.2.840.113583.1.1.8")) {
var21 = (ASN1Set)var20.getObjectAt(1);
var22 = (ASN1Sequence)var21.getObjectAt(0);
for(int var23 = 0; var23 < var22.size(); ++var23) {
ASN1TaggedObject var24 = (ASN1TaggedObject)var22.getObjectAt(var23);
if(var24.getTagNo() == 1) {
ASN1Sequence var25 = (ASN1Sequence)var24.getObject();
this.findOcsp(var25);
}
}
}
}
if(this.digestAttr == null) {
throw new IllegalArgumentException("Authenticated attribute is missing the digest.");
}
++var30;
}
this.digestEncryptionAlgorithm = ((DERObjectIdentifier)((ASN1Sequence)var14.getObjectAt(var30++)).getObjectAt(0)).getId();
this.digest = ((DEROctetString)var14.getObjectAt(var30++)).getOctets();
if(var30 < var14.size() && var14.getObjectAt(var30) instanceof DERTaggedObject) {
DERTaggedObject var32 = (DERTaggedObject)var14.getObjectAt(var30);
var33 = ASN1Set.getInstance(var32, false);
AttributeTable var34 = new AttributeTable(var33);
Attribute var35 = var34.get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken);
if(var35 != null) {
var21 = var35.getAttrValues();
var22 = ASN1Sequence.getInstance(var21.getObjectAt(0));
ContentInfo var36 = new ContentInfo(var22);
this.timeStampToken = new TimeStampToken(var36);
}
}
if(this.RSAdata != null || this.digestAttr != null) {
if(var2 != null && !var2.startsWith("SunPKCS11")) {
this.messageDigest = MessageDigest.getInstance(this.getHashAlgorithm(), var2);
} else {
this.messageDigest = MessageDigest.getInstance(this.getHashAlgorithm());
}
}
if(var2 == null) {
this.sig = Signature.getInstance(this.getDigestAlgorithm());
} else {
this.sig = Signature.getInstance(this.getDigestAlgorithm(), var2);
}
this.sig.initVerify(this.signCert.getPublicKey());
}
}
}
}
} catch (Exception var27) {
throw new ExceptionConverter(var27);
}
}
public PdfPKCS7(PrivateKey var1, Certificate[] var2, CRL[] var3, String var4, String var5, boolean var6) throws InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException {
this.privKey = var1;
this.provider = var5;
this.digestAlgorithm = (String)allowedDigests.get(var4.toUpperCase());
if(this.digestAlgorithm == null) {
throw new NoSuchAlgorithmException("Unknown Hash Algorithm " + var4);
} else {
this.version = this.signerversion = 1;
this.certs = new ArrayList();
this.crls = new ArrayList();
this.digestalgos = new HashSet();
this.digestalgos.add(this.digestAlgorithm);
this.signCert = (X509Certificate)var2[0];
int var7;
for(var7 = 0; var7 < var2.length; ++var7) {
this.certs.add(var2[var7]);
}
if(var3 != null) {
for(var7 = 0; var7 < var3.length; ++var7) {
this.crls.add(var3[var7]);
}
}
if(var1 != null) {
this.digestEncryptionAlgorithm = var1.getAlgorithm();
if(this.digestEncryptionAlgorithm.equals("RSA")) {
this.digestEncryptionAlgorithm = "1.2.840.113549.1.1.1";
} else {
if(!this.digestEncryptionAlgorithm.equals("DSA")) {
throw new NoSuchAlgorithmException("Unknown Key Algorithm " + this.digestEncryptionAlgorithm);
}
this.digestEncryptionAlgorithm = "1.2.840.10040.4.1";
}
}
if(var6) {
this.RSAdata = new byte[0];
if(var5 != null && !var5.startsWith("SunPKCS11")) {
this.messageDigest = MessageDigest.getInstance(this.getHashAlgorithm(), var5);
} else {
this.messageDigest = MessageDigest.getInstance(this.getHashAlgorithm());
}
}
if(var1 != null) {
if(var5 == null) {
this.sig = Signature.getInstance(this.getDigestAlgorithm());
} else {
this.sig = Signature.getInstance(this.getDigestAlgorithm(), var5);
}
this.sig.initSign(var1);
}
}
}
public void update(byte[] var1, int var2, int var3) throws SignatureException {
if(this.RSAdata == null && this.digestAttr == null) {
this.sig.update(var1, var2, var3);
} else {
this.messageDigest.update(var1, var2, var3);
}
}
public boolean verify() throws SignatureException {
if(this.verified) {
return this.verifyResult;
} else {
if(this.sigAttr != null) {
this.sig.update(this.sigAttr);
if(this.RSAdata != null) {
byte[] var1 = this.messageDigest.digest();
this.messageDigest.update(var1);
}
this.verifyResult = Arrays.equals(this.messageDigest.digest(), this.digestAttr) && this.sig.verify(this.digest);
} else {
if(this.RSAdata != null) {
this.sig.update(this.messageDigest.digest());
}
this.verifyResult = this.sig.verify(this.digest);
}
this.verified = true;
return this.verifyResult;
}
}
public boolean verifyTimestampImprint() throws NoSuchAlgorithmException {
if(this.timeStampToken == null) {
return false;
} else {
MessageImprint var1 = this.timeStampToken.getTimeStampInfo().toTSTInfo().getMessageImprint();
byte[] var2 = MessageDigest.getInstance("SHA-1").digest(this.digest);
byte[] var3 = var1.getHashedMessage();
boolean var4 = Arrays.equals(var2, var3);
return var4;
}
}
public Certificate[] getCertificates() {
return (X509Certificate[])((X509Certificate[])this.certs.toArray(new X509Certificate[this.certs.size()]));
}
public Certificate[] getSignCertificateChain() {
return (X509Certificate[])((X509Certificate[])this.signCerts.toArray(new X509Certificate[this.signCerts.size()]));
}
private void signCertificateChain() {
ArrayList var1 = new ArrayList();
var1.add(this.signCert);
ArrayList var2 = new ArrayList(this.certs);
for(int var3 = 0; var3 < var2.size(); ++var3) {
if(this.signCert.getSerialNumber().equals(((X509Certificate)var2.get(var3)).getSerialNumber())) {
var2.remove(var3);
--var3;
}
}
boolean var8 = true;
while(var8) {
X509Certificate var4 = (X509Certificate)var1.get(var1.size() - 1);
var8 = false;
int var5 = 0;
while(var5 < var2.size()) {
try {
if(this.provider == null) {
var4.verify(((X509Certificate)var2.get(var5)).getPublicKey());
} else {
var4.verify(((X509Certificate)var2.get(var5)).getPublicKey(), this.provider);
}
var8 = true;
var1.add(var2.get(var5));
var2.remove(var5);
break;
} catch (Exception var7) {
++var5;
}
}
}
this.signCerts = var1;
}
public Collection getCRLs() {
return this.crls;
}
public X509Certificate getSigningCertificate() {
return this.signCert;
}
public int getVersion() {
return this.version;
}
public int getSigningInfoVersion() {
return this.signerversion;
}
public String getDigestAlgorithm() {
String var1 = getAlgorithm(this.digestEncryptionAlgorithm);
if(var1 == null) {
var1 = this.digestEncryptionAlgorithm;
}
return this.getHashAlgorithm() + "with" + var1;
}
public String getHashAlgorithm() {
return getDigest(this.digestAlgorithm);
}
public static KeyStore loadCacertsKeyStore() {
return loadCacertsKeyStore((String)null);
}
public static KeyStore loadCacertsKeyStore(String var0) {
File var1 = new File(System.getProperty("java.home"), "lib");
var1 = new File(var1, "security");
var1 = new File(var1, "cacerts");
FileInputStream var2 = null;
KeyStore var4;
try {
var2 = new FileInputStream(var1);
KeyStore var3;
if(var0 == null) {
var3 = KeyStore.getInstance("JKS");
} else {
var3 = KeyStore.getInstance("JKS", var0);
}
var3.load(var2, (char[])null);
var4 = var3;
} catch (Exception var13) {
throw new ExceptionConverter(var13);
} finally {
try {
if(var2 != null) {
var2.close();
}
} catch (Exception var12) {
;
}
}
return var4;
}
public static String verifyCertificate(X509Certificate var0, Collection var1, Calendar var2) {
if(var2 == null) {
var2 = new GregorianCalendar();
}
if(var0.hasUnsupportedCriticalExtension()) {
return "Has unsupported critical extension";
} else {
try {
var0.checkValidity(((Calendar)var2).getTime());
} catch (Exception var4) {
return var4.getMessage();
}
if(var1 != null) {
Iterator var3 = var1.iterator();
while(var3.hasNext()) {
if(((CRL)var3.next()).isRevoked(var0)) {
return "Certificate revoked";
}
}
}
return null;
}
}
public static Object[] verifyCertificates(Certificate[] var0, KeyStore var1, Collection var2, Calendar var3) {
if(var3 == null) {
var3 = new GregorianCalendar();
}
for(int var4 = 0; var4 < var0.length; ++var4) {
X509Certificate var5 = (X509Certificate)var0[var4];
String var6 = verifyCertificate(var5, var2, (Calendar)var3);
if(var6 != null) {
return new Object[]{var5, var6};
}
try {
Enumeration var7 = var1.aliases();
while(var7.hasMoreElements()) {
try {
String var8 = (String)var7.nextElement();
if(var1.isCertificateEntry(var8)) {
X509Certificate var9 = (X509Certificate)var1.getCertificate(var8);
if(verifyCertificate(var9, var2, (Calendar)var3) == null) {
try {
var5.verify(var9.getPublicKey());
return null;
} catch (Exception var12) {
;
}
}
}
} catch (Exception var13) {
;
}
}
} catch (Exception var14) {
;
}
int var15;
for(var15 = 0; var15 < var0.length; ++var15) {
if(var15 != var4) {
X509Certificate var16 = (X509Certificate)var0[var15];
try {
var5.verify(var16.getPublicKey());
break;
} catch (Exception var11) {
;
}
}
}
if(var15 == var0.length) {
return new Object[]{var5, "Cannot be verified against the KeyStore or the certificate chain"};
}
}
return new Object[]{null, "Invalid state. Possible circular certificate chain"};
}
public static boolean verifyOcspCertificates(BasicOCSPResp var0, KeyStore var1, String var2) {
if(var2 == null) {
var2 = "BC";
}
try {
Enumeration var3 = var1.aliases();
while(var3.hasMoreElements()) {
try {
String var4 = (String)var3.nextElement();
if(var1.isCertificateEntry(var4)) {
X509Certificate var5 = (X509Certificate)var1.getCertificate(var4);
if(var0.verify(var5.getPublicKey(), var2)) {
return true;
}
}
} catch (Exception var6) {
;
}
}
} catch (Exception var7) {
;
}
return false;
}
public static boolean verifyTimestampCertificates(TimeStampToken var0, KeyStore var1, String var2) {
if(var2 == null) {
var2 = "BC";
}
try {
Enumeration var3 = var1.aliases();
while(var3.hasMoreElements()) {
try {
String var4 = (String)var3.nextElement();
if(var1.isCertificateEntry(var4)) {
X509Certificate var5 = (X509Certificate)var1.getCertificate(var4);
var0.validate(var5, var2);
return true;
}
} catch (Exception var6) {
;
}
}
} catch (Exception var7) {
;
}
return false;
}
public static String getOCSPURL(X509Certificate var0) throws CertificateParsingException {
try {
DERObject var1 = getExtensionValue(var0, X509Extensions.AuthorityInfoAccess.getId());
if(var1 == null) {
return null;
}
ASN1Sequence var2 = (ASN1Sequence)var1;
for(int var3 = 0; var3 < var2.size(); ++var3) {
ASN1Sequence var4 = (ASN1Sequence)var2.getObjectAt(var3);
if(var4.size() == 2 && var4.getObjectAt(0) instanceof DERObjectIdentifier && ((DERObjectIdentifier)var4.getObjectAt(0)).getId().equals("1.3.6.1.5.5.7.48.1")) {
String var5 = getStringFromGeneralName((DERObject)var4.getObjectAt(1));
if(var5 == null) {
return "";
}
return var5;
}
}
} catch (Exception var6) {
;
}
return null;
}
public boolean isRevocationValid() {
if(this.basicResp == null) {
return false;
} else if(this.signCerts.size() < 2) {
return false;
} else {
try {
X509Certificate[] var1 = (X509Certificate[])((X509Certificate[])this.getSignCertificateChain());
SingleResp var2 = this.basicResp.getResponses()[0];
CertificateID var3 = var2.getCertID();
X509Certificate var4 = this.getSigningCertificate();
X509Certificate var5 = var1[1];
CertificateID var6 = new CertificateID("1.3.14.3.2.26", var5, var4.getSerialNumber());
return var6.equals(var3);
} catch (Exception var7) {
return false;
}
}
}
private static DERObject getExtensionValue(X509Certificate var0, String var1) throws IOException {
byte[] var2 = var0.getExtensionValue(var1);
if(var2 == null) {
return null;
} else {
ASN1InputStream var3 = new ASN1InputStream(new ByteArrayInputStream(var2));
ASN1OctetString var4 = (ASN1OctetString)var3.readObject();
var3 = new ASN1InputStream(new ByteArrayInputStream(var4.getOctets()));
return var3.readObject();
}
}
private static String getStringFromGeneralName(DERObject var0) throws IOException {
DERTaggedObject var1 = (DERTaggedObject)var0;
return new String(ASN1OctetString.getInstance(var1, false).getOctets(), "ISO-8859-1");
}
private static DERObject getIssuer(byte[] var0) {
try {
ASN1InputStream var1 = new ASN1InputStream(new ByteArrayInputStream(var0));
ASN1Sequence var2 = (ASN1Sequence)var1.readObject();
return (DERObject)var2.getObjectAt(var2.getObjectAt(0) instanceof DERTaggedObject?3:2);
} catch (IOException var3) {
throw new ExceptionConverter(var3);
}
}
private static DERObject getSubject(byte[] var0) {
try {
ASN1InputStream var1 = new ASN1InputStream(new ByteArrayInputStream(var0));
ASN1Sequence var2 = (ASN1Sequence)var1.readObject();
return (DERObject)var2.getObjectAt(var2.getObjectAt(0) instanceof DERTaggedObject?5:4);
} catch (IOException var3) {
throw new ExceptionConverter(var3);
}
}
public static PdfPKCS7.X509Name getIssuerFields(X509Certificate var0) {
try {
return new PdfPKCS7.X509Name((ASN1Sequence)getIssuer(var0.getTBSCertificate()));
} catch (Exception var2) {
throw new ExceptionConverter(var2);
}
}
public static PdfPKCS7.X509Name getSubjectFields(X509Certificate var0) {
try {
return new PdfPKCS7.X509Name((ASN1Sequence)getSubject(var0.getTBSCertificate()));
} catch (Exception var2) {
throw new ExceptionConverter(var2);
}
}
public byte[] getEncodedPKCS1() {
try {
if(this.externalDigest != null) {
this.digest = this.externalDigest;
} else {
this.digest = this.sig.sign();
}
ByteArrayOutputStream var1 = new ByteArrayOutputStream();
ASN1OutputStream var2 = new ASN1OutputStream(var1);
var2.writeObject(new DEROctetString(this.digest));
var2.close();
return var1.toByteArray();
} catch (Exception var3) {
throw new ExceptionConverter(var3);
}
}
public void setExternalDigest(byte[] var1, byte[] var2, String var3) {
this.externalDigest = var1;
this.externalRSAdata = var2;
if(var3 != null) {
if(var3.equals("RSA")) {
this.digestEncryptionAlgorithm = "1.2.840.113549.1.1.1";
} else {
if(!var3.equals("DSA")) {
throw new ExceptionConverter(new NoSuchAlgorithmException("Unknown Key Algorithm " + var3));
}
this.digestEncryptionAlgorithm = "1.2.840.10040.4.1";
}
}
}
public byte[] getEncodedPKCS7() {
return this.getEncodedPKCS7((byte[])null, (Calendar)null, (TSAClient)null, (byte[])null);
}
public byte[] getEncodedPKCS7(byte[] var1, Calendar var2) {
return this.getEncodedPKCS7(var1, var2, (TSAClient)null, (byte[])null);
}
public byte[] getEncodedPKCS7(byte[] var1, Calendar var2, TSAClient var3, byte[] var4) {
try {
if(this.externalDigest != null) {
this.digest = this.externalDigest;
if(this.RSAdata != null) {
this.RSAdata = this.externalRSAdata;
}
} else if(this.externalRSAdata != null && this.RSAdata != null) {
this.RSAdata = this.externalRSAdata;
this.sig.update(this.RSAdata);
this.digest = this.sig.sign();
} else {
if(this.RSAdata != null) {
this.RSAdata = this.messageDigest.digest();
this.sig.update(this.RSAdata);
}
this.digest = this.sig.sign();
}
ASN1EncodableVector var5 = new ASN1EncodableVector();
Iterator var6 = this.digestalgos.iterator();
while(var6.hasNext()) {
ASN1EncodableVector var7 = new ASN1EncodableVector();
var7.add(new DERObjectIdentifier((String)var6.next()));
var7.add(DERNull.INSTANCE);
var5.add(new DERSequence(var7));
}
ASN1EncodableVector var15 = new ASN1EncodableVector();
var15.add(new DERObjectIdentifier("1.2.840.113549.1.7.1"));
if(this.RSAdata != null) {
var15.add(new DERTaggedObject(0, new DEROctetString(this.RSAdata)));
}
DERSequence var16 = new DERSequence(var15);
var15 = new ASN1EncodableVector();
Iterator var8 = this.certs.iterator();
while(var8.hasNext()) {
ASN1InputStream var9 = new ASN1InputStream(new ByteArrayInputStream(((X509Certificate)var8.next()).getEncoded()));
var15.add(var9.readObject());
}
DERSet var17 = new DERSet(var15);
ASN1EncodableVector var18 = new ASN1EncodableVector();
var18.add(new DERInteger(this.signerversion));
var15 = new ASN1EncodableVector();
var15.add(getIssuer(this.signCert.getTBSCertificate()));
var15.add(new DERInteger(this.signCert.getSerialNumber()));
var18.add(new DERSequence(var15));
var15 = new ASN1EncodableVector();
var15.add(new DERObjectIdentifier(this.digestAlgorithm));
var15.add(new DERNull());
var18.add(new DERSequence(var15));
if(var1 != null && var2 != null) {
var18.add(new DERTaggedObject(false, 0, this.getAuthenticatedAttributeSet(var1, var2, var4)));
}
var15 = new ASN1EncodableVector();
var15.add(new DERObjectIdentifier(this.digestEncryptionAlgorithm));
var15.add(new DERNull());
var18.add(new DERSequence(var15));
var18.add(new DEROctetString(this.digest));
if(var3 != null) {
byte[] var10 = MessageDigest.getInstance("SHA-1").digest(this.digest);
byte[] var11 = var3.getTimeStampToken(this, var10);
if(var11 != null) {
ASN1EncodableVector var12 = this.buildUnauthenticatedAttributes(var11);
if(var12 != null) {
var18.add(new DERTaggedObject(false, 1, new DERSet(var12)));
}
}
}
ASN1EncodableVector var19 = new ASN1EncodableVector();
var19.add(new DERInteger(this.version));
var19.add(new DERSet(var5));
var19.add(var16);
var19.add(new DERTaggedObject(false, 0, var17));
if(!this.crls.isEmpty()) {
var15 = new ASN1EncodableVector();
Iterator var20 = this.crls.iterator();
while(var20.hasNext()) {
ASN1InputStream var23 = new ASN1InputStream(new ByteArrayInputStream(((X509CRL)var20.next()).getEncoded()));
var15.add(var23.readObject());
}
DERSet var21 = new DERSet(var15);
var19.add(new DERTaggedObject(false, 1, var21));
}
var19.add(new DERSet(new DERSequence(var18)));
ASN1EncodableVector var22 = new ASN1EncodableVector();
var22.add(new DERObjectIdentifier("1.2.840.113549.1.7.2"));
var22.add(new DERTaggedObject(0, new DERSequence(var19)));
ByteArrayOutputStream var24 = new ByteArrayOutputStream();
ASN1OutputStream var13 = new ASN1OutputStream(var24);
var13.writeObject(new DERSequence(var22));
var13.close();
return var24.toByteArray();
} catch (Exception var14) {
throw new ExceptionConverter(var14);
}
}
private ASN1EncodableVector buildUnauthenticatedAttributes(byte[] var1) throws IOException {
if(var1 == null) {
return null;
} else {
String var2 = "1.2.840.113549.1.9.16.2.14";
ASN1InputStream var3 = new ASN1InputStream(new ByteArrayInputStream(var1));
ASN1EncodableVector var4 = new ASN1EncodableVector();
ASN1EncodableVector var5 = new ASN1EncodableVector();
var5.add(new DERObjectIdentifier(var2));
ASN1Sequence var6 = (ASN1Sequence)var3.readObject();
var5.add(new DERSet(var6));
var4.add(new DERSequence(var5));
return var4;
}
}
public byte[] getAuthenticatedAttributeBytes(byte[] var1, Calendar var2, byte[] var3) {
try {
return this.getAuthenticatedAttributeSet(var1, var2, var3).getEncoded("DER");
} catch (Exception var5) {
throw new ExceptionConverter(var5);
}
}
private DERSet getAuthenticatedAttributeSet(byte[] var1, Calendar var2, byte[] var3) {
try {
ASN1EncodableVector var4 = new ASN1EncodableVector();
ASN1EncodableVector var5 = new ASN1EncodableVector();
var5.add(new DERObjectIdentifier("1.2.840.113549.1.9.3"));
var5.add(new DERSet(new DERObjectIdentifier("1.2.840.113549.1.7.1")));
var4.add(new DERSequence(var5));
var5 = new ASN1EncodableVector();
var5.add(new DERObjectIdentifier("1.2.840.113549.1.9.5"));
var5.add(new DERSet(new DERUTCTime(var2.getTime())));
var4.add(new DERSequence(var5));
var5 = new ASN1EncodableVector();
var5.add(new DERObjectIdentifier("1.2.840.113549.1.9.4"));
var5.add(new DERSet(new DEROctetString(var1)));
var4.add(new DERSequence(var5));
if(var3 != null) {
var5 = new ASN1EncodableVector();
var5.add(new DERObjectIdentifier("1.2.840.113583.1.1.8"));
DEROctetString var6 = new DEROctetString(var3);
ASN1EncodableVector var7 = new ASN1EncodableVector();
ASN1EncodableVector var8 = new ASN1EncodableVector();
var8.add(OCSPObjectIdentifiers.id_pkix_ocsp_basic);
var8.add(var6);
DEREnumerated var9 = new DEREnumerated(0);
ASN1EncodableVector var10 = new ASN1EncodableVector();
var10.add(var9);
var10.add(new DERTaggedObject(true, 0, new DERSequence(var8)));
var7.add(new DERSequence(var10));
var5.add(new DERSet(new DERSequence(new DERTaggedObject(true, 1, new DERSequence(var7)))));
var4.add(new DERSequence(var5));
} else if(!this.crls.isEmpty()) {
var5 = new ASN1EncodableVector();
var5.add(new DERObjectIdentifier("1.2.840.113583.1.1.8"));
ASN1EncodableVector var12 = new ASN1EncodableVector();
Iterator var13 = this.crls.iterator();
while(var13.hasNext()) {
ASN1InputStream var14 = new ASN1InputStream(new ByteArrayInputStream(((X509CRL)var13.next()).getEncoded()));
var12.add(var14.readObject());
}
var5.add(new DERSet(new DERSequence(new DERTaggedObject(true, 0, new DERSequence(var12)))));
var4.add(new DERSequence(var5));
}
return new DERSet(var4);
} catch (Exception var11) {
throw new ExceptionConverter(var11);
}
}
public String getReason() {
return this.reason;
}
public void setReason(String var1) {
this.reason = var1;
}
public String getLocation() {
return this.location;
}
public void setLocation(String var1) {
this.location = var1;
}
public Calendar getSignDate() {
return this.signDate;
}
public void setSignDate(Calendar var1) {
this.signDate = var1;
}
public String getSignName() {
return this.signName;
}
public void setSignName(String var1) {
this.signName = var1;
}
static {
digestNames.put("1.2.840.113549.2.5", "MD5");
digestNames.put("1.2.840.113549.2.2", "MD2");
digestNames.put("1.3.14.3.2.26", "SHA1");
digestNames.put("2.16.840.1.101.3.4.2.4", "SHA224");
digestNames.put("2.16.840.1.101.3.4.2.1", "SHA256");
digestNames.put("2.16.840.1.101.3.4.2.2", "SHA384");
digestNames.put("2.16.840.1.101.3.4.2.3", "SHA512");
digestNames.put("1.3.36.3.2.2", "RIPEMD128");
digestNames.put("1.3.36.3.2.1", "RIPEMD160");
digestNames.put("1.3.36.3.2.3", "RIPEMD256");
digestNames.put("1.2.840.113549.1.1.4", "MD5");
digestNames.put("1.2.840.113549.1.1.2", "MD2");
digestNames.put("1.2.840.113549.1.1.5", "SHA1");
digestNames.put("1.2.840.113549.1.1.14", "SHA224");
digestNames.put("1.2.840.113549.1.1.11", "SHA256");
digestNames.put("1.2.840.113549.1.1.12", "SHA384");
digestNames.put("1.2.840.113549.1.1.13", "SHA512");
digestNames.put("1.2.840.113549.2.5", "MD5");
digestNames.put("1.2.840.113549.2.2", "MD2");
digestNames.put("1.2.840.10040.4.3", "SHA1");
digestNames.put("2.16.840.1.101.3.4.3.1", "SHA224");
digestNames.put("2.16.840.1.101.3.4.3.2", "SHA256");
digestNames.put("2.16.840.1.101.3.4.3.3", "SHA384");
digestNames.put("2.16.840.1.101.3.4.3.4", "SHA512");
digestNames.put("1.3.36.3.3.1.3", "RIPEMD128");
digestNames.put("1.3.36.3.3.1.2", "RIPEMD160");
digestNames.put("1.3.36.3.3.1.4", "RIPEMD256");
algorithmNames.put("1.2.840.113549.1.1.1", "RSA");
algorithmNames.put("1.2.840.10040.4.1", "DSA");
algorithmNames.put("1.2.840.113549.1.1.2", "RSA");
algorithmNames.put("1.2.840.113549.1.1.4", "RSA");
algorithmNames.put("1.2.840.113549.1.1.5", "RSA");
algorithmNames.put("1.2.840.113549.1.1.14", "RSA");
algorithmNames.put("1.2.840.113549.1.1.11", "RSA");
algorithmNames.put("1.2.840.113549.1.1.12", "RSA");
algorithmNames.put("1.2.840.113549.1.1.13", "RSA");
algorithmNames.put("1.2.840.10040.4.3", "DSA");
algorithmNames.put("2.16.840.1.101.3.4.3.1", "DSA");
algorithmNames.put("2.16.840.1.101.3.4.3.2", "DSA");
algorithmNames.put("1.3.36.3.3.1.3", "RSA");
algorithmNames.put("1.3.36.3.3.1.2", "RSA");
algorithmNames.put("1.3.36.3.3.1.4", "RSA");
allowedDigests.put("MD5", "1.2.840.113549.2.5");
allowedDigests.put("MD2", "1.2.840.113549.2.2");
allowedDigests.put("SHA1", "1.3.14.3.2.26");
allowedDigests.put("SHA224", "2.16.840.1.101.3.4.2.4");
allowedDigests.put("SHA256", "2.16.840.1.101.3.4.2.1");
allowedDigests.put("SHA384", "2.16.840.1.101.3.4.2.2");
allowedDigests.put("SHA512", "2.16.840.1.101.3.4.2.3");
allowedDigests.put("MD-5", "1.2.840.113549.2.5");
allowedDigests.put("MD-2", "1.2.840.113549.2.2");
allowedDigests.put("SHA-1", "1.3.14.3.2.26");
allowedDigests.put("SHA-224", "2.16.840.1.101.3.4.2.4");
allowedDigests.put("SHA-256", "2.16.840.1.101.3.4.2.1");
allowedDigests.put("SHA-384", "2.16.840.1.101.3.4.2.2");
allowedDigests.put("SHA-512", "2.16.840.1.101.3.4.2.3");
allowedDigests.put("RIPEMD128", "1.3.36.3.2.2");
allowedDigests.put("RIPEMD-128", "1.3.36.3.2.2");
allowedDigests.put("RIPEMD160", "1.3.36.3.2.1");
allowedDigests.put("RIPEMD-160", "1.3.36.3.2.1");
allowedDigests.put("RIPEMD256", "1.3.36.3.2.3");
allowedDigests.put("RIPEMD-256", "1.3.36.3.2.3");
}
public static class X509NameTokenizer {
private String oid;
private int index;
private StringBuffer buf = new StringBuffer();
public X509NameTokenizer(String var1) {
this.oid = var1;
this.index = -1;
}
public boolean hasMoreTokens() {
return this.index != this.oid.length();
}
public String nextToken() {
if(this.index == this.oid.length()) {
return null;
} else {
int var1 = this.index + 1;
boolean var2 = false;
boolean var3 = false;
this.buf.setLength(0);
for(; var1 != this.oid.length(); ++var1) {
char var4 = this.oid.charAt(var1);
if(var4 == 34) {
if(!var3) {
var2 = !var2;
} else {
this.buf.append(var4);
}
var3 = false;
} else if(!var3 && !var2) {
if(var4 == 92) {
var3 = true;
} else {
if(var4 == 44) {
break;
}
this.buf.append(var4);
}
} else {
this.buf.append(var4);
var3 = false;
}
}
this.index = var1;
return this.buf.toString().trim();
}
}
}
public static class X509Name {
public static final DERObjectIdentifier C = new DERObjectIdentifier("2.5.4.6");
public static final DERObjectIdentifier O = new DERObjectIdentifier("2.5.4.10");
public static final DERObjectIdentifier OU = new DERObjectIdentifier("2.5.4.11");
public static final DERObjectIdentifier T = new DERObjectIdentifier("2.5.4.12");
public static final DERObjectIdentifier CN = new DERObjectIdentifier("2.5.4.3");
public static final DERObjectIdentifier SN = new DERObjectIdentifier("2.5.4.5");
public static final DERObjectIdentifier L = new DERObjectIdentifier("2.5.4.7");
public static final DERObjectIdentifier ST = new DERObjectIdentifier("2.5.4.8");
public static final DERObjectIdentifier SURNAME = new DERObjectIdentifier("2.5.4.4");
public static final DERObjectIdentifier GIVENNAME = new DERObjectIdentifier("2.5.4.42");
public static final DERObjectIdentifier INITIALS = new DERObjectIdentifier("2.5.4.43");
public static final DERObjectIdentifier GENERATION = new DERObjectIdentifier("2.5.4.44");
public static final DERObjectIdentifier UNIQUE_IDENTIFIER = new DERObjectIdentifier("2.5.4.45");
public static final DERObjectIdentifier EmailAddress = new DERObjectIdentifier("1.2.840.113549.1.9.1");
public static final DERObjectIdentifier E;
public static final DERObjectIdentifier DC;
public static final DERObjectIdentifier UID;
public static HashMap DefaultSymbols;
public HashMap values = new HashMap();
public X509Name(ASN1Sequence var1) {
Enumeration var2 = var1.getObjects();
while(var2.hasMoreElements()) {
ASN1Set var3 = (ASN1Set)var2.nextElement();
for(int var4 = 0; var4 < var3.size(); ++var4) {
ASN1Sequence var5 = (ASN1Sequence)var3.getObjectAt(var4);
String var6 = (String)DefaultSymbols.get(var5.getObjectAt(0));
if(var6 != null) {
ArrayList var7 = (ArrayList)this.values.get(var6);
if(var7 == null) {
var7 = new ArrayList();
this.values.put(var6, var7);
}
var7.add(((DERString)var5.getObjectAt(1)).getString());
}
}
}
}
public X509Name(String var1) {
String var6;
ArrayList var7;
for(PdfPKCS7.X509NameTokenizer var2 = new PdfPKCS7.X509NameTokenizer(var1); var2.hasMoreTokens(); var7.add(var6)) {
String var3 = var2.nextToken();
int var4 = var3.indexOf(61);
if(var4 == -1) {
throw new IllegalArgumentException("badly formated directory string");
}
String var5 = var3.substring(0, var4).toUpperCase();
var6 = var3.substring(var4 + 1);
var7 = (ArrayList)this.values.get(var5);
if(var7 == null) {
var7 = new ArrayList();
this.values.put(var5, var7);
}
}
}
public String getField(String var1) {
ArrayList var2 = (ArrayList)this.values.get(var1);
return var2 == null?null:(String)var2.get(0);
}
public ArrayList getFieldArray(String var1) {
ArrayList var2 = (ArrayList)this.values.get(var1);
return var2 == null?null:var2;
}
public HashMap getFields() {
return this.values;
}
public String toString() {
return this.values.toString();
}
static {
E = EmailAddress;
DC = new DERObjectIdentifier("0.9.2342.19200300.100.1.25");
UID = new DERObjectIdentifier("0.9.2342.19200300.100.1.1");
DefaultSymbols = new HashMap();
DefaultSymbols.put(C, "C");
DefaultSymbols.put(O, "O");
DefaultSymbols.put(T, "T");
DefaultSymbols.put(OU, "OU");
DefaultSymbols.put(CN, "CN");
DefaultSymbols.put(L, "L");
DefaultSymbols.put(ST, "ST");
DefaultSymbols.put(SN, "SN");
DefaultSymbols.put(EmailAddress, "E");
DefaultSymbols.put(DC, "DC");
DefaultSymbols.put(UID, "UID");
DefaultSymbols.put(SURNAME, "SURNAME");
DefaultSymbols.put(GIVENNAME, "GIVENNAME");
DefaultSymbols.put(INITIALS, "INITIALS");
DefaultSymbols.put(GENERATION, "GENERATION");
}
}
}