package iaik.x509;

import iaik.asn1.ASN;
import iaik.asn1.ASN1;
import iaik.asn1.ASN1Object;
import iaik.asn1.BIT_STRING;
import iaik.asn1.CodingException;
import iaik.asn1.DerCoder;
import iaik.asn1.IA5String;
import iaik.asn1.SEQUENCE;
import iaik.asn1.structures.AlgorithmID;
import iaik.pkcs.pkcs10.CertRequest;
import iaik.security.provider.IAIK;
import iaik.utils.IaikSecurity;
import iaik.utils.Util;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.io.Serializable;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;

/* loaded from: input_file:iaik/x509/NetscapeCertRequest.class */
public class NetscapeCertRequest implements CertRequest, Serializable {
    private static final long serialVersionUID = 4398154537985923477L;
    private ASN1 a;
    private PublicKey b;
    private AlgorithmID c;
    private byte[] d;
    private IA5String e;
    private boolean f;
    private byte[] g;

    public NetscapeCertRequest(InputStream inputStream) throws IOException, CodingException {
        this.a = new ASN1(inputStream);
        d();
    }

    public NetscapeCertRequest(byte[] bArr) throws CodingException {
        this.a = new ASN1(bArr);
        d();
    }

    public NetscapeCertRequest(PublicKey publicKey, String str) {
        if (publicKey == null) {
            throw new NullPointerException("publicKey must not be null!");
        }
        if (str == null) {
            throw new NullPointerException("challenge must not be null!");
        }
        this.b = publicKey;
        this.e = new IA5String(str);
        a();
    }

    private void a() {
        this.f = true;
        this.g = null;
        this.a = null;
    }

    private void b() {
        if (this.f) {
            throw new RuntimeException("Cannot perform operation, certificate has to be signed first");
        }
    }

    private void c() {
        this.f = false;
    }

    private void d() throws CodingException {
        int countComponents = this.a.countComponents();
        if (countComponents != 3) {
            throw new CodingException(new StringBuffer().append("Invalid number of components (").append(countComponents).append(") of SignedPublicKeyAndChallenge! Expected 3.").toString());
        }
        try {
            ASN1Object componentAt = this.a.getComponentAt(0);
            int countComponents2 = componentAt.countComponents();
            if (countComponents2 < 1 || countComponents2 > 2) {
                throw new CodingException(new StringBuffer().append("Invalid number of components (").append(countComponents2).append(") of PublicKeyAndChallenge! Expected 2.").toString());
            }
            this.c = new AlgorithmID(this.a.getComponentAt(1));
            this.d = (byte[]) this.a.getComponentAt(2).getValue();
            try {
                this.b = PublicKeyInfo.getPublicKey(componentAt.getComponentAt(0));
                if (componentAt.countComponents() > 1) {
                    ASN1Object componentAt2 = componentAt.getComponentAt(1);
                    if (!componentAt2.isA(ASN.IA5String)) {
                        throw new CodingException("Invalid ASN.1 type for challenge. Must be IA5String!");
                    }
                    this.e = (IA5String) componentAt2;
                }
                this.a.clearASN1Object();
                c();
            } catch (InvalidKeyException e) {
                throw new CodingException(new StringBuffer().append("Unable to create PublicKey: ").append(e.toString()).toString());
            }
        } catch (RuntimeException e2) {
            throw new CodingException(new StringBuffer().append("Certificate request format error: ").append(e2.toString()).toString());
        }
    }

    private ASN1Object e() throws CodingException {
        SEQUENCE sequence = new SEQUENCE();
        sequence.addComponent(DerCoder.decode(this.b.getEncoded()));
        if (this.e != null) {
            sequence.addComponent(this.e);
        }
        return sequence;
    }

    private void a(ASN1Object aSN1Object) throws CodingException {
        BIT_STRING bit_string = new BIT_STRING(this.d);
        SEQUENCE sequence = new SEQUENCE();
        sequence.addComponent(aSN1Object);
        sequence.addComponent(this.c.toASN1Object());
        sequence.addComponent(bit_string);
        this.a = new ASN1(sequence);
    }

    public byte[] getPublicKeyAndChallenge() throws CodingException {
        return (this.a == null || this.a.toByteArray() == null) ? DerCoder.encode(e()) : this.a.getFirstObject();
    }

    public String getChallenge() {
        if (this.e == null) {
            return null;
        }
        return (String) this.e.getValue();
    }

    public void sign(AlgorithmID algorithmID, PrivateKey privateKey) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException {
        a(algorithmID, privateKey, null, null);
    }

    public void sign(AlgorithmID algorithmID, PrivateKey privateKey, String str) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException {
        a(algorithmID, privateKey, str, null);
    }

    public void sign(AlgorithmID algorithmID, PrivateKey privateKey, Provider provider) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException {
        a(algorithmID, privateKey, null, provider);
    }

    private void a(AlgorithmID algorithmID, PrivateKey privateKey, String str, Provider provider) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException {
        AlgorithmParameters signatureParameters;
        if (privateKey == null) {
            throw new InvalidKeyException("Cannot sign this request. No private key specified!");
        }
        if (algorithmID == null) {
            throw new NoSuchAlgorithmException("Cannot sign this request. No algorithm specified!");
        }
        this.c = algorithmID;
        Signature signatureInstance = provider != null ? this.c.getSignatureInstance(provider) : this.c.getSignatureInstance(str);
        signatureInstance.initSign(privateKey);
        try {
            if (!AlgorithmID.getDoNotIncludeParameters(this.c) && !this.c.hasParameters() && (signatureParameters = Util.getSignatureParameters(signatureInstance)) != null) {
                this.c.setAlgorithmParameters(signatureParameters);
            }
        } catch (Exception e) {
        }
        try {
            a();
            ASN1Object e2 = e();
            signatureInstance.update(DerCoder.encode(e2));
            this.d = signatureInstance.sign();
            a(e2);
            c();
        } catch (CodingException e3) {
            throw new SignatureException("Cann't sign CertRequest!");
        }
    }

    public void setSignature(AlgorithmID algorithmID, byte[] bArr) throws SignatureException {
        if (algorithmID == null) {
            throw new SignatureException("Cannot sign this request. No signature algorithm specified!");
        }
        if (bArr == null) {
            throw new SignatureException("Cannot sign this request. No signature value specified!");
        }
        this.c = algorithmID;
        this.d = bArr;
        try {
            a();
            a(e());
            c();
        } catch (CodingException e) {
            throw new SignatureException("Cann't sign CertRequest!");
        }
    }

    @Override // iaik.pkcs.pkcs10.CertRequest
    public boolean verify() throws SignatureException {
        return a(null, null);
    }

    public boolean verify(String str) throws SignatureException {
        return a(str, null);
    }

    public boolean verify(Provider provider) throws SignatureException {
        return a(null, provider);
    }

    private boolean a(String str, Provider provider) throws SignatureException {
        b();
        try {
            Signature signatureInstance = provider != null ? this.c.getSignatureInstance(provider) : this.c.getSignatureInstance(str);
            byte[] firstObject = this.a.getFirstObject();
            signatureInstance.initVerify(this.b);
            signatureInstance.update(firstObject);
            return signatureInstance.verify(this.d);
        } catch (CodingException e) {
            throw new SignatureException(e.getMessage());
        } catch (InvalidKeyException e2) {
            throw new SignatureException(e2.getMessage());
        } catch (NoSuchAlgorithmException e3) {
            throw new SignatureException(e3.getMessage());
        }
    }

    private void writeObject(ObjectOutputStream objectOutputStream) throws IOException {
        objectOutputStream.write(toByteArray());
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException {
        try {
            this.a = new ASN1(objectInputStream);
            d();
        } catch (CodingException e) {
            throw new IOException(new StringBuffer().append("Unable to restore CertificateRequest: ").append(e.toString()).toString());
        }
    }

    public byte[] toByteArray() {
        b();
        return this.a.toByteArray();
    }

    public void writeTo(OutputStream outputStream) throws IOException {
        b();
        this.a.writeTo(outputStream);
    }

    public AlgorithmID getSignatureAlgorithmID() {
        return this.c;
    }

    @Override // iaik.pkcs.pkcs10.CertRequest
    public PublicKey getPublicKey() throws InvalidKeyException {
        return this.b;
    }

    public byte[] getFingerprint() {
        b();
        return this.a.fingerprint();
    }

    public byte[] getFingerprint(String str) throws NoSuchAlgorithmException {
        b();
        MessageDigest messageDigest = null;
        if (IaikSecurity.getTryIAIKProviderFirst()) {
            try {
                messageDigest = IaikSecurity.getMessageDigestInstance(str, IAIK.getInstance());
            } catch (Exception e) {
            }
        }
        if (messageDigest == null) {
            messageDigest = MessageDigest.getInstance(str);
        }
        messageDigest.update(this.a.toByteArray());
        return messageDigest.digest();
    }

    public byte[] getFingerprintSHA() {
        if (this.g == null) {
            try {
                this.g = getFingerprint("SHA");
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException(new StringBuffer().append("Algorithm SHA not available: ").append(e.toString()).toString());
            }
        }
        return this.g;
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        if (this.b != null) {
            stringBuffer.append(this.b.toString());
        }
        if (this.e != null) {
            stringBuffer.append(new StringBuffer().append("\nchallenge: ").append(this.e.getValue()).toString());
        }
        if (this.c != null) {
            stringBuffer.append(new StringBuffer().append("\nSignature algorithm: ").append(this.c).append("\n").toString());
        }
        stringBuffer.append("\n");
        stringBuffer.append(new StringBuffer().append("Fingerprint (MD5)  : ").append(Util.toString(getFingerprint())).append("\n").toString());
        stringBuffer.append(new StringBuffer().append("Fingerprint (SHA-1): ").append(Util.toString(getFingerprintSHA())).append("\n").toString());
        return stringBuffer.toString();
    }

    static {
        Util.toString((byte[]) null, -1, 1);
    }
}
