package com.unboundid.util.ssl.cert;

import com.unboundid.asn1.ASN1BitString;
import com.unboundid.asn1.ASN1Element;
import com.unboundid.asn1.ASN1Integer;
import com.unboundid.asn1.ASN1ObjectIdentifier;
import com.unboundid.asn1.ASN1OctetString;
import com.unboundid.asn1.ASN1Sequence;
import com.unboundid.asn1.ASN1Set;
import com.unboundid.ldap.sdk.DN;
import com.unboundid.util.Base64;
import com.unboundid.util.CryptoHelper;
import com.unboundid.util.Debug;
import com.unboundid.util.NotMutable;
import com.unboundid.util.NotNull;
import com.unboundid.util.Nullable;
import com.unboundid.util.OID;
import com.unboundid.util.ObjectPair;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import java.io.Serializable;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;

@ThreadSafety(level = ThreadSafetyLevel.COMPLETELY_THREADSAFE)
@NotMutable
/* loaded from: input_file:WEB-INF/lib/unboundid-ldapsdk-6.0.5.jar:com/unboundid/util/ssl/cert/PKCS10CertificateSigningRequest.class */
public final class PKCS10CertificateSigningRequest implements Serializable {
    private static final byte TYPE_ATTRIBUTES = -96;

    @NotNull
    private static final OID ATTRIBUTE_OID_EXTENSIONS = new OID("1.2.840.113549.1.9.14");
    private static final long serialVersionUID = -1665446530589389194L;

    @NotNull
    private final ASN1BitString signatureValue;

    @NotNull
    private final ASN1BitString encodedPublicKey;

    @Nullable
    private final ASN1Element publicKeyAlgorithmParameters;

    @Nullable
    private final ASN1Element signatureAlgorithmParameters;

    @NotNull
    private final byte[] pkcs10CertificateSigningRequestBytes;

    @Nullable
    private final DecodedPublicKey decodedPublicKey;

    @NotNull
    private final DN subjectDN;

    @NotNull
    private final List<ObjectPair<OID, ASN1Set>> requestAttributes;

    @NotNull
    private final List<X509CertificateExtension> extensions;

    @NotNull
    private final OID publicKeyAlgorithmOID;

    @NotNull
    private final OID signatureAlgorithmOID;

    @NotNull
    private final PKCS10CertificateSigningRequestVersion version;

    @Nullable
    private final String publicKeyAlgorithmName;

    @Nullable
    private final String signatureAlgorithmName;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PKCS10CertificateSigningRequest(@NotNull PKCS10CertificateSigningRequestVersion pKCS10CertificateSigningRequestVersion, @NotNull OID oid, @Nullable ASN1Element aSN1Element, @NotNull ASN1BitString aSN1BitString, @NotNull DN dn, @NotNull OID oid2, @Nullable ASN1Element aSN1Element2, @NotNull ASN1BitString aSN1BitString2, @Nullable DecodedPublicKey decodedPublicKey, @Nullable List<ObjectPair<OID, ASN1Set>> list, @NotNull X509CertificateExtension... x509CertificateExtensionArr) throws CertException {
        this.version = pKCS10CertificateSigningRequestVersion;
        this.signatureAlgorithmOID = oid;
        this.signatureAlgorithmParameters = aSN1Element;
        this.signatureValue = aSN1BitString;
        this.subjectDN = dn;
        this.publicKeyAlgorithmOID = oid2;
        this.publicKeyAlgorithmParameters = aSN1Element2;
        this.encodedPublicKey = aSN1BitString2;
        this.decodedPublicKey = decodedPublicKey;
        this.extensions = StaticUtils.toList(x509CertificateExtensionArr);
        SignatureAlgorithmIdentifier forOID = SignatureAlgorithmIdentifier.forOID(oid);
        if (forOID == null) {
            this.signatureAlgorithmName = null;
        } else {
            this.signatureAlgorithmName = forOID.getUserFriendlyName();
        }
        PublicKeyAlgorithmIdentifier forOID2 = PublicKeyAlgorithmIdentifier.forOID(oid2);
        if (forOID2 == null) {
            this.publicKeyAlgorithmName = null;
        } else {
            this.publicKeyAlgorithmName = forOID2.getName();
        }
        ArrayList arrayList = new ArrayList(10);
        if (list != null) {
            arrayList.addAll(list);
        }
        if (x509CertificateExtensionArr.length > 0) {
            ArrayList arrayList2 = new ArrayList(x509CertificateExtensionArr.length);
            for (X509CertificateExtension x509CertificateExtension : x509CertificateExtensionArr) {
                arrayList2.add(x509CertificateExtension.encode());
            }
            arrayList.add(new ObjectPair(ATTRIBUTE_OID_EXTENSIONS, new ASN1Set(new ASN1Sequence(arrayList2))));
        }
        this.requestAttributes = Collections.unmodifiableList(arrayList);
        this.pkcs10CertificateSigningRequestBytes = encode().encode();
    }

    public PKCS10CertificateSigningRequest(@NotNull byte[] bArr) throws CertException {
        this.pkcs10CertificateSigningRequestBytes = bArr;
        try {
            ASN1Element[] elements = ASN1Sequence.decodeAsSequence(bArr).elements();
            if (elements.length != 3) {
                throw new CertException(CertMessages.ERR_CSR_DECODE_UNEXPECTED_SEQUENCE_ELEMENT_COUNT.get(Integer.valueOf(elements.length)));
            }
            try {
                ASN1Element[] elements2 = ASN1Sequence.decodeAsSequence(elements[0]).elements();
                try {
                    this.version = PKCS10CertificateSigningRequestVersion.valueOf(elements2[0].decodeAsInteger().intValue());
                    if (this.version == null) {
                        throw new CertException(CertMessages.ERR_CSR_DECODE_UNSUPPORTED_VERSION.get(this.version));
                    }
                    try {
                        this.subjectDN = X509Certificate.decodeName(elements2[1]);
                        try {
                            ASN1Element[] elements3 = elements2[2].decodeAsSequence().elements();
                            ASN1Element[] elements4 = elements3[0].decodeAsSequence().elements();
                            this.publicKeyAlgorithmOID = elements4[0].decodeAsObjectIdentifier().getOID();
                            if (elements4.length > 1) {
                                this.publicKeyAlgorithmParameters = elements4[1];
                            } else {
                                this.publicKeyAlgorithmParameters = null;
                            }
                            this.encodedPublicKey = elements3[1].decodeAsBitString();
                            PublicKeyAlgorithmIdentifier forOID = PublicKeyAlgorithmIdentifier.forOID(this.publicKeyAlgorithmOID);
                            if (forOID == null) {
                                this.publicKeyAlgorithmName = null;
                                this.decodedPublicKey = null;
                            } else {
                                this.publicKeyAlgorithmName = forOID.getName();
                                DecodedPublicKey decodedPublicKey = null;
                                switch (forOID) {
                                    case RSA:
                                        try {
                                            decodedPublicKey = new RSAPublicKey(this.encodedPublicKey);
                                            break;
                                        } catch (Exception e) {
                                            Debug.debugException(e);
                                            break;
                                        }
                                    case EC:
                                        try {
                                            decodedPublicKey = new EllipticCurvePublicKey(this.encodedPublicKey);
                                            break;
                                        } catch (Exception e2) {
                                            Debug.debugException(e2);
                                            break;
                                        }
                                }
                                this.decodedPublicKey = decodedPublicKey;
                            }
                            ArrayList arrayList = new ArrayList(10);
                            ArrayList arrayList2 = new ArrayList(10);
                            if (elements2.length > 3) {
                                for (int i = 3; i < elements2.length; i++) {
                                    ASN1Element aSN1Element = elements2[i];
                                    if (aSN1Element.getType() == -96) {
                                        try {
                                            for (ASN1Element aSN1Element2 : aSN1Element.decodeAsSet().elements()) {
                                                ASN1Element[] elements5 = aSN1Element2.decodeAsSequence().elements();
                                                arrayList.add(new ObjectPair(elements5[0].decodeAsObjectIdentifier().getOID(), elements5[1].decodeAsSet()));
                                            }
                                            Iterator it = arrayList.iterator();
                                            while (it.hasNext()) {
                                                ObjectPair objectPair = (ObjectPair) it.next();
                                                if (((OID) objectPair.getFirst()).equals(ATTRIBUTE_OID_EXTENSIONS)) {
                                                    try {
                                                        for (ASN1Element aSN1Element3 : ((ASN1Set) objectPair.getSecond()).elements()[0].decodeAsSequence().elements()) {
                                                            arrayList2.add(X509CertificateExtension.decode(aSN1Element3));
                                                        }
                                                    } catch (Exception e3) {
                                                        Debug.debugException(e3);
                                                        throw new CertException(CertMessages.ERR_CSR_DECODE_CANNOT_PARSE_EXT_ATTR.get(objectPair.getFirst(), StaticUtils.getExceptionMessage(e3)), e3);
                                                    }
                                                }
                                            }
                                        } catch (Exception e4) {
                                            Debug.debugException(e4);
                                            throw new CertException(CertMessages.ERR_CSR_DECODE_CANNOT_PARSE_ATTRS.get(StaticUtils.getExceptionMessage(e4)), e4);
                                        }
                                    }
                                }
                            }
                            this.requestAttributes = Collections.unmodifiableList(arrayList);
                            this.extensions = Collections.unmodifiableList(arrayList2);
                            try {
                                ASN1Element[] elements6 = elements[1].decodeAsSequence().elements();
                                this.signatureAlgorithmOID = elements6[0].decodeAsObjectIdentifier().getOID();
                                if (elements6.length > 1) {
                                    this.signatureAlgorithmParameters = elements6[1];
                                } else {
                                    this.signatureAlgorithmParameters = null;
                                }
                                SignatureAlgorithmIdentifier forOID2 = SignatureAlgorithmIdentifier.forOID(this.signatureAlgorithmOID);
                                if (forOID2 == null) {
                                    this.signatureAlgorithmName = null;
                                } else {
                                    this.signatureAlgorithmName = forOID2.getUserFriendlyName();
                                }
                                try {
                                    this.signatureValue = elements[2].decodeAsBitString();
                                } catch (Exception e5) {
                                    Debug.debugException(e5);
                                    throw new CertException(CertMessages.ERR_CSR_DECODE_CANNOT_PARSE_SIG_VALUE.get(StaticUtils.getExceptionMessage(e5)), e5);
                                }
                            } catch (Exception e6) {
                                Debug.debugException(e6);
                                throw new CertException(CertMessages.ERR_CSR_DECODE_CANNOT_PARSE_SIG_ALG.get(StaticUtils.getExceptionMessage(e6)), e6);
                            }
                        } catch (Exception e7) {
                            Debug.debugException(e7);
                            throw new CertException(CertMessages.ERR_CSR_DECODE_CANNOT_PARSE_PUBLIC_KEY_INFO.get(StaticUtils.getExceptionMessage(e7)), e7);
                        }
                    } catch (Exception e8) {
                        Debug.debugException(e8);
                        throw new CertException(CertMessages.ERR_CSR_DECODE_CANNOT_PARSE_SUBJECT_DN.get(StaticUtils.getExceptionMessage(e8)), e8);
                    }
                } catch (CertException e9) {
                    Debug.debugException(e9);
                    throw e9;
                } catch (Exception e10) {
                    Debug.debugException(e10);
                    throw new CertException(CertMessages.ERR_CSR_DECODE_CANNOT_PARSE_VERSION.get(StaticUtils.getExceptionMessage(e10)), e10);
                }
            } catch (Exception e11) {
                Debug.debugException(e11);
                throw new CertException(CertMessages.ERR_CSR_DECODE_FIRST_ELEMENT_NOT_SEQUENCE.get(StaticUtils.getExceptionMessage(e11)), e11);
            }
        } catch (Exception e12) {
            Debug.debugException(e12);
            throw new CertException(CertMessages.ERR_CSR_DECODE_NOT_SEQUENCE.get(StaticUtils.getExceptionMessage(e12)), e12);
        }
    }

    @NotNull
    private ASN1Element encode() throws CertException {
        try {
            ArrayList arrayList = new ArrayList(4);
            arrayList.add(new ASN1Integer(this.version.getIntValue()));
            arrayList.add(X509Certificate.encodeName(this.subjectDN));
            if (this.publicKeyAlgorithmParameters == null) {
                arrayList.add(new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(this.publicKeyAlgorithmOID)), this.encodedPublicKey));
            } else {
                arrayList.add(new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(this.publicKeyAlgorithmOID), this.publicKeyAlgorithmParameters), this.encodedPublicKey));
            }
            ArrayList arrayList2 = new ArrayList(this.requestAttributes.size());
            for (ObjectPair<OID, ASN1Set> objectPair : this.requestAttributes) {
                arrayList2.add(new ASN1Sequence(new ASN1ObjectIdentifier(objectPair.getFirst()), objectPair.getSecond()));
            }
            arrayList.add(new ASN1Set((byte) -96, arrayList2));
            ArrayList arrayList3 = new ArrayList(3);
            arrayList3.add(new ASN1Sequence(arrayList));
            if (this.signatureAlgorithmParameters == null) {
                arrayList3.add(new ASN1Sequence(new ASN1ObjectIdentifier(this.signatureAlgorithmOID)));
            } else {
                arrayList3.add(new ASN1Sequence(new ASN1ObjectIdentifier(this.signatureAlgorithmOID), this.signatureAlgorithmParameters));
            }
            arrayList3.add(this.signatureValue);
            return new ASN1Sequence(arrayList3);
        } catch (Exception e) {
            Debug.debugException(e);
            throw new CertException(CertMessages.ERR_CSR_ENCODE_ERROR.get(toString(), StaticUtils.getExceptionMessage(e)), e);
        }
    }

    @NotNull
    public static PKCS10CertificateSigningRequest generateCertificateSigningRequest(@NotNull SignatureAlgorithmIdentifier signatureAlgorithmIdentifier, @NotNull KeyPair keyPair, @NotNull DN dn, @Nullable X509CertificateExtension... x509CertificateExtensionArr) throws CertException {
        DecodedPublicKey decodedPublicKey = null;
        try {
            ASN1Element[] elements = ASN1Sequence.decodeAsSequence(keyPair.getPublic().getEncoded()).elements();
            ASN1Element[] elements2 = ASN1Sequence.decodeAsSequence(elements[0]).elements();
            OID oid = elements2[0].decodeAsObjectIdentifier().getOID();
            ASN1Element aSN1Element = elements2.length == 1 ? null : elements2[1];
            ASN1BitString decodeAsBitString = elements[1].decodeAsBitString();
            try {
                if (oid.equals(PublicKeyAlgorithmIdentifier.RSA.getOID())) {
                    decodedPublicKey = new RSAPublicKey(decodeAsBitString);
                } else if (oid.equals(PublicKeyAlgorithmIdentifier.EC.getOID())) {
                    decodedPublicKey = new EllipticCurvePublicKey(decodeAsBitString);
                }
            } catch (Exception e) {
                Debug.debugException(e);
            }
            byte[] digest = CryptoHelper.getMessageDigest("SHA-1").digest(decodeAsBitString.getBytes());
            ArrayList arrayList = new ArrayList(10);
            arrayList.add(new SubjectKeyIdentifierExtension(false, new ASN1OctetString(digest)));
            if (x509CertificateExtensionArr != null) {
                for (X509CertificateExtension x509CertificateExtension : x509CertificateExtensionArr) {
                    if (!x509CertificateExtension.getOID().equals(SubjectKeyIdentifierExtension.SUBJECT_KEY_IDENTIFIER_OID)) {
                        arrayList.add(x509CertificateExtension);
                    }
                }
            }
            X509CertificateExtension[] x509CertificateExtensionArr2 = new X509CertificateExtension[arrayList.size()];
            arrayList.toArray(x509CertificateExtensionArr2);
            return new PKCS10CertificateSigningRequest(PKCS10CertificateSigningRequestVersion.V1, signatureAlgorithmIdentifier.getOID(), null, generateSignature(signatureAlgorithmIdentifier, keyPair.getPrivate(), dn, oid, aSN1Element, decodeAsBitString, x509CertificateExtensionArr2), dn, oid, aSN1Element, decodeAsBitString, decodedPublicKey, null, x509CertificateExtensionArr2);
        } catch (Exception e2) {
            Debug.debugException(e2);
            throw new CertException(CertMessages.ERR_CSR_GEN_CANNOT_PARSE_KEY_PAIR.get(StaticUtils.getExceptionMessage(e2)), e2);
        }
    }

    @NotNull
    private static ASN1BitString generateSignature(@NotNull SignatureAlgorithmIdentifier signatureAlgorithmIdentifier, @NotNull PrivateKey privateKey, @NotNull DN dn, @NotNull OID oid, @Nullable ASN1Element aSN1Element, @NotNull ASN1BitString aSN1BitString, @NotNull X509CertificateExtension... x509CertificateExtensionArr) throws CertException {
        try {
            Signature signature = CryptoHelper.getSignature(signatureAlgorithmIdentifier.getJavaName());
            try {
                signature.initSign(privateKey);
                try {
                    ArrayList arrayList = new ArrayList(4);
                    arrayList.add(new ASN1Integer(PKCS10CertificateSigningRequestVersion.V1.getIntValue()));
                    arrayList.add(X509Certificate.encodeName(dn));
                    if (aSN1Element == null) {
                        arrayList.add(new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(oid)), aSN1BitString));
                    } else {
                        arrayList.add(new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(oid), aSN1Element), aSN1BitString));
                    }
                    ArrayList arrayList2 = new ArrayList(1);
                    if (x509CertificateExtensionArr != null && x509CertificateExtensionArr.length > 0) {
                        ArrayList arrayList3 = new ArrayList(x509CertificateExtensionArr.length);
                        for (X509CertificateExtension x509CertificateExtension : x509CertificateExtensionArr) {
                            arrayList3.add(x509CertificateExtension.encode());
                        }
                        arrayList2.add(new ASN1Sequence(new ASN1ObjectIdentifier(ATTRIBUTE_OID_EXTENSIONS), new ASN1Set(new ASN1Sequence(arrayList3))));
                    }
                    arrayList.add(new ASN1Set((byte) -96, arrayList2));
                    signature.update(new ASN1Sequence(arrayList).encode());
                    return new ASN1BitString(ASN1BitString.getBitsForBytes(signature.sign()));
                } catch (Exception e) {
                    Debug.debugException(e);
                    throw new CertException(CertMessages.ERR_CSR_GEN_SIGNATURE_CANNOT_COMPUTE.get(signatureAlgorithmIdentifier.getJavaName(), StaticUtils.getExceptionMessage(e)), e);
                }
            } catch (Exception e2) {
                Debug.debugException(e2);
                throw new CertException(CertMessages.ERR_CSR_GEN_SIGNATURE_CANNOT_INIT_SIGNATURE_GENERATOR.get(signatureAlgorithmIdentifier.getJavaName(), StaticUtils.getExceptionMessage(e2)), e2);
            }
        } catch (Exception e3) {
            Debug.debugException(e3);
            throw new CertException(CertMessages.ERR_CSR_GEN_SIGNATURE_CANNOT_GET_SIGNATURE_GENERATOR.get(signatureAlgorithmIdentifier.getJavaName(), StaticUtils.getExceptionMessage(e3)), e3);
        }
    }

    @NotNull
    public byte[] getPKCS10CertificateSigningRequestBytes() {
        return this.pkcs10CertificateSigningRequestBytes;
    }

    @NotNull
    public PKCS10CertificateSigningRequestVersion getVersion() {
        return this.version;
    }

    @NotNull
    public OID getSignatureAlgorithmOID() {
        return this.signatureAlgorithmOID;
    }

    @Nullable
    public String getSignatureAlgorithmName() {
        return this.signatureAlgorithmName;
    }

    @NotNull
    public String getSignatureAlgorithmNameOrOID() {
        return this.signatureAlgorithmName != null ? this.signatureAlgorithmName : this.signatureAlgorithmOID.toString();
    }

    @Nullable
    public ASN1Element getSignatureAlgorithmParameters() {
        return this.signatureAlgorithmParameters;
    }

    @NotNull
    public DN getSubjectDN() {
        return this.subjectDN;
    }

    @NotNull
    public OID getPublicKeyAlgorithmOID() {
        return this.publicKeyAlgorithmOID;
    }

    @Nullable
    public String getPublicKeyAlgorithmName() {
        return this.publicKeyAlgorithmName;
    }

    @NotNull
    public String getPublicKeyAlgorithmNameOrOID() {
        return this.publicKeyAlgorithmName != null ? this.publicKeyAlgorithmName : this.publicKeyAlgorithmOID.toString();
    }

    @Nullable
    public ASN1Element getPublicKeyAlgorithmParameters() {
        return this.publicKeyAlgorithmParameters;
    }

    @NotNull
    public ASN1BitString getEncodedPublicKey() {
        return this.encodedPublicKey;
    }

    @Nullable
    public DecodedPublicKey getDecodedPublicKey() {
        return this.decodedPublicKey;
    }

    @NotNull
    public List<ObjectPair<OID, ASN1Set>> getRequestAttributes() {
        return this.requestAttributes;
    }

    @NotNull
    public List<X509CertificateExtension> getExtensions() {
        return this.extensions;
    }

    @NotNull
    public ASN1BitString getSignatureValue() {
        return this.signatureValue;
    }

    public void verifySignature() throws CertException {
        try {
            PublicKey generatePublic = CryptoHelper.getKeyFactory(getPublicKeyAlgorithmNameOrOID()).generatePublic(new X509EncodedKeySpec(this.publicKeyAlgorithmParameters == null ? new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(this.publicKeyAlgorithmOID)), this.encodedPublicKey).encode() : new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(this.publicKeyAlgorithmOID), this.publicKeyAlgorithmParameters), this.encodedPublicKey).encode()));
            try {
                SignatureAlgorithmIdentifier forOID = SignatureAlgorithmIdentifier.forOID(this.signatureAlgorithmOID);
                Signature signature = CryptoHelper.getSignature(forOID.getJavaName());
                try {
                    signature.initVerify(generatePublic);
                    try {
                        signature.update(ASN1Sequence.decodeAsSequence(this.pkcs10CertificateSigningRequestBytes).elements()[0].encode());
                        if (!signature.verify(this.signatureValue.getBytes())) {
                            throw new CertException(CertMessages.ERR_CSR_VERIFY_SIGNATURE_NOT_VALID.get(this.subjectDN));
                        }
                    } catch (Exception e) {
                        Debug.debugException(e);
                        throw new CertException(CertMessages.ERR_CSR_VERIFY_SIGNATURE_ERROR.get(this.subjectDN, StaticUtils.getExceptionMessage(e)), e);
                    }
                } catch (Exception e2) {
                    Debug.debugException(e2);
                    throw new CertException(CertMessages.ERR_CSR_VERIFY_SIGNATURE_CANNOT_INIT_SIGNATURE_VERIFIER.get(forOID.getJavaName(), StaticUtils.getExceptionMessage(e2)), e2);
                }
            } catch (Exception e3) {
                Debug.debugException(e3);
                throw new CertException(CertMessages.ERR_CSR_VERIFY_SIGNATURE_CANNOT_GET_SIGNATURE_VERIFIER.get(getSignatureAlgorithmNameOrOID(), StaticUtils.getExceptionMessage(e3)), e3);
            }
        } catch (Exception e4) {
            Debug.debugException(e4);
            throw new CertException(CertMessages.ERR_CSR_VERIFY_SIGNATURE_CANNOT_GET_PUBLIC_KEY.get(StaticUtils.getExceptionMessage(e4)), e4);
        }
    }

    @NotNull
    public String toString() {
        StringBuilder sb = new StringBuilder();
        toString(sb);
        return sb.toString();
    }

    public void toString(@NotNull StringBuilder sb) {
        sb.append("PKCS10CertificateSigningRequest(version='");
        sb.append(this.version.getName());
        sb.append("', subjectDN='");
        sb.append(this.subjectDN);
        sb.append("', publicKeyAlgorithmOID='");
        sb.append(this.publicKeyAlgorithmOID.toString());
        sb.append('\'');
        if (this.publicKeyAlgorithmName != null) {
            sb.append(", publicKeyAlgorithmName='");
            sb.append(this.publicKeyAlgorithmName);
            sb.append('\'');
        }
        sb.append(", subjectPublicKey=");
        if (this.decodedPublicKey == null) {
            sb.append('\'');
            try {
                StaticUtils.toHex(this.encodedPublicKey.getBytes(), ":", sb);
            } catch (Exception e) {
                Debug.debugException(e);
                this.encodedPublicKey.toString(sb);
            }
            sb.append('\'');
        } else {
            this.decodedPublicKey.toString(sb);
            if (this.decodedPublicKey instanceof EllipticCurvePublicKey) {
                try {
                    OID oid = this.publicKeyAlgorithmParameters.decodeAsObjectIdentifier().getOID();
                    sb.append(", ellipticCurvePublicKeyParameters=namedCurve='");
                    sb.append(NamedCurve.getNameOrOID(oid));
                    sb.append('\'');
                } catch (Exception e2) {
                    Debug.debugException(e2);
                }
            }
        }
        sb.append(", signatureAlgorithmOID='");
        sb.append(this.signatureAlgorithmOID.toString());
        sb.append('\'');
        if (this.signatureAlgorithmName != null) {
            sb.append(", signatureAlgorithmName='");
            sb.append(this.signatureAlgorithmName);
            sb.append('\'');
        }
        if (!this.extensions.isEmpty()) {
            sb.append(", extensions={");
            Iterator<X509CertificateExtension> it = this.extensions.iterator();
            while (it.hasNext()) {
                it.next().toString(sb);
                if (it.hasNext()) {
                    sb.append(", ");
                }
            }
            sb.append('}');
        }
        sb.append(", signatureValue='");
        try {
            StaticUtils.toHex(this.signatureValue.getBytes(), ":", sb);
        } catch (Exception e3) {
            Debug.debugException(e3);
            sb.append(this.signatureValue.toString());
        }
        sb.append("')");
    }

    @NotNull
    public List<String> toPEM() {
        ArrayList arrayList = new ArrayList(10);
        arrayList.add("-----BEGIN CERTIFICATE REQUEST-----");
        arrayList.addAll(StaticUtils.wrapLine(Base64.encode(this.pkcs10CertificateSigningRequestBytes), 64));
        arrayList.add("-----END CERTIFICATE REQUEST-----");
        return Collections.unmodifiableList(arrayList);
    }

    @NotNull
    public String toPEMString() {
        StringBuilder sb = new StringBuilder();
        sb.append("-----BEGIN CERTIFICATE REQUEST-----");
        sb.append(StaticUtils.EOL);
        Iterator<String> it = StaticUtils.wrapLine(Base64.encode(this.pkcs10CertificateSigningRequestBytes), 64).iterator();
        while (it.hasNext()) {
            sb.append(it.next());
            sb.append(StaticUtils.EOL);
        }
        sb.append("-----END CERTIFICATE REQUEST-----");
        sb.append(StaticUtils.EOL);
        return sb.toString();
    }
}
