package org.jruby.ext.openssl;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.jce.netscape.NetscapeCertRequest;
import org.jruby.Ruby;
import org.jruby.RubyClass;
import org.jruby.RubyModule;
import org.jruby.RubyObject;
import org.jruby.RubyString;
import org.jruby.anno.JRubyMethod;
import org.jruby.exceptions.RaiseException;
import org.jruby.ext.openssl.OpenSSLReal;
import org.jruby.ext.openssl.impl.ASN1Registry;
import org.jruby.ext.openssl.impl.Base64;
import org.jruby.runtime.ObjectAllocator;
import org.jruby.runtime.builtin.IRubyObject;

/* loaded from: input_file:gems/jruby-openssl-0.7.1/lib/jopenssl.jar:org/jruby/ext/openssl/NetscapeSPKI.class */
public class NetscapeSPKI extends RubyObject {
    private static ObjectAllocator NETSCAPESPKI_ALLOCATOR = new ObjectAllocator() { // from class: org.jruby.ext.openssl.NetscapeSPKI.1
        public IRubyObject allocate(Ruby ruby, RubyClass rubyClass) {
            return new NetscapeSPKI(ruby, rubyClass);
        }
    };
    private IRubyObject public_key;
    private IRubyObject challenge;
    private NetscapeCertRequest cert;

    public static void createNetscapeSPKI(Ruby ruby, RubyModule rubyModule) {
        RubyModule defineModuleUnder = rubyModule.defineModuleUnder(ASN1Registry.SN_netscape);
        RubyClass defineClassUnder = defineModuleUnder.defineClassUnder("SPKI", ruby.getObject(), NETSCAPESPKI_ALLOCATOR);
        RubyClass rubyClass = rubyModule.getClass("OpenSSLError");
        defineModuleUnder.defineClassUnder("SPKIError", rubyClass, rubyClass.getAllocator());
        defineClassUnder.defineAnnotatedMethods(NetscapeSPKI.class);
    }

    public NetscapeSPKI(Ruby ruby, RubyClass rubyClass) {
        super(ruby, rubyClass);
    }

    @JRubyMethod(name = {"initialize"}, rest = true)
    public IRubyObject _initialize(IRubyObject[] iRubyObjectArr) {
        if (iRubyObjectArr.length > 0) {
            final byte[] tryBase64Decode = tryBase64Decode(iRubyObjectArr[0].convertToString().getBytes());
            try {
                PublicKey publicKey = (PublicKey) OpenSSLReal.getWithBCProvider(new OpenSSLReal.Callable() { // from class: org.jruby.ext.openssl.NetscapeSPKI.2
                    @Override // org.jruby.ext.openssl.OpenSSLReal.Callable
                    public Object call() throws GeneralSecurityException {
                        try {
                            NetscapeSPKI.this.cert = new NetscapeCertRequest(tryBase64Decode);
                            NetscapeSPKI.this.challenge = NetscapeSPKI.this.getRuntime().newString(NetscapeSPKI.this.cert.getChallenge());
                            return NetscapeSPKI.this.cert.getPublicKey();
                        } catch (IOException e) {
                            throw new GeneralSecurityException(e.getMessage(), e);
                        }
                    }
                });
                String algorithm = publicKey.getAlgorithm();
                byte[] encoded = publicKey.getEncoded();
                if ("RSA".equalsIgnoreCase(algorithm)) {
                    this.public_key = getRuntime().getModule("OpenSSL").getConstant("PKey").getClass("RSA").callMethod(getRuntime().getCurrentContext(), "new", RubyString.newString(getRuntime(), encoded));
                } else {
                    if (!ASN1Registry.SN_dsa.equalsIgnoreCase(algorithm)) {
                        throw getRuntime().newLoadError("not implemented algo for public key: " + algorithm);
                    }
                    this.public_key = getRuntime().getModule("OpenSSL").getConstant("PKey").getClass(ASN1Registry.SN_dsa).callMethod(getRuntime().getCurrentContext(), "new", RubyString.newString(getRuntime(), encoded));
                }
            } catch (GeneralSecurityException e) {
                throw newSPKIError(getRuntime(), e.getMessage());
            }
        }
        return this;
    }

    private byte[] tryBase64Decode(byte[] bArr) {
        try {
            bArr = Base64.decode(bArr, 0, bArr.length, 0);
        } catch (Exception e) {
        }
        return bArr;
    }

    @JRubyMethod
    public IRubyObject to_der() {
        try {
            return RubyString.newString(getRuntime(), internalToDer());
        } catch (IOException e) {
            throw newSPKIError(getRuntime(), e.getMessage());
        }
    }

    @JRubyMethod(name = {"to_pem", "to_s"})
    public IRubyObject to_pem() {
        try {
            byte[] internalToDer = internalToDer();
            return getRuntime().newString(Base64.encodeBytes(internalToDer, 0, internalToDer.length, 0));
        } catch (IOException e) {
            throw newSPKIError(getRuntime(), e.getMessage());
        }
    }

    private byte[] internalToDer() throws IOException {
        DERSequence dERSequence = (DERSequence) this.cert.toASN1Object();
        DERBitString dERBitString = new DERBitString(this.public_key.to_der().convertToString().getBytes());
        DERIA5String dERIA5String = new DERIA5String(this.challenge.toString());
        DERObjectIdentifier dERObjectIdentifier = (DERObjectIdentifier) ((DERSequence) ((DERSequence) ((DERSequence) dERSequence.getObjectAt(0)).getObjectAt(0)).getObjectAt(0)).getObjectAt(0);
        DERObjectIdentifier objectId = ((AlgorithmIdentifier) dERSequence.getObjectAt(1)).getObjectId();
        DERBitString dERBitString2 = (DERBitString) dERSequence.getObjectAt(2);
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
        ASN1EncodableVector aSN1EncodableVector4 = new ASN1EncodableVector();
        ASN1EncodableVector aSN1EncodableVector5 = new ASN1EncodableVector();
        aSN1EncodableVector5.add(dERObjectIdentifier);
        aSN1EncodableVector5.add(new DERNull());
        aSN1EncodableVector4.add(new DERSequence(aSN1EncodableVector5));
        aSN1EncodableVector4.add(dERBitString);
        aSN1EncodableVector3.add(new DERSequence(aSN1EncodableVector4));
        aSN1EncodableVector3.add(dERIA5String);
        aSN1EncodableVector.add(new DERSequence(aSN1EncodableVector3));
        aSN1EncodableVector2.add(objectId);
        aSN1EncodableVector2.add(new DERNull());
        aSN1EncodableVector.add(new DERSequence(aSN1EncodableVector2));
        aSN1EncodableVector.add(dERBitString2);
        return new DERSequence(aSN1EncodableVector).getEncoded();
    }

    @JRubyMethod
    public IRubyObject to_text() {
        System.err.println("WARNING: calling unimplemented method: to_text");
        return getRuntime().getNil();
    }

    @JRubyMethod
    public IRubyObject public_key() {
        return this.public_key;
    }

    @JRubyMethod(name = {"public_key="})
    public IRubyObject set_public_key(IRubyObject iRubyObject) {
        this.public_key = iRubyObject;
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject sign(final IRubyObject iRubyObject, IRubyObject iRubyObject2) {
        final DERObjectIdentifier dERObjectIdentifier = ASN1.getOIDLookup(getRuntime()).get(((PKey) iRubyObject).getAlgorithm().toLowerCase() + "-" + ((Digest) iRubyObject2).getShortAlgorithm().toLowerCase());
        try {
            OpenSSLReal.doWithBCProvider(new OpenSSLReal.Runnable() { // from class: org.jruby.ext.openssl.NetscapeSPKI.3
                @Override // org.jruby.ext.openssl.OpenSSLReal.Runnable
                public void run() throws GeneralSecurityException {
                    NetscapeSPKI.this.cert = new NetscapeCertRequest(NetscapeSPKI.this.challenge.toString(), new AlgorithmIdentifier(dERObjectIdentifier), NetscapeSPKI.this.public_key.getPublicKey());
                    NetscapeSPKI.this.cert.sign(iRubyObject.getPrivateKey());
                }
            });
            return this;
        } catch (GeneralSecurityException e) {
            throw newSPKIError(getRuntime(), e.getMessage());
        }
    }

    @JRubyMethod
    public IRubyObject verify(IRubyObject iRubyObject) {
        this.cert.setPublicKey(((PKey) iRubyObject).getPublicKey());
        try {
            return ((Boolean) OpenSSLReal.getWithBCProvider(new OpenSSLReal.Callable() { // from class: org.jruby.ext.openssl.NetscapeSPKI.4
                @Override // org.jruby.ext.openssl.OpenSSLReal.Callable
                public Boolean call() throws GeneralSecurityException {
                    return Boolean.valueOf(NetscapeSPKI.this.cert.verify(NetscapeSPKI.this.challenge.toString()));
                }
            })).booleanValue() ? getRuntime().getTrue() : getRuntime().getFalse();
        } catch (GeneralSecurityException e) {
            throw newSPKIError(getRuntime(), e.getMessage());
        }
    }

    @JRubyMethod
    public IRubyObject challenge() {
        return this.challenge;
    }

    @JRubyMethod(name = {"challenge="})
    public IRubyObject set_challenge(IRubyObject iRubyObject) {
        this.challenge = iRubyObject;
        return iRubyObject;
    }

    private static RaiseException newSPKIError(Ruby ruby, String str) {
        return new RaiseException(ruby, ruby.getModule("OpenSSL").getConstantAt(ASN1Registry.SN_netscape).getClass("SPKIError"), str, true);
    }
}
