package org.bouncycastle.jce;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PSSParameterSpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.a.ai;
import org.bouncycastle.a.ap;
import org.bouncycastle.a.aq;
import org.bouncycastle.a.at;
import org.bouncycastle.a.aw;
import org.bouncycastle.a.b.a;
import org.bouncycastle.a.g.b;
import org.bouncycastle.a.j.c;
import org.bouncycastle.a.j.d;
import org.bouncycastle.a.j.l;
import org.bouncycastle.a.j.r;
import org.bouncycastle.a.n.ae;
import org.bouncycastle.a.n.au;
import org.bouncycastle.a.o.j;
import org.bouncycastle.e.h;

/* loaded from: classes2.dex */
public class PKCS10CertificationRequest extends c {
    private static Hashtable algorithms = new Hashtable();
    private static Hashtable params = new Hashtable();
    private static Hashtable keyAlgorithms = new Hashtable();
    private static Hashtable oids = new Hashtable();
    private static Set noParams = new HashSet();

    static {
        algorithms.put("MD2WITHRSAENCRYPTION", new at("1.2.840.113549.1.1.2"));
        algorithms.put("MD2WITHRSA", new at("1.2.840.113549.1.1.2"));
        algorithms.put("MD5WITHRSAENCRYPTION", new at("1.2.840.113549.1.1.4"));
        algorithms.put("MD5WITHRSA", new at("1.2.840.113549.1.1.4"));
        algorithms.put("RSAWITHMD5", new at("1.2.840.113549.1.1.4"));
        algorithms.put("SHA1WITHRSAENCRYPTION", new at("1.2.840.113549.1.1.5"));
        algorithms.put("SHA1WITHRSA", new at("1.2.840.113549.1.1.5"));
        algorithms.put("SHA224WITHRSAENCRYPTION", l.aer);
        algorithms.put("SHA224WITHRSA", l.aer);
        algorithms.put("SHA256WITHRSAENCRYPTION", l.aeo);
        algorithms.put("SHA256WITHRSA", l.aeo);
        algorithms.put("SHA384WITHRSAENCRYPTION", l.aep);
        algorithms.put("SHA384WITHRSA", l.aep);
        algorithms.put("SHA512WITHRSAENCRYPTION", l.aeq);
        algorithms.put("SHA512WITHRSA", l.aeq);
        algorithms.put("SHA1WITHRSAANDMGF1", l.aen);
        algorithms.put("SHA224WITHRSAANDMGF1", l.aen);
        algorithms.put("SHA256WITHRSAANDMGF1", l.aen);
        algorithms.put("SHA384WITHRSAANDMGF1", l.aen);
        algorithms.put("SHA512WITHRSAANDMGF1", l.aen);
        algorithms.put("RSAWITHSHA1", new at("1.2.840.113549.1.1.5"));
        algorithms.put("RIPEMD160WITHRSAENCRYPTION", new at("1.3.36.3.3.1.2"));
        algorithms.put("RIPEMD160WITHRSA", new at("1.3.36.3.3.1.2"));
        algorithms.put("SHA1WITHDSA", new at("1.2.840.10040.4.3"));
        algorithms.put("DSAWITHSHA1", new at("1.2.840.10040.4.3"));
        algorithms.put("SHA224WITHDSA", b.adx);
        algorithms.put("SHA256WITHDSA", b.ady);
        algorithms.put("SHA1WITHECDSA", j.ame);
        algorithms.put("SHA224WITHECDSA", j.amh);
        algorithms.put("SHA256WITHECDSA", j.ami);
        algorithms.put("SHA384WITHECDSA", j.amj);
        algorithms.put("SHA512WITHECDSA", j.amk);
        algorithms.put("ECDSAWITHSHA1", j.ame);
        algorithms.put("GOST3411WITHGOST3410", a.abL);
        algorithms.put("GOST3410WITHGOST3411", a.abL);
        algorithms.put("GOST3411WITHECGOST3410", a.abM);
        algorithms.put("GOST3411WITHECGOST3410-2001", a.abM);
        algorithms.put("GOST3411WITHGOST3410-2001", a.abM);
        oids.put(new at("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
        oids.put(l.aer, "SHA224WITHRSA");
        oids.put(l.aeo, "SHA256WITHRSA");
        oids.put(l.aep, "SHA384WITHRSA");
        oids.put(l.aeq, "SHA512WITHRSA");
        oids.put(a.abL, "GOST3411WITHGOST3410");
        oids.put(a.abM, "GOST3411WITHECGOST3410");
        oids.put(new at("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        oids.put(new at("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        oids.put(new at("1.2.840.10040.4.3"), "SHA1WITHDSA");
        oids.put(j.ame, "SHA1WITHECDSA");
        oids.put(j.amh, "SHA224WITHECDSA");
        oids.put(j.ami, "SHA256WITHECDSA");
        oids.put(j.amj, "SHA384WITHECDSA");
        oids.put(j.amk, "SHA512WITHECDSA");
        oids.put(org.bouncycastle.a.i.b.adO, "SHA1WITHRSA");
        oids.put(org.bouncycastle.a.i.b.adN, "SHA1WITHDSA");
        oids.put(b.adx, "SHA224WITHDSA");
        oids.put(b.ady, "SHA256WITHDSA");
        keyAlgorithms.put(l.aef, "RSA");
        keyAlgorithms.put(j.amN, "DSA");
        noParams.add(j.ame);
        noParams.add(j.amh);
        noParams.add(j.ami);
        noParams.add(j.amj);
        noParams.add(j.amk);
        noParams.add(j.amO);
        noParams.add(b.adx);
        noParams.add(b.ady);
        noParams.add(a.abL);
        noParams.add(a.abM);
        params.put("SHA1WITHRSAANDMGF1", creatPSSParams(new org.bouncycastle.a.n.a(org.bouncycastle.a.i.b.adM, new aq()), 20));
        params.put("SHA224WITHRSAANDMGF1", creatPSSParams(new org.bouncycastle.a.n.a(b.adg, new aq()), 28));
        params.put("SHA256WITHRSAANDMGF1", creatPSSParams(new org.bouncycastle.a.n.a(b.adc, new aq()), 32));
        params.put("SHA384WITHRSAANDMGF1", creatPSSParams(new org.bouncycastle.a.n.a(b.ade, new aq()), 48));
        params.put("SHA512WITHRSAANDMGF1", creatPSSParams(new org.bouncycastle.a.n.a(b.adf, new aq()), 64));
    }

    public PKCS10CertificationRequest(String str, X500Principal x500Principal, PublicKey publicKey, org.bouncycastle.a.l lVar, PrivateKey privateKey) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        this(str, convertName(x500Principal), publicKey, lVar, privateKey, "BC");
    }

    public PKCS10CertificationRequest(String str, X500Principal x500Principal, PublicKey publicKey, org.bouncycastle.a.l lVar, PrivateKey privateKey, String str2) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        this(str, convertName(x500Principal), publicKey, lVar, privateKey, str2);
    }

    public PKCS10CertificationRequest(String str, au auVar, PublicKey publicKey, org.bouncycastle.a.l lVar, PrivateKey privateKey) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        this(str, auVar, publicKey, lVar, privateKey, "BC");
    }

    public PKCS10CertificationRequest(String str, au auVar, PublicKey publicKey, org.bouncycastle.a.l lVar, PrivateKey privateKey, String str2) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        String upperCase = h.toUpperCase(str);
        at atVar = (at) algorithms.get(upperCase);
        if (atVar == null) {
            throw new IllegalArgumentException("Unknown signature type requested");
        }
        if (auVar == null) {
            throw new IllegalArgumentException("subject must not be null");
        }
        if (publicKey == null) {
            throw new IllegalArgumentException("public key must not be null");
        }
        if (noParams.contains(atVar)) {
            this.sigAlgId = new org.bouncycastle.a.n.a(atVar);
        } else if (params.containsKey(upperCase)) {
            this.sigAlgId = new org.bouncycastle.a.n.a(atVar, (ai) params.get(upperCase));
        } else {
            this.sigAlgId = new org.bouncycastle.a.n.a(atVar, null);
        }
        try {
            this.reqInfo = new d(auVar, new ae((org.bouncycastle.a.j) new org.bouncycastle.a.d(new ByteArrayInputStream(publicKey.getEncoded())).pn()), lVar);
            Signature signature = Signature.getInstance(str, str2);
            signature.initSign(privateKey);
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                new aw(byteArrayOutputStream).writeObject(this.reqInfo);
                signature.update(byteArrayOutputStream.toByteArray());
                this.sigBits = new org.bouncycastle.a.ae(signature.sign());
            } catch (Exception e) {
                throw new IllegalArgumentException("exception encoding TBS cert request - " + e);
            }
        } catch (IOException e2) {
            throw new IllegalArgumentException("can't encode public key");
        }
    }

    public PKCS10CertificationRequest(org.bouncycastle.a.j jVar) {
        super(jVar);
    }

    public PKCS10CertificationRequest(byte[] bArr) {
        super(toDERSequence(bArr));
    }

    private static au convertName(X500Principal x500Principal) {
        try {
            return new X509Principal(x500Principal.getEncoded());
        } catch (IOException e) {
            throw new IllegalArgumentException("can't convert name");
        }
    }

    private static r creatPSSParams(org.bouncycastle.a.n.a aVar, int i) {
        return new r(aVar, new org.bouncycastle.a.n.a(l.ael, aVar), new ap(i), new ap(1));
    }

    private static String getDigestAlgName(at atVar) {
        return l.aeF.equals(atVar) ? "MD5" : org.bouncycastle.a.i.b.adM.equals(atVar) ? "SHA1" : b.adg.equals(atVar) ? "SHA224" : b.adc.equals(atVar) ? "SHA256" : b.ade.equals(atVar) ? "SHA384" : b.adf.equals(atVar) ? "SHA512" : org.bouncycastle.a.l.b.aiu.equals(atVar) ? "RIPEMD128" : org.bouncycastle.a.l.b.ait.equals(atVar) ? "RIPEMD160" : org.bouncycastle.a.l.b.aiv.equals(atVar) ? "RIPEMD256" : a.abH.equals(atVar) ? "GOST3411" : atVar.getId();
    }

    static String getSignatureName(org.bouncycastle.a.n.a aVar) {
        ai qC = aVar.qC();
        if (qC == null || aq.abt.equals(qC) || !aVar.qB().equals(l.aen)) {
            return aVar.qB().getId();
        }
        return getDigestAlgName(r.I(qC).qd().qB()) + "withRSAandMGF1";
    }

    private void setSignatureParameters(Signature signature, ai aiVar) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        if (aiVar == null || aq.abt.equals(aiVar)) {
            return;
        }
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(signature.getAlgorithm(), signature.getProvider());
        try {
            algorithmParameters.init(aiVar.getDERObject().getDEREncoded());
            if (signature.getAlgorithm().endsWith("MGF1")) {
                try {
                    signature.setParameter(algorithmParameters.getParameterSpec(PSSParameterSpec.class));
                } catch (GeneralSecurityException e) {
                    throw new SignatureException("Exception extracting parameters: " + e.getMessage());
                }
            }
        } catch (IOException e2) {
            throw new SignatureException("IOException decoding parameters: " + e2.getMessage());
        }
    }

    private static org.bouncycastle.a.j toDERSequence(byte[] bArr) {
        try {
            return (org.bouncycastle.a.j) new org.bouncycastle.a.d(bArr).pn();
        } catch (Exception e) {
            throw new IllegalArgumentException("badly encoded request");
        }
    }

    @Override // org.bouncycastle.a.b
    public byte[] getEncoded() {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            new aw(byteArrayOutputStream).writeObject(this);
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new RuntimeException(e.toString());
        }
    }

    public PublicKey getPublicKey() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException {
        return getPublicKey("BC");
    }

    public PublicKey getPublicKey(String str) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException {
        ae pN = this.reqInfo.pN();
        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(new org.bouncycastle.a.ae(pN).getBytes());
        org.bouncycastle.a.n.a qa = pN.qa();
        try {
            try {
                return KeyFactory.getInstance(qa.qB().getId(), str).generatePublic(x509EncodedKeySpec);
            } catch (NoSuchAlgorithmException e) {
                if (keyAlgorithms.get(qa.qB()) != null) {
                    return KeyFactory.getInstance((String) keyAlgorithms.get(qa.qB()), str).generatePublic(x509EncodedKeySpec);
                }
                throw e;
            }
        } catch (InvalidKeySpecException e2) {
            throw new InvalidKeyException("error decoding public key");
        }
    }

    public boolean verify() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        return verify("BC");
    }

    public boolean verify(String str) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        return verify(getPublicKey(str), str);
    }

    public boolean verify(PublicKey publicKey, String str) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        Signature signature;
        try {
            signature = Signature.getInstance(getSignatureName(this.sigAlgId), str);
        } catch (NoSuchAlgorithmException e) {
            if (oids.get(this.sigAlgId.qB()) == null) {
                throw e;
            }
            signature = Signature.getInstance((String) oids.get(this.sigAlgId.qB()), str);
        }
        setSignatureParameters(signature, this.sigAlgId.qC());
        signature.initVerify(publicKey);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new aw(byteArrayOutputStream).writeObject(this.reqInfo);
            signature.update(byteArrayOutputStream.toByteArray());
            return signature.verify(this.sigBits.getBytes());
        } catch (Exception e2) {
            throw new SignatureException("exception encoding TBS cert request - " + e2);
        }
    }
}
