package org.spongycastle.jce.netscape;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import m.c.a.e1;
import m.c.a.f;
import m.c.a.j;
import m.c.a.m;
import m.c.a.q0;
import m.c.a.s;
import m.c.a.t;
import m.c.a.x0;
import m.c.a.x2.a;
import m.c.a.x2.h0;
import org.spongycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes.dex */
public class NetscapeCertRequest extends m {
    public String challenge;
    public q0 content;
    public a keyAlg;
    public PublicKey pubkey;
    public a sigAlg;
    public byte[] sigBits;

    public NetscapeCertRequest(String str, a aVar, PublicKey publicKey) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
        this.challenge = str;
        this.sigAlg = aVar;
        this.pubkey = publicKey;
        f fVar = new f();
        fVar.a.addElement(getKeySpec());
        fVar.a.addElement(new x0(str));
        try {
            this.content = new q0(new e1(fVar));
        } catch (IOException e2) {
            StringBuilder E = e.a.a.a.a.E("exception encoding key: ");
            E.append(e2.toString());
            throw new InvalidKeySpecException(E.toString());
        }
    }

    public NetscapeCertRequest(t tVar) {
        try {
            if (tVar.size() != 3) {
                throw new IllegalArgumentException("invalid SPKAC (size):" + tVar.size());
            }
            this.sigAlg = a.f(tVar.s(1));
            this.sigBits = ((q0) tVar.s(2)).r();
            t tVar2 = (t) tVar.s(0);
            if (tVar2.size() != 2) {
                throw new IllegalArgumentException("invalid PKAC (len): " + tVar2.size());
            }
            this.challenge = ((x0) tVar2.s(1)).c();
            this.content = new q0(tVar2);
            h0 f2 = h0.f(tVar2.s(0));
            X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(new q0(f2).o());
            a aVar = f2.a;
            this.keyAlg = aVar;
            this.pubkey = KeyFactory.getInstance(aVar.a.c, BouncyCastleProvider.PROVIDER_NAME).generatePublic(x509EncodedKeySpec);
        } catch (Exception e2) {
            throw new IllegalArgumentException(e2.toString());
        }
    }

    public NetscapeCertRequest(byte[] bArr) throws IOException {
        this(getReq(bArr));
    }

    private s getKeySpec() throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byteArrayOutputStream.write(this.pubkey.getEncoded());
            byteArrayOutputStream.close();
            return new j(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).q();
        } catch (IOException e2) {
            throw new InvalidKeySpecException(e2.getMessage());
        }
    }

    private static t getReq(byte[] bArr) throws IOException {
        return t.n(new j(new ByteArrayInputStream(bArr)).q());
    }

    public String getChallenge() {
        return this.challenge;
    }

    public a getKeyAlgorithm() {
        return this.keyAlg;
    }

    public PublicKey getPublicKey() {
        return this.pubkey;
    }

    public a getSigningAlgorithm() {
        return this.sigAlg;
    }

    public void setChallenge(String str) {
        this.challenge = str;
    }

    public void setKeyAlgorithm(a aVar) {
        this.keyAlg = aVar;
    }

    public void setPublicKey(PublicKey publicKey) {
        this.pubkey = publicKey;
    }

    public void setSigningAlgorithm(a aVar) {
        this.sigAlg = aVar;
    }

    public void sign(PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException, InvalidKeySpecException {
        sign(privateKey, null);
    }

    public void sign(PrivateKey privateKey, SecureRandom secureRandom) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException, InvalidKeySpecException {
        Signature signature = Signature.getInstance(this.sigAlg.a.c, BouncyCastleProvider.PROVIDER_NAME);
        if (secureRandom != null) {
            signature.initSign(privateKey, secureRandom);
        } else {
            signature.initSign(privateKey);
        }
        f fVar = new f();
        fVar.a.addElement(getKeySpec());
        fVar.a.addElement(new x0(this.challenge));
        try {
            signature.update(new e1(fVar).getEncoded("DER"));
            this.sigBits = signature.sign();
        } catch (IOException e2) {
            throw new SignatureException(e2.getMessage());
        }
    }

    @Override // m.c.a.m, m.c.a.e
    public s toASN1Primitive() {
        f fVar = new f();
        f fVar2 = new f();
        try {
            fVar2.a.addElement(getKeySpec());
        } catch (Exception unused) {
        }
        fVar2.a.addElement(new x0(this.challenge));
        fVar.a.addElement(new e1(fVar2));
        fVar.a.addElement(this.sigAlg);
        fVar.a.addElement(new q0(this.sigBits));
        return new e1(fVar);
    }

    public boolean verify(String str) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        if (!str.equals(this.challenge)) {
            return false;
        }
        Signature signature = Signature.getInstance(this.sigAlg.a.c, BouncyCastleProvider.PROVIDER_NAME);
        signature.initVerify(this.pubkey);
        signature.update(this.content.o());
        return signature.verify(this.sigBits);
    }
}
