package com.rsa.cryptoj.o;

import com.rsa.jsafe.cert.cmp.CMPException;
import com.rsa.jsafe.cert.cmp.CMPInvalidRequestException;
import com.rsa.jsafe.cert.cmp.CMPInvalidResponseException;
import com.rsa.jsafe.cert.cmp.CMPMessage;
import com.rsa.jsafe.cert.cmp.CMPRequestMessage;
import com.rsa.jsafe.cert.cmp.CMPResponseMessage;
import com.rsa.jsafe.cert.cmp.CMPServerConfig;
import com.rsa.jsafe.cert.cmp.MACProtection;
import com.rsa.jsafe.cert.cmp.MessageProtection;
import com.rsa.jsafe.cert.cmp.SignatureProtection;
import java.nio.ByteBuffer;
import java.security.InvalidParameterException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.List;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/rsa/cryptoj/o/qd.class */
public abstract class qd implements kx {
    static final int a = 0;
    static final int b = 2;
    static final int c = 7;
    static final int d = 24;
    static final int e = 1;
    static final int f = 3;
    static final int g = 8;
    static final int h = 12;
    static final int i = 19;
    static final int j = 23;
    private static final int o = 16;
    private static final String p = "PBMHmacSHA1";
    static final String k = "Error signing request.";
    private static final nj q = ir.a("Name", new byte[]{48, 0}, 0).d(ir.c(4));
    private nj r;
    private nj s;
    private byte[] t;
    private byte[] u;
    private byte[] v;
    private byte[] w;
    private byte[] x;
    private List<String> y;
    private List<nj> z;
    private List<nj> A;
    private he B;
    SecureRandom l;
    gc m;
    byte[] n;

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(gc gcVar) {
        this.m = gcVar;
    }

    @Override // com.rsa.cryptoj.o.kx
    public void a(CMPRequestMessage cMPRequestMessage, MessageProtection messageProtection, SecureRandom secureRandom) {
        this.l = secureRandom;
        a(messageProtection);
        b(cMPRequestMessage);
        a(cMPRequestMessage);
        g();
    }

    private void b(CMPRequestMessage cMPRequestMessage) {
        try {
            if (cMPRequestMessage.getSender() == null) {
                this.r = q;
            } else {
                this.r = ir.a("GeneralName", cMPRequestMessage.getSender().getEncoded(), 0);
            }
            if (cMPRequestMessage.getRecipient() == null) {
                this.s = q;
            } else {
                this.s = ir.a("GeneralName", cMPRequestMessage.getRecipient().getEncoded(), 0);
            }
            this.t = cMPRequestMessage.getSenderKeyID();
            this.u = cMPRequestMessage.getRecipientKeyID();
            this.v = cMPRequestMessage.getTransactionID();
            this.x = cMPRequestMessage.getRecipientNonce();
            this.w = cMPRequestMessage.getSenderNonce();
            if (this.w == null) {
                e();
            }
            this.y = cMPRequestMessage.getFreeText();
            List<byte[]> generalInfo = cMPRequestMessage.getGeneralInfo();
            if (generalInfo != null) {
                this.z = new ArrayList();
                Iterator<byte[]> it = generalInfo.iterator();
                while (it.hasNext()) {
                    this.z.add(ir.a("InfoTypeAndValue", it.next(), 0));
                }
            }
            List<Certificate> extraCertificates = cMPRequestMessage.getExtraCertificates();
            if (extraCertificates != null) {
                this.A = new ArrayList();
                Iterator<Certificate> it2 = extraCertificates.iterator();
                while (it2.hasNext()) {
                    this.A.add(ir.a(mt.a, it2.next().getEncoded(), 0));
                }
            }
        } catch (ey e2) {
            throw new CMPInvalidRequestException("Invalid message contents.");
        } catch (CertificateEncodingException e3) {
            throw new CMPInvalidRequestException("Invalid message contents.");
        }
    }

    private void e() {
        this.w = new byte[16];
        if (this.l == null) {
            ov.a(this.m).nextBytes(this.w);
        } else {
            this.l.nextBytes(this.w);
        }
    }

    abstract boolean c();

    abstract boolean d();

    private void a(MessageProtection messageProtection) {
        if (messageProtection == null) {
            return;
        }
        if (messageProtection instanceof MACProtection) {
            if (!c()) {
                throw new InvalidParameterException("MAC protection is not allowable for specified message type.");
            }
            a((MACProtection) messageProtection);
        } else {
            if (!(messageProtection instanceof SignatureProtection)) {
                throw new InvalidParameterException("Invalid protection config.");
            }
            if (!d()) {
                throw new InvalidParameterException("Signature protection is not allowable for specified message type.");
            }
            a((SignatureProtection) messageProtection);
        }
    }

    private void a(MACProtection mACProtection) {
        if (!mACProtection.getAlgorithm().equalsIgnoreCase("PBMHmacSHA1")) {
            throw new InvalidParameterException("Unsupported Shared Secret protection algorithm.");
        }
        this.B = new dn(this, mACProtection.getAlgorithm(), f(), mACProtection.getSharedSecret());
    }

    private void a(SignatureProtection signatureProtection) {
        this.B = new kn(this, signatureProtection.getAlgorithm(), signatureProtection.getSigningKey(), signatureProtection.getRecipientCert().getPublicKey());
    }

    private byte[] f() {
        byte[] bArr = new byte[20];
        if (this.l == null) {
            ov.a(this.m).nextBytes(bArr);
        } else {
            this.l.nextBytes(bArr);
        }
        return bArr;
    }

    private void g() {
        Object[] objArr = new Object[12];
        objArr[0] = 2;
        objArr[1] = this.r;
        objArr[2] = this.s;
        objArr[3] = new Date();
        objArr[4] = this.B == null ? null : this.B.a().d(ir.c(1));
        objArr[5] = this.t;
        objArr[6] = this.u;
        objArr[7] = this.v;
        objArr[8] = this.w;
        objArr[9] = this.x;
        objArr[10] = this.y;
        objArr[11] = this.z;
        nj a2 = ir.a("PKIHeader", objArr);
        nj a3 = a();
        nj a4 = ir.a("ProtectedPart", new Object[]{a2, a3});
        byte[] bArr = null;
        if (this.B != null) {
            bArr = this.B.a(ir.a(a4));
        }
        this.n = ir.a(ir.a("PKIMessage", new Object[]{a2, a3, bArr, this.A}));
    }

    abstract nj a();

    abstract void a(CMPRequestMessage cMPRequestMessage);

    @Override // com.rsa.cryptoj.o.kx
    public final CMPResponseMessage a(CMPServerConfig cMPServerConfig) {
        try {
            return a(cq.a(cMPServerConfig).a(this.n));
        } catch (CMPException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new CMPException(e3);
        }
    }

    abstract int b();

    private CMPResponseMessage a(byte[] bArr) {
        try {
            nj a2 = ir.a("PKIMessage", bArr, 0);
            int f2 = ir.f(a2.a(1).g().d());
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            ir.c(wrap);
            ByteBuffer a3 = ir.a(wrap);
            byte[] bArr2 = new byte[a3.remaining()];
            a3.get(bArr2);
            ByteBuffer a4 = ir.a(wrap);
            byte[] bArr3 = new byte[a4.remaining()];
            a4.get(bArr3);
            nh a5 = a(a2, f2, ir.c(ir.a("ProtectedPartSimple", new Object[]{ir.a(mt.a, bArr2, 0), ir.a(mt.a, bArr3, 0)})));
            a5.a(this.B);
            b(a5);
            if (a5.getMessageType() == CMPMessage.Type.ERROR_MESSAGE) {
                return a5;
            }
            a(a5);
            return a5;
        } catch (ey e2) {
            throw new CMPInvalidResponseException("Invalid response encoding", e2);
        }
    }

    private void b(CMPResponseMessage cMPResponseMessage) {
        if (this.v != null && !Arrays.equals(this.v, ((nh) cMPResponseMessage).a)) {
            throw new CMPInvalidResponseException("Transaction ID in response did not match transaction ID in request.");
        }
        if (!Arrays.equals(this.w, ((nh) cMPResponseMessage).b)) {
            throw new CMPInvalidResponseException("Sender nonce in request did not match recipient nonce in response.");
        }
    }

    abstract void a(CMPResponseMessage cMPResponseMessage);

    private nh a(nj njVar, int i2, byte[] bArr) {
        if (i2 == b() || i2 == 23) {
            switch (i2) {
                case 1:
                case 3:
                case 8:
                    return new cb(this.m, njVar, i2, bArr);
                case 12:
                    return new hc(this.m, njVar, bArr);
                case 19:
                    return new hw(this.m, njVar, bArr);
                case 23:
                    return new ig(this.m, njVar, bArr);
            }
        }
        throw new CMPInvalidResponseException("Response was unexpected message type.");
    }
}
