package com.rsa.certj.provider.revocation.ocsp;

import com.rsa.asn1.ASN1;
import com.rsa.asn1.ASN1Container;
import com.rsa.asn1.ASN_Exception;
import com.rsa.asn1.BitStringContainer;
import com.rsa.asn1.EncodedContainer;
import com.rsa.asn1.EndContainer;
import com.rsa.asn1.SequenceContainer;
import com.rsa.certj.CertJ;
import com.rsa.certj.CertJUtils;
import com.rsa.certj.DatabaseService;
import com.rsa.certj.InvalidParameterException;
import com.rsa.certj.NoServiceException;
import com.rsa.certj.cert.Certificate;
import com.rsa.certj.cert.CertificateException;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.cert.X509V3Extensions;
import com.rsa.certj.cert.extensions.AuthorityInfoAccess;
import com.rsa.certj.cert.extensions.GeneralName;
import com.rsa.certj.spi.db.DatabaseException;
import com.rsa.jsafe.JSAFE_MessageDigest;
import java.util.Vector;

/* loaded from: input_file:lib/external/certj.jar:com/rsa/certj/provider/revocation/ocsp/OCSPutil.class */
public final class OCSPutil {
    public static String getAIALocation(X509Certificate x509Certificate) {
        X509V3Extensions extensions = x509Certificate.getExtensions();
        if (extensions == null) {
            return null;
        }
        try {
            AuthorityInfoAccess authorityInfoAccess = (AuthorityInfoAccess) extensions.getExtensionByType(100);
            if (authorityInfoAccess == null) {
                return null;
            }
            for (int i = 0; i < authorityInfoAccess.getAccessDescriptionCount(); i++) {
                if (CertJUtils.byteArraysEqual(authorityInfoAccess.getAccessMethod(i), AuthorityInfoAccess.ID_AD_OCSP)) {
                    GeneralName accessLocation = authorityInfoAccess.getAccessLocation(i);
                    if (accessLocation.getGeneralNameType() == 7) {
                        return (String) accessLocation.getGeneralName();
                    }
                }
            }
            return null;
        } catch (CertificateException e) {
            return null;
        }
    }

    public static byte[] makeDataDigest(CertJ certJ, String str, byte[] bArr, int i, int i2) throws InvalidParameterException {
        try {
            JSAFE_MessageDigest jSAFE_MessageDigest = JSAFE_MessageDigest.getInstance(str, certJ.getDevice());
            byte[] bArr2 = new byte[jSAFE_MessageDigest.getDigestSize()];
            jSAFE_MessageDigest.digestInit();
            jSAFE_MessageDigest.digestUpdate(bArr, i, i2);
            jSAFE_MessageDigest.digestFinal(bArr2, 0);
            return bArr2;
        } catch (Exception e) {
            throw new InvalidParameterException(new StringBuffer().append("makeDataDigest:").append(e.toString()).toString());
        }
    }

    public static byte[] extractKeyDER(byte[] bArr, int i) throws ASN_Exception {
        EndContainer endContainer = new EndContainer();
        SequenceContainer sequenceContainer = new SequenceContainer(0);
        EncodedContainer encodedContainer = new EncodedContainer(65280);
        BitStringContainer bitStringContainer = new BitStringContainer(0);
        ASN1.berDecode(bArr, i, new ASN1Container[]{sequenceContainer, encodedContainer, bitStringContainer, endContainer});
        byte[] bArr2 = new byte[bitStringContainer.dataLen];
        System.arraycopy(bitStringContainer.data, bitStringContainer.dataOffset, bArr2, 0, bitStringContainer.dataLen);
        return bArr2;
    }

    public static int selectCertificateByKeyHash(CertJ certJ, DatabaseService databaseService, byte[] bArr, int i, int i2, Vector vector) throws DatabaseException, NoServiceException, CertificateException, InvalidParameterException {
        Certificate nextCertificate;
        int i3 = 0;
        boolean z = true;
        while (databaseService.hasMoreCertificates()) {
            if (z) {
                nextCertificate = databaseService.firstCertificate();
                z = false;
            } else {
                nextCertificate = databaseService.nextCertificate();
            }
            if (CertJUtils.byteArraysEqual(makeDataDigest(certJ, "SHA1", nextCertificate.getSubjectPublicKeyBER(), 0, 0), bArr)) {
                vector.addElement(nextCertificate);
                i3++;
            }
        }
        return i3;
    }
}
