package com.rsa.cryptoj.f;

import com.rsa.cryptoj.f.gV;
import com.rsa.jsafe.cert.CertRequest;
import com.rsa.jsafe.cert.CertRequestException;
import com.rsa.jsafe.cert.GeneralName;
import com.rsa.jsafe.cert.InsufficientValidationInfoException;
import com.rsa.jsafe.cert.ValidateParameters;
import com.rsa.jsafe.cert.ValidationFailedException;
import com.rsa.jsafe.cert.crmf.CRMFParameterSpec;
import com.rsa.jsafe.cert.crmf.CRMFProofGenerationParams;
import com.rsa.jsafe.cert.crmf.CertTemplateSpec;
import com.rsa.jsafe.cert.crmf.ControlsSpec;
import com.rsa.jsafe.cert.crmf.POPEncryptedKey;
import com.rsa.jsafe.cert.crmf.POPEncryptedKeyLegacy;
import com.rsa.jsafe.cert.crmf.POPPrivateKeySpec;
import com.rsa.jsafe.cert.crmf.POPRAVerifiedSpec;
import com.rsa.jsafe.cert.crmf.POPSigningKeySpec;
import com.rsa.jsafe.cert.crmf.POPSubsequentMessage;
import com.rsa.jsafe.cert.crmf.ProofOfPossessionSpec;
import com.rsa.jsafe.cert.crmf.RegInfoSpec;
import com.rsa.jsafe.cert.crmf.ValidateEncryptedKeyParams;
import com.rsa.jsafe.cert.crmf.ValidateSignKeyParams;
import com.rsa.jsafe.cms.InfoObjectFactory;
import com.rsa.jsafe.provider.SensitiveData;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.SecretKey;
import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* renamed from: com.rsa.cryptoj.f.bz, reason: case insensitive filesystem */
/* loaded from: input_file:META-INF/lib/cryptoj-5.0.1-FIPS.jar:com/rsa/cryptoj/f/bz.class */
public class C0055bz implements CertRequest {
    private static final int a = C0596sf.c(3);
    private static final int b = C0596sf.c(2);
    private static final int c = 20;
    private static final String d = "Error signing request.";
    private final C0160fx e;
    private SecureRandom f;
    private byte[] g;
    private byte[] h;
    private byte[] i;
    private BigInteger j;
    private CertTemplateSpec k;
    private RegInfoSpec l;
    private ControlsSpec m;
    private ProofOfPossessionSpec n;
    private g o;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.rsa.cryptoj.f.bz$a */
    /* loaded from: input_file:META-INF/lib/cryptoj-5.0.1-FIPS.jar:com/rsa/cryptoj/f/bz$a.class */
    public static class a implements g {
        a() {
        }

        @Override // com.rsa.cryptoj.f.C0055bz.g
        public void a() {
            throw new UnsupportedOperationException("Validation of keys contained in EnvelopedData is not currently supported.");
        }

        @Override // com.rsa.cryptoj.f.C0055bz.g
        public void a(ValidateParameters validateParameters) {
            throw new UnsupportedOperationException("Validation of keys contained in EnvelopedData is not currently supported.");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.rsa.cryptoj.f.bz$b */
    /* loaded from: input_file:META-INF/lib/cryptoj-5.0.1-FIPS.jar:com/rsa/cryptoj/f/bz$b.class */
    public static class b implements g {
        b() {
        }

        @Override // com.rsa.cryptoj.f.C0055bz.g
        public void a() throws InsufficientValidationInfoException {
            throw new InsufficientValidationInfoException("Validity Unknown: request does not contain a Proof-Of-Possession.");
        }

        @Override // com.rsa.cryptoj.f.C0055bz.g
        public void a(ValidateParameters validateParameters) throws InsufficientValidationInfoException {
            throw new InsufficientValidationInfoException("Validity Unknown: request does not contain a Proof-Of-Possession.");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.rsa.cryptoj.f.bz$c */
    /* loaded from: input_file:META-INF/lib/cryptoj-5.0.1-FIPS.jar:com/rsa/cryptoj/f/bz$c.class */
    public static class c implements g {
        c() {
        }

        @Override // com.rsa.cryptoj.f.C0055bz.g
        public void a() throws InsufficientValidationInfoException {
            throw new InsufficientValidationInfoException("Validity Unknown: unable to validate request with POPOPrivKey usingthe subsequentMessage indicator.");
        }

        @Override // com.rsa.cryptoj.f.C0055bz.g
        public void a(ValidateParameters validateParameters) throws InsufficientValidationInfoException {
            throw new InsufficientValidationInfoException("Validity Unknown: unable to validate request with POPOPrivKey usingthe subsequentMessage indicator.");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.rsa.cryptoj.f.bz$d */
    /* loaded from: input_file:META-INF/lib/cryptoj-5.0.1-FIPS.jar:com/rsa/cryptoj/f/bz$d.class */
    public static class d implements g {
        final C0055bz a;
        final POPPrivateKeySpec.KeyType b;
        byte[] c;
        byte[] d;
        String e;
        AlgorithmParameterSpec f;
        String[] g;

        d(C0055bz c0055bz, POPPrivateKeySpec.KeyType keyType) {
            this.a = c0055bz;
            this.b = keyType;
        }

        @Override // com.rsa.cryptoj.f.C0055bz.g
        public void a() throws InvalidAlgorithmParameterException {
            throw new InvalidAlgorithmParameterException("Validation parameters were expected (com.rsa.jsafe.cert.crmf.ValidateEncryptedKeyParams)");
        }

        @Override // com.rsa.cryptoj.f.C0055bz.g
        public void a(ValidateParameters validateParameters) throws NoSuchAlgorithmException, ValidationFailedException, InsufficientValidationInfoException, InvalidAlgorithmParameterException {
            if (!(validateParameters instanceof ValidateEncryptedKeyParams)) {
                throw new InvalidAlgorithmParameterException("Expected com.rsa.jsafe.cert.crmf.ValidateEncryptedKeyParams");
            }
            if (this.a.getSubjectPublicKey() == null) {
                throw new InsufficientValidationInfoException("Proof-of-possession could not be validated: request did not contain a public key");
            }
            if (this.e == null) {
                throw new NoSuchAlgorithmException("Asymmetric algorithm specified in request POP not supported for CRMF.");
            }
            if (this.g == null) {
                throw new NoSuchAlgorithmException("Symmetric algorithm specified in request POP not supported for CRMF.");
            }
            PrivateKey decryptKey = ((ValidateEncryptedKeyParams) validateParameters).getDecryptKey();
            try {
                hG hGVar = (hG) C0067ck.a(this.e, this.a.e);
                hGVar.engineInit(2, decryptKey, null);
                SecretKeySpec secretKeySpec = new SecretKeySpec(hGVar.engineDoFinal(this.c, 0, this.c.length), this.g[0]);
                AbstractC0690vs abstractC0690vs = (AbstractC0690vs) C0067ck.a(this.g[0], this.a.e);
                if (this.g.length > 1) {
                    abstractC0690vs.engineSetMode(this.g[1]);
                    abstractC0690vs.engineSetPadding(this.g[2]);
                }
                if (this.f != null) {
                    abstractC0690vs.engineInit(2, secretKeySpec, this.f, (SecureRandom) null);
                } else {
                    abstractC0690vs.engineInit(2, secretKeySpec, null);
                }
                a(this.a.getSubjectPublicKey(), C0067ck.h(this.a.getSubjectPublicKey().getAlgorithm(), this.a.e).engineGeneratePrivate(new PKCS8EncodedKeySpec(abstractC0690vs.engineDoFinal(this.d, 0, this.d.length))));
            } catch (ValidationFailedException e) {
                throw e;
            } catch (NoSuchAlgorithmException e2) {
                throw e2;
            } catch (InvalidKeySpecException e3) {
                throw new ValidationFailedException("Decrypted value was not a valid private key", e3);
            } catch (GeneralSecurityException e4) {
                throw new ValidationFailedException("Encrypted key could not be validated.", e4);
            }
        }

        private void a(PublicKey publicKey, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, SignatureException, ValidationFailedException {
            if (this.b != POPPrivateKeySpec.KeyType.ENCIPHERMENT) {
                if (this.b == POPPrivateKeySpec.KeyType.KEY_AGREEMENT) {
                    if (!(publicKey instanceof DHPublicKey)) {
                        if (!(publicKey instanceof ECPublicKey)) {
                            throw new InvalidKeyException("Unsupported key agreement key.");
                        }
                        a(publicKey, privateKey, "SHA1WithECDSA");
                        return;
                    } else {
                        if (!((DHPublicKey) publicKey).getParams().getG().modPow(((DHPrivateKey) privateKey).getX(), ((DHPublicKey) publicKey).getParams().getP()).equals(((DHPublicKey) publicKey).getY())) {
                            throw new ValidationFailedException("Decrypted key was not a valid private key for the subject public key.");
                        }
                        return;
                    }
                }
                return;
            }
            if (!(publicKey instanceof RSAPublicKey)) {
                if (!(publicKey instanceof ECPublicKey)) {
                    throw new InvalidKeyException("Unsupported encipherment key.");
                }
                a(publicKey, privateKey, "SHA1WithECDSA");
                return;
            }
            byte[] bArr = new byte[20];
            hG hGVar = (hG) C0067ck.a(InfoObjectFactory.ENCRYPTION_RSA, this.a.e);
            hGVar.engineInit(1, publicKey, this.a.f);
            byte[] engineDoFinal = hGVar.engineDoFinal(bArr, 0, bArr.length);
            hGVar.engineInit(2, privateKey, this.a.f);
            if (!Arrays.equals(bArr, hGVar.engineDoFinal(engineDoFinal, 0, engineDoFinal.length))) {
                throw new InvalidKeyException("Decrypted key was not a valid private key for the subject public key.");
            }
        }

        private void a(PublicKey publicKey, PrivateKey privateKey, String str) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, ValidationFailedException {
            byte[] bArr = new byte[20];
            AbstractC0726y c = C0067ck.c(str, this.a.e);
            c.engineInitSign(privateKey, this.a.f);
            c.engineUpdate(bArr, 0, bArr.length);
            byte[] engineSign = c.engineSign();
            c.engineInitVerify(publicKey);
            c.engineUpdate(bArr, 0, bArr.length);
            if (!c.engineVerify(engineSign)) {
                throw new ValidationFailedException("Decrypted key was not a valid private key for the subject public key.");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.rsa.cryptoj.f.bz$e */
    /* loaded from: input_file:META-INF/lib/cryptoj-5.0.1-FIPS.jar:com/rsa/cryptoj/f/bz$e.class */
    public static class e implements g {
        byte[] a;
        byte[] b;
        String c;
        String d;
        boolean e;
        byte[] f;
        byte[] g;
        int h;
        byte[] i;
        final C0055bz j;

        e(C0055bz c0055bz) {
            this.j = c0055bz;
        }

        @Override // com.rsa.cryptoj.f.C0055bz.g
        public void a() throws NoSuchAlgorithmException, ValidationFailedException, InsufficientValidationInfoException, InvalidAlgorithmParameterException {
            if (this.e) {
                throw new InvalidAlgorithmParameterException("Expected ValidateSignKeyParams to perform MAC. Use alternate validate method.");
            }
            b();
        }

        private void b() throws NoSuchAlgorithmException, ValidationFailedException, InsufficientValidationInfoException {
            if (this.c == null) {
                throw new NoSuchAlgorithmException("Signature algorithm not supported.");
            }
            PublicKey subjectPublicKey = this.j.getSubjectPublicKey();
            if (subjectPublicKey == null) {
                throw new InsufficientValidationInfoException("Proof-of-possession could not be validated: request did not contain a public key");
            }
            try {
                AbstractC0726y c = C0067ck.c(this.c, this.j.e);
                c.engineInitVerify(subjectPublicKey);
                c.engineUpdate(this.a, 0, this.a.length);
                if (c.engineVerify(this.b)) {
                } else {
                    throw new SignatureException("Signature verification failed.");
                }
            } catch (NoSuchAlgorithmException e) {
                throw e;
            } catch (GeneralSecurityException e2) {
                throw new ValidationFailedException("Proof-of-possession could not be validated.", e2);
            }
        }

        @Override // com.rsa.cryptoj.f.C0055bz.g
        public void a(ValidateParameters validateParameters) throws NoSuchAlgorithmException, ValidationFailedException, InsufficientValidationInfoException, InvalidAlgorithmParameterException {
            if (!(validateParameters instanceof ValidateSignKeyParams)) {
                throw new InvalidAlgorithmParameterException("Expected com.rsa.jsafe.cert.crmf.CRMFValidatePOPSignKeyParams.");
            }
            b();
            ValidateSignKeyParams validateSignKeyParams = (ValidateSignKeyParams) validateParameters;
            if (!this.e) {
                throw new InvalidAlgorithmParameterException("Request does not contain MAC for validation: validate parameters were not required. Use alternate method.");
            }
            if (this.d == null) {
                throw new NoSuchAlgorithmException("Mac algorithm not supported.");
            }
            if (this.j.i != null && !AbstractC0239iw.a(this.j.i, 1, this.j.i.length - 1, this.f, 1, this.f.length - 1)) {
                throw new ValidationFailedException("SubjectPublicKeyInfo in POPOSigningKeyInput did not match SubjectPublicKeyInfo in the CertTemplate.");
            }
            SecretKey secretKey = null;
            try {
                try {
                    PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(this.i, this.h);
                    secretKey = C0067ck.i(this.d, this.j.e).engineGenerateSecret(new PBEKeySpec(validateSignKeyParams.getSharedSecret()));
                    bJ f = C0067ck.f(this.d, this.j.e);
                    f.engineInit(secretKey, pBEParameterSpec);
                    f.engineUpdate(this.f, 0, this.f.length);
                    if (!Arrays.equals(this.g, f.engineDoFinal())) {
                        throw new ValidationFailedException("MAC verify failed.");
                    }
                    SensitiveData.clear(secretKey);
                } catch (NoSuchAlgorithmException e) {
                    throw e;
                } catch (GeneralSecurityException e2) {
                    throw new ValidationFailedException("Error while computing MAC", e2);
                }
            } catch (Throwable th) {
                SensitiveData.clear(secretKey);
                throw th;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.rsa.cryptoj.f.bz$f */
    /* loaded from: input_file:META-INF/lib/cryptoj-5.0.1-FIPS.jar:com/rsa/cryptoj/f/bz$f.class */
    public static class f implements g {
        f() {
        }

        @Override // com.rsa.cryptoj.f.C0055bz.g
        public void a() throws InsufficientValidationInfoException {
            throw new InsufficientValidationInfoException("Validity Unknown: request contains RA-Verified Proof-Of-Possession.");
        }

        @Override // com.rsa.cryptoj.f.C0055bz.g
        public void a(ValidateParameters validateParameters) throws InsufficientValidationInfoException {
            throw new InsufficientValidationInfoException("Validity Unknown: request contains RA-Verified Proof-Of-Possession.");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.rsa.cryptoj.f.bz$g */
    /* loaded from: input_file:META-INF/lib/cryptoj-5.0.1-FIPS.jar:com/rsa/cryptoj/f/bz$g.class */
    public interface g {
        void a() throws NoSuchAlgorithmException, ValidationFailedException, InsufficientValidationInfoException, InvalidAlgorithmParameterException;

        void a(ValidateParameters validateParameters) throws NoSuchAlgorithmException, ValidationFailedException, InsufficientValidationInfoException, InvalidAlgorithmParameterException;
    }

    public C0055bz(C0160fx c0160fx, ByteBuffer byteBuffer) throws CertRequestException {
        this.e = c0160fx;
        this.g = new byte[byteBuffer.remaining()];
        byteBuffer.get(this.g);
        byteBuffer.rewind();
        try {
            C0596sf.c(byteBuffer);
            ByteBuffer a2 = C0596sf.a(byteBuffer);
            this.h = new byte[a2.remaining()];
            a2.get(this.h);
            d();
        } catch (oU e2) {
            throw new CertRequestException("Could not decode request.", e2);
        }
    }

    private void d() throws CertRequestException {
        AbstractC0360jm a2 = C0596sf.a("CertReqMsg", this.g, 0);
        AbstractC0360jm a3 = a2.a(0);
        this.j = ((uK) a3.a(0)).b();
        e(a3.a(1));
        a(a3.a(2));
        b(a2.a(1));
        d(a2.a(2));
    }

    private void a(AbstractC0360jm abstractC0360jm) throws CertRequestException {
        if (abstractC0360jm == null) {
            return;
        }
        this.m = C0060cd.c(abstractC0360jm, this.e);
    }

    private void b(AbstractC0360jm abstractC0360jm) throws CertRequestException {
        if (abstractC0360jm == null) {
            this.o = new b();
            return;
        }
        switch (C0596sf.f(abstractC0360jm.f().d())) {
            case 0:
                this.o = new f();
                this.n = new POPRAVerifiedSpec();
                return;
            case 1:
                c(abstractC0360jm);
                return;
            case 2:
                a(abstractC0360jm, POPPrivateKeySpec.KeyType.ENCIPHERMENT);
                return;
            case 3:
                a(abstractC0360jm, POPPrivateKeySpec.KeyType.KEY_AGREEMENT);
                return;
            default:
                throw new CertRequestException("Invalid POP.");
        }
    }

    private void a(AbstractC0360jm abstractC0360jm, POPPrivateKeySpec.KeyType keyType) throws CertRequestException {
        POPSubsequentMessage.MessageType messageType;
        int f2 = C0596sf.f(abstractC0360jm.f().g());
        if (f2 == 2 || f2 == 3) {
            throw new CertRequestException("Unsupported Pop type for key agreement keys.");
        }
        if (f2 == 4) {
            AbstractC0360jm d2 = abstractC0360jm.c(-1).d(16);
            this.o = new a();
            this.n = new POPEncryptedKey(keyType, C0596sf.c(d2));
        } else {
            if (f2 != 1) {
                if (f2 == 0) {
                    b(C0596sf.a("EncryptedValue", ((C0420ls) abstractC0360jm).b(), 0), keyType);
                    return;
                }
                return;
            }
            int i = ((uK) abstractC0360jm).i();
            if (i == 0) {
                messageType = POPSubsequentMessage.MessageType.ENCRYPTED_CERT;
            } else {
                if (i != 1) {
                    throw new CertRequestException("Invalid POPOPrivKey SubsequentMessage identifier.");
                }
                messageType = POPSubsequentMessage.MessageType.CHALLENGE_RESPONSE;
            }
            this.o = new c();
            this.n = new POPSubsequentMessage(keyType, messageType);
        }
    }

    private void b(AbstractC0360jm abstractC0360jm, POPPrivateKeySpec.KeyType keyType) {
        d dVar = new d(this, keyType);
        AbstractC0360jm a2 = abstractC0360jm.a(1);
        if (a2 != null) {
            C0447ms c0447ms = new C0447ms(a2);
            gV.d b2 = gV.b(c0447ms.d(), c0447ms.b());
            if (b2 != null) {
                dVar.g = b2.c();
                dVar.f = b2.a(c0447ms.b());
            }
        }
        C0420ls c0420ls = (C0420ls) abstractC0360jm.a(2);
        if (c0420ls != null) {
            dVar.c = c0420ls.b();
        }
        AbstractC0360jm a3 = abstractC0360jm.a(3);
        if (a3 != null) {
            C0447ms c0447ms2 = new C0447ms(a3);
            dVar.e = gV.a(c0447ms2.d(), c0447ms2.b());
        }
        dVar.d = ((C0420ls) abstractC0360jm.a(5)).b();
        this.o = dVar;
        this.n = new POPEncryptedKeyLegacy(keyType, C0060cd.a(abstractC0360jm));
    }

    private void c(AbstractC0360jm abstractC0360jm) {
        e eVar = new e(this);
        C0447ms c0447ms = new C0447ms(abstractC0360jm.a(1));
        String c2 = c0447ms.c();
        if (c2 == null) {
            c2 = c0447ms.d().toString();
        }
        eVar.c = c2;
        eVar.b = ((C0420ls) abstractC0360jm.a(2)).b();
        vV vVVar = (vV) abstractC0360jm.a(0);
        if (vVVar == null) {
            eVar.a = this.h;
            this.n = new POPSigningKeySpec(c2);
        } else {
            eVar.a = vVVar.d();
            AbstractC0360jm a2 = C0596sf.a("POPOSigningKeyInputTagged", eVar.a, 0);
            AbstractC0360jm a3 = a2.a(0);
            if (C0596sf.f(a3.f().d()) == 0) {
                ByteBuffer wrap = ByteBuffer.wrap(C0596sf.c(a3));
                C0596sf.c(wrap);
                byte[] bArr = new byte[wrap.remaining()];
                wrap.get(bArr);
                this.n = new POPSigningKeySpec(c2, new GeneralName(bArr));
            } else {
                eVar.e = true;
                eVar.f = ((vV) a2.a(1)).d();
                C0447ms c0447ms2 = new C0447ms(a3.a(0));
                eVar.d = c0447ms2.c();
                if (c0447ms2.d().equals(hS.aV)) {
                    AbstractC0360jm a4 = C0596sf.a("PBMParameter", c0447ms2.b(), 0);
                    eVar.i = ((uL) a4.a(0)).d();
                    eVar.h = ((uK) a4.a(2)).i();
                } else {
                    eVar.i = new byte[0];
                }
                eVar.g = ((C0420ls) a3.a(1)).b();
                this.n = new POPSigningKeySpec(c2, eVar.d, eVar.i, eVar.h);
            }
        }
        this.o = eVar;
    }

    private void d(AbstractC0360jm abstractC0360jm) throws CertRequestException {
        if (abstractC0360jm == null) {
            return;
        }
        this.l = C0060cd.b(abstractC0360jm, this.e);
    }

    private void e(AbstractC0360jm abstractC0360jm) throws CertRequestException {
        if (abstractC0360jm.a(6) != null) {
            this.i = ((vV) abstractC0360jm.a(6)).d();
        }
        this.k = C0060cd.a(abstractC0360jm, this.e);
    }

    public C0055bz(C0160fx c0160fx, CRMFParameterSpec cRMFParameterSpec, CRMFProofGenerationParams cRMFProofGenerationParams) throws CertRequestException {
        this.e = c0160fx;
        this.j = cRMFParameterSpec.getCertReqId();
        this.k = cRMFParameterSpec.getCertTemplate();
        this.l = cRMFParameterSpec.getRegInfo();
        this.m = cRMFParameterSpec.getControls();
        this.n = cRMFParameterSpec.getPOP();
        e();
        a(cRMFProofGenerationParams);
        b(cRMFProofGenerationParams);
    }

    public BigInteger a() {
        return this.j;
    }

    private void e() {
        X500Principal subject;
        if (!this.k.isSubjectSerialNumAutoGenEnabled() || (subject = this.k.getSubject()) == null) {
            return;
        }
        this.k.setSubject(!vZ.a(subject, hS.n) ? vZ.b(this.k.getSubject()) : subject, false);
    }

    private void a(CRMFProofGenerationParams cRMFProofGenerationParams) {
        if (cRMFProofGenerationParams != null) {
            this.f = cRMFProofGenerationParams.getRandom();
        }
    }

    private void b(CRMFProofGenerationParams cRMFProofGenerationParams) throws CertRequestException {
        Object[] objArr = new Object[3];
        objArr[0] = this.j;
        objArr[1] = C0060cd.a(this.k);
        objArr[2] = this.m == null ? null : C0060cd.a(this.m);
        AbstractC0360jm a2 = C0596sf.a("CertRequest", objArr);
        Object[] objArr2 = new Object[3];
        objArr2[0] = a2;
        objArr2[1] = a(a2, cRMFProofGenerationParams);
        objArr2[2] = this.l == null ? null : C0060cd.a(this.l);
        this.g = C0596sf.a(C0596sf.a("CertReqMsg", objArr2));
    }

    private AbstractC0360jm a(AbstractC0360jm abstractC0360jm, CRMFProofGenerationParams cRMFProofGenerationParams) throws CertRequestException {
        if (this.n == null) {
            this.o = new b();
            return null;
        }
        if (this.n instanceof POPRAVerifiedSpec) {
            this.o = new f();
            return new C0112ec().d(C0596sf.c(0));
        }
        if (this.k.getPublicKey() == null) {
            throw new CertRequestException("Cannot create a Proof of Possession for an unspecified public key.");
        }
        if (this.n instanceof POPSigningKeySpec) {
            return b(abstractC0360jm, cRMFProofGenerationParams);
        }
        if (this.n instanceof POPPrivateKeySpec) {
            int i = ((POPPrivateKeySpec) this.n).getKeyType() == POPPrivateKeySpec.KeyType.ENCIPHERMENT ? b : a;
            if (this.n instanceof POPEncryptedKey) {
                return a(i);
            }
            if (this.n instanceof POPEncryptedKeyLegacy) {
                return b(i);
            }
            if (this.n instanceof POPSubsequentMessage) {
                return c(i);
            }
        }
        throw new CertRequestException("Invalid Proof of Possession Spec.");
    }

    private AbstractC0360jm b(AbstractC0360jm abstractC0360jm, CRMFProofGenerationParams cRMFProofGenerationParams) throws CertRequestException {
        byte[] c2;
        if (cRMFProofGenerationParams == null) {
            throw new CertRequestException("The corresponding PrivateKey for the requested key is required to create the Proof of Possession.");
        }
        e eVar = new e(this);
        POPSigningKeySpec pOPSigningKeySpec = (POPSigningKeySpec) this.n;
        AbstractC0360jm abstractC0360jm2 = null;
        if (this.k.getSubject() != null) {
            c2 = C0596sf.c(abstractC0360jm);
        } else if (pOPSigningKeySpec.getSender() != null) {
            abstractC0360jm2 = C0596sf.a("POPOSigningKeyInput", new Object[]{C0596sf.a("RequestorName", new Object[]{C0596sf.a("GeneralName", pOPSigningKeySpec.getSender().getEncoded(), 0)}).d(C0596sf.c(0)), C0596sf.a("SubjectPublicKeyInfo", this.k.getPublicKey().getEncoded(), 0)}).d(C0596sf.c(0));
            c2 = C0596sf.c(abstractC0360jm2);
        } else {
            char[] sharedSecret = cRMFProofGenerationParams.getSharedSecret();
            if (sharedSecret == null) {
                throw new CertRequestException("Requests with unspecified Subject require shared secret for Proof of Possession");
            }
            if (!pOPSigningKeySpec.getMacAlg().equalsIgnoreCase(POPSigningKeySpec.DEFAULT_MAC_ALG)) {
                throw new CertRequestException("Unsupported MAC algorithm selected in CRMFPopSigningKeySpec");
            }
            byte[] macSalt = pOPSigningKeySpec.getMacSalt();
            if (macSalt == null) {
                macSalt = f();
                this.n = new POPSigningKeySpec(pOPSigningKeySpec.getSigningAlgorithm(), POPSigningKeySpec.DEFAULT_MAC_ALG, macSalt, pOPSigningKeySpec.getMacIterationCount());
            }
            byte[] a2 = a(pOPSigningKeySpec.getMacAlg(), sharedSecret, this.k.getPublicKey().getEncoded(), macSalt, pOPSigningKeySpec.getMacIterationCount());
            eVar.e = true;
            eVar.d = pOPSigningKeySpec.getMacAlg();
            eVar.g = a2;
            eVar.i = macSalt;
            eVar.h = pOPSigningKeySpec.getMacIterationCount();
            abstractC0360jm2 = C0596sf.a("POPOSigningKeyInput", new Object[]{C0596sf.a("PKMACValue", new Object[]{new Object[]{hS.aV.c(), C0596sf.a("PBMParameter", new Object[]{macSalt, new Object[]{hS.bc.c(), new C0112ec()}, Integer.valueOf(pOPSigningKeySpec.getMacIterationCount()), new Object[]{hS.aW.c(), new C0112ec()}})}, a2}), C0596sf.a("SubjectPublicKeyInfo", this.k.getPublicKey().getEncoded(), 0)}).d(C0596sf.c(0));
            c2 = C0596sf.c(abstractC0360jm2);
            eVar.f = this.k.getPublicKey().getEncoded();
        }
        byte[] a3 = a(pOPSigningKeySpec.getSigningAlgorithm(), cRMFProofGenerationParams.getPrivateKey(), c2);
        eVar.c = pOPSigningKeySpec.getSigningAlgorithm();
        eVar.a = c2;
        eVar.b = a3;
        this.o = eVar;
        return a(abstractC0360jm2, pOPSigningKeySpec.getSigningAlgorithm(), a3);
    }

    private AbstractC0360jm a(int i) {
        this.o = new a();
        return C0596sf.a("ProofOfPossession", C0596sf.a("POPOPrivKey", C0596sf.a("EnvelopedData", ((POPEncryptedKey) this.n).getEncodedEnvelopedKey(), 0).d(C0596sf.c(4))).c(i));
    }

    private AbstractC0360jm b(int i) {
        this.o = new d(this, ((POPPrivateKeySpec) this.n).getKeyType());
        AbstractC0360jm a2 = C0060cd.a(((POPEncryptedKeyLegacy) this.n).getEncryptedKey());
        b(a2, ((POPEncryptedKeyLegacy) this.n).getKeyType());
        return C0596sf.a("ProofOfPossession", C0596sf.a("POPOPrivKey", new C0420ls(C0108dz.a, 0, C0596sf.c(a2)).d(C0596sf.c(0))).c(i));
    }

    private AbstractC0360jm c(int i) {
        int i2 = ((POPSubsequentMessage) this.n).getMessageType() == POPSubsequentMessage.MessageType.ENCRYPTED_CERT ? 0 : 1;
        this.o = new c();
        return C0596sf.a("ProofOfPossession", C0596sf.a("POPOPrivKey", new uK(oF.a, i2).d(C0596sf.c(1))).c(i));
    }

    private byte[] f() {
        byte[] bArr = new byte[20];
        if (this.f == null) {
            C0413ll.a().b(bArr);
        } else {
            this.f.nextBytes(bArr);
        }
        return bArr;
    }

    private AbstractC0360jm a(AbstractC0360jm abstractC0360jm, String str, byte[] bArr) {
        return C0596sf.a("POPOSigningKey", new Object[]{abstractC0360jm, new Object[]{sI.b(str).c(), new C0112ec()}, bArr}).d(C0596sf.c(1));
    }

    /*  JADX ERROR: NullPointerException in pass: RegionMakerVisitor
        java.lang.NullPointerException
        */
    private byte[] a(java.lang.String r6, char[] r7, byte[] r8, byte[] r9, int r10) throws com.rsa.jsafe.cert.CertRequestException {
        /*
            r5 = this;
            r0 = 0
            r11 = r0
            r0 = 0
            r12 = r0
            javax.crypto.spec.PBEParameterSpec r0 = new javax.crypto.spec.PBEParameterSpec     // Catch: java.security.NoSuchAlgorithmException -> L59 java.lang.Exception -> L67 java.lang.Throwable -> L75
            r1 = r0
            r2 = r9
            r3 = r10
            r1.<init>(r2, r3)     // Catch: java.security.NoSuchAlgorithmException -> L59 java.lang.Exception -> L67 java.lang.Throwable -> L75
            r13 = r0
            r0 = r6
            r1 = r5
            com.rsa.cryptoj.f.fx r1 = r1.e     // Catch: java.security.NoSuchAlgorithmException -> L59 java.lang.Exception -> L67 java.lang.Throwable -> L75
            com.rsa.cryptoj.f.bJ r0 = com.rsa.cryptoj.f.C0067ck.f(r0, r1)     // Catch: java.security.NoSuchAlgorithmException -> L59 java.lang.Exception -> L67 java.lang.Throwable -> L75
            r12 = r0
            javax.crypto.spec.PBEKeySpec r0 = new javax.crypto.spec.PBEKeySpec     // Catch: java.security.NoSuchAlgorithmException -> L59 java.lang.Exception -> L67 java.lang.Throwable -> L75
            r1 = r0
            r2 = r7
            r1.<init>(r2)     // Catch: java.security.NoSuchAlgorithmException -> L59 java.lang.Exception -> L67 java.lang.Throwable -> L75
            r14 = r0
            r0 = r6
            r1 = r5
            com.rsa.cryptoj.f.fx r1 = r1.e     // Catch: java.security.NoSuchAlgorithmException -> L59 java.lang.Exception -> L67 java.lang.Throwable -> L75
            com.rsa.cryptoj.f.eM r0 = com.rsa.cryptoj.f.C0067ck.i(r0, r1)     // Catch: java.security.NoSuchAlgorithmException -> L59 java.lang.Exception -> L67 java.lang.Throwable -> L75
            r15 = r0
            r0 = r15
            r1 = r14
            javax.crypto.SecretKey r0 = r0.engineGenerateSecret(r1)     // Catch: java.security.NoSuchAlgorithmException -> L59 java.lang.Exception -> L67 java.lang.Throwable -> L75
            r11 = r0
            r0 = r12
            r1 = r11
            r2 = r13
            r0.engineInit(r1, r2)     // Catch: java.security.NoSuchAlgorithmException -> L59 java.lang.Exception -> L67 java.lang.Throwable -> L75
            r0 = r12
            r1 = r8
            r2 = 0
            r3 = r8
            int r3 = r3.length     // Catch: java.security.NoSuchAlgorithmException -> L59 java.lang.Exception -> L67 java.lang.Throwable -> L75
            r0.engineUpdate(r1, r2, r3)     // Catch: java.security.NoSuchAlgorithmException -> L59 java.lang.Exception -> L67 java.lang.Throwable -> L75
            r0 = r12
            byte[] r0 = r0.engineDoFinal()     // Catch: java.security.NoSuchAlgorithmException -> L59 java.lang.Exception -> L67 java.lang.Throwable -> L75
            r16 = r0
            r0 = jsr -> L7d
        L56:
            r1 = r16
            return r1
        L59:
            r13 = move-exception
            com.rsa.jsafe.cert.CertRequestException r0 = new com.rsa.jsafe.cert.CertRequestException     // Catch: java.lang.Throwable -> L75
            r1 = r0
            java.lang.String r2 = "Invalid Mac Algorithm"
            r3 = r13
            r1.<init>(r2, r3)     // Catch: java.lang.Throwable -> L75
            throw r0     // Catch: java.lang.Throwable -> L75
        L67:
            r13 = move-exception
            com.rsa.jsafe.cert.CertRequestException r0 = new com.rsa.jsafe.cert.CertRequestException     // Catch: java.lang.Throwable -> L75
            r1 = r0
            java.lang.String r2 = "Error performing Mac: "
            r3 = r13
            r1.<init>(r2, r3)     // Catch: java.lang.Throwable -> L75
            throw r0     // Catch: java.lang.Throwable -> L75
        L75:
            r17 = move-exception
            r0 = jsr -> L7d
        L7a:
            r1 = r17
            throw r1
        L7d:
            r18 = r0
            r0 = r11
            com.rsa.jsafe.provider.SensitiveData.clear(r0)
            r0 = r12
            if (r0 == 0) goto L8e
            r0 = r12
            r0.b()
        L8e:
            ret r18
        */
        throw new UnsupportedOperationException("Method not decompiled: com.rsa.cryptoj.f.C0055bz.a(java.lang.String, char[], byte[], byte[], int):byte[]");
    }

    private byte[] a(String str, PrivateKey privateKey, byte[] bArr) throws CertRequestException {
        try {
            AbstractC0726y c2 = C0067ck.c(str, this.e);
            c2.initSign(privateKey, this.f);
            c2.update(bArr);
            return c2.sign();
        } catch (InvalidKeyException e2) {
            throw new CertRequestException(d, e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new CertRequestException(d, e3);
        } catch (SignatureException e4) {
            throw new CertRequestException(d, e4);
        }
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public byte[] getEncoded() {
        return wT.a(this.g);
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public AlgorithmParameterSpec getParameters() {
        return new CRMFParameterSpec(this.j, this.k, this.n, this.l, this.m);
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public X500Principal getSubject() {
        return this.k.getSubject();
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public PublicKey getSubjectPublicKey() {
        return this.k.getPublicKey();
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public String getType() {
        return "CRMF";
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public void validateRequest() throws NoSuchAlgorithmException, ValidationFailedException, InsufficientValidationInfoException, InvalidAlgorithmParameterException {
        this.o.a();
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public void validateRequest(ValidateParameters validateParameters) throws NoSuchAlgorithmException, ValidationFailedException, InsufficientValidationInfoException, InvalidAlgorithmParameterException {
        if (validateParameters == null) {
            throw new InvalidAlgorithmParameterException("Input parameters cannot be null");
        }
        this.o.a(validateParameters);
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("CRMFCertRequest:").append(AbstractC0239iw.a);
        stringBuffer.append("reqId: ").append(this.j).append(AbstractC0239iw.a);
        stringBuffer.append("certTemplate: ").append(this.k).append(AbstractC0239iw.a);
        if (this.m != null) {
            stringBuffer.append("controls: ").append(this.m).append(AbstractC0239iw.a);
        }
        if (this.n != null) {
            stringBuffer.append("pop: ").append(this.n).append(AbstractC0239iw.a);
        }
        if (this.l != null) {
            stringBuffer.append("regInfo: ").append(this.l).append(AbstractC0239iw.a);
        }
        return stringBuffer.toString();
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj instanceof C0055bz) {
            return Arrays.equals(this.g, ((C0055bz) obj).getEncoded());
        }
        return false;
    }

    @Override // com.rsa.jsafe.cert.CertRequest
    public int hashCode() {
        return C0531pv.a(7, this.g);
    }

    public boolean b() {
        return this.o instanceof e;
    }

    public boolean c() {
        return (this.n instanceof POPSubsequentMessage) && ((POPSubsequentMessage) this.n).getMessageType() == POPSubsequentMessage.MessageType.ENCRYPTED_CERT;
    }
}
