package gurux.dlms.asn;

import gurux.dlms.GXByteBuffer;
import gurux.dlms.GXDLMSCertificateException;
import gurux.dlms.GXSimpleEntry;
import gurux.dlms.asn.enums.ExtendedKeyUsage;
import gurux.dlms.asn.enums.GXOid;
import gurux.dlms.asn.enums.HashAlgorithm;
import gurux.dlms.asn.enums.KeyUsage;
import gurux.dlms.asn.enums.PkcsObjectIdentifier;
import gurux.dlms.asn.enums.X9ObjectIdentifier;
import gurux.dlms.internal.GXCommon;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:gurux/dlms/asn/GXPkcs10.class */
public class GXPkcs10 {
    private byte[] rawData;
    private CertificateVersion version;
    private String subject;
    private List<Map.Entry<PkcsObjectIdentifier, Object[]>> attributes;
    private GXOid algorithm;
    private PublicKey publicKey;
    private GXOid signatureAlgorithm;
    private Object signatureParameters;
    private byte[] signature;

    public GXPkcs10() {
        this.algorithm = X9ObjectIdentifier.IdECPublicKey;
        this.algorithm = X9ObjectIdentifier.IdECPublicKey;
        this.version = CertificateVersion.V1;
        this.attributes = new ArrayList();
    }

    public GXPkcs10(String str) {
        this.algorithm = X9ObjectIdentifier.IdECPublicKey;
        String replace = str.replace("\r\n", "\n");
        int indexOf = replace.indexOf("CERTIFICATE REQUEST-----\n");
        if (indexOf == -1) {
            throw new IllegalArgumentException("Invalid PEM file.");
        }
        int indexOf2 = replace.indexOf("-----END CERTIFICATE REQUEST");
        if (indexOf2 == -1) {
            throw new IllegalArgumentException("Invalid PEM file.");
        }
        init(GXCommon.fromBase64(replace.substring(indexOf + "CERTIFICATE REQUEST-----\n".length(), indexOf2)));
    }

    public GXPkcs10(byte[] bArr) {
        this.algorithm = X9ObjectIdentifier.IdECPublicKey;
        init(bArr);
    }

    public static GXPkcs10 fromPem(String str) {
        String replace = str.replace("\r\n", "\n");
        int indexOf = replace.indexOf("CERTIFICATE REQUEST-----\n");
        if (indexOf == -1) {
            throw new IllegalArgumentException("Invalid PEM file.");
        }
        int indexOf2 = replace.indexOf("-----END CERTIFICATE REQUEST");
        if (indexOf2 == -1) {
            throw new IllegalArgumentException("Invalid PEM file.");
        }
        return fromDer(replace.substring(indexOf + "CERTIFICATE REQUEST-----\n".length(), indexOf2));
    }

    public static GXPkcs10 fromDer(String str) {
        GXPkcs10 gXPkcs10 = new GXPkcs10();
        gXPkcs10.init(GXCommon.fromBase64(str));
        return gXPkcs10;
    }

    private void init(byte[] bArr) {
        KeyFactory keyFactory;
        this.rawData = bArr;
        this.attributes = new ArrayList();
        GXAsn1Sequence gXAsn1Sequence = (GXAsn1Sequence) GXAsn1Converter.fromByteArray(bArr);
        if (gXAsn1Sequence.size() < 3) {
            throw new IllegalArgumentException("Wrong number of elements in sequence.");
        }
        if (!(gXAsn1Sequence.get(0) instanceof GXAsn1Sequence)) {
            switch (GXAsn1Converter.getCertificateType(bArr, gXAsn1Sequence)) {
                case PKCS_8:
                    throw new GXDLMSCertificateException("Invalid Certificate. This is PKCS 8, not PKCS 10.");
                case x509_CERTIFICATE:
                    throw new GXDLMSCertificateException("Invalid Certificate. This is PKCS x509 certificate, not PKCS 10.");
                default:
                    throw new GXDLMSCertificateException("Invalid Certificate Version.");
            }
        }
        GXAsn1Sequence gXAsn1Sequence2 = (GXAsn1Sequence) gXAsn1Sequence.get(0);
        this.version = CertificateVersion.forValue(((Number) gXAsn1Sequence2.get(0)).intValue());
        this.subject = GXAsn1Converter.getSubject((GXAsn1Sequence) gXAsn1Sequence2.get(1));
        GXAsn1Sequence gXAsn1Sequence3 = (GXAsn1Sequence) gXAsn1Sequence2.get(2);
        if (gXAsn1Sequence2.size() > 3) {
            Iterator<Object> it = ((GXAsn1Context) gXAsn1Sequence2.get(3)).iterator();
            while (it.hasNext()) {
                GXAsn1Sequence gXAsn1Sequence4 = (GXAsn1Sequence) it.next();
                ArrayList arrayList = new ArrayList();
                Iterator it2 = ((List) ((Map.Entry) gXAsn1Sequence4.get(1)).getKey()).iterator();
                while (it2.hasNext()) {
                    arrayList.add(it2.next());
                }
                this.attributes.add(new GXSimpleEntry(PkcsObjectIdentifier.forValue(gXAsn1Sequence4.get(0).toString()), arrayList.toArray()));
            }
        }
        GXAsn1Sequence gXAsn1Sequence5 = (GXAsn1Sequence) gXAsn1Sequence3.get(0);
        this.algorithm = X9ObjectIdentifier.forValue(gXAsn1Sequence5.get(0).toString());
        if (this.algorithm != X9ObjectIdentifier.IdECPublicKey) {
            Object obj = this.algorithm;
            if (obj == null) {
                obj = PkcsObjectIdentifier.forValue(gXAsn1Sequence5.get(0).toString());
                if (obj == null) {
                    obj = gXAsn1Sequence5.get(0).toString();
                }
            }
            throw new IllegalArgumentException("Invalid PKCS #10 certificate algorithm. " + obj);
        }
        try {
            String lowerCase = this.algorithm.toString().toLowerCase();
            if (lowerCase.contains("rsa")) {
                keyFactory = KeyFactory.getInstance("RSA");
            } else if (lowerCase.endsWith("ecdsa")) {
                keyFactory = KeyFactory.getInstance("EC");
            } else {
                if (!lowerCase.contains("ec")) {
                    throw new IllegalStateException("Unknown algorithm:" + this.algorithm.toString());
                }
                keyFactory = KeyFactory.getInstance("EC");
            }
            try {
                this.publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(GXAsn1Converter.toByteArray(gXAsn1Sequence3)));
                GXAsn1Sequence gXAsn1Sequence6 = (GXAsn1Sequence) gXAsn1Sequence.get(1);
                this.signatureAlgorithm = HashAlgorithm.forValue(gXAsn1Sequence6.get(0).toString());
                if (gXAsn1Sequence6.size() != 1) {
                    this.signatureParameters = gXAsn1Sequence6.get(1);
                }
                this.signature = ((GXAsn1BitString) gXAsn1Sequence.get(2)).getValue();
                GXByteBuffer gXByteBuffer = new GXByteBuffer();
                gXByteBuffer.set(bArr);
                GXAsn1Converter.getNext(gXByteBuffer);
                gXByteBuffer.size(gXByteBuffer.position());
                gXByteBuffer.position(1);
                GXCommon.getObjectCount(gXByteBuffer);
                if (!verify(gXByteBuffer.subArray(gXByteBuffer.position(), gXByteBuffer.available()), this.signature)) {
                    throw new IllegalArgumentException("Invalid Signature.");
                }
            } catch (InvalidKeySpecException e) {
                throw new IllegalArgumentException(e.getMessage());
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException(this.algorithm.toString().substring(0, 2) + "key factory not present in runtime");
        }
    }

    public final CertificateVersion getVersion() {
        return this.version;
    }

    public final void setVersion(CertificateVersion certificateVersion) {
        this.version = certificateVersion;
    }

    public final String getSubject() {
        return this.subject;
    }

    public final void setSubject(String str) {
        this.subject = str;
    }

    public final PublicKey getPublicKey() {
        return this.publicKey;
    }

    public final void setPublicKey(PublicKey publicKey) {
        this.publicKey = publicKey;
    }

    public final GXOid getAlgorithm() {
        return this.algorithm;
    }

    public final void setAlgorithm(GXOid gXOid) {
        this.algorithm = gXOid;
    }

    public final GXOid getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    public final void setSignatureAlgorithm(GXOid gXOid) {
        this.signatureAlgorithm = gXOid;
    }

    public final Object getSignatureParameters() {
        return this.signatureParameters;
    }

    public final void setSignatureParameters(Object obj) {
        this.signatureParameters = obj;
    }

    public final byte[] getSignature() {
        return this.signature;
    }

    public final void setSignature(byte[] bArr) {
        this.signature = bArr;
    }

    public final String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append("PKCS #10 certificate request:");
        sb.append("\r\n");
        sb.append("Version: ");
        sb.append(this.version.toString());
        sb.append("\r\n");
        sb.append("Subject: ");
        sb.append(this.subject);
        sb.append("\r\n");
        sb.append("Algorithm: ");
        if (this.algorithm != null) {
            sb.append(this.algorithm.toString());
        }
        sb.append("\r\n");
        sb.append("Public Key: ");
        if (this.publicKey != null) {
            sb.append(this.publicKey.toString());
        }
        sb.append("\r\n");
        sb.append("Signature algorithm: ");
        if (this.signatureAlgorithm != null) {
            sb.append(this.signatureAlgorithm.toString());
        }
        sb.append("\r\n");
        sb.append("Signature parameters: ");
        if (this.signatureParameters != null) {
            sb.append(this.signatureParameters.toString());
        }
        sb.append("\r\n");
        sb.append("Signature: ");
        sb.append(GXCommon.toHex(this.signature));
        sb.append("\r\n");
        return sb.toString();
    }

    private boolean verify(byte[] bArr, byte[] bArr2) {
        Signature signature;
        try {
            if (this.signatureAlgorithm == HashAlgorithm.SHA256withECDSA) {
                signature = Signature.getInstance("SHA256withECDSA");
            } else if (this.signatureAlgorithm == HashAlgorithm.SHA384withECDSA) {
                signature = Signature.getInstance("SHA384withECDSA");
            } else {
                if (this.signatureAlgorithm != HashAlgorithm.SHA_256_RSA) {
                    throw new IllegalArgumentException("Invalid Signature: " + this.signatureAlgorithm.toString());
                }
                signature = Signature.getInstance("SHA256withRSA");
            }
            signature.initVerify(this.publicKey);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (Exception e) {
            throw new IllegalArgumentException(e.getMessage());
        }
    }

    private Object[] getData() {
        GXByteBuffer gXByteBuffer = new GXByteBuffer();
        gXByteBuffer.setUInt8(4);
        gXByteBuffer.set(GXAsn1Converter.rawValue(this.publicKey));
        GXAsn1BitString gXAsn1BitString = new GXAsn1BitString(gXByteBuffer.array(), 0);
        Object[] objArr = {new GXAsn1ObjectIdentifier("1.2.840.10045.2.1"), new GXAsn1ObjectIdentifier("1.2.840.10045.3.1.7")};
        GXAsn1Context gXAsn1Context = new GXAsn1Context();
        for (Map.Entry<PkcsObjectIdentifier, Object[]> entry : this.attributes) {
            GXAsn1Sequence gXAsn1Sequence = new GXAsn1Sequence();
            gXAsn1Sequence.add(new GXAsn1ObjectIdentifier(entry.getKey().getValue()));
            ArrayList arrayList = new ArrayList();
            for (Object obj : entry.getValue()) {
                arrayList.add(obj);
            }
            gXAsn1Sequence.add(new GXSimpleEntry(arrayList, null));
            gXAsn1Context.add(gXAsn1Sequence);
        }
        return new Object[]{Byte.valueOf(this.version.getValue()), GXAsn1Converter.encodeSubject(this.subject), new Object[]{objArr, gXAsn1BitString}, gXAsn1Context};
    }

    public final byte[] getEncoded() {
        if (this.rawData != null) {
            return this.rawData;
        }
        if (this.signature == null) {
            throw new IllegalArgumentException("Sign first.");
        }
        return GXAsn1Converter.toByteArray(new Object[]{getData(), new Object[]{new GXAsn1ObjectIdentifier(this.signatureAlgorithm.getValue())}, new GXAsn1BitString(this.signature, 0)});
    }

    public void sign(KeyPair keyPair, HashAlgorithm hashAlgorithm) {
        byte[] byteArray = GXAsn1Converter.toByteArray(getData());
        try {
            Signature signature = Signature.getInstance(hashAlgorithm.toString());
            signature.initSign(keyPair.getPrivate());
            signature.update(byteArray);
            this.signatureAlgorithm = hashAlgorithm;
            this.signature = signature.sign();
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage());
        }
    }

    public static GXPkcs10 createCertificateSigningRequest(KeyPair keyPair, String str) {
        GXPkcs10 gXPkcs10 = new GXPkcs10();
        gXPkcs10.setAlgorithm(X9ObjectIdentifier.IdECPublicKey);
        gXPkcs10.setPublicKey(keyPair.getPublic());
        gXPkcs10.setSubject(str);
        gXPkcs10.sign(keyPair, keyPair.getPrivate().getEncoded().length < 70 ? HashAlgorithm.SHA256withECDSA : HashAlgorithm.SHA384withECDSA);
        return gXPkcs10;
    }

    /* JADX WARN: Finally extract failed */
    public static GXx509Certificate getCertificate(String str, GXPkcs10 gXPkcs10, KeyUsage keyUsage) throws IOException {
        String str2 = "{\"KeyUsage\":" + keyUsage.getValue() + ",\"CSR\":[\"" + gXPkcs10.toDer() + "\"]}";
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        try {
            httpURLConnection.setRequestMethod("POST");
            httpURLConnection.setRequestProperty("Content-Type", "application/json");
            httpURLConnection.setDoOutput(true);
            OutputStream outputStream = httpURLConnection.getOutputStream();
            try {
                outputStream.write(str2.getBytes());
                outputStream.flush();
                outputStream.close();
                int responseCode = httpURLConnection.getResponseCode();
                if (responseCode != 201 && responseCode != 200) {
                    httpURLConnection.disconnect();
                    return null;
                }
                StringBuilder sb = new StringBuilder();
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
                while (true) {
                    try {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        sb.append(readLine);
                    } catch (Throwable th) {
                        bufferedReader.close();
                        throw th;
                    }
                }
                bufferedReader.close();
                String sb2 = sb.toString();
                int indexOf = sb2.indexOf("[");
                if (indexOf == -1) {
                    throw new IllegalArgumentException("Certificates are missing.");
                }
                String substring = sb2.substring(indexOf + 2);
                int indexOf2 = substring.indexOf("]");
                if (indexOf2 == -1) {
                    throw new IllegalArgumentException("Certificates are missing.");
                }
                GXx509Certificate fromDer = GXx509Certificate.fromDer(substring.substring(0, indexOf2 - 1));
                if (gXPkcs10.getPublicKey().equals(fromDer.getPublicKey())) {
                    return fromDer;
                }
                throw new IllegalArgumentException("Create certificate signingRequest generated wrong public key.");
            } catch (Throwable th2) {
                outputStream.close();
                throw th2;
            }
        } finally {
            httpURLConnection.disconnect();
        }
    }

    public static GXx509Certificate[] getCertificate(String str, List<GXCertificateRequest> list) throws IOException {
        StringBuilder sb = new StringBuilder();
        for (GXCertificateRequest gXCertificateRequest : list) {
            if (sb.length() != 0) {
                sb.append(", ");
            }
            sb.append("{\"KeyUsage\":");
            switch (gXCertificateRequest.getCertificateType()) {
                case DIGITAL_SIGNATURE:
                    sb.append(String.valueOf(KeyUsage.DIGITAL_SIGNATURE.getValue()));
                    break;
                case KEY_AGREEMENT:
                    sb.append(String.valueOf(KeyUsage.KEY_AGREEMENT.getValue()));
                    break;
                case TLS:
                    sb.append(String.valueOf(KeyUsage.DIGITAL_SIGNATURE.getValue() | KeyUsage.KEY_AGREEMENT.getValue()));
                    break;
                default:
                    throw new RuntimeException("Invalid type.");
            }
            if (!gXCertificateRequest.getExtendedKeyUsage().isEmpty()) {
                sb.append(", \"ExtendedKeyUsage\":");
                sb.append(String.valueOf(ExtendedKeyUsage.toInteger(gXCertificateRequest.getExtendedKeyUsage())));
            }
            sb.append(", \"CSR\":\"");
            sb.append(gXCertificateRequest.getCertificate().toDer());
            sb.append("\"}");
        }
        String str2 = "{\"Certificates\":[" + sb.toString() + "]}";
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        try {
            httpURLConnection.setDoOutput(true);
            httpURLConnection.setRequestMethod("POST");
            httpURLConnection.setRequestProperty("Content-Type", "application/json");
            OutputStream outputStream = httpURLConnection.getOutputStream();
            outputStream.write(str2.getBytes());
            outputStream.flush();
            if (httpURLConnection.getResponseCode() != 201 && httpURLConnection.getResponseCode() != 200) {
                throw new RuntimeException("Failed : HTTP error code : " + httpURLConnection.getResponseCode());
            }
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
            StringBuilder sb2 = new StringBuilder();
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    String sb3 = sb2.toString();
                    int indexOf = sb3.indexOf("[");
                    if (indexOf == -1) {
                        throw new RuntimeException("Certificates are missing.");
                    }
                    String substring = sb3.substring(indexOf + 2);
                    int indexOf2 = substring.indexOf("]");
                    if (indexOf2 == -1) {
                        throw new RuntimeException("Certificates are missing.");
                    }
                    String substring2 = substring.substring(0, indexOf2 - 1);
                    ArrayList arrayList = new ArrayList();
                    for (String str3 : substring2.split("['\"]")) {
                        if (str3.compareTo(",") != 0) {
                            arrayList.add(GXx509Certificate.fromDer(str3));
                        }
                    }
                    GXx509Certificate[] gXx509CertificateArr = (GXx509Certificate[]) arrayList.toArray(new GXx509Certificate[0]);
                    httpURLConnection.disconnect();
                    return gXx509CertificateArr;
                }
                sb2.append(readLine);
            }
        } catch (Throwable th) {
            httpURLConnection.disconnect();
            throw th;
        }
    }

    public static GXPkcs10 load(Path path) throws IOException {
        return fromPem(Files.readString(path));
    }

    public void save(Path path) throws IOException {
        Files.write(path, toPem().getBytes(), StandardOpenOption.CREATE);
    }

    public String toPem() {
        return "-----BEGIN CERTIFICATE REQUEST-----" + System.lineSeparator() + toDer() + System.lineSeparator() + "-----END CERTIFICATE REQUEST-----" + System.lineSeparator();
    }

    public String toDer() {
        return GXCommon.toBase64(getEncoded());
    }
}
