package nbcb.cfca.sadk.asn1.ocsp;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.Iterator;
import nbcb.cfca.sadk.algorithm.common.CertKitException;
import nbcb.cfca.sadk.algorithm.common.Mechanism;
import nbcb.cfca.sadk.algorithm.common.PKIException;
import nbcb.cfca.sadk.asn1.FastEncoding;
import nbcb.cfca.sadk.lib.crypto.Session;
import nbcb.cfca.sadk.org.bouncycastle.asn1.ASN1EncodableVector;
import nbcb.cfca.sadk.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import nbcb.cfca.sadk.org.bouncycastle.asn1.DERBitString;
import nbcb.cfca.sadk.org.bouncycastle.asn1.DERIA5String;
import nbcb.cfca.sadk.org.bouncycastle.asn1.DERNull;
import nbcb.cfca.sadk.org.bouncycastle.asn1.DERSequence;
import nbcb.cfca.sadk.org.bouncycastle.asn1.ocsp.OCSPRequest;
import nbcb.cfca.sadk.org.bouncycastle.asn1.ocsp.Request;
import nbcb.cfca.sadk.org.bouncycastle.asn1.ocsp.Signature;
import nbcb.cfca.sadk.org.bouncycastle.asn1.ocsp.TBSRequest;
import nbcb.cfca.sadk.org.bouncycastle.asn1.x500.X500Name;
import nbcb.cfca.sadk.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import nbcb.cfca.sadk.org.bouncycastle.asn1.x509.Extensions;
import nbcb.cfca.sadk.org.bouncycastle.asn1.x509.GeneralName;
import nbcb.cfca.sadk.org.bouncycastle.cert.ocsp.CertificateID;
import nbcb.cfca.sadk.org.bouncycastle.cert.ocsp.OCSPReq;
import nbcb.cfca.sadk.x509.certificate.X509Cert;
import org.eclipse.jetty.util.StringUtil;

/* loaded from: input_file:sdklib/nbcb-SADK-3.7.1.0.jar:nbcb/cfca/sadk/asn1/ocsp/OCSPReqGenerator.class */
public class OCSPReqGenerator {
    private ArrayList list = new ArrayList();
    private GeneralName requestorName = null;
    private Extensions requestExtensions = null;
    public static final int URI_TYPE_NAME = 6;
    public static final int DN_TYPE_NAME = 4;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:sdklib/nbcb-SADK-3.7.1.0.jar:nbcb/cfca/sadk/asn1/ocsp/OCSPReqGenerator$RequestObject.class */
    public class RequestObject {
        CertificateID certId;
        Extensions extensions;

        public RequestObject(CertificateID certificateID, Extensions extensions) {
            this.certId = certificateID;
            this.extensions = extensions;
        }

        public Request toRequest() throws Exception {
            return new Request(this.certId.toASN1Object(), this.extensions);
        }
    }

    public void addRequest(CertificateID certificateID) {
        this.list.add(new RequestObject(certificateID, null));
    }

    public void addRequest(CertificateID certificateID, Extensions extensions) {
        this.list.add(new RequestObject(certificateID, extensions));
    }

    public void setRequestorName(String str, int i) {
        if (i == 4) {
            this.requestorName = new GeneralName(new X500Name(str));
        } else if (i == 6) {
            try {
                this.requestorName = new GeneralName(6, DERIA5String.getInstance(str.getBytes(StringUtil.__UTF8Alt)));
            } catch (UnsupportedEncodingException e) {
                throw new RuntimeException("setRequestorName failed", e);
            }
        }
    }

    public void setRequestorName(GeneralName generalName) {
        this.requestorName = generalName;
    }

    public void setRequestExtensions(Extensions extensions) {
        this.requestExtensions = extensions;
    }

    public OCSPReq generateRequest() throws PKIException {
        Iterator it = this.list.iterator();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        while (it.hasNext()) {
            try {
                aSN1EncodableVector.add(((RequestObject) it.next()).toRequest());
            } catch (Exception e) {
                throw new PKIException("850800", "构造请求列表失败", e);
            }
        }
        return new OCSPReq(new OCSPRequest(new TBSRequest(this.requestorName, new DERSequence(aSN1EncodableVector), this.requestExtensions), null));
    }

    public OCSPReq generateRequest(String str, PrivateKey privateKey, Session session) throws PKIException {
        return generateRequest(str, privateKey, null, session);
    }

    public OCSPReq generateRequest(String str, PrivateKey privateKey, X509Cert[] x509CertArr, Session session) throws PKIException {
        Signature signature;
        ASN1ObjectIdentifier objectIdentifier = Mechanism.getObjectIdentifier(str);
        Iterator it = this.list.iterator();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        while (it.hasNext()) {
            try {
                aSN1EncodableVector.add(((RequestObject) it.next()).toRequest());
            } catch (Exception e) {
                throw new PKIException("850800", "构造请求列表失败", e);
            }
        }
        TBSRequest tBSRequest = new TBSRequest(this.requestorName, new DERSequence(aSN1EncodableVector), this.requestExtensions);
        if (!str.equalsIgnoreCase("MD2withRSAEncryption") && !str.equalsIgnoreCase("MD5withRSAEncryption") && !str.equalsIgnoreCase("SHA1withRSAEncryption") && !str.equalsIgnoreCase("SHA256withRSAEncryption")) {
            throw new PKIException("850400", CertKitException.API_UNSUPPORT_SIGN_ALG_ERR_DES);
        }
        try {
            DERBitString dERBitString = new DERBitString(session.sign(new Mechanism(str), privateKey, tBSRequest.getEncoded()));
            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(objectIdentifier, DERNull.INSTANCE);
            if (x509CertArr == null || x509CertArr.length <= 0) {
                signature = new Signature(algorithmIdentifier, dERBitString);
            } else {
                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                for (int i = 0; i != x509CertArr.length; i++) {
                    aSN1EncodableVector2.add(new FastEncoding(x509CertArr[i].getEncoding()));
                }
                signature = new Signature(algorithmIdentifier, dERBitString, new DERSequence(aSN1EncodableVector2));
            }
            return new OCSPReq(new OCSPRequest(tBSRequest, signature));
        } catch (IOException e2) {
            throw new PKIException("850812", "OCSP TBSReq编码失败", e2);
        } catch (PKIException e3) {
            throw new PKIException("05", "签名操作失败", e3);
        }
    }
}
