package org.jruby.ext.openssl;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.jruby.Ruby;
import org.jruby.RubyClass;
import org.jruby.RubyModule;
import org.jruby.RubyObject;
import org.jruby.RubyString;
import org.jruby.anno.JRubyMethod;
import org.jruby.exceptions.RaiseException;
import org.jruby.ext.openssl.impl.ASN1Registry;
import org.jruby.ext.openssl.impl.Base64;
import org.jruby.ext.openssl.impl.NetscapeCertRequest;
import org.jruby.runtime.ObjectAllocator;
import org.jruby.runtime.ThreadContext;
import org.jruby.runtime.Visibility;
import org.jruby.runtime.builtin.IRubyObject;
import org.jruby.util.ByteList;

/* JADX WARN: Classes with same name are omitted:
  input_file:META-INF/lib/jruby-stdlib-9.1.5.0.jar:META-INF/jruby.home/lib/ruby/stdlib/jopenssl.jar:org/jruby/ext/openssl/NetscapeSPKI.class
 */
/* loaded from: input_file:gems/jruby-jars-9.1.5.0/lib/jruby-stdlib-9.1.5.0.jar:META-INF/jruby.home/lib/ruby/stdlib/jopenssl.jar:org/jruby/ext/openssl/NetscapeSPKI.class */
public class NetscapeSPKI extends RubyObject {
    private static final long serialVersionUID = 3211242351810109432L;
    private static ObjectAllocator NETSCAPESPKI_ALLOCATOR = new ObjectAllocator() { // from class: org.jruby.ext.openssl.NetscapeSPKI.1
        @Override // org.jruby.runtime.ObjectAllocator
        public IRubyObject allocate(Ruby ruby, RubyClass rubyClass) {
            return new NetscapeSPKI(ruby, rubyClass);
        }
    };
    private IRubyObject public_key;
    private IRubyObject challenge;
    private Object cert;

    public static void createNetscapeSPKI(Ruby ruby, RubyModule rubyModule) {
        RubyModule defineModuleUnder = rubyModule.defineModuleUnder(ASN1Registry.SN_netscape);
        RubyClass defineClassUnder = defineModuleUnder.defineClassUnder("SPKI", ruby.getObject(), NETSCAPESPKI_ALLOCATOR);
        RubyClass rubyClass = rubyModule.getClass("OpenSSLError");
        defineModuleUnder.defineClassUnder("SPKIError", rubyClass, rubyClass.getAllocator());
        defineClassUnder.defineAnnotatedMethods(NetscapeSPKI.class);
    }

    private static RubyModule _Netscape(Ruby ruby) {
        return (RubyModule) ruby.getModule("OpenSSL").getConstant(ASN1Registry.SN_netscape);
    }

    public NetscapeSPKI(Ruby ruby, RubyClass rubyClass) {
        super(ruby, rubyClass);
    }

    @JRubyMethod(name = {"initialize"}, rest = true, visibility = Visibility.PRIVATE)
    public IRubyObject initialize(ThreadContext threadContext, IRubyObject[] iRubyObjectArr) {
        Ruby ruby = threadContext.runtime;
        if (iRubyObjectArr.length > 0) {
            try {
                NetscapeCertRequest netscapeCertRequest = new NetscapeCertRequest(tryBase64Decode(iRubyObjectArr[0].convertToString().getBytes()));
                this.cert = netscapeCertRequest;
                this.challenge = ruby.newString(netscapeCertRequest.getChallenge());
                PublicKey publicKey = netscapeCertRequest.getPublicKey();
                String algorithm = publicKey.getAlgorithm();
                RubyString newString = RubyString.newString(ruby, publicKey.getEncoded());
                if ("RSA".equalsIgnoreCase(algorithm)) {
                    this.public_key = PKeyRSA._RSA(ruby).callMethod(threadContext, "new", newString);
                } else {
                    if (!ASN1Registry.SN_dsa.equalsIgnoreCase(algorithm)) {
                        throw ruby.newLoadError("not implemented algo for public key: " + algorithm);
                    }
                    this.public_key = PKeyDSA._DSA(ruby).callMethod(threadContext, "new", newString);
                }
            } catch (IllegalArgumentException e) {
                throw newSPKIError(e);
            } catch (GeneralSecurityException e2) {
                throw newSPKIError(e2);
            }
        }
        return this;
    }

    private static byte[] tryBase64Decode(byte[] bArr) {
        try {
            bArr = Base64.decode(bArr, 0, bArr.length, 0);
        } catch (IOException e) {
        } catch (IllegalArgumentException e2) {
        }
        return bArr;
    }

    @JRubyMethod
    public IRubyObject to_der() {
        try {
            return getRuntime().newString(new ByteList(toDER(), false));
        } catch (IOException e) {
            throw newSPKIError(e);
        }
    }

    @JRubyMethod(name = {"to_pem", "to_s"})
    public IRubyObject to_pem() {
        try {
            byte[] der = toDER();
            return getRuntime().newString(new ByteList(Base64.encodeBytesToBytes(der, 0, der.length, 0), false));
        } catch (IOException e) {
            throw newSPKIError(e);
        }
    }

    private byte[] toDER() throws IOException {
        ASN1Sequence aSN1Sequence = (ASN1Sequence) ((NetscapeCertRequest) this.cert).toASN1Primitive();
        ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) ((ASN1Sequence) ((ASN1Sequence) ((ASN1Sequence) aSN1Sequence.getObjectAt(0)).getObjectAt(0)).getObjectAt(0)).getObjectAt(0);
        ASN1ObjectIdentifier algorithm = ((AlgorithmIdentifier) aSN1Sequence.getObjectAt(1)).getAlgorithm();
        DERBitString dERBitString = (DERBitString) aSN1Sequence.getObjectAt(2);
        DERBitString dERBitString2 = new DERBitString(((PKey) this.public_key).to_der().convertToString().getBytes());
        DERIA5String dERIA5String = new DERIA5String(this.challenge.toString());
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
        ASN1EncodableVector aSN1EncodableVector4 = new ASN1EncodableVector();
        ASN1EncodableVector aSN1EncodableVector5 = new ASN1EncodableVector();
        aSN1EncodableVector5.add(aSN1ObjectIdentifier);
        aSN1EncodableVector5.add(DERNull.INSTANCE);
        aSN1EncodableVector4.add(new DLSequence(aSN1EncodableVector5));
        aSN1EncodableVector4.add(dERBitString2);
        aSN1EncodableVector3.add(new DLSequence(aSN1EncodableVector4));
        aSN1EncodableVector3.add(dERIA5String);
        aSN1EncodableVector.add(new DLSequence(aSN1EncodableVector3));
        aSN1EncodableVector2.add(algorithm);
        aSN1EncodableVector2.add(DERNull.INSTANCE);
        aSN1EncodableVector.add(new DLSequence(aSN1EncodableVector2));
        aSN1EncodableVector.add(dERBitString);
        return new DLSequence(aSN1EncodableVector).getEncoded();
    }

    @JRubyMethod
    public IRubyObject to_text() {
        OpenSSL.warn(getRuntime().getCurrentContext(), "WARNING: unimplemented method called: Netscape::SPKI#to_text");
        return getRuntime().getNil();
    }

    @JRubyMethod
    public IRubyObject public_key() {
        return this.public_key;
    }

    @JRubyMethod(name = {"public_key="})
    public IRubyObject set_public_key(IRubyObject iRubyObject) {
        this.public_key = iRubyObject;
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject sign(IRubyObject iRubyObject, IRubyObject iRubyObject2) {
        try {
            NetscapeCertRequest netscapeCertRequest = new NetscapeCertRequest(this.challenge.toString(), new AlgorithmIdentifier(ASN1.sym2Oid(getRuntime(), ((PKey) iRubyObject).getAlgorithm().toLowerCase() + '-' + ((Digest) iRubyObject2).getShortAlgorithm().toLowerCase())), ((PKey) this.public_key).getPublicKey());
            this.cert = netscapeCertRequest;
            netscapeCertRequest.sign(((PKey) iRubyObject).getPrivateKey());
            return this;
        } catch (NoSuchAlgorithmException e) {
            OpenSSL.debugStackTrace(getRuntime(), e);
            throw newSPKIError(e);
        } catch (GeneralSecurityException e2) {
            throw newSPKIError(e2);
        }
    }

    @JRubyMethod
    public IRubyObject verify(IRubyObject iRubyObject) {
        NetscapeCertRequest netscapeCertRequest = (NetscapeCertRequest) this.cert;
        netscapeCertRequest.setPublicKey(((PKey) iRubyObject).getPublicKey());
        try {
            return getRuntime().newBoolean(netscapeCertRequest.verify(this.challenge.toString()));
        } catch (NoSuchAlgorithmException e) {
            OpenSSL.debugStackTrace(getRuntime(), e);
            throw newSPKIError(e);
        } catch (GeneralSecurityException e2) {
            throw newSPKIError(e2);
        }
    }

    @JRubyMethod
    public IRubyObject challenge() {
        return this.challenge;
    }

    @JRubyMethod(name = {"challenge="})
    public IRubyObject set_challenge(IRubyObject iRubyObject) {
        this.challenge = iRubyObject;
        return iRubyObject;
    }

    private RaiseException newSPKIError(Exception exc) {
        return newSPKIError(getRuntime(), exc.getMessage());
    }

    private static RaiseException newSPKIError(Ruby ruby, String str) {
        return Utils.newError(ruby, _Netscape(ruby).getClass("SPKIError"), str);
    }
}
