package com.rsa.cryptoj.o;

import com.rsa.jsafe.cert.CertRequestException;
import com.rsa.jsafe.cert.GeneralName;
import com.rsa.jsafe.cert.ObjectID;
import com.rsa.jsafe.cert.crmf.ArchiveEncryptedKey;
import com.rsa.jsafe.cert.crmf.ArchiveEncryptedKeyLegacy;
import com.rsa.jsafe.cert.crmf.ArchiveFromParameters;
import com.rsa.jsafe.cert.crmf.ArchiveGeneratedPrivKey;
import com.rsa.jsafe.cert.crmf.ArchiveOptions;
import com.rsa.jsafe.cert.crmf.CertTemplateSpec;
import com.rsa.jsafe.cert.crmf.ControlsSpec;
import com.rsa.jsafe.cert.crmf.EncryptedValue;
import com.rsa.jsafe.cert.crmf.RegInfoSpec;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:META-INF/lib/cryptojcommon-6.0.0.jar:com/rsa/cryptoj/o/cu.class */
public class cu {
    private static final Date a = new Date(2524608000000L);
    private static final Pattern b = Pattern.compile("([^0-9]([^?%]|%3f|%25)*)\\?(([^?%]|%3f|%25)*)%");
    private static final ControlsSpec.PubMethod[] c = {ControlsSpec.PubMethod.DONT_CARE, ControlsSpec.PubMethod.X500, ControlsSpec.PubMethod.WEB, ControlsSpec.PubMethod.LDAP};
    private static final Map<pt, a> d = b();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:META-INF/lib/cryptojcommon-6.0.0.jar:com/rsa/cryptoj/o/cu$a.class */
    public interface a {
        void a(oo ooVar, ControlsSpec controlsSpec, gc gcVar) throws CertRequestException;
    }

    private static String b(String str) {
        return str.replaceAll("%3f", "?").replaceAll("%25", "%");
    }

    public static Map<String, String> a(String str) throws CertRequestException {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        Matcher matcher = b.matcher(str);
        int i = -1;
        while (matcher.lookingAt()) {
            linkedHashMap.put(b(matcher.group(1)), b(matcher.group(3)));
            i = matcher.end();
            matcher.region(i, str.length());
        }
        if (i != str.length()) {
            throw new CertRequestException("RegInfo utf8pairs attribute contained invalidly formatted data.");
        }
        return linkedHashMap;
    }

    private static Map<pt, a> b() {
        HashMap hashMap = new HashMap();
        hashMap.put(ks.H.c(), new a() { // from class: com.rsa.cryptoj.o.cu.3
            @Override // com.rsa.cryptoj.o.cu.a
            public void a(oo ooVar, ControlsSpec controlsSpec, gc gcVar) throws CertRequestException {
                try {
                    controlsSpec.setRegistrationToken(ir.a((pp) om.o, ooVar.e()).toString());
                } catch (ey e) {
                    throw new CertRequestException("Could not decode CRMF Registration Token Control");
                }
            }
        });
        hashMap.put(ks.I.c(), new a() { // from class: com.rsa.cryptoj.o.cu.4
            @Override // com.rsa.cryptoj.o.cu.a
            public void a(oo ooVar, ControlsSpec controlsSpec, gc gcVar) throws CertRequestException {
                try {
                    controlsSpec.setAuthenticator(ir.a((pp) om.o, ooVar.e()).toString());
                } catch (ey e) {
                    throw new CertRequestException("Could not decode CRMF Authenticator Control");
                }
            }
        });
        hashMap.put(ks.J.c(), new a() { // from class: com.rsa.cryptoj.o.cu.5
            @Override // com.rsa.cryptoj.o.cu.a
            public void a(oo ooVar, ControlsSpec controlsSpec, gc gcVar) throws CertRequestException {
                try {
                    nj a2 = ir.a("PKIPublicationInfo", ooVar.e());
                    mx mxVar = (mx) a2.a(0);
                    if (mxVar.e() == 0) {
                        controlsSpec.setPublicationInformation(false, null);
                    } else {
                        if (mxVar.e() != 1) {
                            throw new CertRequestException("Invalid CRMF Publication Information Control encoding.");
                        }
                        ArrayList arrayList = null;
                        nj a3 = a2.a(1);
                        if (a3 != null) {
                            arrayList = new ArrayList();
                            for (int i = 0; i < a3.a(); i++) {
                                nj a4 = a3.a(i);
                                mx mxVar2 = (mx) a4.a(0);
                                nj a5 = a4.a(1);
                                int e = mxVar2.e();
                                if (e < 0 || e >= ControlsSpec.PubMethod.values().length) {
                                    throw new CertRequestException("Invalid CRMF Publication Information Control encoding.");
                                }
                                if (a5 == null) {
                                    arrayList.add(new ControlsSpec.SinglePubInfo(cu.c[e]));
                                } else {
                                    arrayList.add(new ControlsSpec.SinglePubInfo(cu.c[e], new GeneralName(ir.c(a5))));
                                }
                            }
                        }
                        controlsSpec.setPublicationInformation(true, arrayList);
                    }
                } catch (ey e2) {
                    throw new CertRequestException("Could not decode CRMF Publication Information Control");
                }
            }
        });
        hashMap.put(ks.K.c(), new a() { // from class: com.rsa.cryptoj.o.cu.6
            @Override // com.rsa.cryptoj.o.cu.a
            public void a(oo ooVar, ControlsSpec controlsSpec, gc gcVar) throws CertRequestException {
                try {
                    ByteBuffer j = ooVar.j();
                    nj a2 = ir.a("PKIArchiveOptions", j);
                    int f = ir.f(a2.g().d());
                    if (f == 0) {
                        if (ir.f(a2.g().g()) == 0) {
                            j.rewind();
                            ir.c(j);
                            ByteBuffer allocate = ByteBuffer.allocate(j.remaining());
                            ir.c(j);
                            ir.a(true, 16, j.remaining(), allocate);
                            allocate.put(j);
                            allocate.rewind();
                            byte[] bArr = new byte[allocate.remaining()];
                            allocate.get(bArr);
                            controlsSpec.setArchiveOptions(new ArchiveEncryptedKey(bArr));
                        } else {
                            controlsSpec.setArchiveOptions(new ArchiveEncryptedKeyLegacy(cu.a(a2)));
                        }
                    } else if (f == 1) {
                        controlsSpec.setArchiveOptions(new ArchiveFromParameters(((mw) a2).d()));
                    } else {
                        controlsSpec.setArchiveOptions(new ArchiveGeneratedPrivKey(((kq) a2).b()));
                    }
                } catch (ey e) {
                    throw new CertRequestException("Could not decode CRMF Archive Control.");
                }
            }
        });
        hashMap.put(ks.L.c(), new a() { // from class: com.rsa.cryptoj.o.cu.1
            @Override // com.rsa.cryptoj.o.cu.a
            public void a(oo ooVar, ControlsSpec controlsSpec, gc gcVar) throws CertRequestException {
                try {
                    nj a2 = ir.a("CertId", ooVar.j());
                    controlsSpec.setOldCertID(new GeneralName(ir.c(a2.a(0))), ((mx) a2.a(1)).b());
                } catch (ey e) {
                    throw new CertRequestException("Could not decode CRMF OldCert ID Control");
                }
            }
        });
        hashMap.put(ks.M.c(), new a() { // from class: com.rsa.cryptoj.o.cu.2
            @Override // com.rsa.cryptoj.o.cu.a
            public void a(oo ooVar, ControlsSpec controlsSpec, gc gcVar) throws CertRequestException {
                try {
                    controlsSpec.setProtocolEncryptionKey(new im(ir.a("SubjectPublicKeyInfo", ooVar.j()), gcVar, ak.a).a());
                } catch (ey e) {
                    throw new CertRequestException("Could not decode CRMF Protocol Encryption Key Control");
                } catch (GeneralSecurityException e2) {
                    throw new CertRequestException("Could not construct Protocol Encryption Key Control", e2);
                }
            }
        });
        return hashMap;
    }

    public static CertTemplateSpec a(nj njVar, gc gcVar) throws CertRequestException {
        CertTemplateSpec certTemplateSpec = new CertTemplateSpec();
        nj a2 = njVar.a(3);
        if (a2 != null) {
            certTemplateSpec.setIssuer(new X500Principal(ir.a(ir.a("RDNSequence", ((qi) a2).b()))));
        }
        nj a3 = njVar.a(4);
        if (a3 != null) {
            kp kpVar = (kp) a3.a(0);
            kp kpVar2 = (kp) a3.a(1);
            certTemplateSpec.setValidity(kpVar == null ? null : kpVar.d(), kpVar2 == null ? null : kpVar2.d());
        }
        nj a4 = njVar.a(5);
        if (a4 != null) {
            certTemplateSpec.setSubject(new X500Principal(ir.a(ir.a("RDNSequence", ((qi) a4).b()))), false);
        }
        nj a5 = njVar.a(6);
        if (a5 != null) {
            pp b2 = bn.a.b("SubjectPublicKeyInfo");
            try {
                certTemplateSpec.setPublicKey(new im(ir.a(b2.f(ir.c(6)), ((oo) a5).j()).e(b2.h()), gcVar, ak.a).a());
            } catch (GeneralSecurityException e) {
                throw new CertRequestException("Request contains unrecognized public key.", e);
            }
        }
        nj a6 = njVar.a(9);
        if (a6 != null) {
            certTemplateSpec.setExtensions(dw.a(new lp(a6, 0)));
        }
        return certTemplateSpec;
    }

    public static RegInfoSpec b(nj njVar, gc gcVar) throws CertRequestException {
        RegInfoSpec regInfoSpec = new RegInfoSpec();
        for (int i = 0; i < njVar.a(); i++) {
            nj a2 = njVar.a(i);
            nj a3 = a2.a(0);
            oo ooVar = (oo) a2.a(1);
            if (a3.equals(ks.N.c())) {
                regInfoSpec.setNameValuePairs(a(ir.a((pp) om.o, ooVar.j()).toString()));
            } else if (a3.equals(ks.O.c())) {
                nj a4 = ir.a("CertRequest", ooVar.d(), 0);
                BigInteger b2 = ((mx) a4.a(0)).b();
                CertTemplateSpec a5 = a(a4.a(1), gcVar);
                nj a6 = a4.a(2);
                regInfoSpec.setCertRequest(b2, a5, a6 != null ? c(a6, gcVar) : null);
            } else {
                regInfoSpec.addOtherRegInfo(ir.c(a2));
            }
        }
        return regInfoSpec;
    }

    public static ControlsSpec c(nj njVar, gc gcVar) throws CertRequestException {
        ControlsSpec controlsSpec = new ControlsSpec();
        for (int i = 0; i < njVar.a(); i++) {
            nj a2 = njVar.a(i);
            a aVar = d.get(a2.a(0));
            if (aVar == null) {
                controlsSpec.addControl(ir.c(a2));
            } else {
                aVar.a((oo) a2.a(1), controlsSpec, gcVar);
            }
        }
        return controlsSpec;
    }

    public static EncryptedValue a(nj njVar) {
        EncryptedValue encryptedValue = new EncryptedValue();
        nj a2 = njVar.a(0);
        nj a3 = njVar.a(1);
        nj a4 = njVar.a(2);
        nj a5 = njVar.a(3);
        nj a6 = njVar.a(4);
        encryptedValue.setEncryptedValue(((ps) njVar.a(5)).b());
        if (a2 != null) {
            pt ptVar = (pt) a2.a(0);
            oo ooVar = (oo) a2.a(1);
            encryptedValue.setIntendedAlg(new ObjectID(ptVar.d()), ooVar == null ? null : ooVar.d());
        }
        if (a3 != null) {
            pt ptVar2 = (pt) a3.a(0);
            oo ooVar2 = (oo) a3.a(1);
            encryptedValue.setSymmetricAlg(new ObjectID(ptVar2.d()), ooVar2 == null ? null : ooVar2.d());
        }
        if (a4 != null) {
            encryptedValue.setEncryptedSymmetricKey(((ps) a4).b());
        }
        if (a5 != null) {
            pt ptVar3 = (pt) a5.a(0);
            oo ooVar3 = (oo) a5.a(1);
            encryptedValue.setKeyAlg(new ObjectID(ptVar3.d()), ooVar3 == null ? null : ooVar3.d());
        }
        if (a6 != null) {
            encryptedValue.setValueHint(((mw) a6).d());
        }
        return encryptedValue;
    }

    public static nj a(ControlsSpec controlsSpec) throws CertRequestException {
        ArrayList arrayList = new ArrayList();
        if (controlsSpec.getRegistrationToken() != null) {
            arrayList.add(a(ks.H, ir.a(om.o, controlsSpec.getRegistrationToken())));
        }
        if (controlsSpec.getAuthenticator() != null) {
            arrayList.add(a(ks.I, ir.a(om.o, controlsSpec.getAuthenticator())));
        }
        if (controlsSpec.isPublicationInformationSpecified()) {
            List<ControlsSpec.SinglePubInfo> publicationInfos = controlsSpec.getPublicationInfos();
            Object[] objArr = null;
            if (publicationInfos != null) {
                objArr = new Object[publicationInfos.size()];
                for (int i = 0; i < publicationInfos.size(); i++) {
                    ControlsSpec.SinglePubInfo singlePubInfo = publicationInfos.get(i);
                    GeneralName pubLocation = singlePubInfo.getPubLocation();
                    nj a2 = pubLocation == null ? null : ir.a("GeneralName", pubLocation.getEncoded(), 0);
                    Object[] objArr2 = new Object[2];
                    objArr2[0] = Integer.valueOf(singlePubInfo.getPubMethod().id());
                    objArr2[1] = a2;
                    objArr[i] = objArr2;
                }
            }
            Object[] objArr3 = new Object[2];
            objArr3[0] = Integer.valueOf(controlsSpec.getPublicationInformationAction() ? 1 : 0);
            objArr3[1] = objArr;
            arrayList.add(a(ks.J, ir.a("PKIPublicationInfo", objArr3)));
        }
        ArchiveOptions archiveOptions = controlsSpec.getArchiveOptions();
        if (archiveOptions != null) {
            arrayList.add(a(ks.K, a(archiveOptions)));
        }
        if (controlsSpec.getOldCertIDSerialNumber() != null) {
            arrayList.add(a(ks.L, ir.a("CertId", new Object[]{ir.a("GeneralName", controlsSpec.getOldCertIDIssuer().getEncoded(), 0), controlsSpec.getOldCertIDSerialNumber()})));
        }
        PublicKey protocolEncryptionKey = controlsSpec.getProtocolEncryptionKey();
        if (protocolEncryptionKey != null) {
            arrayList.add(a(ks.M, ir.a("SubjectPublicKeyInfo", protocolEncryptionKey.getEncoded(), 0)));
        }
        List<byte[]> otherControls = controlsSpec.getOtherControls();
        if (otherControls != null) {
            Iterator<byte[]> it = otherControls.iterator();
            while (it.hasNext()) {
                arrayList.add(ir.a("AttributeTypeAndValue", it.next(), 0));
            }
        }
        return ir.a("Controls", arrayList);
    }

    public static nj a(EncryptedValue encryptedValue) {
        Object[] objArr = new Object[6];
        objArr[0] = encryptedValue.getIntendedAlgObjectID() == null ? null : a(encryptedValue.getIntendedAlgObjectID().toString(), encryptedValue.getIntendedAlgParams()).e(ir.c(0));
        objArr[1] = encryptedValue.getSymmetricAlgObjectID() == null ? null : a(encryptedValue.getSymmetricAlgObjectID().toString(), encryptedValue.getSymmetricAlgParams()).e(ir.c(1));
        objArr[2] = encryptedValue.getEncryptedSymmKey();
        objArr[3] = encryptedValue.getKeyAlgObjectID() == null ? null : a(encryptedValue.getKeyAlgObjectID().toString(), encryptedValue.getKeyAlgParams()).e(ir.c(3));
        objArr[4] = encryptedValue.getValueHint();
        objArr[5] = encryptedValue.getEncryptedValue();
        return ir.a("EncryptedValue", objArr);
    }

    public static nj a(RegInfoSpec regInfoSpec) throws CertRequestException {
        ArrayList arrayList = new ArrayList();
        Map<String, String> nameValuePairs = regInfoSpec.getNameValuePairs();
        if (nameValuePairs != null) {
            arrayList.add(a(ks.N, ir.a(om.o, a(nameValuePairs))));
        }
        if (regInfoSpec.getCertRequestID() != null) {
            ControlsSpec certRequestControls = regInfoSpec.getCertRequestControls();
            Object[] objArr = new Object[3];
            objArr[0] = regInfoSpec.getCertRequestID();
            objArr[1] = a(regInfoSpec.getCertRequestTemplate());
            objArr[2] = certRequestControls == null ? null : a(certRequestControls);
            arrayList.add(a(ks.O, ir.a("CertRequest", objArr)));
        }
        List<byte[]> otherRegInfos = regInfoSpec.getOtherRegInfos();
        if (otherRegInfos != null) {
            Iterator<byte[]> it = otherRegInfos.iterator();
            while (it.hasNext()) {
                arrayList.add(ir.a("AttributeTypeAndValue", it.next(), 0));
            }
        }
        return ir.a("Controls", arrayList);
    }

    public static nj a(CertTemplateSpec certTemplateSpec) {
        nj njVar = null;
        nj njVar2 = null;
        nj njVar3 = null;
        nj njVar4 = null;
        nj njVar5 = null;
        if (certTemplateSpec.getIssuer() != null) {
            njVar = ir.a("RDNSequence", certTemplateSpec.getIssuer().getEncoded(), 0).d(ir.c(3));
        }
        if (certTemplateSpec.getSubject() != null) {
            njVar3 = ir.a("RDNSequence", certTemplateSpec.getSubject().getEncoded(), 0).d(ir.c(5));
        }
        if (certTemplateSpec.getPublicKey() != null) {
            njVar4 = ir.a("SubjectPublicKeyInfo", certTemplateSpec.getPublicKey().getEncoded(), 0).e(ir.c(6));
        }
        if (certTemplateSpec.getExtensionSpec() != null) {
            njVar5 = dw.a(certTemplateSpec.getExtensionSpec()).e(ir.c(9));
        }
        Date notBefore = certTemplateSpec.getNotBefore();
        Date notAfter = certTemplateSpec.getNotAfter();
        if (notBefore != null || notAfter != null) {
            Object[] objArr = new Object[2];
            objArr[0] = notBefore == null ? null : a(notBefore);
            objArr[1] = notAfter == null ? null : a(notAfter);
            njVar2 = ir.a("OptionalValidity", objArr).e(ir.c(4));
        }
        return ir.a("CertTemplate", new Object[]{null, null, null, njVar, njVar2, njVar3, njVar4, null, null, njVar5});
    }

    private static nj a(ks ksVar, nj njVar) {
        return ir.a("AttributeTypeAndValue", new Object[]{ksVar.c(), njVar});
    }

    private static nj a(ArchiveOptions archiveOptions) throws CertRequestException {
        if (archiveOptions instanceof ArchiveEncryptedKey) {
            return ir.a("PKIArchiveOptions", ir.a("EnvelopedData", ((ArchiveEncryptedKey) archiveOptions).getEncodedEnvelopedKey(), 0).e(ir.c(0)).d(ir.c(0)));
        }
        if (archiveOptions instanceof ArchiveEncryptedKeyLegacy) {
            return ir.a("PKIArchiveOptions", a(((ArchiveEncryptedKeyLegacy) archiveOptions).getEncryptedValue()).d(ir.c(0)));
        }
        if (archiveOptions instanceof ArchiveFromParameters) {
            return ir.a("PKIArchiveOptions", new mw(((ArchiveFromParameters) archiveOptions).getKeyGenParameters()).e(ir.c(1)));
        }
        if (archiveOptions instanceof ArchiveGeneratedPrivKey) {
            return ir.a("PKIArchiveOptions", new kq(((ArchiveGeneratedPrivKey) archiveOptions).isArchiveEnabled()).e(ir.c(2)));
        }
        throw new CertRequestException("Invalid ArchiveOptions object.");
    }

    private static nj a(String str, byte[] bArr) {
        Object[] objArr = new Object[2];
        objArr[0] = str;
        objArr[1] = bArr != null ? ir.a(mt.a, bArr, 0) : null;
        return ir.a("AlgorithmIdentifier", objArr);
    }

    private static String a(Map<String, String> map) {
        StringBuffer stringBuffer = new StringBuffer();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            stringBuffer.append(c(entry.getKey())).append("?");
            stringBuffer.append(c(entry.getValue())).append("%");
        }
        return stringBuffer.toString();
    }

    private static String c(String str) {
        return str.replaceAll("\\?", "\\%3f").replaceAll("\\%", "\\%25");
    }

    private static nj a(Date date) {
        return date.before(a) ? ir.a(fj.a, date) : ir.a(qj.a, date);
    }
}
