package org.spongycastle.jce;

import defpackage.atj;
import defpackage.aue;
import defpackage.aui;
import defpackage.aum;
import defpackage.aun;
import defpackage.auz;
import defpackage.avg;
import defpackage.avp;
import defpackage.awh;
import defpackage.axo;
import defpackage.aya;
import defpackage.ays;
import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PSSParameterSpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.spongycastle.asn1.aq;
import org.spongycastle.asn1.ay;
import org.spongycastle.asn1.f;
import org.spongycastle.asn1.j;
import org.spongycastle.asn1.k;
import org.spongycastle.asn1.n;
import org.spongycastle.asn1.r;
import org.spongycastle.asn1.s;
import org.spongycastle.asn1.u;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.util.m;

/* loaded from: classes2.dex */
public class PKCS10CertificationRequest extends aum {
    private static Hashtable algorithms = new Hashtable();
    private static Hashtable params = new Hashtable();
    private static Hashtable keyAlgorithms = new Hashtable();
    private static Hashtable oids = new Hashtable();
    private static Set noParams = new HashSet();

    static {
        algorithms.put("MD2WITHRSAENCRYPTION", new n("1.2.840.113549.1.1.2"));
        algorithms.put("MD2WITHRSA", new n("1.2.840.113549.1.1.2"));
        algorithms.put("MD5WITHRSAENCRYPTION", new n("1.2.840.113549.1.1.4"));
        algorithms.put("MD5WITHRSA", new n("1.2.840.113549.1.1.4"));
        algorithms.put("RSAWITHMD5", new n("1.2.840.113549.1.1.4"));
        algorithms.put("SHA1WITHRSAENCRYPTION", new n("1.2.840.113549.1.1.5"));
        algorithms.put("SHA1WITHRSA", new n("1.2.840.113549.1.1.5"));
        algorithms.put("SHA224WITHRSAENCRYPTION", auz.ejU);
        algorithms.put("SHA224WITHRSA", auz.ejU);
        algorithms.put("SHA256WITHRSAENCRYPTION", auz.ejR);
        algorithms.put("SHA256WITHRSA", auz.ejR);
        algorithms.put("SHA384WITHRSAENCRYPTION", auz.ejS);
        algorithms.put("SHA384WITHRSA", auz.ejS);
        algorithms.put("SHA512WITHRSAENCRYPTION", auz.ejT);
        algorithms.put("SHA512WITHRSA", auz.ejT);
        algorithms.put("SHA1WITHRSAANDMGF1", auz.ejQ);
        algorithms.put("SHA224WITHRSAANDMGF1", auz.ejQ);
        algorithms.put("SHA256WITHRSAANDMGF1", auz.ejQ);
        algorithms.put("SHA384WITHRSAANDMGF1", auz.ejQ);
        algorithms.put("SHA512WITHRSAANDMGF1", auz.ejQ);
        algorithms.put("RSAWITHSHA1", new n("1.2.840.113549.1.1.5"));
        algorithms.put("RIPEMD128WITHRSAENCRYPTION", avp.eoG);
        algorithms.put("RIPEMD128WITHRSA", avp.eoG);
        algorithms.put("RIPEMD160WITHRSAENCRYPTION", avp.eoF);
        algorithms.put("RIPEMD160WITHRSA", avp.eoF);
        algorithms.put("RIPEMD256WITHRSAENCRYPTION", avp.eoH);
        algorithms.put("RIPEMD256WITHRSA", avp.eoH);
        algorithms.put("SHA1WITHDSA", new n("1.2.840.10040.4.3"));
        algorithms.put("DSAWITHSHA1", new n("1.2.840.10040.4.3"));
        algorithms.put("SHA224WITHDSA", aue.ehO);
        algorithms.put("SHA256WITHDSA", aue.ehP);
        algorithms.put("SHA384WITHDSA", aue.ehQ);
        algorithms.put("SHA512WITHDSA", aue.ehR);
        algorithms.put("SHA1WITHECDSA", ays.evg);
        algorithms.put("SHA224WITHECDSA", ays.evk);
        algorithms.put("SHA256WITHECDSA", ays.evl);
        algorithms.put("SHA384WITHECDSA", ays.evm);
        algorithms.put("SHA512WITHECDSA", ays.evn);
        algorithms.put("ECDSAWITHSHA1", ays.evg);
        algorithms.put("GOST3411WITHGOST3410", atj.ecB);
        algorithms.put("GOST3410WITHGOST3411", atj.ecB);
        algorithms.put("GOST3411WITHECGOST3410", atj.ecC);
        algorithms.put("GOST3411WITHECGOST3410-2001", atj.ecC);
        algorithms.put("GOST3411WITHGOST3410-2001", atj.ecC);
        oids.put(new n("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
        oids.put(auz.ejU, "SHA224WITHRSA");
        oids.put(auz.ejR, "SHA256WITHRSA");
        oids.put(auz.ejS, "SHA384WITHRSA");
        oids.put(auz.ejT, "SHA512WITHRSA");
        oids.put(atj.ecB, "GOST3411WITHGOST3410");
        oids.put(atj.ecC, "GOST3411WITHECGOST3410");
        oids.put(new n("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        oids.put(new n("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        oids.put(new n("1.2.840.10040.4.3"), "SHA1WITHDSA");
        oids.put(ays.evg, "SHA1WITHECDSA");
        oids.put(ays.evk, "SHA224WITHECDSA");
        oids.put(ays.evl, "SHA256WITHECDSA");
        oids.put(ays.evm, "SHA384WITHECDSA");
        oids.put(ays.evn, "SHA512WITHECDSA");
        oids.put(aui.eji, "SHA1WITHRSA");
        oids.put(aui.ejh, "SHA1WITHDSA");
        oids.put(aue.ehO, "SHA224WITHDSA");
        oids.put(aue.ehP, "SHA256WITHDSA");
        keyAlgorithms.put(auz.ejI, "RSA");
        keyAlgorithms.put(ays.evR, "DSA");
        noParams.add(ays.evg);
        noParams.add(ays.evk);
        noParams.add(ays.evl);
        noParams.add(ays.evm);
        noParams.add(ays.evn);
        noParams.add(ays.evS);
        noParams.add(aue.ehO);
        noParams.add(aue.ehP);
        noParams.add(atj.ecB);
        noParams.add(atj.ecC);
        params.put("SHA1WITHRSAANDMGF1", creatPSSParams(new awh(aui.ejg, ay.eaG), 20));
        params.put("SHA224WITHRSAANDMGF1", creatPSSParams(new awh(aue.eha, ay.eaG), 28));
        params.put("SHA256WITHRSAANDMGF1", creatPSSParams(new awh(aue.egX, ay.eaG), 32));
        params.put("SHA384WITHRSAANDMGF1", creatPSSParams(new awh(aue.egY, ay.eaG), 48));
        params.put("SHA512WITHRSAANDMGF1", creatPSSParams(new awh(aue.egZ, ay.eaG), 64));
    }

    public PKCS10CertificationRequest(String str, aya ayaVar, PublicKey publicKey, u uVar, PrivateKey privateKey) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        this(str, ayaVar, publicKey, uVar, privateKey, BouncyCastleProvider.PROVIDER_NAME);
    }

    public PKCS10CertificationRequest(String str, aya ayaVar, PublicKey publicKey, u uVar, PrivateKey privateKey, String str2) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        String upperCase = m.toUpperCase(str);
        n nVar = (n) algorithms.get(upperCase);
        if (nVar == null) {
            try {
                nVar = new n(upperCase);
            } catch (Exception unused) {
                throw new IllegalArgumentException("Unknown signature type requested");
            }
        }
        if (ayaVar == null) {
            throw new IllegalArgumentException("subject must not be null");
        }
        if (publicKey == null) {
            throw new IllegalArgumentException("public key must not be null");
        }
        if (noParams.contains(nVar)) {
            this.sigAlgId = new awh(nVar);
        } else if (params.containsKey(upperCase)) {
            this.sigAlgId = new awh(nVar, (f) params.get(upperCase));
        } else {
            this.sigAlgId = new awh(nVar, ay.eaG);
        }
        try {
            this.reqInfo = new aun(ayaVar, axo.eN((s) r.at(publicKey.getEncoded())), uVar);
            Signature signature = str2 == null ? Signature.getInstance(str) : Signature.getInstance(str, str2);
            signature.initSign(privateKey);
            try {
                signature.update(this.reqInfo.getEncoded("DER"));
                this.sigBits = new aq(signature.sign());
            } catch (Exception e) {
                throw new IllegalArgumentException("exception encoding TBS cert request - " + e);
            }
        } catch (IOException unused2) {
            throw new IllegalArgumentException("can't encode public key");
        }
    }

    public PKCS10CertificationRequest(String str, X500Principal x500Principal, PublicKey publicKey, u uVar, PrivateKey privateKey) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        this(str, convertName(x500Principal), publicKey, uVar, privateKey, BouncyCastleProvider.PROVIDER_NAME);
    }

    public PKCS10CertificationRequest(String str, X500Principal x500Principal, PublicKey publicKey, u uVar, PrivateKey privateKey, String str2) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        this(str, convertName(x500Principal), publicKey, uVar, privateKey, str2);
    }

    public PKCS10CertificationRequest(s sVar) {
        super(sVar);
    }

    public PKCS10CertificationRequest(byte[] bArr) {
        super(toDERSequence(bArr));
    }

    private static aya convertName(X500Principal x500Principal) {
        try {
            return new X509Principal(x500Principal.getEncoded());
        } catch (IOException unused) {
            throw new IllegalArgumentException("can't convert name");
        }
    }

    private static avg creatPSSParams(awh awhVar, int i) {
        return new avg(awhVar, new awh(auz.ejO, awhVar), new k(i), new k(1L));
    }

    private static String getDigestAlgName(n nVar) {
        return auz.eko.equals(nVar) ? "MD5" : aui.ejg.equals(nVar) ? "SHA1" : aue.eha.equals(nVar) ? "SHA224" : aue.egX.equals(nVar) ? "SHA256" : aue.egY.equals(nVar) ? "SHA384" : aue.egZ.equals(nVar) ? "SHA512" : avp.egd.equals(nVar) ? "RIPEMD128" : avp.egc.equals(nVar) ? "RIPEMD160" : avp.eoD.equals(nVar) ? "RIPEMD256" : atj.ecp.equals(nVar) ? "GOST3411" : nVar.getId();
    }

    static String getSignatureName(awh awhVar) {
        f aWP = awhVar.aWP();
        if (aWP == null || ay.eaG.equals(aWP) || !awhVar.getAlgorithm().equals(auz.ejQ)) {
            return awhVar.getAlgorithm().getId();
        }
        return getDigestAlgName(avg.dY(aWP).aXc().getAlgorithm()) + "withRSAandMGF1";
    }

    private void setSignatureParameters(Signature signature, f fVar) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        if (fVar == null || ay.eaG.equals(fVar)) {
            return;
        }
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(signature.getAlgorithm(), signature.getProvider());
        try {
            algorithmParameters.init(fVar.toASN1Primitive().getEncoded("DER"));
            if (signature.getAlgorithm().endsWith("MGF1")) {
                try {
                    signature.setParameter(algorithmParameters.getParameterSpec(PSSParameterSpec.class));
                } catch (GeneralSecurityException e) {
                    throw new SignatureException("Exception extracting parameters: " + e.getMessage());
                }
            }
        } catch (IOException e2) {
            throw new SignatureException("IOException decoding parameters: " + e2.getMessage());
        }
    }

    private static s toDERSequence(byte[] bArr) {
        try {
            return (s) new j(bArr).aVL();
        } catch (Exception unused) {
            throw new IllegalArgumentException("badly encoded request");
        }
    }

    @Override // org.spongycastle.asn1.m
    public byte[] getEncoded() {
        try {
            return getEncoded("DER");
        } catch (IOException e) {
            throw new RuntimeException(e.toString());
        }
    }

    public PublicKey getPublicKey() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException {
        return getPublicKey(BouncyCastleProvider.PROVIDER_NAME);
    }

    public PublicKey getPublicKey(String str) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException {
        axo aWK = this.reqInfo.aWK();
        try {
            X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(new aq(aWK).aVC());
            awh aYK = aWK.aYK();
            try {
                return str == null ? KeyFactory.getInstance(aYK.getAlgorithm().getId()).generatePublic(x509EncodedKeySpec) : KeyFactory.getInstance(aYK.getAlgorithm().getId(), str).generatePublic(x509EncodedKeySpec);
            } catch (NoSuchAlgorithmException e) {
                if (keyAlgorithms.get(aYK.getAlgorithm()) == null) {
                    throw e;
                }
                String str2 = (String) keyAlgorithms.get(aYK.getAlgorithm());
                return str == null ? KeyFactory.getInstance(str2).generatePublic(x509EncodedKeySpec) : KeyFactory.getInstance(str2, str).generatePublic(x509EncodedKeySpec);
            }
        } catch (IOException unused) {
            throw new InvalidKeyException("error decoding public key");
        } catch (InvalidKeySpecException unused2) {
            throw new InvalidKeyException("error decoding public key");
        }
    }

    public boolean verify() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        return verify(BouncyCastleProvider.PROVIDER_NAME);
    }

    public boolean verify(String str) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        return verify(getPublicKey(str), str);
    }

    public boolean verify(PublicKey publicKey, String str) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        Signature signature;
        try {
            signature = str == null ? Signature.getInstance(getSignatureName(this.sigAlgId)) : Signature.getInstance(getSignatureName(this.sigAlgId), str);
        } catch (NoSuchAlgorithmException e) {
            if (oids.get(this.sigAlgId.getAlgorithm()) == null) {
                throw e;
            }
            String str2 = (String) oids.get(this.sigAlgId.getAlgorithm());
            signature = str == null ? Signature.getInstance(str2) : Signature.getInstance(str2, str);
        }
        setSignatureParameters(signature, this.sigAlgId.aWP());
        signature.initVerify(publicKey);
        try {
            signature.update(this.reqInfo.getEncoded("DER"));
            return signature.verify(this.sigBits.aVC());
        } catch (Exception e2) {
            throw new SignatureException("exception encoding TBS cert request - " + e2);
        }
    }
}
