package com.ibm.cfwk.tools;

import com.ibm.asn1.ASN1Exception;
import com.ibm.asn1.BEREncoder;
import com.ibm.cfwk.API;
import com.ibm.cfwk.Algorithm;
import com.ibm.cfwk.BadKeyException;
import com.ibm.cfwk.KeyMaterial;
import com.ibm.cfwk.Signature;
import com.ibm.cfwk.SignatureEngine;
import com.ibm.cfwk.key.DSAKey;
import com.ibm.cfwk.key.RSAKey;
import com.ibm.cfwk.pki.AlgId;
import com.ibm.cfwk.pki.AssortedIDs;
import com.ibm.cfwk.pki.DSAAlgId;
import com.ibm.util.BitString;
import com.ibm.util.getopt.ArgEater;
import com.ibm.util.getopt.FileData;
import com.ibm.util.getopt.GUITrigger;
import com.ibm.util.getopt.GetOptSpec;
import com.ibm.util.getopt.HelpOption;
import com.ibm.util.getopt.IntegerData;
import com.ibm.util.getopt.Option;
import com.ibm.util.getopt.OptionSet;
import com.ibm.util.getopt.StringData;
import java.text.ParsePosition;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.GregorianCalendar;
import java.util.SimpleTimeZone;
import java.util.TimeZone;

/* compiled from: MakeCertRequest.java */
/* loaded from: input_file:lib/swimport.zip:com/ibm/cfwk/tools/MakeCertRequestCmdSpec.class */
class MakeCertRequestCmdSpec extends GetOptSpec {
    static final String cmd = "mkcreq";
    static final String doc = "Create a certification request.";
    static API api;
    static TimeZone GMT;
    static StringData name;
    static KeyData key;
    static AlgorithmData alg;
    static FileData outfile;
    static Option pemOpt;
    static String[] units;
    static long[] scales;
    static StringData from;
    static StringData to;
    static IntegerData span;
    static Option fromOpt;
    static Option toOpt;
    static Option spanOpt;
    static Option verbose;
    static Option gui;
    private static Option[] opts;
    private static ArgEater[] args;
    private Signature algorithm;
    AlgId pkAlgId;
    String pkAlgStr;
    BitString publicKey;
    AlgId sigAlgId;
    String sigAlgStr;
    SignatureEngine engine;
    static Calendar notBefore;
    static Calendar notAfter;

    @Override // com.ibm.util.getopt.GetOptSpec
    public String checkConsistency() {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("d/m/yyyy");
        this.algorithm = (Signature) alg.getAlgorithm();
        try {
            this.engine = this.algorithm.makeSigningEngine(key.getKey(api));
            try {
                BEREncoder bEREncoder = new BEREncoder();
                KeyMaterial keyMaterial = key.getKeyMaterial(api);
                if (keyMaterial instanceof RSAKey) {
                    this.pkAlgId = new AlgId().init(AssortedIDs.pkcs_1_rsaEncryption, AlgId.NULL);
                    if (pemOpt.isSet()) {
                        this.pkAlgStr = "RSA";
                    }
                    RSAKey rSAKey = (RSAKey) keyMaterial;
                    int encodeSequence = bEREncoder.encodeSequence();
                    bEREncoder.encodeInteger(rSAKey.modulus);
                    bEREncoder.encodeInteger(rSAKey.publicExponent);
                    bEREncoder.endOf(encodeSequence);
                    bEREncoder.finish();
                    byte[] byteArray = bEREncoder.toByteArray();
                    this.publicKey = new BitString(byteArray, 0, byteArray.length * 8, true);
                    if (this.algorithm.name().compareTo("MD2 with RSA") == 0) {
                        this.sigAlgId = new AlgId().init(AssortedIDs.pkcs_1_md2WithRSAEncryption, AlgId.NULL);
                        if (pemOpt.isSet()) {
                            this.sigAlgStr = "RSA-MD2";
                        }
                    } else if (this.algorithm.name().compareTo("MD5 with RSA") == 0) {
                        this.sigAlgId = new AlgId().init(AssortedIDs.pkcs_1_md5WithRSAEncryption, AlgId.NULL);
                        if (pemOpt.isSet()) {
                            this.sigAlgStr = "RSA-MD5";
                        }
                    } else if (!pemOpt.isSet() && this.algorithm.name().compareTo("SHA1 with RSA") == 0) {
                        this.sigAlgId = new AlgId().init(AssortedIDs.pkcs_1_sha1WithRSAEncryption, AlgId.NULL);
                    } else {
                        if (pemOpt.isSet() || this.algorithm.name().compareTo("SHA with RSA") != 0) {
                            ArgEater[] argEaterArr = {key, alg};
                            String str = pemOpt.isSet() ? "Only RSA with MD5 or MD2 allowed im PEM certification requests." : "Correct the algorithm or the key.";
                            isInconsistent(str, argEaterArr);
                            return str;
                        }
                        this.sigAlgId = new AlgId().init(AssortedIDs.oiw_shaWithRSASignature, AlgId.NULL);
                    }
                } else {
                    if (pemOpt.isSet() || !(keyMaterial instanceof DSAKey)) {
                        ArgEater[] argEaterArr2 = {key};
                        String str2 = pemOpt.isSet() ? "Unsupported key type (PEM allows only RSA)." : "Unsupported key type (only RSA and DSA supported).";
                        isInconsistent(str2, argEaterArr2);
                        return str2;
                    }
                    DSAKey dSAKey = (DSAKey) keyMaterial;
                    this.pkAlgId = new DSAAlgId(AssortedIDs.oiw_dsa, dSAKey.prime, dSAKey.subPrime, dSAKey.base);
                    bEREncoder.encodeInteger(dSAKey.y);
                    bEREncoder.finish();
                    byte[] byteArray2 = bEREncoder.toByteArray();
                    this.publicKey = new BitString(byteArray2, 0, byteArray2.length * 8, true);
                    if (this.algorithm.name().compareTo("SHA1 with DSA") == 0) {
                        this.sigAlgId = new DSAAlgId(AssortedIDs.oiw_sha1WithDSA, dSAKey.prime, dSAKey.subPrime, dSAKey.base);
                    } else {
                        if (this.algorithm.name().compareTo("SHA with DSA") != 0) {
                            isInconsistent("Correct the algorithm or the key.", new ArgEater[]{key, alg});
                            return "Correct the algorithm or the key.";
                        }
                        this.sigAlgId = new DSAAlgId(AssortedIDs.oiw_shaWithDSA, dSAKey.prime, dSAKey.subPrime, dSAKey.base);
                    }
                }
                notBefore = new GregorianCalendar(GMT);
                if (fromOpt.isSet()) {
                    try {
                        notBefore = new GregorianCalendar(GMT);
                        notBefore.setTime(simpleDateFormat.parse(from.getString(), new ParsePosition(0)));
                    } catch (Exception e) {
                        ArgEater[] argEaterArr3 = {from};
                        String stringBuffer = new StringBuffer("Bad not-before data:\n").append(e.getMessage()).toString();
                        isInconsistent(stringBuffer, argEaterArr3);
                        return stringBuffer;
                    }
                }
                if (toOpt.isSet() && spanOpt.isSet()) {
                    isInconsistent("Specify either --to date or --for timeSpan but not both.\n", new ArgEater[]{toOpt, spanOpt});
                    return "Specify either --to date or --for timeSpan but not both.\n";
                }
                if (toOpt.isSet()) {
                    try {
                        notAfter = new GregorianCalendar(GMT);
                        notAfter.setTime(simpleDateFormat.parse(to.getString(), new ParsePosition(0)));
                        return null;
                    } catch (Exception e2) {
                        ArgEater[] argEaterArr4 = {to};
                        String stringBuffer2 = new StringBuffer("Bad not-after data:\n").append(e2.getMessage()).toString();
                        isInconsistent(stringBuffer2, argEaterArr4);
                        return stringBuffer2;
                    }
                }
                if (spanOpt.isSet()) {
                    Calendar calendar = (Calendar) notBefore.clone();
                    notAfter = calendar;
                    calendar.add(10, span.getInt());
                    return null;
                }
                Calendar calendar2 = (Calendar) notBefore.clone();
                notAfter = calendar2;
                calendar2.add(5, 31);
                return null;
            } catch (ASN1Exception e3) {
                String stringBuffer3 = new StringBuffer("(").append(e3.getClass().getName()).append(") encoding public key failed: ").append(e3.getMessage()).toString();
                e3.printStackTrace();
                return stringBuffer3;
            } catch (Exception e4) {
                ArgEater[] argEaterArr5 = {key};
                String stringBuffer4 = new StringBuffer(String.valueOf(e4.getClass().getName())).append(": ").append(e4.getMessage()).toString();
                e4.printStackTrace();
                isInconsistent(stringBuffer4, argEaterArr5);
                return stringBuffer4;
            }
        } catch (BadKeyException e5) {
            ArgEater[] argEaterArr6 = {key, alg};
            String stringBuffer5 = new StringBuffer(String.valueOf(e5.getMessage())).append("\nCorrect the algorithm or the key.").toString();
            isInconsistent(stringBuffer5, argEaterArr6);
            return stringBuffer5;
        } catch (Exception e6) {
            ArgEater[] argEaterArr7 = {key};
            String stringBuffer6 = new StringBuffer(String.valueOf(e6.getClass().getName())).append(": ").append(e6.getMessage()).toString();
            isInconsistent(stringBuffer6, argEaterArr7);
            return stringBuffer6;
        }
    }

    public MakeCertRequestCmdSpec() {
        super(cmd, doc, args, 15, true, gui, null);
    }

    static {
        try {
            api = new API() { // from class: com.ibm.cfwk.tools.MakeCertRequestCmdSpec.1
            }.open();
        } catch (Exception e) {
            System.err.println(new StringBuffer("mkcreq: ").append(e.getMessage()).toString());
            System.exit(1);
        }
        GMT = new SimpleTimeZone(0, "GMT");
        name = new StringData("subjName", "X500 name of the subject.", null);
        key = new KeyData(null, null);
        alg = new AlgorithmData("alg", "Name of the signature algorithm.", null, Algorithm.SIGNATURE, api);
        outfile = new FileData("outFile", "Certification request output file.", null, true, 0);
        pemOpt = new Option("--pem", (char) 0, "Generate PEM based certificate request.\nThe options --from, --to, --for can be used to include a\nspecific validity into the certificate request", null);
        units = new String[]{"h", "d", "m", "y"};
        scales = new long[]{1, 24, 744, 8760};
        from = new StringData("date", null, null);
        to = new StringData("date", null, null);
        span = new IntegerData("num", (String) null, 31L, 1L, Long.MAX_VALUE, units, scales);
        fromOpt = new Option("--from", (char) 0, "Certificate is not valid before this date\n(Default is now, format: dd/mm/yyyy)", from);
        toOpt = new Option("--to", (char) 0, "Certificate is not valid after this date\n(format: dd/mm/yyyy)", to);
        spanOpt = new Option("--for", (char) 0, "Certificate is valid for the specified time span.\n(Default is 31 days)", span);
        verbose = new Option("--verbose", (char) 0, null, null);
        gui = new GUITrigger();
        opts = new Option[]{new HelpOption(), gui, verbose, pemOpt, fromOpt, toOpt, spanOpt};
        args = new ArgEater[]{new OptionSet(opts, null), name, key, alg, outfile};
    }
}
