package gurux.dlms.asn;

import gurux.dlms.asn.enums.GXOid;
import gurux.dlms.asn.enums.HashAlgorithm;
import gurux.dlms.asn.enums.PkcsObjectIdentifier;
import gurux.dlms.asn.enums.X9ObjectIdentifier;
import gurux.dlms.internal.GXCommon;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;

/* loaded from: input_file:gurux/dlms/asn/GXPkcs10.class */
public class GXPkcs10 {
    private CertificateVersion version;
    private String subject;
    private Object attributes;
    private GXOid algorithm;
    private PublicKey publicKey;
    private GXOid signatureAlgorithm;
    private Object signatureParameters;
    private byte[] signature;

    public GXPkcs10() {
        this.algorithm = X9ObjectIdentifier.IdECPublicKey;
        this.version = CertificateVersion.V1;
    }

    public GXPkcs10(String str) {
        this.algorithm = X9ObjectIdentifier.IdECPublicKey;
        init(GXCommon.fromBase64(str.replace("-----BEGIN CERTIFICATE REQUEST-----", "").replace("-----END CERTIFICATE REQUEST-----", "").replace("-----BEGIN NEW CERTIFICATE REQUEST-----", "").replace("-----END NEW CERTIFICATE REQUEST-----", "").trim()));
    }

    public GXPkcs10(byte[] bArr) {
        this.algorithm = X9ObjectIdentifier.IdECPublicKey;
        init(bArr);
    }

    private void init(byte[] bArr) {
        KeyFactory keyFactory;
        GXAsn1Sequence gXAsn1Sequence = (GXAsn1Sequence) GXAsn1Converter.fromByteArray(bArr);
        if (gXAsn1Sequence.size() < 3) {
            throw new IllegalArgumentException("Wrong number of elements in sequence.");
        }
        GXAsn1Sequence gXAsn1Sequence2 = (GXAsn1Sequence) gXAsn1Sequence.get(0);
        this.version = CertificateVersion.forValue(((Number) gXAsn1Sequence2.get(0)).intValue());
        this.subject = GXAsn1Converter.getSubject((GXAsn1Sequence) gXAsn1Sequence2.get(1));
        GXAsn1Sequence gXAsn1Sequence3 = (GXAsn1Sequence) gXAsn1Sequence2.get(2);
        if (gXAsn1Sequence2.size() > 3) {
            this.attributes = gXAsn1Sequence2.get(3);
        }
        GXAsn1Sequence gXAsn1Sequence4 = (GXAsn1Sequence) gXAsn1Sequence3.get(0);
        this.algorithm = PkcsObjectIdentifier.forValue(gXAsn1Sequence4.get(0).toString());
        if (this.algorithm == null) {
            this.algorithm = X9ObjectIdentifier.forValue(gXAsn1Sequence4.get(0).toString());
        }
        try {
            String lowerCase = this.algorithm.toString().toLowerCase();
            if (lowerCase.contains("rsa")) {
                keyFactory = KeyFactory.getInstance("RSA");
            } else if (lowerCase.endsWith("ecdsa")) {
                keyFactory = KeyFactory.getInstance("EC");
            } else {
                if (!lowerCase.contains("ec")) {
                    throw new IllegalStateException("Unknown algorithm:" + this.algorithm.toString());
                }
                keyFactory = KeyFactory.getInstance("EC");
            }
            try {
                this.publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(GXAsn1Converter.toByteArray(gXAsn1Sequence3)));
                GXAsn1Sequence gXAsn1Sequence5 = (GXAsn1Sequence) gXAsn1Sequence.get(1);
                this.signatureAlgorithm = HashAlgorithm.forValue(gXAsn1Sequence5.get(0).toString());
                if (gXAsn1Sequence5.size() != 1) {
                    this.signatureParameters = gXAsn1Sequence5.get(1);
                }
                this.signature = ((GXAsn1BitString) gXAsn1Sequence.get(2)).getValue();
                if (!verify(GXAsn1Converter.toByteArray(gXAsn1Sequence2), this.signature)) {
                    throw new IllegalArgumentException("Invalid Signature.");
                }
            } catch (InvalidKeySpecException e) {
                throw new IllegalArgumentException(e.getMessage());
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException(this.algorithm.toString().substring(0, 2) + "key factory not present in runtime");
        }
    }

    public final CertificateVersion getVersion() {
        return this.version;
    }

    public final void setVersion(CertificateVersion certificateVersion) {
        this.version = certificateVersion;
    }

    public final String getSubject() {
        return this.subject;
    }

    public final void setSubject(String str) {
        this.subject = str;
    }

    public final PublicKey getPublicKey() {
        return this.publicKey;
    }

    public final void setPublicKey(PublicKey publicKey) {
        this.publicKey = publicKey;
    }

    public final GXOid getAlgorithm() {
        return this.algorithm;
    }

    public final void setAlgorithm(GXOid gXOid) {
        this.algorithm = gXOid;
    }

    public final GXOid getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    public final void setSignatureAlgorithm(GXOid gXOid) {
        this.signatureAlgorithm = gXOid;
    }

    public final Object getSignatureParameters() {
        return this.signatureParameters;
    }

    public final void setSignatureParameters(Object obj) {
        this.signatureParameters = obj;
    }

    public final byte[] getSignature() {
        return this.signature;
    }

    public final void setSignature(byte[] bArr) {
        this.signature = bArr;
    }

    public final String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append("PKCS #10 certificate request:");
        sb.append("\r\n");
        sb.append("Version: ");
        sb.append(this.version.toString());
        sb.append("\r\n");
        sb.append("Subject: ");
        sb.append(this.subject);
        sb.append("\r\n");
        sb.append("Algorithm: ");
        if (this.algorithm != null) {
            sb.append(this.algorithm.toString());
        }
        sb.append("\r\n");
        sb.append("Public Key: ");
        if (this.publicKey != null) {
            sb.append(this.publicKey.toString());
        }
        sb.append("\r\n");
        sb.append("Signature algorithm: ");
        if (this.signatureAlgorithm != null) {
            sb.append(this.signatureAlgorithm.toString());
        }
        sb.append("\r\n");
        sb.append("Signature parameters: ");
        if (this.signatureParameters != null) {
            sb.append(this.signatureParameters.toString());
        }
        sb.append("\r\n");
        sb.append("Signature: ");
        sb.append(GXCommon.toHex(this.signature));
        sb.append("\r\n");
        return sb.toString();
    }

    private boolean verify(byte[] bArr, byte[] bArr2) {
        Signature signature;
        try {
            if (this.signatureAlgorithm == HashAlgorithm.SHA256withECDSA) {
                signature = Signature.getInstance("SHA256withECDSA");
            } else {
                if (this.signatureAlgorithm != HashAlgorithm.SHA_256_RSA) {
                    throw new IllegalArgumentException("Invalid Signature: " + this.signatureAlgorithm.toString());
                }
                signature = Signature.getInstance("SHA256withRSA");
            }
            signature.initVerify(this.publicKey);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (Exception e) {
            throw new IllegalArgumentException(e.getMessage());
        }
    }

    private Object[] getdata() {
        Object fromByteArray = GXAsn1Converter.fromByteArray(this.publicKey.getEncoded());
        return this.attributes != null ? new Object[]{Byte.valueOf(this.version.getValue()), GXAsn1Converter.encodeSubject(this.subject), fromByteArray, this.attributes} : new Object[]{Byte.valueOf(this.version.getValue()), GXAsn1Converter.encodeSubject(this.subject), fromByteArray, new GXAsn1Context()};
    }

    public final byte[] getEncoded() {
        if (this.signature == null) {
            throw new IllegalArgumentException("Sign first.");
        }
        return GXAsn1Converter.toByteArray(new Object[]{getdata(), new Object[]{new GXAsn1ObjectIdentifier(this.signatureAlgorithm.getValue())}, new GXAsn1BitString(this.signature, 0)});
    }

    public void sign(KeyPair keyPair, HashAlgorithm hashAlgorithm) {
        byte[] byteArray = GXAsn1Converter.toByteArray(getdata());
        try {
            Signature signature = Signature.getInstance(hashAlgorithm.toString());
            signature.initSign(keyPair.getPrivate());
            signature.update(byteArray);
            this.signatureAlgorithm = hashAlgorithm;
            this.signature = signature.sign();
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage());
        }
    }

    public static GXPkcs10 createCertificateSigningRequest(KeyPair keyPair, String str) {
        GXPkcs10 gXPkcs10 = new GXPkcs10();
        gXPkcs10.setAlgorithm(X9ObjectIdentifier.IdECPublicKey);
        gXPkcs10.setPublicKey(keyPair.getPublic());
        gXPkcs10.setSubject(str);
        gXPkcs10.sign(keyPair, HashAlgorithm.SHA256withECDSA);
        return gXPkcs10;
    }

    public static GXPkcs10 load(Path path) throws IOException {
        return new GXPkcs10(new String(Files.readAllBytes(path)));
    }

    public void save(Path path) throws IOException {
        StringBuilder sb = new StringBuilder();
        sb.append("-----BEGIN CERTIFICATE REQUEST-----" + System.lineSeparator());
        sb.append(GXCommon.toBase64(getEncoded()));
        sb.append(System.lineSeparator() + "-----END CERTIFICATE REQUEST-----");
        Files.write(path, sb.toString().getBytes(), StandardOpenOption.CREATE);
    }
}
