package com.rsa.certj.cert;

import com.bea.security.saml2.util.SAML2Constants;
import com.rsa.asn1.OIDList;
import com.rsa.certj.CertJ;
import com.rsa.certj.x.d;
import com.rsa.jsafe.JSAFE_Exception;
import com.rsa.jsafe.JSAFE_Parameters;
import com.rsa.jsafe.JSAFE_PrivateKey;
import com.rsa.jsafe.JSAFE_PublicKey;
import com.rsa.jsafe.JSAFE_Session;
import com.rsa.jsafe.JSAFE_Signature;
import java.io.Serializable;
import java.security.SecureRandom;

/* loaded from: input_file:com/rsa/certj/cert/CertRequest.class */
public abstract class CertRequest implements Serializable, Cloneable {
    private static final String DEFAULT_DEVICE = "Java";
    public static final int RSA_WITH_SHA1_PKCS = 0;
    public static final int RSA_WITH_SHA1_ISO_OIW = 1;
    public static final int DSA_WITH_SHA1_X930 = 2;
    public static final int DSA_WITH_SHA1_X957 = 3;
    protected byte[] subjectPublicKeyInfo;
    protected byte[] signatureAlgorithmBER;
    protected int signatureAlgorithmFormat = -1;
    protected byte[] signature;
    protected boolean signedByUs;
    private CertJ theCertJ;

    public final void setCertJ(CertJ certJ) {
        this.theCertJ = certJ;
    }

    public final CertJ getCertJ() {
        return this.theCertJ;
    }

    public String getSignatureAlgorithm() throws CertificateException {
        if (this.signatureAlgorithmBER == null) {
            throw new CertificateException("Object not set with signature algorithm.");
        }
        return OIDList.getTrans(this.signatureAlgorithmBER, 0, this.signatureAlgorithmBER.length, 1);
    }

    public byte[] getSignatureAlgorithmDER() throws CertificateException {
        if (this.signatureAlgorithmBER == null) {
            throw new CertificateException("Object not set with signature algorithm.");
        }
        return (byte[]) this.signatureAlgorithmBER.clone();
    }

    public abstract byte[] getSignature() throws CertificateException;

    public String getDevice() throws CertificateException {
        return DEFAULT_DEVICE;
    }

    public String[] getDeviceList() throws CertificateException {
        return new String[]{DEFAULT_DEVICE};
    }

    public void setSignatureStandard(int i) {
        this.signatureAlgorithmFormat = i;
    }

    public int getSignatureStandard() {
        return this.signatureAlgorithmFormat;
    }

    public String getSignatureFormat() {
        switch (this.signatureAlgorithmFormat) {
            case 0:
                return "RSAWithSHA1PKCS";
            case 1:
                return "RSAWithSHA1ISO_OIW";
            case 2:
                return "DSAWithSHA1X930";
            case 3:
                return "DSAWithSHA1X957";
            default:
                return null;
        }
    }

    public void setSubjectPublicKey(JSAFE_PublicKey jSAFE_PublicKey) throws CertificateException {
        clearSignature();
        if (jSAFE_PublicKey == null) {
            throw new CertificateException("Public key is null.");
        }
        try {
            this.subjectPublicKeyInfo = jSAFE_PublicKey.getKeyData((this.signatureAlgorithmFormat == 3 && jSAFE_PublicKey.getAlgorithm().compareTo(SAML2Constants.DSA_KEY_TYPE) == 0) ? "DSAPublicKeyX957BER" : jSAFE_PublicKey.getAlgorithm() + "PublicKeyBER")[0];
        } catch (JSAFE_Exception e) {
            throw new CertificateException("Could not read the public key.");
        }
    }

    public JSAFE_PublicKey getSubjectPublicKey(String str) throws CertificateException {
        if (this.subjectPublicKeyInfo == null) {
            throw new CertificateException("Object not set with public key.");
        }
        if (str == null) {
            throw new CertificateException("Device is null.");
        }
        try {
            return d.a(this.subjectPublicKeyInfo, 0, str, this.theCertJ);
        } catch (JSAFE_Exception e) {
            throw new CertificateException("Cannot retrieve the public key: ", e);
        }
    }

    public void setSubjectPublicKey(byte[] bArr, int i) throws CertificateException {
        clearSignature();
        if (bArr == null) {
            throw new CertificateException("Public key encoding is null.");
        }
        JSAFE_PublicKey jSAFE_PublicKey = null;
        try {
            try {
                jSAFE_PublicKey = d.a(bArr, i, DEFAULT_DEVICE, this.theCertJ);
                setSubjectPublicKey(jSAFE_PublicKey);
                if (jSAFE_PublicKey != null) {
                    jSAFE_PublicKey.clearSensitiveData();
                }
            } catch (JSAFE_Exception e) {
                throw new CertificateException("Could not read the public key.");
            }
        } catch (Throwable th) {
            if (jSAFE_PublicKey != null) {
                jSAFE_PublicKey.clearSensitiveData();
            }
            throw th;
        }
    }

    public abstract void signCertRequest(String str, String str2, JSAFE_PrivateKey jSAFE_PrivateKey, SecureRandom secureRandom) throws CertificateException;

    public abstract boolean verifyCertRequestSignature(String str, SecureRandom secureRandom) throws CertificateException;

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] performSignature(String str, String str2, JSAFE_PrivateKey jSAFE_PrivateKey, SecureRandom secureRandom, byte[] bArr, int i, int i2) throws CertificateException {
        if (str == null || str2 == null || jSAFE_PrivateKey == null || secureRandom == null || bArr == null) {
            throw new CertificateException("Specified values are null.");
        }
        JSAFE_Signature jSAFE_Signature = null;
        try {
            try {
                this.signedByUs = true;
                jSAFE_Signature = d.b(str, str2, this.theCertJ);
                if (this.theCertJ == null) {
                    jSAFE_Signature.signInit(jSAFE_PrivateKey, (JSAFE_Parameters) null, secureRandom, (JSAFE_Session[]) null);
                } else {
                    jSAFE_Signature.signInit(jSAFE_PrivateKey, (JSAFE_Parameters) null, secureRandom, this.theCertJ.getPKCS11Sessions());
                }
                this.signatureAlgorithmBER = jSAFE_Signature.getDERAlgorithmID(getSignatureFormat(), false);
                jSAFE_Signature.signUpdate(bArr, i, i2);
                byte[] signFinal = jSAFE_Signature.signFinal();
                if (jSAFE_Signature != null) {
                    jSAFE_Signature.clearSensitiveData();
                }
                return signFinal;
            } catch (JSAFE_Exception e) {
                this.signedByUs = false;
                throw new CertificateException("Could not sign the request: ", e);
            }
        } catch (Throwable th) {
            if (jSAFE_Signature != null) {
                jSAFE_Signature.clearSensitiveData();
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean performSignatureVerification(String str, SecureRandom secureRandom, byte[] bArr, int i, int i2, byte[] bArr2, int i3, int i4) throws CertificateException {
        if (str == null || secureRandom == null || bArr == null || bArr2 == null) {
            throw new CertificateException("Specified values are null.");
        }
        JSAFE_PublicKey jSAFE_PublicKey = null;
        JSAFE_Signature jSAFE_Signature = null;
        try {
            try {
                jSAFE_PublicKey = d.a(this.subjectPublicKeyInfo, 0, str, this.theCertJ);
                jSAFE_Signature = d.b(this.signatureAlgorithmBER, 0, str, this.theCertJ);
                if (this.theCertJ == null) {
                    jSAFE_Signature.verifyInit(jSAFE_PublicKey, (JSAFE_Parameters) null, secureRandom, (JSAFE_Session[]) null);
                } else {
                    jSAFE_Signature.verifyInit(jSAFE_PublicKey, (JSAFE_Parameters) null, secureRandom, this.theCertJ.getPKCS11Sessions());
                }
                jSAFE_Signature.verifyUpdate(bArr, i, i2);
                boolean verifyFinal = jSAFE_Signature.verifyFinal(bArr2, i3, i4);
                if (jSAFE_PublicKey != null) {
                    jSAFE_PublicKey.clearSensitiveData();
                }
                if (jSAFE_Signature != null) {
                    jSAFE_Signature.clearSensitiveData();
                }
                return verifyFinal;
            } catch (JSAFE_Exception e) {
                throw new CertificateException("Could not verify the request: ", e);
            }
        } catch (Throwable th) {
            if (jSAFE_PublicKey != null) {
                jSAFE_PublicKey.clearSensitiveData();
            }
            if (jSAFE_Signature != null) {
                jSAFE_Signature.clearSensitiveData();
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void clearSignature() {
        this.signature = null;
        this.signatureAlgorithmBER = null;
        this.signedByUs = false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void clearComponents() {
        clearSignature();
        this.subjectPublicKeyInfo = null;
    }
}
