package com.ibm.security.certclient.util;

import com.ibm.misc.Debug;
import com.ibm.security.certclient.PkEeFactory;
import com.ibm.security.certclient.base.PkAttrs;
import com.ibm.security.certclient.base.PkCertConstants;
import com.ibm.security.certclient.base.PkCertRepEvent;
import com.ibm.security.certclient.base.PkCertReqEvent;
import com.ibm.security.certclient.base.PkConstants;
import com.ibm.security.certclient.base.PkException;
import com.ibm.security.certclient.base.PkNLSConstants;
import com.ibm.security.certclient.beans.PkCertGen;
import com.ibm.security.pkcs5.PKCS5;
import com.ibm.security.util.DerInputStream;
import com.ibm.security.x509.AlgorithmId;
import com.ibm.security.x509.AuthorityKeyIdentifierExtension;
import com.ibm.security.x509.BasicConstraintsExtension;
import com.ibm.security.x509.CertAndKeyGen;
import com.ibm.security.x509.KeyIdentifier;
import com.ibm.security.x509.KeyUsageExtension;
import com.ibm.security.x509.SubjectKeyIdentifierExtension;
import com.ibm.security.x509.X500Name;
import com.ibm.security.x509.X509CertInfo;
import com.ibm.security.x509.X509Key;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.GregorianCalendar;

/* loaded from: input_file:efixes/PK50014_Linux_ppc32/components/prereq.jdk/update.jar:/java/jre/lib/ext/ibmkeycert.jar:com/ibm/security/certclient/util/PkCASetUp.class */
public class PkCASetUp implements PkConstants {
    private static Debug debug = Debug.getInstance("keycertmanage");
    private static final Object className = "PkCASetUp";
    public static final int CERT = 0;
    public static final int SERVER = 1;
    public static final int CRL = 2;
    public static final int CA = 3;
    public static final int CA_ALL = 4;
    private PrivateKey privateKey;
    private X509Key publicKey;
    private X500Name subjectName;
    private String sigAlg;
    private X509Certificate certificate;
    private String[] keyUsageType;
    private long validity;
    private String providerName;

    public PkCASetUp(String str, String str2, String str3, int i, long j, String str4) throws GeneralSecurityException, IOException, PkException {
        this.keyUsageType = new String[1];
        X500Name x500Name = new X500Name(str);
        CertAndKeyGen certAndKeyGen = new CertAndKeyGen(str2, str3);
        certAndKeyGen.generate(i);
        X509Key x509Key = (X509Key) (str2.equalsIgnoreCase("rsa") ? KeyFactory.getInstance("RSA", PkEeFactory.getProvider()) : KeyFactory.getInstance("DSA", PkEeFactory.getProvider())).translateKey(certAndKeyGen.newGetPublicKey());
        this.privateKey = (PrivateKey) (str2.equalsIgnoreCase("rsa") ? KeyFactory.getInstance("RSA", PkEeFactory.getProvider()) : KeyFactory.getInstance("DSA", PkEeFactory.getProvider())).translateKey(certAndKeyGen.getPrivateKey());
        this.publicKey = x509Key;
        this.subjectName = x500Name;
        this.sigAlg = str3;
        this.keyUsageType[0] = str4;
        this.validity = j * 1000;
        setSelfSignedCert(new BigInteger("0"), x500Name, this.keyUsageType);
    }

    public PkCASetUp(String str, String str2, String str3, int i, long j, String[] strArr, String str4) throws GeneralSecurityException, IOException, PkException {
        this.keyUsageType = new String[1];
        X500Name x500Name = new X500Name(str);
        this.providerName = str4;
        if (str4.equalsIgnoreCase("IBMJCE4758")) {
            keyPairGenerate(str2, i, str4);
            keyPairGenerate(str2, i, str4);
        } else {
            keyPairGenerate(str2, i, str4);
        }
        this.subjectName = x500Name;
        this.sigAlg = str3;
        this.keyUsageType = strArr;
        this.validity = j * 1000;
        setSelfSignedCert(new BigInteger("0"), x500Name, this.keyUsageType);
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    private X509Key getPublicKey() {
        return this.publicKey;
    }

    private X500Name getSubjectName() {
        return this.subjectName;
    }

    public X509Certificate getCertificate() {
        return this.certificate;
    }

    public String getSigAlg() {
        return this.sigAlg;
    }

    private byte[] getKID(boolean z) throws NoSuchAlgorithmException {
        return computeKID(this.publicKey, z);
    }

    private static int getOff(byte[] bArr) {
        if (bArr == null) {
            return 0;
        }
        if (bArr.length < 2) {
            return bArr.length;
        }
        if ((bArr[1] & 128) == 0) {
            return 2;
        }
        return (bArr[1] & Byte.MAX_VALUE) + 2;
    }

    public static byte[] computeKID(PublicKey publicKey, boolean z) throws NoSuchAlgorithmException {
        int off;
        byte[] encoded = publicKey.getEncoded();
        if (encoded == null || (off = getOff(encoded) + 1) >= encoded.length) {
            return null;
        }
        MessageDigest messageDigest = MessageDigest.getInstance(PKCS5.MESSAGE_DIGEST_SHA1);
        messageDigest.update(encoded, off, encoded.length - off);
        if (!z) {
            return messageDigest.digest();
        }
        byte[] digest = messageDigest.digest();
        byte[] bArr = new byte[8];
        for (int i = 0; i < 8; i++) {
            bArr[i] = digest[(i + digest.length) - 8];
        }
        bArr[0] = (byte) ((bArr[0] & 15) | 64);
        return bArr;
    }

    private static AuthorityKeyIdentifierExtension computeAuthorityKID(PublicKey publicKey) throws NoSuchAlgorithmException, IOException {
        byte[] computeKID = computeKID(publicKey, false);
        new SubjectKeyIdentifierExtension(computeKID);
        return new AuthorityKeyIdentifierExtension(new KeyIdentifier(computeKID), null, null);
    }

    private static X509CertInfo makeCertInfo(X509Certificate x509Certificate) throws CertificateException, IOException {
        byte[] encoded = x509Certificate.getEncoded();
        try {
            return new X509CertInfo(encoded);
        } catch (CertificateParsingException e) {
            if (debug != null) {
                debug.exception(1L, className, "makeCertInfo", e);
            }
            return new X509CertInfo(new DerInputStream(encoded).getSequence(3)[0]);
        }
    }

    private void setSelfSignedCert(BigInteger bigInteger, X500Name x500Name, String[] strArr) throws GeneralSecurityException, IOException, PkException {
        if (this.publicKey == null) {
            throw new PkException(PkNLSConstants.CASETUP_PUBLICKEY_NULL);
        }
        PkCertGen pkCertGen = new PkCertGen(PkEeFactory.getProvider());
        PkAttrs pkAttrs = new PkAttrs();
        pkAttrs.add(PkCertConstants.CERT_PRIVATE_KEY, 2, this.privateKey);
        pkAttrs.add("x509.info.version", 3, PkCertConstants.CERT_VERSION_3);
        pkAttrs.add("x509.info.serialNumber", 3, bigInteger);
        pkAttrs.add("x509.info.algorithmID", 3, AlgorithmId.get(this.sigAlg));
        pkAttrs.add("x509.info.issuer", 3, x500Name);
        pkAttrs.add(PkCertConstants.CERT_NOT_BEFORE, 3, new Date());
        Date time = new GregorianCalendar().getTime();
        time.setTime(time.getTime() + this.validity);
        if (debug != null) {
            debug.text(0L, className, "setSelfSignedCert", "notAfter {0}", time);
        }
        pkAttrs.add(PkCertConstants.CERT_NOT_AFTER, 3, time);
        pkAttrs.add("x509.info.subject", 3, this.subjectName);
        pkAttrs.add("x509.info.key", 3, this.publicKey);
        if (this.publicKey == null) {
            throw new PkException(PkNLSConstants.CASETUP_PUBLICKEY_NULL);
        }
        KeyUsageExtension keyUsageExtension = new KeyUsageExtension();
        for (String str : strArr) {
            keyUsageExtension.set(str, Boolean.TRUE);
        }
        pkAttrs.add("x509.info.extensions.KeyUsage", 3, keyUsageExtension);
        pkAttrs.add("x509.info.extensions.BasicConstraints", 3, new BasicConstraintsExtension(true, 1));
        byte[] computeKID = computeKID(this.publicKey, false);
        SubjectKeyIdentifierExtension subjectKeyIdentifierExtension = new SubjectKeyIdentifierExtension(computeKID);
        AuthorityKeyIdentifierExtension authorityKeyIdentifierExtension = new AuthorityKeyIdentifierExtension(new KeyIdentifier(computeKID), null, null);
        pkAttrs.add("x509.info.extensions.SubjectKeyIdentifier", 3, subjectKeyIdentifierExtension);
        pkAttrs.add("x509.info.extensions.AuthorityKeyIdentifier", 3, authorityKeyIdentifierExtension);
        PkCertRepEvent pkCertRepEvent = null;
        try {
            pkCertRepEvent = (PkCertRepEvent) new PkCertReqEvent("", null, pkAttrs).executeOn(pkCertGen);
        } catch (PkException e) {
            e.printStackTrace();
        }
        this.certificate = (X509Certificate) pkCertRepEvent.getCert();
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:4:0x006e. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:12:0x0121  */
    /* JADX WARN: Removed duplicated region for block: B:19:0x01a3 A[Catch: IOException -> 0x01c9, GeneralSecurityException -> 0x01eb, TryCatch #4 {IOException -> 0x01c9, GeneralSecurityException -> 0x01eb, blocks: (B:3:0x0003, B:4:0x006e, B:5:0x0090, B:6:0x009a, B:7:0x00dc, B:9:0x00fb, B:14:0x0126, B:27:0x0154, B:29:0x0175, B:17:0x018a, B:19:0x01a3, B:22:0x01b1, B:23:0x01ba, B:35:0x00a7, B:36:0x00b1, B:37:0x00c1, B:38:0x00d1, B:39:0x00db), top: B:2:0x0003 }] */
    /* JADX WARN: Removed duplicated region for block: B:22:0x01b1 A[Catch: IOException -> 0x01c9, GeneralSecurityException -> 0x01eb, TryCatch #4 {IOException -> 0x01c9, GeneralSecurityException -> 0x01eb, blocks: (B:3:0x0003, B:4:0x006e, B:5:0x0090, B:6:0x009a, B:7:0x00dc, B:9:0x00fb, B:14:0x0126, B:27:0x0154, B:29:0x0175, B:17:0x018a, B:19:0x01a3, B:22:0x01b1, B:23:0x01ba, B:35:0x00a7, B:36:0x00b1, B:37:0x00c1, B:38:0x00d1, B:39:0x00db), top: B:2:0x0003 }] */
    /* JADX WARN: Removed duplicated region for block: B:26:0x0154 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.security.cert.X509Certificate recertify(java.security.cert.X509Certificate r9, int r10, java.security.PrivateKey r11, java.util.Date r12, java.util.Date r13, java.lang.String r14) throws java.security.GeneralSecurityException {
        /*
            Method dump skipped, instructions count: 527
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.security.certclient.util.PkCASetUp.recertify(java.security.cert.X509Certificate, int, java.security.PrivateKey, java.util.Date, java.util.Date, java.lang.String):java.security.cert.X509Certificate");
    }

    public void keyPairGenerate(String str, int i, String str2) throws GeneralSecurityException {
        KeyPairGenerator keyPairGenerator = str.equalsIgnoreCase("rsa") ? KeyPairGenerator.getInstance("RSA", str2) : KeyPairGenerator.getInstance("DSA", str2);
        keyPairGenerator.initialize(i);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        this.privateKey = generateKeyPair.getPrivate();
        this.publicKey = (X509Key) (str.equalsIgnoreCase("rsa") ? KeyFactory.getInstance("RSA", str2) : KeyFactory.getInstance("DSA", str2)).translateKey(generateKeyPair.getPublic());
    }
}
