package com.ibm.security.certclient.beans;

import com.ibm.crypto.provider.PBMParameterSpec;
import com.ibm.security.certclient.PkEeFactory;
import com.ibm.security.certclient.base.PkAttrs;
import com.ibm.security.certclient.base.PkCertConstants;
import com.ibm.security.certclient.base.PkConfRepEvent;
import com.ibm.security.certclient.base.PkConfReqEvent;
import com.ibm.security.certclient.base.PkConstants;
import com.ibm.security.certclient.base.PkException;
import com.ibm.security.certclient.base.PkInitRepEvent;
import com.ibm.security.certclient.base.PkInitReqEvent;
import com.ibm.security.certclient.base.PkNLSConstants;
import com.ibm.security.certclient.base.PkPipe;
import com.ibm.security.certclient.base.PkRejectionException;
import com.ibm.security.certclient.base.PkRevoRepEvent;
import com.ibm.security.certclient.base.PkRevoReqEvent;
import com.ibm.security.certclient.base.PkSecnRepEvent;
import com.ibm.security.certclient.base.PkSecnReqEvent;
import com.ibm.security.certclient.util.PkNormalize;
import com.ibm.security.cmp.InfoTypeAndValue;
import com.ibm.security.cmp.PKIHeader;
import com.ibm.security.cmp.PKIMessage;
import com.ibm.security.util.DerOutputStream;
import com.ibm.security.x509.AlgorithmId;
import com.ibm.security.x509.GeneralName;
import com.ibm.security.x509.KeyIdentifier;
import com.ibm.security.x509.X500Name;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidParameterSpecException;
import java.util.Date;

/* loaded from: input_file:efixes/PK83758_Linux_ppc32/components/prereq.jdk/update.jar:/java/jre/lib/ext/ibmkeycert.jar:com/ibm/security/certclient/beans/PkEeXMgr.class */
public class PkEeXMgr extends PkPipe implements PkConstants {
    private static final String sccsid = "@(#) 84 1.11.1.1    com/tivoli/pki/beans/PkEeXMgr.java, PkBeans, javapki2, 09172003 9/17/03 10:27:51";
    private static BigInteger BIG_ONE = BigInteger.valueOf(1);

    @Override // com.ibm.security.certclient.base.PkPipe, com.ibm.security.certclient.base.PkListener
    public PkInitRepEvent doInitReq(PkInitReqEvent pkInitReqEvent) throws PkException {
        pkInitReqEvent.getAttrs().getValue("x509.info.subject", null);
        try {
            new PkNormalize().normalize(pkInitReqEvent.getAttrs().getValue("x509.info.subject").toString());
        } catch (Exception e) {
            pkInitReqEvent.getAttrs().getValue("x509.info.subject").toString();
        }
        PkInitRepEvent propagate = propagate(pkInitReqEvent);
        propagate.getSerialNumber();
        return propagate;
    }

    @Override // com.ibm.security.certclient.base.PkPipe, com.ibm.security.certclient.base.PkListener
    public PkSecnRepEvent doSecnReq(PkSecnReqEvent pkSecnReqEvent) throws PkException {
        try {
            return propagate(pkSecnReqEvent);
        } catch (Exception e) {
            if (e instanceof PkException) {
                throw ((PkException) e);
            }
            throw new PkException(e);
        }
    }

    @Override // com.ibm.security.certclient.base.PkPipe, com.ibm.security.certclient.base.PkListener
    public PkConfRepEvent doConfReq(PkConfReqEvent pkConfReqEvent) throws PkException {
        PkConfRepEvent pkConfRepEvent;
        InfoTypeAndValue[] infoTypeAndValueArr = (InfoTypeAndValue[]) pkConfReqEvent.getAttrs().getValue(PkCertConstants.CERT_REVOCATION_PASSPHRASE, null);
        PKIHeader pKIHeader = (PKIHeader) pkConfReqEvent.getAttrs().getValue("TMP_MSG_HDR");
        if (pKIHeader == null) {
            throw new PkException(PkNLSConstants.MISSING_MESSAGE_HEADER);
        }
        try {
            if (((PrivateKey) pkConfReqEvent.getAttrs().getValue(PkCertConstants.CERT_MESSAGE_PROTECTION_KEY, null)) == null) {
                String str = (String) pkConfReqEvent.getAttrs().getValue(PkCertConstants.CERT_INIT_PWD, null);
                PkAttrs attrs = pkConfReqEvent.getAttrs();
                pkConfRepEvent = (PkConfRepEvent) propagate(new PkConfReqEvent(pkConfReqEvent.getSource(), getConfMessage(pKIHeader, (KeyIdentifier) pkConfReqEvent.getAttrs().getValue(PkCertConstants.CERT_SENDER_KID), str, infoTypeAndValueArr), attrs));
            } else {
                pkConfRepEvent = (PkConfRepEvent) propagate(new PkConfReqEvent(pkConfReqEvent.getSource(), getConfMessageForCr(pKIHeader, pkConfReqEvent.getAttrs()), pkConfReqEvent.getAttrs()));
            }
            return pkConfRepEvent;
        } catch (Exception e) {
            if (e instanceof PkException) {
                throw ((PkException) e);
            }
            throw new PkException(e);
        }
    }

    @Override // com.ibm.security.certclient.base.PkPipe, com.ibm.security.certclient.base.PkListener
    public PkRevoRepEvent doRevoReq(PkRevoReqEvent pkRevoReqEvent) throws PkException {
        try {
            pkRevoReqEvent.getAttrs().add("TMP_MSG_HDR", 2, createHeader(pkRevoReqEvent.getAttrs()));
            return propagate(new PkRevoReqEvent(this, null, pkRevoReqEvent.getAttrs()));
        } catch (Exception e) {
            if (e instanceof PkException) {
                throw ((PkException) e);
            }
            throw new PkException(e);
        }
    }

    private PKIHeader createHeader(PkAttrs pkAttrs) throws Exception {
        GeneralName generalName;
        GeneralName generalName2;
        KeyIdentifier keyIdentifier;
        KeyIdentifier keyIdentifier2;
        boolean z = false;
        if (pkAttrs.getValue(PkCertConstants.CERT_REVO_PUBLIC_KEY, null) != null) {
            z = true;
        }
        if (z) {
            generalName = new GeneralName(new X500Name("o=JavaPki,c=US"));
            generalName2 = new GeneralName(new X500Name("o=JavaPki,c=US"));
            keyIdentifier = new KeyIdentifier(new String("JavaPki").getBytes());
            keyIdentifier2 = new KeyIdentifier(new String("JavaPki").getBytes());
        } else {
            generalName = new GeneralName((X500Name) pkAttrs.getValue("x509.info.subject"));
            generalName2 = (GeneralName) pkAttrs.getValue(PkCertConstants.CERT_RECIPIENT_DN);
            keyIdentifier = (KeyIdentifier) pkAttrs.getValue(PkCertConstants.CERT_SENDER_KID, null);
            keyIdentifier2 = null;
        }
        byte[] bytes = new Date().toString().getBytes();
        byte[] bytes2 = new Long(new Date().getTime()).toString().getBytes();
        PBMParameterSpec pBMParameterSpec = new PBMParameterSpec("this is a salt".getBytes(), new AlgorithmId(AlgorithmId.SHA_oid), 1001, new AlgorithmId(AlgorithmId.HmacSHA1_oid));
        InfoTypeAndValue[] infoTypeAndValueArr = (InfoTypeAndValue[]) pkAttrs.getValue(PkCertConstants.CERT_REVOCATION_PASSPHRASE, null);
        try {
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("PasswordBasedMac", PkEeFactory.getProvider());
            try {
                algorithmParameters.init(pBMParameterSpec);
                try {
                    return new PKIHeader(BIG_ONE, generalName, generalName2, new Date(), new AlgorithmId(AlgorithmId.PasswordBasedMac_oid, algorithmParameters.getEncoded()), keyIdentifier, keyIdentifier2, bytes2, bytes, null, null, infoTypeAndValueArr);
                } catch (Exception e) {
                    throw e;
                }
            } catch (InvalidParameterSpecException e2) {
                throw e2;
            }
        } catch (NoSuchAlgorithmException e3) {
            throw e3;
        } catch (NoSuchProviderException e4) {
            throw e4;
        }
    }

    private PKIHeader createHeader1(PkAttrs pkAttrs) throws Exception {
        return new PKIHeader(BIG_ONE, new GeneralName((X500Name) pkAttrs.getValue("x509.info.subject")), (GeneralName) pkAttrs.getValue(PkCertConstants.CERT_RECIPIENT_DN, null), null, null, (KeyIdentifier) pkAttrs.getValue(PkCertConstants.CERT_SENDER_KID), null, null, new Date().toString().getBytes(), null, null, (InfoTypeAndValue[]) pkAttrs.getValue(PkCertConstants.CERT_REVOCATION_PASSPHRASE, null));
    }

    private PKIMessage getConfMessage(PKIHeader pKIHeader, KeyIdentifier keyIdentifier, String str, InfoTypeAndValue[] infoTypeAndValueArr) throws Exception {
        GeneralName recipient = pKIHeader.getRecipient();
        GeneralName sender = pKIHeader.getSender();
        byte[] recipNonce = pKIHeader.getRecipNonce();
        byte[] senderNonce = pKIHeader.getSenderNonce();
        byte[] transactionID = pKIHeader.getTransactionID();
        PBMParameterSpec pBMParameterSpec = new PBMParameterSpec("this is a salt".getBytes(), new AlgorithmId(AlgorithmId.SHA_oid), 1001, new AlgorithmId(AlgorithmId.HmacSHA1_oid));
        try {
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("PasswordBasedMac", PkEeFactory.getProvider());
            try {
                algorithmParameters.init(pBMParameterSpec);
                try {
                    PKIMessage pKIMessage = new PKIMessage(new PKIHeader(BIG_ONE, recipient, sender, new Date(), new AlgorithmId(AlgorithmId.PasswordBasedMac_oid, algorithmParameters.getEncoded()), keyIdentifier, null, transactionID, recipNonce, senderNonce, null, infoTypeAndValueArr), 19, null, null, null);
                    try {
                        if (str != null) {
                            return pKIMessage.protect(str.getBytes());
                        }
                        throw new PkRejectionException(PkNLSConstants.MSG_CANNOT_BE_PROTECTED);
                    } catch (Exception e) {
                        if (e instanceof PkException) {
                            throw ((PkException) e);
                        }
                        throw new PkException(e);
                    }
                } catch (Exception e2) {
                    throw e2;
                }
            } catch (InvalidParameterSpecException e3) {
                throw e3;
            }
        } catch (NoSuchAlgorithmException e4) {
            throw e4;
        } catch (NoSuchProviderException e5) {
            throw e5;
        }
    }

    private PKIMessage getConfMessageForCr(PKIHeader pKIHeader, PkAttrs pkAttrs) throws Exception {
        GeneralName recipient = pKIHeader.getRecipient();
        GeneralName sender = pKIHeader.getSender();
        KeyIdentifier keyIdentifier = (KeyIdentifier) pkAttrs.getValue(PkCertConstants.CERT_SENDER_KID);
        byte[] recipNonce = pKIHeader.getRecipNonce();
        byte[] senderNonce = pKIHeader.getSenderNonce();
        PKIHeader pKIHeader2 = new PKIHeader(BIG_ONE, recipient, sender, new Date(), (AlgorithmId) pkAttrs.getValue("x509.info.algorithmID"), keyIdentifier, null, pKIHeader.getTransactionID(), recipNonce, senderNonce, null, (InfoTypeAndValue[]) pkAttrs.getValue(PkCertConstants.CERT_REVOCATION_PASSPHRASE, null));
        DerOutputStream derOutputStream = new DerOutputStream();
        pKIHeader2.encode(derOutputStream);
        DerOutputStream derOutputStream2 = new DerOutputStream();
        derOutputStream2.write((byte) 48, derOutputStream);
        byte[] byteArray = derOutputStream2.toByteArray();
        try {
            String str = (String) pkAttrs.getValue(PkCertConstants.CERT_PROVIDER);
            PrivateKey privateKey = (PrivateKey) pkAttrs.getValue(PkCertConstants.CERT_MESSAGE_PROTECTION_KEY);
            Signature signature = Signature.getInstance(privateKey instanceof RSAPrivateKey ? "SHA1withRSA" : "SHA1withDSA", str);
            signature.initSign(privateKey);
            signature.update(byteArray);
            return new PKIMessage(pKIHeader2, 19, null, signature.sign(), null);
        } catch (Exception e) {
            if (e instanceof PkException) {
                throw ((PkException) e);
            }
            throw new PkException(e);
        }
    }
}
