package org.mozilla.jss.pkcs10;

import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.asn1.ASN1Template;
import org.mozilla.jss.asn1.ASN1Util;
import org.mozilla.jss.asn1.ASN1Value;
import org.mozilla.jss.asn1.BIT_STRING;
import org.mozilla.jss.asn1.InvalidBERException;
import org.mozilla.jss.asn1.SEQUENCE;
import org.mozilla.jss.asn1.Tag;
import org.mozilla.jss.crypto.CryptoToken;
import org.mozilla.jss.crypto.InvalidKeyFormatException;
import org.mozilla.jss.crypto.KeyPairAlgorithm;
import org.mozilla.jss.crypto.KeyPairGenerator;
import org.mozilla.jss.crypto.Signature;
import org.mozilla.jss.crypto.SignatureAlgorithm;
import org.mozilla.jss.crypto.TokenException;
import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier;
import org.mozilla.jss.pkix.primitive.Name;

/* loaded from: input_file:org/mozilla/jss/pkcs10/CertificationRequest.class */
public class CertificationRequest implements ASN1Value {
    private CertificationRequestInfo info;
    private byte[] infoEncoding;
    private byte[] signature;
    private AlgorithmIdentifier algId;
    SEQUENCE sequence;
    private static final Tag TAG = SEQUENCE.TAG;
    private static final Template templateInstance = new Template();

    /* loaded from: input_file:org/mozilla/jss/pkcs10/CertificationRequest$Template.class */
    public static class Template implements ASN1Template {
        private SEQUENCE.Template seqt = new SEQUENCE.Template();

        public Template() {
            this.seqt.addElement(CertificationRequestInfo.getTemplate());
            this.seqt.addElement(AlgorithmIdentifier.getTemplate());
            this.seqt.addElement(BIT_STRING.getTemplate());
        }

        @Override // org.mozilla.jss.asn1.ASN1Template
        public boolean tagMatch(Tag tag) {
            return CertificationRequest.TAG.equals(tag);
        }

        @Override // org.mozilla.jss.asn1.ASN1Template
        public ASN1Value decode(InputStream inputStream) throws InvalidBERException, IOException {
            return decode(CertificationRequest.TAG, inputStream);
        }

        @Override // org.mozilla.jss.asn1.ASN1Template
        public ASN1Value decode(Tag tag, InputStream inputStream) throws InvalidBERException, IOException {
            SEQUENCE sequence = (SEQUENCE) this.seqt.decode(tag, inputStream);
            CertificationRequestInfo certificationRequestInfo = (CertificationRequestInfo) sequence.elementAt(0);
            BIT_STRING bit_string = (BIT_STRING) sequence.elementAt(2);
            if (bit_string.getPadCount() != 0) {
                throw new InvalidBERException("signature does not fall into an integral number of bytes");
            }
            return new CertificationRequest(certificationRequestInfo, (AlgorithmIdentifier) sequence.elementAt(1), bit_string.getBits());
        }
    }

    private CertificationRequest() {
    }

    CertificationRequest(CertificationRequestInfo certificationRequestInfo, AlgorithmIdentifier algorithmIdentifier, byte[] bArr) throws IOException {
        this.info = certificationRequestInfo;
        this.algId = algorithmIdentifier;
        this.signature = bArr;
        this.sequence = new SEQUENCE();
        this.sequence.addElement(certificationRequestInfo);
        this.sequence.addElement(algorithmIdentifier);
        this.sequence.addElement(new BIT_STRING(bArr, 0));
    }

    public CertificationRequest(CertificationRequestInfo certificationRequestInfo, PrivateKey privateKey, SignatureAlgorithm signatureAlgorithm) throws IOException, CryptoManager.NotInitializedException, TokenException, NoSuchAlgorithmException, CertificateException, InvalidKeyException, SignatureException {
        if (!(privateKey instanceof org.mozilla.jss.crypto.PrivateKey)) {
            throw new InvalidKeyException("Private Key is does not belong to this provider");
        }
        org.mozilla.jss.crypto.PrivateKey privateKey2 = (org.mozilla.jss.crypto.PrivateKey) privateKey;
        if (signatureAlgorithm.getSigningAlg() == SignatureAlgorithm.RSASignature) {
            this.algId = new AlgorithmIdentifier(signatureAlgorithm.toOID(), null);
        } else {
            this.algId = new AlgorithmIdentifier(signatureAlgorithm.toOID());
        }
        this.info = certificationRequestInfo;
        this.infoEncoding = ASN1Util.encode(certificationRequestInfo);
        CryptoManager.getInstance();
        Signature signatureContext = privateKey2.getOwningToken().getSignatureContext(signatureAlgorithm);
        signatureContext.initSign(privateKey2);
        signatureContext.update(this.infoEncoding);
        this.signature = signatureContext.sign();
        this.sequence = new SEQUENCE();
        this.sequence.addElement(certificationRequestInfo);
        this.sequence.addElement(this.algId);
        this.sequence.addElement(new BIT_STRING(this.signature, 0));
    }

    public void verify() throws InvalidKeyException, CryptoManager.NotInitializedException, NoSuchAlgorithmException, CertificateException, TokenException, SignatureException, InvalidKeyFormatException {
        verify(this.info.getSubjectPublicKeyInfo().toPublicKey());
    }

    public void verify(PublicKey publicKey) throws InvalidKeyException, CryptoManager.NotInitializedException, NoSuchAlgorithmException, CertificateException, TokenException, SignatureException {
        verify(publicKey, CryptoManager.getInstance().getInternalCryptoToken());
    }

    public void verify(PublicKey publicKey, CryptoToken cryptoToken) throws NoSuchAlgorithmException, CertificateException, TokenException, SignatureException, InvalidKeyException {
        Signature signatureContext = cryptoToken.getSignatureContext(SignatureAlgorithm.fromOID(this.algId.getOID()));
        signatureContext.initVerify(publicKey);
        signatureContext.update(this.infoEncoding);
        if (!signatureContext.verify(this.signature)) {
            throw new CertificateException("Signature is invalid");
        }
    }

    public CertificationRequestInfo getInfo() {
        return this.info;
    }

    @Override // org.mozilla.jss.asn1.ASN1Value
    public Tag getTag() {
        return TAG;
    }

    @Override // org.mozilla.jss.asn1.ASN1Value
    public void encode(OutputStream outputStream) throws IOException {
        encode(TAG, outputStream);
    }

    @Override // org.mozilla.jss.asn1.ASN1Value
    public void encode(Tag tag, OutputStream outputStream) throws IOException {
        this.sequence.encode(tag, outputStream);
    }

    public static Template getTemplate() {
        return templateInstance;
    }

    public static void main(String[] strArr) {
        try {
            if (strArr.length > 2 || strArr.length < 1) {
                System.out.println("Usage: CertificationRequest <dbdir> [<certfile>]");
                System.exit(0);
            }
            CryptoManager.initialize(strArr[0]);
            CryptoManager cryptoManager = CryptoManager.getInstance();
            CertificationRequest certificationRequest = (CertificationRequest) getTemplate().decode(new BufferedInputStream(new FileInputStream(strArr[1])));
            CertificationRequestInfo info = certificationRequest.getInfo();
            info.print(System.out);
            certificationRequest.verify();
            System.out.println("verified");
            FileOutputStream fileOutputStream = new FileOutputStream("certinfo.der");
            info.encode(fileOutputStream);
            fileOutputStream.close();
            KeyPairGenerator keyPairGenerator = cryptoManager.getInternalKeyStorageToken().getKeyPairGenerator(KeyPairAlgorithm.RSA);
            keyPairGenerator.initialize(512);
            System.out.println("Generating a new key pair...");
            KeyPair genKeyPair = keyPairGenerator.genKeyPair();
            System.out.println("Generated key pair");
            info.setSubjectPublicKeyInfo(genKeyPair.getPublic());
            Name name = new Name();
            name.addCommonName("asldkj");
            name.addCountryName("US");
            name.addOrganizationName("Some Corp");
            name.addOrganizationalUnitName("Some Org Unit");
            name.addLocalityName("Silicon Valley");
            name.addStateOrProvinceName("California");
            info.setSubject(name);
            System.out.println("About to create a new cert request...");
            CertificationRequest certificationRequest2 = new CertificationRequest(info, genKeyPair.getPrivate(), SignatureAlgorithm.RSASignatureWithMD5Digest);
            System.out.println("Created new cert request");
            certificationRequest2.verify();
            System.out.println("Cert verifies!");
            FileOutputStream fileOutputStream2 = new FileOutputStream("gencert.der");
            certificationRequest2.encode(fileOutputStream2);
            fileOutputStream2.close();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}
