// 
// Decompiled by Procyon v0.6.0
// 

package org.bouncycastle.cert.cmp;

import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.operator.ContentVerifier;
import org.bouncycastle.operator.MacCalculator;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.operator.PBEMacCalculatorProvider;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.asn1.cmp.CMPCertificate;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.cmp.CMPObjectIdentifiers;
import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIMessage;

public class ProtectedPKIMessage
{
    private PKIMessage pkiMessage;
    
    public ProtectedPKIMessage(final GeneralPKIMessage generalPKIMessage) {
        if (!generalPKIMessage.hasProtection()) {
            throw new IllegalArgumentException("PKIMessage not protected");
        }
        this.pkiMessage = generalPKIMessage.toASN1Structure();
    }
    
    ProtectedPKIMessage(final PKIMessage pkiMessage) {
        if (pkiMessage.getHeader().getProtectionAlg() == null) {
            throw new IllegalArgumentException("PKIMessage not protected");
        }
        this.pkiMessage = pkiMessage;
    }
    
    public PKIHeader getHeader() {
        return this.pkiMessage.getHeader();
    }
    
    public PKIBody getBody() {
        return this.pkiMessage.getBody();
    }
    
    public PKIMessage toASN1Structure() {
        return this.pkiMessage;
    }
    
    public boolean hasPasswordBasedMacProtection() {
        return CMPObjectIdentifiers.passwordBasedMac.equals(this.getProtectionAlgorithm().getAlgorithm());
    }
    
    public AlgorithmIdentifier getProtectionAlgorithm() {
        return this.pkiMessage.getHeader().getProtectionAlg();
    }
    
    public X509CertificateHolder[] getCertificates() {
        final CMPCertificate[] extraCerts = this.pkiMessage.getExtraCerts();
        if (extraCerts == null) {
            return new X509CertificateHolder[0];
        }
        final X509CertificateHolder[] array = new X509CertificateHolder[extraCerts.length];
        for (int i = 0; i != extraCerts.length; ++i) {
            array[i] = new X509CertificateHolder(extraCerts[i].getX509v3PKCert());
        }
        return array;
    }
    
    public boolean verify(final ContentVerifierProvider contentVerifierProvider) throws CMPException {
        try {
            return this.verifySignature(this.pkiMessage.getProtection().getOctets(), contentVerifierProvider.get(this.getProtectionAlgorithm()));
        }
        catch (final Exception ex) {
            throw new CMPException("unable to verify signature: " + ex.getMessage(), ex);
        }
    }
    
    public boolean verify(final PBEMacCalculatorProvider pbeMacCalculatorProvider, final char[] array) throws CMPException {
        try {
            final MacCalculator value = pbeMacCalculatorProvider.get(this.getProtectionAlgorithm(), array);
            CMPUtil.derEncodeToStream(this.createProtected(), value.getOutputStream());
            return Arrays.constantTimeAreEqual(value.getMac(), this.pkiMessage.getProtection().getOctets());
        }
        catch (final Exception ex) {
            throw new CMPException("unable to verify MAC: " + ex.getMessage(), ex);
        }
    }
    
    private boolean verifySignature(final byte[] array, final ContentVerifier contentVerifier) {
        CMPUtil.derEncodeToStream(this.createProtected(), contentVerifier.getOutputStream());
        return contentVerifier.verify(array);
    }
    
    private DERSequence createProtected() {
        return new DERSequence(this.pkiMessage.getHeader(), this.pkiMessage.getBody());
    }
}