package com.initech.pkix.cmp.client;

import com.initech.asn1.ASN1OID;
import com.initech.asn1.DEREncoder;
import com.initech.asn1.useful.AlgorithmID;
import com.initech.asn1.useful.GeneralName;
import com.initech.cryptox.spec.PBEKeySpec;
import com.initech.cryptox.spec.PBEParameterSpec;
import com.initech.moasign.client.sdk.biz.MoaSignPolicyLoader;
import com.initech.moasign.client.sdk.facade.CertCenter;
import com.initech.pkcs.pkcs7.PKCS7Facade;
import com.initech.pkcs.pkcs8.EncryptedPrivateKeyInfo;
import com.initech.pkcs.pkcs8.PrivateKeyInfo;
import com.initech.pkix.cmp.CertRepMessage;
import com.initech.pkix.cmp.CertResponse;
import com.initech.pkix.cmp.GeneralMessage;
import com.initech.pkix.cmp.PKIMessage;
import com.initech.pkix.cmp.client.transport.CMPTransport;
import com.initech.pkix.cmp.client.util.PKIMessageDump;
import com.initech.pkix.cmp.client.util.URI;
import com.initech.pkix.cmp.crmf.EncryptedValue;
import com.initech.pkix.cmp.util.x509CertificateInfo;
import com.initech.x509.X509CertImpl;
import com.initech.x509.extensions.SubjectKeyIdentifier;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Vector;

/* loaded from: classes.dex */
public class USIM_PKICMP_YesSign extends PKICMP_YesSign {
    private USIMAdapter l;
    protected int m;
    private String n;

    public USIM_PKICMP_YesSign(int i, URI uri, USIMAdapter uSIMAdapter) {
        super(i, uri);
        this.m = 1024;
        this.n = CertCenter.CA_NAME_YESSIGN;
        this.l = uSIMAdapter;
    }

    @Override // com.initech.pkix.cmp.client.PKICMP_YesSign
    protected Vector a(int i, Vector vector) {
        String bigInteger;
        CMPContext cMPContext = new CMPContext(this.d);
        cMPContext.setURI(this.c);
        int i2 = 2;
        if (i == 1) {
            String str = (String) vector.elementAt(0);
            byte[] bytes = ((String) vector.elementAt(1)).getBytes();
            byte[] bytes2 = ((String) vector.elementAt(2)).getBytes();
            GeneralName generalName = new GeneralName();
            new GeneralName();
            generalName.set(1, " ");
            cMPContext.setSender(generalName);
            cMPContext.setSenderKID(bytes);
            cMPContext.setAuthCode(bytes2);
            cMPContext.setCAAlias(str);
        } else {
            if (i != 2) {
                throw new CMPException(4, "not supported type");
            }
            a(cMPContext, this.b, (String) vector.elementAt(0), (String) vector.elementAt(1), null);
            new GeneralName().set(4, "");
            GeneralName generalName2 = new GeneralName();
            generalName2.set(4, "");
            cMPContext.setRecipient(generalName2);
            BigInteger serialNumber = ((X509Certificate) cMPContext.getOldSignCertificate()).getSerialNumber();
            if (this.n.equals("crossCert")) {
                bigInteger = serialNumber.toString(16).toUpperCase();
                if (bigInteger.length() % 2 != 0) {
                    bigInteger = MoaSignPolicyLoader.MODE_LOGIN + bigInteger;
                }
            } else {
                bigInteger = serialNumber.toString();
            }
            cMPContext.setSenderKID(bigInteger.getBytes());
            cMPContext.setRecipientKID(new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0});
        }
        cMPContext.setGENMType(i);
        try {
            PKIMessage process = a(cMPContext).process(new USIM_PKIMessageFormatter_YesSign(this.l).format(cMPContext, 21));
            parseFreeText(process.getHeader().getFreeText().toString());
            PKIMessageDump.dumpFile(process, "genp_yessign.dump");
            a(cMPContext, process, 22);
            GeneralMessage generalMessage = (GeneralMessage) process.getContentBody();
            X509CertImpl x509CertImpl = null;
            if (i != 1 && i != 2) {
                return null;
            }
            try {
                String[] allTexts = process.getHeader().getFreeText().getAllTexts();
                Vector vector2 = new Vector();
                int i3 = 0;
                while (true) {
                    if (i3 >= allTexts.length) {
                        i2 = 1;
                        break;
                    }
                    if (allTexts[i3].indexOf(PKICMP_YesSign.k) != -1) {
                        break;
                    }
                    i3++;
                }
                vector2.add(new Integer(i2));
                X509CertImpl x509CertImpl2 = null;
                for (int i4 = 0; i4 < generalMessage.size(); i4++) {
                    ASN1OID typeIdAt = generalMessage.getTypeIdAt(i4);
                    byte[] valueAt = generalMessage.getValueAt(i4);
                    if (typeIdAt.getName().equals("caProtEncCert")) {
                        x509CertImpl = new X509CertImpl(valueAt);
                    } else if (typeIdAt.get().equals("1.2.410.200005.1.10.1")) {
                        x509CertImpl2 = new X509CertImpl(valueAt);
                    }
                }
                if (cMPContext.getCAAlias() == null) {
                    cMPContext.setCAAlias("caCertAlias");
                }
                if (x509CertImpl == null || x509CertImpl2 == null) {
                    throw new CMPException(1, "not all ca cert are received");
                }
                try {
                    this.b.setCertificateEntry(cMPContext.getCAAlias(), x509CertImpl);
                    this.b.setCertificateEntry(cMPContext.getCAAlias() + "_enc", x509CertImpl2);
                    return vector2;
                } catch (Exception e) {
                    e.printStackTrace();
                    throw new CMPException(3, "on saving ca certs[" + e.toString() + "]");
                }
            } catch (CMPException e2) {
                throw e2;
            } catch (Exception e3) {
                e3.printStackTrace();
                throw new CMPException(1, "error on processing GENM[" + e3.toString() + "]");
            }
        } catch (CMPException e4) {
            throw e4;
        } catch (Exception e5) {
            e5.printStackTrace();
            throw new CMPException(1, "on processing IR[" + e5.toString() + "]");
        }
    }

    @Override // com.initech.pkix.cmp.client.PKICMP_YesSign
    protected void a(CMPContext cMPContext, KeyStore keyStore, String str, String str2, String str3) {
        if (str3 != null) {
            try {
                if (this.b.isCertificateEntry(str3)) {
                    if (this.b.isKeyEntry(str3)) {
                        throw new CMPException(3, "this is key entry");
                    }
                    X509CertImpl x509CertImpl = (X509CertImpl) this.b.getCertificate(str3);
                    cMPContext.setIssuerSignCert(x509CertImpl);
                    cMPContext.setRecipientDN(x509CertImpl.getSubjectDN().toString());
                    cMPContext.setRecipientKID(new SubjectKeyIdentifier(x509CertImpl.getExtensionValue(SubjectKeyIdentifier.OID)).getKID());
                    Certificate certificate = this.b.getCertificate(str3 + PKICMP_YesSign.j);
                    if (certificate == null) {
                        throw new CMPException(3, "no encryption CA cert!");
                    }
                    cMPContext.setIssuerEncCert(certificate);
                    cMPContext.setCAAlias(str3);
                    return;
                }
            } catch (CMPException e) {
                throw e;
            } catch (Exception e2) {
                e2.printStackTrace();
                throw new CMPException(3, "fail to retrive key pair from keystore[" + e2.toString() + "]");
            }
        }
        if (str == null || !this.b.isCertificateEntry(str)) {
            throw new CMPException(3, "no such key or cerfiticate entry");
        }
        X509CertImpl x509CertImpl2 = (X509CertImpl) this.b.getCertificate(str);
        cMPContext.setUserAlias(str);
        cMPContext.setOldSignCertificate(x509CertImpl2);
        PublicKey publicKey = x509CertImpl2.getPublicKey();
        String name = x509CertImpl2.getSubjectDN().getName();
        cMPContext.setSenderKID(new SubjectKeyIdentifier(x509CertImpl2.getExtensionValue(SubjectKeyIdentifier.OID)).getKID());
        cMPContext.setSender(new GeneralName("DN:" + name));
        cMPContext.setOldSignPubKey(publicKey);
        Enumeration<String> aliases = this.b.aliases();
        while (true) {
            if (!aliases.hasMoreElements()) {
                break;
            }
            String nextElement = aliases.nextElement();
            if (!nextElement.equals(str) && this.b.isCertificateEntry(nextElement)) {
                X509CertImpl x509CertImpl3 = (X509CertImpl) this.b.getCertificate(nextElement);
                String principal = x509CertImpl3.getSubjectDN().toString();
                String principal2 = x509CertImpl2.getIssuerDN().toString();
                int indexOf = principal.indexOf("O=");
                String upperCase = principal.substring(indexOf + 2, principal.indexOf(",", indexOf)).toUpperCase();
                int indexOf2 = principal2.indexOf("O=");
                if (upperCase.equals(principal2.substring(indexOf2 + 2, principal2.indexOf(",", indexOf2)).toUpperCase())) {
                    cMPContext.setIssuerSignCert(x509CertImpl3);
                    cMPContext.setRecipientDN(x509CertImpl3.getSubjectDN().toString());
                    cMPContext.setRecipientKID(new SubjectKeyIdentifier(x509CertImpl3.getExtensionValue(SubjectKeyIdentifier.OID)).getKID());
                    Certificate certificate2 = this.b.getCertificate(nextElement + PKICMP_YesSign.j);
                    if (certificate2 == null) {
                        throw new CMPException(3, "sign cert exist, but no encryption CA cert!");
                    }
                    cMPContext.setIssuerEncCert(certificate2);
                    cMPContext.setCAAlias(nextElement);
                }
            }
        }
        if (!this.b.isKeyEntry(str + PKICMP_YesSign.j)) {
            if (cMPContext.getRequestCertNum() == 2) {
                System.err.println("Waring! request certificate number is 2, but only one available!!");
                cMPContext.setRequestCertNum(1);
                return;
            }
            return;
        }
        cMPContext.setOldEncCertificate((X509Certificate) this.b.getCertificate(str + PKICMP_YesSign.j));
        PublicKey publicKey2 = x509CertImpl2.getPublicKey();
        PrivateKey privateKey = (PrivateKey) this.b.getKey(str + PKICMP_YesSign.j, str2.toCharArray());
        cMPContext.setOldEncPubKey(publicKey2);
        cMPContext.setOldEncPrivKey(privateKey);
    }

    public byte[] getEncUserPrivateKey(PrivateKey privateKey, String str) {
        PrivateKeyInfo privateKeyInfo = new PrivateKeyInfo(privateKey);
        PBEKeySpec pBEKeySpec = new PBEKeySpec(str.toCharArray());
        AlgorithmID algorithmID = new AlgorithmID("1.2.410.200004.1.15");
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("PBE");
        byte[] bArr = new byte[8];
        SecureRandom.getInstance("FIPS186-2Appendix3", "Initech").nextBytes(bArr);
        algorithmParameters.init(new PBEParameterSpec(bArr, 2048));
        algorithmID.setParameter(algorithmParameters.getEncoded());
        return new EncryptedPrivateKeyInfo(privateKeyInfo, pBEKeySpec, algorithmID).getEncoded();
    }

    public void initKeyStore(String str, String str2, String str3, String str4) {
        this.n = str;
        if (str2 != null) {
            this.b.setCertificateEntry(str, x509CertificateInfo.loadCertificate(str2.getBytes()));
        }
        if (str3 != null) {
            X509Certificate loadCertificate = x509CertificateInfo.loadCertificate(str3.getBytes());
            this.b.setCertificateEntry(str + "_enc", loadCertificate);
        }
        Certificate selectedUserCertificate = this.l.getSelectedUserCertificate();
        if (selectedUserCertificate != null) {
            this.b.setCertificateEntry(str4, selectedUserCertificate);
        }
    }

    @Override // com.initech.pkix.cmp.client.PKICMP_YesSign, com.initech.pkix.cmp.client.PKICMPInterface
    public void requestIR(String str, String str2, String str3, String str4, String str5, String str6, int i) {
        CMPContext cMPContext = new CMPContext(this.d);
        a(cMPContext, this.b, str, str2, str4);
        cMPContext.setSenderKID(str5.getBytes());
        cMPContext.setAuthCode(str6.getBytes());
        cMPContext.setURI(this.c);
        cMPContext.setRequestCertNum(i);
        cMPContext.setIdn(str3);
        cMPContext.setKeysize(this.m);
        cMPContext.setSignAlgorithm(this.g);
        cMPContext.setFreeText(this.e);
        try {
            PKIMessage format = new USIM_PKIMessageFormatter_YesSign(this.l).format(cMPContext, 0);
            CMPTransport a = a(cMPContext);
            PKIMessage process = a.process(format);
            PKIMessageDump.dumpFile(process, "ip_yessign.dump");
            a(cMPContext, process, 1);
            CertRepMessage certRepMessage = (CertRepMessage) process.getContentBody();
            if (certRepMessage.nOfResponses() != cMPContext.getRequestCertNum()) {
                throw new CMPException(1, "expected number of response is only one, but this time[" + certRepMessage.nOfResponses() + "]");
            }
            CertResponse responseAt = certRepMessage.responseAt(0);
            a(responseAt.getStatusInfo());
            cMPContext.setSignCertificate(responseAt.getIssuedCert());
            if (cMPContext.getRequestCertNum() == 2) {
                CertResponse responseAt2 = certRepMessage.responseAt(1);
                a(responseAt2.getStatusInfo());
                EncryptedValue encryptedCert = responseAt2.getCertifiedKeyPair().getEncryptedCert();
                DEREncoder dEREncoder = new DEREncoder();
                dEREncoder.encodeOctetString("0123456789012345".getBytes());
                encryptedCert.setSymmAlg(new AlgorithmID(PKCS7Facade.SYMMETRIC_KEY_ALGORITHM, dEREncoder.toByteArray()));
                cMPContext.setEncCertificate(new X509CertImpl(encryptedCert.getData(cMPContext.getEncPrivKey())));
            }
            a.process(PKIMessageFormatter_YesSign.format(cMPContext, 19));
            try {
                this.b.setCertificateEntry(str, cMPContext.getSignCertificate());
                this.l.setBufferUserCertificate(cMPContext.getSignCertificate());
                if (cMPContext.getRequestCertNum() == 2) {
                    this.b.setCertificateEntry(str + PKICMP_YesSign.j, cMPContext.getEncCertificate());
                }
            } catch (Exception e) {
                e.printStackTrace();
                throw new CMPException(3, "on saving private key and cert into keystore[" + e.toString() + "]");
            }
        } catch (CMPException e2) {
            throw e2;
        } catch (Exception e3) {
            e3.printStackTrace();
            throw new CMPException(1, "on processing IR[" + e3.toString() + "]");
        }
    }

    @Override // com.initech.pkix.cmp.client.PKICMP_YesSign, com.initech.pkix.cmp.client.PKICMPInterface
    public void requestKUR(String str, String str2, String str3, int i) {
        CMPContext cMPContext = new CMPContext(this.d);
        cMPContext.setURI(this.c);
        cMPContext.setRequestCertNum(i);
        cMPContext.setIdn(str3);
        cMPContext.setKeysize(this.m);
        a(cMPContext, this.b, str, str2, null);
        try {
            USIM_PKIMessageFormatter_YesSign uSIM_PKIMessageFormatter_YesSign = new USIM_PKIMessageFormatter_YesSign(this.l);
            PKIMessage format = uSIM_PKIMessageFormatter_YesSign.format(cMPContext, 7);
            CMPTransport a = a(cMPContext);
            PKIMessage process = a.process(format);
            PKIMessageDump.dumpFile(process, "kup_yessign-usim.dump");
            a(cMPContext, process, 8);
            CertRepMessage certRepMessage = (CertRepMessage) process.getContentBody();
            if (certRepMessage.nOfResponses() != cMPContext.getRequestCertNum()) {
                throw new CMPException(1, "expected number of response is " + cMPContext.getRequestCertNum() + ", but this time[" + certRepMessage.nOfResponses() + "]");
            }
            CertResponse responseAt = certRepMessage.responseAt(0);
            a(responseAt.getStatusInfo());
            cMPContext.setSignCertificate(responseAt.getIssuedCert());
            if (cMPContext.getRequestCertNum() == 2) {
                CertResponse responseAt2 = certRepMessage.responseAt(1);
                a(responseAt2.getStatusInfo());
                EncryptedValue encryptedCert = responseAt2.getCertifiedKeyPair().getEncryptedCert();
                DEREncoder dEREncoder = new DEREncoder();
                dEREncoder.encodeOctetString("0123456789012345".getBytes());
                encryptedCert.setSymmAlg(new AlgorithmID(PKCS7Facade.SYMMETRIC_KEY_ALGORITHM, dEREncoder.toByteArray()));
                cMPContext.setEncCertificate(new X509CertImpl(encryptedCert.getData(cMPContext.getEncPrivKey())));
            }
            a.process(uSIM_PKIMessageFormatter_YesSign.format(cMPContext, 19));
            a.close();
            try {
                this.b.setCertificateEntry(str, cMPContext.getSignCertificate());
                this.l.setBufferUserCertificate(cMPContext.getSignCertificate());
                if (cMPContext.getRequestCertNum() == 2) {
                    this.b.setCertificateEntry(str + PKICMP_YesSign.j, cMPContext.getEncCertificate());
                }
            } catch (Exception e) {
                e.printStackTrace();
                throw new CMPException(3, "on saving private key and cert into keystore[" + e.toString() + "]");
            }
        } catch (CMPException e2) {
            throw e2;
        } catch (Exception e3) {
            e3.printStackTrace();
            throw new CMPException(1, "on processing KUR[" + e3.toString() + "]");
        }
    }
}
