package com.rsa.cryptoj.o;

import com.rsa.jsafe.cert.Attribute;
import com.rsa.jsafe.cert.CertRequest;
import com.rsa.jsafe.cert.CertRequestException;
import com.rsa.jsafe.cert.ObjectID;
import com.rsa.jsafe.cert.ValidateParameters;
import com.rsa.jsafe.cert.ValidationFailedException;
import com.rsa.jsafe.cert.X509ExtensionRequestSpec;
import com.rsa.jsafe.cert.pkcs10.PKCS10ParameterSpec;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:META-INF/lib/cryptojcommon-6.0.0.jar:com/rsa/cryptoj/o/og.class */
public class og implements CertRequest {
    private static final int a = 0;
    private final gc b;
    private SecureRandom c;
    private byte[] d;
    private byte[] e;
    private X500Principal f;
    private im g;
    private ai h;
    private byte[] i;
    private X509ExtensionRequestSpec j;
    private String k;
    private List<Attribute> l;

    public og(gc gcVar, ByteBuffer byteBuffer) throws CertRequestException {
        this.b = gcVar;
        this.d = new byte[byteBuffer.remaining()];
        byteBuffer.get(this.d);
        byteBuffer.rewind();
        ir.c(byteBuffer);
        ByteBuffer a2 = ir.a(byteBuffer);
        this.e = new byte[a2.remaining()];
        a2.get(this.e);
        a();
    }

    private void a() throws CertRequestException {
        nj a2 = ir.a("CertificationRequest", this.d, 0);
        nj a3 = a2.a(0);
        if (((mx) a3.a(0)).e() != 0) {
            throw new CertRequestException("Unsupported PKCS #10 version.");
        }
        this.h = new ai(a2.a(1));
        this.i = ((ps) a2.a(2)).b();
        try {
            this.f = new X500Principal(ir.c(a3.a(1)));
            try {
                this.g = new im(a3.a(2), this.b, ak.a);
                a(a3.a(3));
            } catch (GeneralSecurityException e) {
                throw new CertRequestException("Request contains invalid public key: ", e);
            }
        } catch (IllegalArgumentException e2) {
            throw new CertRequestException("Invalid subject name.", e2.getCause());
        }
    }

    private void a(nj njVar) throws CertRequestException {
        int a2 = njVar.a();
        for (int i = 0; i < a2; i++) {
            nj a3 = njVar.a(i);
            if (a3.a(0).equals(ks.E.c())) {
                b(a3.a(1));
            } else if (a3.a(0).equals(ks.F.c())) {
                c(a3.a(1));
            } else {
                if (this.l == null) {
                    this.l = new ArrayList();
                }
                try {
                    cn cnVar = new cn(njVar.a(i), false);
                    this.l.add(new Attribute(new ObjectID(cnVar.c().c().toString()), cnVar.b()));
                } catch (ey e) {
                    throw new CertRequestException("Invalid attribute value encountered.");
                }
            }
        }
    }

    private void b(nj njVar) throws CertRequestException {
        if (this.k != null) {
            throw new CertRequestException("Request contained more than one challengePassword attribute.");
        }
        if (njVar.a() != 1) {
            throw new CertRequestException("PKCS #10 request contains invalid challengePassword, expected a single value.");
        }
        try {
            this.k = ir.a("DirectoryString", ((oo) njVar.a(0)).e()).toString();
        } catch (ey e) {
            throw new CertRequestException("PKCS #10 request contains invalid challengePassword value");
        }
    }

    private void c(nj njVar) throws CertRequestException {
        if (this.j != null) {
            throw new CertRequestException("Request contained more than one extensionRequest attribute.");
        }
        if (njVar.a() != 1) {
            throw new CertRequestException("PKCS #10 request contains invalid extensionRequest, expected a single value.");
        }
        try {
            this.j = dw.a(new lp(ir.a("Extensions", ((oo) njVar.a(0)).e()), 0));
        } catch (ey e) {
            throw new CertRequestException("PKCS #10 request contains invalid extensionRequest value");
        }
    }

    public og(gc gcVar, PKCS10ParameterSpec pKCS10ParameterSpec, PrivateKey privateKey) throws CertRequestException {
        this(gcVar, pKCS10ParameterSpec, privateKey, null);
    }

    public og(gc gcVar, PKCS10ParameterSpec pKCS10ParameterSpec, PrivateKey privateKey, SecureRandom secureRandom) throws CertRequestException {
        this.b = gcVar;
        c(pKCS10ParameterSpec);
        b(pKCS10ParameterSpec);
        a(secureRandom);
        a(pKCS10ParameterSpec);
        this.j = pKCS10ParameterSpec.getExtensions();
        this.k = pKCS10ParameterSpec.getChallengePassword();
        a(privateKey);
    }

    private void a(PKCS10ParameterSpec pKCS10ParameterSpec) throws CertRequestException {
        ks b = jn.b(pKCS10ParameterSpec.getSignAlg());
        if (b == null) {
            throw new CertRequestException("Unsupported signing algorithm.");
        }
        this.h = new ai(b);
    }

    private void a(SecureRandom secureRandom) {
        this.c = secureRandom;
    }

    private void b(PKCS10ParameterSpec pKCS10ParameterSpec) throws CertRequestException {
        try {
            this.g = new im(pKCS10ParameterSpec.getPublicKey(), this.b, ak.a);
        } catch (NoSuchAlgorithmException e) {
            throw new CertRequestException("Parameters contain invalid subject key.", e);
        } catch (InvalidKeySpecException e2) {
            throw new CertRequestException("Parameters contain invalid subject key.", e2);
        }
    }

    private void c(PKCS10ParameterSpec pKCS10ParameterSpec) {
        if (!pKCS10ParameterSpec.isSubjectSerialNumAutoGenEnabled() || ot.a(pKCS10ParameterSpec.getSubject(), ks.n)) {
            this.f = pKCS10ParameterSpec.getSubject();
        } else {
            this.f = ot.b(pKCS10ParameterSpec.getSubject());
        }
    }

    private void a(PrivateKey privateKey) throws CertRequestException {
        nj b = b();
        this.e = ir.c(b);
        b(privateKey);
        this.d = ir.c(ir.a("CertificationRequest", new Object[]{b, this.h.a(), ir.a((pp) eo.a, (Object) this.i)}));
    }

    private nj b() {
        return ir.a("CertificationRequestInfo", new Object[]{0, ir.a("Name", this.f.getEncoded(), 0), ir.a("SubjectPublicKeyInfo", this.g.a().getEncoded(), 0), c()});
    }

    private void b(PrivateKey privateKey) throws CertRequestException {
        try {
            k c = da.c(this.h.c(), this.b, ak.a);
            c.initSign(privateKey, this.c);
            c.update(this.e);
            this.i = c.sign();
        } catch (GeneralSecurityException e) {
            throw new CertRequestException("Could not sign request with given private key.", e);
        }
    }

    private Set<nj> c() {
        HashSet hashSet = new HashSet();
        if (this.k != null) {
            hashSet.add(e());
        }
        if (this.j != null) {
            hashSet.add(d());
        }
        if (this.l != null && !this.l.isEmpty()) {
            Iterator<Attribute> it = this.l.iterator();
            while (it.hasNext()) {
                hashSet.add(ir.a("Attribute", it.next().getEncoded(), 0));
            }
        }
        return hashSet;
    }

    private nj d() {
        return ir.a("Attribute", new Object[]{ks.F.c(), new Object[]{dw.a(this.j)}});
    }

    private nj e() {
        return ir.a("Attribute", new Object[]{ks.E.c(), new Object[]{ir.a(om.o, this.k)}});
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public byte[] getEncoded() {
        return nd.a(this.d);
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public AlgorithmParameterSpec getParameters() {
        return this.l != null ? this.k != null ? this.j != null ? new PKCS10ParameterSpec(this.f, this.g.a(), this.h.c(), false, this.j, this.k, this.l) : new PKCS10ParameterSpec(this.f, this.g.a(), this.h.c(), false, this.k, this.l) : this.j != null ? new PKCS10ParameterSpec(this.f, this.g.a(), this.h.c(), false, this.j, this.l) : new PKCS10ParameterSpec(this.f, this.g.a(), this.h.c(), false, this.l) : this.k != null ? this.j != null ? new PKCS10ParameterSpec(this.f, this.g.a(), this.h.c(), false, this.j, this.k) : new PKCS10ParameterSpec(this.f, this.g.a(), this.h.c(), false, this.k) : this.j != null ? new PKCS10ParameterSpec(this.f, this.g.a(), this.h.c(), false, this.j) : new PKCS10ParameterSpec(this.f, this.g.a(), this.h.c(), false);
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public X500Principal getSubject() {
        return this.f;
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public PublicKey getSubjectPublicKey() {
        return this.g.a();
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public String getType() {
        return "PKCS10";
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public void validateRequest() throws NoSuchAlgorithmException, ValidationFailedException {
        String c = this.h.c();
        if (c == null) {
            throw new NoSuchAlgorithmException("Signature algorithm specified in PKCS #10 is not supported.");
        }
        try {
            k c2 = da.c(c, this.b, ak.a);
            c2.initVerify(this.g.a());
            c2.update(this.e);
            if (c2.verify(this.i)) {
            } else {
                throw new SignatureException("Certificate request validation failed!");
            }
        } catch (GeneralSecurityException e) {
            throw new ValidationFailedException("Signature did not verify.", e);
        }
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public void validateRequest(ValidateParameters validateParameters) {
        throw new UnsupportedOperationException("Validation parameters cannot be used for validating a PKCS #10 request.");
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("PKCS10 Request: [").append(hn.a);
        stringBuffer.append("Version: ").append(0).append(hn.a);
        stringBuffer.append("Subject: ").append(this.f).append(hn.a);
        stringBuffer.append("SubjectPKInfo: ").append(this.g).append(hn.a);
        stringBuffer.append("Attributes: [").append(hn.a);
        if (this.k != null) {
            stringBuffer.append(hn.b).append("ChallengePassword (").append(ks.E.toString()).append("): ");
            stringBuffer.append(this.k).append(hn.a);
        }
        if (this.j != null) {
            stringBuffer.append(hn.b).append(this.j);
        }
        if (this.l != null) {
            Iterator<Attribute> it = this.l.iterator();
            while (it.hasNext()) {
                stringBuffer.append(hn.b).append(it.next()).append(hn.a);
            }
        }
        stringBuffer.append("]").append(hn.a);
        return stringBuffer.toString();
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public boolean equals(Object obj) {
        if (obj instanceof og) {
            return Arrays.equals(this.d, ((og) obj).getEncoded());
        }
        return false;
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public int hashCode() {
        return gz.a(7, this.d);
    }
}
