package org.bouncycastle.cert.crmf;

import java.io.IOException;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.ASN1UTF8String;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.operator.ContentVerifier;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.util.Encodable;
import ye.a;
import ye.b;
import ye.e;
import ye.g;
import ye.i;
import ye.n;
import ye.q;
import ye.r;
import ye.s;

/* loaded from: classes3.dex */
public class CertificateRequestMessage implements Encodable {
    public static final int popKeyAgreement = 3;
    public static final int popKeyEncipherment = 2;
    public static final int popRaVerified = 0;
    public static final int popSigningKey = 1;
    private final e certReqMsg;
    private final i controls;

    public CertificateRequestMessage(e eVar) {
        this.certReqMsg = eVar;
        this.controls = eVar.f21337c.f21342e;
    }

    public CertificateRequestMessage(byte[] bArr) throws IOException {
        this(parseBytes(bArr));
    }

    private a findControl(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        i iVar = this.controls;
        if (iVar == null) {
            return null;
        }
        ASN1Sequence aSN1Sequence = iVar.f21354c;
        int size = aSN1Sequence.size();
        a[] aVarArr = new a[size];
        for (int i10 = 0; i10 != size; i10++) {
            ASN1Encodable objectAt = aSN1Sequence.getObjectAt(i10);
            aVarArr[i10] = objectAt instanceof a ? (a) objectAt : objectAt != null ? new a(ASN1Sequence.getInstance(objectAt)) : null;
        }
        for (int i11 = 0; i11 != size; i11++) {
            if (aVarArr[i11].f21328c.equals((ASN1Primitive) aSN1ObjectIdentifier)) {
                return aVarArr[i11];
            }
        }
        return null;
    }

    private static e parseBytes(byte[] bArr) throws IOException {
        try {
            return e.a(ASN1Primitive.fromByteArray(bArr));
        } catch (ClassCastException e10) {
            throw new CertIOException("malformed data: " + e10.getMessage(), e10);
        } catch (IllegalArgumentException e11) {
            throw new CertIOException("malformed data: " + e11.getMessage(), e11);
        }
    }

    private boolean verifySignature(ContentVerifierProvider contentVerifierProvider, q qVar) throws CRMFException {
        try {
            ContentVerifier contentVerifier = contentVerifierProvider.get(qVar.f21373d);
            ASN1Object aSN1Object = qVar.f21372c;
            if (aSN1Object == null) {
                aSN1Object = this.certReqMsg.f21337c;
            }
            CRMFUtil.derEncodeToStream(aSN1Object, contentVerifier.getOutputStream());
            return contentVerifier.verify(qVar.f21374e.getOctets());
        } catch (OperatorCreationException e10) {
            throw new CRMFException("unable to create verifier: " + e10.getMessage(), e10);
        }
    }

    public g getCertTemplate() {
        return this.certReqMsg.f21337c.f21341d;
    }

    public Control getControl(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        n nVar;
        a findControl = findControl(aSN1ObjectIdentifier);
        if (findControl == null) {
            return null;
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier2 = b.f21332c;
        ASN1ObjectIdentifier aSN1ObjectIdentifier3 = findControl.f21328c;
        boolean equals = aSN1ObjectIdentifier3.equals((ASN1Primitive) aSN1ObjectIdentifier2);
        ASN1Encodable aSN1Encodable = findControl.f21329d;
        if (!equals) {
            if (aSN1ObjectIdentifier3.equals((ASN1Primitive) b.f21330a)) {
                return new RegTokenControl(ASN1UTF8String.getInstance(aSN1Encodable));
            }
            if (aSN1ObjectIdentifier3.equals((ASN1Primitive) b.f21331b)) {
                return new AuthenticatorControl(ASN1UTF8String.getInstance(aSN1Encodable));
            }
            return null;
        }
        if (aSN1Encodable == null || (aSN1Encodable instanceof n)) {
            nVar = (n) aSN1Encodable;
        } else {
            if (!(aSN1Encodable instanceof ASN1TaggedObject)) {
                throw new IllegalArgumentException("unknown object: " + aSN1Encodable);
            }
            nVar = new n((ASN1TaggedObject) aSN1Encodable);
        }
        return new PKIArchiveControl(nVar);
    }

    @Override // org.bouncycastle.util.Encodable
    public byte[] getEncoded() throws IOException {
        return this.certReqMsg.getEncoded();
    }

    public int getProofOfPossessionType() {
        return this.certReqMsg.f21338d.f21378c;
    }

    public boolean hasControl(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return findControl(aSN1ObjectIdentifier) != null;
    }

    public boolean hasControls() {
        return this.controls != null;
    }

    public boolean hasProofOfPossession() {
        return this.certReqMsg.f21338d != null;
    }

    public boolean hasSigningKeyProofOfPossessionWithPKMAC() {
        s sVar = this.certReqMsg.f21338d;
        return sVar.f21378c == 1 && q.a(sVar.f21379d).f21372c.f21376d != null;
    }

    public boolean isValidSigningKeyPOP(ContentVerifierProvider contentVerifierProvider) throws CRMFException, IllegalStateException {
        s sVar = this.certReqMsg.f21338d;
        if (sVar.f21378c != 1) {
            throw new IllegalStateException("not Signing Key type of proof of possession");
        }
        q a10 = q.a(sVar.f21379d);
        r rVar = a10.f21372c;
        if (rVar == null || rVar.f21376d == null) {
            return verifySignature(contentVerifierProvider, a10);
        }
        throw new IllegalStateException("verification requires password check");
    }

    public boolean isValidSigningKeyPOP(ContentVerifierProvider contentVerifierProvider, PKMACBuilder pKMACBuilder, char[] cArr) throws CRMFException, IllegalStateException {
        s sVar = this.certReqMsg.f21338d;
        if (sVar.f21378c != 1) {
            throw new IllegalStateException("not Signing Key type of proof of possession");
        }
        q a10 = q.a(sVar.f21379d);
        r rVar = a10.f21372c;
        if (rVar == null || rVar.f21375c != null) {
            throw new IllegalStateException("no PKMAC present in proof of possession");
        }
        if (new PKMACValueVerifier(pKMACBuilder).isValid(rVar.f21376d, cArr, getCertTemplate().f21347i)) {
            return verifySignature(contentVerifierProvider, a10);
        }
        return false;
    }

    public e toASN1Structure() {
        return this.certReqMsg;
    }
}
