package cryptix.openpgp.provider;

import cryptix.openpgp.PGPCertificateParameterBuilder;
import cryptix.openpgp.PGPKeyBundle;
import cryptix.openpgp.PGPPrincipal;
import cryptix.openpgp.PGPPrivateKey;
import cryptix.openpgp.PGPPublicKey;
import cryptix.openpgp.PGPSignatureParameterSpec;
import cryptix.openpgp.PGPV3SignatureParameterSpec;
import cryptix.openpgp.algorithm.PGPAlgorithmFactory;
import cryptix.openpgp.algorithm.PGPSigner;
import cryptix.openpgp.io.PGPHashDataOutputStream;
import cryptix.openpgp.packet.PGPPublicKeyPacket;
import cryptix.openpgp.packet.PGPSignaturePacket;
import cryptix.openpgp.packet.PGPUserIDPacket;
import cryptix.openpgp.signature.PGPDateSP;
import cryptix.openpgp.signature.PGPSignatureSubPacket;
import cryptix.pki.CertificateBuilderSpi;
import cryptix.pki.KeyBundle;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Date;
import java.util.Enumeration;
import java.util.Vector;

/* loaded from: input_file:cryptix-openpgp-provider-20050405.jar:cryptix/openpgp/provider/PGPCertificateBuilder.class */
public class PGPCertificateBuilder extends CertificateBuilderSpi {
    @Override // cryptix.pki.CertificateBuilderSpi
    public Certificate engineBuild(PublicKey publicKey, Principal principal, KeyBundle keyBundle, char[] cArr, SecureRandom secureRandom) throws CertificateException, UnrecoverableKeyException {
        if (!(keyBundle instanceof PGPKeyBundle)) {
            throw new CertificateException("Issuer not instance of PGPKeyBundle");
        }
        PrivateKey privateKey = keyBundle.getPrivateKey((PublicKey) keyBundle.getPublicKeys().next(), cArr);
        if (privateKey instanceof PGPPrivateKey) {
            return engineBuild(publicKey, principal, privateKey, secureRandom);
        }
        throw new CertificateException("Issuer does not contain a private key.");
    }

    @Override // cryptix.pki.CertificateBuilderSpi
    public Certificate engineBuild(PublicKey publicKey, Principal principal, KeyBundle keyBundle, char[] cArr, SecureRandom secureRandom, AlgorithmParameterSpec algorithmParameterSpec) throws CertificateException, InvalidAlgorithmParameterException, UnrecoverableKeyException {
        if (!(keyBundle instanceof PGPKeyBundle)) {
            throw new CertificateException("Issuer not instance of PGPKeyBundle");
        }
        PrivateKey privateKey = keyBundle.getPrivateKey((PublicKey) keyBundle.getPublicKeys().next(), cArr);
        if (privateKey instanceof PGPPrivateKey) {
            return engineBuild(publicKey, principal, privateKey, secureRandom, algorithmParameterSpec);
        }
        throw new CertificateException("Issuer does not contain a private key.");
    }

    @Override // cryptix.pki.CertificateBuilderSpi
    public Certificate engineBuild(PublicKey publicKey, Principal principal, PrivateKey privateKey, SecureRandom secureRandom) throws CertificateException {
        try {
            return engineBuild(publicKey, principal, privateKey, secureRandom, getDefaultParameterSpec(privateKey));
        } catch (InvalidAlgorithmParameterException e) {
            throw new CertificateException(new StringBuffer("Invalid default parameters. ").append(e).toString());
        } catch (InvalidKeyException e2) {
            throw new CertificateException(new StringBuffer("Invalid issuer key type. ").append(e2).toString());
        }
    }

    @Override // cryptix.pki.CertificateBuilderSpi
    public Certificate engineBuild(PublicKey publicKey, Principal principal, PrivateKey privateKey, SecureRandom secureRandom, AlgorithmParameterSpec algorithmParameterSpec) throws CertificateException, InvalidAlgorithmParameterException {
        int i;
        if (!(publicKey instanceof PGPPublicKey)) {
            throw new CertificateException("Subject key not instance of PGPPublicKey");
        }
        if (!(principal instanceof PGPPrincipal)) {
            throw new CertificateException("Subject name not instance of PGPPrincipal");
        }
        if (!(privateKey instanceof PGPPrivateKey)) {
            throw new CertificateException("Issuer not instance of PGPPrivateKey");
        }
        PGPPrivateKey pGPPrivateKey = (PGPPrivateKey) privateKey;
        PGPAlgorithmFactory defaultInstance = PGPAlgorithmFactory.getDefaultInstance();
        byte algorithmID = pGPPrivateKey.getPacket().getAlgorithmID();
        PGPSignaturePacket pGPSignaturePacket = new PGPSignaturePacket();
        if (algorithmParameterSpec instanceof PGPSignatureParameterSpec) {
            PGPSignatureParameterSpec pGPSignatureParameterSpec = (PGPSignatureParameterSpec) algorithmParameterSpec;
            i = 2;
            Vector hashed = pGPSignatureParameterSpec.getHashed();
            Vector vector = new Vector();
            Vector unhashed = pGPSignatureParameterSpec.getUnhashed();
            byte sigType = pGPSignatureParameterSpec.getSigType();
            Enumeration elements = hashed.elements();
            while (elements.hasMoreElements()) {
                PGPSignatureSubPacket pGPSignatureSubPacket = (PGPSignatureSubPacket) elements.nextElement();
                if (pGPSignatureSubPacket.getPacketID() == 9) {
                    long time = ((PGPDateSP) pGPSignatureSubPacket).getValue().getTime() - ((PGPPublicKey) publicKey).getPacket().getCreationDate().getTime();
                    if (time < 0) {
                        throw new InvalidAlgorithmParameterException("Key expires before it is created");
                    }
                    PGPDateSP pGPDateSP = new PGPDateSP();
                    pGPDateSP.setPacketID(pGPSignatureSubPacket.getPacketID());
                    pGPDateSP.setCritical(pGPSignatureSubPacket.getCritical());
                    pGPDateSP.setValue(new Date(time));
                    vector.add(pGPDateSP);
                } else {
                    vector.add(pGPSignatureSubPacket);
                }
            }
            pGPSignaturePacket.setData(sigType, algorithmID, (byte) 2, vector, unhashed);
            pGPSignaturePacket.setPacketID((byte) 2);
        } else {
            if (!(algorithmParameterSpec instanceof PGPV3SignatureParameterSpec)) {
                throw new InvalidAlgorithmParameterException(new StringBuffer("Expected PGPSignatureParameterSpec or PGPV3SignatureParameterSpec, got ").append(algorithmParameterSpec.getClass().toString()).toString());
            }
            i = 1;
            PGPV3SignatureParameterSpec pGPV3SignatureParameterSpec = (PGPV3SignatureParameterSpec) algorithmParameterSpec;
            pGPSignaturePacket.setData(pGPV3SignatureParameterSpec.getSigType(), pGPV3SignatureParameterSpec.getTime(), pGPV3SignatureParameterSpec.getIssuer(), algorithmID, (byte) 1);
            pGPSignaturePacket.setPacketID((byte) 2);
        }
        PGPPublicKey pGPPublicKey = (PGPPublicKey) publicKey;
        PGPPrincipal pGPPrincipal = (PGPPrincipal) principal;
        PGPPublicKeyPacket pGPPublicKeyPacket = (PGPPublicKeyPacket) pGPPublicKey.getPacket();
        PGPUserIDPacket pGPUserIDPacket = (PGPUserIDPacket) pGPPrincipal.getPacket();
        PGPSigner pGPSigner = (PGPSigner) pGPPrivateKey.getPacket().getAlgorithm();
        try {
            MessageDigest hashAlgorithm = defaultInstance.getHashAlgorithm(i);
            pGPSigner.initSign(i, defaultInstance);
            PGPHashDataOutputStream pGPHashDataOutputStream = new PGPHashDataOutputStream(hashAlgorithm, pGPSigner);
            try {
                pGPPublicKeyPacket.encodeBody(pGPHashDataOutputStream);
                pGPHashDataOutputStream.close();
                try {
                    byte[] bytes = pGPUserIDPacket.getValue().getBytes("UTF-8");
                    if (pGPSignaturePacket.getVersion() == 4) {
                        byte[] bArr = {-76, (byte) ((bytes.length >> 24) & 255), (byte) ((bytes.length >> 16) & 255), (byte) ((bytes.length >> 8) & 255), (byte) (bytes.length & 255)};
                        hashAlgorithm.update(bArr);
                        pGPSigner.update(bArr);
                    }
                    hashAlgorithm.update(bytes);
                    pGPSigner.update(bytes);
                    int hashData = pGPSignaturePacket.hashData(hashAlgorithm, pGPSigner);
                    if (pGPSignaturePacket.getVersion() == 4) {
                        byte[] bArr2 = {pGPSignaturePacket.getVersion(), -1, (byte) ((hashData >> 24) & 255), (byte) ((hashData >> 16) & 255), (byte) ((hashData >> 8) & 255), (byte) (hashData & 255)};
                        hashAlgorithm.update(bArr2);
                        pGPSigner.update(bArr2);
                    }
                    pGPSignaturePacket.setHash(hashAlgorithm.digest());
                    pGPSigner.computeSignature();
                    pGPSignaturePacket.setSignature(pGPSigner);
                    return new PGPCertificateImpl(pGPSignaturePacket, pGPPrincipal, pGPPublicKey);
                } catch (UnsupportedEncodingException unused) {
                    throw new InternalError("UTF-8 encoding not supported.");
                }
            } catch (IOException e) {
                throw new InternalError(new StringBuffer("IOException on hashing key - ").append(e).toString());
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new CertificateException(String.valueOf(String.valueOf(e2)));
        }
    }

    protected AlgorithmParameterSpec getDefaultParameterSpec(PrivateKey privateKey) throws InvalidKeyException {
        return new PGPCertificateParameterBuilder(privateKey).build();
    }
}
