package com.rsa.certj.provider.pki.cmp;

import com.rsa.asn1.ASN1;
import com.rsa.asn1.ASN1Container;
import com.rsa.asn1.ASN_Exception;
import com.rsa.asn1.ChoiceContainer;
import com.rsa.asn1.EncodedContainer;
import com.rsa.asn1.EndContainer;
import com.rsa.asn1.SequenceContainer;
import com.rsa.certj.CertJ;
import com.rsa.certj.CertJException;
import com.rsa.certj.DatabaseService;
import com.rsa.certj.cert.Certificate;
import com.rsa.certj.cert.CertificateException;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.crmf.CRMFException;
import com.rsa.certj.crmf.Control;
import com.rsa.certj.crmf.EncryptedValue;
import com.rsa.certj.crmf.PKIPublicationInfo;
import com.rsa.certj.crmf.ProtocolEncryptionKey;
import com.rsa.jsafe.JSAFE_PrivateKey;
import com.rsa.jsafe.JSAFE_PublicKey;

/* JADX INFO: Access modifiers changed from: private */
/* loaded from: input_file:WEB-INF/lib/certjFIPS.jar:com/rsa/certj/provider/pki/cmp/Cx.class */
public final class Cx {
    private Certificate a;
    private EncryptedValue b;
    private EncryptedValue c;
    private PKIPublicationInfo d;
    private final CMPCertResponseCommon e;

    private Cx(CMPCertResponseCommon cMPCertResponseCommon, byte[] bArr, int i, int i2, CertJ certJ, CMPCertRequestCommon cMPCertRequestCommon, CMPProtectInfo cMPProtectInfo) throws CMPException {
        this.e = cMPCertResponseCommon;
        this.a = null;
        this.b = null;
        this.c = null;
        this.d = null;
        SequenceContainer sequenceContainer = new SequenceContainer(i2);
        ChoiceContainer choiceContainer = new ChoiceContainer(0);
        EncodedContainer encodedContainer = new EncodedContainer(10498048);
        EncodedContainer encodedContainer2 = new EncodedContainer(10498049);
        EndContainer endContainer = new EndContainer();
        EncodedContainer encodedContainer3 = new EncodedContainer(10563584);
        EncodedContainer encodedContainer4 = new EncodedContainer(10563585);
        try {
            ASN1.berDecode(bArr, i, new ASN1Container[]{sequenceContainer, choiceContainer, encodedContainer, encodedContainer2, endContainer, encodedContainer3, encodedContainer4, new EndContainer()});
            if (encodedContainer.dataPresent) {
                try {
                    this.a = new X509Certificate(encodedContainer.data, encodedContainer.dataOffset, 10498048);
                } catch (CertificateException e) {
                    throw new CMPException(new StringBuffer().append("CMPCertResponseCommon$CertifiedKeyPair.CertifiedKeyPair: decoding X509Certificate faild(").append(e.getMessage()).append(").").toString());
                }
            }
            if (encodedContainer2.dataPresent) {
                try {
                    this.b = new EncryptedValue(certJ, null, a(cMPCertRequestCommon, cMPProtectInfo));
                    this.b.decodeEncryptedValue(encodedContainer2.data, encodedContainer2.dataOffset, 10498049);
                } catch (CRMFException e2) {
                    throw new CMPException(new StringBuffer().append("CMPCertResponseCommon$CertifiedKeyPair.CertifiedKeyPair: unable to decode EncryptedValue for encryptedCert(").append(e2.getMessage()).append(").").toString());
                }
            }
            if (encodedContainer3.dataPresent) {
                try {
                    this.b = new EncryptedValue(certJ, null, b(cMPCertRequestCommon, cMPProtectInfo));
                    this.b.decodeEncryptedValue(encodedContainer2.data, encodedContainer2.dataOffset, 10498048);
                } catch (CRMFException e3) {
                    throw new CMPException(new StringBuffer().append("CMPCertResponseCommon$CertifiedKeyPair.CertifiedKeyPair: unable to decode EncryptedValue for encrypted private key(").append(e3.getMessage()).append(").").toString());
                }
            }
            if (encodedContainer4.dataPresent) {
                try {
                    Control control = Control.getInstance(encodedContainer4.data, encodedContainer4.dataOffset, 10563585);
                    if (!(control instanceof PKIPublicationInfo)) {
                        throw new CMPException("CMPCertResponseCommon$CertifiedKeyPair.CertifiedKeyPair: decoded data is not a PKIPublicationInfo object.");
                    }
                    this.d = (PKIPublicationInfo) control;
                } catch (CRMFException e4) {
                    throw new CMPException(new StringBuffer().append("CMPCertResponseCommon$CertifiedKeyPair.CertifiedKeyPair: unable to decode PKIPublicationInfo(").append(e4.getMessage()).append(").").toString());
                }
            }
        } catch (ASN_Exception e5) {
            throw new CMPException(new StringBuffer().append("CMPCertResponseCommon$CertifiedKeyPair.CertifiedKeyPair: decoding CertifiedKeyPair faild(").append(e5.getMessage()).append(").").toString());
        }
    }

    private JSAFE_PrivateKey a(CMPCertRequestCommon cMPCertRequestCommon, CMPProtectInfo cMPProtectInfo) throws CMPException {
        try {
            JSAFE_PublicKey subjectPublicKey = cMPCertRequestCommon.getCertTemplate().getSubjectPublicKey();
            if (subjectPublicKey == null) {
                throw new CMPException("CMPCertResponseCommon$CertifiedKeyPair.findEncryptionPrivateKey: unable to find public key in CertTemplate.");
            }
            DatabaseService database = cMPProtectInfo.getDatabase();
            if (database == null) {
                throw new CMPException("CMPCertResponseCommon$CertifiedKeyPair.findEncryptionPrivateKey: database in protectinfo is null.");
            }
            JSAFE_PrivateKey selectPrivateKeyByPublicKey = database.selectPrivateKeyByPublicKey(subjectPublicKey);
            if (selectPrivateKeyByPublicKey == null) {
                throw new CMPException("CMPCertResponseCommon$CertifiedKeyPair.findEncryptionPrivateKey: private key for the certificate returned should be provided in protectInfo.");
            }
            return selectPrivateKeyByPublicKey;
        } catch (CertJException e) {
            throw new CMPException(new StringBuffer().append("CMPCertResponseCommon$CertifiedKeyPair.findEncryptionPrivateKey: ").append(e.getMessage()).toString());
        }
    }

    private JSAFE_PrivateKey b(CMPCertRequestCommon cMPCertRequestCommon, CMPProtectInfo cMPProtectInfo) throws CMPException {
        ProtocolEncryptionKey protocolEncryptionKey = (ProtocolEncryptionKey) cMPCertRequestCommon.getControls().getControlByType(5);
        if (protocolEncryptionKey == null) {
            throw new CMPException("CMPCertResponseCommon$CertifiedKeyPair.findProtEncKey: request does not contain ProtEncKey control.");
        }
        try {
            JSAFE_PublicKey subjectPublicKey = protocolEncryptionKey.getSubjectPublicKey();
            DatabaseService database = cMPProtectInfo.getDatabase();
            if (database == null) {
                throw new CMPException("CMPCertResponseCommon$CertifiedKeyPair.findProtEncKey: database in protectinfo is null.");
            }
            try {
                return database.selectPrivateKeyByPublicKey(subjectPublicKey);
            } catch (CertJException e) {
                throw new CMPException(new StringBuffer().append("CMPCertResponseCommon$CertifiedKeyPair.findProtEncKey: searching private key failed(").append(e.getMessage()).append(").").toString());
            }
        } catch (CRMFException e2) {
            throw new CMPException(new StringBuffer().append("CMPCertResponseCommon$CertifiedKeyPair.findProtEncKey: unable to extract public key from ProtEncKey control(").append(e2.getMessage()).append(").").toString());
        }
    }

    private Certificate a() throws CMPException {
        if (this.a != null) {
            return this.a;
        }
        if (this.b == null) {
            return null;
        }
        try {
            return new X509Certificate(this.b.getDecryptedValue(), 0, 0);
        } catch (CertificateException e) {
            throw new CMPException("CMPCertResponseCommon$CertifiedKeyPair.getCertificate: unable to decode a certificate.");
        }
    }

    private JSAFE_PrivateKey b() throws CMPException {
        if (this.c == null) {
            return null;
        }
        try {
            return this.c.getPrivateKey();
        } catch (CRMFException e) {
            throw new CMPException(new StringBuffer().append("CMPCertResponseCommon$CertifiedKeyPair.getPrivateKey: unable to get decrypted private key(").append(e.getMessage()).append(").").toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Certificate a(Cx cx) throws CMPException {
        return cx.a();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static JSAFE_PrivateKey b(Cx cx) throws CMPException {
        return cx.b();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PKIPublicationInfo c(Cx cx) {
        return cx.d;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Cx(CMPCertResponseCommon cMPCertResponseCommon, byte[] bArr, int i, int i2, CertJ certJ, CMPCertRequestCommon cMPCertRequestCommon, CMPProtectInfo cMPProtectInfo, Cab cab) throws CMPException {
        this(cMPCertResponseCommon, bArr, i, i2, certJ, cMPCertRequestCommon, cMPProtectInfo);
    }
}
