package com.sg.openews.api.crmf.impl;

import com.fasterxml.jackson.core.util.MinimalPrettyPrinter;
import com.kica.security.asn1.ASN1EncodableVector;
import com.kica.security.asn1.DERInteger;
import com.kica.security.asn1.DERSequence;
import com.kica.security.asn1.DERTaggedObject;
import com.kica.security.asn1.cmp.PKIBody;
import com.kica.security.asn1.cmp.PKIMessage;
import com.kica.security.asn1.crmf.CertReqMessages;
import com.kica.security.asn1.crmf.CertReqMsg;
import com.kica.security.asn1.crmf.CertRequest;
import com.kica.security.asn1.crmf.CertTemplate;
import com.kica.security.asn1.pkcs.PKCSObjectIdentifiers;
import com.sg.openews.api.cmp.CMPException;
import com.sg.openews.api.cmp.PKIMessageBuilder;
import com.sg.openews.api.cmp.UserInfo;
import com.sg.openews.api.crmf.CertTemplateBuilder;
import com.sg.openews.api.crmf.ControlsBuilder;
import com.sg.openews.api.crmf.RegInfoBuilder;
import com.sg.openews.api.crmf.RequestBuilder;
import com.sg.openews.api.exception.SGException;
import com.sg.openews.api.key.SGCertificate;
import com.sg.openews.api.key.SGKeyPair;
import com.sg.openews.api.key.SGPrivateKey;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.PublicKey;
import java.util.Date;
import java.util.Map;
import java.util.Random;

/* loaded from: classes7.dex */
public class IR extends RequestBuilder {
    public SGCertificate issuerCert;
    public boolean keyBackup;
    public int keyGenPosition;

    public IR(UserInfo userInfo) {
        super(userInfo);
        this.keyGenPosition = 0;
        this.keyBackup = false;
    }

    public CertReqMessages generateCertReqMessages() throws IOException, SGException {
        if (this.userInfo.getSignKeyPair() == null) {
            throw new IllegalArgumentException("Signature Key Pair is NULL.");
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(generateSignCertReqMsg(this.userInfo.getSignKeyPair(), this.userInfo.getIdn()));
        if (this.userInfo.getKmKeyPair() != null) {
            aSN1EncodableVector.add(generateKmCertReqMsg(this.userInfo.getKmKeyPair(), null));
        }
        return CertReqMessages.getInstance(new DERSequence(aSN1EncodableVector));
    }

    public CertTemplate generateCertTemplate(PublicKey publicKey) {
        CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
        certTemplateBuilder.setPublicKey(publicKey);
        return certTemplateBuilder.generate();
    }

    public CertReqMsg generateKmCertReqMsg(SGKeyPair sGKeyPair, SGCertificate sGCertificate) throws IOException, SGException {
        CertRequest certRequest = new CertRequest();
        certRequest.setCertReqId(new DERInteger(1));
        certRequest.setCertTemplate(generateCertTemplate(sGKeyPair.getPublic()));
        if (this.keyBackup) {
            ControlsBuilder controlsBuilder = new ControlsBuilder();
            controlsBuilder.addPkiArchiveOptions(this.issuerCert, sGKeyPair.getPrivate());
            certRequest.setControls(controlsBuilder.generate());
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(certRequest);
        aSN1EncodableVector.add(RequestFactoryUtils.generateProofOfPossession(sGKeyPair).getDERObject());
        return CertReqMsg.getInstance(new DERSequence(aSN1EncodableVector));
    }

    public CertReqMsg generateSignCertReqMsg(SGKeyPair sGKeyPair, String str) throws IOException, SGException {
        CertRequest certRequest = new CertRequest();
        certRequest.setCertReqId(new DERInteger(0));
        certRequest.setCertTemplate(generateCertTemplate(sGKeyPair.getPublic()));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(certRequest);
        aSN1EncodableVector.add(RequestFactoryUtils.generateProofOfPossession(sGKeyPair).getDERObject());
        RegInfoBuilder regInfoBuilder = new RegInfoBuilder();
        if (str != null) {
            regInfoBuilder.addVID(this.userInfo, this.issuerCert, str);
        }
        if (sGKeyPair.getPrivate().getKeyType().equals("HSM") || sGKeyPair.getPrivate().getKeyType().equals("TZ") || sGKeyPair.getPrivate().getKeyType().equals(SGPrivateKey.NFC_TYPE) || sGKeyPair.getPrivate().getKeyType().equals(SGPrivateKey.SS_TEE_TYPE) || sGKeyPair.getPrivate().getKeyType().equals(SGPrivateKey.LUNA_HSM_TYPE)) {
            regInfoBuilder.addHSM();
        }
        if (regInfoBuilder.size() > 0) {
            aSN1EncodableVector.add(regInfoBuilder.generate());
        }
        return CertReqMsg.getInstance(new DERSequence(aSN1EncodableVector));
    }

    @Override // com.sg.openews.api.crmf.RequestBuilder
    public PKIMessage getRequest(Map map) throws CMPException {
        this.issuerCert = (SGCertificate) map.get("issuerCert");
        this.keyGenPosition = map.get("keyGenPosition") == null ? 0 : Integer.parseInt((String) map.get("keyGenPosition"));
        this.keyBackup = map.get("keyBackup") == null ? false : Boolean.valueOf((String) map.get("keyGenPosition")).booleanValue();
        byte[] bArr = new byte[128];
        new Random().nextBytes(bArr);
        PKIMessageBuilder pKIMessageBuilder = new PKIMessageBuilder(this.userInfo.getReferNumber(), this.userInfo.getAuthCode());
        try {
            pKIMessageBuilder.setSender(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR);
            pKIMessageBuilder.setRecipient(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR);
            pKIMessageBuilder.setMessageTime(new Date());
            pKIMessageBuilder.setProtectionAlg(PKCSObjectIdentifiers.id_PasswordBasedMAC);
            pKIMessageBuilder.setSenderKID(this.userInfo.getReferNumber().getBytes());
            pKIMessageBuilder.setSenderNonce(bArr);
            pKIMessageBuilder.setBody(PKIBody.getInstance(new DERTaggedObject(true, 0, generateCertReqMessages())));
            return pKIMessageBuilder.generate(true);
        } catch (SGException e) {
            throw new CMPException(e);
        } catch (IOException e2) {
            throw new CMPException(e2);
        } catch (InvalidKeyException e3) {
            throw new CMPException(e3);
        }
    }
}
