package com.ibm.cfwk.tools;

import com.ibm.asn1.ASN1Exception;
import com.ibm.asn1.BEREncoder;
import com.ibm.asn1.DEREncoder;
import com.ibm.cf.CodeFormatter;
import com.ibm.cfwk.pki.X509Util;
import com.ibm.cfwk.tools.cr.pkcs10.Attributes;
import com.ibm.cfwk.tools.cr.pkcs10.CertificationRequest;
import com.ibm.cfwk.tools.cr.pkcs10.CertificationRequestInfo;
import com.ibm.cfwk.tools.cr.rfc1424.Certificate;
import com.ibm.util.Base64;
import com.ibm.util.BitString;
import com.ibm.util.x500name.X500Name;
import java.io.OutputStream;
import java.math.BigInteger;

/* loaded from: input_file:lib/swimport.zip:com/ibm/cfwk/tools/MakeCertRequest.class */
public class MakeCertRequest {
    static MakeCertRequestCmdSpec spec = new MakeCertRequestCmdSpec();

    static void canonicalize(StringBuffer stringBuffer, byte[] bArr, int i) {
        String base64 = Base64.toString(bArr);
        int length = base64.length();
        int i2 = 0;
        while (true) {
            int i3 = i2;
            if (i3 >= length) {
                return;
            }
            stringBuffer.append(' ');
            stringBuffer.append(base64.substring(i3, Math.min(i3 + i, length)));
            stringBuffer.append("\r\n");
            i2 = i3 + i;
        }
    }

    public static void main(String[] strArr) {
        spec.parse(strArr);
        try {
            CertificationRequestInfo certificationRequestInfo = new CertificationRequestInfo();
            CertificationRequest certificationRequest = new CertificationRequest();
            Certificate certificate = new Certificate();
            if (MakeCertRequestCmdSpec.pemOpt.isSet()) {
                certificate.toBeSigned.version = BigInteger.valueOf(0L);
                certificate.toBeSigned.serialNumber = BigInteger.valueOf(0L);
                certificate.toBeSigned.signature = spec.sigAlgId;
                certificate.toBeSigned.issuer = new X500Name(MakeCertRequestCmdSpec.name.getString());
                certificate.toBeSigned.validity.notBefore = MakeCertRequestCmdSpec.notBefore;
                certificate.toBeSigned.validity.notAfter = MakeCertRequestCmdSpec.notAfter;
                certificate.toBeSigned.subject = certificate.toBeSigned.issuer;
                certificate.toBeSigned.subjectPublicKeyInfo.algorithm = spec.pkAlgId;
                certificate.toBeSigned.subjectPublicKeyInfo.subjectPublicKey = spec.publicKey;
                certificate.toBeSigned.issuerUniqueID = null;
                certificate.toBeSigned.subjectUniqueID = null;
                certificate.toBeSigned.extensions = null;
                certificate.algorithmIdentifier = spec.sigAlgId;
            } else {
                certificationRequestInfo.version = BigInteger.valueOf(0L);
                certificationRequestInfo.subject = new X500Name(MakeCertRequestCmdSpec.name.getString());
                certificationRequestInfo.subjectPublicKeyInfo.algorithm = spec.pkAlgId;
                certificationRequestInfo.subjectPublicKeyInfo.subjectPublicKey = spec.publicKey;
                certificationRequestInfo.attributes = new Attributes();
            }
            BEREncoder bEREncoder = new BEREncoder();
            if (MakeCertRequestCmdSpec.pemOpt.isSet()) {
                certificate.toBeSigned.encode(bEREncoder);
            } else {
                certificationRequestInfo.encode(bEREncoder);
            }
            spec.engine.update(bEREncoder.toByteArray());
            byte[] signature = spec.engine.signature();
            if (MakeCertRequestCmdSpec.pemOpt.isSet()) {
                certificate.encrypted = new BitString(signature, 0, signature.length * 8, true);
            } else {
                certificationRequest.certificationRequestInfo = certificationRequestInfo;
                certificationRequest.signatureAlgorithm = spec.sigAlgId;
                certificationRequest.signature = new BitString(signature, 0, signature.length * 8, true);
            }
            DEREncoder dEREncoder = new DEREncoder();
            if (MakeCertRequestCmdSpec.pemOpt.isSet()) {
                certificate.encode(dEREncoder);
            } else {
                certificationRequest.encode(dEREncoder);
            }
            dEREncoder.finish();
            byte[] byteArray = dEREncoder.toByteArray();
            StringBuffer stringBuffer = new StringBuffer();
            if (MakeCertRequestCmdSpec.pemOpt.isSet()) {
                stringBuffer.append("\r\n-----BEGIN PRIVACY-ENHANCED MESSAGE-----\r\n");
                stringBuffer.append("Proc-Type: 4,MIC-ONLY\r\n");
                stringBuffer.append("Content-Domain: RFC822\r\n");
                stringBuffer.append("Originator-Certificate:\r\n");
                canonicalize(stringBuffer, byteArray, 64);
                stringBuffer.append(new StringBuffer("MIC-Info: ").append(spec.sigAlgStr).append(CodeFormatter.DEFAULT_S_DELIM).append(spec.pkAlgStr).append(",\r\n").toString());
                byte[] bytes = "This is an RFC-1424 CSR.\n".getBytes("8859_1");
                spec.engine.reset();
                spec.engine.update(bytes);
                canonicalize(stringBuffer, spec.engine.signature(), 64);
                stringBuffer.append("\r\n");
                stringBuffer.append(Base64.toString(bytes));
                stringBuffer.append("\r\n-----END PRIVACY-ENHANCED MESSAGE-----\r\n");
            } else {
                stringBuffer.append(X509Util.addTransportArmor("NEW CERTIFICATE REQUEST", byteArray));
            }
            OutputStream outputStream = MakeCertRequestCmdSpec.outfile.getOutputStream();
            outputStream.write(stringBuffer.toString().getBytes("8859_1"));
            outputStream.close();
        } catch (ASN1Exception e) {
            System.err.println("Cannot encode certification request");
            e.printStackTrace();
            System.exit(-1);
        } catch (Exception e2) {
            e2.printStackTrace();
            System.exit(-1);
        }
        System.exit(0);
    }
}
