package com.cfca.util.pki.ocsp;

import com.cfca.util.pki.PKIConstant;
import com.cfca.util.pki.PKIException;
import com.cfca.util.pki.asn1.ASN1EncodableVector;
import com.cfca.util.pki.asn1.ASN1InputStream;
import com.cfca.util.pki.asn1.DERBitString;
import com.cfca.util.pki.asn1.DERIA5String;
import com.cfca.util.pki.asn1.DERNull;
import com.cfca.util.pki.asn1.DERObject;
import com.cfca.util.pki.asn1.DERObjectIdentifier;
import com.cfca.util.pki.asn1.DERSequence;
import com.cfca.util.pki.asn1.ocsp.OCSPRequest;
import com.cfca.util.pki.asn1.ocsp.Request;
import com.cfca.util.pki.asn1.ocsp.Signature;
import com.cfca.util.pki.asn1.ocsp.TBSRequest;
import com.cfca.util.pki.asn1.x509.AlgorithmIdentifier;
import com.cfca.util.pki.asn1.x509.GeneralName;
import com.cfca.util.pki.asn1.x509.X509Extensions;
import com.cfca.util.pki.asn1.x509.X509Name;
import com.cfca.util.pki.cert.X509Cert;
import com.cfca.util.pki.cipher.JKey;
import com.cfca.util.pki.cipher.Mechanism;
import com.cfca.util.pki.cipher.Session;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;

/* loaded from: input_file:com/cfca/util/pki/ocsp/OCSPReqGenerator.class */
public class OCSPReqGenerator {
    private ArrayList list = new ArrayList();
    private GeneralName requestorName = null;
    private X509Extensions requestExtensions = null;
    public static final int URI_TYPE_NAME = 6;
    public static final int DN_TYPE_NAME = 4;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/cfca/util/pki/ocsp/OCSPReqGenerator$RequestObject.class */
    public class RequestObject {
        CertificateID certId;
        X509Extensions extensions;
        final OCSPReqGenerator this$0;

        public RequestObject(OCSPReqGenerator oCSPReqGenerator, CertificateID certificateID, X509Extensions x509Extensions) {
            this.this$0 = oCSPReqGenerator;
            this.certId = certificateID;
            this.extensions = x509Extensions;
        }

        public Request toRequest() throws Exception {
            return new Request(this.certId.toASN1Object(), this.extensions);
        }
    }

    private DERObject makeObj(byte[] bArr) throws IOException {
        if (bArr == null) {
            return null;
        }
        return new ASN1InputStream(bArr).readObject();
    }

    public void addRequest(CertificateID certificateID) {
        this.list.add(new RequestObject(this, certificateID, null));
    }

    public void addRequest(CertificateID certificateID, X509Extensions x509Extensions) {
        this.list.add(new RequestObject(this, certificateID, x509Extensions));
    }

    public void setRequestorName(String str, int i) {
        if (i == 4) {
            this.requestorName = new GeneralName(new X509Name(str));
        } else if (i == 6) {
            this.requestorName = new GeneralName(new DERIA5String(str.getBytes()), 6);
        }
    }

    public void setRequestorName(GeneralName generalName) {
        this.requestorName = generalName;
    }

    public void setRequestExtensions(X509Extensions x509Extensions) {
        this.requestExtensions = x509Extensions;
    }

    public OCSPReq generateRequest() throws PKIException {
        Iterator it = this.list.iterator();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        while (it.hasNext()) {
            try {
                aSN1EncodableVector.add(((RequestObject) it.next()).toRequest());
            } catch (Exception e) {
                throw new PKIException(PKIException.GEN_OCSP_REQLIST_ERR, PKIException.GEN_OCSP_REQLIST_ERR_DES, e);
            }
        }
        return new OCSPReq(new OCSPRequest(new TBSRequest(this.requestorName, new DERSequence(aSN1EncodableVector), this.requestExtensions), null));
    }

    public OCSPReq generateRequest(String str, JKey jKey, Session session) throws PKIException {
        return generateRequest(str, jKey, null, session);
    }

    public OCSPReq generateRequest(String str, JKey jKey, X509Cert[] x509CertArr, Session session) throws PKIException {
        Signature signature;
        DERObjectIdentifier dERObjectIdentifier = (DERObjectIdentifier) PKIConstant.sigAlgName2OID.get(str);
        Iterator it = this.list.iterator();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        while (it.hasNext()) {
            try {
                aSN1EncodableVector.add(((RequestObject) it.next()).toRequest());
            } catch (Exception e) {
                throw new PKIException(PKIException.GEN_OCSP_REQLIST_ERR, PKIException.GEN_OCSP_REQLIST_ERR_DES, e);
            }
        }
        TBSRequest tBSRequest = new TBSRequest(this.requestorName, new DERSequence(aSN1EncodableVector), this.requestExtensions);
        if (!str.equalsIgnoreCase("MD2withRSAEncryption") && !str.equalsIgnoreCase("MD5withRSAEncryption") && !str.equalsIgnoreCase("SHA1withRSAEncryption")) {
            throw new PKIException(PKIException.NONSUPPORT_SIGALG, "不支持的签名算法");
        }
        try {
            DERBitString dERBitString = new DERBitString(session.sign(new Mechanism(str), jKey, tBSRequest.getEncoded()));
            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(dERObjectIdentifier, new DERNull());
            if (x509CertArr == null || x509CertArr.length <= 0) {
                signature = new Signature(algorithmIdentifier, dERBitString);
            } else {
                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                for (int i = 0; i != x509CertArr.length; i++) {
                    aSN1EncodableVector2.add(x509CertArr[i].getCertStructure());
                }
                signature = new Signature(algorithmIdentifier, dERBitString, new DERSequence(aSN1EncodableVector2));
            }
            return new OCSPReq(new OCSPRequest(tBSRequest, signature));
        } catch (PKIException e2) {
            throw new PKIException("05", PKIException.SIGN_DES, e2);
        } catch (IOException e3) {
            throw new PKIException(PKIException.GEN_OCSP_TBSREQ_ERR, PKIException.GEN_OCSP_TBSREQ_ERR_DES, e3);
        }
    }
}
