package com.rsa.certj.provider.revocation.ocsp;

import com.rsa.asn1.ASN1Container;
import com.rsa.asn1.ASN1Template;
import com.rsa.asn1.ASN_Exception;
import com.rsa.asn1.BitStringContainer;
import com.rsa.asn1.EncodedContainer;
import com.rsa.asn1.EndContainer;
import com.rsa.asn1.IntegerContainer;
import com.rsa.asn1.OfContainer;
import com.rsa.asn1.SequenceContainer;
import com.rsa.certj.CertJ;
import com.rsa.certj.CertJException;
import com.rsa.certj.NoServiceException;
import com.rsa.certj.NotSupportedException;
import com.rsa.certj.cert.Certificate;
import com.rsa.certj.cert.CertificateException;
import com.rsa.certj.cert.NameException;
import com.rsa.certj.cert.X500Name;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.cert.X509V3Extensions;
import com.rsa.certj.cert.extensions.AuthorityInfoAccess;
import com.rsa.certj.cert.extensions.GeneralName;
import com.rsa.certj.cert.extensions.OCSPAcceptableResponses;
import com.rsa.certj.cert.extensions.OCSPNonce;
import com.rsa.certj.cert.extensions.OCSPServiceLocator;
import com.rsa.certj.cert.extensions.X509V3Extension;
import com.rsa.certj.spi.path.CertPathCtx;
import com.rsa.certj.spi.random.RandomException;
import com.rsa.jsafe.JSAFE_Exception;
import com.rsa.jsafe.JSAFE_PrivateKey;
import com.rsa.jsafe.JSAFE_Signature;
import java.util.Vector;

/* loaded from: input_file:lib/external/certj.jar:com/rsa/certj/provider/revocation/ocsp/OCSPRequest.class */
public final class OCSPRequest {
    private CertJ certJ;
    private byte[] nonce;
    private OCSPCertID[] certIDs;
    private X509V3Extension[] serviceLocatorExtension;
    private X509V3Extensions[] singleRequestExtensions;
    private X509V3Extensions requestExtensions;
    private OCSPResponderInternal responder;

    /* JADX INFO: Access modifiers changed from: protected */
    public OCSPRequest(CertJ certJ, OCSPResponderInternal oCSPResponderInternal, Certificate[] certificateArr) throws CertificateException, NotSupportedException {
        AuthorityInfoAccess authorityInfoAccess;
        int length = certificateArr.length;
        try {
            this.certJ = certJ;
            setRequestExtensions(oCSPResponderInternal);
            if ((oCSPResponderInternal.getFlags() & 1) == 0) {
                byte[] bArr = new byte[16];
                certJ.getRandomObject().generateRandomBytes(bArr, 0, 16);
                setNonce(bArr, 0, 16);
            }
            this.singleRequestExtensions = new X509V3Extensions[length];
            this.certIDs = new OCSPCertID[length];
            this.serviceLocatorExtension = new X509V3Extension[length];
            for (int i = 0; i < length; i++) {
                X509Certificate x509Certificate = (X509Certificate) certificateArr[i];
                this.certIDs[i] = new OCSPCertID(certJ, oCSPResponderInternal.getResponderCACert(x509Certificate), x509Certificate, oCSPResponderInternal.getRequestControl().getDigestAlgorithm());
                X500Name issuerName = x509Certificate.getIssuerName();
                X509V3Extensions extensions = x509Certificate.getExtensions();
                if (extensions != null && (authorityInfoAccess = (AuthorityInfoAccess) extensions.getExtensionByType(100)) != null) {
                    this.serviceLocatorExtension[i] = new OCSPServiceLocator(issuerName, authorityInfoAccess);
                }
            }
            this.responder = oCSPResponderInternal;
        } catch (NoServiceException e) {
            throw new NotSupportedException(e.getMessage());
        } catch (CertificateException e2) {
            throw new NotSupportedException(e2.getMessage());
        } catch (NameException e3) {
            throw new NotSupportedException(e3.getMessage());
        } catch (RandomException e4) {
            throw new NotSupportedException(e4.getMessage());
        }
    }

    private void setRequestExtensions(OCSPResponderInternal oCSPResponderInternal) throws NotSupportedException {
        X509V3Extensions requestExtensions = oCSPResponderInternal.getRequestControl().getRequestExtensions();
        try {
            if (requestExtensions != null) {
                this.requestExtensions = (X509V3Extensions) requestExtensions.clone();
            } else {
                this.requestExtensions = new X509V3Extensions(5);
            }
            OCSPAcceptableResponses oCSPAcceptableResponses = new OCSPAcceptableResponses();
            oCSPAcceptableResponses.addAcceptableResponse(OCSPAcceptableResponses.ID_PKIX_OCSP_BASIC, 0, OCSPAcceptableResponses.ID_PKIX_OCSP_BASIC.length);
            this.requestExtensions.addV3Extension(oCSPAcceptableResponses);
        } catch (CertificateException e) {
            throw new NotSupportedException(e.getMessage());
        } catch (CloneNotSupportedException e2) {
            throw new NotSupportedException(e2.getMessage());
        }
    }

    protected void setSingleRequestExtensions(int i, X509V3Extensions x509V3Extensions) throws NotSupportedException {
        try {
            this.singleRequestExtensions[i] = (X509V3Extensions) x509V3Extensions.clone();
        } catch (CloneNotSupportedException e) {
            throw new NotSupportedException(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] getNonce() {
        return this.nonce;
    }

    protected int setNonce(byte[] bArr, int i, int i2) throws CertificateException {
        if (bArr == null || i2 == 0) {
            return 0;
        }
        this.nonce = new byte[i2];
        System.arraycopy(bArr, i, this.nonce, 0, i2);
        OCSPNonce oCSPNonce = new OCSPNonce(this.nonce, 0, i2);
        if (this.requestExtensions == null) {
            this.requestExtensions = new X509V3Extensions(5);
        }
        this.requestExtensions.addV3Extension(oCSPNonce);
        return i2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OCSPCertID getCertID(int i) {
        return this.certIDs[i];
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] encode(CertPathCtx certPathCtx) throws NotSupportedException {
        byte[] bArr = null;
        X500Name x500Name = null;
        try {
            X509Certificate signerCert = this.responder.getRequestControl().getSignerCert();
            if (signerCert != null) {
                x500Name = signerCert.getSubjectName();
            }
            byte[] encodeTBSRequestDER = encodeTBSRequestDER(0, x500Name, this.requestExtensions);
            if (signerCert != null) {
                bArr = encodeRequestSignatureDER(this.certJ, certPathCtx, this.responder, signerCert, encodeTBSRequestDER);
            }
            return encodeOCSPRequestDER(encodeTBSRequestDER, bArr);
        } catch (Exception e) {
            throw new NotSupportedException(e.getMessage());
        }
    }

    private byte[] encodeRequestSignatureDER(CertJ certJ, CertPathCtx certPathCtx, OCSPResponderInternal oCSPResponderInternal, Certificate certificate, byte[] bArr) throws NotSupportedException, ASN_Exception {
        EndContainer endContainer = new EndContainer();
        try {
            JSAFE_PrivateKey selectPrivateKeyByCertificate = certPathCtx.getDatabase().selectPrivateKeyByCertificate(certificate);
            String signatureAlgorithm = oCSPResponderInternal.getSignatureAlgorithm();
            JSAFE_Signature jSAFE_Signature = JSAFE_Signature.getInstance(signatureAlgorithm, certJ.getDevice());
            jSAFE_Signature.signInit(selectPrivateKeyByCertificate, null, certJ.getRandomObject(), certJ.getPKCS11Sessions());
            jSAFE_Signature.signUpdate(bArr, 0, bArr.length);
            byte[] signFinal = jSAFE_Signature.signFinal();
            byte[] dERAlgorithmID = JSAFE_Signature.getInstance(signatureAlgorithm, this.certJ.getDevice()).getDERAlgorithmID();
            return asnEncode(new ASN1Template(new ASN1Container[]{new SequenceContainer(10551296, true, 0), new EncodedContainer(0, true, 0, dERAlgorithmID, 0, dERAlgorithmID.length), new BitStringContainer(0, true, 0, signFinal, 0, signFinal.length, signFinal.length * 8, false), createCertsContainer(oCSPResponderInternal.getFlags(), oCSPResponderInternal.getRequestControl().getExtraCerts(), certPathCtx, certificate), endContainer}));
        } catch (CertJException e) {
            throw new NotSupportedException(e.getMessage());
        } catch (JSAFE_Exception e2) {
            throw new NotSupportedException(e2.getMessage());
        }
    }

    private byte[] encodeRequestListDER() throws NotSupportedException {
        X509V3Extensions x509V3Extensions;
        OfContainer ofContainer = null;
        for (int i = 0; i < this.certIDs.length; i++) {
            try {
                if (this.singleRequestExtensions[i] == null) {
                    if (this.serviceLocatorExtension[i] == null) {
                        x509V3Extensions = null;
                    } else {
                        x509V3Extensions = new X509V3Extensions(4);
                        x509V3Extensions.addV3Extension(this.serviceLocatorExtension[i]);
                    }
                } else if (this.serviceLocatorExtension[i] == null) {
                    x509V3Extensions = this.singleRequestExtensions[i];
                } else {
                    x509V3Extensions = (X509V3Extensions) this.singleRequestExtensions[i].clone();
                    x509V3Extensions.addV3Extension(this.serviceLocatorExtension[i]);
                }
                byte[] encodeRequestDER = encodeRequestDER(this.certIDs[i].encode(), x509V3Extensions);
                ofContainer = new OfContainer(0, true, 0, 12288, new EncodedContainer(12288));
                ofContainer.addContainer(new EncodedContainer(0, true, 0, encodeRequestDER, 0, encodeRequestDER.length));
            } catch (ASN_Exception e) {
                throw new NotSupportedException(e.getMessage());
            } catch (CertificateException e2) {
                throw new NotSupportedException(e2.getMessage());
            } catch (CloneNotSupportedException e3) {
                throw new NotSupportedException(e3.getMessage());
            }
        }
        return asnEncode(new ASN1Template(new ASN1Container[]{ofContainer}));
    }

    private byte[] encodeTBSRequestDER(int i, X500Name x500Name, X509V3Extensions x509V3Extensions) throws NotSupportedException, ASN_Exception {
        EncodedContainer encodedContainer;
        EncodedContainer encodedContainer2;
        SequenceContainer sequenceContainer = new SequenceContainer(0, true, 0);
        EndContainer endContainer = new EndContainer();
        try {
            IntegerContainer integerContainer = i != 0 ? new IntegerContainer(10682368, true, 0, i) : new IntegerContainer(10682368, false, 0, 0);
            if (x500Name != null) {
                GeneralName generalName = new GeneralName();
                generalName.setGeneralName(x500Name, 5);
                int dERLen = generalName.getDERLen(10551297);
                byte[] bArr = new byte[dERLen];
                generalName.getDEREncoding(bArr, 0, 10551297);
                encodedContainer = new EncodedContainer(12288, true, 12288, bArr, 0, dERLen);
            } else {
                encodedContainer = new EncodedContainer(10551297, false, 0, null, 0, 0);
            }
            byte[] encodeRequestListDER = encodeRequestListDER();
            EncodedContainer encodedContainer3 = new EncodedContainer(0, true, 0, encodeRequestListDER, 0, encodeRequestListDER.length);
            if (x509V3Extensions != null) {
                int dERLen2 = x509V3Extensions.getDERLen(10551298);
                byte[] bArr2 = new byte[dERLen2];
                x509V3Extensions.getDEREncoding(bArr2, 0, 10551298);
                encodedContainer2 = new EncodedContainer(10551298, true, 0, bArr2, 0, dERLen2);
            } else {
                encodedContainer2 = new EncodedContainer(10551298, false, 0, null, 0, 0);
            }
            return asnEncode(new ASN1Template(new ASN1Container[]{sequenceContainer, integerContainer, encodedContainer, encodedContainer3, encodedContainer2, endContainer}));
        } catch (NameException e) {
            throw new NotSupportedException(e.getMessage());
        }
    }

    private ASN1Container createCertsContainer(int i, X509Certificate[] x509CertificateArr, CertPathCtx certPathCtx, Certificate certificate) throws NotSupportedException, ASN_Exception {
        Vector vector = new Vector();
        if ((i & 2) == 0) {
            vector.addElement(certificate);
        }
        if ((i & 4) == 1) {
            Vector vector2 = new Vector();
            try {
                this.certJ.buildCertPath(certPathCtx, certificate, vector2, null, null, null);
                for (int i2 = 0; i2 < vector2.size(); i2++) {
                    vector.addElement(vector2.elementAt(i2));
                }
            } catch (CertJException e) {
                throw new ASN_Exception(e.getMessage());
            }
        }
        if (x509CertificateArr != null) {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                vector.addElement(x509Certificate);
            }
        }
        if (vector.isEmpty()) {
            return new EncodedContainer(10551296, false, 0, null, 0, 0);
        }
        OfContainer ofContainer = new OfContainer(10551296, true, 0, 12288, new EncodedContainer(12288));
        for (int i3 = 0; i3 < vector.size(); i3++) {
            Certificate certificate2 = (Certificate) vector.elementAt(i3);
            byte[] bArr = new byte[((X509Certificate) certificate2).getDERLen(0)];
            try {
                ((X509Certificate) certificate2).getDEREncoding(bArr, 0, 0);
                ofContainer.addContainer(new EncodedContainer(0, true, 0, bArr, 0, bArr.length));
            } catch (ASN_Exception e2) {
                throw new NotSupportedException(e2.getMessage());
            } catch (CertificateException e3) {
                throw new NotSupportedException(e3.getMessage());
            }
        }
        return ofContainer;
    }

    private byte[] encodeRequestDER(byte[] bArr, X509V3Extensions x509V3Extensions) throws NotSupportedException, ASN_Exception {
        byte[] bArr2 = null;
        int i = 0;
        if (x509V3Extensions != null) {
            i = x509V3Extensions.getDERLen(10551296);
            bArr2 = new byte[i];
            x509V3Extensions.getDEREncoding(bArr2, 0, 10551296);
        }
        return asnEncode(new ASN1Template(new ASN1Container[]{new SequenceContainer(0, true, 0), new EncodedContainer(0, true, 0, bArr, 0, bArr.length), new EncodedContainer(0, true, 0, bArr2, 0, i), new EndContainer()}));
    }

    private byte[] encodeOCSPRequestDER(byte[] bArr, byte[] bArr2) throws NotSupportedException, ASN_Exception {
        return asnEncode(new ASN1Template(new ASN1Container[]{new SequenceContainer(0, true, 0), new EncodedContainer(0, true, 0, bArr, 0, bArr.length), bArr2 == null ? new EncodedContainer(10551296, false, 0, null, 0, 0) : new EncodedContainer(10551296, true, 0, bArr2, 0, bArr2.length), new EndContainer()}));
    }

    private byte[] asnEncode(ASN1Template aSN1Template) throws NotSupportedException {
        try {
            int derEncodeInit = aSN1Template.derEncodeInit();
            byte[] bArr = new byte[derEncodeInit];
            if (derEncodeInit == aSN1Template.derEncode(bArr, 0)) {
                return bArr;
            }
            return null;
        } catch (ASN_Exception e) {
            throw new NotSupportedException(e.getMessage());
        }
    }
}
