package com.dreamsecurity.jcaos.ocsp;

import com.dreamsecurity.crypto.AlgorithmException;
import com.dreamsecurity.jcaos.asn1.ASN1EncodableVector;
import com.dreamsecurity.jcaos.asn1.ASN1InputStream;
import com.dreamsecurity.jcaos.asn1.DEREncodable;
import com.dreamsecurity.jcaos.asn1.ocsp.AcceptableResponses;
import com.dreamsecurity.jcaos.asn1.ocsp.TBSRequest;
import com.dreamsecurity.jcaos.asn1.x509.AlgorithmIdentifier;
import com.dreamsecurity.jcaos.asn1.x509.Extension;
import com.dreamsecurity.jcaos.asn1.x509.Extensions;
import com.dreamsecurity.jcaos.asn1.x509.GeneralName;
import com.dreamsecurity.jcaos.asn1.x509.Name;
import com.dreamsecurity.jcaos.asn1.x509.RDNSequence;
import com.dreamsecurity.jcaos.crypto.MessageDigest;
import com.dreamsecurity.jcaos.crypto.PrivateKey;
import com.dreamsecurity.jcaos.crypto.Random;
import com.dreamsecurity.jcaos.crypto.Signature;
import com.dreamsecurity.jcaos.exception.NoSuchAlgorithmException;
import com.dreamsecurity.jcaos.exception.ParsingException;
import com.dreamsecurity.jcaos.resources.Resource;
import com.dreamsecurity.jcaos.x509.X509Certificate;
import java.io.IOException;

/* loaded from: classes3.dex */
public class OCSPRequestGenerator {
    public AcceptableResponses _acceptableResponses;
    public String _requestHashAlg;
    public ASN1EncodableVector _requestList;

    public OCSPRequestGenerator() {
        this._requestHashAlg = "SHA1";
        this._requestList = new ASN1EncodableVector();
        this._acceptableResponses = new AcceptableResponses();
    }

    public OCSPRequestGenerator(String str) {
        this._requestHashAlg = "SHA1";
        this._requestList = new ASN1EncodableVector();
        this._acceptableResponses = new AcceptableResponses();
        this._requestHashAlg = str;
    }

    private TBSRequest makeTBSRequest(X509Certificate x509Certificate) throws IOException, ParsingException {
        GeneralName generalName = x509Certificate != null ? new GeneralName(new Name(RDNSequence.getInstance(new ASN1InputStream(x509Certificate.getSubjectDN().getEncoded()).readObject()))) : null;
        Extensions extensions = new Extensions();
        extensions.add(new Extension("1.3.6.1.5.5.7.48.1.2", false, Random.generate(8)));
        if (this._acceptableResponses.size() == 0) {
            this._acceptableResponses.add("1.3.6.1.5.5.7.48.1.1");
        }
        extensions.add(new Extension("1.3.6.1.5.5.7.48.1.4", false, (DEREncodable) this._acceptableResponses));
        return new TBSRequest(0, generalName, this._requestList, extensions);
    }

    public void addAcceptableResposeType(String str) {
        this._acceptableResponses.add(str);
    }

    public void addRequestCert(X509Certificate x509Certificate) throws NoSuchAlgorithmException, AlgorithmException, ParsingException, IOException {
        if (x509Certificate.getAuthorityKeyIdentifier() == null) {
            throw new ParsingException(Resource.getErrMsg(Resource.ERR_AKI_NOT_EXIST));
        }
        this._requestList.add(new com.dreamsecurity.jcaos.asn1.ocsp.Request(new com.dreamsecurity.jcaos.asn1.ocsp.CertID(AlgorithmIdentifier.getInstance(this._requestHashAlg), MessageDigest.getInstance(this._requestHashAlg).digest(x509Certificate.getIssuerDN().getEncoded()), x509Certificate.getAuthorityKeyIdentifier().getKeyIdentifier(), x509Certificate.getSerialNumber())));
    }

    public OCSPRequest generate() throws IOException, ParsingException {
        return new OCSPRequest(new com.dreamsecurity.jcaos.asn1.ocsp.OCSPRequest(makeTBSRequest(null)).getDEREncoded());
    }

    public OCSPRequest generate(X509Certificate x509Certificate, PrivateKey privateKey, String str) throws IOException, AlgorithmException, ParsingException, NoSuchAlgorithmException {
        TBSRequest makeTBSRequest = makeTBSRequest(x509Certificate);
        String stringBuffer = new StringBuffer().append(str).append("with").append(privateKey.getAlgorithm()).toString();
        Signature signature = Signature.getInstance(stringBuffer);
        signature.initSign(privateKey, x509Certificate.getPublicKey());
        return new OCSPRequest(new com.dreamsecurity.jcaos.asn1.ocsp.OCSPRequest(makeTBSRequest, new com.dreamsecurity.jcaos.asn1.ocsp.Signature(privateKey.getParameters() != null ? AlgorithmIdentifier.getInstance(stringBuffer, new ASN1InputStream(privateKey.getParameters()).readObject()) : AlgorithmIdentifier.getInstance(stringBuffer), signature.sign(makeTBSRequest.getDEREncoded()))).getDEREncoded());
    }
}
