package net.netca.pki.encoding.asn1.pki;

import com.tencent.open.SocialOperation;
import java.io.UnsupportedEncodingException;
import net.netca.pki.PkiException;
import net.netca.pki.encoding.Base64;
import net.netca.pki.encoding.asn1.ASN1Data;
import net.netca.pki.encoding.asn1.ASN1Object;
import net.netca.pki.encoding.asn1.ASN1TypeManager;
import net.netca.pki.encoding.asn1.BitString;
import net.netca.pki.encoding.asn1.Integer;
import net.netca.pki.encoding.asn1.Sequence;
import net.netca.pki.encoding.asn1.SequenceOf;
import net.netca.pki.encoding.asn1.SequenceType;
import net.netca.pki.encoding.asn1.SetOf;

/* loaded from: classes3.dex */
public final class CertificationRequest {
    private static final SequenceType type = (SequenceType) ASN1TypeManager.getInstance().get("CertificationRequest");
    private byte[] encode;
    private ASN1Data req;

    public CertificationRequest(String str) throws PkiException {
        init(str);
    }

    public CertificationRequest(Sequence sequence) throws PkiException {
        if (!type.match(sequence)) {
            throw new PkiException("bad cert");
        }
        this.req = new ASN1Data("CertificationRequest", sequence);
        this.encode = sequence.encode();
    }

    public CertificationRequest(byte[] bArr) throws PkiException {
        init(bArr, 0, bArr.length);
    }

    public CertificationRequest(byte[] bArr, int i2, int i3) throws PkiException {
        init(bArr, i2, i3);
    }

    public static CertificationRequest decode(byte[] bArr) throws PkiException {
        return new CertificationRequest(bArr);
    }

    public static SequenceType getASN1Type() {
        return type;
    }

    private void init(String str) throws PkiException {
        byte[] pemDecode;
        if (str == null || str.length() == 0) {
            throw new PkiException("bad input param");
        }
        char charAt = str.charAt(0);
        if (charAt == 'M') {
            byte[] decode = Base64.decode(true, str);
            initDer(decode, 0, decode.length);
        } else {
            if (charAt != '-') {
                throw new PkiException("bad cert encode");
            }
            try {
                pemDecode = Base64.pemDecode("NEW CERTIFICATE REQUEST", str);
            } catch (PkiException unused) {
                pemDecode = Base64.pemDecode("CERTIFICATE REQUEST", str);
            }
            initDer(pemDecode, 0, pemDecode.length);
        }
    }

    private void init(byte[] bArr, int i2, int i3) throws PkiException {
        byte[] pemDecode;
        if (bArr == null || i2 < 0 || i3 <= 0) {
            throw new PkiException("bad input param");
        }
        if (i2 + i3 > bArr.length) {
            throw new PkiException("bad input param");
        }
        if (bArr[0] == 48) {
            initDer(bArr, i2, i3);
            return;
        }
        if (bArr[0] == 77) {
            try {
                byte[] decode = Base64.decode(true, new String(bArr, i2, i3, "UTF-8"));
                initDer(decode, 0, decode.length);
            } catch (UnsupportedEncodingException unused) {
                throw new PkiException("bad cert encode");
            }
        } else {
            if (bArr[0] != 45) {
                throw new PkiException("bad cert encode");
            }
            try {
                String str = new String(bArr, i2, i3, "UTF-8");
                try {
                    pemDecode = Base64.pemDecode("NEW CERTIFICATE REQUEST", str);
                } catch (PkiException unused2) {
                    pemDecode = Base64.pemDecode("CERTIFICATE REQUEST", str);
                }
                initDer(pemDecode, 0, pemDecode.length);
            } catch (UnsupportedEncodingException unused3) {
                throw new PkiException("bad cert encode");
            }
        }
    }

    private void initDer(byte[] bArr, int i2, int i3) throws PkiException {
        ASN1Object decode = ASN1Object.decode(bArr, i2, i3, type);
        if (decode == null) {
            throw new PkiException("bad cert der encode");
        }
        this.req = new ASN1Data("CertificationRequest", decode);
        byte[] bArr2 = new byte[i3];
        this.encode = bArr2;
        System.arraycopy(bArr, i2, bArr2, 0, i3);
    }

    public byte[] derEncode() {
        return this.encode;
    }

    public Sequence getASN1Object() {
        return (Sequence) this.req.getValue();
    }

    public Attributes getAttributes() throws PkiException {
        ASN1Object value = this.req.getValue("certificationRequestInfo.attributes.value");
        if (value == null) {
            return null;
        }
        return new Attributes((SetOf) value);
    }

    public Sequence getCertReqObject() {
        return (Sequence) this.req.getValue();
    }

    public byte[] getSignature() throws PkiException {
        ASN1Object value = this.req.getValue(SocialOperation.GAME_SIGNATURE);
        if (value == null) {
            throw new PkiException("get signature fail");
        }
        BitString bitString = (BitString) value;
        if (bitString.getUnusedBits() == 0) {
            return bitString.getValue();
        }
        throw new PkiException("signature's unusedBits is not zeor " + bitString.getUnusedBits());
    }

    public AlgorithmIdentifier getSignatureAlgorithmIdentifier() throws PkiException {
        ASN1Object value = this.req.getValue("signatureAlgorithm");
        if (value != null) {
            return new AlgorithmIdentifier((Sequence) value);
        }
        throw new PkiException("get signature algorithm fail");
    }

    public X500Name getSubject() throws PkiException {
        ASN1Object value = this.req.getValue("certificationRequestInfo.subject");
        if (value != null) {
            return new X500Name((SequenceOf) value);
        }
        throw new PkiException("get subject fail");
    }

    public SubjectPublicKeyInfo getSubjectPublicKeyInfo() throws PkiException {
        ASN1Object value = this.req.getValue("certificationRequestInfo.subjectPKInfo");
        if (value != null) {
            return new SubjectPublicKeyInfo((Sequence) value);
        }
        throw new PkiException("get subjectPublicKeyInfo fail");
    }

    public byte[] getTbs() throws PkiException {
        ASN1Object value = this.req.getValue("certificationRequestInfo");
        if (value != null) {
            return value.encode();
        }
        throw new PkiException("get certificationRequestInfo fail");
    }

    public int getVersion() throws PkiException {
        ASN1Object value = this.req.getValue("certificationRequestInfo.version");
        if (value != null) {
            return ((Integer) value).getIntegerValue();
        }
        throw new PkiException("get version fail");
    }

    public String pemEncode() {
        return Base64.pemEncode("NEW CERTIFICATE REQUEST", this.encode);
    }

    public boolean verify(Verifible verifible) throws PkiException {
        byte[] tbs = getTbs();
        return verifible.verify(getSubjectPublicKeyInfo().getPublicKey(), getSignatureAlgorithmIdentifier(), tbs, 0, tbs.length, getSignature());
    }
}
