package com.ibm.cfwk.pki;

import com.ibm.asn1.ASN1OID;
import com.ibm.asn1.ASN1Tag;
import com.ibm.asn1.BERDecoder;
import com.ibm.asn1.DEREncoder;
import com.ibm.cfwk.API;
import com.ibm.cfwk.BadParameterException;
import com.ibm.cfwk.FailedException;
import com.ibm.cfwk.Key;
import com.ibm.cfwk.KeyMaterial;
import com.ibm.cfwk.MalformedDataException;
import com.ibm.util.x500name.X500Name;
import java.util.Vector;

/* loaded from: input_file:lib/swimport.zip:com/ibm/cfwk/pki/PKCS10.class */
public class PKCS10 {
    private static final ASN1OID[] EMPTY_TYPES = new ASN1OID[0];
    private static final byte[][] EMPTY_VALUES = new byte[0];
    public int version;
    public X500Name subject;
    public ASN1OID subjPubKeyOID;
    public KeyMaterial subjPubKeyMat;
    public Key subjPubKey;
    public ASN1OID[] attributeTypes;
    public byte[][] attributeValues;
    public AlgId signAlgId;
    public boolean signatureOk;

    public static PKCS10 decodeAndVerify(API api, byte[] bArr, int i, int i2) {
        PKCS10 pkcs10 = new PKCS10();
        try {
            BERDecoder bERDecoder = new BERDecoder(bArr, i, i2);
            int decodeSequence = bERDecoder.decodeSequence();
            int tLVOffset = bERDecoder.getTLVOffset() + i;
            int tLVLength = bERDecoder.getTLVLength() + i;
            int decodeSequence2 = bERDecoder.decodeSequence();
            if (!bERDecoder.nextIsDefault(2)) {
                pkcs10.version = bERDecoder.decodeIntegerAsInt();
            }
            pkcs10.subject = new X500Name(bERDecoder);
            SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo();
            subjectPublicKeyInfo.decode(bERDecoder, null);
            pkcs10.subjPubKeyOID = subjectPublicKeyInfo.algId.asn1oid();
            pkcs10.subjPubKeyMat = subjectPublicKeyInfo.material;
            Vector vector = null;
            Vector vector2 = null;
            bERDecoder.nextIsImplicit(ASN1Tag.makeTag(2, 0));
            int decodeSequence3 = bERDecoder.decodeSequence();
            while (!bERDecoder.endOf(decodeSequence3)) {
                if (vector == null) {
                    vector = new Vector();
                    vector2 = new Vector();
                }
                int decodeSequence4 = bERDecoder.decodeSequence();
                vector.addElement(bERDecoder.decodeObjectIdentifier());
                vector2.addElement(bERDecoder.decodeAnyAsByteArray());
                bERDecoder.endOf(decodeSequence4);
            }
            if (vector == null) {
                pkcs10.attributeTypes = EMPTY_TYPES;
                pkcs10.attributeValues = EMPTY_VALUES;
            } else {
                pkcs10.attributeTypes = new ASN1OID[vector.size()];
                pkcs10.attributeValues = new byte[vector2.size()];
                vector.copyInto(pkcs10.attributeTypes);
                vector2.copyInto(pkcs10.attributeValues);
            }
            bERDecoder.endOf(decodeSequence2);
            pkcs10.signAlgId = AlgId.make(bERDecoder);
            int valueOffset = bERDecoder.getValueOffset() + 1 + i;
            int valueLength = (bERDecoder.getValueLength() - 1) + i;
            bERDecoder.skipNext();
            if (bArr[valueOffset - 1] != 0) {
                throw new MalformedDataException("Signature bitstring has odd length - not a multiple of 8");
            }
            bERDecoder.endOf(decodeSequence);
            try {
                pkcs10.subjPubKey = Key.importKeyMaterial(pkcs10.subjPubKeyMat, api);
                pkcs10.signatureOk = X509Util.toBeVerified(pkcs10.signAlgId, api, pkcs10.subjPubKey, bArr, tLVOffset, tLVLength, bArr, valueOffset, valueLength);
                return pkcs10;
            } catch (Exception e) {
                throw new FailedException("Could not verify PKCS#10 certificate request", e);
            }
        } catch (Exception e2) {
            throw new MalformedDataException("Could not parse PKCS#10 certificate request", e2);
        }
    }

    public static PKCS10 decodeAndVerify(API api, byte[] bArr) {
        return decodeAndVerify(api, bArr, 0, bArr.length);
    }

    public static byte[] encode(API api, Object obj, ASN1OID asn1oid, Key key, X500Name x500Name, ASN1OID asn1oid2, Object obj2, ASN1OID[] asn1oidArr, byte[][] bArr) {
        if (obj == null) {
            obj = asn1oid;
        }
        if (asn1oid == null) {
            ASN1OID algOID = AssortedIDs.algOID(obj);
            asn1oid = algOID;
            if (algOID == null) {
                throw new BadParameterException(new StringBuffer("Cannot infer algorithm's ASN.1 OID: ").append(obj).toString());
            }
        }
        if (asn1oidArr == null) {
            asn1oidArr = EMPTY_TYPES;
        }
        if (bArr == null) {
            bArr = EMPTY_VALUES;
        }
        if (asn1oidArr.length != bArr.length) {
            throw new BadParameterException("Different number of attribute types and values");
        }
        try {
            DEREncoder dEREncoder = new DEREncoder();
            int encodeSequence = dEREncoder.encodeSequence();
            x500Name.encode(dEREncoder);
            SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo();
            subjectPublicKeyInfo.algId = asn1oid2 == null ? null : new AlgId().init(asn1oid2, AlgId.NULL);
            subjectPublicKeyInfo.material = obj2 == null ? key.convertKey("public").exportKeyMaterial(api) : obj2 instanceof KeyMaterial ? (KeyMaterial) obj2 : ((Key) obj2).exportKeyMaterial(api);
            subjectPublicKeyInfo.encode(dEREncoder);
            dEREncoder.nextIsImplicit(ASN1Tag.makeTag(2, 0));
            int encodeSequence2 = dEREncoder.encodeSequence();
            for (int i = 0; i < asn1oidArr.length; i++) {
                int encodeSequence3 = dEREncoder.encodeSequence();
                asn1oidArr[i].encode(dEREncoder);
                dEREncoder.encodeOctetString(bArr[i]);
                dEREncoder.endOf(encodeSequence3);
            }
            dEREncoder.endOf(encodeSequence2);
            dEREncoder.endOf(encodeSequence);
            byte[] byteArray = dEREncoder.toByteArray();
            return X509Util.toBeSigned(obj, asn1oid, api, key, byteArray, 0, byteArray.length);
        } catch (Exception e) {
            throw new FailedException(new StringBuffer("Failed to construct PKCS#10 certificate request: ").append(e).toString());
        }
    }
}
