package com.amazon.coral.internal.org.bouncycastle.cert.crmf;

import com.amazon.coral.internal.org.bouncycastle.asn1.C$ASN1Encoding;
import com.amazon.coral.internal.org.bouncycastle.asn1.C$ASN1ObjectIdentifier;
import com.amazon.coral.internal.org.bouncycastle.asn1.C$ASN1Primitive;
import com.amazon.coral.internal.org.bouncycastle.asn1.C$DERUTF8String;
import com.amazon.coral.internal.org.bouncycastle.asn1.cmp.C$PBMParameter;
import com.amazon.coral.internal.org.bouncycastle.asn1.crmf.C$AttributeTypeAndValue;
import com.amazon.coral.internal.org.bouncycastle.asn1.crmf.C$CRMFObjectIdentifiers;
import com.amazon.coral.internal.org.bouncycastle.asn1.crmf.C$CertReqMsg;
import com.amazon.coral.internal.org.bouncycastle.asn1.crmf.C$CertTemplate;
import com.amazon.coral.internal.org.bouncycastle.asn1.crmf.C$Controls;
import com.amazon.coral.internal.org.bouncycastle.asn1.crmf.C$PKIArchiveOptions;
import com.amazon.coral.internal.org.bouncycastle.asn1.crmf.C$PKMACValue;
import com.amazon.coral.internal.org.bouncycastle.asn1.crmf.C$POPOSigningKey;
import com.amazon.coral.internal.org.bouncycastle.asn1.crmf.C$ProofOfPossession;
import com.amazon.coral.internal.org.bouncycastle.asn1.x509.C$SubjectPublicKeyInfo;
import com.amazon.coral.internal.org.bouncycastle.cert.C$CertIOException;
import com.amazon.coral.internal.org.bouncycastle.operator.C$ContentVerifier;
import com.amazon.coral.internal.org.bouncycastle.operator.C$ContentVerifierProvider;
import com.amazon.coral.internal.org.bouncycastle.operator.C$MacCalculator;
import com.amazon.coral.internal.org.bouncycastle.operator.C$OperatorCreationException;
import com.amazon.coral.internal.org.bouncycastle.util.C$Arrays;
import com.amazon.coral.internal.org.bouncycastle.util.C$Encodable;
import java.io.IOException;
import java.io.OutputStream;

/* renamed from: com.amazon.coral.internal.org.bouncycastle.cert.crmf.$CertificateRequestMessage, reason: invalid class name */
/* loaded from: classes3.dex */
public class C$CertificateRequestMessage implements C$Encodable {
    public static final int popKeyAgreement = 3;
    public static final int popKeyEncipherment = 2;
    public static final int popRaVerified = 0;
    public static final int popSigningKey = 1;
    private final C$CertReqMsg certReqMsg;
    private final C$Controls controls;

    public C$CertificateRequestMessage(C$CertReqMsg c$CertReqMsg) {
        this.certReqMsg = c$CertReqMsg;
        this.controls = c$CertReqMsg.getCertReq().getControls();
    }

    public C$CertificateRequestMessage(byte[] bArr) throws IOException {
        this(parseBytes(bArr));
    }

    private C$AttributeTypeAndValue findControl(C$ASN1ObjectIdentifier c$ASN1ObjectIdentifier) {
        C$AttributeTypeAndValue c$AttributeTypeAndValue;
        if (this.controls == null) {
            return null;
        }
        C$AttributeTypeAndValue[] attributeTypeAndValueArray = this.controls.toAttributeTypeAndValueArray();
        int i = 0;
        while (true) {
            if (i == attributeTypeAndValueArray.length) {
                c$AttributeTypeAndValue = null;
                break;
            }
            if (attributeTypeAndValueArray[i].getType().equals(c$ASN1ObjectIdentifier)) {
                c$AttributeTypeAndValue = attributeTypeAndValueArray[i];
                break;
            }
            i++;
        }
        return c$AttributeTypeAndValue;
    }

    private static C$CertReqMsg parseBytes(byte[] bArr) throws IOException {
        try {
            return C$CertReqMsg.getInstance(C$ASN1Primitive.fromByteArray(bArr));
        } catch (ClassCastException e) {
            throw new C$CertIOException("malformed data: " + e.getMessage(), e);
        } catch (IllegalArgumentException e2) {
            throw new C$CertIOException("malformed data: " + e2.getMessage(), e2);
        }
    }

    private boolean verifySignature(C$ContentVerifierProvider c$ContentVerifierProvider, C$POPOSigningKey c$POPOSigningKey) throws C$CRMFException {
        try {
            C$ContentVerifier c$ContentVerifier = c$ContentVerifierProvider.get(c$POPOSigningKey.getAlgorithmIdentifier());
            if (c$POPOSigningKey.getPoposkInput() != null) {
                C$CRMFUtil.derEncodeToStream(c$POPOSigningKey.getPoposkInput(), c$ContentVerifier.getOutputStream());
            } else {
                C$CRMFUtil.derEncodeToStream(this.certReqMsg.getCertReq(), c$ContentVerifier.getOutputStream());
            }
            return c$ContentVerifier.verify(c$POPOSigningKey.getSignature().getOctets());
        } catch (C$OperatorCreationException e) {
            throw new C$CRMFException("unable to create verifier: " + e.getMessage(), e);
        }
    }

    public C$CertTemplate getCertTemplate() {
        return this.certReqMsg.getCertReq().getCertTemplate();
    }

    public C$Control getControl(C$ASN1ObjectIdentifier c$ASN1ObjectIdentifier) {
        C$AttributeTypeAndValue findControl = findControl(c$ASN1ObjectIdentifier);
        if (findControl != null) {
            if (findControl.getType().equals(C$CRMFObjectIdentifiers.id_regCtrl_pkiArchiveOptions)) {
                return new C$PKIArchiveControl(C$PKIArchiveOptions.getInstance(findControl.getValue()));
            }
            if (findControl.getType().equals(C$CRMFObjectIdentifiers.id_regCtrl_regToken)) {
                return new C$RegTokenControl(C$DERUTF8String.getInstance(findControl.getValue()));
            }
            if (findControl.getType().equals(C$CRMFObjectIdentifiers.id_regCtrl_authenticator)) {
                return new C$AuthenticatorControl(C$DERUTF8String.getInstance(findControl.getValue()));
            }
        }
        return null;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.util.C$Encodable
    public byte[] getEncoded() throws IOException {
        return this.certReqMsg.getEncoded();
    }

    public int getProofOfPossessionType() {
        return this.certReqMsg.getPopo().getType();
    }

    public boolean hasControl(C$ASN1ObjectIdentifier c$ASN1ObjectIdentifier) {
        return findControl(c$ASN1ObjectIdentifier) != null;
    }

    public boolean hasControls() {
        return this.controls != null;
    }

    public boolean hasProofOfPossession() {
        return this.certReqMsg.getPopo() != null;
    }

    public boolean hasSigningKeyProofOfPossessionWithPKMAC() {
        C$ProofOfPossession popo = this.certReqMsg.getPopo();
        return popo.getType() == 1 && C$POPOSigningKey.getInstance(popo.getObject()).getPoposkInput().getPublicKeyMAC() != null;
    }

    public boolean isValidSigningKeyPOP(C$ContentVerifierProvider c$ContentVerifierProvider) throws C$CRMFException, IllegalStateException {
        C$ProofOfPossession popo = this.certReqMsg.getPopo();
        if (popo.getType() != 1) {
            throw new IllegalStateException("not Signing Key type of proof of possession");
        }
        C$POPOSigningKey c$POPOSigningKey = C$POPOSigningKey.getInstance(popo.getObject());
        if (c$POPOSigningKey.getPoposkInput() == null || c$POPOSigningKey.getPoposkInput().getPublicKeyMAC() == null) {
            return verifySignature(c$ContentVerifierProvider, c$POPOSigningKey);
        }
        throw new IllegalStateException("verification requires password check");
    }

    /* JADX WARN: Type inference failed for: r2v1, types: [com.amazon.coral.internal.org.bouncycastle.cert.crmf.$PKMACValueVerifier] */
    public boolean isValidSigningKeyPOP(C$ContentVerifierProvider c$ContentVerifierProvider, final C$PKMACBuilder c$PKMACBuilder, char[] cArr) throws C$CRMFException, IllegalStateException {
        C$ProofOfPossession popo = this.certReqMsg.getPopo();
        if (popo.getType() != 1) {
            throw new IllegalStateException("not Signing Key type of proof of possession");
        }
        C$POPOSigningKey c$POPOSigningKey = C$POPOSigningKey.getInstance(popo.getObject());
        if (c$POPOSigningKey.getPoposkInput() == null || c$POPOSigningKey.getPoposkInput().getSender() != null) {
            throw new IllegalStateException("no PKMAC present in proof of possession");
        }
        if (new Object(c$PKMACBuilder) { // from class: com.amazon.coral.internal.org.bouncycastle.cert.crmf.$PKMACValueVerifier
            private final C$PKMACBuilder builder;

            {
                this.builder = c$PKMACBuilder;
            }

            public boolean isValid(C$PKMACValue c$PKMACValue, char[] cArr2, C$SubjectPublicKeyInfo c$SubjectPublicKeyInfo) throws C$CRMFException {
                this.builder.setParameters(C$PBMParameter.getInstance(c$PKMACValue.getAlgId().getParameters()));
                C$MacCalculator build = this.builder.build(cArr2);
                OutputStream outputStream = build.getOutputStream();
                try {
                    outputStream.write(c$SubjectPublicKeyInfo.getEncoded(C$ASN1Encoding.DER));
                    outputStream.close();
                    return C$Arrays.areEqual(build.getMac(), c$PKMACValue.getValue().getBytes());
                } catch (IOException e) {
                    throw new C$CRMFException("exception encoding mac input: " + e.getMessage(), e);
                }
            }
        }.isValid(c$POPOSigningKey.getPoposkInput().getPublicKeyMAC(), cArr, getCertTemplate().getPublicKey())) {
            return verifySignature(c$ContentVerifierProvider, c$POPOSigningKey);
        }
        return false;
    }

    public C$CertReqMsg toASN1Structure() {
        return this.certReqMsg;
    }
}
