package com.ibm.security.certclient.fmt;

import com.ibm.crypto.provider.PBMParameterSpec;
import com.ibm.misc.Debug;
import com.ibm.security.certclient.PkEeFactory;
import com.ibm.security.certclient.base.PkAttr;
import com.ibm.security.certclient.base.PkAttrs;
import com.ibm.security.certclient.base.PkCertConstants;
import com.ibm.security.certclient.base.PkCertRepEvent;
import com.ibm.security.certclient.base.PkCertReqEvent;
import com.ibm.security.certclient.base.PkConfRepEvent;
import com.ibm.security.certclient.base.PkConfReqEvent;
import com.ibm.security.certclient.base.PkConstants;
import com.ibm.security.certclient.base.PkEvent;
import com.ibm.security.certclient.base.PkEventFormatter;
import com.ibm.security.certclient.base.PkException;
import com.ibm.security.certclient.base.PkGnrlRepEvent;
import com.ibm.security.certclient.base.PkGnrlReqEvent;
import com.ibm.security.certclient.base.PkInitRepEvent;
import com.ibm.security.certclient.base.PkInitReqEvent;
import com.ibm.security.certclient.base.PkIoException;
import com.ibm.security.certclient.base.PkKrecRepEvent;
import com.ibm.security.certclient.base.PkKrecReqEvent;
import com.ibm.security.certclient.base.PkKupdRepEvent;
import com.ibm.security.certclient.base.PkKupdReqEvent;
import com.ibm.security.certclient.base.PkNLSConstants;
import com.ibm.security.certclient.base.PkRejectionException;
import com.ibm.security.certclient.base.PkReqEvent;
import com.ibm.security.certclient.base.PkRevoConstants;
import com.ibm.security.certclient.base.PkRevoRepEvent;
import com.ibm.security.certclient.base.PkRevoReqEvent;
import com.ibm.security.certclient.base.PkSecnRepEvent;
import com.ibm.security.certclient.base.PkSecnReqEvent;
import com.ibm.security.certclient.base.PkXcerRepEvent;
import com.ibm.security.certclient.base.PkXcerReqEvent;
import com.ibm.security.certclient.util.PkArray;
import com.ibm.security.certclient.util.PkString;
import com.ibm.security.cmp.CertOrEncCert;
import com.ibm.security.cmp.CertRepMessage;
import com.ibm.security.cmp.CertResponse;
import com.ibm.security.cmp.CertifiedKeyPair;
import com.ibm.security.cmp.ErrorMsgContent;
import com.ibm.security.cmp.InfoTypeAndValue;
import com.ibm.security.cmp.PKIBody;
import com.ibm.security.cmp.PKIFreeText;
import com.ibm.security.cmp.PKIHeader;
import com.ibm.security.cmp.PKIMessage;
import com.ibm.security.cmp.PKIStatusInfo;
import com.ibm.security.cmp.RevDetails;
import com.ibm.security.cmp.RevDetailsv2;
import com.ibm.security.cmp.RevPassphraseInfoValue;
import com.ibm.security.cmp.RevRepContent;
import com.ibm.security.cmp.RevReqContent;
import com.ibm.security.cmp.RevReqContentv2;
import com.ibm.security.crmf.CertReqMessages;
import com.ibm.security.crmf.CertReqMsg;
import com.ibm.security.crmf.CertRequest;
import com.ibm.security.crmf.CertTemplate;
import com.ibm.security.crmf.EncryptedValue;
import com.ibm.security.crmf.OptionalValidity;
import com.ibm.security.crmf.PKIPublicationInfo;
import com.ibm.security.crmf.POPOPrivKey;
import com.ibm.security.crmf.POPOSigningKey;
import com.ibm.security.crmf.ProofOfPossession;
import com.ibm.security.crmf.SinglePubInfo;
import com.ibm.security.pkcs5.PKCS5;
import com.ibm.security.util.BitArray;
import com.ibm.security.util.DerOutputStream;
import com.ibm.security.util.DerValue;
import com.ibm.security.util.ObjectIdentifier;
import com.ibm.security.x509.AlgorithmId;
import com.ibm.security.x509.BasicConstraintsExtension;
import com.ibm.security.x509.CRLExtensions;
import com.ibm.security.x509.CRLReasonCodeExtension;
import com.ibm.security.x509.CertificateExtensions;
import com.ibm.security.x509.Extension;
import com.ibm.security.x509.GeneralName;
import com.ibm.security.x509.KeyIdentifier;
import com.ibm.security.x509.KeyUsageExtension;
import com.ibm.security.x509.OIDMap;
import com.ibm.security.x509.ReasonFlags;
import com.ibm.security.x509.UniqueIdentity;
import com.ibm.security.x509.X500Name;
import com.ibm.security.x509.X509CertImpl;
import com.sun.tools.doclets.TagletManager;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidParameterSpecException;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.NoSuchElementException;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:efixes/PK60674_Linux_i386/components/prereq.jdk/update.jar:/java/jre/lib/ext/ibmkeycert.jar:com/ibm/security/certclient/fmt/PkCmpEventFormatter.class */
public class PkCmpEventFormatter extends PkEventFormatter implements PkConstants {
    private static final String sccsid = "%Z% %M% %I%    %W% %G% %U%";
    private static final int MESSAGE_BODY_CERTCONF = 24;
    private BigInteger certReqId = BigInteger.valueOf(0);
    private final String SIG_PROBS = "Problems signing. Change the exception being thrown";
    static Class class$com$ibm$security$certclient$base$PkCertReqEvent;
    static Class class$com$ibm$security$certclient$base$PkCertRepEvent;
    static Class class$com$ibm$security$certclient$base$PkInitReqEvent;
    static Class class$com$ibm$security$certclient$base$PkInitRepEvent;
    static Class class$com$ibm$security$certclient$base$PkSecnReqEvent;
    static Class class$com$ibm$security$certclient$base$PkSecnRepEvent;
    static Class class$com$ibm$security$certclient$base$PkKupdReqEvent;
    static Class class$com$ibm$security$certclient$base$PkKupdRepEvent;
    static Class class$com$ibm$security$certclient$base$PkKrecReqEvent;
    static Class class$com$ibm$security$certclient$base$PkKrecRepEvent;
    static Class class$com$ibm$security$certclient$base$PkRevoReqEvent;
    static Class class$com$ibm$security$certclient$base$PkRevoRepEvent;
    static Class class$com$ibm$security$certclient$base$PkXcerReqEvent;
    static Class class$com$ibm$security$certclient$base$PkXcerRepEvent;
    static Class class$com$ibm$security$certclient$base$PkGnrlReqEvent;
    static Class class$com$ibm$security$certclient$base$PkGnrlRepEvent;
    static Class class$javax$crypto$spec$IvParameterSpec;
    private static Debug debug = Debug.getInstance("keycertmanage");
    private static Object className = "com.ibm.security.certclient.fmt.PkCmpEventFormatter";
    private static final PKIStatusInfo statusOk = new PKIStatusInfo(0, null, null);
    private static ObjectIdentifier TPKI_ENROLL_OID = getOID();
    private static final Map types = new HashMap();

    private static final ObjectIdentifier getOID() {
        try {
            return new ObjectIdentifier("1.3.6.1.4.1.2.13.5.7.1.3");
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    @Override // com.ibm.security.certclient.base.PkEventFormatter
    public PkEvent readEvent(Object obj, InputStream inputStream, PkReqEvent pkReqEvent) throws PkException, IOException {
        PkEvent pkConfReqEvent;
        PKIMessage pKIMessage = new PKIMessage(new DerValue(inputStream).toByteArray());
        Object body = pKIMessage.getBody();
        if (debug != null) {
            debug.text(0L, className, "readEvent", "msg is {0}", pKIMessage.toString());
        }
        if (debug != null) {
            debug.text(0L, className, "readEvent", "msg body type is {0}", new Integer(pKIMessage.getBodyType()));
        }
        PKIHeader header = pKIMessage.getHeader();
        if (debug != null) {
            debug.text(0L, className, "readEvent", "#####  sender kid is msg body type is {0}", header.getSenderKID());
        }
        boolean z = pKIMessage.getProtection() != null;
        boolean equals = header.getPvno().equals(PkConstants.BIG_ONE);
        if (debug != null) {
            debug.text(0L, className, "readEvent", " isCmpV1 is {0}", new Boolean(equals).toString());
        }
        if (pKIMessage.getBodyType() != 0 && pKIMessage.getBodyType() != 11 && pKIMessage.getBodyType() != 12 && pKIMessage.getBodyType() != 24 && !equals) {
            if (debug != null) {
                debug.text(0L, className, "readEvent", " reset CMP version to 1 ");
            }
            equals = true;
        }
        if (equals) {
            switch (pKIMessage.getBodyType()) {
                case 0:
                    PkAttrs attrsFromCertReqMessages = getAttrsFromCertReqMessages((CertReqMessages) body);
                    attrsFromCertReqMessages.add(PkCertConstants.CERT_MESSAGE_PROTECTED, 2, new Boolean(z));
                    attrsFromCertReqMessages.add(PkCertConstants.CERT_SENDER_KID, 2, header.getSenderKID());
                    attrsFromCertReqMessages.add(PkCertConstants.CERT_RECIPIENT_DN, 2, header.getRecipient());
                    attrsFromCertReqMessages.add(PkCertConstants.CERT_PROVIDER, 2, PkEeFactory.getProvider());
                    attrsFromCertReqMessages.add(PkCertConstants.CERT_CMP_VERSION, 2, PkConstants.BIG_ONE);
                    pkConfReqEvent = new PkInitReqEvent(obj, pKIMessage, attrsFromCertReqMessages);
                    break;
                case 1:
                    X509CertImpl cert = getCert((CertRepMessage) body, (PrivateKey) pkReqEvent.getAttrs().getValue(PkCertConstants.CERT_PRIVATE_KEY_EE, null));
                    if (cert == null) {
                        pkReqEvent.getAttrs().add("PASSTHRU", 2, Boolean.TRUE);
                        if (debug != null) {
                            debug.text(0L, className, "readEvent", "passThru set to true");
                        }
                    }
                    pkReqEvent.getAttrs().add(PkCertConstants.CERT_REP_HDR, 2, header);
                    pkConfReqEvent = new PkInitRepEvent(obj, pKIMessage, pkReqEvent, cert);
                    break;
                case 2:
                    PkAttrs attrsFromCertReqMessages2 = getAttrsFromCertReqMessages((CertReqMessages) body);
                    attrsFromCertReqMessages2.add(PkCertConstants.CERT_MESSAGE_PROTECTED, 2, new Boolean(z));
                    attrsFromCertReqMessages2.add("TMP_MSG_HDR", 2, header);
                    attrsFromCertReqMessages2.add(PkCertConstants.CERT_REP_HDR, 2, header);
                    attrsFromCertReqMessages2.add(PkCertConstants.CERT_SENDER_KID, 2, header.getSenderKID());
                    attrsFromCertReqMessages2.add(PkCertConstants.CERT_RECIPIENT_DN, 2, header.getRecipient());
                    attrsFromCertReqMessages2.add(PkCertConstants.CERT_PROVIDER, 2, PkEeFactory.getProvider());
                    pkConfReqEvent = new PkSecnReqEvent(obj, pKIMessage, attrsFromCertReqMessages2);
                    break;
                case 3:
                    X509CertImpl cert2 = getCert((CertRepMessage) body, (PrivateKey) pkReqEvent.getAttrs().getValue(PkCertConstants.CERT_PRIVATE_KEY_EE, null));
                    pkReqEvent.getAttrs().repOrAdd(PkCertConstants.CERT_REP_HDR, 2, header);
                    if (cert2 == null) {
                        pkReqEvent.getAttrs().add("PASSTHRU", 2, Boolean.TRUE);
                        if (debug != null) {
                            debug.text(0L, className, "readEvent", "passThru set to true");
                        }
                    } else if (debug != null) {
                        debug.text(0L, className, "readEvent", "passThru set to false as private key available");
                    }
                    pkConfReqEvent = new PkSecnRepEvent(obj, pKIMessage, pkReqEvent, cert2);
                    break;
                case 4:
                case 5:
                case 6:
                    throw new UnsupportedOperationException(new StringBuffer().append(PkNLSConstants.CMPEVENT_UNSUPPORTED_EVENT).append(pKIMessage.getBodyType()).toString());
                case 7:
                    pkConfReqEvent = new PkKupdReqEvent(obj, pKIMessage, getAttrsFromCertReqMessages((CertReqMessages) body));
                    break;
                case 8:
                    pkConfReqEvent = new PkKupdRepEvent(obj, pKIMessage, pkReqEvent, getCert((CertRepMessage) body, null));
                    break;
                case 9:
                    pkConfReqEvent = new PkKrecReqEvent(obj, pKIMessage, null);
                    break;
                case 10:
                    pkConfReqEvent = new PkKrecRepEvent(obj, pKIMessage, pkReqEvent);
                    break;
                case 11:
                    PkAttrs attrsFromRevReqContent = getAttrsFromRevReqContent((RevReqContent) body);
                    if (attrsFromRevReqContent.getValue("x509.info.key", null) != null) {
                        attrsFromRevReqContent.add(PkCertConstants.CERT_REVO_PUBLIC_KEY, 2, attrsFromRevReqContent.getValue("x509.info.key"));
                    }
                    attrsFromRevReqContent.add("TMP_MSG_HDR", 2, header);
                    attrsFromRevReqContent.add(PkCertConstants.CERT_MESSAGE_PROTECTED, 2, new Boolean(z));
                    if (debug != null) {
                        debug.text(0L, className, "readEvent", "case-rr, msgProtected is {0}", new Boolean(z));
                    }
                    if (z) {
                        attrsFromRevReqContent.add("PASSTHRU", 2, Boolean.TRUE);
                    }
                    attrsFromRevReqContent.add("x509.info.algorithmID", 2, header.getProtectionAlg());
                    attrsFromRevReqContent.add(PkCertConstants.CERT_CMP_VERSION, 2, PkConstants.BIG_ONE);
                    attrsFromRevReqContent.add(PkCertConstants.CERT_REVOCATION_PASSPHRASE, 2, header.getGeneralInfo());
                    pkConfReqEvent = new PkRevoReqEvent(obj, pKIMessage, attrsFromRevReqContent);
                    break;
                case 12:
                    pkConfReqEvent = new PkRevoRepEvent(obj, pKIMessage, pkReqEvent);
                    break;
                case 13:
                    PkAttrs attrsFromCertReqMessages3 = getAttrsFromCertReqMessages((CertReqMessages) body);
                    attrsFromCertReqMessages3.add(PkCertConstants.CERT_RECIPIENT_DN, 2, header.getRecipient());
                    attrsFromCertReqMessages3.add(PkCertConstants.CERT_SENDER_KID, 2, header.getSenderKID());
                    attrsFromCertReqMessages3.add(PkCertConstants.CERT_PROVIDER, 2, PkEeFactory.getProvider());
                    attrsFromCertReqMessages3.add(PkCertConstants.CERT_CMP_VERSION, 2, PkConstants.BIG_ONE);
                    pkConfReqEvent = new PkXcerReqEvent(obj, pKIMessage, attrsFromCertReqMessages3);
                    break;
                case 14:
                    pkReqEvent.getAttrs().add(PkCertConstants.CERT_REP_HDR, 2, header);
                    pkConfReqEvent = new PkXcerRepEvent(obj, pKIMessage, pkReqEvent, getCert((CertRepMessage) body, null));
                    break;
                case 15:
                case 16:
                case 17:
                case 18:
                case 20:
                    throw new UnsupportedOperationException(new StringBuffer().append(PkNLSConstants.CMPEVENT_UNSUPPORTED_EVENT).append(pKIMessage.getBodyType()).toString());
                case 19:
                    if (debug != null) {
                        debug.text(0L, className, "readEvent", "######### from message_body_conf, msg is {0}", pKIMessage);
                    }
                    PkAttrs pkAttrs = new PkAttrs();
                    add(pkAttrs, "HDR", pKIMessage.getHeader());
                    pkAttrs.add(PkCertConstants.CERT_REVOCATION_PASSPHRASE, 2, header.getGeneralInfo());
                    pkAttrs.add(PkCertConstants.CERT_SENDER_KID, 2, header.getSenderKID());
                    pkConfReqEvent = new PkConfReqEvent(obj, pKIMessage, pkAttrs);
                    if (debug != null) {
                        debug.text(0L, className, "readEvent", "########## the confReqEvent is {0}", pkConfReqEvent);
                        break;
                    }
                    break;
                case 21:
                    pkConfReqEvent = new PkGnrlReqEvent(obj, pKIMessage, null);
                    break;
                case 22:
                    pkConfReqEvent = new PkGnrlRepEvent(obj, pKIMessage, pkReqEvent);
                    break;
                case 23:
                    if (debug != null) {
                        debug.text(0L, className, "readEvent", "############ MESSAGE_BODY_ERROR... body ={0} ", body);
                    }
                    throwException((ErrorMsgContent) body);
                    pkConfReqEvent = null;
                    break;
                default:
                    throw new PkIoException(new StringBuffer().append(PkNLSConstants.CMPEVENT_INVALID_PKI_MESSAGE_TAG).append(pKIMessage.getBodyType()).toString());
            }
        } else {
            switch (pKIMessage.getBodyType()) {
                case 0:
                    PkAttrs attrsFromCertReqMessages4 = getAttrsFromCertReqMessages((CertReqMessages) body);
                    attrsFromCertReqMessages4.add(PkCertConstants.CERT_SENDER_KID, 2, header.getSenderKID());
                    attrsFromCertReqMessages4.add(PkCertConstants.CERT_RECIPIENT_DN, 2, header.getRecipient());
                    attrsFromCertReqMessages4.add(PkCertConstants.CERT_PROVIDER, 2, PkEeFactory.getProvider());
                    attrsFromCertReqMessages4.add(PkCertConstants.CERT_CMP_VERSION, 2, PkConstants.BIG_TWO);
                    pkConfReqEvent = new PkInitReqEvent(obj, pKIMessage, attrsFromCertReqMessages4);
                    break;
                case 1:
                    X509CertImpl cert3 = getCert((CertRepMessage) body, (PrivateKey) pkReqEvent.getAttrs().getValue(PkCertConstants.CERT_PRIVATE_KEY_EE, null));
                    if (cert3 == null) {
                        pkReqEvent.getAttrs().add("PASSTHRU", 2, Boolean.TRUE);
                        if (debug != null) {
                            debug.text(0L, className, "readEvent", "passThru set to true");
                        }
                    }
                    pkReqEvent.getAttrs().add(PkCertConstants.CERT_REP_HDR, 2, header);
                    pkReqEvent.getAttrs().add(PkCertConstants.CERT_CMP_VERSION, 2, PkConstants.BIG_TWO);
                    pkConfReqEvent = new PkInitRepEvent(obj, pKIMessage, pkReqEvent, cert3);
                    break;
                case 11:
                    PkAttrs attrsFromRevReqContent2 = getAttrsFromRevReqContent((RevReqContentv2) body);
                    attrsFromRevReqContent2.add("TMP_MSG_HDR", 2, header);
                    attrsFromRevReqContent2.add(PkCertConstants.CERT_MESSAGE_PROTECTED, 2, new Boolean(z));
                    attrsFromRevReqContent2.add("x509.info.algorithmID", 2, header.getProtectionAlg());
                    attrsFromRevReqContent2.add(PkCertConstants.CERT_CMP_VERSION, 2, PkConstants.BIG_TWO);
                    pkConfReqEvent = new PkRevoReqEvent(obj, pKIMessage, attrsFromRevReqContent2);
                    break;
                case 12:
                    PkAttrs attrs = pkReqEvent.getAttrs();
                    attrs.add(PkCertConstants.CERT_CMP_VERSION, 2, PkConstants.BIG_TWO);
                    attrs.add(PkCertConstants.CERT_REP_HDR, 2, header);
                    attrs.add(PkCertConstants.CERT_PROVIDER, 2, PkEeFactory.getProvider());
                    pkConfReqEvent = new PkRevoRepEvent(obj, pKIMessage, pkReqEvent);
                    break;
                case 24:
                    if (debug != null) {
                        debug.text(0L, className, "readEvent", "from message_body_conf -v2, msg is {0}", pKIMessage);
                    }
                    PkAttrs pkAttrs2 = new PkAttrs();
                    pkAttrs2.add(PkCertConstants.CERT_CMP_VERSION, 2, PkConstants.BIG_TWO);
                    add(pkAttrs2, "HDR", pKIMessage.getHeader());
                    pkAttrs2.add(PkCertConstants.CERT_REVOCATION_PASSPHRASE, 2, header.getGeneralInfo());
                    pkAttrs2.add(PkCertConstants.CERT_SENDER_KID, 2, header.getSenderKID());
                    pkConfReqEvent = new PkConfReqEvent(obj, pKIMessage, pkAttrs2);
                    if (debug != null) {
                        debug.text(0L, className, "readEvent", "########## the confReqEvent is {0}", pkConfReqEvent);
                        break;
                    }
                    break;
                default:
                    throw new PkIoException(new StringBuffer().append(PkNLSConstants.CMPEVENT_INVALID_PKI_MESSAGE_TAG).append(pKIMessage.getBodyType()).toString());
            }
        }
        return pkConfReqEvent;
    }

    @Override // com.ibm.security.certclient.base.PkEventFormatter
    public void writeException(Exception exc, OutputStream outputStream) throws IOException {
        boolean[] zArr = null;
        PKIFreeText pKIFreeText = null;
        if (exc.getMessage() != null) {
            String str = new String(exc.getMessage().getBytes("UTF-8"), "UTF-8");
            if (debug != null) {
                debug.text(0L, className, "writeException..", "emsg is {0}", str);
            }
            pKIFreeText = new PKIFreeText(new String[]{str});
        } else if (exc instanceof PkException) {
            PkException pkException = (PkException) exc;
            if (pkException.hasWrappedException()) {
                Throwable wrappedException = pkException.getWrappedException();
                if (wrappedException.getMessage() != null) {
                    pKIFreeText = new PKIFreeText(new String[]{wrappedException.getMessage()});
                }
            }
        }
        if (exc instanceof PkRejectionException) {
            zArr = ((PkRejectionException) exc).getFailureInfo();
        }
        new PKIMessage(new PKIHeader(PkConstants.BIG_ONE, new GeneralName(new X500Name("")), new GeneralName(new X500Name("")), null, null, null, null, null, null, null, null, null), 23, new ErrorMsgContent(new PKIStatusInfo(2, pKIFreeText, zArr), null, null), null, null).encode(outputStream);
    }

    private void throwException(ErrorMsgContent errorMsgContent) throws PkException {
        switch (errorMsgContent.getPKIStatusInfo().getStatus()) {
            case 0:
            case 1:
            case 2:
                String[] strArr = new String[0];
                PKIStatusInfo pKIStatusInfo = null;
                try {
                    pKIStatusInfo = errorMsgContent.getPKIStatusInfo();
                    strArr = (String[]) pKIStatusInfo.getStatusString().getFreeText().clone();
                } catch (NullPointerException e) {
                }
                try {
                    strArr = (String[]) PkArray.append(strArr, errorMsgContent.getErrorDetails().getFreeText());
                } catch (NullPointerException e2) {
                }
                String join = PkString.join(strArr, "\n");
                if (pKIStatusInfo != null) {
                    throw new PkRejectionException(join, pKIStatusInfo.getFailureInfos());
                }
                throw new PkRejectionException(join);
            case 3:
            case 4:
            case 5:
            case 6:
                String[] freeText = errorMsgContent.getErrorDetails().getFreeText();
                throw new PkException((freeText == null || freeText.length <= 0) ? "" : freeText[0]);
            default:
                return;
        }
    }

    @Override // com.ibm.security.certclient.base.PkEventFormatter
    public void writeCertReq(PkCertReqEvent pkCertReqEvent, OutputStream outputStream) throws IOException, PkException {
        BigInteger bigInteger;
        String str;
        AlgorithmId algorithmId;
        synchronized (this) {
            bigInteger = this.certReqId;
            this.certReqId = this.certReqId.add(BigInteger.ONE);
        }
        PkAttrs attrs = pkCertReqEvent.getAttrs();
        Boolean bool = (Boolean) pkCertReqEvent.getAttrs().getValue(PkCertConstants.CERT_MESSAGE_PROTECTED, Boolean.FALSE);
        if (debug != null) {
            debug.text(0L, className, "writeCertReq", "messageProtected {0}", bool);
        }
        if (bool.booleanValue()) {
            ((PKIMessage) pkCertReqEvent.getMsg()).encode(outputStream);
            return;
        }
        GeneralName generalName = new GeneralName((X500Name) attrs.getValue("x509.info.subject"));
        KeyIdentifier keyIdentifier = (KeyIdentifier) attrs.getValue(PkCertConstants.CERT_SENDER_KID);
        GeneralName generalName2 = (GeneralName) attrs.getValue(PkCertConstants.CERT_RECIPIENT_DN);
        InfoTypeAndValue[] infoTypeAndValueArr = (InfoTypeAndValue[]) attrs.getValue(PkCertConstants.CERT_REVOCATION_PASSPHRASE, null);
        CertTemplate certTemplate = new CertTemplate();
        if (attrs.has(PkCertConstants.CERT_NOT_BEFORE) || attrs.has(PkCertConstants.CERT_NOT_AFTER)) {
            certTemplate.setValidity(new OptionalValidity((Date) attrs.getValue(PkCertConstants.CERT_NOT_BEFORE, null), (Date) attrs.getValue(PkCertConstants.CERT_NOT_AFTER, null)));
        }
        addToTempl(certTemplate, attrs);
        CertRequest certRequest = new CertRequest(bigInteger, certTemplate, null);
        ProofOfPossession proofOfPossession = null;
        try {
            DerOutputStream derOutputStream = new DerOutputStream();
            certRequest.encode(derOutputStream);
            boolean z = false;
            KeyUsageExtension keyUsageExtension = (KeyUsageExtension) attrs.getValue("x509.info.extensions.KeyUsage", null);
            boolean z2 = true;
            boolean[] zArr = null;
            if (keyUsageExtension == null) {
                z2 = false;
            } else {
                zArr = keyUsageExtension.getBits();
                if (zArr.length == 0) {
                    z2 = false;
                }
            }
            String str2 = (String) attrs.getValue(PkCertConstants.CERT_PROVIDER, null);
            if (str2 == null) {
                PkRejectionException pkRejectionException = new PkRejectionException(PkNLSConstants.NEED_PROVIDER);
                if (debug != null) {
                    debug.text(0L, className, "writeCertReq", pkRejectionException.getMessage());
                }
                throw pkRejectionException;
            }
            if (z2) {
                z = zArr[0];
            }
            if (z || !z2) {
                try {
                    if (debug != null) {
                        debug.text(0L, className, "writeCertReq", "######## from PkCmpEventFormatter... digitalSignature");
                    }
                    PrivateKey privateKey = (PrivateKey) attrs.getValue(PkCertConstants.CERT_PRIVATE_KEY, null);
                    if (privateKey != null) {
                        if (privateKey instanceof RSAPrivateKey) {
                            str = "sha1WithRSA";
                            algorithmId = new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid);
                        } else {
                            str = "sha1WithDSA";
                            algorithmId = new AlgorithmId(AlgorithmId.sha1WithDSA_oid);
                        }
                        Signature signature = Signature.getInstance(str, str2);
                        signature.initSign(privateKey);
                        signature.update(derOutputStream.toByteArray());
                        proofOfPossession = new ProofOfPossession(1, new POPOSigningKey(null, algorithmId, signature.sign()));
                    }
                } catch (GeneralSecurityException e) {
                    if (debug != null) {
                        debug.text(0L, className, "writeCertReq", e.getMessage());
                    }
                    e.printStackTrace();
                }
            } else {
                if (debug != null) {
                    debug.text(0L, className, "writeCertReq", "######## from PkCmpEventFormatter... encipherment");
                }
                proofOfPossession = new ProofOfPossession(2, new POPOPrivKey(1, new Integer(0)));
            }
            CertReqMessages certReqMessages = new CertReqMessages(new CertReqMsg[]{new CertReqMsg(certRequest, proofOfPossession, null)});
            PKIHeader pKIHeader = new PKIHeader((BigInteger) attrs.getValue(PkCertConstants.CERT_CMP_VERSION), generalName, generalName2, new Date(), generateProtectionAlg(str2), keyIdentifier, null, new Long(new Date().getTime()).toString().getBytes(), new Date().toString().getBytes(), null, null, infoTypeAndValueArr);
            if (debug != null) {
                debug.text(0L, className, "writeCertReq", "pkiHeader ={0} ", pKIHeader);
            }
            PKIMessage pKIMessage = new PKIMessage(pKIHeader, getBodyType(pkCertReqEvent), certReqMessages, null, null);
            try {
                String str3 = (String) attrs.getValue(PkCertConstants.CERT_INIT_PWD);
                (str3 != null ? pKIMessage.protect(str3.getBytes()) : pKIMessage).encode(outputStream);
            } catch (Exception e2) {
                PkException pkException = new PkException(e2);
                if (debug != null) {
                    debug.text(0L, className, "writeCertReq", pkException.getMessage());
                }
                throw pkException;
            }
        } catch (NoSuchElementException e3) {
            PkException pkException2 = new PkException(e3);
            if (debug != null) {
                debug.text(0L, className, "writeCertReq", pkException2.getMessage());
            }
            throw pkException2;
        }
    }

    @Override // com.ibm.security.certclient.base.PkEventFormatter
    public void writeSecnReq(PkSecnReqEvent pkSecnReqEvent, OutputStream outputStream) throws IOException, PkException {
        BigInteger bigInteger;
        boolean z;
        String str;
        AlgorithmId algorithmId;
        Boolean bool = (Boolean) pkSecnReqEvent.getAttrs().getValue("PASSTHRU", Boolean.FALSE);
        if (debug != null) {
            debug.text(0L, className, "writeSecnReq", "passThru = {0}", bool);
        }
        Boolean bool2 = (Boolean) pkSecnReqEvent.getAttrs().getValue(PkCertConstants.CERT_MESSAGE_PROTECTED, Boolean.FALSE);
        if (debug != null) {
            debug.text(0L, className, "writeSecnReq", "messageProtected {0}", bool2);
        }
        if (bool.booleanValue() || bool2.booleanValue()) {
            ((PKIMessage) pkSecnReqEvent.getMsg()).encode(outputStream);
            return;
        }
        synchronized (this) {
            bigInteger = this.certReqId;
            this.certReqId = this.certReqId.add(BigInteger.ONE);
        }
        PkAttrs attrs = pkSecnReqEvent.getAttrs();
        GeneralName generalName = new GeneralName((X500Name) attrs.getValue("x509.info.subject"));
        GeneralName generalName2 = (GeneralName) attrs.getValue(PkCertConstants.CERT_RECIPIENT_DN);
        CertTemplate certTemplate = new CertTemplate();
        if (attrs.has(PkCertConstants.CERT_NOT_BEFORE) || attrs.has(PkCertConstants.CERT_NOT_AFTER)) {
            certTemplate.setValidity(new OptionalValidity((Date) attrs.getValue(PkCertConstants.CERT_NOT_BEFORE, null), (Date) attrs.getValue(PkCertConstants.CERT_NOT_AFTER, null)));
        }
        addToTempl(certTemplate, attrs);
        CertRequest certRequest = new CertRequest(bigInteger, certTemplate, null);
        try {
            DerOutputStream derOutputStream = new DerOutputStream();
            certRequest.encode(derOutputStream);
            KeyUsageExtension keyUsageExtension = (KeyUsageExtension) attrs.getValue("x509.info.extensions.KeyUsage", null);
            if (keyUsageExtension != null) {
                boolean[] bits = keyUsageExtension.getBits();
                z = bits.length == 0 ? true : bits[0];
            } else {
                z = true;
            }
            ProofOfPossession proofOfPossession = null;
            PrivateKey privateKey = (PrivateKey) attrs.getValue(PkCertConstants.CERT_PRIVATE_KEY, null);
            if (privateKey != null) {
                if (z) {
                    try {
                        if (privateKey instanceof RSAPrivateKey) {
                            str = "SHA1withRSA";
                            algorithmId = new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid);
                        } else {
                            str = "SHA1withDSA";
                            algorithmId = new AlgorithmId(AlgorithmId.sha1WithDSA_oid);
                        }
                        Signature signature = Signature.getInstance(str, (String) attrs.getValue(PkCertConstants.CERT_PROVIDER));
                        signature.initSign(privateKey);
                        signature.update(derOutputStream.toByteArray());
                        proofOfPossession = new ProofOfPossession(1, new POPOSigningKey(null, algorithmId, signature.sign()));
                    } catch (Exception e) {
                        if (e instanceof PkException) {
                            if (debug != null) {
                                debug.text(0L, className, "writeSecnReq", e.getMessage());
                            }
                            throw ((PkException) e);
                        }
                        PkException pkException = new PkException(e);
                        if (debug != null) {
                            debug.text(0L, className, "writeSecnReq", pkException.getMessage());
                        }
                        throw pkException;
                    }
                } else {
                    proofOfPossession = new ProofOfPossession(2, new POPOPrivKey(1, new Integer(0)));
                }
            }
            CertReqMessages certReqMessages = new CertReqMessages(new CertReqMsg[]{new CertReqMsg(certRequest, proofOfPossession, null)});
            String str2 = (String) attrs.getValue(PkCertConstants.CERT_MESSAGE_PROTECTION_ALGORITHM_NAME);
            PKIHeader pKIHeader = new PKIHeader(PkConstants.BIG_ONE, generalName, generalName2, new Date(), (AlgorithmId) attrs.getValue(PkCertConstants.CERT_MESSAGE_PROTECTION_ALGORITHM_ID), (KeyIdentifier) attrs.getValue(PkCertConstants.CERT_SENDER_KID), null, new Long(new Date().getTime()).toString().getBytes(), new Date().toString().getBytes(), null, null, null);
            DerOutputStream derOutputStream2 = new DerOutputStream();
            pKIHeader.encode(derOutputStream2);
            new PKIBody(getBodyType(pkSecnReqEvent), certReqMessages).encode(derOutputStream2);
            DerOutputStream derOutputStream3 = new DerOutputStream();
            derOutputStream3.write((byte) 48, derOutputStream2);
            byte[] byteArray = derOutputStream3.toByteArray();
            try {
                Signature signature2 = Signature.getInstance(str2, (String) attrs.getValue(PkCertConstants.CERT_PROVIDER));
                PrivateKey privateKey2 = (PrivateKey) attrs.getValue(PkCertConstants.CERT_MESSAGE_PROTECTION_KEY, null);
                if (privateKey2 == null) {
                    PkRejectionException pkRejectionException = new PkRejectionException(PkNLSConstants.MISSING_PRIVATE_KEY);
                    if (debug != null) {
                        debug.text(0L, className, "writeSecnReq", pkRejectionException.getMessage());
                    }
                    throw pkRejectionException;
                }
                signature2.initSign(privateKey2);
                signature2.update(byteArray);
                PKIMessage pKIMessage = new PKIMessage(pKIHeader, getBodyType(pkSecnReqEvent), certReqMessages, signature2.sign(), null);
                if (debug != null) {
                    debug.text(0L, className, "writeSecnReq", "From writeSecnReq(CR) {0}", pKIMessage);
                }
                pKIMessage.encode(outputStream);
            } catch (NoSuchAlgorithmException e2) {
                if (debug != null) {
                    debug.text(0L, className, "writeSecnReq", "Exception from writeCertReq (CR case) in cmpeventformatter");
                }
                if (debug != null) {
                    debug.text(0L, className, "writeSecnReq", e2.getMessage());
                    debug.text(0L, className, "writeSecnReq", e2.getMessage());
                }
                PkRejectionException pkRejectionException2 = new PkRejectionException(PkNLSConstants.NO_SUCH_ALGORITHM_EXCEPTION);
                if (debug != null) {
                    debug.text(0L, className, "writeSecnReq", pkRejectionException2.getMessage());
                }
                throw pkRejectionException2;
            } catch (GeneralSecurityException e3) {
                if (debug != null) {
                    debug.text(0L, className, "writeSecnReq", "Exception from writeCertReq (CR case) in cmpeventformatter");
                }
                if (debug != null) {
                    debug.text(0L, className, "writeSecnReq", e3.getMessage());
                    debug.text(0L, className, "writeSecnReq", e3.getMessage());
                }
                PkRejectionException pkRejectionException3 = new PkRejectionException(PkNLSConstants.GENERAL_SECURITY_EXCEPTION);
                if (debug != null) {
                    debug.text(0L, className, "writeSecnReq", pkRejectionException3.getMessage());
                }
                throw pkRejectionException3;
            }
        } catch (NoSuchElementException e4) {
            if (debug != null) {
                debug.text(0L, className, "writeSecnReq", e4.getMessage());
            }
            throw new PkException(e4);
        }
    }

    @Override // com.ibm.security.certclient.base.PkEventFormatter
    public void writeXcerReq(PkXcerReqEvent pkXcerReqEvent, OutputStream outputStream) throws IOException, PkException {
        BigInteger bigInteger;
        synchronized (this) {
            bigInteger = this.certReqId;
            this.certReqId = this.certReqId.add(BigInteger.ONE);
        }
        PkAttrs attrs = pkXcerReqEvent.getAttrs();
        try {
            GeneralName generalName = new GeneralName((X500Name) attrs.getValue("x509.info.subject"));
            GeneralName generalName2 = (GeneralName) attrs.getValue(PkCertConstants.CERT_RECIPIENT_DN);
            KeyIdentifier keyIdentifier = (KeyIdentifier) attrs.getValue(PkCertConstants.CERT_SENDER_KID);
            CertTemplate certTemplate = new CertTemplate();
            if (attrs.has(PkCertConstants.CERT_NOT_BEFORE) || attrs.has(PkCertConstants.CERT_NOT_AFTER)) {
                certTemplate.setValidity(new OptionalValidity((Date) attrs.getValue(PkCertConstants.CERT_NOT_BEFORE, null), (Date) attrs.getValue(PkCertConstants.CERT_NOT_AFTER, null)));
            }
            addToTempl(certTemplate, attrs);
            try {
            } catch (IOException e) {
                certTemplate.addExtension(new Extension[]{new BasicConstraintsExtension(true, 1)});
            }
            if (!((Boolean) ((BasicConstraintsExtension) certTemplate.getExtensions().get(BasicConstraintsExtension.NAME)).get(BasicConstraintsExtension.IS_CA)).booleanValue()) {
                PkRejectionException pkRejectionException = new PkRejectionException(PkNLSConstants.BASIC_CONSTRAINTS_EXTENSION_MUST_BE_FOR_CA);
                if (debug != null) {
                    debug.text(0L, className, "writeXcerReq", pkRejectionException.getMessage());
                }
                throw pkRejectionException;
            }
            try {
                KeyUsageExtension keyUsageExtension = (KeyUsageExtension) attrs.getValue("x509.info.extensions.KeyUsage", null);
                if (keyUsageExtension == null) {
                    KeyUsageExtension keyUsageExtension2 = new KeyUsageExtension();
                    keyUsageExtension2.set(KeyUsageExtension.KEY_CERTSIGN, Boolean.TRUE);
                    certTemplate.addExtension(new Extension[]{keyUsageExtension2});
                } else {
                    boolean[] bits = keyUsageExtension.getBits();
                    int length = bits.length;
                    if (length == 0) {
                        KeyUsageExtension keyUsageExtension3 = new KeyUsageExtension();
                        keyUsageExtension3.set(KeyUsageExtension.KEY_CERTSIGN, Boolean.TRUE);
                        certTemplate.addExtension(new Extension[]{keyUsageExtension3});
                    } else {
                        int i = 0;
                        for (int i2 = 0; i2 < length; i2++) {
                            if (bits[i2]) {
                                i += i2;
                            }
                        }
                        if (i != 5 && i != 6 && i != 11) {
                            PkRejectionException pkRejectionException2 = new PkRejectionException(PkNLSConstants.CERT_BAD_KEY_USAGE);
                            if (debug != null) {
                                debug.text(0L, className, "writeXCerReq", pkRejectionException2.getMessage());
                            }
                            throw pkRejectionException2;
                        }
                        if (debug != null) {
                            debug.text(0L, className, "writeXCerReq", "keyUsageExtension is ok. sum ={0} ", new Integer(i));
                        }
                    }
                }
                CertRequest certRequest = new CertRequest(bigInteger, certTemplate, null);
                certRequest.encode(new DerOutputStream());
                String str = (String) attrs.getValue(PkCertConstants.CERT_PROVIDER, null);
                if (str == null || str.length() == 0) {
                    PkRejectionException pkRejectionException3 = new PkRejectionException(PkNLSConstants.NEED_PROVIDER);
                    if (debug != null) {
                        debug.text(0L, className, "writeXcerReq", pkRejectionException3.getMessage());
                    }
                    throw pkRejectionException3;
                }
                CertReqMessages certReqMessages = new CertReqMessages(new CertReqMsg[]{new CertReqMsg(certRequest, null, null)});
                PKIHeader pKIHeader = new PKIHeader((BigInteger) attrs.getValue(PkCertConstants.CERT_CMP_VERSION, PkConstants.BIG_ONE), generalName, generalName2, new Date(), generateProtectionAlg(str), keyIdentifier, null, new Long(new Date().getTime()).toString().getBytes(), new Date().toString().getBytes(), null, null, null);
                if (debug != null) {
                    debug.text(0L, className, "writeXCerReq", "pkiHeader ={0} ", pKIHeader);
                }
                PKIMessage pKIMessage = new PKIMessage(pKIHeader, getBodyType(pkXcerReqEvent), certReqMessages, null, null);
                try {
                    String str2 = (String) attrs.getValue(PkCertConstants.CERT_INIT_PWD);
                    PKIMessage protect = str2 != null ? pKIMessage.protect(str2.getBytes()) : null;
                    if (debug != null) {
                        debug.text(0L, className, "writeXCertReq", "pkiMessage1 ={0} ", protect);
                    }
                    protect.encode(outputStream);
                } catch (Exception e2) {
                    PkException pkException = new PkException(e2);
                    if (debug != null) {
                        debug.text(0L, className, "writeXCertReq", pkException.getMessage());
                    }
                    throw pkException;
                }
            } catch (NoSuchElementException e3) {
                PkException pkException2 = new PkException(e3);
                if (debug != null) {
                    debug.text(0L, className, "writeXCerReq", pkException2.getMessage());
                }
                throw pkException2;
            }
        } catch (NoSuchElementException e4) {
            PkException pkException3 = new PkException(e4);
            if (debug != null) {
                debug.text(0L, className, "writeXCertReq", pkException3.getMessage());
            }
            throw pkException3;
        }
    }

    @Override // com.ibm.security.certclient.base.PkEventFormatter
    public void writeCertRep(PkCertRepEvent pkCertRepEvent, OutputStream outputStream) throws IOException, PkException {
        String str;
        Boolean bool = (Boolean) pkCertRepEvent.getReq().getAttrs().getValue("PASSTHRU", Boolean.FALSE);
        if (debug != null) {
            debug.text(0L, className, "writeCertRep", "passThru = {0}", bool);
        }
        if (bool.booleanValue()) {
            ((PKIMessage) pkCertRepEvent.getMsg()).encode(outputStream);
            return;
        }
        X509CertImpl x509CertImpl = (X509CertImpl) pkCertRepEvent.getCert();
        pkCertRepEvent.getReq().getAttrs();
        CertifiedKeyPair certifiedKeyPair = new CertifiedKeyPair(new CertOrEncCert(x509CertImpl), null, new PKIPublicationInfo(0, new SinglePubInfo[1]));
        PkReqEvent req = pkCertRepEvent.getReq();
        PkAttrs attrs = req.getAttrs();
        this.certReqId = (BigInteger) attrs.getValue(PkCertConstants.CERT_REQ_ID);
        CertResponse certResponse = new CertResponse(this.certReqId, statusOk, certifiedKeyPair, null);
        Certificate[] certificateArr = (Certificate[]) attrs.getValue(PkCertConstants.CERT_CA_PUBS);
        CertRepMessage certRepMessage = new CertRepMessage(certificateArr, new CertResponse[]{certResponse});
        PKIMessage pKIMessage = null;
        if (req instanceof PkInitReqEvent) {
            if (((Boolean) attrs.getValue(PkCertConstants.CERT_VENDOR_TPKI_RA_ENROLL, Boolean.FALSE)).booleanValue()) {
                DerOutputStream derOutputStream = new DerOutputStream();
                PKIHeader pKIHeader = (PKIHeader) pkCertRepEvent.getReq().getAttrs().getValue(PkCertConstants.CERT_REP_HDR);
                pKIHeader.encode(derOutputStream);
                new PKIBody(1, certRepMessage).encode(derOutputStream);
                DerOutputStream derOutputStream2 = new DerOutputStream();
                derOutputStream2.write((byte) 48, derOutputStream);
                byte[] byteArray = derOutputStream2.toByteArray();
                byte[] bArr = null;
                try {
                    String provider = PkEeFactory.getProvider();
                    PrivateKey privateKey = (PrivateKey) attrs.getValue(PkCertConstants.CERT_PRIVATE_KEY, null);
                    if (privateKey != null) {
                        if (privateKey instanceof RSAPrivateKey) {
                            str = "sha1WithRSA";
                            new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid);
                        } else {
                            str = "sha1WithDSA";
                            new AlgorithmId(AlgorithmId.sha1WithDSA_oid);
                        }
                        Signature signature = Signature.getInstance(str, provider);
                        signature.initSign(privateKey);
                        signature.update(byteArray);
                        bArr = signature.sign();
                    }
                    new Certificate[1][0] = x509CertImpl;
                    pKIMessage = new PKIMessage(pKIHeader, 1, certRepMessage, bArr, certificateArr);
                } catch (GeneralSecurityException e) {
                    PkException pkException = new PkException(e);
                    if (debug != null) {
                        debug.text(0L, className, "writeCertReq", pkException.getMessage());
                    }
                    throw pkException;
                }
            } else {
                PKIMessage pKIMessage2 = new PKIMessage((PKIHeader) pkCertRepEvent.getReq().getAttrs().getValue(PkCertConstants.CERT_REP_HDR), 1, certRepMessage, null, null);
                try {
                    String str2 = (String) attrs.getValue(PkCertConstants.CERT_INIT_PWD, null);
                    pKIMessage = str2 == null ? pKIMessage2 : pKIMessage2.protect(str2.getBytes());
                } catch (Exception e2) {
                    if (e2 instanceof PkException) {
                        if (debug != null) {
                            debug.text(0L, className, "writeCertReq", e2.getMessage());
                        }
                        throw ((PkException) e2);
                    }
                    PkException pkException2 = new PkException(e2);
                    if (debug != null) {
                        debug.text(0L, className, "writeCertReq", pkException2.getMessage());
                    }
                    throw pkException2;
                }
            }
        } else if (req instanceof PkSecnReqEvent) {
            pKIMessage = new PKIMessage((PKIHeader) pkCertRepEvent.getReq().getAttrs().getValue(PkCertConstants.CERT_REP_HDR), 3, certRepMessage, null, null);
        }
        if (debug != null) {
            debug.text(0L, className, "writeCertRep", "######## in writeCertRep....., pkiMessage = {0}", pKIMessage);
            debug.text(0L, className, "writeCertRep", "writeCertRep/secnReqEvent...., rep = {0}", pkCertRepEvent);
        }
        pKIMessage.encode(outputStream);
    }

    public void writeSecnRep(PkCertRepEvent pkCertRepEvent, OutputStream outputStream) throws IOException {
        Boolean bool = (Boolean) pkCertRepEvent.getReq().getAttrs().getValue("PASSTHRU", Boolean.FALSE);
        if (debug != null) {
            debug.text(0L, className, "writeSecnRep", "passThru = {0}", bool);
        }
        if (bool.booleanValue()) {
            ((PKIMessage) pkCertRepEvent.getMsg()).encode(outputStream);
            return;
        }
        CertifiedKeyPair certifiedKeyPair = new CertifiedKeyPair(new CertOrEncCert((X509CertImpl) pkCertRepEvent.getCert()), null, null);
        this.certReqId = this.certReqId.add(BigInteger.ONE);
        PKIMessage pKIMessage = new PKIMessage((PKIHeader) pkCertRepEvent.getReq().getAttrs().getValue(PkCertConstants.CERT_REP_HDR), 3, new CertRepMessage(null, new CertResponse[]{new CertResponse(this.certReqId, statusOk, certifiedKeyPair, null)}), null, null);
        if (debug != null) {
            debug.text(0L, className, "writeSecnRep", "######## in writeSecnRep....., pkiMessage = {0}", pKIMessage);
        }
        pKIMessage.encode(outputStream);
    }

    @Override // com.ibm.security.certclient.base.PkEventFormatter
    public void writeXcerRep(PkXcerRepEvent pkXcerRepEvent, OutputStream outputStream) throws IOException, PkException {
        Boolean bool = (Boolean) pkXcerRepEvent.getReq().getAttrs().getValue("PASSTHRU", Boolean.FALSE);
        if (debug != null) {
            debug.text(0L, className, "writeXCerRep", "passThru = {0}", bool);
        }
        if (bool.booleanValue()) {
            ((PKIMessage) pkXcerRepEvent.getMsg()).encode(outputStream);
            return;
        }
        X509CertImpl x509CertImpl = (X509CertImpl) pkXcerRepEvent.getCert();
        pkXcerRepEvent.getReq().getAttrs();
        CertifiedKeyPair certifiedKeyPair = new CertifiedKeyPair(new CertOrEncCert(x509CertImpl), null, new PKIPublicationInfo(0, new SinglePubInfo[1]));
        PkAttrs attrs = pkXcerRepEvent.getReq().getAttrs();
        this.certReqId = (BigInteger) attrs.getValue(PkCertConstants.CERT_REQ_ID);
        PKIMessage pKIMessage = new PKIMessage((PKIHeader) pkXcerRepEvent.getReq().getAttrs().getValue(PkCertConstants.CERT_REP_HDR), 14, new CertRepMessage((Certificate[]) attrs.getValue(PkCertConstants.CERT_CA_PUBS), new CertResponse[]{new CertResponse(this.certReqId, statusOk, certifiedKeyPair, null)}), null, null);
        try {
            String str = (String) attrs.getValue(PkCertConstants.CERT_INIT_PWD, null);
            PKIMessage protect = str == null ? pKIMessage : pKIMessage.protect(str.getBytes());
            if (debug != null) {
                debug.text(0L, className, "writeXCerRep", "######## in writeXcerRep....., pkiMessage = {0}", protect);
            }
            protect.encode(outputStream);
        } catch (Exception e) {
            if (e instanceof PkException) {
                if (debug != null) {
                    debug.text(0L, className, "writeXCerRep", e.getMessage());
                }
                throw ((PkException) e);
            }
            PkException pkException = new PkException(e);
            if (debug != null) {
                debug.text(0L, className, "writeXCerRep", pkException.getMessage());
            }
            throw pkException;
        }
    }

    @Override // com.ibm.security.certclient.base.PkEventFormatter
    public void writeRevoReq(PkRevoReqEvent pkRevoReqEvent, OutputStream outputStream) throws IOException, PkException {
        ReasonFlags reasonFlags;
        ReasonFlags reasonFlags2;
        PKIHeader pKIHeader;
        boolean z = false;
        CertTemplate certTemplate = new CertTemplate();
        PkAttrs attrs = pkRevoReqEvent.getAttrs();
        boolean z2 = ((String) attrs.getValue("FROM_BROWSER", null)) != null;
        if (z2) {
            if (attrs.has(PkCertConstants.CERT_NOT_BEFORE) || attrs.has(PkCertConstants.CERT_NOT_AFTER)) {
                certTemplate.setValidity(new OptionalValidity((Date) attrs.getValue(PkCertConstants.CERT_NOT_BEFORE, null), (Date) attrs.getValue(PkCertConstants.CERT_NOT_AFTER, null)));
            }
            addToTempl(certTemplate, attrs);
            Date date = !z2 ? (Date) attrs.getValue(PkRevoConstants.REVO_BAD_SINCE_DATE) : new Date(2L);
            Integer num = (Integer) attrs.getValue(PkRevoConstants.REVO_REASON, null);
            if (num == null) {
                reasonFlags = null;
            } else {
                int intValue = num.intValue();
                boolean[] zArr = new boolean[8];
                for (int i = 0; i < zArr.length; i++) {
                    zArr[i] = false;
                }
                if (intValue != 8) {
                    zArr[intValue] = true;
                } else {
                    z = true;
                    zArr[0] = true;
                }
                reasonFlags = new ReasonFlags(zArr);
            }
            CRLExtensions cRLExtensions = (CRLExtensions) attrs.getValue(PkRevoConstants.REVO_CRL_EXT, null);
            if (z) {
                CRLReasonCodeExtension cRLReasonCodeExtension = new CRLReasonCodeExtension(false, 8);
                if (cRLExtensions == null) {
                    cRLExtensions = new CRLExtensions();
                }
                cRLExtensions.set(CRLReasonCodeExtension.NAME, cRLReasonCodeExtension);
            }
            PKIMessage pKIMessage = new PKIMessage(new PKIHeader(PkConstants.BIG_ONE, new GeneralName(new X500Name("")), new GeneralName(new X500Name("")), null, null, null, null, null, null, null, null, null), 11, new RevReqContent(new RevDetails[]{new RevDetails(certTemplate, reasonFlags, date, cRLExtensions)}), null, null);
            if (debug != null) {
                debug.text(0L, className, "writeRevoReq", "bodyType {0}", new Integer(pKIMessage.getBodyType()));
            }
            pKIMessage.encode(outputStream);
            return;
        }
        Boolean bool = (Boolean) attrs.getValue(PkCertConstants.CERT_MESSAGE_PROTECTED, Boolean.FALSE);
        if (debug != null) {
            debug.text(0L, className, "writeRevoReq", "messageProtected {0}", bool);
        }
        Boolean bool2 = (Boolean) attrs.getValue("PASSTHRU", Boolean.FALSE);
        if (debug != null) {
            debug.text(0L, className, "writeRevoReq", "passThru {0}", bool2);
        }
        if (bool.booleanValue() || bool2.booleanValue()) {
            if (debug != null) {
                debug.text(0L, className, "writeRevoReq", "Send message through");
            }
            ((PKIMessage) pkRevoReqEvent.getMsg()).encode(outputStream);
            return;
        }
        InfoTypeAndValue[] infoTypeAndValueArr = (InfoTypeAndValue[]) attrs.getValue(PkCertConstants.CERT_REVOCATION_PASSPHRASE, null);
        PrivateKey privateKey = (PrivateKey) attrs.getValue(PkCertConstants.CERT_PRIVATE_KEY, null);
        if (infoTypeAndValueArr == null && privateKey == null) {
            throw new PkRejectionException(PkNLSConstants.MSG_CANNOT_BE_PROTECTED);
        }
        String str = null;
        if (infoTypeAndValueArr != null) {
            try {
                str = new String(((EncryptedValue) new RevPassphraseInfoValue(infoTypeAndValueArr[0].getValue()).getValue()).getEncValue());
            } catch (IOException e) {
                str = null;
            }
        }
        if (attrs.has(PkCertConstants.CERT_NOT_BEFORE) || attrs.has(PkCertConstants.CERT_NOT_AFTER)) {
            certTemplate.setValidity(new OptionalValidity((Date) attrs.getValue(PkCertConstants.CERT_NOT_BEFORE, null), (Date) attrs.getValue(PkCertConstants.CERT_NOT_AFTER, null)));
        }
        addToTempl(certTemplate, attrs);
        Date date2 = (Date) attrs.getValue(PkRevoConstants.REVO_BAD_SINCE_DATE, null);
        if (date2 == null) {
            PkException pkException = new PkException(PkNLSConstants.MISSING_BAD_SINCE_DATE);
            if (debug != null) {
                debug.text(0L, className, "writeRevoReq", pkException.getMessage());
            }
            throw pkException;
        }
        Integer num2 = (Integer) attrs.getValue(PkRevoConstants.REVO_REASON, null);
        if (num2 == null) {
            reasonFlags2 = null;
        } else {
            int intValue2 = num2.intValue();
            if (intValue2 < 0 || intValue2 > 8 || intValue2 == 7) {
                PkRejectionException pkRejectionException = new PkRejectionException(PkNLSConstants.INCORRECT_REASON);
                if (debug != null) {
                    debug.text(0L, className, "writeRevoReq", pkRejectionException.getMessage());
                }
                throw pkRejectionException;
            }
            boolean[] zArr2 = new boolean[8];
            for (int i2 = 0; i2 < zArr2.length; i2++) {
                zArr2[i2] = false;
            }
            if (intValue2 != 8) {
                zArr2[intValue2] = true;
            } else {
                z = true;
                zArr2[0] = true;
            }
            reasonFlags2 = new ReasonFlags(zArr2);
        }
        CRLExtensions cRLExtensions2 = (CRLExtensions) attrs.getValue(PkRevoConstants.REVO_CRL_EXT, null);
        if (z) {
            CRLReasonCodeExtension cRLReasonCodeExtension2 = new CRLReasonCodeExtension(false, 8);
            if (cRLExtensions2 == null) {
                cRLExtensions2 = new CRLExtensions();
            }
            cRLExtensions2.set(CRLReasonCodeExtension.NAME, cRLReasonCodeExtension2);
        }
        PKIHeader pKIHeader2 = (PKIHeader) attrs.getValue("TMP_MSG_HDR");
        String str2 = (String) attrs.getValue(PkCertConstants.CERT_ALGORITHM_NAME, null);
        AlgorithmId algorithmId = (AlgorithmId) attrs.getValue("x509.info.algorithmID", null);
        if (algorithmId == null) {
            if ("SHA1withRSA".equalsIgnoreCase(str2)) {
                algorithmId = new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid);
            } else if ("MD5withRSA".equalsIgnoreCase(str2)) {
                algorithmId = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
            } else if ("MD2withRSA".equalsIgnoreCase(str2)) {
                algorithmId = new AlgorithmId(AlgorithmId.md2WithRSAEncryption_oid);
            } else if ("sha1WithDSA".equalsIgnoreCase(str2)) {
                algorithmId = new AlgorithmId(AlgorithmId.sha1WithDSA_oid);
            }
        }
        KeyIdentifier keyIdentifier = (KeyIdentifier) attrs.getValue(PkCertConstants.CERT_SENDER_KID, null);
        BigInteger bigInteger = (BigInteger) attrs.getValue(PkCertConstants.CERT_CMP_VERSION);
        if (privateKey != null || str == null) {
            pKIHeader = new PKIHeader(bigInteger, pKIHeader2.getSender(), pKIHeader2.getRecipient(), new Date(), algorithmId, keyIdentifier, null, new Long(new Date().getTime()).toString().getBytes(), pKIHeader2.getSenderNonce(), null, null, null);
            if (debug != null) {
                debug.text(0L, className, "writeRevoReq", "private-key-case");
            }
        } else {
            pKIHeader = new PKIHeader(bigInteger, pKIHeader2.getSender(), pKIHeader2.getRecipient(), new Date(), generateProtectionAlg(PkEeFactory.getProvider()), keyIdentifier, null, new Long(new Date().getTime()).toString().getBytes(), pKIHeader2.getSenderNonce(), null, null, infoTypeAndValueArr);
        }
        RevReqContent revReqContent = new RevReqContent(new RevDetails[]{new RevDetails(certTemplate, reasonFlags2, date2, cRLExtensions2)});
        X509CertImpl x509CertImpl = (X509CertImpl) attrs.getValue("CERT_X509", null);
        Certificate[] certificateArr = {x509CertImpl};
        if (x509CertImpl == null) {
            certificateArr = null;
        }
        DerOutputStream derOutputStream = new DerOutputStream();
        pKIHeader.encode(derOutputStream);
        new PKIBody(getBodyType(pkRevoReqEvent), revReqContent).encode(derOutputStream);
        DerOutputStream derOutputStream2 = new DerOutputStream();
        derOutputStream2.write((byte) 48, derOutputStream);
        if (privateKey == null && str != null) {
            try {
                new PKIMessage(pKIHeader, getBodyType(pkRevoReqEvent), revReqContent, null, certificateArr).protect(str.getBytes()).encode(outputStream);
                return;
            } catch (Exception e2) {
                PkException pkException2 = new PkException(e2);
                if (debug != null) {
                    debug.text(0L, className, "writeRevoReq", pkException2.getMessage());
                }
                throw pkException2;
            }
        }
        byte[] byteArray = derOutputStream2.toByteArray();
        byte[] bArr = null;
        if (privateKey != null) {
            try {
                Signature signature = Signature.getInstance(str2, (String) attrs.getValue(PkCertConstants.CERT_PROVIDER, PkEeFactory.getProvider()));
                signature.initSign(privateKey);
                signature.update(byteArray);
                bArr = signature.sign();
            } catch (GeneralSecurityException e3) {
                PkException pkException3 = new PkException(e3);
                if (debug != null) {
                    debug.text(0L, className, "writeRevoReq", pkException3.getMessage());
                }
                throw pkException3;
            }
        }
        new PKIMessage(pKIHeader, getBodyType(pkRevoReqEvent), revReqContent, bArr, certificateArr).encode(outputStream);
    }

    @Override // com.ibm.security.certclient.base.PkEventFormatter
    public void writeConfReq(PkConfReqEvent pkConfReqEvent, OutputStream outputStream) throws IOException {
        ((PKIMessage) pkConfReqEvent.getMsg()).encode(outputStream);
    }

    @Override // com.ibm.security.certclient.base.PkEventFormatter
    public void writeConfRep(PkConfRepEvent pkConfRepEvent, OutputStream outputStream) throws IOException {
        PKIMessage pKIMessage;
        if (debug != null) {
            debug.text(0L, className, "writeConfRep", "############ from writeConfRep....");
        }
        PKIHeader header = ((PKIMessage) pkConfRepEvent.getReq().getMsg()).getHeader();
        BigInteger pvno = header.getPvno();
        PKIMessage pKIMessage2 = (PKIMessage) pkConfRepEvent.getMsg();
        if (pvno.equals(PkConstants.BIG_ONE)) {
            if (pKIMessage2 == null) {
                if (debug != null) {
                    debug.text(0L, className, "writeConfRep", "message is null");
                    return;
                }
                return;
            } else {
                if (debug != null) {
                    debug.text(0L, className, "writeConfRep", "############ from writeConfRep..msg is {0}", pKIMessage2);
                }
                pKIMessage2.encode(outputStream);
                return;
            }
        }
        if (pvno.equals(PkConstants.BIG_TWO)) {
            if (pKIMessage2 != null) {
                if (debug != null) {
                    debug.text(0L, className, "writeConfRep", "############ from writeConfRep..msg is {0}", pKIMessage2);
                }
                pKIMessage2.encode(outputStream);
            } else {
                if (debug != null) {
                    debug.text(0L, className, "writeConfRep", "message is null. v2");
                }
                PKIMessage pKIMessage3 = new PKIMessage(header, 19, null, null, null);
                try {
                    pKIMessage = pKIMessage3.protect("password1234".getBytes());
                } catch (Exception e) {
                    pKIMessage = pKIMessage3;
                }
                pKIMessage.encode(outputStream);
            }
        }
    }

    @Override // com.ibm.security.certclient.base.PkEventFormatter
    public void writeRevoRep(PkRevoRepEvent pkRevoRepEvent, OutputStream outputStream) throws IOException {
        PKIHeader header = ((PKIMessage) pkRevoRepEvent.getReq().getMsg()).getHeader();
        BigInteger pvno = header.getPvno();
        RevRepContent revRepContent = new RevRepContent(new PKIStatusInfo[]{new PKIStatusInfo(0, null, null)}, null, null);
        if (pvno.equals(PkConstants.BIG_ONE)) {
            PKIHeader pKIHeader = new PKIHeader(header.getPvno(), header.getRecipient(), header.getSender(), null, generateProtectionAlg(PkEeFactory.getProvider()), null, header.getSenderKID(), header.getTransactionID(), new Date().toString().getBytes(), header.getSenderNonce(), null, null);
            PKIMessage pKIMessage = new PKIMessage(pKIHeader, 12, revRepContent, null, null);
            if (debug != null) {
                debug.text(0L, className, "writeRevoRep", "writeRevoRep-header {0}", pKIHeader);
            }
            try {
                pKIMessage.protect("password".getBytes()).encode(outputStream);
                return;
            } catch (Exception e) {
                return;
            }
        }
        if (!pvno.equals(PkConstants.BIG_TWO)) {
            if (debug != null) {
                debug.text(0L, className, "writeRevoRep", "CMP version should be 1 or 2");
            }
        } else {
            PKIHeader pKIHeader2 = new PKIHeader(header.getPvno(), header.getRecipient(), header.getSender(), null, generateProtectionAlg(PkEeFactory.getProvider()), null, header.getSenderKID(), header.getTransactionID(), new Date().toString().getBytes(), header.getSenderNonce(), null, null);
            PKIMessage pKIMessage2 = new PKIMessage(pKIHeader2, 12, revRepContent, null, null);
            if (debug != null) {
                debug.text(0L, className, "writeRevoRep", "writeRevoRep-header {0}", pKIHeader2);
            }
            try {
                pKIMessage2.protect("password".getBytes()).encode(outputStream);
            } catch (Exception e2) {
            }
        }
    }

    private static PkAttrs getAttrsFromCertReqMessages(CertReqMessages certReqMessages) throws IOException {
        CertRequest certReq = certReqMessages.getCertReqMsgs()[0].getCertReq();
        BigInteger certReqId = certReq.getCertReqId();
        PkAttrs attrsFromCertTemplate = getAttrsFromCertTemplate(certReq.getCertTemplate());
        attrsFromCertTemplate.add(PkCertConstants.CERT_REQ_ID, 2, certReqId);
        return attrsFromCertTemplate;
    }

    private static PkAttrs getAttrsFromRevReqContent(RevReqContent revReqContent) throws IOException {
        RevDetails[] revDetails = revReqContent.getRevDetails();
        PkAttrs attrsFromCertTemplate = getAttrsFromCertTemplate(revDetails[0].getCertDetails());
        Date badSinceDate = revDetails[0].getBadSinceDate();
        String date = badSinceDate.toString();
        String date2 = new Date(2L).toString();
        date.compareTo(date2);
        if (date.compareTo(date2) == 0) {
            attrsFromCertTemplate.add("FROM_BROWSER", 1, "yes");
            if (debug != null) {
                debug.text(0L, className, "getAttrsFromRevReqContent", "from getAttrsFromCertTemplate. year is 69");
            }
            badSinceDate = new Date();
        } else if (debug != null) {
            debug.text(0L, className, "getAttrsFromRevReqContent", "badSince String is {0}", date);
            debug.text(0L, className, "getAttrsFromRevReqContent", "new Date(2)  String is {0}", new Date(2L).toString());
        }
        attrsFromCertTemplate.add(PkRevoConstants.REVO_BAD_SINCE_DATE, 1, badSinceDate);
        CRLExtensions crlEntryDetails = revDetails[0].getCrlEntryDetails();
        boolean z = false;
        if (crlEntryDetails != null) {
            attrsFromCertTemplate.add(PkRevoConstants.REVO_CRL_EXT, 1, crlEntryDetails);
            Extension extension = crlEntryDetails.get(CRLReasonCodeExtension.NAME);
            if (extension instanceof CRLReasonCodeExtension) {
                attrsFromCertTemplate.add(PkRevoConstants.REVO_REASON, 1, (Integer) ((CRLReasonCodeExtension) extension).get(CRLReasonCodeExtension.REASON));
                z = true;
            }
        }
        if (!z) {
            ReasonFlags reason = revDetails[0].getReason();
            int i = 0;
            if (reason != null && reason.getReasonFlags() != null) {
                boolean[] booleanArray = reason.getReasonFlags().toBooleanArray();
                i = 0;
                int i2 = 0;
                while (true) {
                    if (i2 >= booleanArray.length) {
                        break;
                    }
                    if (booleanArray[i2]) {
                        i = i2;
                        break;
                    }
                    i2++;
                }
            }
            attrsFromCertTemplate.add(PkRevoConstants.REVO_REASON, 1, new Integer(i));
        }
        return attrsFromCertTemplate;
    }

    private static PkAttrs getAttrsFromRevReqContent(RevReqContentv2 revReqContentv2) throws IOException {
        RevDetailsv2[] revDetails = revReqContentv2.getRevDetails();
        PkAttrs attrsFromCertTemplate = getAttrsFromCertTemplate(revDetails[0].getCertDetails());
        Date date = new Date();
        String date2 = date.toString();
        String date3 = new Date(2L).toString();
        date2.compareTo(date3);
        if (date2.compareTo(date3) == 0) {
            attrsFromCertTemplate.add("FROM_BROWSER", 1, "yes");
            if (debug != null) {
                debug.text(0L, className, "getAttrsFromRevReqContent", "from getAttrsFromCertTemplate. year is 69");
            }
            date = new Date();
        } else if (debug != null) {
            debug.text(0L, className, "getAttrsFromRevReqContent", "badSince String is {0}", date2);
            debug.text(0L, className, "getAttrsFromRevReqContent", "new Date(2)  String is {0}", new Date(2L).toString());
        }
        attrsFromCertTemplate.add(PkRevoConstants.REVO_BAD_SINCE_DATE, 1, date);
        CRLExtensions crlEntryDetails = revDetails[0].getCrlEntryDetails();
        if (crlEntryDetails != null) {
            attrsFromCertTemplate.add(PkRevoConstants.REVO_CRL_EXT, 1, crlEntryDetails);
            Extension extension = crlEntryDetails.get(CRLReasonCodeExtension.NAME);
            if (extension instanceof CRLReasonCodeExtension) {
                attrsFromCertTemplate.add(PkRevoConstants.REVO_REASON, 1, (Integer) ((CRLReasonCodeExtension) extension).get(CRLReasonCodeExtension.REASON));
            }
        }
        return attrsFromCertTemplate;
    }

    private static PkAttrs getAttrsFromCertTemplate(CertTemplate certTemplate) throws IOException {
        if (debug != null) {
            debug.text(0L, className, "getAttrsFromCertTemplate", "########## from getAttrsFromCertTemplate.");
        }
        PkAttrs pkAttrs = new PkAttrs();
        BigInteger version = certTemplate.getVersion();
        if (version != null) {
            add(pkAttrs, "x509.info.version", new Integer(version.intValue()));
        }
        add(pkAttrs, "x509.info.serialNumber", certTemplate.getSerialNumber());
        add(pkAttrs, "x509.info.algorithmID", certTemplate.getSigningAlg());
        add(pkAttrs, "x509.info.issuer", certTemplate.getIssuer());
        OptionalValidity validity = certTemplate.getValidity();
        if (validity != null) {
            add(pkAttrs, PkCertConstants.CERT_NOT_BEFORE, validity.getNotBefore());
            add(pkAttrs, PkCertConstants.CERT_NOT_AFTER, validity.getNotAfter());
        }
        add(pkAttrs, "x509.info.subject", certTemplate.getSubject());
        try {
            add(pkAttrs, "x509.info.key", certTemplate.getPublicKey());
        } catch (InvalidKeyException e) {
            if (debug != null) {
                debug.exception(1L, className, "getAttrsFromCertTemplate", e);
            }
        }
        byte[] issuerUID = certTemplate.getIssuerUID();
        if (issuerUID != null) {
            add(pkAttrs, "x509.info.issuerID", new UniqueIdentity(issuerUID));
        }
        byte[] subjectUID = certTemplate.getSubjectUID();
        if (subjectUID != null) {
            add(pkAttrs, "x509.info.subjectID", new UniqueIdentity(subjectUID));
        }
        try {
            CertificateExtensions extensions = certTemplate.getExtensions();
            if (debug != null) {
                debug.text(0L, className, "getAttrsFromCertTemplate", "######. ext is {0}", extensions);
            }
            if (extensions == null) {
                return pkAttrs;
            }
            for (Object obj : extensions.entrySet()) {
                if (obj instanceof CertificateExtensions) {
                    if (debug != null) {
                        debug.text(1L, className, "getAttrsFromCertTemplate", "##### ce ");
                    }
                    Map.Entry entry = (Map.Entry) obj;
                    if (debug != null) {
                        debug.text(1L, className, "getAttrsFromCertTemplate", "###################### EXT {0}", entry.getKey());
                    }
                    add(pkAttrs, new StringBuffer().append(PkCertConstants.CERT_EXT).append(entry.getKey()).toString(), entry.getValue());
                } else if (obj instanceof Extension) {
                    Extension extension = (Extension) obj;
                    if (debug != null) {
                        debug.text(0L, className, "getAttrsFromCertTemplate", "##### e.getExtensionId {0}", extension.getExtensionId());
                    }
                    String str = null;
                    Class cls = null;
                    try {
                        str = OIDMap.getName(extension.getExtensionId());
                        cls = OIDMap.getClass(extension.getExtensionId());
                    } catch (Exception e2) {
                        e2.printStackTrace();
                    }
                    if (str != null) {
                        if (debug != null) {
                            debug.text(1L, className, "getAttrsFromCertTemplate", "###################### name {0}", str);
                            debug.text(1L, className, "getAttrsFromCertTemplate", "###################### class {0}", cls);
                        }
                        add(pkAttrs, str, extension);
                    } else if (extension.getExtensionId().equals(TPKI_ENROLL_OID)) {
                        pkAttrs.add(PkCertConstants.CERT_VENDOR_TPKI_RA_ENROLL, 2, new Boolean(true));
                        if (debug != null) {
                            debug.text(1L, className, "getAttrsFromCertTemplate", "########## TPKI_RA_ENROLL");
                        }
                    }
                }
            }
            return pkAttrs;
        } catch (Exception e3) {
            throw new IOException(PkNLSConstants.CMPEVENT_PROBLEM_GETTING_EXT);
        }
    }

    private static void add(PkAttrs pkAttrs, String str, Object obj) {
        pkAttrs.add(str, 1, obj);
    }

    private X509CertImpl getCert(CertRepMessage certRepMessage, PrivateKey privateKey) throws PkException, IOException {
        Class cls;
        boolean z = privateKey != null;
        CertResponse[] response = certRepMessage.getResponse();
        PKIStatusInfo statusInfo = response[0].getStatusInfo();
        switch (statusInfo.getStatus()) {
            case 0:
            case 1:
                CertOrEncCert certOrEncCert = response[0].getCertifiedKeyPair().getCertOrEncCert();
                byte[] bArr = null;
                if (certOrEncCert.isCertificate()) {
                    try {
                        bArr = certOrEncCert.getCertificate().getEncoded();
                    } catch (CertificateEncodingException e) {
                        if (debug != null) {
                            debug.exception(4L, className, "getCert", e);
                        }
                    }
                } else if (privateKey != null) {
                    try {
                        EncryptedValue certOrEncCert2 = certOrEncCert.getCertOrEncCert();
                        AlgorithmId symmAlg = certOrEncCert2.getSymmAlg();
                        byte[] encSymmKey = certOrEncCert2.getEncSymmKey();
                        certOrEncCert2.getKeyAlg();
                        byte[] encValue = certOrEncCert2.getEncValue();
                        if (debug != null) {
                            debug.text(1L, className, "getCert", "encValue = {0}", new Integer(encValue.length));
                        }
                        Cipher cipher = Cipher.getInstance("RSA", PkEeFactory.getProvider());
                        cipher.init(2, privateKey);
                        byte[] doFinal = cipher.doFinal(encSymmKey);
                        for (byte b : doFinal) {
                            if (debug != null) {
                                debug.text(1L, className, "getCert", "decSymmKey: {0}", new Byte(b));
                            }
                        }
                        Cipher cipher2 = Cipher.getInstance("DESEDE/CBC/PKCS5Padding", PkEeFactory.getProvider());
                        if (symmAlg.getAlgParameters() == null && debug != null) {
                            debug.text(0L, className, "getCert", "symmAlg = {0}", symmAlg);
                        }
                        AlgorithmParameters algParameters = symmAlg.getAlgParameters();
                        if (class$javax$crypto$spec$IvParameterSpec == null) {
                            cls = class$("javax.crypto.spec.IvParameterSpec");
                            class$javax$crypto$spec$IvParameterSpec = cls;
                        } else {
                            cls = class$javax$crypto$spec$IvParameterSpec;
                        }
                        cipher2.init(2, new SecretKeySpec(doFinal, PKCS5.CIPHER_ALGORITHM_DESEDE), algParameters.getParameterSpec(cls));
                        if (debug != null) {
                            debug.text(1L, className, "getCert", "cipher1.size  {0}", new Integer(cipher2.getOutputSize(encValue.length)));
                        }
                        bArr = cipher2.doFinal(encValue);
                    } catch (GeneralSecurityException e2) {
                        throw new PkException(e2);
                    }
                }
                if (bArr == null) {
                    return null;
                }
                try {
                    return (X509CertImpl) CertificateFactory.getInstance("X509", PkEeFactory.getProvider()).generateCertificate(new ByteArrayInputStream(bArr));
                } catch (NoSuchProviderException e3) {
                    throw new PkException(e3);
                } catch (CertificateException e4) {
                    throw new PkException(e4);
                }
            default:
                throw new PkException(statusInfo.toString());
        }
    }

    private static void addToTempl(CertTemplate certTemplate, PkAttrs pkAttrs) throws IOException {
        String str = (String) pkAttrs.getValue(PkCertConstants.CERT_CA_VENDOR, null);
        boolean z = false;
        if (str != null) {
            z = str.equalsIgnoreCase("Entrust");
        }
        PkAttrs.Iter it = pkAttrs.iterator();
        while (it.hasNext()) {
            PkAttr nextAttr = it.nextAttr();
            String name = nextAttr.getName();
            if (nextAttr.isApplied() && nextAttr.isApproved()) {
                Object value = nextAttr.getValue();
                if (name.startsWith(PkCertConstants.CERT_EXT)) {
                    addExtension(certTemplate, nextAttr);
                } else if (name.equals("x509.info.version")) {
                    certTemplate.setVersion(BigInteger.valueOf(((Integer) value).intValue()));
                } else if (name.equals("x509.info.serialNumber")) {
                    certTemplate.setSerialNumber((BigInteger) value);
                } else if (name.equals("x509.info.algorithmID")) {
                    if (debug != null) {
                        debug.text(0L, className, "addToTempl", "#################>>>>>>>>>>>>>>>>>> from addToTempl, algId {0}", (AlgorithmId) value);
                    }
                    if (!z) {
                        certTemplate.setSigningAlg((AlgorithmId) value);
                    }
                } else if (name.equals("x509.info.issuer")) {
                    certTemplate.setIssuer((X500Name) value);
                } else if (name.equals("x509.info.subject")) {
                    certTemplate.setSubject((X500Name) value);
                } else if (name.equals("x509.info.key")) {
                    certTemplate.setPublicKey((PublicKey) value);
                } else if (name.equals(PkCertConstants.CERT_REVO_PUBLIC_KEY)) {
                    certTemplate.setPublicKey((PublicKey) value);
                } else if (name.equals("x509.info.issuerID")) {
                    certTemplate.setIssuerUID(new BitArray(((UniqueIdentity) value).getId()).toByteArray());
                } else if (name.equals("x509.info.subjectID")) {
                    certTemplate.setSubjectUID(new BitArray(((UniqueIdentity) value).getId()).toByteArray());
                } else if (name.equals(PkCertConstants.CERT_NOT_BEFORE)) {
                    if (debug != null) {
                        debug.text(1L, className, "addToTempl", "Unused attribute={0}", name);
                    }
                } else if (name.equals(PkCertConstants.CERT_NOT_AFTER)) {
                    if (debug != null) {
                        debug.text(1L, className, "addToTempl", "Unused attribute={0}", name);
                    }
                } else if (name.equals(PkRevoConstants.REVO_REASON)) {
                    if (debug != null) {
                        debug.text(1L, className, "addToTempl", "Unused attribute={0}", name);
                    }
                } else if (!name.equals(PkRevoConstants.REVO_BAD_SINCE_DATE)) {
                    throw new PkIoException(new StringBuffer().append(PkNLSConstants.CMPEVENT_BAD_ATTR).append(name).toString());
                }
            }
        }
        if (pkAttrs.has(PkCertConstants.CERT_NOT_BEFORE) || pkAttrs.has(PkCertConstants.CERT_NOT_AFTER)) {
            certTemplate.setValidity(new OptionalValidity((Date) pkAttrs.getValue(PkCertConstants.CERT_NOT_BEFORE, null), (Date) pkAttrs.getValue(PkCertConstants.CERT_NOT_AFTER, null)));
        }
    }

    private static void addExtension(CertTemplate certTemplate, PkAttr pkAttr) throws IOException {
        try {
            certTemplate.addExtension(new Extension[]{(Extension) pkAttr.getValue()});
        } catch (IOException e) {
            throw new PkIoException(new StringBuffer().append(PkNLSConstants.CMPEVENT_MODIFY_ATTR_FAIL).append(pkAttr.getName()).append(TagletManager.SIMPLE_TAGLET_OPT_SEPERATOR).append(pkAttr.getValue()).toString(), e);
        }
    }

    private static int getBodyType(PkEvent pkEvent) {
        return ((Integer) types.get(pkEvent.getClass())).intValue();
    }

    private boolean verifyPop(CertReqMessages certReqMessages) throws IOException, PkException {
        CertReqMsg[] certReqMsgs = certReqMessages.getCertReqMsgs();
        CertRequest certReq = certReqMsgs[0].getCertReq();
        DerOutputStream derOutputStream = new DerOutputStream();
        certReq.encode(derOutputStream);
        byte[] byteArray = derOutputStream.toByteArray();
        byte[] signature = ((POPOSigningKey) certReqMsgs[0].getPOP().getPOP()).getSignature();
        try {
            Signature signature2 = Signature.getInstance("SHA1withDSA", PkEeFactory.getProvider());
            signature2.initVerify(certReq.getCertTemplate().getPublicKey());
            signature2.update(byteArray);
            boolean verify = signature2.verify(signature);
            if (debug != null) {
                debug.text(1L, className, "verifyPop", "from verifyPOP. verified = {0}", new Boolean(verify));
            }
            return verify;
        } catch (Exception e) {
            if (e instanceof PkException) {
                throw ((PkException) e);
            }
            throw new PkException(e);
        }
    }

    private AlgorithmId generateProtectionAlg(String str) {
        PBMParameterSpec pBMParameterSpec = new PBMParameterSpec("this is a salt".getBytes(), new AlgorithmId(AlgorithmId.SHA_oid), 1001, new AlgorithmId(AlgorithmId.HmacSHA1_oid));
        AlgorithmParameters algorithmParameters = null;
        try {
            algorithmParameters = AlgorithmParameters.getInstance("PasswordBasedMac", str);
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            if (debug != null) {
                debug.text(1L, className, "generateProtectionAlg", e.getMessage());
            }
            System.out.println(new StringBuffer().append("ERROR : ").append(e.toString()).toString());
            System.exit(1);
        } catch (NoSuchProviderException e2) {
            e2.printStackTrace();
            if (debug != null) {
                debug.text(1L, className, "generateProtectionAlg", e2.getMessage());
            }
            System.out.println(new StringBuffer().append("ERROR : ").append(e2.toString()).toString());
            System.exit(1);
        }
        try {
            algorithmParameters.init(pBMParameterSpec);
        } catch (InvalidParameterSpecException e3) {
            System.out.println(new StringBuffer().append("ERROR : ").append(e3.toString()).toString());
            if (debug != null) {
                debug.text(1L, className, "generateProtectionAlg", e3.getMessage());
            }
            System.exit(1);
        }
        AlgorithmId algorithmId = null;
        try {
            algorithmId = new AlgorithmId(AlgorithmId.PasswordBasedMac_oid, algorithmParameters.getEncoded());
        } catch (IOException e4) {
            System.out.println(new StringBuffer().append("ERROR : ").append(e4.toString()).toString());
            if (debug != null) {
                debug.text(1L, className, "generateProtectionAlg", e4.getMessage());
            }
            System.exit(1);
        }
        return algorithmId;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        Class cls2;
        Class cls3;
        Class cls4;
        Class cls5;
        Class cls6;
        Class cls7;
        Class cls8;
        Class cls9;
        Class cls10;
        Class cls11;
        Class cls12;
        Class cls13;
        Class cls14;
        Class cls15;
        Class cls16;
        Map map = types;
        if (class$com$ibm$security$certclient$base$PkCertReqEvent == null) {
            cls = class$("com.ibm.security.certclient.base.PkCertReqEvent");
            class$com$ibm$security$certclient$base$PkCertReqEvent = cls;
        } else {
            cls = class$com$ibm$security$certclient$base$PkCertReqEvent;
        }
        map.put(cls, new Integer(0));
        Map map2 = types;
        if (class$com$ibm$security$certclient$base$PkCertRepEvent == null) {
            cls2 = class$("com.ibm.security.certclient.base.PkCertRepEvent");
            class$com$ibm$security$certclient$base$PkCertRepEvent = cls2;
        } else {
            cls2 = class$com$ibm$security$certclient$base$PkCertRepEvent;
        }
        map2.put(cls2, new Integer(1));
        Map map3 = types;
        if (class$com$ibm$security$certclient$base$PkInitReqEvent == null) {
            cls3 = class$("com.ibm.security.certclient.base.PkInitReqEvent");
            class$com$ibm$security$certclient$base$PkInitReqEvent = cls3;
        } else {
            cls3 = class$com$ibm$security$certclient$base$PkInitReqEvent;
        }
        map3.put(cls3, new Integer(0));
        Map map4 = types;
        if (class$com$ibm$security$certclient$base$PkInitRepEvent == null) {
            cls4 = class$("com.ibm.security.certclient.base.PkInitRepEvent");
            class$com$ibm$security$certclient$base$PkInitRepEvent = cls4;
        } else {
            cls4 = class$com$ibm$security$certclient$base$PkInitRepEvent;
        }
        map4.put(cls4, new Integer(1));
        Map map5 = types;
        if (class$com$ibm$security$certclient$base$PkSecnReqEvent == null) {
            cls5 = class$("com.ibm.security.certclient.base.PkSecnReqEvent");
            class$com$ibm$security$certclient$base$PkSecnReqEvent = cls5;
        } else {
            cls5 = class$com$ibm$security$certclient$base$PkSecnReqEvent;
        }
        map5.put(cls5, new Integer(2));
        Map map6 = types;
        if (class$com$ibm$security$certclient$base$PkSecnRepEvent == null) {
            cls6 = class$("com.ibm.security.certclient.base.PkSecnRepEvent");
            class$com$ibm$security$certclient$base$PkSecnRepEvent = cls6;
        } else {
            cls6 = class$com$ibm$security$certclient$base$PkSecnRepEvent;
        }
        map6.put(cls6, new Integer(3));
        Map map7 = types;
        if (class$com$ibm$security$certclient$base$PkKupdReqEvent == null) {
            cls7 = class$("com.ibm.security.certclient.base.PkKupdReqEvent");
            class$com$ibm$security$certclient$base$PkKupdReqEvent = cls7;
        } else {
            cls7 = class$com$ibm$security$certclient$base$PkKupdReqEvent;
        }
        map7.put(cls7, new Integer(7));
        Map map8 = types;
        if (class$com$ibm$security$certclient$base$PkKupdRepEvent == null) {
            cls8 = class$("com.ibm.security.certclient.base.PkKupdRepEvent");
            class$com$ibm$security$certclient$base$PkKupdRepEvent = cls8;
        } else {
            cls8 = class$com$ibm$security$certclient$base$PkKupdRepEvent;
        }
        map8.put(cls8, new Integer(8));
        Map map9 = types;
        if (class$com$ibm$security$certclient$base$PkKrecReqEvent == null) {
            cls9 = class$("com.ibm.security.certclient.base.PkKrecReqEvent");
            class$com$ibm$security$certclient$base$PkKrecReqEvent = cls9;
        } else {
            cls9 = class$com$ibm$security$certclient$base$PkKrecReqEvent;
        }
        map9.put(cls9, new Integer(9));
        Map map10 = types;
        if (class$com$ibm$security$certclient$base$PkKrecRepEvent == null) {
            cls10 = class$("com.ibm.security.certclient.base.PkKrecRepEvent");
            class$com$ibm$security$certclient$base$PkKrecRepEvent = cls10;
        } else {
            cls10 = class$com$ibm$security$certclient$base$PkKrecRepEvent;
        }
        map10.put(cls10, new Integer(10));
        Map map11 = types;
        if (class$com$ibm$security$certclient$base$PkRevoReqEvent == null) {
            cls11 = class$("com.ibm.security.certclient.base.PkRevoReqEvent");
            class$com$ibm$security$certclient$base$PkRevoReqEvent = cls11;
        } else {
            cls11 = class$com$ibm$security$certclient$base$PkRevoReqEvent;
        }
        map11.put(cls11, new Integer(11));
        Map map12 = types;
        if (class$com$ibm$security$certclient$base$PkRevoRepEvent == null) {
            cls12 = class$("com.ibm.security.certclient.base.PkRevoRepEvent");
            class$com$ibm$security$certclient$base$PkRevoRepEvent = cls12;
        } else {
            cls12 = class$com$ibm$security$certclient$base$PkRevoRepEvent;
        }
        map12.put(cls12, new Integer(12));
        Map map13 = types;
        if (class$com$ibm$security$certclient$base$PkXcerReqEvent == null) {
            cls13 = class$("com.ibm.security.certclient.base.PkXcerReqEvent");
            class$com$ibm$security$certclient$base$PkXcerReqEvent = cls13;
        } else {
            cls13 = class$com$ibm$security$certclient$base$PkXcerReqEvent;
        }
        map13.put(cls13, new Integer(13));
        Map map14 = types;
        if (class$com$ibm$security$certclient$base$PkXcerRepEvent == null) {
            cls14 = class$("com.ibm.security.certclient.base.PkXcerRepEvent");
            class$com$ibm$security$certclient$base$PkXcerRepEvent = cls14;
        } else {
            cls14 = class$com$ibm$security$certclient$base$PkXcerRepEvent;
        }
        map14.put(cls14, new Integer(14));
        Map map15 = types;
        if (class$com$ibm$security$certclient$base$PkGnrlReqEvent == null) {
            cls15 = class$("com.ibm.security.certclient.base.PkGnrlReqEvent");
            class$com$ibm$security$certclient$base$PkGnrlReqEvent = cls15;
        } else {
            cls15 = class$com$ibm$security$certclient$base$PkGnrlReqEvent;
        }
        map15.put(cls15, new Integer(21));
        Map map16 = types;
        if (class$com$ibm$security$certclient$base$PkGnrlRepEvent == null) {
            cls16 = class$("com.ibm.security.certclient.base.PkGnrlRepEvent");
            class$com$ibm$security$certclient$base$PkGnrlRepEvent = cls16;
        } else {
            cls16 = class$com$ibm$security$certclient$base$PkGnrlRepEvent;
        }
        map16.put(cls16, new Integer(22));
    }
}
