package com.dreamsecurity.jcaos.ocsp;

import ch.qos.logback.core.net.ssl.SSL;
import com.dreamsecurity.jcaos.Environment;
import com.dreamsecurity.jcaos.asn1.ASN1Encodable;
import com.dreamsecurity.jcaos.asn1.ASN1EncodableVector;
import com.dreamsecurity.jcaos.asn1.ASN1InputStream;
import com.dreamsecurity.jcaos.asn1.DEREncodable;
import com.dreamsecurity.jcaos.asn1.f.b;
import com.dreamsecurity.jcaos.asn1.f.d;
import com.dreamsecurity.jcaos.asn1.f.g;
import com.dreamsecurity.jcaos.asn1.f.i;
import com.dreamsecurity.jcaos.asn1.f.o;
import com.dreamsecurity.jcaos.asn1.f.q;
import com.dreamsecurity.jcaos.asn1.oid.X509ObjectIdentifiers;
import com.dreamsecurity.jcaos.asn1.x509.AlgorithmIdentifier;
import com.dreamsecurity.jcaos.asn1.x509.F;
import com.dreamsecurity.jcaos.asn1.x509.s;
import com.dreamsecurity.jcaos.asn1.x509.t;
import com.dreamsecurity.jcaos.asn1.x509.u;
import com.dreamsecurity.jcaos.asn1.x509.y;
import com.dreamsecurity.jcaos.c;
import com.dreamsecurity.jcaos.exception.ParsingException;
import com.dreamsecurity.jcaos.pkcs.PKCS8PrivateKeyInfo;
import com.dreamsecurity.jcaos.x509.X509Certificate;
import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import org.eclipse.jdt.internal.compiler.impl.CompilerOptions;

/* loaded from: input_file:com/dreamsecurity/jcaos/ocsp/OCSPRequestGenerator.class */
public class OCSPRequestGenerator {
    String a;
    ASN1EncodableVector b;
    b c;
    boolean d;

    public OCSPRequestGenerator() {
        this.d = false;
        this.a = "SHA1";
        this.d = c.a();
    }

    public OCSPRequestGenerator(String str) {
        this.d = false;
        this.a = str;
        this.d = c.a();
    }

    public void addRequestCert(X509Certificate x509Certificate) throws NoSuchAlgorithmException, NoSuchProviderException, ParsingException, IOException {
        if (x509Certificate.getAuthorityKeyIdentifier() == null) {
            throw new ParsingException("The requestCert does not have aki field.");
        }
        i iVar = new i(new d(AlgorithmIdentifier.getInstance(this.a), MessageDigest.getInstance(this.a, Environment.getJCEProvider(this.a)).digest(x509Certificate.getIssuerDN().getEncoded()), x509Certificate.getAuthorityKeyIdentifier().getKeyIdentifier(), x509Certificate.getSerialNumber()));
        if (this.b == null) {
            this.b = new ASN1EncodableVector();
        }
        this.b.add(iVar);
    }

    public void addAcceptableResposeType(String str) {
        if (this.c == null) {
            this.c = new b();
        }
        this.c.a(str);
    }

    public OCSPRequest generate(X509Certificate x509Certificate, PKCS8PrivateKeyInfo pKCS8PrivateKeyInfo, String str) throws IOException, ParsingException, SignatureException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException {
        int i = SingleResponse.b;
        if (this.d) {
            c.a((Object) getClass(), CompilerOptions.GENERATE);
            c.a(c.g, getClass(), CompilerOptions.GENERATE, "(IN) MyCert", x509Certificate.getEncoded());
            c.a(c.g, getClass(), CompilerOptions.GENERATE, "(IN) MyPriKeyInfo", pKCS8PrivateKeyInfo.getEncoded());
            c.a(c.g, getClass(), CompilerOptions.GENERATE, "(IN) HashAlg", str);
        }
        q a = a(x509Certificate);
        String stringBuffer = new StringBuffer().append(str).append(JsonPOJOBuilder.DEFAULT_WITH_PREFIX).append(pKCS8PrivateKeyInfo.getPrivateKey().getAlgorithm()).toString();
        PrivateKey privateKey = pKCS8PrivateKeyInfo.getPrivateKey();
        Signature signature = (privateKey.toString().toLowerCase().indexOf("pkcs11") == -1 && privateKey.toString().toLowerCase().indexOf("lunakey") == -1) ? privateKey.toString().toLowerCase().indexOf("magictoken") != -1 ? Signature.getInstance(stringBuffer, "MagicToken") : Signature.getInstance(stringBuffer, Environment.getJCEProvider(stringBuffer)) : Signature.getInstance(stringBuffer);
        signature.initSign(privateKey);
        signature.update(a.getDEREncoded());
        byte[] sign = signature.sign();
        AlgorithmIdentifier algorithmIdentifier = AlgorithmIdentifier.getInstance(stringBuffer);
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(x509Certificate.toASN1Object().getDERObject());
        g gVar = new g(a, new o(algorithmIdentifier, sign, aSN1EncodableVector));
        if (this.d) {
            c.a(c.g, getClass(), CompilerOptions.GENERATE, "(OUT) OCSP ReqMsg", gVar.getEncoded());
            c.b(getClass(), CompilerOptions.GENERATE);
        }
        OCSPRequest oCSPRequest = OCSPRequest.getInstance(gVar);
        if (ASN1Encodable.c != 0) {
            SingleResponse.b = i + 1;
        }
        return oCSPRequest;
    }

    public OCSPRequest generate() throws IOException, ParsingException, NoSuchAlgorithmException {
        if (this.d) {
            c.a((Object) getClass(), CompilerOptions.GENERATE);
        }
        g gVar = new g(a(null));
        if (this.d) {
            c.a(c.g, getClass(), CompilerOptions.GENERATE, "(OUT) OCSP ReqMsg", gVar.getEncoded());
            c.b(getClass(), CompilerOptions.GENERATE);
        }
        return OCSPRequest.getInstance(gVar);
    }

    private q a(X509Certificate x509Certificate) throws IOException, ParsingException, NoSuchAlgorithmException {
        u uVar = null;
        if (x509Certificate != null) {
            uVar = new u(new y(F.a(new ASN1InputStream(x509Certificate.getSubjectDN().getEncoded()).readObject())));
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        byte[] bArr = new byte[8];
        SecureRandom.getInstance(SSL.DEFAULT_SECURE_RANDOM_ALGORITHM).nextBytes(bArr);
        aSN1EncodableVector.add(new s(X509ObjectIdentifiers.id_pkix_ocsp_nonce, false, bArr));
        if (this.c == null) {
            this.c = new b();
            this.c.a(X509ObjectIdentifiers.id_pkix_ocsp_basic);
        }
        aSN1EncodableVector.add(new s(X509ObjectIdentifiers.id_pkix_ocsp_response, false, (DEREncodable) this.c));
        return new q(0, uVar, this.b, new t(aSN1EncodableVector));
    }
}
