package com.tibco.security.impl.ibm;

import com.ibm.security.pkcs10.CertificationRequest;
import com.ibm.security.pkcs10.CertificationRequestInfo;
import com.ibm.security.pkcsutil.PKCSAttributes;
import com.ibm.security.pkcsutil.PKCSException;
import com.ibm.security.x509.AlgorithmId;
import com.ibm.security.x509.CertificateAlgorithmId;
import com.ibm.security.x509.CertificateExtensions;
import com.ibm.security.x509.CertificateValidity;
import com.ibm.security.x509.GeneralNames;
import com.ibm.security.x509.KeyUsageExtension;
import com.ibm.security.x509.RFC822Name;
import com.ibm.security.x509.SubjectAlternativeNameExtension;
import com.ibm.security.x509.SubjectKeyIdentifierExtension;
import com.ibm.security.x509.X500Name;
import com.ibm.security.x509.X509CertImpl;
import com.ibm.security.x509.X509CertInfo;
import com.tibco.security.AXSecurityException;
import com.tibco.security.CSR;
import com.tibco.security.Cert;
import com.tibco.security.CertFactory;
import com.tibco.security.DN;
import com.tibco.security.Hasher;
import com.tibco.security.PKFactory;
import com.tibco.security.ShroudedPK;
import com.tibco.security.impl.OoOO.ooOO;
import com.tibco.security.smime.SMIMEConstants;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.Serializable;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;

/* loaded from: input_file:com/tibco/security/impl/ibm/CSRImpl.class */
public class CSRImpl extends CSR implements Serializable {
    private static final long serialVersionUID = 5123490079148048156L;
    ShroudedPK secretKey = null;
    byte[] mCSRBytes = null;
    String keyAlg = null;
    static final int keyStorageAlgorithm = 2;

    /* renamed from: new, reason: not valid java name */
    KeyPair m70new(char[] cArr, int i, String str) throws AXSecurityException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str, ooOO.getInstance().getJCEProvider(0));
            keyPairGenerator.initialize(i);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            this.secretKey = PKFactory.createShroudedPK(PKFactory.createPK(generateKeyPair.getPrivate()), cArr, 2);
            return generateKeyPair;
        } catch (Exception e) {
            throw new AXSecurityException(e);
        }
    }

    @Override // com.tibco.security.CSR
    public synchronized ShroudedPK getPrivateKey() {
        return this.secretKey;
    }

    @Override // com.tibco.security.CSR
    public synchronized byte[] generateCSR(char[] cArr, int i, String str, DN dn) throws AXSecurityException {
        String str2;
        this.keyAlg = str;
        KeyPair m70new = m70new(cArr, i, str);
        try {
            CertificationRequestInfo certificationRequestInfo = new CertificationRequestInfo(o00000(dn), m70new.getPublic(), new PKCSAttributes());
            if (str.equalsIgnoreCase("RSA")) {
                str2 = SMIMEConstants.SHA256;
            } else {
                if (!str.equalsIgnoreCase("DSA")) {
                    throw new AXSecurityException("unrecognized key algorithm: " + str);
                }
                str2 = Hasher.SHA1;
            }
            CertificationRequest certificationRequest = new CertificationRequest(certificationRequestInfo, m70new.getPrivate(), str2);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            certificationRequest.encode(byteArrayOutputStream);
            this.mCSRBytes = byteArrayOutputStream.toByteArray();
            return this.mCSRBytes;
        } catch (NoSuchAlgorithmException e) {
            throw new AXSecurityException(e);
        } catch (PKCSException e2) {
            throw new AXSecurityException((Exception) e2);
        } catch (IOException e3) {
            throw new AXSecurityException(e3);
        }
    }

    @Override // com.tibco.security.CSR
    public synchronized Cert generateSelfSignedCert(char[] cArr, int i, String str, DN dn, Date date, Date date2, BigInteger bigInteger) throws AXSecurityException {
        AlgorithmId algorithmId;
        this.keyAlg = str;
        KeyPair m70new = m70new(cArr, i, str);
        try {
            X500Name o00000 = o00000(dn);
            if (str.equalsIgnoreCase("RSA")) {
                algorithmId = new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid);
            } else {
                if (!str.equalsIgnoreCase("DSA")) {
                    throw new AXSecurityException("unrecognized key algorithm: " + str);
                }
                algorithmId = new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid);
            }
            X509CertInfo x509CertInfo = new X509CertInfo();
            x509CertInfo.set("validity", new CertificateValidity(date, date2));
            x509CertInfo.set("subject", o00000);
            x509CertInfo.set("issuer", o00000);
            x509CertInfo.set("algorithmID", new CertificateAlgorithmId(algorithmId));
            x509CertInfo.set("key", m70new.getPublic());
            x509CertInfo.set("serialNumber", bigInteger);
            x509CertInfo.set("version", new Integer(2));
            x509CertInfo.set("extensions", o00000(m70new, dn));
            X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
            x509CertImpl.sign(m70new.getPrivate(), str.equalsIgnoreCase("RSA") ? "SHA256withRSA" : "SHA1withDSA", ooOO.getInstance().getJCEProvider(0));
            return CertFactory.createCert((X509Certificate) x509CertImpl);
        } catch (IOException e) {
            throw new AXSecurityException(e);
        } catch (InvalidKeyException e2) {
            throw new AXSecurityException(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new AXSecurityException(e3);
        } catch (NoSuchProviderException e4) {
            throw new AXSecurityException(e4);
        } catch (SignatureException e5) {
            throw new AXSecurityException(e5);
        } catch (CertificateException e6) {
            throw new AXSecurityException(e6);
        }
    }

    X500Name o00000(DN dn) throws IOException {
        return new X500Name(dn.getAttributeValue(DN.CN), dn.getAttributeValue(DN.OU), dn.getAttributeValue(DN.O), dn.getAttributeValue(DN.L), dn.getAttributeValue(DN.ST), dn.getAttributeValue(DN.C));
    }

    CertificateExtensions o00000(KeyPair keyPair, DN dn) throws IOException {
        CertificateExtensions certificateExtensions = new CertificateExtensions();
        KeyUsageExtension keyUsageExtension = new KeyUsageExtension();
        Boolean bool = new Boolean(true);
        keyUsageExtension.set("non_repudiation", bool);
        keyUsageExtension.set("key_encipherment", bool);
        keyUsageExtension.set("data_encipherment", bool);
        keyUsageExtension.set("key_certsign", bool);
        keyUsageExtension.set("crl_sign", bool);
        keyUsageExtension.set("digital_signature", bool);
        certificateExtensions.set(keyUsageExtension.getName(), keyUsageExtension);
        String attributeValue = dn.getAttributeValue(DN.EMAIL);
        if (attributeValue != null) {
            SubjectAlternativeNameExtension subjectAlternativeNameExtension = new SubjectAlternativeNameExtension();
            GeneralNames generalNames = new GeneralNames();
            generalNames.add(new RFC822Name(attributeValue));
            subjectAlternativeNameExtension.set("subject_name", generalNames);
            certificateExtensions.set(subjectAlternativeNameExtension.getName(), subjectAlternativeNameExtension);
        }
        SubjectKeyIdentifierExtension subjectKeyIdentifierExtension = new SubjectKeyIdentifierExtension(keyPair.getPublic().getEncoded());
        certificateExtensions.set(subjectKeyIdentifierExtension.getName(), subjectKeyIdentifierExtension);
        return certificateExtensions;
    }

    @Override // com.tibco.security.CSR
    public synchronized PublicKey getPublicKey() {
        try {
            return new CertificationRequest(this.mCSRBytes).getCertRequestInfo().getSubjectPublicKeyInfo();
        } catch (Exception unused) {
            return null;
        }
    }
}
