package com.certicom.security.cert;

import com.certicom.locale.Resources;
import com.certicom.security.asn1.ASN1OID;
import com.certicom.security.asn1.OID;
import com.certicom.security.cert.internal.x509.Base64;
import com.certicom.security.cert.internal.x509.PKCS8;
import com.certicom.security.pkcs.pkcs10.CertificateRequest;
import com.certicom.security.pkcs.pkcs10.CertificateRequestInfo;
import com.certicom.security.pkix.AlgorithmIdentifier;
import com.certicom.security.pkix.Name;
import com.certicom.security.pkix.SubjectPublicKeyInfo;
import com.certicom.tls.ciphersuite.CryptoNames;
import com.certicom.tls.provider.Signature;
import java.io.ByteArrayOutputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.interfaces.RSAPublicKey;
import weblogic.security.spi.IdentityAsserter;
import weblogic.security.utils.SSLSetup;

/* loaded from: input_file:weblogic.jar:com/certicom/security/cert/PKCS10.class */
public class PKCS10 {
    private byte[] encodedRequest;
    PublicKey publicKey;
    String name;

    public PKCS10(PublicKey publicKey, String str) {
        this.publicKey = publicKey;
        this.name = str;
    }

    public byte[] getEncoded() {
        return this.encodedRequest;
    }

    public String exportRequest() {
        String str = new String("-----BEGIN NEW CERTIFICATE REQUEST-----\n");
        String str2 = new String();
        new Base64();
        String encode = Base64.encode(this.encodedRequest);
        for (int i = 0; i < encode.length(); i += 64) {
            str2 = str2.concat(encode.substring(i, i + (encode.length() - i > 64 ? 64 : encode.length() - i))).concat("\n");
        }
        return str.concat(str2).concat("-----END NEW CERTIFICATE REQUEST-----\n");
    }

    public String exportPrivateKey(PrivateKey privateKey, char[] cArr, SecureRandom secureRandom) throws CertificateEncodingException {
        new Base64();
        String encode = Base64.encode(PKCS8.encrypt(privateKey, new String(cArr), secureRandom));
        String str = new String();
        for (int i = 0; i < encode.length(); i += 64) {
            str = str.concat(encode.substring(i, i + (encode.length() - i > 64 ? 64 : encode.length() - i))).concat("\n");
        }
        return new StringBuffer().append("-----BEGIN ENCRYPTED PRIVATE KEY-----\n").append(str).append("-----END ENCRYPTED PRIVATE KEY-----\n").toString();
    }

    public void encodeAndSign(PrivateKey privateKey, SecureRandom secureRandom) throws CertificateEncodingException {
        SubjectPublicKeyInfo encodedRSAPublicKey;
        AlgorithmIdentifier algorithmIdentifier;
        byte[] encodedRSASignature;
        try {
            if (this.publicKey.getFormat() == IdentityAsserter.X509_TYPE) {
                encodedRSAPublicKey = new SubjectPublicKeyInfo();
                encodedRSAPublicKey.decode(this.publicKey.getEncoded());
            } else if (this.publicKey.getAlgorithm().indexOf(CryptoNames.EC) >= 0) {
                encodedRSAPublicKey = getEncodedECCPublicKey();
            } else {
                if (this.publicKey.getAlgorithm().indexOf("RSA") < 0) {
                    throw new CertificateEncodingException(Resources.getMessage("242"));
                }
                encodedRSAPublicKey = getEncodedRSAPublicKey();
            }
            CertificateRequestInfo certificateRequestInfo = new CertificateRequestInfo(new Name(this.name), encodedRSAPublicKey);
            if (this.publicKey.getAlgorithm().indexOf(CryptoNames.EC) >= 0) {
                algorithmIdentifier = new AlgorithmIdentifier(OID.ECDSA_WITH_SHA1, null);
                encodedRSASignature = getEncodedECCSignature(certificateRequestInfo.encode(), privateKey, secureRandom);
            } else {
                if (this.publicKey.getAlgorithm().indexOf("RSA") < 0) {
                    throw new CertificateEncodingException(Resources.getMessage("242"));
                }
                algorithmIdentifier = new AlgorithmIdentifier(OID.MD5_WITH_RSA_ENCRYPTION, null);
                encodedRSASignature = getEncodedRSASignature(certificateRequestInfo.encode(), privateKey, secureRandom);
            }
            this.encodedRequest = new CertificateRequest(certificateRequestInfo, algorithmIdentifier, encodedRSASignature).encode();
        } catch (Exception e) {
            if (SSLSetup.getDebugEaten()) {
                SSLSetup.debug(3, e, "........... Eating Exception ..........");
            }
            throw new CertificateEncodingException(e.getMessage());
        }
    }

    private SubjectPublicKeyInfo getEncodedECCPublicKey() throws Exception {
        return new SubjectPublicKeyInfo(new AlgorithmIdentifier(OID.EC_PUBLIC_KEY, new ASN1OID(OID.EC163A02)), this.publicKey.getEncoded());
    }

    private SubjectPublicKeyInfo getEncodedRSAPublicKey() throws Exception {
        RSAPublicKey rSAPublicKey = (RSAPublicKey) this.publicKey;
        return new SubjectPublicKeyInfo(new AlgorithmIdentifier(OID.RSA_ENCRYPTION, null), new com.certicom.security.pkcs.pkcs1.RSAPublicKey(rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent()).encode());
    }

    private byte[] getEncodedECCSignature(byte[] bArr, PrivateKey privateKey, SecureRandom secureRandom) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Signature signature = Signature.getInstance(CryptoNames.ECDSA);
        signature.initSign(privateKey, secureRandom);
        signature.update(bArr);
        byte[] sign = signature.sign();
        int length = sign.length / 2;
        int i = (sign[0] & 128) != 0 ? 1 : 0;
        int i2 = (sign[length] & 128) != 0 ? 1 : 0;
        byteArrayOutputStream.write(48);
        byteArrayOutputStream.write((byte) (4 + i + i2 + sign.length));
        byteArrayOutputStream.write(2);
        byteArrayOutputStream.write(length + i);
        if (i != 0) {
            byteArrayOutputStream.write(0);
        }
        byteArrayOutputStream.write(sign, 0, length);
        byteArrayOutputStream.write(2);
        byteArrayOutputStream.write(length + i2);
        if (i2 != 0) {
            byteArrayOutputStream.write(0);
        }
        byteArrayOutputStream.write(sign, length, length);
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] getEncodedRSASignature(byte[] bArr, PrivateKey privateKey, SecureRandom secureRandom) throws Exception {
        Signature signature = Signature.getInstance("MD5withRSA");
        signature.initSign(privateKey, secureRandom);
        signature.update(bArr);
        return signature.sign();
    }
}
