package com.initech.pkix.cmp.client;

import com.initech.pkcs.pkcs7.PKCS7Facade;
import com.initech.pki.asn1.DEREncoder;
import com.initech.pki.asn1.useful.AlgorithmID;
import com.initech.pki.asn1.useful.GeneralName;
import com.initech.pki.util.Hex;
import com.initech.pki.x509.X509CertImpl;
import com.initech.pki.x509.extensions.SubjectKeyIdentifier;
import com.initech.pkix.cmp.CertRepMessage;
import com.initech.pkix.cmp.CertResponse;
import com.initech.pkix.cmp.ErrorMsgContent;
import com.initech.pkix.cmp.GeneralMessage;
import com.initech.pkix.cmp.PKIHeader;
import com.initech.pkix.cmp.PKIMessage;
import com.initech.pkix.cmp.PKIStatusInfo;
import com.initech.pkix.cmp.client.transport.CMPTransport;
import com.initech.pkix.cmp.client.transport.CMPTransportFactory;
import com.initech.pkix.cmp.client.util.PKIMessageDump;
import com.initech.pkix.cmp.client.util.URI;
import com.initech.pkix.cmp.crmf.EncryptedValue;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Vector;

/* loaded from: classes.dex */
public class PKICMP_SignKorea {
    public static final int CMP1999 = 1;
    public static final int CMP2000 = 2;
    public static final int GET_YESSIGN_CA_CERT = 1;
    public static final int REQUEST_KUR = 2;
    private String host;
    private KeyStore keyStore;
    private URI uri;
    private int version;
    private static String ENC_CERT_SURFIX = "_enc";
    private static String ENC_CERT_AVAIL = "km_key_gen=users";

    public PKICMP_SignKorea(int i, KeyStore keyStore, URI uri) throws CMPException {
        this.keyStore = keyStore;
        if (i != 1) {
            throw new CMPException(4, "version not supported");
        }
        this.version = i;
        this.uri = uri;
    }

    public PKICMP_SignKorea(KeyStore keyStore, URI uri) throws CMPException {
        this(1, keyStore, uri);
    }

    protected static boolean byteCompare(byte[] bArr, byte[] bArr2) {
        if (bArr.length != bArr2.length) {
            return false;
        }
        for (int i = 0; i < bArr.length; i++) {
            if (bArr[i] != bArr2[i]) {
                return false;
            }
        }
        return true;
    }

    private void checkMsg(CMPContext cMPContext, PKIMessage pKIMessage, int i) throws CMPException {
        PKIHeader header = pKIMessage.getHeader();
        if (pKIMessage.getContentType() != i) {
            if (pKIMessage.getContentType() == 23) {
                throwError((ErrorMsgContent) pKIMessage.getContentBody());
            }
            throw new CMPException(1, new StringBuffer("unexpected message body is received. we wanted [").append(i).append("] but received [").append(pKIMessage.getContentType()).append("]").toString());
        }
        if (header.getProtectionAlg() == null) {
            return;
        }
        Object authCode = header.getProtectionAlg().getAlg().equals("1.2.840.113533.7.66.13") ? cMPContext.getAuthCode() : cMPContext.getIssuerSignCert().getPublicKey();
        try {
            System.out.println(new StringBuffer("verifyKey: ").append(Hex.dumpHex(cMPContext.getAuthCode(), ' ')).toString());
            if (!pKIMessage.verify(authCode)) {
                throw new CMPException(1, "message verification failed");
            }
            if (!byteCompare(cMPContext.getSenderNonce(), header.getRecipNonce())) {
                throw new CMPException(1, "nonce check failed");
            }
            cMPContext.setRecipientNonce(header.getSenderNonce());
        } catch (CMPException e) {
            throw e;
        } catch (Exception e2) {
            e2.printStackTrace();
            throw new CMPException(1, new StringBuffer("message verification failed[").append(e2.toString()).append("]").toString());
        }
    }

    private void checkPKIStatusInfo(PKIStatusInfo pKIStatusInfo) throws CMPException {
        if (pKIStatusInfo.getStatus() == 3) {
            throw new CMPException(1, "polling is not supported!");
        }
        if (pKIStatusInfo.getStatus() != 2) {
            if (pKIStatusInfo.getStatus() != 0) {
                throw new CMPException(1, new StringBuffer("this client doesn't support PKIStatus [").append(pKIStatusInfo.getStatus()).append("]").toString());
            }
            return;
        }
        int i = -1;
        if (pKIStatusInfo.hasFailInfo()) {
            int i2 = 0;
            while (true) {
                if (i2 >= 27) {
                    break;
                }
                if (pKIStatusInfo.isAReason(i2)) {
                    i = i2;
                    break;
                }
                i2++;
            }
        }
        throw new CMPException(1, new StringBuffer("server reject requeset message ").append(i == -1 ? "" : new StringBuffer("reason[").append(i).append("]").toString()).toString());
    }

    private Vector requestGENM(int i, Vector vector) throws CMPException {
        Exception exc;
        CMPContext cMPContext = new CMPContext(this.version);
        cMPContext.setURI(this.uri);
        switch (i) {
            case 1:
                String str = (String) vector.elementAt(0);
                byte[] bytes = ((String) vector.elementAt(1)).getBytes();
                byte[] bytes2 = ((String) vector.elementAt(2)).getBytes();
                GeneralName generalName = new GeneralName();
                generalName.set(1, "INI_NEW");
                cMPContext.setSender(generalName);
                cMPContext.setSenderKID(bytes);
                cMPContext.setAuthCode(bytes2);
                cMPContext.setCAAlias(str);
                break;
            case 2:
                setFromKeyStore(cMPContext, this.keyStore, (String) vector.elementAt(0), (String) vector.elementAt(1), null);
                cMPContext.setSenderKID(Integer.toString(((X509Certificate) cMPContext.getOldSignCertificate()).getSerialNumber().intValue()).getBytes());
                break;
            default:
                throw new CMPException(4, "not supported type");
        }
        cMPContext.setGENMType(i);
        try {
            PKIMessage process = CMPTransportFactory.getInstance().getCMPTransport(cMPContext).process(PKIMessageFormatter_SignKorea.format(cMPContext, 21));
            PKIMessageDump.dumpFile(process, "genp_signKorea.dump");
            checkMsg(cMPContext, process, 22);
            GeneralMessage generalMessage = (GeneralMessage) process.getContentBody();
            System.out.println(new StringBuffer("msgs.size(): ").append(generalMessage.size()).toString());
            switch (i) {
                case 1:
                case 2:
                    try {
                        String[] allTexts = process.getHeader().getFreeText().getAllTexts();
                        Vector vector2 = new Vector();
                        int i2 = 1;
                        int i3 = 0;
                        while (true) {
                            try {
                                try {
                                    if (i3 < allTexts.length) {
                                        if (allTexts[i3].indexOf(ENC_CERT_AVAIL) != -1) {
                                            i2 = 2;
                                        } else {
                                            i3++;
                                        }
                                    }
                                } catch (CMPException e) {
                                    throw e;
                                }
                            } catch (Exception e2) {
                                exc = e2;
                                exc.printStackTrace();
                                throw new CMPException(1, new StringBuffer("error on processing GENM[").append(exc.toString()).append("]").toString());
                            }
                        }
                        vector2.add(new Integer(i2));
                        X509CertImpl x509CertImpl = new X509CertImpl(generalMessage.getValueAt(0));
                        X509CertImpl x509CertImpl2 = new X509CertImpl(generalMessage.getValueAt(1));
                        System.out.println(new StringBuffer("SignCert: ").append(x509CertImpl).toString());
                        System.out.println(new StringBuffer("encCert: ").append(x509CertImpl2).toString());
                        if (x509CertImpl == null || x509CertImpl2 == null) {
                            throw new CMPException(1, "not all ca cert are received");
                        }
                        try {
                            this.keyStore.setCertificateEntry(cMPContext.getCAAlias(), x509CertImpl);
                            this.keyStore.setCertificateEntry(new StringBuffer(String.valueOf(cMPContext.getCAAlias())).append("_enc").toString(), x509CertImpl2);
                            return vector2;
                        } catch (Exception e3) {
                            e3.printStackTrace();
                            throw new CMPException(3, new StringBuffer("on saving ca certs[").append(e3.toString()).append("]").toString());
                        }
                    } catch (CMPException e4) {
                        throw e4;
                    } catch (Exception e5) {
                        exc = e5;
                    }
                default:
                    return null;
            }
        } catch (CMPException e6) {
            throw e6;
        } catch (Exception e7) {
            e7.printStackTrace();
            throw new CMPException(1, new StringBuffer("on processing IR[").append(e7.toString()).append("]").toString());
        }
    }

    private void setFromKeyStore(CMPContext cMPContext, KeyStore keyStore, String str, String str2, String str3) throws CMPException {
        if (str3 != null) {
            try {
                if (this.keyStore.isCertificateEntry(str3)) {
                    if (this.keyStore.isKeyEntry(str3)) {
                        throw new CMPException(3, "this is key entry");
                    }
                    X509CertImpl x509CertImpl = (X509CertImpl) this.keyStore.getCertificate(str3);
                    cMPContext.setIssuerSignCert(x509CertImpl);
                    cMPContext.setRecipientDN(x509CertImpl.getSubjectDN().toString());
                    cMPContext.setRecipientKID(new SubjectKeyIdentifier(x509CertImpl.getExtensionValue(SubjectKeyIdentifier.OID)).getKID());
                    Certificate certificate = this.keyStore.getCertificate(new StringBuffer(String.valueOf(str3)).append(ENC_CERT_SURFIX).toString());
                    if (certificate == null) {
                        throw new CMPException(3, "no encryption CA cert!");
                    }
                    cMPContext.setIssuerEncCert(certificate);
                    cMPContext.setCAAlias(str3);
                    return;
                }
            } catch (CMPException e) {
                throw e;
            } catch (Exception e2) {
                e2.printStackTrace();
                throw new CMPException(3, new StringBuffer("fail to retrive key pair from keystore[").append(e2.toString()).append("]").toString());
            }
        }
        if (!this.keyStore.isKeyEntry(str) || str2 == null) {
            throw new CMPException(3, "no such key or cerfiticate entry");
        }
        X509CertImpl x509CertImpl2 = (X509CertImpl) this.keyStore.getCertificate(str);
        cMPContext.setUserAlias(str);
        cMPContext.setOldSignCertificate(x509CertImpl2);
        PublicKey publicKey = x509CertImpl2.getPublicKey();
        PrivateKey privateKey = (PrivateKey) this.keyStore.getKey(str, str2.toCharArray());
        String name = x509CertImpl2.getSubjectDN().getName();
        cMPContext.setSenderKID(new SubjectKeyIdentifier(x509CertImpl2.getExtensionValue(SubjectKeyIdentifier.OID)).getKID());
        cMPContext.setSender(new GeneralName(new StringBuffer("DN:").append(name).toString()));
        cMPContext.setOldSignPubKey(publicKey);
        cMPContext.setOldSignPrivKey(privateKey);
        X509CertImpl x509CertImpl3 = null;
        Enumeration<String> aliases = this.keyStore.aliases();
        while (true) {
            if (!aliases.hasMoreElements()) {
                break;
            }
            String nextElement = aliases.nextElement();
            if (this.keyStore.isCertificateEntry(nextElement)) {
                x509CertImpl3 = (X509CertImpl) this.keyStore.getCertificate(nextElement);
                if (x509CertImpl3.getSubjectDN().equals(x509CertImpl2.getIssuerDN())) {
                    cMPContext.setIssuerSignCert(x509CertImpl3);
                    cMPContext.setRecipientDN(x509CertImpl3.getSubjectDN().toString());
                    cMPContext.setRecipientKID(new SubjectKeyIdentifier(x509CertImpl3.getExtensionValue(SubjectKeyIdentifier.OID)).getKID());
                    Certificate certificate2 = this.keyStore.getCertificate(new StringBuffer(String.valueOf(nextElement)).append(ENC_CERT_SURFIX).toString());
                    if (certificate2 == null) {
                        throw new CMPException(3, "sign cert exist, but no encryption CA cert!");
                    }
                    cMPContext.setIssuerEncCert(certificate2);
                    cMPContext.setCAAlias(nextElement);
                }
            }
        }
        if (x509CertImpl3 == null) {
            throw new CMPException(3, "no issuer certs  exist");
        }
        if (!this.keyStore.isKeyEntry(new StringBuffer(String.valueOf(str)).append(ENC_CERT_SURFIX).toString())) {
            if (cMPContext.getRequestCertNum() == 2) {
                System.err.println("Waring! request certificate number is 2, but only one available!!");
                cMPContext.setRequestCertNum(1);
                return;
            }
            return;
        }
        cMPContext.setOldEncCertificate((X509Certificate) this.keyStore.getCertificate(new StringBuffer(String.valueOf(str)).append(ENC_CERT_SURFIX).toString()));
        PublicKey publicKey2 = x509CertImpl2.getPublicKey();
        PrivateKey privateKey2 = (PrivateKey) this.keyStore.getKey(new StringBuffer(String.valueOf(str)).append(ENC_CERT_SURFIX).toString(), str2.toCharArray());
        cMPContext.setOldEncPubKey(publicKey2);
        cMPContext.setOldEncPrivKey(privateKey2);
    }

    private void throwError(ErrorMsgContent errorMsgContent) throws CMPException {
        String[] errorDetail = errorMsgContent.getErrorDetail();
        StringBuffer stringBuffer = new StringBuffer();
        if (errorDetail != null) {
            for (int i = 0; i < errorDetail.length; i++) {
                stringBuffer.append(errorDetail[i]);
                if (i != errorDetail.length - 1) {
                    stringBuffer.append(",");
                }
            }
        }
        throw new CMPException(1, new StringBuffer("get error msg from server errorCode[").append(errorMsgContent.getErrorCode()).append("] errordetailes[").append(errorDetail).append("]").toString());
    }

    public int requestGetCACert(String str, String str2, String str3) throws CMPException {
        Vector vector = new Vector();
        vector.add(str);
        vector.add(str2);
        vector.add(str3);
        return ((Integer) requestGENM(1, vector).elementAt(0)).intValue();
    }

    public void requestIR(String str, String str2, String str3, String str4, String str5, String str6, int i) throws CMPException {
        CMPContext cMPContext = new CMPContext(this.version);
        setFromKeyStore(cMPContext, this.keyStore, str, str2, str4);
        cMPContext.setSenderKID(str5.getBytes());
        cMPContext.setAuthCode(str6.getBytes());
        cMPContext.setURI(this.uri);
        cMPContext.setRequestCertNum(i);
        cMPContext.setIdn(str3);
        try {
            PKIMessage format = PKIMessageFormatter_SignKorea.format(cMPContext, 0);
            CMPTransport cMPTransport = CMPTransportFactory.getInstance().getCMPTransport(cMPContext);
            PKIMessage process = cMPTransport.process(format);
            PKIMessageDump.dumpFile(process, "ip_signKorea.dump");
            checkMsg(cMPContext, process, 1);
            CertRepMessage certRepMessage = (CertRepMessage) process.getContentBody();
            if (certRepMessage.nOfResponses() != cMPContext.getRequestCertNum()) {
                throw new CMPException(1, new StringBuffer("expected number of response is only one, but this time[").append(certRepMessage.nOfResponses()).append("]").toString());
            }
            CertResponse responseAt = certRepMessage.responseAt(0);
            checkPKIStatusInfo(responseAt.getStatusInfo());
            cMPContext.setSignCertificate(responseAt.getIssuedCert());
            if (cMPContext.getRequestCertNum() == 2) {
                CertResponse responseAt2 = certRepMessage.responseAt(1);
                checkPKIStatusInfo(responseAt2.getStatusInfo());
                EncryptedValue encryptedCert = responseAt2.getCertifiedKeyPair().getEncryptedCert();
                DEREncoder dEREncoder = new DEREncoder();
                dEREncoder.encodeOctetString("0123456789012345".getBytes());
                encryptedCert.setSymmAlg(new AlgorithmID(PKCS7Facade.SYMMETRIC_KEY_ALGORITHM, dEREncoder.toByteArray()));
                cMPContext.setEncCertificate(new X509CertImpl(encryptedCert.getData(cMPContext.getEncPrivKey())));
            }
            cMPTransport.process(PKIMessageFormatter_SignKorea.format(cMPContext, 19));
            cMPTransport.close();
            try {
                this.keyStore.setKeyEntry(str, cMPContext.getSignPrivKey(), str2.toCharArray(), new Certificate[]{cMPContext.getSignCertificate()});
                if (cMPContext.getRequestCertNum() == 2) {
                    this.keyStore.setKeyEntry(new StringBuffer(String.valueOf(str)).append(ENC_CERT_SURFIX).toString(), cMPContext.getEncPrivKey(), str2.toCharArray(), new Certificate[]{cMPContext.getEncCertificate()});
                }
            } catch (Exception e) {
                e.printStackTrace();
                throw new CMPException(3, new StringBuffer("on saving private key and cert into keystore[").append(e.toString()).append("]").toString());
            }
        } catch (CMPException e2) {
            throw e2;
        } catch (Exception e3) {
            e3.printStackTrace();
            throw new CMPException(1, new StringBuffer("on processing IR[").append(e3.toString()).append("]").toString());
        }
    }

    public void requestKUR(String str, String str2, String str3, int i) throws CMPException {
        CMPContext cMPContext = new CMPContext(this.version);
        cMPContext.setURI(this.uri);
        cMPContext.setRequestCertNum(i);
        cMPContext.setIdn(str3);
        setFromKeyStore(cMPContext, this.keyStore, str, str2, null);
        try {
            PKIMessage format = PKIMessageFormatter_SignKorea.format(cMPContext, 7);
            CMPTransport cMPTransport = CMPTransportFactory.getInstance().getCMPTransport(cMPContext);
            PKIMessage process = cMPTransport.process(format);
            PKIMessageDump.dumpFile(process, "kup_signKorea.dump");
            checkMsg(cMPContext, process, 8);
            CertRepMessage certRepMessage = (CertRepMessage) process.getContentBody();
            if (certRepMessage.nOfResponses() != cMPContext.getRequestCertNum()) {
                throw new CMPException(1, new StringBuffer("expected number of response is ").append(cMPContext.getRequestCertNum()).append(", but this time[").append(certRepMessage.nOfResponses()).append("]").toString());
            }
            CertResponse responseAt = certRepMessage.responseAt(0);
            checkPKIStatusInfo(responseAt.getStatusInfo());
            cMPContext.setSignCertificate(responseAt.getIssuedCert());
            if (cMPContext.getRequestCertNum() == 2) {
                CertResponse responseAt2 = certRepMessage.responseAt(1);
                checkPKIStatusInfo(responseAt2.getStatusInfo());
                EncryptedValue encryptedCert = responseAt2.getCertifiedKeyPair().getEncryptedCert();
                DEREncoder dEREncoder = new DEREncoder();
                dEREncoder.encodeOctetString("0123456789012345".getBytes());
                encryptedCert.setSymmAlg(new AlgorithmID(PKCS7Facade.SYMMETRIC_KEY_ALGORITHM, dEREncoder.toByteArray()));
                cMPContext.setEncCertificate(new X509CertImpl(encryptedCert.getData(cMPContext.getEncPrivKey())));
            }
            cMPTransport.process(PKIMessageFormatter_SignKorea.format(cMPContext, 19));
            cMPTransport.close();
            try {
                this.keyStore.setKeyEntry(str, cMPContext.getSignPrivKey(), str2.toCharArray(), new Certificate[]{cMPContext.getSignCertificate()});
                if (cMPContext.getRequestCertNum() == 2) {
                    this.keyStore.setKeyEntry(new StringBuffer(String.valueOf(str)).append(ENC_CERT_SURFIX).toString(), cMPContext.getEncPrivKey(), str2.toCharArray(), new Certificate[]{cMPContext.getEncCertificate()});
                }
            } catch (Exception e) {
                e.printStackTrace();
                throw new CMPException(3, new StringBuffer("on saving private key and cert into keystore[").append(e.toString()).append("]").toString());
            }
        } catch (CMPException e2) {
            throw e2;
        } catch (Exception e3) {
            e3.printStackTrace();
            throw new CMPException(1, new StringBuffer("on processing KUR[").append(e3.toString()).append("]").toString());
        }
    }

    public int requestPreKUR(String str, String str2) throws CMPException {
        Vector vector = new Vector();
        vector.add(str);
        vector.add(str2);
        return ((Integer) requestGENM(2, vector).elementAt(0)).intValue();
    }
}
