package com.tibco.security.impl.entrust61;

import com.tibco.security.AXSecurityException;
import com.tibco.security.CSR;
import com.tibco.security.Cert;
import com.tibco.security.CertFactory;
import com.tibco.security.DN;
import com.tibco.security.PKFactory;
import com.tibco.security.ShroudedPK;
import iaik.asn1.CodingException;
import iaik.asn1.ObjectID;
import iaik.asn1.UTF8String;
import iaik.asn1.structures.AlgorithmID;
import iaik.asn1.structures.GeneralName;
import iaik.asn1.structures.GeneralNames;
import iaik.asn1.structures.Name;
import iaik.pkcs.pkcs10.CertificateRequest;
import iaik.x509.V3Extension;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionException;
import iaik.x509.X509Extensions;
import iaik.x509.extensions.BasicConstraints;
import iaik.x509.extensions.KeyUsage;
import iaik.x509.extensions.SubjectAltName;
import iaik.x509.extensions.SubjectKeyIdentifier;
import java.io.Serializable;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.util.Date;
import java.util.Enumeration;

/* loaded from: input_file:com/tibco/security/impl/entrust61/CSRImpl.class */
public class CSRImpl extends CSR implements Serializable {
    private static final long serialVersionUID = 8069977356861366094L;
    ShroudedPK secretKey = null;
    byte[] mCSRBytes = null;
    String keyAlg = null;
    static final int keyStorageAlgorithm = 2;

    /* renamed from: Ó00000, reason: contains not printable characters */
    KeyPair m5700000(char[] cArr, int i, String str) throws AXSecurityException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str, com.tibco.security.impl.OoOO.ooOO.getInstance().getJCEProvider(0));
            keyPairGenerator.initialize(i);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            this.secretKey = PKFactory.createShroudedPK(PKFactory.createPK(generateKeyPair.getPrivate()), cArr, 2);
            return generateKeyPair;
        } catch (Exception e) {
            throw new AXSecurityException(e);
        }
    }

    @Override // com.tibco.security.CSR
    public synchronized ShroudedPK getPrivateKey() {
        return this.secretKey;
    }

    @Override // com.tibco.security.CSR
    public synchronized byte[] generateCSR(char[] cArr, int i, String str, DN dn) throws AXSecurityException {
        AlgorithmID algorithmID;
        this.keyAlg = str;
        KeyPair m5700000 = m5700000(cArr, i, str);
        try {
            CertificateRequest certificateRequest = new CertificateRequest(m5700000.getPublic(), m58new(dn));
            if (str.equalsIgnoreCase("RSA")) {
                algorithmID = AlgorithmID.sha256WithRSAEncryption;
            } else {
                if (!str.equalsIgnoreCase("DSA")) {
                    throw new AXSecurityException("unrecognized key algorithm: " + str);
                }
                algorithmID = AlgorithmID.dsaWithSHA1;
            }
            certificateRequest.sign(algorithmID, m5700000.getPrivate());
            this.mCSRBytes = certificateRequest.toByteArray();
            return this.mCSRBytes;
        } catch (InvalidKeyException e) {
            throw new AXSecurityException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new AXSecurityException(e2);
        } catch (SignatureException e3) {
            throw new AXSecurityException(e3);
        }
    }

    @Override // com.tibco.security.CSR
    public synchronized Cert generateSelfSignedCert(char[] cArr, int i, String str, DN dn, Date date, Date date2, BigInteger bigInteger) throws AXSecurityException {
        AlgorithmID algorithmID;
        this.keyAlg = str;
        KeyPair m5700000 = m5700000(cArr, i, str);
        try {
            Name m58new = m58new(dn);
            X509Certificate x509Certificate = new X509Certificate();
            x509Certificate.setSubjectDN(m58new);
            x509Certificate.setIssuerDN(m58new);
            if (str.equalsIgnoreCase("RSA")) {
                algorithmID = AlgorithmID.sha256WithRSAEncryption;
            } else {
                if (!str.equalsIgnoreCase("DSA")) {
                    throw new AXSecurityException("unrecognized key algorithm: " + str);
                }
                algorithmID = AlgorithmID.dsaWithSHA1;
            }
            x509Certificate.setSignatureAlgorithm(algorithmID);
            x509Certificate.setValidNotBefore(date);
            x509Certificate.setValidNotAfter(date2);
            x509Certificate.setPublicKey(m5700000.getPublic());
            x509Certificate.setSerialNumber(bigInteger);
            Enumeration listExtensions = m59new(m5700000, dn).listExtensions();
            while (listExtensions.hasMoreElements()) {
                x509Certificate.addExtension((V3Extension) listExtensions.nextElement());
            }
            x509Certificate.sign(algorithmID, m5700000.getPrivate());
            return CertFactory.createCert((java.security.cert.X509Certificate) x509Certificate);
        } catch (NoSuchAlgorithmException e) {
            throw new AXSecurityException(e);
        } catch (X509ExtensionException e2) {
            throw new AXSecurityException((Exception) e2);
        } catch (InvalidKeyException e3) {
            throw new AXSecurityException(e3);
        } catch (CertificateException e4) {
            throw new AXSecurityException(e4);
        }
    }

    /* renamed from: new, reason: not valid java name */
    static Name m58new(DN dn) {
        Name name = new Name();
        o00000(name, dn.getAttributeValue(DN.CN), ObjectID.commonName);
        o00000(name, dn.getAttributeValue(DN.C), ObjectID.country);
        o00000(name, dn.getAttributeValue(DN.ST), ObjectID.stateOrProvince);
        o00000(name, dn.getAttributeValue(DN.L), ObjectID.locality);
        o00000(name, dn.getAttributeValue(DN.O), ObjectID.organization);
        o00000(name, dn.getAttributeValue(DN.OU), ObjectID.organizationalUnit);
        o00000(name, dn.getAttributeValue(DN.EMAIL), ObjectID.emailAddress);
        return name;
    }

    private static void o00000(Name name, String str, ObjectID objectID) {
        if (str != null) {
            name.addRDN(objectID, o00000(str) ? new UTF8String(str) : str);
        }
    }

    private static boolean o00000(String str) {
        for (int length = str.length() - 1; length >= 0; length--) {
            if (str.charAt(length) > 127) {
                return true;
            }
        }
        return false;
    }

    /* renamed from: new, reason: not valid java name */
    static X509Extensions m59new(KeyPair keyPair, DN dn) throws X509ExtensionException {
        X509Extensions x509Extensions = new X509Extensions();
        BasicConstraints basicConstraints = new BasicConstraints(false);
        basicConstraints.setCritical(false);
        x509Extensions.addExtension(basicConstraints);
        KeyUsage keyUsage = new KeyUsage(111);
        keyUsage.setCritical(true);
        x509Extensions.addExtension(keyUsage);
        String attributeValue = dn.getAttributeValue(DN.EMAIL);
        if (attributeValue != null) {
            x509Extensions.addExtension(new SubjectAltName(new GeneralNames(new GeneralName(1, attributeValue))));
        }
        try {
            x509Extensions.addExtension(new SubjectKeyIdentifier(keyPair.getPublic()));
        } catch (NoSuchAlgorithmException e) {
            logger.error(e.toString(), e);
        } catch (CodingException e2) {
            logger.error(e2.toString(), e2);
        }
        return x509Extensions;
    }

    @Override // com.tibco.security.CSR
    public synchronized PublicKey getPublicKey() {
        try {
            return new CertificateRequest(this.mCSRBytes).getPublicKey();
        } catch (Exception unused) {
            return null;
        }
    }
}
