package com.rsa.cryptoj.f;

import com.rsa.jsafe.cert.Attribute;
import com.rsa.jsafe.cert.CertRequest;
import com.rsa.jsafe.cert.CertRequestException;
import com.rsa.jsafe.cert.ObjectID;
import com.rsa.jsafe.cert.ValidateParameters;
import com.rsa.jsafe.cert.ValidationFailedException;
import com.rsa.jsafe.cert.X509ExtensionRequestSpec;
import com.rsa.jsafe.cert.pkcs10.PKCS10ParameterSpec;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:META-INF/lib/cryptoj-5.0.1-FIPS.jar:com/rsa/cryptoj/f/jS.class */
public class jS implements CertRequest {
    private static final int a = 0;
    private final C0160fx b;
    private SecureRandom c;
    private byte[] d;
    private byte[] e;
    private X500Principal f;
    private C0178go g;
    private C0447ms h;
    private byte[] i;
    private X509ExtensionRequestSpec j;
    private String k;
    private List<Attribute> l;

    public jS(C0160fx c0160fx, ByteBuffer byteBuffer) throws CertRequestException {
        this.b = c0160fx;
        this.d = new byte[byteBuffer.remaining()];
        byteBuffer.get(this.d);
        byteBuffer.rewind();
        C0596sf.c(byteBuffer);
        ByteBuffer a2 = C0596sf.a(byteBuffer);
        this.e = new byte[a2.remaining()];
        a2.get(this.e);
        a();
    }

    private void a() throws CertRequestException {
        AbstractC0360jm a2 = C0596sf.a("CertificationRequest", this.d, 0);
        AbstractC0360jm a3 = a2.a(0);
        if (((uK) a3.a(0)).i() != 0) {
            throw new CertRequestException("Unsupported PKCS #10 version.");
        }
        this.h = new C0447ms(a2.a(1));
        this.i = ((C0420ls) a2.a(2)).b();
        try {
            this.f = new X500Principal(C0596sf.c(a3.a(1)));
            try {
                this.g = new C0178go(a3.a(2), this.b);
                a(a3.a(3));
            } catch (GeneralSecurityException e) {
                throw new CertRequestException("Request contains invalid public key: ", e);
            }
        } catch (IllegalArgumentException e2) {
            throw new CertRequestException("Invalid subject name.", e2.getCause());
        }
    }

    private void a(AbstractC0360jm abstractC0360jm) throws CertRequestException {
        int a2 = abstractC0360jm.a();
        for (int i = 0; i < a2; i++) {
            AbstractC0360jm a3 = abstractC0360jm.a(i);
            if (a3.a(0).equals(hS.E.c())) {
                b(a3.a(1));
            } else if (a3.a(0).equals(hS.F.c())) {
                c(a3.a(1));
            } else {
                if (this.l == null) {
                    this.l = new ArrayList();
                }
                try {
                    C0474ns c0474ns = new C0474ns(abstractC0360jm.a(i), false);
                    this.l.add(new Attribute(new ObjectID(c0474ns.c().c().toString()), c0474ns.b()));
                } catch (oU e) {
                    throw new CertRequestException("Invalid attribute value encountered.");
                }
            }
        }
    }

    private void b(AbstractC0360jm abstractC0360jm) throws CertRequestException {
        if (this.k != null) {
            throw new CertRequestException("Request contained more than one challengePassword attribute.");
        }
        if (abstractC0360jm.a() != 1) {
            throw new CertRequestException("PKCS #10 request contains invalid challengePassword, expected a single value.");
        }
        try {
            this.k = C0596sf.a("DirectoryString", ((vV) abstractC0360jm.a(0)).i()).toString();
        } catch (oU e) {
            throw new CertRequestException("PKCS #10 request contains invalid challengePassword value");
        }
    }

    private void c(AbstractC0360jm abstractC0360jm) throws CertRequestException {
        if (this.j != null) {
            throw new CertRequestException("Request contained more than one extensionRequest attribute.");
        }
        if (abstractC0360jm.a() != 1) {
            throw new CertRequestException("PKCS #10 request contains invalid extensionRequest, expected a single value.");
        }
        try {
            this.j = C0495om.a(new C0237iu(C0596sf.a("Extensions", ((vV) abstractC0360jm.a(0)).i()), 0));
        } catch (oU e) {
            throw new CertRequestException("PKCS #10 request contains invalid extensionRequest value");
        }
    }

    public jS(C0160fx c0160fx, PKCS10ParameterSpec pKCS10ParameterSpec, PrivateKey privateKey) throws CertRequestException {
        this(c0160fx, pKCS10ParameterSpec, privateKey, null);
    }

    public jS(C0160fx c0160fx, PKCS10ParameterSpec pKCS10ParameterSpec, PrivateKey privateKey, SecureRandom secureRandom) throws CertRequestException {
        this.b = c0160fx;
        c(pKCS10ParameterSpec);
        b(pKCS10ParameterSpec);
        a(secureRandom);
        a(pKCS10ParameterSpec);
        this.j = pKCS10ParameterSpec.getExtensions();
        this.k = pKCS10ParameterSpec.getChallengePassword();
        a(privateKey);
    }

    private void a(PKCS10ParameterSpec pKCS10ParameterSpec) throws CertRequestException {
        hS b = sI.b(pKCS10ParameterSpec.getSignAlg());
        if (b == null) {
            throw new CertRequestException("Unsupported signing algorithm.");
        }
        this.h = new C0447ms(b);
    }

    private void a(SecureRandom secureRandom) {
        this.c = secureRandom;
    }

    private void b(PKCS10ParameterSpec pKCS10ParameterSpec) throws CertRequestException {
        try {
            this.g = new C0178go(pKCS10ParameterSpec.getPublicKey(), this.b);
        } catch (NoSuchAlgorithmException e) {
            throw new CertRequestException("Parameters contain invalid subject key.", e);
        } catch (InvalidKeySpecException e2) {
            throw new CertRequestException("Parameters contain invalid subject key.", e2);
        }
    }

    private void c(PKCS10ParameterSpec pKCS10ParameterSpec) {
        if (!pKCS10ParameterSpec.isSubjectSerialNumAutoGenEnabled() || vZ.a(pKCS10ParameterSpec.getSubject(), hS.n)) {
            this.f = pKCS10ParameterSpec.getSubject();
        } else {
            this.f = vZ.b(pKCS10ParameterSpec.getSubject());
        }
    }

    private void a(PrivateKey privateKey) throws CertRequestException {
        AbstractC0360jm b = b();
        this.e = C0596sf.c(b);
        b(privateKey);
        this.d = C0596sf.c(C0596sf.a("CertificationRequest", new Object[]{b, this.h.a(), C0596sf.a((wC) C0108dz.a, (Object) this.i)}));
    }

    private AbstractC0360jm b() {
        return C0596sf.a("CertificationRequestInfo", new Object[]{0, C0596sf.a("Name", this.f.getEncoded(), 0), C0596sf.a("SubjectPublicKeyInfo", this.g.a().getEncoded(), 0), c()});
    }

    private void b(PrivateKey privateKey) throws CertRequestException {
        try {
            AbstractC0726y c = C0067ck.c(this.h.c(), this.b);
            c.initSign(privateKey, this.c);
            c.update(this.e);
            this.i = c.sign();
        } catch (GeneralSecurityException e) {
            throw new CertRequestException("Could not sign request with given private key.", e);
        }
    }

    private Set<AbstractC0360jm> c() {
        HashSet hashSet = new HashSet();
        if (this.k != null) {
            hashSet.add(e());
        }
        if (this.j != null) {
            hashSet.add(d());
        }
        if (this.l != null && !this.l.isEmpty()) {
            Iterator<Attribute> it = this.l.iterator();
            while (it.hasNext()) {
                hashSet.add(C0596sf.a("Attribute", it.next().getEncoded(), 0));
            }
        }
        return hashSet;
    }

    private AbstractC0360jm d() {
        return C0596sf.a("Attribute", new Object[]{hS.F.c(), new Object[]{C0495om.a(this.j)}});
    }

    private AbstractC0360jm e() {
        return C0596sf.a("Attribute", new Object[]{hS.E.c(), new Object[]{C0596sf.a(vP.o, this.k)}});
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public byte[] getEncoded() {
        return wT.a(this.d);
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public AlgorithmParameterSpec getParameters() {
        return this.l != null ? this.k != null ? this.j != null ? new PKCS10ParameterSpec(this.f, this.g.a(), this.h.c(), false, this.j, this.k, this.l) : new PKCS10ParameterSpec(this.f, this.g.a(), this.h.c(), false, this.k, this.l) : this.j != null ? new PKCS10ParameterSpec(this.f, this.g.a(), this.h.c(), false, this.j, this.l) : new PKCS10ParameterSpec(this.f, this.g.a(), this.h.c(), false, this.l) : this.k != null ? this.j != null ? new PKCS10ParameterSpec(this.f, this.g.a(), this.h.c(), false, this.j, this.k) : new PKCS10ParameterSpec(this.f, this.g.a(), this.h.c(), false, this.k) : this.j != null ? new PKCS10ParameterSpec(this.f, this.g.a(), this.h.c(), false, this.j) : new PKCS10ParameterSpec(this.f, this.g.a(), this.h.c(), false);
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public X500Principal getSubject() {
        return this.f;
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public PublicKey getSubjectPublicKey() {
        return this.g.a();
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public String getType() {
        return "PKCS10";
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public void validateRequest() throws NoSuchAlgorithmException, ValidationFailedException {
        String c = this.h.c();
        if (c == null) {
            throw new NoSuchAlgorithmException("Signature algorithm specified in PKCS #10 is not supported.");
        }
        try {
            AbstractC0726y c2 = C0067ck.c(c, this.b);
            c2.initVerify(this.g.a());
            c2.update(this.e);
            if (c2.verify(this.i)) {
            } else {
                throw new SignatureException("Certificate request validation failed!");
            }
        } catch (GeneralSecurityException e) {
            throw new ValidationFailedException("Signature did not verify.", e);
        }
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public void validateRequest(ValidateParameters validateParameters) {
        throw new UnsupportedOperationException("Validation parameters cannot be used for validating a PKCS #10 request.");
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("PKCS10 Request: [").append(AbstractC0239iw.a);
        stringBuffer.append("Version: ").append(0).append(AbstractC0239iw.a);
        stringBuffer.append("Subject: ").append(this.f).append(AbstractC0239iw.a);
        stringBuffer.append("SubjectPKInfo: ").append(this.g).append(AbstractC0239iw.a);
        stringBuffer.append("Attributes: [").append(AbstractC0239iw.a);
        if (this.k != null) {
            stringBuffer.append(AbstractC0239iw.b).append("ChallengePassword (").append(hS.E.toString()).append("): ");
            stringBuffer.append(this.k).append(AbstractC0239iw.a);
        }
        if (this.j != null) {
            stringBuffer.append(AbstractC0239iw.b).append(this.j);
        }
        if (this.l != null) {
            Iterator<Attribute> it = this.l.iterator();
            while (it.hasNext()) {
                stringBuffer.append(AbstractC0239iw.b).append(it.next()).append(AbstractC0239iw.a);
            }
        }
        stringBuffer.append("]").append(AbstractC0239iw.a);
        return stringBuffer.toString();
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public boolean equals(Object obj) {
        if (obj instanceof jS) {
            return Arrays.equals(this.d, ((jS) obj).getEncoded());
        }
        return false;
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public int hashCode() {
        return C0531pv.a(7, this.d);
    }
}
