package kz.akkamal.akcrypto.x509;

import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import kz.akkamal.akcrypto.jce.AKCProvUtil;
import kz.akkamal.org.bouncycastle.asn1.ASN1Encodable;
import kz.akkamal.org.bouncycastle.asn1.ASN1InputStream;
import kz.akkamal.org.bouncycastle.asn1.ASN1Object;
import kz.akkamal.org.bouncycastle.asn1.ASN1Sequence;
import kz.akkamal.org.bouncycastle.asn1.ASN1Set;
import kz.akkamal.org.bouncycastle.asn1.DERBitString;
import kz.akkamal.org.bouncycastle.asn1.DERNull;
import kz.akkamal.org.bouncycastle.asn1.DERObjectIdentifier;
import kz.akkamal.org.bouncycastle.asn1.pkcs.CertificationRequest;
import kz.akkamal.org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import kz.akkamal.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import kz.akkamal.org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import kz.akkamal.org.bouncycastle.asn1.x509.X509Name;

/* loaded from: classes.dex */
public class PKCS10CertificationRequest extends CertificationRequest {
    public PKCS10CertificationRequest(String str, X509Name x509Name, PublicKey publicKey, ASN1Set aSN1Set, PrivateKey privateKey, String str2) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        if (x509Name == null) {
            throw new IllegalArgumentException("subject must not be null");
        }
        if (publicKey == null) {
            throw new IllegalArgumentException("public key must not be null");
        }
        DERObjectIdentifier signatureOidByName = AKCProvUtil.getSignatureOidByName(str);
        if (signatureOidByName == null) {
            throw new IllegalArgumentException("Unknown signature type requested");
        }
        this.sigAlgId = new AlgorithmIdentifier(signatureOidByName, new DERNull());
        try {
            this.reqInfo = new CertificationRequestInfo(x509Name, new SubjectPublicKeyInfo((ASN1Sequence) ASN1Object.fromByteArray(publicKey.getEncoded())), aSN1Set);
            Signature signature = str2 == null ? Signature.getInstance(str, "AkCrypto") : Signature.getInstance(str, str2);
            signature.initSign(privateKey);
            try {
                signature.update(this.reqInfo.getEncoded(ASN1Encodable.DER));
                this.sigBits = new DERBitString(signature.sign());
            } catch (Exception e) {
                throw new IllegalArgumentException("exception encoding TBS cert request - " + e);
            }
        } catch (IOException e2) {
            throw new IllegalArgumentException("can't encode public key");
        }
    }

    public PKCS10CertificationRequest(ASN1Sequence aSN1Sequence) {
        super(aSN1Sequence);
    }

    public PKCS10CertificationRequest(byte[] bArr) {
        super(toDERSequence(bArr));
    }

    private static ASN1Sequence toDERSequence(byte[] bArr) {
        try {
            return (ASN1Sequence) new ASN1InputStream(bArr).readObject();
        } catch (Exception e) {
            throw new IllegalArgumentException("badly encoded request");
        }
    }

    @Override // kz.akkamal.org.bouncycastle.asn1.ASN1Encodable
    public byte[] getEncoded() {
        try {
            return getEncoded(ASN1Encodable.DER);
        } catch (IOException e) {
            throw new RuntimeException(e.toString());
        }
    }

    public PublicKey getPublicKey() throws NoSuchAlgorithmException, InvalidKeyException {
        try {
            return getPublicKey("AkCrypto");
        } catch (NoSuchProviderException e) {
            throw new RuntimeException(e);
        }
    }

    public PublicKey getPublicKey(String str) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException {
        SubjectPublicKeyInfo subjectPublicKeyInfo = this.reqInfo.getSubjectPublicKeyInfo();
        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(new DERBitString(subjectPublicKeyInfo).getBytes());
        AlgorithmIdentifier algorithmId = subjectPublicKeyInfo.getAlgorithmId();
        try {
            return str == null ? KeyFactory.getInstance(algorithmId.getObjectId().getId(), "AkCrypto").generatePublic(x509EncodedKeySpec) : KeyFactory.getInstance(algorithmId.getObjectId().getId(), str).generatePublic(x509EncodedKeySpec);
        } catch (InvalidKeySpecException e) {
            throw new InvalidKeyException("error decoding public key");
        }
    }

    public boolean verify() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        return verify("AkCrypto");
    }

    public boolean verify(String str) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        PublicKey publicKey = getPublicKey(str);
        String signatureNameByOid = AKCProvUtil.getSignatureNameByOid(this.sigAlgId.getObjectId());
        Signature signature = str == null ? Signature.getInstance(signatureNameByOid, "AkCrypto") : Signature.getInstance(signatureNameByOid, str);
        signature.initVerify(publicKey);
        try {
            signature.update(this.reqInfo.getEncoded(ASN1Encodable.DER));
            return signature.verify(this.sigBits.getBytes());
        } catch (Exception e) {
            throw new SignatureException("exception encoding TBS cert request - " + e);
        }
    }
}
