package gnu.classpath.tools.keytool;

import gnu.classpath.Configuration;
import gnu.classpath.tools.common.ClasspathToolParser;
import gnu.classpath.tools.getopt.Option;
import gnu.classpath.tools.getopt.OptionException;
import gnu.classpath.tools.getopt.OptionGroup;
import gnu.classpath.tools.getopt.Parser;
import gnu.java.security.OID;
import gnu.java.security.der.BitString;
import gnu.java.security.der.DERReader;
import gnu.java.security.der.DERValue;
import gnu.java.security.der.DERWriter;
import gnu.java.util.Base64;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.logging.Logger;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.x500.X500Principal;
import org.objectweb.asm.Opcodes;

/* loaded from: input_file:gnu/classpath/tools/keytool/CertReqCmd.class */
class CertReqCmd extends Command {
    private static final Logger log = Logger.getLogger(CertReqCmd.class.getName());
    private static final String ATTRIBUTES_OPT = "attributes";
    protected String _alias;
    protected String _sigAlgorithm;
    protected String _certReqFileName;
    protected String _password;
    protected String _ksType;
    protected String _ksURL;
    protected String _ksPassword;
    protected String _providerClassName;
    protected boolean nullAttributes;

    public void setAlias(String str) {
        this._alias = str;
    }

    public void setSigalg(String str) {
        this._sigAlgorithm = str;
    }

    public void setFile(String str) {
        this._certReqFileName = str;
    }

    public void setKeypass(String str) {
        this._password = str;
    }

    public void setStoretype(String str) {
        this._ksType = str;
    }

    public void setKeystore(String str) {
        this._ksURL = str;
    }

    public void setStorepass(String str) {
        this._ksPassword = str;
    }

    public void setProvider(String str) {
        this._providerClassName = str;
    }

    public void setAttributes(String str) {
        this.nullAttributes = Boolean.valueOf(str).booleanValue();
    }

    @Override // gnu.classpath.tools.keytool.Command
    void setup() throws Exception {
        setOutputStreamParam(this._certReqFileName);
        setKeyStoreParams(this._providerClassName, this._ksType, this._ksPassword, this._ksURL);
        setAliasParam(this._alias);
        setKeyPasswordNoPrompt(this._password);
        if (Configuration.DEBUG) {
            log.fine("-certreq handler will use the following options:");
            log.fine("  -alias=" + this.alias);
            log.fine("  -sigalg=" + this._sigAlgorithm);
            log.fine("  -file=" + this._certReqFileName);
            log.fine("  -storetype=" + this.storeType);
            log.fine("  -keystore=" + this.storeURL);
            log.fine("  -provider=" + this.provider);
            log.fine("  -v=" + this.verbose);
            log.fine("  -attributes=" + this.nullAttributes);
        }
    }

    @Override // gnu.classpath.tools.keytool.Command
    void start() throws KeyStoreException, NoSuchAlgorithmException, IOException, UnsupportedCallbackException, UnrecoverableKeyException, InvalidKeyException, SignatureException {
        if (Configuration.DEBUG) {
            log.entering(getClass().getName(), "start");
        }
        Key aliasPrivateKey = getAliasPrivateKey();
        X509Certificate x509Certificate = (X509Certificate) this.store.getCertificateChain(this.alias)[0];
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        PublicKey publicKey = x509Certificate.getPublicKey();
        setSignatureAlgorithmParam(this._sigAlgorithm, aliasPrivateKey);
        String encode = Base64.encode(getCSR(issuerX500Principal, publicKey, (PrivateKey) aliasPrivateKey), 72);
        PrintWriter printWriter = new PrintWriter(this.outStream, true);
        printWriter.println("-----BEGIN NEW CERTIFICATE REQUEST-----");
        printWriter.println(encode);
        printWriter.println("-----END NEW CERTIFICATE REQUEST-----");
        if (this.verbose) {
            if (!this.systemOut) {
                System.out.println(Messages.getFormattedString("CertReqCmd.27", this._certReqFileName));
            }
            System.out.println(Messages.getString("CertReqCmd.28"));
        }
        printWriter.close();
        if (Configuration.DEBUG) {
            log.exiting(getClass().getName(), "start");
        }
    }

    @Override // gnu.classpath.tools.keytool.Command
    Parser getParser() {
        if (Configuration.DEBUG) {
            log.entering(getClass().getName(), "getParser");
        }
        ClasspathToolParser classpathToolParser = new ClasspathToolParser("certreq", true);
        classpathToolParser.setHeader(Messages.getString("CertReqCmd.25"));
        classpathToolParser.setFooter(Messages.getString("CertReqCmd.24"));
        OptionGroup optionGroup = new OptionGroup(Messages.getString("CertReqCmd.23"));
        optionGroup.add(new Option("alias", Messages.getString("CertReqCmd.22"), Messages.getString("CertReqCmd.21")) { // from class: gnu.classpath.tools.keytool.CertReqCmd.1
            @Override // gnu.classpath.tools.getopt.Option
            public void parsed(String str) throws OptionException {
                CertReqCmd.this._alias = str;
            }
        });
        optionGroup.add(new Option("sigalg", Messages.getString("CertReqCmd.20"), Messages.getString("CertReqCmd.19")) { // from class: gnu.classpath.tools.keytool.CertReqCmd.2
            @Override // gnu.classpath.tools.getopt.Option
            public void parsed(String str) throws OptionException {
                CertReqCmd.this._sigAlgorithm = str;
            }
        });
        optionGroup.add(new Option("file", Messages.getString("CertReqCmd.18"), Messages.getString("CertReqCmd.17")) { // from class: gnu.classpath.tools.keytool.CertReqCmd.3
            @Override // gnu.classpath.tools.getopt.Option
            public void parsed(String str) throws OptionException {
                CertReqCmd.this._certReqFileName = str;
            }
        });
        optionGroup.add(new Option("keypass", Messages.getString("CertReqCmd.16"), Messages.getString("CertReqCmd.9")) { // from class: gnu.classpath.tools.keytool.CertReqCmd.4
            @Override // gnu.classpath.tools.getopt.Option
            public void parsed(String str) throws OptionException {
                CertReqCmd.this._password = str;
            }
        });
        optionGroup.add(new Option("storetype", Messages.getString("CertReqCmd.14"), Messages.getString("CertReqCmd.13")) { // from class: gnu.classpath.tools.keytool.CertReqCmd.5
            @Override // gnu.classpath.tools.getopt.Option
            public void parsed(String str) throws OptionException {
                CertReqCmd.this._ksType = str;
            }
        });
        optionGroup.add(new Option("keystore", Messages.getString("CertReqCmd.12"), Messages.getString("CertReqCmd.11")) { // from class: gnu.classpath.tools.keytool.CertReqCmd.6
            @Override // gnu.classpath.tools.getopt.Option
            public void parsed(String str) throws OptionException {
                CertReqCmd.this._ksURL = str;
            }
        });
        optionGroup.add(new Option("storepass", Messages.getString("CertReqCmd.10"), Messages.getString("CertReqCmd.9")) { // from class: gnu.classpath.tools.keytool.CertReqCmd.7
            @Override // gnu.classpath.tools.getopt.Option
            public void parsed(String str) throws OptionException {
                CertReqCmd.this._ksPassword = str;
            }
        });
        optionGroup.add(new Option("provider", Messages.getString("CertReqCmd.8"), Messages.getString("CertReqCmd.7")) { // from class: gnu.classpath.tools.keytool.CertReqCmd.8
            @Override // gnu.classpath.tools.getopt.Option
            public void parsed(String str) throws OptionException {
                CertReqCmd.this._providerClassName = str;
            }
        });
        optionGroup.add(new Option("v", Messages.getString("CertReqCmd.6")) { // from class: gnu.classpath.tools.keytool.CertReqCmd.9
            @Override // gnu.classpath.tools.getopt.Option
            public void parsed(String str) throws OptionException {
                CertReqCmd.this.verbose = true;
            }
        });
        optionGroup.add(new Option(ATTRIBUTES_OPT, Messages.getString("CertReqCmd.5")) { // from class: gnu.classpath.tools.keytool.CertReqCmd.10
            @Override // gnu.classpath.tools.getopt.Option
            public void parsed(String str) throws OptionException {
                CertReqCmd.this.nullAttributes = true;
            }
        });
        classpathToolParser.add(optionGroup);
        if (Configuration.DEBUG) {
            log.exiting(getClass().getName(), "getParser", classpathToolParser);
        }
        return classpathToolParser;
    }

    private byte[] getCSR(X500Principal x500Principal, PublicKey publicKey, PrivateKey privateKey) throws IOException, InvalidKeyException, SignatureException {
        DERValue dERValue = new DERValue(2, BigInteger.ZERO);
        DERValue read = new DERReader(x500Principal.getEncoded()).read();
        DERValue read2 = new DERReader(publicKey.getEncoded()).read();
        byte[] bArr = this.nullAttributes ? new byte[]{5} : new byte[0];
        DERValue dERValue2 = new DERValue(Opcodes.IF_ICMPNE, bArr.length, bArr, (byte[]) null);
        ArrayList arrayList = new ArrayList(4);
        arrayList.add(dERValue);
        arrayList.add(read);
        arrayList.add(read2);
        arrayList.add(dERValue2);
        DERValue dERValue3 = new DERValue(48, arrayList);
        OID signatureAlgorithmOID = getSignatureAlgorithmOID();
        DERValue dERValue4 = new DERValue(6, signatureAlgorithmOID);
        ArrayList arrayList2 = new ArrayList(2);
        arrayList2.add(dERValue4);
        if (!signatureAlgorithmOID.equals(Command.SHA1_WITH_DSA)) {
            arrayList2.add(new DERValue(5, (Object) null));
        }
        arrayList2.trimToSize();
        DERValue dERValue5 = new DERValue(48, arrayList2);
        this.signatureAlgorithm.initSign(privateKey);
        this.signatureAlgorithm.update(dERValue3.getEncoded());
        DERValue dERValue6 = new DERValue(3, new BitString(this.signatureAlgorithm.sign()));
        ArrayList arrayList3 = new ArrayList(3);
        arrayList3.add(dERValue3);
        arrayList3.add(dERValue5);
        arrayList3.add(dERValue6);
        DERValue dERValue7 = new DERValue(48, arrayList3);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DERWriter.write(byteArrayOutputStream, dERValue7);
        return byteArrayOutputStream.toByteArray();
    }
}
