package org.jruby.ext.openssl.impl;

import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.DSAParameters;
import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.ContentVerifier;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
import org.bouncycastle.pkcs.PKCSException;
import org.jruby.ext.openssl.SecurityHelper;

/* loaded from: input_file:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/impl/PKCS10Request.class */
public class PKCS10Request {
    private X500Name subject;
    private SubjectPublicKeyInfo publicKeyInfo;
    private List<org.bouncycastle.asn1.pkcs.Attribute> attributes;
    private transient PKCS10CertificationRequest signedRequest;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/impl/PKCS10Request$PKCS10Signer.class */
    public static class PKCS10Signer implements ContentSigner {
        final AlgorithmIdentifier signatureAlg;
        final Signature signature;
        private final SignatureOutputStream out;

        PKCS10Signer(PrivateKey privateKey, AlgorithmIdentifier algorithmIdentifier) throws NoSuchAlgorithmException, InvalidKeyException {
            this.signatureAlg = algorithmIdentifier;
            this.signature = SecurityHelper.getSignature(algorithmIdentifier.getAlgorithm().getId());
            this.signature.initSign(privateKey);
            this.out = new SignatureOutputStream(this.signature);
        }

        @Override // org.bouncycastle.operator.ContentSigner
        public AlgorithmIdentifier getAlgorithmIdentifier() {
            return this.signatureAlg;
        }

        @Override // org.bouncycastle.operator.ContentSigner
        public OutputStream getOutputStream() {
            return this.out;
        }

        @Override // org.bouncycastle.operator.ContentSigner
        public byte[] getSignature() {
            try {
                return this.signature.sign();
            } catch (SignatureException e) {
                throw new RuntimeException("Could not read signature: " + e);
            }
        }
    }

    /* loaded from: input_file:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/impl/PKCS10Request$PKCS10Verifier.class */
    private static class PKCS10Verifier implements ContentVerifier {
        final AlgorithmIdentifier signatureAlg;
        final Signature signature;
        private final SignatureOutputStream out;

        public PKCS10Verifier(PublicKey publicKey, AlgorithmIdentifier algorithmIdentifier) throws NoSuchAlgorithmException, InvalidKeyException {
            this.signatureAlg = algorithmIdentifier;
            this.signature = SecurityHelper.getSignature(algorithmIdentifier.getAlgorithm().getId());
            this.signature.initVerify(publicKey);
            this.out = new SignatureOutputStream(this.signature);
        }

        @Override // org.bouncycastle.operator.ContentVerifier
        public AlgorithmIdentifier getAlgorithmIdentifier() {
            return this.signatureAlg;
        }

        @Override // org.bouncycastle.operator.ContentVerifier
        public OutputStream getOutputStream() {
            return this.out;
        }

        @Override // org.bouncycastle.operator.ContentVerifier
        public boolean verify(byte[] bArr) {
            try {
                return this.signature.verify(bArr);
            } catch (SignatureException e) {
                throw new RuntimeException("Could not verify signature: " + e);
            }
        }
    }

    /* loaded from: input_file:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/impl/PKCS10Request$PKCS10VerifierProvider.class */
    private static class PKCS10VerifierProvider implements ContentVerifierProvider {
        final PublicKey publicKey;

        PKCS10VerifierProvider(PublicKey publicKey) {
            this.publicKey = publicKey;
        }

        @Override // org.bouncycastle.operator.ContentVerifierProvider
        public ContentVerifier get(AlgorithmIdentifier algorithmIdentifier) {
            try {
                return new PKCS10Verifier(this.publicKey, algorithmIdentifier);
            } catch (Exception e) {
                throw new RuntimeException("Could not create content verifier: " + e);
            }
        }

        @Override // org.bouncycastle.operator.ContentVerifierProvider
        public boolean hasAssociatedCertificate() {
            return false;
        }

        @Override // org.bouncycastle.operator.ContentVerifierProvider
        public X509CertificateHolder getAssociatedCertificate() {
            return null;
        }
    }

    /* loaded from: input_file:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/impl/PKCS10Request$SignatureOutputStream.class */
    private static class SignatureOutputStream extends OutputStream {
        private final Signature signature;

        SignatureOutputStream(Signature signature) {
            this.signature = signature;
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) throws IOException {
            try {
                this.signature.update(bArr, i, i2);
            } catch (SignatureException e) {
                throw new IOException(e);
            }
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr) throws IOException {
            try {
                this.signature.update(bArr);
            } catch (SignatureException e) {
                throw new IOException(e);
            }
        }

        @Override // java.io.OutputStream
        public void write(int i) throws IOException {
            try {
                this.signature.update((byte) i);
            } catch (SignatureException e) {
                throw new IOException(e);
            }
        }
    }

    public PKCS10Request(X500Name x500Name, SubjectPublicKeyInfo subjectPublicKeyInfo, List<org.bouncycastle.asn1.pkcs.Attribute> list) {
        this.subject = x500Name;
        this.publicKeyInfo = subjectPublicKeyInfo;
        this.attributes = list;
    }

    public PKCS10Request(X500Name x500Name, PublicKey publicKey, List<org.bouncycastle.asn1.pkcs.Attribute> list) {
        this.subject = x500Name;
        this.publicKeyInfo = makePublicKeyInfo(publicKey);
        this.attributes = list;
    }

    public PKCS10Request(CertificationRequest certificationRequest) {
        this.subject = certificationRequest.getCertificationRequestInfo().getSubject();
        this.publicKeyInfo = certificationRequest.getCertificationRequestInfo().getSubjectPublicKeyInfo();
        setAttributes(certificationRequest.getCertificationRequestInfo().getAttributes());
        this.signedRequest = new PKCS10CertificationRequest(certificationRequest);
    }

    public PKCS10Request(byte[] bArr) {
        this(CertificationRequest.getInstance(bArr));
    }

    public PKCS10Request(ASN1Sequence aSN1Sequence) {
        this(CertificationRequest.getInstance(aSN1Sequence));
    }

    public PKCS10CertificationRequest sign(PrivateKey privateKey, AlgorithmIdentifier algorithmIdentifier) throws NoSuchAlgorithmException, InvalidKeyException {
        this.signedRequest = newBuilder().build(new PKCS10Signer(privateKey, algorithmIdentifier));
        return this.signedRequest;
    }

    public PKCS10CertificationRequest sign(PrivateKey privateKey, String str) throws NoSuchAlgorithmException, InvalidKeyException {
        return sign(privateKey, new DefaultSignatureAlgorithmIdentifierFinder().find(str + "WITH" + getPublicKeyAlgorithm()));
    }

    public boolean verify(PublicKey publicKey) throws InvalidKeyException {
        if (this.signedRequest == null) {
            throw new IllegalStateException("no signed request");
        }
        try {
            return this.signedRequest.isSignatureValid(new PKCS10VerifierProvider(publicKey));
        } catch (PKCSException e) {
            throw new InvalidKeyException(e);
        }
    }

    private PKCS10CertificationRequestBuilder newBuilder() {
        PKCS10CertificationRequestBuilder pKCS10CertificationRequestBuilder = new PKCS10CertificationRequestBuilder(this.subject, this.publicKeyInfo);
        if (this.attributes != null) {
            for (org.bouncycastle.asn1.pkcs.Attribute attribute : this.attributes) {
                pKCS10CertificationRequestBuilder.addAttribute(attribute.getAttrType(), attribute.getAttributeValues());
            }
        }
        return pKCS10CertificationRequestBuilder;
    }

    private static SubjectPublicKeyInfo makePublicKeyInfo(PublicKey publicKey) {
        if (publicKey == null) {
            return null;
        }
        return SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
    }

    public ASN1Sequence toASN1Structure() {
        return this.signedRequest == null ? new DLSequence() : ASN1Sequence.getInstance(this.signedRequest.toASN1Structure());
    }

    public void setSubject(X500Name x500Name) {
        this.subject = x500Name;
    }

    public X500Name getSubject() {
        return this.subject;
    }

    public void setPublicKey(PublicKey publicKey) {
        this.publicKeyInfo = makePublicKeyInfo(publicKey);
    }

    private String getPublicKeyAlgorithm() {
        if (this.publicKeyInfo == null) {
            throw new IllegalStateException("no public key info");
        }
        return ASN1Registry.oid2sym(this.publicKeyInfo.getAlgorithm().getAlgorithm());
    }

    public PublicKey generatePublicKey() throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
        AsymmetricKeyParameter createKey = PublicKeyFactory.createKey(this.publicKeyInfo);
        if (createKey instanceof RSAKeyParameters) {
            RSAKeyParameters rSAKeyParameters = (RSAKeyParameters) createKey;
            return SecurityHelper.getKeyFactory("RSA").generatePublic(new RSAPublicKeySpec(rSAKeyParameters.getModulus(), rSAKeyParameters.getExponent()));
        }
        if (createKey instanceof DSAPublicKeyParameters) {
            DSAPublicKeyParameters dSAPublicKeyParameters = (DSAPublicKeyParameters) createKey;
            DSAParameters parameters = dSAPublicKeyParameters.getParameters();
            return SecurityHelper.getKeyFactory(ASN1Registry.SN_dsa).generatePublic(new DSAPublicKeySpec(dSAPublicKeyParameters.getY(), parameters.getP(), parameters.getQ(), parameters.getG()));
        }
        if (!(createKey instanceof ECPublicKeyParameters)) {
            throw new IllegalStateException("could not generate public key for request, params type: " + createKey);
        }
        ECPublicKeyParameters eCPublicKeyParameters = (ECPublicKeyParameters) createKey;
        ECDomainParameters parameters2 = eCPublicKeyParameters.getParameters();
        return SecurityHelper.getKeyFactory("EC").generatePublic(new ECPublicKeySpec(eCPublicKeyParameters.getQ(), new ECParameterSpec(parameters2.getCurve(), parameters2.getG(), parameters2.getN(), parameters2.getH(), parameters2.getSeed())));
    }

    public org.bouncycastle.asn1.pkcs.Attribute[] getAttributes() {
        return this.signedRequest != null ? this.signedRequest.getAttributes() : (org.bouncycastle.asn1.pkcs.Attribute[]) this.attributes.toArray(new org.bouncycastle.asn1.pkcs.Attribute[this.attributes.size()]);
    }

    public void setAttributes(List<org.bouncycastle.asn1.pkcs.Attribute> list) {
        this.attributes = list;
    }

    private void setAttributes(ASN1Set aSN1Set) {
        this.attributes = new ArrayList();
        Enumeration objects = aSN1Set.getObjects();
        while (objects.hasMoreElements()) {
            addAttribute(org.bouncycastle.asn1.pkcs.Attribute.getInstance(objects.nextElement()));
        }
    }

    public void addAttribute(org.bouncycastle.asn1.pkcs.Attribute attribute) {
        this.attributes.add(attribute);
    }

    public BigInteger getVersion() {
        if (this.signedRequest == null) {
            return null;
        }
        return this.signedRequest.toASN1Structure().getCertificationRequestInfo().getVersion().getValue();
    }
}
