package kz.akkamal.aksig;

import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import kz.akkamal.org.bouncycastle.asn1.ASN1Encodable;
import kz.akkamal.org.bouncycastle.asn1.ASN1InputStream;
import kz.akkamal.org.bouncycastle.asn1.ASN1Object;
import kz.akkamal.org.bouncycastle.asn1.ASN1Sequence;
import kz.akkamal.org.bouncycastle.asn1.ASN1Set;
import kz.akkamal.org.bouncycastle.asn1.DERBitString;
import kz.akkamal.org.bouncycastle.asn1.DERObjectIdentifier;
import kz.akkamal.org.bouncycastle.asn1.pkcs.CertificationRequest;
import kz.akkamal.org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import kz.akkamal.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import kz.akkamal.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import kz.akkamal.org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;

/* loaded from: classes.dex */
public class PKCS10CertificationRequest extends CertificationRequest {
    public PKCS10CertificationRequest(String str, X509Principal x509Principal, PublicKey publicKey, String str2, ASN1Set aSN1Set, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        if (x509Principal == null) {
            throw new IllegalArgumentException("subject must not be null");
        }
        if (publicKey == null) {
            throw new IllegalArgumentException("public key must not be null");
        }
        if (!(publicKey instanceof GeneralPublicKey)) {
            throw new IllegalArgumentException("Unsupported public key type");
        }
        GeneralPublicKey generalPublicKey = (GeneralPublicKey) publicKey;
        if (privateKey == null) {
            throw new IllegalArgumentException("private key must not be null");
        }
        if (!(privateKey instanceof GeneralPrivateKey)) {
            throw new IllegalArgumentException("Unsupported private key type");
        }
        String sigAlgOid = AkSigProv.getSigAlgOid(str);
        if (sigAlgOid == null) {
            throw new NoSuchAlgorithmException();
        }
        this.sigAlgId = new AlgorithmIdentifier(new DERObjectIdentifier(sigAlgOid));
        try {
            this.reqInfo = new CertificationRequestInfo(x509Principal, new SubjectPublicKeyInfo((ASN1Sequence) ASN1Object.fromByteArray(generalPublicKey.getEncoded(str2))), aSN1Set);
            try {
                byte[] encoded = this.reqInfo.getEncoded(ASN1Encodable.DER);
                try {
                    Signature signature = Signature.getInstance(str, "AkSig");
                    signature.initSign(privateKey);
                    signature.update(encoded);
                    this.sigBits = new DERBitString(signature.sign());
                } catch (Exception e) {
                    throw new SignatureException("Exception while signing pkcs10", e);
                }
            } catch (IOException e2) {
                throw new RuntimeException("can't engine requestInfo", e2);
            }
        } catch (IOException e3) {
            throw new IllegalArgumentException("can't encode public key");
        }
    }

    public PKCS10CertificationRequest(byte[] bArr) {
        super(toDERSequence(bArr));
    }

    private static ASN1Sequence toDERSequence(byte[] bArr) {
        try {
            return (ASN1Sequence) new ASN1InputStream(bArr).readObject();
        } catch (Exception e) {
            throw new IllegalArgumentException("badly encoded request");
        }
    }

    @Override // kz.akkamal.org.bouncycastle.asn1.ASN1Encodable
    public byte[] getEncoded() {
        try {
            return getEncoded(ASN1Encodable.DER);
        } catch (IOException e) {
            throw new RuntimeException(e.toString());
        }
    }

    public PublicKey getPublicKey() throws InvalidKeyException {
        SubjectPublicKeyInfo subjectPublicKeyInfo = this.reqInfo.getSubjectPublicKeyInfo();
        AlgorithmIdentifier algorithmId = subjectPublicKeyInfo.getAlgorithmId();
        if (algorithmId.getObjectId().equals(PKCSObjectIdentifiers.rsaEncryption)) {
            return new RsaPublicKey(subjectPublicKeyInfo);
        }
        if (Gost3410PublicKey.isSupportedOid(algorithmId.getObjectId())) {
            return new Gost3410PublicKey(subjectPublicKeyInfo);
        }
        throw new InvalidKeyException("Unsupported public key");
    }

    public boolean verify() throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        try {
            PublicKey publicKey = getPublicKey();
            Signature signature = Signature.getInstance(this.sigAlgId.getObjectId().getId(), "AkSig");
            signature.initVerify(publicKey);
            signature.update(this.reqInfo.getEncoded(ASN1Encodable.DER));
            return signature.verify(this.sigBits.getBytes());
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (NoSuchProviderException e2) {
            throw new RuntimeException(e2);
        }
    }
}
