package org.jruby.ext.openssl.impl;

import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.DSAParameters;
import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.ContentVerifier;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
import org.jruby.ext.openssl.SecurityHelper;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-169.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.18.redhat-001.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/impl/PKCS10Request.class */
public class PKCS10Request {
    private X500Name subject;
    private SubjectPublicKeyInfo publicKeyInfo;
    private PKCS10CertificationRequestBuilder builder;
    private PKCS10CertificationRequest signedRequest;
    private boolean valid;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-169.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.18.redhat-001.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/impl/PKCS10Request$PKCS10Signer.class */
    public class PKCS10Signer implements ContentSigner {
        AlgorithmIdentifier sigAlg;
        Signature sig;
        SignatureOutputStream sigOut;

        public PKCS10Signer(PrivateKey privateKey, AlgorithmIdentifier algorithmIdentifier) throws NoSuchAlgorithmException, InvalidKeyException {
            this.sigAlg = algorithmIdentifier;
            this.sig = SecurityHelper.getSignature(algorithmIdentifier.getAlgorithm().getId());
            this.sig.initSign(privateKey);
            this.sigOut = new SignatureOutputStream(this.sig);
        }

        @Override // org.bouncycastle.operator.ContentSigner
        public AlgorithmIdentifier getAlgorithmIdentifier() {
            return this.sigAlg;
        }

        @Override // org.bouncycastle.operator.ContentSigner
        public OutputStream getOutputStream() {
            return this.sigOut;
        }

        @Override // org.bouncycastle.operator.ContentSigner
        public byte[] getSignature() {
            try {
                return this.sig.sign();
            } catch (SignatureException e) {
                throw new RuntimeException("Could not read signature: " + e);
            }
        }
    }

    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-169.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.18.redhat-001.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/impl/PKCS10Request$PKCS10Verifier.class */
    private class PKCS10Verifier implements ContentVerifier {
        AlgorithmIdentifier sigAlg;
        Signature sig;
        SignatureOutputStream sigOut;

        public PKCS10Verifier(PublicKey publicKey, AlgorithmIdentifier algorithmIdentifier) throws NoSuchAlgorithmException, InvalidKeyException {
            this.sigAlg = algorithmIdentifier;
            this.sig = SecurityHelper.getSignature(algorithmIdentifier.getAlgorithm().getId());
            this.sig.initVerify(publicKey);
            this.sigOut = new SignatureOutputStream(this.sig);
        }

        @Override // org.bouncycastle.operator.ContentVerifier
        public AlgorithmIdentifier getAlgorithmIdentifier() {
            return this.sigAlg;
        }

        @Override // org.bouncycastle.operator.ContentVerifier
        public OutputStream getOutputStream() {
            return this.sigOut;
        }

        @Override // org.bouncycastle.operator.ContentVerifier
        public boolean verify(byte[] bArr) {
            try {
                return this.sig.verify(bArr);
            } catch (SignatureException e) {
                throw new RuntimeException("Could not verify signature: " + e);
            }
        }
    }

    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-169.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.18.redhat-001.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/impl/PKCS10Request$PKCS10VerifierProvider.class */
    private class PKCS10VerifierProvider implements ContentVerifierProvider {
        PublicKey publicKey;

        public PKCS10VerifierProvider(PublicKey publicKey) {
            this.publicKey = publicKey;
        }

        @Override // org.bouncycastle.operator.ContentVerifierProvider
        public ContentVerifier get(AlgorithmIdentifier algorithmIdentifier) {
            try {
                return new PKCS10Verifier(this.publicKey, algorithmIdentifier);
            } catch (Exception e) {
                throw new RuntimeException("Could not create content verifier: " + e);
            }
        }

        @Override // org.bouncycastle.operator.ContentVerifierProvider
        public boolean hasAssociatedCertificate() {
            return false;
        }

        @Override // org.bouncycastle.operator.ContentVerifierProvider
        public X509CertificateHolder getAssociatedCertificate() {
            return null;
        }
    }

    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-169.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.18.redhat-001.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/impl/PKCS10Request$SignatureOutputStream.class */
    private class SignatureOutputStream extends OutputStream {
        private Signature sig;

        public SignatureOutputStream(Signature signature) {
            this.sig = signature;
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) throws IOException {
            try {
                this.sig.update(bArr, i, i2);
            } catch (SignatureException e) {
                throw new IOException("exception in pkcs10 signer: " + e.getMessage(), e);
            }
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr) throws IOException {
            try {
                this.sig.update(bArr);
            } catch (SignatureException e) {
                throw new IOException("exception in pkcs10 signer: " + e.getMessage(), e);
            }
        }

        @Override // java.io.OutputStream
        public void write(int i) throws IOException {
            try {
                this.sig.update((byte) i);
            } catch (SignatureException e) {
                throw new IOException("exception in pkcs10 signer: " + e.getMessage(), e);
            }
        }
    }

    public PKCS10Request(X500Name x500Name, SubjectPublicKeyInfo subjectPublicKeyInfo, List<org.bouncycastle.asn1.pkcs.Attribute> list) {
        this.valid = false;
        this.subject = x500Name;
        this.publicKeyInfo = subjectPublicKeyInfo;
        resetBuilder();
        setAttributes(list);
    }

    public PKCS10Request(X500Name x500Name, PublicKey publicKey, List<org.bouncycastle.asn1.pkcs.Attribute> list) {
        this.valid = false;
        this.subject = x500Name;
        this.publicKeyInfo = makePublicKeyInfo(publicKey);
        resetBuilder();
        setAttributes(list);
    }

    public PKCS10Request(CertificationRequest certificationRequest) {
        this.valid = false;
        this.subject = certificationRequest.getCertificationRequestInfo().getSubject();
        this.publicKeyInfo = certificationRequest.getCertificationRequestInfo().getSubjectPublicKeyInfo();
        this.signedRequest = new PKCS10CertificationRequest(certificationRequest);
        this.valid = true;
    }

    public PKCS10Request(byte[] bArr) {
        this(CertificationRequest.getInstance(bArr));
    }

    public PKCS10Request(ASN1Sequence aSN1Sequence) {
        this(CertificationRequest.getInstance(aSN1Sequence));
    }

    public PKCS10CertificationRequest sign(PrivateKey privateKey, AlgorithmIdentifier algorithmIdentifier) throws IOException {
        try {
            this.signedRequest = this.builder.build(new PKCS10Signer(privateKey, algorithmIdentifier));
            this.valid = true;
            return this.signedRequest;
        } catch (Exception e) {
            throw new IOException("Could not create PKCS10 signer: " + e);
        }
    }

    public PKCS10CertificationRequest sign(PrivateKey privateKey, String str) throws IOException {
        return sign(privateKey, new DefaultSignatureAlgorithmIdentifierFinder().find(str + "WITH" + getPublicKey().getAlgorithm()));
    }

    public boolean verify(PublicKey publicKey) throws IOException, InvalidKeyException {
        if (this.signedRequest == null || !isValid()) {
            return false;
        }
        try {
            return this.signedRequest.isSignatureValid(new PKCS10VerifierProvider(publicKey));
        } catch (Exception e) {
            throw new IOException("Error verifying signature: " + e);
        }
    }

    private void resetBuilder() {
        this.builder = new PKCS10CertificationRequestBuilder(this.subject, this.publicKeyInfo);
        this.valid = false;
    }

    private boolean isValid() {
        return this.valid;
    }

    private SubjectPublicKeyInfo makePublicKeyInfo(PublicKey publicKey) {
        if (publicKey == null) {
            return null;
        }
        return SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
    }

    public static boolean algorithmMismatch(String str, String str2, String str3) {
        if (ASN1Registry.SN_dsa.equalsIgnoreCase(str) && "MD5".equalsIgnoreCase(str2)) {
            return true;
        }
        if ("RSA".equalsIgnoreCase(str) && "DSS1".equals(str3)) {
            return true;
        }
        return ASN1Registry.SN_dsa.equalsIgnoreCase(str) && "SHA1".equals(str3);
    }

    public ASN1Sequence toASN1Structure() {
        return this.signedRequest != null ? ASN1Sequence.getInstance(this.signedRequest.toASN1Structure()) : new DLSequence();
    }

    public void setSubject(X500Name x500Name) {
        this.subject = x500Name;
        resetBuilder();
    }

    public X500Name getSubject() {
        return this.subject;
    }

    public void setPublicKey(PublicKey publicKey) {
        this.publicKeyInfo = makePublicKeyInfo(publicKey);
        resetBuilder();
    }

    public PublicKey getPublicKey() throws IOException {
        AsymmetricKeyParameter createKey = PublicKeyFactory.createKey(this.publicKeyInfo);
        KeySpec keySpec = null;
        KeyFactory keyFactory = null;
        try {
            if (createKey instanceof RSAKeyParameters) {
                RSAKeyParameters rSAKeyParameters = (RSAKeyParameters) createKey;
                keySpec = new RSAPublicKeySpec(rSAKeyParameters.getModulus(), rSAKeyParameters.getExponent());
                keyFactory = SecurityHelper.getKeyFactory("RSA");
            } else if (createKey instanceof DSAPublicKeyParameters) {
                DSAPublicKeyParameters dSAPublicKeyParameters = (DSAPublicKeyParameters) createKey;
                DSAParameters parameters = dSAPublicKeyParameters.getParameters();
                keySpec = new DSAPublicKeySpec(dSAPublicKeyParameters.getY(), parameters.getP(), parameters.getQ(), parameters.getG());
                keyFactory = SecurityHelper.getKeyFactory(ASN1Registry.SN_dsa);
            }
            if (keySpec != null && keyFactory != null) {
                return keyFactory.generatePublic(keySpec);
            }
        } catch (NoSuchAlgorithmException e) {
        } catch (InvalidKeySpecException e2) {
        }
        throw new IOException("Could not read public key");
    }

    public org.bouncycastle.asn1.pkcs.Attribute[] getAttributes() {
        return this.signedRequest != null ? this.signedRequest.getAttributes() : new org.bouncycastle.asn1.pkcs.Attribute[0];
    }

    public void setAttributes(List<org.bouncycastle.asn1.pkcs.Attribute> list) {
        resetBuilder();
        addAttributes(list);
    }

    private void addAttributes(List<org.bouncycastle.asn1.pkcs.Attribute> list) {
        if (list == null) {
            return;
        }
        Iterator<org.bouncycastle.asn1.pkcs.Attribute> it = list.iterator();
        while (it.hasNext()) {
            addAttribute(it.next());
        }
    }

    public void addAttribute(org.bouncycastle.asn1.pkcs.Attribute attribute) {
        for (ASN1Encodable aSN1Encodable : attribute.getAttributeValues()) {
            addAttribute(attribute.getAttrType(), aSN1Encodable);
        }
    }

    public void addAttribute(ASN1ObjectIdentifier aSN1ObjectIdentifier, ASN1Encodable aSN1Encodable) {
        this.valid = false;
        this.builder.addAttribute(aSN1ObjectIdentifier, aSN1Encodable);
    }

    public int getVersion() {
        if (isValid()) {
            return this.signedRequest.toASN1Structure().getCertificationRequestInfo().getVersion().getValue().intValue();
        }
        return 0;
    }
}
