package com.rsa.cryptoj.o;

import com.rsa.jsafe.cert.cmp.CMPException;
import com.rsa.jsafe.cert.cmp.CMPInvalidRequestException;
import com.rsa.jsafe.cert.cmp.CMPInvalidResponseException;
import com.rsa.jsafe.cert.cmp.CMPMessage;
import com.rsa.jsafe.cert.cmp.CMPRequestMessage;
import com.rsa.jsafe.cert.cmp.CMPResponseMessage;
import com.rsa.jsafe.cert.cmp.CMPServerConfig;
import com.rsa.jsafe.cert.cmp.MACProtection;
import com.rsa.jsafe.cert.cmp.MessageProtection;
import com.rsa.jsafe.cert.cmp.SignatureProtection;
import java.nio.ByteBuffer;
import java.security.InvalidParameterException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.compress.archivers.tar.TarConstants;

/* loaded from: classes2.dex */
abstract class gs implements hj {
    static final int a = 0;
    static final int b = 2;

    /* renamed from: c, reason: collision with root package name */
    static final int f111c = 7;
    static final int d = 24;
    static final int e = 1;
    static final int f = 3;
    static final int g = 8;
    static final int h = 12;
    static final int i = 19;
    static final int j = 23;
    static final String k = "Error signing request.";
    private static final int o = 16;
    private static final String p = "PBMHmacSHA1";
    private static final d q = a.a("Name", new byte[]{TarConstants.LF_NORMAL, 0}, 0).c(a.c(4));
    private List<d> A;
    private hi B;
    SecureRandom l;
    cf m;
    byte[] n;
    private d r;
    private d s;
    private byte[] t;
    private byte[] u;
    private byte[] v;
    private byte[] w;
    private byte[] x;
    private List<String> y;
    private List<d> z;

    private gt a(d dVar, int i2, byte[] bArr) {
        if (i2 == f() || i2 == 23) {
            if (i2 == 1 || i2 == 3 || i2 == 8) {
                return new ha(this.m, dVar, i2, bArr);
            }
            if (i2 == 12) {
                return new hm(this.m, dVar, bArr);
            }
            if (i2 == 19) {
                return new hc(this.m, dVar, bArr);
            }
            if (i2 == 23) {
                return new hd(this.m, dVar, bArr);
            }
        }
        throw new CMPInvalidResponseException("Response was unexpected message type.");
    }

    private CMPResponseMessage a(byte[] bArr) {
        try {
            d a2 = a.a("PKIMessage", bArr, 0);
            int f2 = a.f(a2.a(1).b().a());
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            a.c(wrap);
            ByteBuffer a3 = a.a(wrap);
            byte[] bArr2 = new byte[a3.remaining()];
            a3.get(bArr2);
            ByteBuffer a4 = a.a(wrap);
            byte[] bArr3 = new byte[a4.remaining()];
            a4.get(bArr3);
            gt a5 = a(a2, f2, a.c(a.a("ProtectedPartSimple", new Object[]{a.a(e.a, bArr2, 0), a.a(e.a, bArr3, 0)})));
            a5.a(this.B);
            b(a5);
            if (a5.getMessageType() == CMPMessage.Type.ERROR_MESSAGE) {
                return a5;
            }
            a(a5);
            return a5;
        } catch (b e2) {
            throw new CMPInvalidResponseException("Invalid response encoding", e2);
        }
    }

    private void a() {
        this.w = new byte[16];
        if (this.l == null) {
            cw.a(this.m).nextBytes(this.w);
        } else {
            this.l.nextBytes(this.w);
        }
    }

    private void a(MACProtection mACProtection) {
        if (!mACProtection.getAlgorithm().equalsIgnoreCase("PBMHmacSHA1")) {
            throw new InvalidParameterException("Unsupported Shared Secret protection algorithm.");
        }
        this.B = new hh(this, mACProtection.getAlgorithm(), c(), mACProtection.getSharedSecret());
    }

    private void a(MessageProtection messageProtection) {
        if (messageProtection == null) {
            return;
        }
        if (messageProtection instanceof MACProtection) {
            if (!d()) {
                throw new InvalidParameterException("MAC protection is not allowable for specified message type.");
            }
            a((MACProtection) messageProtection);
        } else {
            if (!(messageProtection instanceof SignatureProtection)) {
                throw new InvalidParameterException("Invalid protection config.");
            }
            if (!e()) {
                throw new InvalidParameterException("Signature protection is not allowable for specified message type.");
            }
            a((SignatureProtection) messageProtection);
        }
    }

    private void a(SignatureProtection signatureProtection) {
        this.B = new hn(this, signatureProtection.getAlgorithm(), signatureProtection.getSigningKey(), signatureProtection.getRecipientCert().getPublicKey());
    }

    private void b(CMPRequestMessage cMPRequestMessage) {
        try {
            this.r = cMPRequestMessage.getSender() == null ? q : a.a("GeneralName", cMPRequestMessage.getSender().getEncoded(), 0);
            this.s = cMPRequestMessage.getRecipient() == null ? q : a.a("GeneralName", cMPRequestMessage.getRecipient().getEncoded(), 0);
            this.t = cMPRequestMessage.getSenderKeyID();
            this.u = cMPRequestMessage.getRecipientKeyID();
            this.v = cMPRequestMessage.getTransactionID();
            this.x = cMPRequestMessage.getRecipientNonce();
            this.w = cMPRequestMessage.getSenderNonce();
            if (this.w == null) {
                a();
            }
            this.y = cMPRequestMessage.getFreeText();
            List<byte[]> generalInfo = cMPRequestMessage.getGeneralInfo();
            if (generalInfo != null) {
                this.z = new ArrayList();
                Iterator<byte[]> it = generalInfo.iterator();
                while (it.hasNext()) {
                    this.z.add(a.a("InfoTypeAndValue", it.next(), 0));
                }
            }
            List<Certificate> extraCertificates = cMPRequestMessage.getExtraCertificates();
            if (extraCertificates != null) {
                this.A = new ArrayList();
                Iterator<Certificate> it2 = extraCertificates.iterator();
                while (it2.hasNext()) {
                    this.A.add(a.a(e.a, it2.next().getEncoded(), 0));
                }
            }
        } catch (b unused) {
            throw new CMPInvalidRequestException("Invalid message contents.");
        } catch (CertificateEncodingException unused2) {
            throw new CMPInvalidRequestException("Invalid message contents.");
        }
    }

    private void b(CMPResponseMessage cMPResponseMessage) {
        if (this.v != null && !Arrays.equals(this.v, ((gt) cMPResponseMessage).a)) {
            throw new CMPInvalidResponseException("Transaction ID in response did not match transaction ID in request.");
        }
        if (!Arrays.equals(this.w, ((gt) cMPResponseMessage).b)) {
            throw new CMPInvalidResponseException("Sender nonce in request did not match recipient nonce in response.");
        }
    }

    private byte[] c() {
        byte[] bArr = new byte[20];
        if (this.l == null) {
            cw.a(this.m).nextBytes(bArr);
        } else {
            this.l.nextBytes(bArr);
        }
        return bArr;
    }

    private void g() {
        Object[] objArr = new Object[12];
        objArr[0] = 2;
        objArr[1] = this.r;
        objArr[2] = this.s;
        objArr[3] = new Date();
        objArr[4] = this.B == null ? null : this.B.a().c(a.c(1));
        objArr[5] = this.t;
        objArr[6] = this.u;
        objArr[7] = this.v;
        objArr[8] = this.w;
        objArr[9] = this.x;
        objArr[10] = this.y;
        objArr[11] = this.z;
        d a2 = a.a("PKIHeader", objArr);
        d b2 = b();
        this.n = a.a(a.a("PKIMessage", new Object[]{a2, b2, this.B != null ? this.B.a(a.a(a.a("ProtectedPart", new Object[]{a2, b2}))) : null, this.A}));
    }

    @Override // com.rsa.cryptoj.o.hj
    public final CMPResponseMessage a(CMPServerConfig cMPServerConfig) {
        try {
            return a(gv.a(cMPServerConfig).a(this.n));
        } catch (CMPException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new CMPException(e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(cf cfVar) {
        this.m = cfVar;
    }

    abstract void a(CMPRequestMessage cMPRequestMessage);

    @Override // com.rsa.cryptoj.o.hj
    public void a(CMPRequestMessage cMPRequestMessage, MessageProtection messageProtection, SecureRandom secureRandom) {
        this.l = secureRandom;
        a(messageProtection);
        b(cMPRequestMessage);
        a(cMPRequestMessage);
        g();
    }

    abstract void a(CMPResponseMessage cMPResponseMessage);

    abstract d b();

    abstract boolean d();

    abstract boolean e();

    abstract int f();
}
