package com.ibm.cfwk.pki;

import com.ibm.asn1.ASN1OID;
import com.ibm.asn1.BERDecoder;
import com.ibm.asn1.DEREncoder;
import com.ibm.cfwk.API;
import com.ibm.cfwk.BadParameterException;
import com.ibm.cfwk.FailedException;
import com.ibm.cfwk.Key;
import com.ibm.cfwk.KeyMaterial;
import com.ibm.cfwk.MalformedDataException;

/* loaded from: input_file:lib/swimport.zip:com/ibm/cfwk/pki/PublicKeyAndChallenge.class */
public class PublicKeyAndChallenge {
    public String challenge;
    public ASN1OID subjPubKeyOID;
    public KeyMaterial subjPubKeyMat;
    public Key subjPubKey;
    public AlgId signAlgId;
    public boolean signatureOk;

    public static PublicKeyAndChallenge decodeAndVerify(API api, byte[] bArr, int i, int i2) {
        PublicKeyAndChallenge publicKeyAndChallenge = new PublicKeyAndChallenge();
        try {
            BERDecoder bERDecoder = new BERDecoder(bArr, i, i2);
            int decodeSequence = bERDecoder.decodeSequence();
            int tLVOffset = bERDecoder.getTLVOffset() + i;
            int tLVLength = bERDecoder.getTLVLength() + i;
            int decodeSequence2 = bERDecoder.decodeSequence();
            SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo();
            subjectPublicKeyInfo.decode(bERDecoder, null);
            publicKeyAndChallenge.subjPubKeyOID = subjectPublicKeyInfo.algId.asn1oid();
            publicKeyAndChallenge.subjPubKeyMat = subjectPublicKeyInfo.material;
            publicKeyAndChallenge.challenge = bERDecoder.decodeIA5String();
            bERDecoder.endOf(decodeSequence2);
            publicKeyAndChallenge.signAlgId = AlgId.make(bERDecoder);
            int valueOffset = bERDecoder.getValueOffset() + 1 + i;
            int valueLength = (bERDecoder.getValueLength() - 1) + i;
            bERDecoder.skipNext();
            if (bArr[valueOffset - 1] != 0) {
                throw new MalformedDataException("Signature bitstring has odd length - not a multiple of 8");
            }
            bERDecoder.endOf(decodeSequence);
            try {
                publicKeyAndChallenge.subjPubKey = Key.importKeyMaterial(publicKeyAndChallenge.subjPubKeyMat, api);
                publicKeyAndChallenge.signatureOk = X509Util.toBeVerified(publicKeyAndChallenge.signAlgId, api, publicKeyAndChallenge.subjPubKey, bArr, tLVOffset, tLVLength, bArr, valueOffset, valueLength);
                return publicKeyAndChallenge;
            } catch (Exception e) {
                throw new FailedException("Could not verify PublicKeyAndChallenge certificate request", e);
            }
        } catch (Exception e2) {
            throw new MalformedDataException("Could not parse PublicKeyAndChallenge certificate request", e2);
        }
    }

    public static PublicKeyAndChallenge decodeAndVerify(API api, byte[] bArr) {
        return decodeAndVerify(api, bArr, 0, bArr.length);
    }

    public static byte[] encode(API api, Object obj, ASN1OID asn1oid, Key key, ASN1OID asn1oid2, Object obj2, String str) {
        if (obj == null) {
            obj = asn1oid;
        }
        if (asn1oid == null) {
            ASN1OID algOID = AssortedIDs.algOID(obj);
            asn1oid = algOID;
            if (algOID == null) {
                throw new BadParameterException(new StringBuffer("Cannot infer algorithm's ASN.1 OID: ").append(obj).toString());
            }
        }
        try {
            DEREncoder dEREncoder = new DEREncoder();
            int encodeSequence = dEREncoder.encodeSequence();
            SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo();
            subjectPublicKeyInfo.algId = asn1oid2 == null ? null : new AlgId().init(asn1oid2, AlgId.NULL);
            subjectPublicKeyInfo.material = obj2 == null ? key.convertKey("public").exportKeyMaterial(api) : obj2 instanceof KeyMaterial ? (KeyMaterial) obj2 : ((Key) obj2).exportKeyMaterial(api);
            subjectPublicKeyInfo.encode(dEREncoder);
            dEREncoder.encodeIA5String(str == null ? "" : str);
            dEREncoder.endOf(encodeSequence);
            byte[] byteArray = dEREncoder.toByteArray();
            return X509Util.toBeSigned(obj, asn1oid, api, key, byteArray, 0, byteArray.length);
        } catch (Exception e) {
            throw new FailedException(new StringBuffer("Failed to construct PublicKeyAndChallenge certificate request: ").append(e).toString());
        }
    }
}
