package oracle.security.crypto.cmp;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import oracle.security.crypto.asn1.ASN1BitString;
import oracle.security.crypto.asn1.ASN1ConstructedInputStream;
import oracle.security.crypto.asn1.ASN1FormatException;
import oracle.security.crypto.asn1.ASN1GenericConstructed;
import oracle.security.crypto.asn1.ASN1Object;
import oracle.security.crypto.asn1.ASN1Sequence;
import oracle.security.crypto.asn1.ASN1SequenceInputStream;
import oracle.security.crypto.asn1.ASN1Utils;
import oracle.security.crypto.cert.GeneralName;
import oracle.security.crypto.core.AlgID;
import oracle.security.crypto.core.AlgorithmIdentifier;
import oracle.security.crypto.core.AlgorithmIdentifierException;
import oracle.security.crypto.core.PBMacAlgID;
import oracle.security.crypto.core.PasswordBasedMAC;
import oracle.security.crypto.util.CryptoUtils;
import oracle.security.crypto.util.StreamableOutputException;
import oracle.security.crypto.util.Utils;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:oracle/security/crypto/cmp/POPOSigningKey.class */
public class POPOSigningKey implements ASN1Object {
    private ASN1Sequence poposkInput;
    private AlgorithmIdentifier sigAlgID;
    private byte[] signature;
    private transient ASN1Object contents;
    private transient boolean decodedPoposkInput;
    private transient GeneralName sender;
    private transient ASN1Sequence pkMac;
    private transient AlgorithmIdentifier macAlgID;
    private transient byte[] macBytes;
    private transient ASN1Sequence spki;
    private transient PublicKey pubKey;
    private transient oracle.security.crypto.core.PublicKey oraPubKey;

    public POPOSigningKey(AlgorithmIdentifier algorithmIdentifier) {
        this.decodedPoposkInput = false;
        this.sigAlgID = algorithmIdentifier;
    }

    public POPOSigningKey(AlgorithmIdentifier algorithmIdentifier, PublicKey publicKey, GeneralName generalName) throws InvalidKeyException {
        this.decodedPoposkInput = false;
        this.poposkInput = new ASN1Sequence();
        this.sender = generalName;
        this.poposkInput.addElement(new ASN1GenericConstructed(generalName, 0));
        this.pubKey = publicKey;
        this.spki = CryptoUtils.subjectPublicKeyInfo(CMPUtils.toPhaosPublicKey(publicKey));
        this.poposkInput.addElement(this.spki);
        this.sigAlgID = algorithmIdentifier;
        this.oraPubKey = CMPUtils.toPhaosPublicKey(publicKey);
    }

    public POPOSigningKey(AlgorithmIdentifier algorithmIdentifier, PublicKey publicKey, byte[] bArr, SecureRandom secureRandom) throws AlgorithmIdentifierException {
        this.decodedPoposkInput = false;
        int i = 8;
        int length = 20 - (bArr.length + 8);
        byte[] bArr2 = new byte[length > 0 ? 8 + length : i];
        secureRandom.setSeed(SecureRandom.getSeed(20));
        secureRandom.nextBytes(bArr2);
        PasswordBasedMAC passwordBasedMAC = new PasswordBasedMAC(new PBMacAlgID(bArr2, AlgID.sha1, BigInteger.valueOf(1024L), AlgID.hmacSHA), bArr);
        try {
            this.pubKey = publicKey;
            this.oraPubKey = CMPUtils.toPhaosPublicKey(publicKey);
            this.spki = CryptoUtils.subjectPublicKeyInfo(this.oraPubKey);
            this.macBytes = passwordBasedMAC.computeDigest(Utils.toBytes(this.spki));
            this.pkMac = new ASN1Sequence();
            this.macAlgID = passwordBasedMAC.getAlgID();
            this.pkMac.addElement(this.macAlgID);
            this.pkMac.addElement(new ASN1BitString(this.macBytes));
            this.poposkInput = new ASN1Sequence();
            this.poposkInput.addElement(this.pkMac);
            this.poposkInput.addElement(this.spki);
            this.sigAlgID = algorithmIdentifier;
        } catch (InvalidKeyException e) {
            throw new AlgorithmIdentifierException(e.toString());
        }
    }

    public POPOSigningKey(InputStream inputStream) throws IOException {
        this.decodedPoposkInput = false;
        input(inputStream);
    }

    public void sign(PrivateKey privateKey, SecureRandom secureRandom) throws SignatureException {
        sign(this.poposkInput, privateKey, secureRandom);
    }

    public void sign(ASN1Object aSN1Object, PrivateKey privateKey, SecureRandom secureRandom) throws SignatureException {
        try {
            Signature signature = Signature.getInstance(CMPUtils.getAlgoName(this.sigAlgID));
            signature.initSign(privateKey, secureRandom);
            signature.update(Utils.toBytes(aSN1Object));
            this.signature = signature.sign();
        } catch (InvalidKeyException e) {
            throw new SignatureException(e.toString());
        } catch (NoSuchAlgorithmException e2) {
            throw new SignatureException(e2.toString());
        }
    }

    public boolean verifySignature(PublicKey publicKey, CertRequest certRequest) throws SignatureException {
        return verifySignature(publicKey, Utils.toBytes(certRequest));
    }

    public boolean verifySignature(PublicKey publicKey) throws SignatureException {
        return verifySignature(publicKey, Utils.toBytes(this.poposkInput));
    }

    private boolean verifySignature(PublicKey publicKey, byte[] bArr) throws SignatureException {
        try {
            Signature signature = Signature.getInstance(CMPUtils.getAlgoName(this.sigAlgID));
            signature.initVerify(publicKey);
            signature.update(bArr);
            return signature.verify(this.signature);
        } catch (InvalidKeyException e) {
            throw new SignatureException(e.toString());
        } catch (NoSuchAlgorithmException e2) {
            throw new SignatureException(e2.toString());
        }
    }

    public AlgorithmIdentifier getSignatureAlgID() {
        return this.sigAlgID;
    }

    public byte[] getSignatureBytes() {
        return this.signature;
    }

    public GeneralName getSenderName() {
        decodePoposkInput();
        return this.sender;
    }

    public ASN1Sequence getPKMac() {
        decodePoposkInput();
        return this.pkMac;
    }

    public AlgorithmIdentifier getMacAlgID() {
        decodePoposkInput();
        return this.macAlgID;
    }

    public byte[] getMacBytes() {
        decodePoposkInput();
        return this.macBytes;
    }

    public ASN1Sequence getSPKI() {
        decodePoposkInput();
        return this.spki;
    }

    public PublicKey getPublicKey() {
        decodePoposkInput();
        return this.pubKey;
    }

    public String toString() {
        decodePoposkInput();
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append('{');
        if (this.poposkInput != null) {
            stringBuffer.append(" poposkInput = {");
            stringBuffer.append(" authInfo = {");
            if (this.sender != null) {
                stringBuffer.append(" sender = ");
                stringBuffer.append(this.sender);
            }
            if (this.pkMac != null) {
                stringBuffer.append(" publicKeyMAC = {");
                stringBuffer.append(" algId = ");
                stringBuffer.append(this.macAlgID);
                stringBuffer.append(", value = ");
                stringBuffer.append(this.macBytes != null ? Utils.toHexString(this.macBytes) : "null");
                stringBuffer.append(" }");
            }
            stringBuffer.append(" }");
            stringBuffer.append(", publicKey = {");
            stringBuffer.append(" algorithm = ");
            stringBuffer.append(this.pubKey != null ? this.pubKey.getAlgorithm() : "null");
            stringBuffer.append(", subjectPublicKey = ");
            stringBuffer.append(this.pubKey);
            stringBuffer.append(" }");
            stringBuffer.append(" }");
        }
        stringBuffer.append(", algorithmIdentifier = ");
        stringBuffer.append(this.sigAlgID);
        stringBuffer.append(", signature = ");
        stringBuffer.append(this.signature != null ? Utils.toHexString(this.signature) : "null");
        stringBuffer.append(" }");
        return stringBuffer.toString();
    }

    private void decodePoposkInput() {
        if (this.decodedPoposkInput) {
            return;
        }
        clearPoposkInputCache();
        if (this.poposkInput != null) {
            try {
                ASN1SequenceInputStream aSN1SequenceInputStream = new ASN1SequenceInputStream(Utils.toStream(this.poposkInput));
                if (aSN1SequenceInputStream.getCurrentTag() == 0) {
                    ASN1ConstructedInputStream aSN1ConstructedInputStream = new ASN1ConstructedInputStream(aSN1SequenceInputStream, 0);
                    this.sender = new GeneralName(aSN1ConstructedInputStream);
                    aSN1ConstructedInputStream.terminate();
                    this.pkMac = null;
                    this.macAlgID = null;
                    this.macBytes = null;
                } else {
                    if (aSN1SequenceInputStream.getCurrentTag() != 16) {
                        throw new ASN1FormatException("Unexpected tag " + aSN1SequenceInputStream.getCurrentTag());
                    }
                    this.pkMac = new ASN1Sequence(aSN1SequenceInputStream);
                    this.macAlgID = new PBMacAlgID(Utils.toStream(this.pkMac.elementAt(0)));
                    this.macBytes = this.pkMac.elementAt(1).getValue();
                    this.sender = null;
                }
                this.spki = new ASN1Sequence(aSN1SequenceInputStream);
                this.oraPubKey = CryptoUtils.inputSPKI(this.spki);
                this.pubKey = CMPUtils.toJCEPublicKey(this.oraPubKey);
                aSN1SequenceInputStream.terminate();
            } catch (IOException e) {
                throw new IllegalArgumentException(e.toString());
            } catch (NoSuchAlgorithmException e2) {
                throw new IllegalArgumentException(e2.toString());
            }
        }
        this.decodedPoposkInput = true;
    }

    public void input(InputStream inputStream) throws IOException {
        update();
        this.contents = new ASN1Sequence(inputStream);
        ASN1SequenceInputStream aSN1SequenceInputStream = new ASN1SequenceInputStream(Utils.toStream(this.contents));
        if (aSN1SequenceInputStream.getCurrentTag() == 0) {
            aSN1SequenceInputStream.setCurrentTag(16);
            this.poposkInput = new ASN1Sequence(aSN1SequenceInputStream);
        } else {
            this.poposkInput = null;
        }
        this.sigAlgID = new AlgorithmIdentifier(aSN1SequenceInputStream);
        this.signature = ASN1BitString.inputValue(aSN1SequenceInputStream);
        aSN1SequenceInputStream.terminate();
    }

    public void output(OutputStream outputStream) throws IOException {
        toASN1().output(outputStream);
    }

    public int length() {
        return toASN1().length();
    }

    ASN1Object toASN1() {
        if (this.contents == null) {
            ASN1Sequence aSN1Sequence = new ASN1Sequence();
            if (this.poposkInput != null) {
                aSN1Sequence.addElement(ASN1Utils.addImplicitTag(this.poposkInput, 0));
            }
            aSN1Sequence.addElement(this.sigAlgID);
            if (this.signature == null) {
                throw new StreamableOutputException("Structure invalid without signature");
            }
            aSN1Sequence.addElement(new ASN1BitString(this.signature));
            this.contents = aSN1Sequence;
        }
        return this.contents;
    }

    private void update() {
        this.contents = null;
        clearPoposkInputCache();
    }

    private void clearPoposkInputCache() {
        this.decodedPoposkInput = false;
        this.sender = null;
        this.pkMac = null;
        this.macAlgID = null;
        this.macBytes = null;
        this.spki = null;
        this.pubKey = null;
    }
}
