package com.rsa.certj.provider.pki.cmp;

import com.crystaldecisions.client.helper.DataDefinitionHelper;
import com.crystaldecisions.report.web.shared.StaticStrings;
import com.rsa.asn1.ASN1;
import com.rsa.asn1.ASN1Container;
import com.rsa.asn1.ASN1Template;
import com.rsa.asn1.ASN_Exception;
import com.rsa.asn1.BitStringContainer;
import com.rsa.asn1.EncodedContainer;
import com.rsa.asn1.EndContainer;
import com.rsa.asn1.IntegerContainer;
import com.rsa.asn1.OIDContainer;
import com.rsa.asn1.OctetStringContainer;
import com.rsa.asn1.OfContainer;
import com.rsa.asn1.SequenceContainer;
import com.rsa.certj.CertJ;
import com.rsa.certj.CertJException;
import com.rsa.certj.InvalidParameterException;
import com.rsa.certj.cert.Certificate;
import com.rsa.certj.cert.CertificateException;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.spi.pki.PKIRequestMessage;
import com.rsa.jsafe.JSAFE_Exception;
import com.rsa.jsafe.JSAFE_MAC;
import com.rsa.jsafe.JSAFE_MessageDigest;
import com.rsa.jsafe.JSAFE_SecureRandom;
import com.rsa.jsafe.JSAFE_Signature;
import java.util.StringTokenizer;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:lib/external/certj.jar:com/rsa/certj/provider/pki/cmp/CMPRequestCommon.class */
public abstract class CMPRequestCommon extends PKIRequestMessage {
    private static final int SALT_LEN = 20;
    private static final int PBHMAC_ITERATIONS = 1024;
    private static final int HMAC_KEY_LEN = 20;
    private final byte[] HMAC_SHA1_OID;
    private byte[] senderNonce;
    private byte[] recipNonce;
    private TypeAndValue[] generalInfo;
    private char[] sharedSecret;
    private int messageType;

    /* JADX INFO: Access modifiers changed from: protected */
    public CMPRequestCommon(int i, byte[] bArr) throws InvalidParameterException {
        this(i, bArr, null, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CMPRequestCommon(int i, byte[] bArr, String[] strArr, TypeAndValue[] typeAndValueArr) throws InvalidParameterException {
        super(null, null);
        this.HMAC_SHA1_OID = new byte[]{43, 6, 1, 5, 5, 8, 1, 2};
        this.senderNonce = null;
        this.recipNonce = null;
        this.generalInfo = null;
        this.sharedSecret = null;
        this.messageType = i;
        this.recipNonce = bArr;
        this.generalInfo = typeAndValueArr;
        setFreeText(strArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int getMessageType() {
        return this.messageType;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] getRecipNonce() {
        return this.recipNonce;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TypeAndValue[] getGeneralInfo() {
        return this.generalInfo;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setRecipNonce(byte[] bArr) {
        this.recipNonce = bArr;
    }

    protected byte[] derEncodeBody(CertJ certJ) throws CMPException {
        throw new CMPException("CMPRequestCommon.derEncode: this method should be overwritten by sublclasses.");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] derEncode(CMPProtectInfo cMPProtectInfo, CertJ certJ) throws CMPException {
        try {
            JSAFE_SecureRandom randomObject = certJ.getRandomObject();
            byte[] bArr = null;
            byte[] bArr2 = null;
            int i = -1;
            certJ.getDevice();
            byte[] derEncodeBody = derEncodeBody(certJ);
            if (cMPProtectInfo != null) {
                if (cMPProtectInfo.pbmProtected()) {
                    String algorithm = cMPProtectInfo.getAlgorithm();
                    if (!algorithm.startsWith("PBE/HMAC/SHA1")) {
                        throw new CMPException(new StringBuffer().append("CMPRequestCommon.writeMessage: PBM MAC algorithm specified by ").append(algorithm).append(" is not supported.").toString());
                    }
                    bArr2 = randomObject.generateRandomBytes(20);
                    StringTokenizer stringTokenizer = new StringTokenizer(algorithm, StaticStrings.Dash);
                    if (stringTokenizer.hasMoreTokens()) {
                        stringTokenizer.nextToken();
                        if (stringTokenizer.hasMoreTokens()) {
                            i = Integer.parseInt(stringTokenizer.nextToken());
                        }
                    }
                    if (i <= 0) {
                        i = 1024;
                    }
                    bArr = derEncodePBMAlg(bArr2, i, certJ);
                } else {
                    bArr = derEncodeSignatureAlg(cMPProtectInfo.getAlgorithm(), certJ);
                }
            }
            byte[] derEncode = new PKIHeader(this, cMPProtectInfo, bArr, randomObject).derEncode();
            byte[] derEncodeProtectedPart = CMP.derEncodeProtectedPart(derEncode, 0, derEncode.length, derEncodeBody, 0, derEncodeBody.length);
            byte[] bArr3 = null;
            if (cMPProtectInfo != null) {
                bArr3 = cMPProtectInfo.pbmProtected() ? computeProtection(derEncodeProtectedPart, cMPProtectInfo, bArr2, i, certJ) : computeProtection(derEncodeProtectedPart, cMPProtectInfo, randomObject, certJ);
            }
            return derEncodePKIMessage(derEncode, derEncodeBody, bArr3, getExtraCerts());
        } catch (CertJException e) {
            throw new CMPException(new StringBuffer().append("CMPRequestCommon.writeMessage:unable to get a registered random service(").append(e.getMessage()).append(").").toString());
        }
    }

    /*  JADX ERROR: NullPointerException in pass: RegionMakerVisitor
        java.lang.NullPointerException
        */
    private byte[] computeProtection(byte[] r7, com.rsa.certj.provider.pki.cmp.CMPProtectInfo r8, com.rsa.jsafe.JSAFE_SecureRandom r9, com.rsa.certj.CertJ r10) throws com.rsa.certj.provider.pki.cmp.CMPException {
        /*
            r6 = this;
            r0 = r8
            com.rsa.certj.DatabaseService r0 = r0.getDatabase()
            r11 = r0
            r0 = r8
            com.rsa.certj.cert.X509Certificate r0 = r0.getSenderCert()
            r12 = r0
            r0 = 0
            r13 = r0
            r0 = r11
            r1 = r12
            com.rsa.jsafe.JSAFE_PrivateKey r0 = r0.selectPrivateKeyByCertificate(r1)     // Catch: com.rsa.certj.CertJException -> L1b
            r13 = r0
            goto L41
        L1b:
            r14 = move-exception
            com.rsa.certj.provider.pki.cmp.CMPException r0 = new com.rsa.certj.provider.pki.cmp.CMPException
            r1 = r0
            java.lang.StringBuffer r2 = new java.lang.StringBuffer
            r3 = r2
            r3.<init>()
            java.lang.String r3 = "CMPRequestCommon.computeProtection: unable to find a signer private key in the database("
            java.lang.StringBuffer r2 = r2.append(r3)
            r3 = r14
            java.lang.String r3 = r3.getMessage()
            java.lang.StringBuffer r2 = r2.append(r3)
            java.lang.String r3 = ")."
            java.lang.StringBuffer r2 = r2.append(r3)
            java.lang.String r2 = r2.toString()
            r1.<init>(r2)
            throw r0
        L41:
            r0 = r13
            if (r0 != 0) goto L50
            com.rsa.certj.provider.pki.cmp.CMPException r0 = new com.rsa.certj.provider.pki.cmp.CMPException
            r1 = r0
            java.lang.String r2 = "CMPRequestCommon.computeProtection: unable to find a signer private key in the database."
            r1.<init>(r2)
            throw r0
        L50:
            r0 = r8
            java.lang.String r0 = r0.getAlgorithm()
            r14 = r0
            r0 = r14
            r1 = r10
            java.lang.String r1 = r1.getDevice()     // Catch: com.rsa.jsafe.JSAFE_Exception -> L86 java.lang.Throwable -> Lb6
            com.rsa.jsafe.JSAFE_Signature r0 = com.rsa.jsafe.JSAFE_Signature.getInstance(r0, r1)     // Catch: com.rsa.jsafe.JSAFE_Exception -> L86 java.lang.Throwable -> Lb6
            r15 = r0
            r0 = r15
            r1 = r13
            r2 = 0
            r3 = r9
            r4 = r10
            com.rsa.jsafe.JSAFE_Session[] r4 = r4.getPKCS11Sessions()     // Catch: com.rsa.jsafe.JSAFE_Exception -> L86 java.lang.Throwable -> Lb6
            r0.signInit(r1, r2, r3, r4)     // Catch: com.rsa.jsafe.JSAFE_Exception -> L86 java.lang.Throwable -> Lb6
            r0 = r15
            r1 = r7
            r2 = 0
            r3 = r7
            int r3 = r3.length     // Catch: com.rsa.jsafe.JSAFE_Exception -> L86 java.lang.Throwable -> Lb6
            r0.signUpdate(r1, r2, r3)     // Catch: com.rsa.jsafe.JSAFE_Exception -> L86 java.lang.Throwable -> Lb6
            r0 = r15
            byte[] r0 = r0.signFinal()     // Catch: com.rsa.jsafe.JSAFE_Exception -> L86 java.lang.Throwable -> Lb6
            r16 = r0
            r0 = jsr -> Lbe
        L83:
            r1 = r16
            return r1
        L86:
            r15 = move-exception
            com.rsa.certj.provider.pki.cmp.CMPException r0 = new com.rsa.certj.provider.pki.cmp.CMPException     // Catch: java.lang.Throwable -> Lb6
            r1 = r0
            java.lang.StringBuffer r2 = new java.lang.StringBuffer     // Catch: java.lang.Throwable -> Lb6
            r3 = r2
            r3.<init>()     // Catch: java.lang.Throwable -> Lb6
            java.lang.String r3 = "CMPRequestCommon.createSginatureProtectionDER: unable to generate a signature for "
            java.lang.StringBuffer r2 = r2.append(r3)     // Catch: java.lang.Throwable -> Lb6
            r3 = r14
            java.lang.StringBuffer r2 = r2.append(r3)     // Catch: java.lang.Throwable -> Lb6
            java.lang.String r3 = "("
            java.lang.StringBuffer r2 = r2.append(r3)     // Catch: java.lang.Throwable -> Lb6
            r3 = r15
            java.lang.String r3 = r3.getMessage()     // Catch: java.lang.Throwable -> Lb6
            java.lang.StringBuffer r2 = r2.append(r3)     // Catch: java.lang.Throwable -> Lb6
            java.lang.String r3 = ")."
            java.lang.StringBuffer r2 = r2.append(r3)     // Catch: java.lang.Throwable -> Lb6
            java.lang.String r2 = r2.toString()     // Catch: java.lang.Throwable -> Lb6
            r1.<init>(r2)     // Catch: java.lang.Throwable -> Lb6
            throw r0     // Catch: java.lang.Throwable -> Lb6
        Lb6:
            r17 = move-exception
            r0 = jsr -> Lbe
        Lbb:
            r1 = r17
            throw r1
        Lbe:
            r18 = r0
            r0 = r13
            if (r0 == 0) goto Lca
            r0 = r13
            r0.clearSensitiveData()
        Lca:
            ret r18
        */
        throw new UnsupportedOperationException("Method not decompiled: com.rsa.certj.provider.pki.cmp.CMPRequestCommon.computeProtection(byte[], com.rsa.certj.provider.pki.cmp.CMPProtectInfo, com.rsa.jsafe.JSAFE_SecureRandom, com.rsa.certj.CertJ):byte[]");
    }

    /*  JADX ERROR: NullPointerException in pass: RegionMakerVisitor
        java.lang.NullPointerException
        */
    private byte[] computeProtection(byte[] r6, com.rsa.certj.provider.pki.cmp.CMPProtectInfo r7, byte[] r8, int r9, com.rsa.certj.CertJ r10) throws com.rsa.certj.provider.pki.cmp.CMPException {
        /*
            r5 = this;
            r0 = 0
            r11 = r0
            r0 = r7
            java.lang.String r0 = r0.getAlgorithm()     // Catch: com.rsa.jsafe.JSAFE_Exception -> L50 java.lang.Throwable -> L76
            r1 = r10
            java.lang.String r1 = r1.getDevice()     // Catch: com.rsa.jsafe.JSAFE_Exception -> L50 java.lang.Throwable -> L76
            com.rsa.jsafe.JSAFE_MAC r0 = com.rsa.jsafe.JSAFE_MAC.getInstance(r0, r1)     // Catch: com.rsa.jsafe.JSAFE_Exception -> L50 java.lang.Throwable -> L76
            r11 = r0
            r0 = r11
            r1 = r8
            r2 = 0
            r3 = r8
            int r3 = r3.length     // Catch: com.rsa.jsafe.JSAFE_Exception -> L50 java.lang.Throwable -> L76
            r0.setSalt(r1, r2, r3)     // Catch: com.rsa.jsafe.JSAFE_Exception -> L50 java.lang.Throwable -> L76
            r0 = r11
            com.rsa.jsafe.JSAFE_SecretKey r0 = r0.getBlankKey()     // Catch: com.rsa.jsafe.JSAFE_Exception -> L50 java.lang.Throwable -> L76
            r12 = r0
            r0 = r7
            char[] r0 = r0.getSharedSecret()     // Catch: com.rsa.jsafe.JSAFE_Exception -> L50 java.lang.Throwable -> L76
            r13 = r0
            r0 = r12
            r1 = r13
            r2 = 0
            r3 = r13
            int r3 = r3.length     // Catch: com.rsa.jsafe.JSAFE_Exception -> L50 java.lang.Throwable -> L76
            r0.setPassword(r1, r2, r3)     // Catch: com.rsa.jsafe.JSAFE_Exception -> L50 java.lang.Throwable -> L76
            r0 = r11
            r1 = r12
            r2 = 0
            r0.macInit(r1, r2)     // Catch: com.rsa.jsafe.JSAFE_Exception -> L50 java.lang.Throwable -> L76
            r0 = r11
            r1 = r6
            r2 = 0
            r3 = r6
            int r3 = r3.length     // Catch: com.rsa.jsafe.JSAFE_Exception -> L50 java.lang.Throwable -> L76
            r0.macUpdate(r1, r2, r3)     // Catch: com.rsa.jsafe.JSAFE_Exception -> L50 java.lang.Throwable -> L76
            r0 = r11
            byte[] r0 = r0.macFinal()     // Catch: com.rsa.jsafe.JSAFE_Exception -> L50 java.lang.Throwable -> L76
            r14 = r0
            r0 = jsr -> L7e
        L4d:
            r1 = r14
            return r1
        L50:
            r12 = move-exception
            com.rsa.certj.provider.pki.cmp.CMPException r0 = new com.rsa.certj.provider.pki.cmp.CMPException     // Catch: java.lang.Throwable -> L76
            r1 = r0
            java.lang.StringBuffer r2 = new java.lang.StringBuffer     // Catch: java.lang.Throwable -> L76
            r3 = r2
            r3.<init>()     // Catch: java.lang.Throwable -> L76
            java.lang.String r3 = "CMPRequestCommon.createPBMProtection: unable to compute PBM("
            java.lang.StringBuffer r2 = r2.append(r3)     // Catch: java.lang.Throwable -> L76
            r3 = r12
            java.lang.String r3 = r3.getMessage()     // Catch: java.lang.Throwable -> L76
            java.lang.StringBuffer r2 = r2.append(r3)     // Catch: java.lang.Throwable -> L76
            java.lang.String r3 = ")."
            java.lang.StringBuffer r2 = r2.append(r3)     // Catch: java.lang.Throwable -> L76
            java.lang.String r2 = r2.toString()     // Catch: java.lang.Throwable -> L76
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L76
            throw r0     // Catch: java.lang.Throwable -> L76
        L76:
            r15 = move-exception
            r0 = jsr -> L7e
        L7b:
            r1 = r15
            throw r1
        L7e:
            r16 = r0
            r0 = r11
            if (r0 == 0) goto L8a
            r0 = r11
            r0.clearSensitiveData()
        L8a:
            ret r16
        */
        throw new UnsupportedOperationException("Method not decompiled: com.rsa.certj.provider.pki.cmp.CMPRequestCommon.computeProtection(byte[], com.rsa.certj.provider.pki.cmp.CMPProtectInfo, byte[], int, com.rsa.certj.CertJ):byte[]");
    }

    private byte[] derEncodePKIMessage(byte[] bArr, byte[] bArr2, byte[] bArr3, Certificate[] certificateArr) throws CMPException {
        try {
            ASN1Template aSN1Template = new ASN1Template(new ASN1Container[]{new SequenceContainer(0, true, 0), new EncodedContainer(0, true, 0, bArr, 0, bArr.length), new EncodedContainer(0, true, 0, bArr2, 0, bArr2.length), bArr3 == null ? new BitStringContainer(10551296, false, 0, 0, 0, false) : new BitStringContainer(10551296, true, 0, bArr3, 0, bArr3.length, bArr3.length * 8, false), createExtraCertsContainer(certificateArr), new EndContainer()});
            byte[] bArr4 = new byte[aSN1Template.derEncodeInit()];
            aSN1Template.derEncode(bArr4, 0);
            return bArr4;
        } catch (ASN_Exception e) {
            throw new CMPException(new StringBuffer().append("CMPRequestCommon.derEncodePKIMessage: Encoding CMP message faild(").append(e.getMessage()).append(").").toString());
        }
    }

    private ASN1Container createExtraCertsContainer(Certificate[] certificateArr) throws CMPException, ASN_Exception {
        if (certificateArr == null) {
            return new EncodedContainer(10551297, false, 0, null, 0, 0);
        }
        OfContainer ofContainer = new OfContainer(10551297, true, 0, ASN1.SEQUENCE, new EncodedContainer(ASN1.SEQUENCE));
        for (Certificate certificate : certificateArr) {
            if (!(certificate instanceof X509Certificate)) {
                throw new CMPException("CMPRequestCommon.createExtraCertsContainer:certificate in extraCerts should be an instance of X509Certificate.");
            }
            try {
                byte[] bArr = new byte[((X509Certificate) certificate).getDERLen(0)];
                ((X509Certificate) certificate).getDEREncoding(bArr, 0, 0);
                try {
                    ofContainer.addContainer(new EncodedContainer(0, true, 0, bArr, 0, bArr.length));
                } catch (ASN_Exception e) {
                    throw new CMPException(new StringBuffer().append("CMPRequestCommon.createExtraCertsContainer: unable to add an element of extraCerts(").append(e.getMessage()).append(").").toString());
                }
            } catch (CertificateException e2) {
                throw new CMPException(new StringBuffer().append("CMPRequestCommon.createExtraCertsContainer: Encoding a certificate faild(").append(e2.getMessage()).append(").").toString());
            }
        }
        return ofContainer;
    }

    private byte[] derEncodePBMAlg(byte[] bArr, int i, CertJ certJ) throws CMPException {
        byte[] derEncodePBMParameter = derEncodePBMParameter(bArr, i, certJ);
        try {
            ASN1Template aSN1Template = new ASN1Template(new ASN1Container[]{new SequenceContainer(10551297, true, 0), new OIDContainer(16777216, true, 0, CMP.PASSWORD_BASED_MAC_OID, 0, CMP.PASSWORD_BASED_MAC_OID.length), new EncodedContainer(77824, true, 0, derEncodePBMParameter, 0, derEncodePBMParameter.length), new EndContainer()});
            byte[] bArr2 = new byte[aSN1Template.derEncodeInit()];
            aSN1Template.derEncode(bArr2, 0);
            return bArr2;
        } catch (ASN_Exception e) {
            throw new CMPException(new StringBuffer().append("CMPRequestCommon.encodePBMAlgorithmIdentifier: unable to encodeEncoding PBMAlgorithmIdentifier(").append(e.getMessage()).append(").").toString());
        }
    }

    private byte[] derEncodeSignatureAlg(String str, CertJ certJ) throws CMPException {
        try {
            byte[] dERAlgorithmID = JSAFE_Signature.getInstance(str, certJ.getDevice()).getDERAlgorithmID();
            try {
                ASN1Template aSN1Template = new ASN1Template(new ASN1Container[]{new SequenceContainer(8388609, true, 0), new EncodedContainer(0, true, 0, dERAlgorithmID, 0, dERAlgorithmID.length), new EndContainer()});
                byte[] bArr = new byte[aSN1Template.derEncodeInit()];
                aSN1Template.derEncode(bArr, 0);
                return bArr;
            } catch (ASN_Exception e) {
                throw new CMPException(new StringBuffer().append("CMPRequestCommon.derEncodeSignatureAlgorithm: unable to encode signature algorithm(").append(e.getMessage()).append(").").toString());
            }
        } catch (JSAFE_Exception e2) {
            throw new CMPException(new StringBuffer().append("CMPRequestCommon.derEncodeSignatureAlgorithm: unable to get algorithm identifier for ").append(str).append(DataDefinitionHelper.RANGEOPERATOROROPENBRACKET).append(e2.getMessage()).append(").").toString());
        }
    }

    private byte[] derEncodePBMParameter(byte[] bArr, int i, CertJ certJ) throws CMPException {
        String device = certJ.getDevice();
        try {
            byte[] dERAlgorithmID = JSAFE_MessageDigest.getInstance("SHA1", device).getDERAlgorithmID();
            try {
                byte[] mACAlgorithmID = getMACAlgorithmID(JSAFE_MAC.getInstance("HMAC/SHA1", device));
                try {
                    ASN1Template aSN1Template = new ASN1Template(new ASN1Container[]{new SequenceContainer(0, true, 0), new OctetStringContainer(0, true, 0, bArr, 0, bArr.length), new EncodedContainer(ASN1.SEQUENCE, true, 0, dERAlgorithmID, 0, dERAlgorithmID.length), new IntegerContainer(0, true, 0, i), new EncodedContainer(ASN1.SEQUENCE, true, 0, mACAlgorithmID, 0, mACAlgorithmID.length), new EndContainer()});
                    byte[] bArr2 = new byte[aSN1Template.derEncodeInit()];
                    aSN1Template.derEncode(bArr2, 0);
                    return bArr2;
                } catch (ASN_Exception e) {
                    throw new CMPException(new StringBuffer().append("CMPRequestCommon.derEncodePBMParameter: Encoding PBMParameter faild(").append(e.getMessage()).append(").").toString());
                }
            } catch (JSAFE_Exception e2) {
                throw new CMPException(new StringBuffer().append("CMPRequestCommon.derEncodePBMParameter: ").append(e2.getMessage()).toString());
            }
        } catch (JSAFE_Exception e3) {
            throw new CMPException(new StringBuffer().append("CMPRequestCommon.derEncodePBMParameter: ").append(e3.getMessage()).toString());
        }
    }

    private byte[] getMACAlgorithmID(JSAFE_MAC jsafe_mac) throws CMPException {
        String mACAlgorithm = jsafe_mac.getMACAlgorithm();
        String digestAlgorithm = jsafe_mac.getDigestAlgorithm();
        if (!jsafe_mac.getMACAlgorithm().equals("HMAC") || !jsafe_mac.getDigestAlgorithm().equals("SHA1")) {
            throw new CMPException(new StringBuffer().append("CMPRequestCommon.getMACAlgorithmID: algorithm(").append(mACAlgorithm).append(StaticStrings.Slash).append(digestAlgorithm).append(") not supported.  Use HMAC/SHA1.").toString());
        }
        try {
            ASN1Template aSN1Template = new ASN1Template(new ASN1Container[]{new SequenceContainer(0, true, 0), new OIDContainer(16777216, true, 0, this.HMAC_SHA1_OID, 0, this.HMAC_SHA1_OID.length), new EncodedContainer(77824, false, 5, null, 0, 0), new EndContainer()});
            byte[] bArr = new byte[aSN1Template.derEncodeInit()];
            aSN1Template.derEncode(bArr, 0);
            return bArr;
        } catch (ASN_Exception e) {
            throw new CMPException(new StringBuffer().append("CMPRequestCommon.getMACAlgorithmID: Encoding MAC Algorithm Identifier faild(").append(e.getMessage()).append(").").toString());
        }
    }
}
