package com.unbound.common.crypto;

import com.unbound.common.crypto.DER;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:com/unbound/common/crypto/PKCS10.class */
public class PKCS10 {
    private PublicKey publicKey;
    private String[] dns;
    private InetAddress[] ip;
    private String challengePassword;
    private byte[] signature;
    private String signHashOid;
    private Map<String, String> subject = new HashMap();

    public PKCS10(PublicKey publicKey) {
        this.publicKey = publicKey;
    }

    public PKCS10(byte[] bArr) throws InvalidKeySpecException, UnknownHostException {
        DER.Parser parser = new DER.Parser(bArr);
        parser.beginSequence();
        parser.beginSequence();
        parser.getBigInteger();
        parser.beginSequence();
        do {
            parser.beginSet();
            parser.beginSequence();
            String oid = parser.getOid();
            this.subject.put(X509.getRdnFromOid(oid), parser.getString());
            parser.end();
            parser.end();
        } while (!parser.endOfBlock());
        parser.end();
        byte[] fullTag = parser.getFullTag();
        if (parser.isTag((byte) -96)) {
            parser.begin((byte) -96);
            parser.beginSequence();
            parser.checkOid("1.2.840.113549.1.9.14");
            parser.beginSet();
            parser.beginSequence();
            parser.beginSequence();
            parser.checkOid("2.5.29.17");
            parser.beginOctetString();
            parser.beginSequence();
            ArrayList arrayList = new ArrayList();
            while (parser.isTag((byte) -126)) {
                arrayList.add(parser.getString((byte) -126));
            }
            if (!arrayList.isEmpty()) {
                this.dns = new String[arrayList.size()];
                arrayList.toArray(this.dns);
            }
            ArrayList arrayList2 = new ArrayList();
            while (parser.isTag((byte) -121)) {
                arrayList2.add(InetAddress.getByAddress(parser.getTagBytes((byte) -121)));
            }
            if (!arrayList2.isEmpty()) {
                this.ip = new InetAddress[arrayList2.size()];
                arrayList2.toArray(this.ip);
            }
            parser.end();
            parser.end();
            parser.end();
            parser.end();
            parser.end();
            parser.end();
            if (parser.isTag((byte) 48)) {
                parser.beginSequence();
                parser.checkOid("1.2.840.113549.1.9.7");
                parser.beginSet();
                this.challengePassword = parser.getString();
                parser.end();
                parser.end();
            }
            parser.end();
        }
        parser.end();
        parser.beginSequence();
        this.signHashOid = parser.getOid();
        parser.skipNull();
        parser.end();
        this.signature = parser.getBitString();
        parser.end();
        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(fullTag);
        try {
            this.publicKey = SystemProvider.KeyFactory.getInstance("RSA").generatePublic(x509EncodedKeySpec);
        } catch (InvalidKeySpecException e) {
            this.publicKey = SystemProvider.KeyFactory.getInstance("ECDSA").generatePublic(x509EncodedKeySpec);
        }
    }

    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    public X500Principal getSubject() {
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, String> entry : this.subject.entrySet()) {
            if (sb.length() > 0) {
                sb.append(", ");
            }
            sb.append(entry.getKey());
            sb.append("=");
            sb.append(entry.getValue());
        }
        return new X500Principal(sb.toString());
    }

    public void verifySignature() throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        String str;
        String str2;
        String str3;
        if (this.publicKey.getAlgorithm().equalsIgnoreCase("RSA")) {
            if (this.signHashOid.equalsIgnoreCase(X509.OID_RSA_WITH_SHA256)) {
                str3 = "SHA256";
            } else {
                if (!this.signHashOid.equalsIgnoreCase(X509.OID_RSA_WITH_SHA1)) {
                    throw new IllegalArgumentException("Unsupported hash type");
                }
                str3 = "SHA1";
            }
            str2 = str3 + "withRSA";
        } else {
            if (this.signHashOid.equalsIgnoreCase(X509.OID_ECDSA_WITH_SHA256)) {
                str = "SHA256";
            } else {
                if (!this.signHashOid.equalsIgnoreCase(X509.OID_ECDSA_WITH_SHA1)) {
                    throw new IllegalArgumentException("Unsupported hash type");
                }
                str = "SHA1";
            }
            str2 = str + "withECDSA";
        }
        Signature signature = Signature.getInstance(str2);
        signature.initVerify(this.publicKey);
        signature.update(toBeSigned());
        if (!signature.verify(this.signature)) {
            throw new SignatureException("Verification failed");
        }
    }

    public void setAlternativeSubjectName(String[] strArr, InetAddress[] inetAddressArr) {
        this.dns = strArr;
        this.ip = inetAddressArr;
    }

    public void setSubjectName(String str, String str2) {
        this.subject.put(str, str2);
    }

    public void setChallengePassword(String str) {
        this.challengePassword = str;
    }

    public void sign(PrivateKey privateKey, String str) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        String str2;
        if (privateKey.getAlgorithm().equalsIgnoreCase("RSA")) {
            if (str.equals("SHA256")) {
                this.signHashOid = X509.OID_RSA_WITH_SHA256;
            } else {
                if (!str.equals("SHA1")) {
                    throw new IllegalArgumentException("Unsupported hash type");
                }
                this.signHashOid = X509.OID_RSA_WITH_SHA1;
            }
            str2 = str + "withRSA";
        } else {
            if (str.equals("SHA256")) {
                this.signHashOid = X509.OID_ECDSA_WITH_SHA256;
            } else {
                if (!str.equals("SHA1")) {
                    throw new IllegalArgumentException("Unsupported hash type");
                }
                this.signHashOid = X509.OID_ECDSA_WITH_SHA1;
            }
            str2 = str + "withECDSA";
        }
        Signature signature = Signature.getInstance(str2);
        signature.initSign(privateKey);
        signature.update(toBeSigned());
        this.signature = signature.sign();
    }

    private DER.Builder encodeCertificationRequestInfo(DER.Builder builder) {
        builder.beginSequence().addInteger(0L);
        X509.encode(builder, this.subject).add(this.publicKey.getEncoded());
        if (this.challengePassword != null || this.dns != null || this.ip != null) {
            builder.begin((byte) -96);
            if (this.dns != null || this.ip != null) {
                builder.beginSequence().addOid("1.2.840.113549.1.9.14").beginSet().beginSequence().beginSequence().addOid("2.5.29.17").beginOctetString().beginSequence();
                if (this.dns != null) {
                    for (String str : this.dns) {
                        builder.add((byte) -126, str);
                    }
                }
                if (this.ip != null) {
                    for (InetAddress inetAddress : this.ip) {
                        builder.add((byte) -121, inetAddress.getAddress());
                    }
                }
                builder.end().end().end().end().end().end();
            }
            if (this.challengePassword != null) {
                builder.beginSequence().addOid("1.2.840.113549.1.9.7").beginSet().add((byte) 19, this.challengePassword).end().end();
            }
            builder.end();
        }
        return builder.end();
    }

    private byte[] toBeSigned() {
        return encodeCertificationRequestInfo(new DER.Builder()).toByteArray();
    }

    public byte[] exportDer() {
        DER.Builder builder = new DER.Builder();
        builder.beginSequence();
        encodeCertificationRequestInfo(builder).beginSequence().addOid(this.signHashOid).addNull().end().addBitString(this.signature).end();
        return builder.toByteArray();
    }
}
