package org.bouncycastle.jce.netscape;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERConstructedSequence;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERInputStream;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;

/* loaded from: classes4.dex */
public class NetscapeCertRequest implements DEREncodable {
    String challenge;
    DERBitString content;
    AlgorithmIdentifier keyAlg;
    PublicKey pubkey;
    AlgorithmIdentifier sigAlg;
    byte[] sigBits;

    public NetscapeCertRequest(String str, AlgorithmIdentifier algorithmIdentifier, PublicKey publicKey) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
        this.challenge = str;
        this.sigAlg = algorithmIdentifier;
        this.pubkey = publicKey;
        DERConstructedSequence dERConstructedSequence = new DERConstructedSequence();
        dERConstructedSequence.addObject(getKeySpec());
        dERConstructedSequence.addObject(new DERIA5String(str));
        this.content = new DERBitString(dERConstructedSequence);
    }

    public NetscapeCertRequest(DERConstructedSequence dERConstructedSequence) {
        try {
            if (dERConstructedSequence.getSize() != 3) {
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append("invalid SPKAC (size):");
                stringBuffer.append(dERConstructedSequence.getSize());
                throw new IllegalArgumentException(stringBuffer.toString());
            }
            this.sigAlg = new AlgorithmIdentifier((DERConstructedSequence) dERConstructedSequence.getObjectAt(1));
            this.sigBits = ((DERBitString) dERConstructedSequence.getObjectAt(2)).getBytes();
            DERConstructedSequence dERConstructedSequence2 = (DERConstructedSequence) dERConstructedSequence.getObjectAt(0);
            if (dERConstructedSequence2.getSize() != 2) {
                StringBuffer stringBuffer2 = new StringBuffer();
                stringBuffer2.append("invalid PKAC (len): ");
                stringBuffer2.append(dERConstructedSequence2.getSize());
                throw new IllegalArgumentException(stringBuffer2.toString());
            }
            this.challenge = ((DERIA5String) dERConstructedSequence2.getObjectAt(1)).getString();
            this.content = new DERBitString(dERConstructedSequence2);
            SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo((DERConstructedSequence) dERConstructedSequence2.getObjectAt(0));
            X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(new DERBitString(subjectPublicKeyInfo).getBytes());
            AlgorithmIdentifier algorithmId = subjectPublicKeyInfo.getAlgorithmId();
            this.keyAlg = algorithmId;
            this.pubkey = KeyFactory.getInstance(algorithmId.getObjectId().getId(), "BC").generatePublic(x509EncodedKeySpec);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private DERObject getKeySpec() throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byteArrayOutputStream.write(this.pubkey.getEncoded());
            byteArrayOutputStream.close();
            return new DERInputStream(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).readObject();
        } catch (IOException e) {
            throw new InvalidKeySpecException(e.getMessage());
        }
    }

    public String getChallenge() {
        return this.challenge;
    }

    @Override // org.bouncycastle.asn1.DEREncodable
    public DERObject getDERObject() {
        DERConstructedSequence dERConstructedSequence = new DERConstructedSequence();
        DERConstructedSequence dERConstructedSequence2 = new DERConstructedSequence();
        try {
            dERConstructedSequence2.addObject(getKeySpec());
        } catch (Exception unused) {
        }
        dERConstructedSequence2.addObject(new DERIA5String(this.challenge));
        dERConstructedSequence.addObject(dERConstructedSequence2);
        dERConstructedSequence.addObject(this.sigAlg);
        dERConstructedSequence.addObject(new DERBitString(this.sigBits));
        return dERConstructedSequence;
    }

    public AlgorithmIdentifier getKeyAlgorithm() {
        return this.keyAlg;
    }

    public PublicKey getPublicKey() {
        return this.pubkey;
    }

    public AlgorithmIdentifier getSigningAlgorithm() {
        return this.sigAlg;
    }

    public void setChallenge(String str) {
        this.challenge = str;
    }

    public void setKeyAlgorithm(AlgorithmIdentifier algorithmIdentifier) {
        this.keyAlg = algorithmIdentifier;
    }

    public void setPublicKey(PublicKey publicKey) {
        this.pubkey = publicKey;
    }

    public void setSigningAlgorithm(AlgorithmIdentifier algorithmIdentifier) {
        this.sigAlg = algorithmIdentifier;
    }

    public void sign(PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException, InvalidKeySpecException {
        sign(privateKey, null);
    }

    public void sign(PrivateKey privateKey, SecureRandom secureRandom) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException, InvalidKeySpecException {
        Signature signature = Signature.getInstance(this.sigAlg.getObjectId().getId(), "BC");
        if (secureRandom != null) {
            signature.initSign(privateKey, secureRandom);
        } else {
            signature.initSign(privateKey);
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DEROutputStream dEROutputStream = new DEROutputStream(byteArrayOutputStream);
        DERConstructedSequence dERConstructedSequence = new DERConstructedSequence();
        dERConstructedSequence.addObject(getKeySpec());
        dERConstructedSequence.addObject(new DERIA5String(this.challenge));
        try {
            dEROutputStream.writeObject(dERConstructedSequence);
            dEROutputStream.close();
            signature.update(byteArrayOutputStream.toByteArray());
            this.sigBits = signature.sign();
        } catch (IOException e) {
            throw new SignatureException(e.getMessage());
        }
    }

    public boolean verify(String str) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        if (!str.equals(this.challenge)) {
            return false;
        }
        Signature signature = Signature.getInstance(this.sigAlg.getObjectId().getId(), "BC");
        signature.initVerify(this.pubkey);
        signature.update(this.content.getBytes());
        return signature.verify(this.sigBits);
    }
}
