package kz.gamma.hardware.jce;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.Map;
import kz.gamma.hardware.asn1.ASN1EncodableVector;
import kz.gamma.hardware.asn1.ASN1Set;
import kz.gamma.hardware.asn1.DERBitString;
import kz.gamma.hardware.asn1.DERInteger;
import kz.gamma.hardware.asn1.DERNull;
import kz.gamma.hardware.asn1.DERObjectIdentifier;
import kz.gamma.hardware.asn1.DEROctetString;
import kz.gamma.hardware.asn1.DERSequence;
import kz.gamma.hardware.asn1.cryptopro.KZObjectIndentifiers;
import kz.gamma.hardware.asn1.pkcs.CertificationRequest;
import kz.gamma.hardware.asn1.pkcs.CertificationRequestInfo;
import kz.gamma.hardware.asn1.x509.AlgorithmIdentifier;
import kz.gamma.hardware.asn1.x509.SubjectPublicKeyInfo;
import kz.gamma.hardware.asn1.x509.X509Name;
import kz.gamma.hardware.asn1.x509.X509ObjectIdentifiers;
import kz.gamma.hardware.crypto.GOST3411Digest;
import kz.gamma.hardware.jce.exception.JCEHardwareException;
import kz.gamma.hardware.util.UtilCM;

/* loaded from: input_file:kz/gamma/hardware/jce/Pkcs10RequestCreator.class */
public class Pkcs10RequestCreator {
    private X509Name subject;
    private JCEPrivateKey privateKey;
    private JCEPublicKey publicKey;
    private ASN1Set attributes;
    private CryptoObject cryptoObject;
    private String publicKeyOid;
    private String signatureOid;

    public Pkcs10RequestCreator(X509Name x509Name, JCEPrivateKey jCEPrivateKey, JCEPublicKey jCEPublicKey, ASN1Set aSN1Set, CryptoObject cryptoObject, String str, String str2) {
        this.subject = x509Name;
        this.privateKey = jCEPrivateKey;
        this.publicKey = jCEPublicKey;
        this.attributes = aSN1Set;
        this.cryptoObject = cryptoObject;
        this.publicKeyOid = str;
        this.signatureOid = str2;
    }

    public byte[] createPkcs10() throws NoSuchAlgorithmException {
        CertificationRequestInfo certificationRequestInfo = new CertificationRequestInfo(this.subject, generateSubjectPublicKeyInfo(), this.attributes);
        Map generateSignature = generateSignature(certificationRequestInfo.getDEREncoded(), false);
        return new CertificationRequest(certificationRequestInfo, (AlgorithmIdentifier) generateSignature.get("algorithmIdentifier"), (DERBitString) generateSignature.get("signature")).getDEREncoded();
    }

    private SubjectPublicKeyInfo generateSubjectPublicKeyInfo() {
        byte[] dEREncoded;
        byte[] bArr = {6, 2, 0, 0, 58, -86, 0, 0, 0, 69, 67, 49, 0, 2, 0, 0};
        byte[] bArr2 = {6, 2, 0, 0, 69, -96, 0, 0, 0, 69, 67, 49, 0, 2, 0, 0};
        DERSequence dERSequence = null;
        byte[] bArr3 = this.publicKey.getpKey();
        if (this.publicKeyOid.equals(KZObjectIndentifiers.GOST_34_310_KEY.getId())) {
            bArr = null;
            bArr2 = null;
            DERObjectIdentifier dERObjectIdentifier = new DERObjectIdentifier("1.2.398.3.10.1.1.1.1.1");
            DERObjectIdentifier dERObjectIdentifier2 = new DERObjectIdentifier("1.2.398.3.10.1.3.1.1.0");
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(dERObjectIdentifier);
            aSN1EncodableVector.add(dERObjectIdentifier2);
            dERSequence = new DERSequence(aSN1EncodableVector);
        }
        switch (this.privateKey.getAlgId()) {
            case 1:
                dEREncoded = UtilCM.concat(bArr, UtilCM.reverseParts(bArr3, 0));
                break;
            case 2:
                dEREncoded = UtilCM.concat(bArr2, UtilCM.reverseParts(bArr3, 0));
                break;
            case 3:
            case 4:
            case 5:
            case 6:
            case 7:
            case 8:
                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                aSN1EncodableVector2.add(new DERInteger(bArr3));
                aSN1EncodableVector2.add(new DERInteger(new byte[]{1, 0, 1}));
                dEREncoded = new DERSequence(aSN1EncodableVector2).getDEREncoded();
                break;
            default:
                throw new JCEHardwareException(String.format("Unknown algorithm: %d", Byte.valueOf(this.privateKey.getAlgId())));
        }
        return new SubjectPublicKeyInfo(new AlgorithmIdentifier(new DERObjectIdentifier(this.publicKeyOid), dERSequence), dEREncoded);
    }

    private Map generateSignature(byte[] bArr, boolean z) throws NoSuchAlgorithmException {
        byte[] dEREncoded;
        switch (this.privateKey.getAlgId()) {
            case 1:
            case 2:
                byte[] bArr2 = new byte[32];
                GOST3411Digest gOST3411Digest = new GOST3411Digest();
                gOST3411Digest.update(bArr, 0, bArr.length);
                gOST3411Digest.doFinal(bArr2, 0);
                dEREncoded = UtilCM.inverseCopyByte(bArr2, 0, bArr2.length);
                break;
            case 3:
            case 4:
            case 5:
            case 6:
            case 7:
            case 8:
                MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
                messageDigest.reset();
                byte[] digest = messageDigest.digest(bArr);
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                aSN1EncodableVector.add(new AlgorithmIdentifier(X509ObjectIdentifiers.id_SHA1, new DERNull()));
                aSN1EncodableVector.add(new DEROctetString(digest));
                dEREncoded = new DERSequence(aSN1EncodableVector).getDEREncoded();
                break;
            default:
                throw new JCEHardwareException(String.format("Unknown algorithm: %d", Byte.valueOf(this.privateKey.getAlgId())));
        }
        byte[] signature = this.cryptoObject.signature(this.privateKey, dEREncoded);
        switch (this.privateKey.getAlgId()) {
            case 1:
            case 2:
                signature = UtilCM.reverseParts(signature, 0);
                break;
            case 3:
            case 4:
            case 5:
            case 6:
            case 7:
            case 8:
                if (z) {
                    signature = UtilCM.inverseByte(signature);
                    break;
                }
                break;
            default:
                throw new JCEHardwareException(String.format("Unknown algorithm: %d", Byte.valueOf(this.privateKey.getAlgId())));
        }
        HashMap hashMap = new HashMap();
        hashMap.put("algorithmIdentifier", new AlgorithmIdentifier(new DERObjectIdentifier(this.signatureOid), new DERNull()));
        hashMap.put("signature", new DERBitString(signature));
        return hashMap;
    }
}
