package com.ibm.security.certclient.beans;

import com.ibm.misc.Debug;
import com.ibm.security.certclient.base.PkAttr;
import com.ibm.security.certclient.base.PkAttrs;
import com.ibm.security.certclient.base.PkCertConstants;
import com.ibm.security.certclient.base.PkCertRepEvent;
import com.ibm.security.certclient.base.PkCertReqEvent;
import com.ibm.security.certclient.base.PkConstants;
import com.ibm.security.certclient.base.PkException;
import com.ibm.security.certclient.base.PkInitRepEvent;
import com.ibm.security.certclient.base.PkInitReqEvent;
import com.ibm.security.certclient.base.PkKupdRepEvent;
import com.ibm.security.certclient.base.PkKupdReqEvent;
import com.ibm.security.certclient.base.PkPipe;
import com.ibm.security.certclient.base.PkSecnRepEvent;
import com.ibm.security.certclient.base.PkSecnReqEvent;
import com.ibm.security.certclient.base.PkXcerRepEvent;
import com.ibm.security.certclient.base.PkXcerReqEvent;
import com.ibm.security.certclient.util.PkUtils;
import com.ibm.security.x509.AlgorithmId;
import com.ibm.security.x509.KeyIdentifier;
import com.ibm.security.x509.SubjectKeyIdentifierExtension;
import com.ibm.security.x509.X509CertImpl;
import com.ibm.security.x509.X509CertInfo;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import org.apache.myfaces.shared_impl.renderkit.html.HTML;

/* loaded from: input_file:wlp/lib/com.ibm.crypto.ibmkeycert_1.0.21.jar:com/ibm/security/certclient/beans/PkCertGen.class */
public class PkCertGen extends PkPipe implements PkConstants {
    private static Debug debug = Debug.getInstance("keycertmanage");
    private static final Object className = "com.ibm.security.certclient.PkCertGen";
    private String provider;

    public PkCertGen(String str) {
        this.provider = str;
    }

    private X509CertImpl getCert(PkCertReqEvent pkCertReqEvent) throws PkException {
        PrivateKey privateKey = (PrivateKey) pkCertReqEvent.getAttrs().get(PkCertConstants.CERT_PRIVATE_KEY).getValue();
        PkAttrs attrs = pkCertReqEvent.getAttrs();
        String name = ((AlgorithmId) attrs.get("x509.info.algorithmID").getValue()).getName();
        try {
            SubjectKeyIdentifierExtension subjectKeyIdentifierExtension = new SubjectKeyIdentifierExtension(PkUtils.computeKID((PublicKey) attrs.getValue("x509.info.key"), false));
            attrs.repOrAdd("x509.info.extensions.SubjectKeyIdentifier", 3, subjectKeyIdentifierExtension);
            try {
                KeyIdentifier keyIdentifier = (KeyIdentifier) subjectKeyIdentifierExtension.get("key_id");
                if (debug != null) {
                    debug.text(0L, className, "getCert", "########### from PkCertGen....ki = {0}", keyIdentifier);
                }
            } catch (IOException e) {
            }
            if (debug != null) {
                debug.text(0L, className, "PkCertGen", "########### from PkCertGen.... attrs = {0}", attrs);
            }
            try {
                X509CertImpl x509CertImpl = new X509CertImpl((X509CertInfo) null);
                PkAttrs.Iter it = pkCertReqEvent.getAttrs().iterator();
                while (it.hasNext()) {
                    PkAttr nextAttr = it.nextAttr();
                    if (nextAttr.isApplied() && nextAttr.isApproved()) {
                        try {
                            x509CertImpl.set(nextAttr.getName(), nextAttr.getValue());
                        } catch (IOException e2) {
                            throw new PkException(e2);
                        } catch (CertificateException e3) {
                            throw new PkException(e3);
                        }
                    }
                }
                Object value = attrs.getValue("x509.info.subject", HTML.HREF_PATH_FROM_PARAM_SEPARATOR);
                if (debug != null) {
                    debug.text(0L, className, "PkCertGen", "####### subject = {0}", value);
                }
                try {
                    x509CertImpl.sign(privateKey, name, this.provider);
                    if (debug != null) {
                        debug.text(0L, className, "PkCertGen", "issued certificate to {0}", value);
                    }
                    return x509CertImpl;
                } catch (GeneralSecurityException e4) {
                    throw new PkException(e4);
                }
            } catch (CertificateEncodingException e5) {
                throw new PkException(e5);
            } catch (CertificateParsingException e6) {
                throw new PkException(e6);
            }
        } catch (IOException e7) {
            throw new PkException(e7);
        } catch (GeneralSecurityException e8) {
            throw new PkException(e8);
        }
    }

    private byte[] getEncoded(X509CertImpl x509CertImpl) throws PkException {
        try {
            return x509CertImpl.getEncoded();
        } catch (CertificateEncodingException e) {
            throw new PkException(e);
        }
    }

    @Override // com.ibm.security.certclient.base.PkPipe, com.ibm.security.certclient.base.PkListener
    public PkCertRepEvent doCertReq(PkCertReqEvent pkCertReqEvent) throws PkException {
        PkCertRepEvent pkCertRepEvent = new PkCertRepEvent(this, null, pkCertReqEvent, getCert(pkCertReqEvent));
        if (debug != null) {
            debug.text(0L, className, "doCertReq", pkCertRepEvent.getCert().toString());
        }
        return pkCertRepEvent;
    }

    @Override // com.ibm.security.certclient.base.PkPipe, com.ibm.security.certclient.base.PkListener
    public PkInitRepEvent doInitReq(PkInitReqEvent pkInitReqEvent) throws PkException {
        if (((Boolean) pkInitReqEvent.getAttrs().getValue(PkCertConstants.CERT_VENDOR_TPKI_RA_ENROLL, Boolean.FALSE)).booleanValue()) {
            PkInitRepEvent pkInitRepEvent = new PkInitRepEvent(this, null, pkInitReqEvent, getCert(pkInitReqEvent));
            if (debug != null) {
                debug.text(0L, className, "doInitReq", pkInitRepEvent.getCert().toString());
            }
            return pkInitRepEvent;
        }
        PkInitRepEvent pkInitRepEvent2 = new PkInitRepEvent(this, null, pkInitReqEvent, getCert(pkInitReqEvent));
        if (debug != null) {
            debug.text(0L, className, "doInitReq", pkInitRepEvent2.getCert().toString());
        }
        return pkInitRepEvent2;
    }

    @Override // com.ibm.security.certclient.base.PkPipe, com.ibm.security.certclient.base.PkListener
    public PkSecnRepEvent doSecnReq(PkSecnReqEvent pkSecnReqEvent) throws PkException {
        PkSecnRepEvent pkSecnRepEvent = new PkSecnRepEvent(this, null, pkSecnReqEvent, getCert(pkSecnReqEvent));
        if (debug != null) {
            debug.text(0L, className, "doSecnReq", pkSecnRepEvent.getCert().toString());
        }
        return pkSecnRepEvent;
    }

    @Override // com.ibm.security.certclient.base.PkPipe, com.ibm.security.certclient.base.PkListener
    public PkKupdRepEvent doKupdReq(PkKupdReqEvent pkKupdReqEvent) throws PkException {
        PkKupdRepEvent pkKupdRepEvent = new PkKupdRepEvent(this, null, pkKupdReqEvent, getCert(pkKupdReqEvent));
        if (debug != null) {
            debug.text(0L, className, "doKupdReq", pkKupdRepEvent.getCert().toString());
        }
        return pkKupdRepEvent;
    }

    @Override // com.ibm.security.certclient.base.PkPipe, com.ibm.security.certclient.base.PkListener
    public PkXcerRepEvent doXcerReq(PkXcerReqEvent pkXcerReqEvent) throws PkException {
        PkXcerRepEvent pkXcerRepEvent = new PkXcerRepEvent(this, null, pkXcerReqEvent, getCert(pkXcerReqEvent));
        if (debug != null) {
            debug.text(0L, className, "doXcerReq", pkXcerRepEvent.getCert().toString());
        }
        return pkXcerRepEvent;
    }
}
