package com.formosoft.jpki.scep;

import com.formosoft.jpki.asn1.ASN1InputStream;
import com.formosoft.jpki.asn1.ASN1Object;
import com.formosoft.jpki.asn1.ASN1ObjectID;
import com.formosoft.jpki.asn1.ASN1OctetString;
import com.formosoft.jpki.asn1.ASN1OutputStream;
import com.formosoft.jpki.asn1.ASN1ParseException;
import com.formosoft.jpki.asn1.ASN1PrintableString;
import com.formosoft.jpki.asn1.ASN1Sequence;
import com.formosoft.jpki.asn1.ASN1Tag;
import com.formosoft.jpki.asn1.DERInputStream;
import com.formosoft.jpki.oid.OIDFactory;
import com.formosoft.jpki.oid.ObjectIdentifier;
import com.formosoft.jpki.pkcs10.PKCS10;
import com.formosoft.jpki.pkcs6.SetOfExtendedCertificateOrCertificate;
import com.formosoft.jpki.pkcs7.EncryptedContentInfo;
import com.formosoft.jpki.pkcs7.EnvelopedData;
import com.formosoft.jpki.pkcs7.PKCS7;
import com.formosoft.jpki.pkcs7.RecipientInfo;
import com.formosoft.jpki.pkcs7.SignedData;
import com.formosoft.jpki.pkcs7.SignerInfo;
import com.formosoft.jpki.security.SignatureVerifyException;
import com.formosoft.jpki.util.JCAAlgorithm;
import com.formosoft.jpki.util.RSAUtil;
import com.formosoft.jpki.x501.Attribute;
import com.formosoft.jpki.x501.SetOfAttribute;
import com.formosoft.jpki.x509.X509Algorithm;
import com.formosoft.jpki.x509.X509Certificate;
import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;

/* loaded from: input_file:com/formosoft/jpki/scep/SCEPRequest.class */
public class SCEPRequest extends ASN1Sequence {
    private static final ASN1Tag cntTag = new ASN1Tag(128, true, 0);
    private static final ObjectIdentifier dataOID = OIDFactory.getObjectIdentifier("1.2.840.113549.1.7.1");
    private static final ObjectIdentifier signedOID = OIDFactory.getObjectIdentifier("1.2.840.113549.1.7.2");
    private static final ObjectIdentifier envelopedOID = OIDFactory.getObjectIdentifier("1.2.840.113549.1.7.3");
    private ASN1ObjectID cntType;
    private ASN1Object content;
    private X509Certificate cert;
    private RecipientInfo recipientInfo;
    private EncryptedContentInfo encContentInfo;
    private EnvelopedData envelopedData;
    private PKCS7 contentInfo;
    private PKCS10 certReq;
    private SignerInfo signerInfo;
    private SignedData signedData;
    private SetOfAttribute authAttrs;
    private Attribute attrCntType;
    private Attribute attrMsgDigest;
    private Attribute attrTrsId;
    private Attribute attrMsgType;
    private Attribute attrSenderNonce;

    public SCEPRequest(ASN1InputStream aSN1InputStream) throws IOException, ASN1ParseException {
        super(aSN1InputStream, TAG);
    }

    public SCEPRequest(ASN1InputStream aSN1InputStream, ASN1Tag aSN1Tag) throws IOException, ASN1ParseException {
        super(aSN1InputStream, aSN1Tag);
    }

    public SCEPRequest(ASN1Tag aSN1Tag, ASN1InputStream aSN1InputStream) throws IOException, ASN1ParseException {
        super(aSN1Tag, aSN1InputStream, TAG);
    }

    @Override // com.formosoft.jpki.asn1.ASN1Sequence, com.formosoft.jpki.asn1.ASN1Object
    protected void parseContent(ASN1InputStream aSN1InputStream) throws IOException, ASN1ParseException {
        this.cntType = new ASN1ObjectID(aSN1InputStream);
        if (isEOC(aSN1InputStream)) {
            return;
        }
        ObjectIdentifier objectIdentifier = this.cntType.getObjectIdentifier();
        if (!objectIdentifier.equals(signedOID)) {
            throw new ASN1ParseException("Unknown ContentType: " + objectIdentifier.getObjectID(), aSN1InputStream.parsed());
        }
        this.signedData = new SignedData(aSN1InputStream);
        this.content = this.signedData;
        this.contentInfo = this.signedData.getContentInfo();
        ObjectIdentifier contentType = this.contentInfo.getContentType();
        if (!contentType.equals(dataOID)) {
            throw new ASN1ParseException("Unknown ContentType: " + contentType.getObjectID(), aSN1InputStream.parsed());
        }
        byte[] data = this.contentInfo.getData();
        SetOfExtendedCertificateOrCertificate pKCS6Certificates = this.signedData.getPKCS6Certificates();
        if (pKCS6Certificates != null) {
            this.cert = (X509Certificate) pKCS6Certificates.getCertificates().get(0);
        }
        this.signerInfo = this.signedData.getSignerInfos().getSignerInfo(0);
        this.authAttrs = this.signerInfo.getAuthAttribute();
        for (int i = 0; i < this.authAttrs.size(); i++) {
            Attribute attribute = this.authAttrs.getAttribute(i);
            if (attribute.getType().equals(ASN1ObjectID.getInstance("contentType"))) {
                this.attrCntType = attribute;
            } else if (attribute.getType().equals(ASN1ObjectID.getInstance("messageDigest"))) {
                this.attrMsgDigest = attribute;
            } else if (attribute.getType().equals(ASN1ObjectID.getInstance("2.16.840.1.113733.1.9.7"))) {
                this.attrTrsId = attribute;
            } else if (attribute.getType().equals(ASN1ObjectID.getInstance("2.16.840.1.113733.1.9.2"))) {
                this.attrMsgType = attribute;
            } else if (attribute.getType().equals(ASN1ObjectID.getInstance("2.16.840.1.113733.1.9.5"))) {
                this.attrSenderNonce = attribute;
            }
        }
        if (!this.attrCntType.getValue().equals(ASN1ObjectID.getInstance("pkcs7-data"))) {
            throw new ASN1ParseException("Authenticate Attribute Unknown ContentType: " + this.attrCntType.getValue().toString(), aSN1InputStream.parsed());
        }
        if (!this.attrMsgType.getValue().equals(ASN1PrintableString.getInstance("19".getBytes()))) {
            throw new ASN1ParseException("Authenticate Attribute Unknown MessageType: " + this.attrMsgType.getValue().toString(), aSN1InputStream.parsed());
        }
        this.envelopedData = new EnvelopedData(new DERInputStream(data));
        this.recipientInfo = this.envelopedData.getRecipientInfos().getRecipientInfo(0);
        this.encContentInfo = this.envelopedData.getEncryptedContentInfo();
    }

    @Override // com.formosoft.jpki.asn1.ASN1Sequence
    public void getEncodedContent(ASN1OutputStream aSN1OutputStream) throws IOException {
        this.cntType.getEncoded(aSN1OutputStream);
        if (this.content != null) {
            this.content.getEncoded(aSN1OutputStream);
        }
    }

    public SCEPRequest(byte[] bArr) throws IOException, ASN1ParseException {
        this(new DERInputStream(bArr));
    }

    public SCEPRequest(SignedData signedData) {
        this.cntType = ASN1ObjectID.getInstance(signedOID);
        this.signedData = signedData;
        this.content = this.signedData;
    }

    public SignedData getSignedData() {
        return this.signedData;
    }

    public X509Certificate getEntityCertificate() {
        return this.cert;
    }

    public SignerInfo getSignerInfo() {
        return this.signerInfo;
    }

    public EnvelopedData getEnvelopedData() {
        return this.envelopedData;
    }

    public RecipientInfo getRecipientInfo() {
        return this.recipientInfo;
    }

    public String getTransactionID() {
        return this.attrTrsId.getValue().toString();
    }

    public String getSenderNonce() {
        return this.attrSenderNonce.getValue().toString();
    }

    public PKCS10 decryptCertReq(PrivateKey privateKey) throws IOException, NoSuchAlgorithmException, BadPaddingException, InvalidKeyException, InvalidKeySpecException, InvalidAlgorithmParameterException, IllegalStateException, IllegalBlockSizeException, NoSuchPaddingException, ASN1ParseException, com.formosoft.jpki.security.BadPaddingException, SignatureVerifyException, SignatureException {
        X509Algorithm encryptionAlgorithm = this.encContentInfo.getEncryptionAlgorithm();
        ObjectIdentifier algorithm = encryptionAlgorithm.getAlgorithm();
        String str = "DES/CBC/PKCS5Padding";
        AlgorithmParameters algorithmParameters = null;
        if (algorithm.getLongName().equals("des-ecb")) {
            str = "DES/ECB/PKCS5Padding";
        } else if (algorithm.getLongName().equals("des-cbc")) {
            str = "DES/CBC/PKCS5Padding";
        } else if (algorithm.getLongName().equals("des-cfb")) {
            str = "DES/CFB/PKCS5Padding";
        } else if (algorithm.getLongName().equals("des-ofb")) {
            str = "DES/OFB/PKCS5Padding";
        }
        if (encryptionAlgorithm.getParameter().getLength() != 0) {
            algorithmParameters = AlgorithmParameters.getInstance("DES");
            algorithmParameters.init(encryptionAlgorithm.getParameter().getEncoded());
        }
        SecretKey generateSecret = SecretKeyFactory.getInstance("DES").generateSecret(new DESKeySpec(RSAUtil.decrypt((RSAPrivateKey) privateKey, this.recipientInfo.getEncryptedKey())));
        Cipher cipher = Cipher.getInstance(str);
        if (algorithmParameters != null) {
            cipher.init(2, generateSecret, algorithmParameters);
        } else {
            cipher.init(2, generateSecret);
        }
        this.certReq = new PKCS10(cipher.doFinal(this.encContentInfo.getEncryptedContent()));
        Signature signature = Signature.getInstance("MD5withRSA");
        String algorithm2 = signature.getAlgorithm();
        if (JCAAlgorithm.getObjectIdentifier(algorithm2) == null) {
            throw new NoSuchAlgorithmException(algorithm2);
        }
        signature.initVerify(this.certReq.getPublicKey());
        signature.update(this.authAttrs.getContentValue());
        if (!signature.verify(this.signerInfo.getEncryptedDigest())) {
            throw new SignatureVerifyException("Verify encrypted digest of the authenticated attributes fail", 6);
        }
        if (Arrays.equals(MessageDigest.getInstance("MD5").digest(this.envelopedData.getEncoded()), new ASN1OctetString(this.attrMsgDigest.getValue().getContentValue()).getOctetString())) {
            return this.certReq;
        }
        throw new SignatureVerifyException("Verify digest of enveloped data fail", 6);
    }
}
