package org.jruby.ext.openssl.impl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.jruby.ext.openssl.SecurityHelper;

/* loaded from: input_file:lib/jruby-complete-1.7.20.1.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/impl/NetscapeCertRequest.class */
public class NetscapeCertRequest {
    private AlgorithmIdentifier sigAlg;
    private AlgorithmIdentifier keyAlg;
    private byte[] signatureBits;
    private final String challenge;
    private final DERBitString content;
    private PublicKey publicKey;

    public NetscapeCertRequest(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException, IllegalArgumentException {
        try {
            ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject());
            if (aSN1Sequence.size() != 3) {
                throw new IllegalArgumentException("invalid SPKAC (size):" + aSN1Sequence.size());
            }
            this.sigAlg = AlgorithmIdentifier.getInstance((ASN1Sequence) aSN1Sequence.getObjectAt(1));
            this.signatureBits = ((DERBitString) aSN1Sequence.getObjectAt(2)).getBytes();
            ASN1Sequence aSN1Sequence2 = (ASN1Sequence) aSN1Sequence.getObjectAt(0);
            if (aSN1Sequence2.size() != 2) {
                throw new IllegalArgumentException("invalid PKAC (len): " + aSN1Sequence2.size());
            }
            this.challenge = ((DERIA5String) aSN1Sequence2.getObjectAt(1)).getString();
            try {
                this.content = new DERBitString(aSN1Sequence2);
                SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo((ASN1Sequence) aSN1Sequence2.getObjectAt(0));
                X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(new DERBitString(subjectPublicKeyInfo).getBytes());
                this.keyAlg = subjectPublicKeyInfo.getAlgorithm();
                this.publicKey = SecurityHelper.getKeyFactory(this.keyAlg.getAlgorithm().getId()).generatePublic(x509EncodedKeySpec);
            } catch (Exception e) {
                if (!(e instanceof RuntimeException)) {
                    throw new IllegalArgumentException(e);
                }
                throw ((RuntimeException) e);
            }
        } catch (IOException e2) {
            throw new IllegalArgumentException(e2);
        }
    }

    public NetscapeCertRequest(String str, AlgorithmIdentifier algorithmIdentifier, PublicKey publicKey) throws InvalidKeySpecException {
        this.challenge = str;
        this.sigAlg = algorithmIdentifier;
        this.publicKey = publicKey;
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        try {
            aSN1EncodableVector.add(getKeySpec());
            aSN1EncodableVector.add(new DERIA5String(str));
            try {
                this.content = new DERBitString(new DERSequence(aSN1EncodableVector));
            } catch (Exception e) {
                if (!(e instanceof RuntimeException)) {
                    throw new InvalidKeySpecException("exception encoding key: " + e.toString());
                }
                throw ((RuntimeException) e);
            }
        } catch (IOException e2) {
            throw new InvalidKeySpecException(e2);
        }
    }

    public String getChallenge() {
        return this.challenge;
    }

    public AlgorithmIdentifier getSigningAlgorithm() {
        return this.sigAlg;
    }

    public AlgorithmIdentifier getKeyAlgorithm() {
        return this.keyAlg;
    }

    public void setKeyAlgorithm(AlgorithmIdentifier algorithmIdentifier) {
        this.keyAlg = algorithmIdentifier;
    }

    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    public void setPublicKey(PublicKey publicKey) {
        this.publicKey = publicKey;
    }

    public boolean verify(String str) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        if (!str.equals(this.challenge)) {
            return false;
        }
        Signature signature = getSignature();
        signature.initVerify(this.publicKey);
        signature.update(this.content.getBytes());
        return signature.verify(this.signatureBits);
    }

    public void sign(PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, InvalidKeySpecException {
        sign(privateKey, null);
    }

    public void sign(PrivateKey privateKey, SecureRandom secureRandom) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, InvalidKeySpecException {
        Signature signature = getSignature();
        if (secureRandom != null) {
            signature.initSign(privateKey, secureRandom);
        } else {
            signature.initSign(privateKey);
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        try {
            aSN1EncodableVector.add(getKeySpec());
            aSN1EncodableVector.add(new DERIA5String(this.challenge));
            try {
                signature.update(new DERSequence(aSN1EncodableVector).getEncoded(ASN1Encoding.DER));
                this.signatureBits = signature.sign();
            } catch (IOException e) {
                throw new SignatureException(e);
            }
        } catch (IOException e2) {
            throw new InvalidKeySpecException(e2);
        }
    }

    private Signature getSignature() throws NoSuchAlgorithmException {
        return SecurityHelper.getSignature(this.sigAlg.getAlgorithm().getId());
    }

    private ASN1Primitive getKeySpec() throws IOException {
        return new ASN1InputStream(new ByteArrayInputStream(this.publicKey.getEncoded())).readObject();
    }

    public ASN1Primitive toASN1Primitive() throws IOException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        try {
            aSN1EncodableVector2.add(getKeySpec());
        } catch (IOException e) {
        }
        aSN1EncodableVector2.add(new DERIA5String(this.challenge));
        aSN1EncodableVector.add(new DERSequence(aSN1EncodableVector2));
        aSN1EncodableVector.add(this.sigAlg);
        aSN1EncodableVector.add(new DERBitString(this.signatureBits));
        return new DERSequence(aSN1EncodableVector);
    }
}
