package cn.eseals.certificate;

import cn.eseals.bbf.data.Base64;
import cn.eseals.certificate.extensions.ExtendedKeyUsage;
import cn.eseals.certificate.extensions.KeyUsage;
import cn.eseals.crypto.ICertificateStore;
import cn.eseals.crypto.ICryptoProvider;
import cn.eseals.crypto.IPrivateKey;
import cn.eseals.crypto.ISignature;
import cn.eseals.data.DerInputStream;
import cn.eseals.data.DerOutputStream;
import cn.eseals.data.DerValue;
import cn.eseals.data.ObjectIdentifier;
import cn.eseals.data.ex.DerEncoding;
import cn.eseals.security.spec.CommonAlgorithmId;
import java.io.PrintStream;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Arrays;

/* loaded from: input_file:cn/eseals/certificate/CertReqPKCS10.class */
public class CertReqPKCS10 {
    private IPrivateKey key;
    private X509Principal subject;
    private CommonPublicKey publicKey;
    private PKCS10Attributes attributeSet;
    private byte[] encoded;

    public static CertReqPKCS10 createRequest(ICertificateStore iCertificateStore, String str, String str2, int i) throws Exception {
        String str3;
        if (str.equals(CommonAlgorithmId.ALGORITHM_SM2)) {
            str3 = "SM3withSM2";
        } else {
            if (!str.equals("RSA")) {
                throw new Exception("不支持的算法：" + str);
            }
            str3 = CommonAlgorithmId.ALGORITHM_SHA1WITHRSA;
        }
        CertReqPKCS10 certReqPKCS10 = new CertReqPKCS10();
        certReqPKCS10.key = iCertificateStore.newKey(str);
        certReqPKCS10.publicKey = new CommonPublicKey(new DerValue(certReqPKCS10.key.getPublicKey()));
        certReqPKCS10.subject = new X509Principal(str2);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new KeyUsage((byte) i));
        arrayList.add(new ExtendedKeyUsage(ExtendedKeyUsage.EXT_USAGE_CLIENT_AUTH, ExtendedKeyUsage.EXT_USAGE_EMAIL_PROTECTION));
        byte[] encode = DerEncoding.encode(new CertificateExtensions(arrayList));
        encode[0] = 49;
        certReqPKCS10.attributeSet = new PKCS10Attributes(new PKCS10Attribute[]{new PKCS10Attribute(ObjectIdentifier.getIndentifier("CertificateExtensions"), encode)});
        ISignature createSigner = iCertificateStore.getProvider().createSigner(str3);
        createSigner.initSign(certReqPKCS10.key);
        certReqPKCS10.encodeAndSign(new X509Principal(str2), createSigner);
        return certReqPKCS10;
    }

    public CommonCertificate acceptResponse(ICertificateStore iCertificateStore, byte[] bArr) throws Exception {
        if (this.key == null) {
            throw new Exception("No a created request.");
        }
        CommonCertificate commonCertificate = new CommonCertificate(bArr);
        if (!Arrays.equals(this.key.getPublicKey(), commonCertificate.getPublicKey().getEncoded())) {
            throw new Exception("Private key does not fit public key.");
        }
        iCertificateStore.setCertificate(this.key, bArr);
        return commonCertificate;
    }

    private CertReqPKCS10() {
    }

    public CertReqPKCS10(byte[] bArr) throws Exception {
        this.encoded = bArr;
        DerValue[] sequence = new DerInputStream(bArr).getSequence(3);
        if (sequence.length != 3) {
            throw new IllegalArgumentException("not a PKCS #10 request");
        }
        byte[] byteArray = sequence[0].toByteArray();
        CommonAlgorithmId commonAlgorithmId = new CommonAlgorithmId(sequence[1]);
        byte[] bitString = sequence[2].getBitString();
        if (!sequence[0].data.getBigInteger().equals(BigInteger.ZERO)) {
            throw new IllegalArgumentException("not PKCS #10 v1");
        }
        this.subject = new X509Principal(sequence[0].data.getDerValue().toByteArray());
        this.publicKey = new CommonPublicKey(sequence[0].data.getDerValue());
        if (sequence[0].data.available() != 0) {
            this.attributeSet = new PKCS10Attributes(sequence[0].data);
        } else {
            this.attributeSet = new PKCS10Attributes();
        }
        if (sequence[0].data.available() != 0) {
            throw new IllegalArgumentException("illegal PKCS #10 data");
        }
        ISignature createSigner = ICryptoProvider.getInstance("default").createSigner(commonAlgorithmId.getAlgorithm());
        createSigner.initVerify(this.publicKey.getEncoded());
        createSigner.update(byteArray);
        createSigner.verify(bitString);
    }

    public void encodeAndSign(X509Principal x509Principal, ISignature iSignature) throws Exception {
        if (this.encoded != null) {
            throw new Exception("request is already signed");
        }
        this.subject = x509Principal;
        DerOutputStream derOutputStream = new DerOutputStream();
        derOutputStream.putInteger(BigInteger.ZERO);
        derOutputStream.write(this.subject.getEncoded());
        derOutputStream.write(this.publicKey.getEncoded());
        this.attributeSet.encode(derOutputStream);
        DerOutputStream derOutputStream2 = new DerOutputStream();
        derOutputStream2.write((byte) 48, derOutputStream);
        iSignature.update(derOutputStream2.toByteArray());
        byte[] sign = iSignature.sign();
        new CommonAlgorithmId(iSignature.getAlgorithm()).encode(derOutputStream2);
        derOutputStream2.putBitString(sign);
        DerOutputStream derOutputStream3 = new DerOutputStream();
        derOutputStream3.write((byte) 48, derOutputStream2);
        this.encoded = derOutputStream3.toByteArray();
    }

    public X509Principal getSubjectName() {
        return this.subject;
    }

    public CommonPublicKey getPublicKey() {
        return this.publicKey;
    }

    public PKCS10Attributes getAttributes() {
        return this.attributeSet;
    }

    public byte[] getEncoded() {
        if (this.encoded != null) {
            return (byte[]) this.encoded.clone();
        }
        return null;
    }

    public void print(PrintStream printStream) throws Exception {
        if (this.encoded == null) {
            throw new Exception("Cert request was not signed");
        }
        printStream.println("-----BEGIN NEW CERTIFICATE REQUEST-----");
        printStream.println(Base64.encode(this.encoded));
        printStream.println("-----END NEW CERTIFICATE REQUEST-----");
    }

    public String toString() {
        return "[PKCS #10 certificate request:\n" + this.publicKey.toString() + " subject: <" + this.subject + ">\n attributes: " + this.attributeSet.toString() + "\n]";
    }

    public boolean equals(Object obj) {
        byte[] encoded;
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof CertReqPKCS10) || this.encoded == null || (encoded = ((CertReqPKCS10) obj).getEncoded()) == null) {
            return false;
        }
        return Arrays.equals(this.encoded, encoded);
    }

    public int hashCode() {
        int i = 0;
        if (this.encoded != null) {
            for (int i2 = 1; i2 < this.encoded.length; i2++) {
                i += this.encoded[i2] * i2;
            }
        }
        return i;
    }
}
