package com.unbound.common.crypto;

import com.unbound.common.crypto.DER;
import java.net.InetAddress;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.HashMap;
import java.util.Map;

/* loaded from: input_file:com/unbound/common/crypto/PKCS10.class */
public class PKCS10 {
    private RSAPublicKey publicKey;
    private String[] dns;
    private InetAddress[] ip;
    private String challengePassword;
    private byte[] signature;
    private String signHashOid;
    private Map<String, String> subject = new HashMap();

    public PKCS10(RSAPublicKey rSAPublicKey) {
        this.publicKey = rSAPublicKey;
    }

    public void setAlternativeSubjectName(String[] strArr, InetAddress[] inetAddressArr) {
        this.dns = strArr;
        this.ip = inetAddressArr;
    }

    public void setSubjectName(String str, String str2) {
        this.subject.put(str, str2);
    }

    public void setChallengePassword(String str) {
        this.challengePassword = str;
    }

    public void sign(RSAPrivateKey rSAPrivateKey, String str) {
        if (str.equals("SHA256")) {
            this.signHashOid = "1.2.840.113549.1.1.11";
        } else {
            if (!str.equals("SHA1")) {
                throw new IllegalArgumentException("Unsupported hash type");
            }
            this.signHashOid = "1.2.840.113549.1.1.5";
        }
        this.signature = RSA.signPkcs1(rSAPrivateKey, str, toBeSigned());
    }

    private DER.Builder encodeCertificationRequestInfo(DER.Builder builder) {
        builder.beginSequence().addInteger(0L);
        X509.encode(builder, this.subject).beginSequence().beginSequence().addOid("1.2.840.113549.1.1.1").addNull().end().beginBitString().beginSequence().add(this.publicKey.getModulus()).add(this.publicKey.getPublicExponent()).end().end().end();
        if (this.challengePassword != null || this.dns != null || this.ip != null) {
            builder.begin((byte) -96);
            if (this.dns != null || this.ip != null) {
                builder.beginSequence().addOid("1.2.840.113549.1.9.14").beginSet().beginSequence().beginSequence().addOid("2.5.29.17").beginOctetString().beginSequence();
                if (this.dns != null) {
                    for (String str : this.dns) {
                        builder.add((byte) -126, str);
                    }
                }
                if (this.ip != null) {
                    for (InetAddress inetAddress : this.ip) {
                        builder.add((byte) -121, inetAddress.getAddress());
                    }
                }
                builder.end().end().end().end().end().end();
            }
            if (this.challengePassword != null) {
                builder.beginSequence().addOid("1.2.840.113549.1.9.7").beginSet().add((byte) 19, this.challengePassword).end().end();
            }
            builder.end();
        }
        return builder.end();
    }

    private byte[] toBeSigned() {
        return encodeCertificationRequestInfo(new DER.Builder()).toByteArray();
    }

    public byte[] exportDer() {
        DER.Builder builder = new DER.Builder();
        builder.beginSequence();
        encodeCertificationRequestInfo(builder).beginSequence().addOid(this.signHashOid).addNull().end().addBitString(this.signature).end();
        return builder.toByteArray();
    }
}
