package com.initech.pkix.cmp.client;

import com.dreamsecurity.jcaos.oid.OIDAlgorithm;
import com.google.devtools.build.android.desugar.runtime.ThrowableExtension;
import com.initech.asn1.ASN1OID;
import com.initech.asn1.DEREncoder;
import com.initech.asn1.useful.AlgorithmID;
import com.initech.asn1.useful.EVID;
import com.initech.asn1.useful.GeneralName;
import com.initech.cryptox.spec.PBEKeySpec;
import com.initech.cryptox.spec.PBEParameterSpec;
import com.initech.pkcs.pkcs7.PKCS7Facade;
import com.initech.pkcs.pkcs8.EncryptedPrivateKeyInfo;
import com.initech.pkcs.pkcs8.PrivateKeyInfo;
import com.initech.pki.pkcs12.InitechPKCS12Provider;
import com.initech.pkix.cmp.CertRepMessage;
import com.initech.pkix.cmp.CertResponse;
import com.initech.pkix.cmp.ErrorMsgContent;
import com.initech.pkix.cmp.GeneralMessage;
import com.initech.pkix.cmp.PKIHeader;
import com.initech.pkix.cmp.PKIMessage;
import com.initech.pkix.cmp.PKIStatusInfo;
import com.initech.pkix.cmp.client.transport.CMPTransport;
import com.initech.pkix.cmp.client.transport.CMPTransportFactory;
import com.initech.pkix.cmp.client.util.PKIMessageDump;
import com.initech.pkix.cmp.client.util.URI;
import com.initech.pkix.cmp.crmf.EncryptedValue;
import com.initech.pkix.cmp.util.x509CertificateInfo;
import com.initech.provider.crypto.InitechProvider;
import com.initech.provider.pkix.InitechPKIXProvider;
import com.initech.x509.X509CertImpl;
import com.initech.x509.extensions.SubjectKeyIdentifier;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import javax.crypto.BadPaddingException;

/* loaded from: classes2.dex */
public class PKICMP_YesSign implements PKICMPInterface {
    public static final int CMP1999 = 1;
    public static final int CMP2000 = 2;
    protected static String ENC_CERT_AVAIL = null;
    protected static String ENC_CERT_SURFIX = "_enc";
    public static final int GET_YESSIGN_CA_CERT = 1;
    public static final int REQUEST_KUR = 2;
    private String a;
    private boolean b;
    private CMPTransport c;
    protected Hashtable freeText;
    protected KeyStore keyStore;
    protected int key_size;
    protected String signAlgorithm;
    protected URI uri;
    protected int version;

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    static {
        Security.addProvider(new InitechProvider());
        Security.addProvider(new InitechPKCS12Provider());
        Security.addProvider(new InitechPKIXProvider());
        ENC_CERT_AVAIL = "km_key_gen=users";
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public PKICMP_YesSign(int i2, URI uri) throws CMPException, KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, IOException {
        this.a = "YESSIGN";
        this.freeText = new Hashtable();
        this.key_size = -1;
        this.signAlgorithm = "";
        this.b = true;
        this.c = null;
        this.keyStore = KeyStore.getInstance("PKCS12", InitechPKCS12Provider.NAME);
        this.keyStore.load(null, null);
        if (i2 != 1) {
            throw new CMPException(4, (short) 4000, (short) 100, (short) 100, "version not supported");
        }
        this.version = i2;
        this.uri = uri;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public PKICMP_YesSign(int i2, KeyStore keyStore, URI uri) throws CMPException {
        this.a = "YESSIGN";
        this.freeText = new Hashtable();
        this.key_size = -1;
        this.signAlgorithm = "";
        this.b = true;
        this.c = null;
        this.keyStore = keyStore;
        if (i2 != 1) {
            throw new CMPException(4, (short) 4000, (short) 100, (short) 100, "version not supported");
        }
        this.version = i2;
        this.uri = uri;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public PKICMP_YesSign(URI uri) throws CMPException, KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, IOException {
        this(1, uri);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public PKICMP_YesSign(KeyStore keyStore, URI uri) throws CMPException {
        this(1, keyStore, uri);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private static PrivateKey a(String str, char[] cArr) throws CMPException, Exception {
        if (!new File(str).exists()) {
            throw new FileNotFoundException(str);
        }
        DataInputStream dataInputStream = new DataInputStream(new FileInputStream(str));
        int available = dataInputStream.available();
        if (available > Integer.MAX_VALUE || available < Integer.MIN_VALUE) {
            throw new Exception();
        }
        byte[] bArr = new byte[available];
        dataInputStream.readFully(bArr);
        try {
            try {
                PrivateKey decrypt = new EncryptedPrivateKeyInfo(bArr).decrypt(new PBEKeySpec(cArr));
                try {
                    dataInputStream.close();
                } catch (Exception e) {
                }
                return decrypt;
            } catch (BadPaddingException e2) {
                throw new CMPException(1, (short) 1012, (short) 100, (short) 112, "password is not matched");
            }
        } finally {
            try {
                dataInputStream.close();
            } catch (Exception e3) {
            }
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    protected static boolean byteCompare(byte[] bArr, byte[] bArr2) {
        if (bArr.length != bArr2.length) {
            return false;
        }
        for (int i2 = 0; i2 < bArr.length; i2++) {
            if (bArr[i2] != bArr2[i2]) {
                return false;
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void checkMsg(CMPContext cMPContext, PKIMessage pKIMessage, int i2) throws CMPException {
        PKIHeader header = pKIMessage.getHeader();
        if (pKIMessage.getContentType() != i2) {
            if (pKIMessage.getContentType() != 23) {
                throw new CMPException(6, (short) 2001, (short) 100, (short) 105, "unexpected message body is received. we wanted [" + i2 + "] but received [" + pKIMessage.getContentType() + "]");
            }
            ErrorMsgContent errorMsgContent = (ErrorMsgContent) pKIMessage.getContentBody();
            String[] errorDetail = errorMsgContent.getErrorDetail();
            StringBuffer stringBuffer = new StringBuffer();
            if (errorDetail != null) {
                for (int i3 = 0; i3 < errorDetail.length; i3++) {
                    stringBuffer.append(errorDetail[i3]);
                    if (i3 != errorDetail.length - 1) {
                        stringBuffer.append(",");
                    }
                }
            }
            throw new CMPException(6, (short) 2003, (short) 100, (short) 106, "CA ErrorCode[" + errorMsgContent.getErrorCode() + "]\n" + stringBuffer.toString());
        }
        if (header.getProtectionAlg() == null) {
            return;
        }
        Object authCode = header.getProtectionAlg().getAlg().equals(OIDAlgorithm.id_PasswordBasedMac) ? cMPContext.getAuthCode() : cMPContext.getIssuerSignCert().getPublicKey();
        try {
            CertRepMessage certRepMessage = (CertRepMessage) pKIMessage.getContentBody();
            if (certRepMessage.responseAt(0).getStatus() == 2) {
                String[] allTexts = certRepMessage.responseAt(0).getStatusInfo().getStatusString().getAllTexts();
                StringBuffer stringBuffer2 = new StringBuffer();
                for (String str : allTexts) {
                    stringBuffer2.append(str);
                }
                throw new CMPException(6, (short) 2003, (short) 100, (short) 105, "[" + stringBuffer2.toString() + "]");
            }
            if (!pKIMessage.verify(authCode)) {
                throw new CMPException(6, (short) 1003, (short) 100, (short) 105, "message verification failed");
            }
            if (!byteCompare(cMPContext.getSenderNonce(), header.getRecipNonce())) {
                throw new CMPException(6, (short) 1004, (short) 100, (short) 105, "nonce check failed");
            }
            cMPContext.setRecipientNonce(header.getSenderNonce());
        } catch (CMPException e) {
            throw e;
        } catch (Exception e2) {
            ThrowableExtension.printStackTrace(e2);
            throw new CMPException(6, (short) 1011, (short) 100, (short) 105, "message verification failed[" + e2.toString() + "]");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void checkPKIStatusInfo(PKIStatusInfo pKIStatusInfo) throws CMPException {
        int i2;
        if (pKIStatusInfo.getStatus() == 3) {
            throw new CMPException(1, (short) 1008, (short) 100, CMPException.METHOD_checkPKIStatusInfo, "polling is not supported!");
        }
        if (pKIStatusInfo.getStatus() != 2) {
            if (pKIStatusInfo.getStatus() != 0) {
                throw new CMPException(1, (short) 1008, (short) 100, CMPException.METHOD_checkPKIStatusInfo, "this client doesn't support PKIStatus [" + pKIStatusInfo.getStatus() + "]");
            }
            return;
        }
        if (pKIStatusInfo.hasFailInfo()) {
            for (int i3 = 0; i3 < 27; i3++) {
                if (pKIStatusInfo.isAReason(i3)) {
                    i2 = i3;
                    break;
                }
            }
        }
        i2 = -1;
        throw new CMPException(1, (short) 1008, (short) 100, CMPException.METHOD_checkPKIStatusInfo, "server reject requeset message " + (i2 == -1 ? "" : "reason[" + i2 + "]"));
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    protected void closeTransport() {
        if (this.c != null) {
            try {
                this.c.close();
            } catch (Exception e) {
                ThrowableExtension.printStackTrace(e);
            }
        }
        this.c = null;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    protected void finalize() throws Throwable {
        super.finalize();
        closeTransport();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.initech.pkix.cmp.client.PKICMPInterface
    public Certificate getEncCACert() {
        if (this.keyStore == null) {
            return null;
        }
        try {
            return this.keyStore.getCertificate(this.a + ENC_CERT_SURFIX);
        } catch (Exception e) {
            ThrowableExtension.printStackTrace(e);
            return null;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public byte[] getEncUserPrivateKey(String str, String str2, String str3) throws Exception {
        return getEncUserPrivateKey(str, str2, str3.toCharArray());
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public byte[] getEncUserPrivateKey(String str, String str2, char[] cArr) throws Exception {
        PrivateKeyInfo privateKeyInfo = new PrivateKeyInfo((PrivateKey) this.keyStore.getKey(str, str2.toCharArray()));
        PBEKeySpec pBEKeySpec = new PBEKeySpec(cArr);
        AlgorithmID algorithmID = new AlgorithmID(OIDAlgorithm.seedCBCWithSHA1);
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("PBE");
        byte[] bArr = new byte[8];
        SecureRandom.getInstance("FIPS186-2Appendix3", "Initech").nextBytes(bArr);
        algorithmParameters.init(new PBEParameterSpec(bArr, 2048));
        algorithmID.setParameter(algorithmParameters.getEncoded());
        byte[] encoded = new EncryptedPrivateKeyInfo(privateKeyInfo, pBEKeySpec, algorithmID).getEncoded();
        pBEKeySpec.clearPassword();
        return encoded;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public Hashtable getFreeText() {
        return this.freeText;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public int getKeysize() {
        return this.key_size;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public String getSignAlgorithm() {
        return this.signAlgorithm;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public CMPTransport getTransport(CMPContext cMPContext) throws CMPException {
        if (!this.b) {
            if (this.c != null) {
                try {
                    this.c.close();
                } catch (Exception e) {
                }
            }
            this.c = CMPTransportFactory.getInstance().getCMPTransport(cMPContext);
        } else if (this.c == null) {
            this.c = CMPTransportFactory.getInstance().getCMPTransport(cMPContext);
        } else {
            this.c.updateCtx(cMPContext);
        }
        return this.c;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.initech.pkix.cmp.client.PKICMPInterface
    public byte[] getUesrPrivateKey(String str, String str2) throws Exception {
        return ((PrivateKey) this.keyStore.getKey(str, str2.toCharArray())).getEncoded();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public boolean getUseSingleTransport() {
        return this.b;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.initech.pkix.cmp.client.PKICMPInterface
    public byte[] getUserCert(String str) throws Exception {
        return ((X509Certificate) this.keyStore.getCertificate(str)).getEncoded();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void initKeyStore(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) throws CMPException, Exception {
        initKeyStore(str, str2, str3, str4, str5, str6.toCharArray(), str7, str8);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void initKeyStore(String str, String str2, String str3, String str4, String str5, char[] cArr, String str6, String str7) throws CMPException, Exception {
        this.a = str;
        if (str2 == null || str3 == null) {
            this.keyStore.setKeyEntry(str6, a(str5, cArr), str7.toCharArray(), new Certificate[]{x509CertificateInfo.loadCertificateFromFile(str4)});
        } else {
            this.keyStore.setCertificateEntry(str, x509CertificateInfo.loadCertificate(str2.getBytes()));
            this.keyStore.setCertificateEntry(str + "_enc", x509CertificateInfo.loadCertificate(str3.getBytes()));
            this.keyStore.setKeyEntry(str6, a(str5, cArr), str7.toCharArray(), new Certificate[]{x509CertificateInfo.loadCertificateFromFile(str4)});
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.initech.pkix.cmp.client.PKICMPInterface
    public void initKeyStore(String str, String str2, String str3, Certificate certificate, PrivateKey privateKey, String str4, String str5) throws Exception {
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.initech.pkix.cmp.client.PKICMPInterface
    public void initKeyStore(String str, String str2, String str3, Certificate certificate, PrivateKey privateKey, Certificate certificate2, String str4) throws Exception {
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void parseFreeText(String str) {
        String[] split = str.split("\\$");
        for (int i2 = 0; i2 < split.length - 1; i2++) {
            String[] split2 = split[i2].split("=");
            this.freeText.put(split2[0], split2[1]);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    protected Vector requestGENM(int i2, Vector vector) throws CMPException {
        String bigInteger;
        int i3;
        CMPContext cMPContext = new CMPContext(this.version);
        cMPContext.setURI(this.uri);
        switch (i2) {
            case 1:
                String str = (String) vector.elementAt(0);
                byte[] bytes = ((String) vector.elementAt(1)).getBytes();
                byte[] bytes2 = ((String) vector.elementAt(2)).getBytes();
                GeneralName generalName = new GeneralName();
                new GeneralName();
                generalName.set(1, " ");
                cMPContext.setSender(generalName);
                cMPContext.setSenderKID(bytes);
                cMPContext.setAuthCode(bytes2);
                cMPContext.setCAAlias(str);
                break;
            case 2:
                setFromKeyStore(cMPContext, this.keyStore, (String) vector.elementAt(0), (String) vector.elementAt(1), null);
                new GeneralName().set(4, "");
                GeneralName generalName2 = new GeneralName();
                generalName2.set(4, "");
                cMPContext.setRecipient(generalName2);
                BigInteger serialNumber = ((X509Certificate) cMPContext.getOldSignCertificate()).getSerialNumber();
                if (this.a.equals("crossCert")) {
                    bigInteger = serialNumber.toString(16).toUpperCase();
                    if (bigInteger.length() % 2 != 0) {
                        bigInteger = "0" + bigInteger;
                    }
                } else {
                    bigInteger = serialNumber.toString();
                }
                cMPContext.setSenderKID(bigInteger.getBytes());
                cMPContext.setRecipientKID(new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0});
                break;
            default:
                throw new CMPException(4, (short) 4001, (short) 100, (short) 102, "not supported type");
        }
        cMPContext.setGENMType(i2);
        try {
            PKIMessage process = getTransport(cMPContext).process(PKIMessageFormatter_YesSign.format(cMPContext, 21));
            parseFreeText(process.getHeader().getFreeText().toString());
            PKIMessageDump.dumpFile(process, "genp_yessign.dump");
            checkMsg(cMPContext, process, 22);
            GeneralMessage generalMessage = (GeneralMessage) process.getContentBody();
            switch (i2) {
                case 1:
                case 2:
                    try {
                        try {
                            String[] allTexts = process.getHeader().getFreeText().getAllTexts();
                            Vector vector2 = new Vector();
                            int i4 = 0;
                            while (true) {
                                if (i4 >= allTexts.length) {
                                    i3 = 1;
                                } else if (allTexts[i4].indexOf(ENC_CERT_AVAIL) != -1) {
                                    i3 = 2;
                                } else {
                                    i4++;
                                }
                            }
                            vector2.add(new Integer(i3));
                            X509CertImpl x509CertImpl = null;
                            X509CertImpl x509CertImpl2 = null;
                            for (int i5 = 0; i5 < generalMessage.size(); i5++) {
                                ASN1OID typeIdAt = generalMessage.getTypeIdAt(i5);
                                byte[] valueAt = generalMessage.getValueAt(i5);
                                if (typeIdAt.getName().equals("caProtEncCert")) {
                                    x509CertImpl2 = new X509CertImpl(valueAt);
                                } else if (typeIdAt.get().equals("1.2.410.200005.1.10.1")) {
                                    x509CertImpl = new X509CertImpl(valueAt);
                                }
                            }
                            if (cMPContext.getCAAlias() == null) {
                                cMPContext.setCAAlias("caCertAlias");
                            }
                            if (x509CertImpl2 == null || x509CertImpl == null) {
                                throw new CMPException(1, (short) 1006, (short) 100, (short) 102, "not all ca cert are received");
                            }
                            try {
                                this.keyStore.setCertificateEntry(cMPContext.getCAAlias(), x509CertImpl2);
                                this.keyStore.setCertificateEntry(cMPContext.getCAAlias() + "_enc", x509CertImpl);
                                return vector2;
                            } catch (Exception e) {
                                ThrowableExtension.printStackTrace(e);
                                throw new CMPException(3, (short) 3000, (short) 100, (short) 102, "on saving ca certs[" + e.toString() + "]");
                            }
                        } catch (CMPException e2) {
                            throw e2;
                        }
                    } catch (Exception e3) {
                        ThrowableExtension.printStackTrace(e3);
                        throw new CMPException(1, (short) 1007, (short) 100, (short) 102, "error on processing GENM[" + e3.toString() + "]");
                    }
                default:
                    return null;
            }
        } catch (CMPException e4) {
            throw e4;
        } catch (Exception e5) {
            ThrowableExtension.printStackTrace(e5);
            throw new CMPException(1, (short) 1007, (short) 100, (short) 102, "on processing IR[" + e5.toString() + "]");
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.initech.pkix.cmp.client.PKICMPInterface
    public int requestGetCACert(String str, String str2, String str3) throws CMPException {
        this.a = str;
        Vector vector = new Vector();
        vector.add(str);
        vector.add(str2);
        vector.add(str3);
        return ((Integer) requestGENM(1, vector).elementAt(0)).intValue();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.initech.pkix.cmp.client.PKICMPInterface
    public void requestIR(String str, String str2, String str3, String str4, String str5, String str6, int i2) throws CMPException {
        requestIR(str, str2, str3, str4, str5, str6, i2, null, null);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void requestIR(String str, String str2, String str3, String str4, String str5, String str6, int i2, PKICMPAdapter pKICMPAdapter) throws CMPException {
        requestIR(str, str2, str3, str4, str5, str6, i2, null, null, pKICMPAdapter);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.initech.pkix.cmp.client.PKICMPInterface
    public void requestIR(String str, String str2, String str3, String str4, String str5, String str6, int i2, PublicKey publicKey, EVID evid) throws CMPException {
        requestIR(str, str2, str3, str4, str5, str6, i2, publicKey, evid, null);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void requestIR(String str, String str2, String str3, String str4, String str5, String str6, int i2, PublicKey publicKey, EVID evid, PKICMPAdapter pKICMPAdapter) throws CMPException {
        CMPContext cMPContext = new CMPContext(this.version);
        if (publicKey != null) {
            cMPContext.setSignPopMode(0);
            cMPContext.setSignPubKey(publicKey);
        } else if (pKICMPAdapter != null) {
            cMPContext.setSignPopMode(pKICMPAdapter.getProofOfPossessionMode());
            cMPContext.setSignPubKey(pKICMPAdapter.getPublicKey());
        }
        if (evid != null) {
            cMPContext.setEVID(evid);
        }
        setFromKeyStore(cMPContext, this.keyStore, str, str2, str4);
        cMPContext.setSenderKID(str5.getBytes());
        cMPContext.setAuthCode(str6.getBytes());
        cMPContext.setURI(this.uri);
        cMPContext.setRequestCertNum(i2);
        cMPContext.setIdn(str3);
        cMPContext.setKeysize(this.key_size);
        cMPContext.setSignAlgorithm(this.signAlgorithm);
        cMPContext.setFreeText(this.freeText);
        try {
            PKIMessage format = PKIMessageFormatter_YesSign.format(cMPContext, 0, pKICMPAdapter);
            CMPTransport transport = getTransport(cMPContext);
            PKIMessage process = transport.process(format);
            PKIMessageDump.dumpFile(process, "ip_yessign.dump");
            checkMsg(cMPContext, process, 1);
            CertRepMessage certRepMessage = (CertRepMessage) process.getContentBody();
            if (certRepMessage.nOfResponses() != cMPContext.getRequestCertNum()) {
                throw new CMPException(2, (short) 2004, (short) 100, (short) 108, "expected number of response is only one, but this time[" + certRepMessage.nOfResponses() + "]");
            }
            CertResponse responseAt = certRepMessage.responseAt(0);
            checkPKIStatusInfo(responseAt.getStatusInfo());
            cMPContext.setSignCertificate(responseAt.getIssuedCert());
            if (cMPContext.getRequestCertNum() == 2) {
                CertResponse responseAt2 = certRepMessage.responseAt(1);
                checkPKIStatusInfo(responseAt2.getStatusInfo());
                EncryptedValue encryptedCert = responseAt2.getCertifiedKeyPair().getEncryptedCert();
                DEREncoder dEREncoder = new DEREncoder();
                dEREncoder.encodeOctetString("0123456789012345".getBytes());
                encryptedCert.setSymmAlg(new AlgorithmID(PKCS7Facade.SYMMETRIC_KEY_ALGORITHM, dEREncoder.toByteArray()));
                cMPContext.setEncCertificate(new X509CertImpl(encryptedCert.getData(cMPContext.getEncPrivKey())));
            }
            transport.process(PKIMessageFormatter_YesSign.format(cMPContext, 19));
            try {
                Certificate[] certificateArr = {cMPContext.getSignCertificate()};
                PrivateKey signPrivKey = cMPContext.getSignPrivKey();
                if (signPrivKey != null) {
                    this.keyStore.setKeyEntry(str, signPrivKey, str2.toCharArray(), certificateArr);
                } else {
                    this.keyStore.setCertificateEntry(str, certificateArr[0]);
                }
                if (cMPContext.getRequestCertNum() == 2) {
                    Certificate[] certificateArr2 = {cMPContext.getEncCertificate()};
                    PrivateKey encPrivKey = cMPContext.getEncPrivKey();
                    if (encPrivKey != null) {
                        this.keyStore.setKeyEntry(str + ENC_CERT_SURFIX, encPrivKey, str2.toCharArray(), certificateArr2);
                    } else {
                        this.keyStore.setCertificateEntry(str + ENC_CERT_SURFIX, certificateArr2[0]);
                    }
                }
            } catch (Exception e) {
                ThrowableExtension.printStackTrace(e);
                throw new CMPException(3, (short) 3001, (short) 100, (short) 108, "on saving private key and cert into keystore[" + e.toString() + "]");
            }
        } catch (CMPException e2) {
            throw e2;
        } catch (Exception e3) {
            ThrowableExtension.printStackTrace(e3);
            throw new CMPException(1, (short) 1005, (short) 100, (short) 108, "on processing IR[" + e3.toString() + "]");
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.initech.pkix.cmp.client.PKICMPInterface
    public void requestKUR(String str, String str2, String str3, int i2) throws CMPException {
        CMPContext cMPContext = new CMPContext(this.version);
        cMPContext.setURI(this.uri);
        cMPContext.setRequestCertNum(i2);
        cMPContext.setIdn(str3);
        setFromKeyStore(cMPContext, this.keyStore, str, str2, null);
        try {
            PKIMessage format = PKIMessageFormatter_YesSign.format(cMPContext, 7);
            CMPTransport transport = getTransport(cMPContext);
            PKIMessage process = transport.process(format);
            PKIMessageDump.dumpFile(process, "kup_yessign.dump");
            checkMsg(cMPContext, process, 8);
            CertRepMessage certRepMessage = (CertRepMessage) process.getContentBody();
            if (certRepMessage.nOfResponses() != cMPContext.getRequestCertNum()) {
                throw new CMPException(2, (short) 2004, (short) 100, (short) 111, "expected number of response is " + cMPContext.getRequestCertNum() + ", but this time[" + certRepMessage.nOfResponses() + "]");
            }
            CertResponse responseAt = certRepMessage.responseAt(0);
            checkPKIStatusInfo(responseAt.getStatusInfo());
            cMPContext.setSignCertificate(responseAt.getIssuedCert());
            if (cMPContext.getRequestCertNum() == 2) {
                CertResponse responseAt2 = certRepMessage.responseAt(1);
                checkPKIStatusInfo(responseAt2.getStatusInfo());
                EncryptedValue encryptedCert = responseAt2.getCertifiedKeyPair().getEncryptedCert();
                DEREncoder dEREncoder = new DEREncoder();
                dEREncoder.encodeOctetString("0123456789012345".getBytes());
                encryptedCert.setSymmAlg(new AlgorithmID(PKCS7Facade.SYMMETRIC_KEY_ALGORITHM, dEREncoder.toByteArray()));
                cMPContext.setEncCertificate(new X509CertImpl(encryptedCert.getData(cMPContext.getEncPrivKey())));
            }
            transport.process(PKIMessageFormatter_YesSign.format(cMPContext, 19));
            transport.close();
            try {
                this.keyStore.setKeyEntry(str, cMPContext.getSignPrivKey(), str2.toCharArray(), new Certificate[]{cMPContext.getSignCertificate()});
                if (cMPContext.getRequestCertNum() == 2) {
                    this.keyStore.setKeyEntry(str + ENC_CERT_SURFIX, cMPContext.getEncPrivKey(), str2.toCharArray(), new Certificate[]{cMPContext.getEncCertificate()});
                }
            } catch (Exception e) {
                ThrowableExtension.printStackTrace(e);
                throw new CMPException(3, (short) 3001, (short) 100, (short) 111, "on saving private key and cert into keystore[" + e.toString() + "]");
            }
        } catch (CMPException e2) {
            throw e2;
        } catch (Exception e3) {
            ThrowableExtension.printStackTrace(e3);
            throw new CMPException(1, (short) 1010, (short) 100, (short) 111, "on processing KUR[" + e3.toString() + "]");
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.initech.pkix.cmp.client.PKICMPInterface
    public void requestKUR(String str, String str2, String str3, int i2, PublicKey publicKey, EVID evid) throws CMPException {
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.initech.pkix.cmp.client.PKICMPInterface
    public int requestPreKUR(String str, String str2) throws CMPException {
        Vector vector = new Vector();
        vector.add(str);
        vector.add(str2);
        return ((Integer) requestGENM(2, vector).elementAt(0)).intValue();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void setFreeText(Hashtable hashtable) {
        this.freeText = hashtable;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    protected void setFromKeyStore(CMPContext cMPContext, KeyStore keyStore, String str, String str2, String str3) throws CMPException {
        if (str3 != null) {
            try {
                if (this.keyStore.isCertificateEntry(str3)) {
                    if (this.keyStore.isKeyEntry(str3)) {
                        throw new CMPException(3, "this is key entry");
                    }
                    X509CertImpl x509CertImpl = (X509CertImpl) this.keyStore.getCertificate(str3);
                    cMPContext.setIssuerSignCert(x509CertImpl);
                    cMPContext.setRecipientDN(x509CertImpl.getSubjectDN().toString());
                    cMPContext.setRecipientKID(new SubjectKeyIdentifier(x509CertImpl.getExtensionValue("2.5.29.14")).getKID());
                    Certificate certificate = this.keyStore.getCertificate(str3 + ENC_CERT_SURFIX);
                    if (certificate == null) {
                        throw new CMPException(3, "no encryption CA cert!");
                    }
                    cMPContext.setIssuerEncCert(certificate);
                    cMPContext.setCAAlias(str3);
                    return;
                }
            } catch (CMPException e) {
                throw e;
            } catch (Exception e2) {
                ThrowableExtension.printStackTrace(e2);
                throw new CMPException(3, "fail to retrive key pair from keystore[" + e2.toString() + "]");
            }
        }
        if (!this.keyStore.isKeyEntry(str) || str2 == null) {
            throw new CMPException(3, "no such key or cerfiticate entry");
        }
        X509CertImpl x509CertImpl2 = (X509CertImpl) this.keyStore.getCertificate(str);
        cMPContext.setUserAlias(str);
        cMPContext.setOldSignCertificate(x509CertImpl2);
        PublicKey publicKey = x509CertImpl2.getPublicKey();
        PrivateKey privateKey = (PrivateKey) this.keyStore.getKey(str, str2.toCharArray());
        String name = x509CertImpl2.getSubjectDN().getName();
        cMPContext.setSenderKID(new SubjectKeyIdentifier(x509CertImpl2.getExtensionValue("2.5.29.14")).getKID());
        cMPContext.setSender(new GeneralName("DN:" + name));
        cMPContext.setOldSignPubKey(publicKey);
        cMPContext.setOldSignPrivKey(privateKey);
        Enumeration<String> aliases = this.keyStore.aliases();
        while (true) {
            if (!aliases.hasMoreElements()) {
                break;
            }
            String nextElement = aliases.nextElement();
            if (this.keyStore.isCertificateEntry(nextElement)) {
                X509CertImpl x509CertImpl3 = (X509CertImpl) this.keyStore.getCertificate(nextElement);
                String obj = x509CertImpl3.getSubjectDN().toString();
                String obj2 = x509CertImpl2.getIssuerDN().toString();
                int indexOf = obj.indexOf("O=");
                String upperCase = obj.substring(indexOf + 2, obj.indexOf(",", indexOf)).toUpperCase();
                int indexOf2 = obj2.indexOf("O=");
                if (upperCase.equals(obj2.substring(indexOf2 + 2, obj2.indexOf(",", indexOf2)).toUpperCase())) {
                    cMPContext.setIssuerSignCert(x509CertImpl3);
                    cMPContext.setRecipientDN(x509CertImpl3.getSubjectDN().toString());
                    cMPContext.setRecipientKID(new SubjectKeyIdentifier(x509CertImpl3.getExtensionValue("2.5.29.14")).getKID());
                    Certificate certificate2 = this.keyStore.getCertificate(nextElement + ENC_CERT_SURFIX);
                    if (certificate2 == null) {
                        throw new CMPException(3, "sign cert exist, but no encryption CA cert!");
                    }
                    cMPContext.setIssuerEncCert(certificate2);
                    cMPContext.setCAAlias(nextElement);
                }
            }
        }
        if (!this.keyStore.isKeyEntry(str + ENC_CERT_SURFIX)) {
            if (cMPContext.getRequestCertNum() == 2) {
                System.err.println("Waring! request certificate number is 2, but only one available!!");
                cMPContext.setRequestCertNum(1);
                return;
            }
            return;
        }
        cMPContext.setOldEncCertificate((X509Certificate) this.keyStore.getCertificate(str + ENC_CERT_SURFIX));
        PublicKey publicKey2 = x509CertImpl2.getPublicKey();
        PrivateKey privateKey2 = (PrivateKey) this.keyStore.getKey(str + ENC_CERT_SURFIX, str2.toCharArray());
        cMPContext.setOldEncPubKey(publicKey2);
        cMPContext.setOldEncPrivKey(privateKey2);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void setKeysize(int i2) {
        this.key_size = i2;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void setSignAlgorithm(String str) {
        this.signAlgorithm = str;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void setUseSingleTransport(boolean z) {
        this.b = z;
    }
}
