package com.ibm.gsk.ikeyman.keystore.entry;

import com.ibm.gsk.ikeyman.command.CommandParameters;
import com.ibm.gsk.ikeyman.command.Constants;
import com.ibm.gsk.ikeyman.error.InternalKeyManagerException;
import com.ibm.gsk.ikeyman.error.KeyManagerException;
import com.ibm.gsk.ikeyman.io.CertificateWriter;
import com.ibm.gsk.ikeyman.keystore.entry.DisplayItemFactory;
import com.ibm.gsk.ikeyman.keystore.ext.Details;
import com.ibm.gsk.ikeyman.keystore.ext.KeymanTree;
import com.ibm.gsk.ikeyman.messages.Messages;
import com.ibm.gsk.ikeyman.util.KeymanSettings;
import com.ibm.gsk.ikeyman.util.KeymanUtil;
import com.ibm.security.pkcs10.CertificationRequest;
import com.ibm.security.pkcs10.CertificationRequestInfo;
import com.ibm.security.pkcs9.PKCS9DerObject;
import com.ibm.security.pkcsutil.PKCSAttribute;
import com.ibm.security.pkcsutil.PKCSAttributes;
import com.ibm.security.pkcsutil.PKCSOID;
import com.ibm.security.x509.AlgorithmId;
import com.ibm.security.x509.AuthorityKeyIdentifierExtension;
import com.ibm.security.x509.BasicConstraintsExtension;
import com.ibm.security.x509.CertAttrSet;
import com.ibm.security.x509.CertificateExtensions;
import com.ibm.security.x509.CertificateSerialNumber;
import com.ibm.security.x509.CertificateValidity;
import com.ibm.security.x509.CertificateVersion;
import com.ibm.security.x509.ExtKeyUsageExtension;
import com.ibm.security.x509.Extension;
import com.ibm.security.x509.KeyIdentifier;
import com.ibm.security.x509.KeyUsageExtension;
import com.ibm.security.x509.SubjectKeyIdentifierExtension;
import com.ibm.security.x509.X500Name;
import com.ibm.security.x509.X509CertImpl;
import com.ibm.security.x509.X509CertInfo;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.Vector;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:jre/Home/jre/lib/ext/gskikm.jar:com/ibm/gsk/ikeyman/keystore/entry/CertificateRequestItemImpl.class */
public class CertificateRequestItemImpl extends AbstractEntry implements CertificateRequestItem {
    private final DisplayItemFactory.TreeDisplayItem version;
    private final DisplayItemFactory.DNItem subjectDN;
    private final int keySize;
    private final DisplayItemFactory.DisplayItem fingerprint;
    private final PublicKey publicKey;
    private final DisplayItemFactory.TreeDisplayItem publicKeyAlgorithm;
    private final Collection attributes;
    private final DisplayItemFactory.AlgorithmItem signatureAlgorithm;
    private final ByteArray signature;
    private final CertificationRequest request;
    private PublicKey pubKey;
    private CertificateKeyItem ca_signer;
    private CertificateExtensions ext;

    /* renamed from: com.ibm.gsk.ikeyman.keystore.entry.CertificateRequestItemImpl$1, reason: invalid class name */
    /* loaded from: input_file:jre/Home/jre/lib/ext/gskikm.jar:com/ibm/gsk/ikeyman/keystore/entry/CertificateRequestItemImpl$1.class */
    /* synthetic */ class AnonymousClass1 {
        static final int[] $SwitchMap$com$ibm$gsk$ikeyman$keystore$ext$Details$DetailIdentifier = new int[Details.DetailIdentifier.values().length];

        static {
            try {
                $SwitchMap$com$ibm$gsk$ikeyman$keystore$ext$Details$DetailIdentifier[Details.DetailIdentifier.KeySize.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$ibm$gsk$ikeyman$keystore$ext$Details$DetailIdentifier[Details.DetailIdentifier.Subject.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$ibm$gsk$ikeyman$keystore$ext$Details$DetailIdentifier[Details.DetailIdentifier.Fingerprint.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$ibm$gsk$ikeyman$keystore$ext$Details$DetailIdentifier[Details.DetailIdentifier.SignatureAlgorithm.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CertificateRequestItemImpl(String str, CertificationRequest certificationRequest) throws KeyManagerException {
        super(str);
        this.request = certificationRequest;
        CertificationRequestInfo certRequestInfo = certificationRequest.getCertRequestInfo();
        this.version = DisplayItemFactory.getCertificateRequestVersion(certRequestInfo.getVersion());
        this.subjectDN = DisplayItemFactory.getDNItem(certRequestInfo.getSubjectName());
        try {
            PublicKey subjectPublicKeyInfo = certRequestInfo.getSubjectPublicKeyInfo();
            this.keySize = computeKeySize(subjectPublicKeyInfo);
            this.fingerprint = DisplayItemFactory.getFinterprintItem(certRequestInfo);
            this.publicKeyAlgorithm = DisplayItemFactory.getAlgorithmItem(subjectPublicKeyInfo);
            this.publicKey = subjectPublicKeyInfo;
            this.attributes = DisplayItemFactory.getAttributeItems(certRequestInfo.getAttributes().getAttributes());
            this.signature = new ByteArray(certificationRequest.getSignature());
            this.signatureAlgorithm = DisplayItemFactory.getAlgorithmItem(certificationRequest.getSignatureAlgorithm());
            this.ext = null;
        } catch (IOException e) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.IO_ERROR, e);
        } catch (InvalidKeyException e2) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.PUBLIC_KEY_COPY_ERROR, e2);
        }
    }

    public CertificateRequestItemImpl(String str, CertificationRequest certificationRequest, CommandParameters commandParameters) throws KeyManagerException, IOException {
        this(str, certificationRequest);
        CertificationRequestInfo certRequestInfo = certificationRequest.getCertRequestInfo();
        Object attribute = certRequestInfo.getAttributes().getAttribute(PKCSOID.EXTENSION_REQUEST_OID);
        if (attribute != null) {
            this.ext = (CertificateExtensions) ((PKCSAttribute) attribute).getAttributeValue();
            try {
                this.ext.delete(ExtKeyUsageExtension.NAME);
            } catch (Exception e) {
            }
            try {
                this.ext.delete("KeyUsage");
            } catch (Exception e2) {
            }
        } else {
            this.ext = new CertificateExtensions();
        }
        CertAttrSet extension = commandParameters.getSan().toExtension((commandParameters.isParameterPresent(Constants.Parameter.DN) ? commandParameters.getDn() : DisplayItemFactory.getDNItem("")).isEmpty());
        if (extension != null) {
            this.ext.set(extension.getName(), extension);
        }
        if (commandParameters.isParameterPresent(Constants.Parameter.CA) && commandParameters.isCa()) {
            this.ext.set("BasicConstraints", new BasicConstraintsExtension(true, Integer.MAX_VALUE));
        }
        Vector extendedKeyUsage = commandParameters.getExtendedKeyUsage();
        if (extendedKeyUsage.size() > 0) {
            this.ext.set(ExtKeyUsageExtension.NAME, new ExtKeyUsageExtension(extendedKeyUsage));
        }
        KeyUsageExtension keyUsage = commandParameters.getKeyUsage();
        if (keyUsage != null) {
            this.ext.set("KeyUsage", keyUsage);
        }
        if (this.ext.getAllExtensions().size() <= 0 || certRequestInfo.getAttributes().size() <= 0) {
            return;
        }
        certRequestInfo.getAttributes().addAttribute(new PKCSAttribute(PKCSOID.EXTENSION_REQUEST_OID, this.ext));
    }

    private static int computeKeySize(PublicKey publicKey) {
        int i = 0;
        if (publicKey instanceof RSAPublicKey) {
            i = ((RSAPublicKey) publicKey).getModulus().bitLength();
        } else if (publicKey instanceof DSAPublicKey) {
            i = ((DSAPublicKey) publicKey).getY().bitLength();
        } else if (publicKey instanceof ECPublicKey) {
            i = ((ECPublicKey) publicKey).getParams().getCurve().getA().bitLength();
        }
        if (i % 2 != 0) {
            i++;
        }
        return i;
    }

    @Override // com.ibm.gsk.ikeyman.keystore.entry.Entry
    public void extract(String str, CertificateWriter.OutputMode outputMode) throws KeyManagerException {
        try {
            this.request.writeBASE64(str);
        } catch (IOException e) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.OUTPUT_FILE_CREATION_ERROR, e, new String[]{str});
        }
    }

    @Override // com.ibm.gsk.ikeyman.keystore.entry.CertificateRequestItem
    public int getKeySize() {
        return this.keySize;
    }

    @Override // com.ibm.gsk.ikeyman.keystore.entry.CertificateRequestItem
    public DisplayItemFactory.DNItem getSubjectDN() {
        return this.subjectDN;
    }

    @Override // com.ibm.gsk.ikeyman.keystore.entry.CertificateRequestItem
    public CertificationRequest getRequest() {
        return this.request;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public X509Certificate createCertificate(X500Name x500Name, int i, Integer num, AlgorithmId algorithmId, Extension extension, String str) throws KeyManagerException {
        SubjectKeyIdentifierExtension subjectKeyIdentifierExtension;
        X509CertInfo x509CertInfo = new X509CertInfo(str);
        CertificateVersion certificateVersion = KeymanSettings.DEFAULT_CERTIFICATE_VERSION;
        CertificateSerialNumber certificateSerialNumber = num != null ? new CertificateSerialNumber(num.intValue()) : new CertificateSerialNumber((int) (Calendar.getInstance().getTime().getTime() / 1000));
        try {
            X500Name x500Name2 = new X500Name(x500Name.toString());
            X500Name x500Name3 = new X500Name(this.subjectDN.toString());
            CertificationRequest certificationRequest = this.request;
            PKCSAttributes attributes = certificationRequest.getCertRequestInfo().getAttributes();
            PKCSAttribute[] attributes2 = attributes.getAttributes();
            CertificateExtensions certificateExtensions = new CertificateExtensions();
            if (attributes.size() != 0) {
                for (PKCSAttribute pKCSAttribute : attributes2) {
                    PKCS9DerObject pKCS9DerObject = pKCSAttribute.getPKCS9DerObject();
                    if (pKCS9DerObject.getValue() instanceof CertificateExtensions) {
                        certificateExtensions = (CertificateExtensions) pKCS9DerObject.getValue();
                        break;
                    }
                }
            } else if (this.ext != null) {
                certificateExtensions = this.ext;
            }
            try {
                byte[] bArr = new byte[8];
                MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
                messageDigest.update(certificationRequest.getCertRequestInfo().getSubjectPublicKeyInfo().getEncoded());
                byte[] digest = messageDigest.digest();
                System.arraycopy(digest, digest.length - 8, bArr, 0, 8);
                bArr[0] = (byte) (bArr[0] & 143 & bArr[0]);
                certificateExtensions.set("SubjectKeyIdentifier", extension != null ? (SubjectKeyIdentifierExtension) extension : new SubjectKeyIdentifierExtension(new KeyIdentifier(bArr).getIdentifier()));
                if (this.ca_signer != null && (subjectKeyIdentifierExtension = this.ca_signer.getSubjectKeyIdentifierExtension()) != null) {
                    certificateExtensions.set("AuthorityKeyIdentifier", new AuthorityKeyIdentifierExtension((KeyIdentifier) subjectKeyIdentifierExtension.get("key_id"), null, null));
                }
                Calendar calendar = Calendar.getInstance();
                Date time = calendar.getTime();
                calendar.add(6, i);
                CertificateValidity certificateValidity = new CertificateValidity(time, calendar.getTime());
                try {
                    x509CertInfo.set("version", certificateVersion);
                    x509CertInfo.set("serialNumber", certificateSerialNumber);
                    x509CertInfo.set("algorithmID", algorithmId);
                    x509CertInfo.set("issuer", x500Name2);
                    x509CertInfo.set("validity", certificateValidity);
                    x509CertInfo.set("subject", x500Name3);
                    x509CertInfo.set("key", certificationRequest.getCertRequestInfo().getSubjectPublicKeyInfo());
                    if (certificateExtensions != null && certificateExtensions.getAllExtensions().size() > 0) {
                        x509CertInfo.set("extensions", certificateExtensions);
                    }
                    try {
                        return new X509CertImpl(x509CertInfo, str);
                    } catch (CertificateEncodingException e) {
                        throw new KeyManagerException(KeyManagerException.ExceptionReason.CERTIFICATE_PARSING_ERROR, e);
                    } catch (CertificateParsingException e2) {
                        throw new KeyManagerException(KeyManagerException.ExceptionReason.CERTIFICATE_PARSING_ERROR, e2);
                    }
                } catch (IOException e3) {
                    throw new KeyManagerException(KeyManagerException.ExceptionReason.IO_ERROR, e3);
                } catch (InvalidKeyException e4) {
                    throw new KeyManagerException(KeyManagerException.ExceptionReason.PUBLIC_KEY_COPY_ERROR, e4);
                } catch (CertificateException e5) {
                    throw new KeyManagerException(KeyManagerException.ExceptionReason.CERTIFICATE_CREATE_ERROR, e5);
                }
            } catch (IOException e6) {
                throw new KeyManagerException(KeyManagerException.ExceptionReason.IO_ERROR, e6);
            } catch (InvalidKeyException e7) {
                throw new KeyManagerException(KeyManagerException.ExceptionReason.PUBLIC_KEY_COPY_ERROR, e7);
            } catch (NoSuchAlgorithmException e8) {
                throw new KeyManagerException(KeyManagerException.ExceptionReason.NO_SUCH_ALGORITHM, e8);
            }
        } catch (IOException e9) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.INVALID_DN, e9);
        }
    }

    @Override // com.ibm.gsk.ikeyman.keystore.entry.CertificateRequestItem
    public CertificateItemImpl sign(CertificateKeyItem certificateKeyItem, int i, Integer num, String str) throws KeyManagerException {
        try {
            this.ca_signer = certificateKeyItem;
            String oid = certificateKeyItem.getSignatureAlgorithm().getOID();
            X509CertImpl x509CertImpl = (X509CertImpl) createCertificate(certificateKeyItem.getSubjectDN().getX500Name(), i, num, KeymanUtil.getSignatureAlgorithm(oid), null, str);
            if (KeymanUtil.isIBMJCE()) {
                x509CertImpl.sign(certificateKeyItem.getPrivateKey(), oid, str);
            } else {
                x509CertImpl.sign(certificateKeyItem.getPrivateKey(), oid);
            }
            return new CertificateItemImpl(getLabel(), x509CertImpl);
        } catch (InvalidKeyException e) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.INVALID_KEY_FOR_SIGNING, e, new String[]{getLabel()});
        } catch (NoSuchAlgorithmException e2) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.NO_SUCH_ALGORITHM, e2, new String[]{e2.getMessage()});
        } catch (NoSuchProviderException e3) {
            throw new InternalKeyManagerException(KeyManagerException.ExceptionReason.NO_SUCH_PROVIDER, e3, new String[]{KeymanUtil.getJCEProviderName()});
        } catch (SignatureException e4) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.SIGNATURE_ERROR, e4, new String[]{getLabel()});
        } catch (CertificateException e5) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.CERTIFICATE_ENCODING_ERROR, e5);
        }
    }

    @Override // com.ibm.gsk.ikeyman.keystore.entry.PublicKeyItem
    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    @Override // com.ibm.gsk.ikeyman.keystore.ext.Displayable
    public String toLongString() {
        return Messages.getString("Label.Label") + " " + getLabel() + "\n" + Messages.getString("Label.KeySize") + KeymanUtil.getLocalisedColon() + " " + this.keySize + "\n" + Messages.getString("Label.Subject") + KeymanUtil.getLocalisedColon() + " " + this.subjectDN.toString() + "\n" + Messages.getString("Label.Fingerprint") + " " + ((Object) this.fingerprint) + "\n" + Messages.getString("Label.SigAlg") + KeymanUtil.getLocalisedColon() + " " + this.signatureAlgorithm.toString() + "\n";
    }

    @Override // com.ibm.gsk.ikeyman.keystore.ext.Displayable
    public KeymanTree toTree() {
        KeymanTree keymanTree = new KeymanTree(KeymanTree.newNode(getLabel()));
        KeymanTree.KeymanTreeNode addChild = ((KeymanTree.KeymanTreeNode) keymanTree.getRoot()).addChild(KeymanTree.newNode(Messages.getString("Label.CertificationRequest"))).addChild(KeymanTree.newNode(Messages.getString("Label.CertificationRequestInfo")));
        addChild.addChild(KeymanTree.newNode(Messages.getString("Label.Version"), this.version.toString()));
        addChild.addChild(KeymanTree.newNode(Messages.getString("Label.Subject"))).addChildren(this.subjectDN.getTreeNodes());
        KeymanTree.KeymanTreeNode addChild2 = addChild.addChild(KeymanTree.newNode(Messages.getString("Label.SubjectPublicKeyInfo")));
        addChild2.addChild(KeymanTree.newNode(Messages.getString("Label.Algorithm"))).addChildren(this.publicKeyAlgorithm.getTreeNodes());
        addChild2.addChild(KeymanTree.newNode(Messages.getString("Label.SubjectPublicKey"), new ByteArray(this.publicKey.getEncoded()).toString()));
        if (this.attributes.size() > 0) {
            KeymanTree.KeymanTreeNode addChild3 = addChild.addChild(KeymanTree.newNode(Messages.getString("Label.Attributes")));
            Iterator it = this.attributes.iterator();
            while (it.hasNext()) {
                addChild3.addChildren(((DisplayItemFactory.TreeDisplayItem) it.next()).getTreeNodes());
            }
        }
        addChild.addChild(KeymanTree.newNode(Messages.getString("Label.SigAlg"))).addChildren(this.signatureAlgorithm.getTreeNodes());
        addChild.addChild(KeymanTree.newNode(Messages.getString("Label.SigVal"), this.signature.toString()));
        return keymanTree;
    }

    @Override // com.ibm.gsk.ikeyman.keystore.entry.AbstractEntry, com.ibm.gsk.ikeyman.keystore.entry.Entry
    public void setLabel(String str) {
        throw new UnsupportedOperationException("A certificate request label cannot be changed.");
    }

    @Override // com.ibm.gsk.ikeyman.keystore.entry.Entry
    public KeyStore.Entry toKeyStoreEntry() {
        throw new UnsupportedOperationException("method toKeyStoreEntry");
    }

    public DisplayItemFactory.AlgorithmItem getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    @Override // com.ibm.gsk.ikeyman.keystore.entry.AbstractEntry, com.ibm.gsk.ikeyman.keystore.ext.Details
    public String get(Details.DetailIdentifier detailIdentifier) throws KeyManagerException {
        switch (AnonymousClass1.$SwitchMap$com$ibm$gsk$ikeyman$keystore$ext$Details$DetailIdentifier[detailIdentifier.ordinal()]) {
            case 1:
                return this.keySize + "";
            case 2:
                return this.subjectDN.toString();
            case 3:
                return this.fingerprint.toString();
            case 4:
                return this.signatureAlgorithm.toString();
            default:
                return super.get(detailIdentifier);
        }
    }

    @Override // com.ibm.gsk.ikeyman.keystore.ext.Displayable
    public boolean isValid() {
        return true;
    }

    @Override // com.ibm.gsk.ikeyman.keystore.entry.CertificateRequestItem
    public CertificateItem sign(CertificateKeyItem certificateKeyItem, int i, Integer num, String str) throws KeyManagerException {
        return sign(certificateKeyItem, i, num, str);
    }
}
