package com.rsa.jcp;

import com.rsa.cryptoj.f.AbstractC0360jm;
import com.rsa.cryptoj.f.C0160fx;
import com.rsa.cryptoj.f.C0192hb;
import com.rsa.cryptoj.f.C0487oe;
import com.rsa.cryptoj.f.C0506ox;
import com.rsa.cryptoj.f.C0596sf;
import com.rsa.cryptoj.f.C0600sj;
import com.rsa.cryptoj.f.C0667uw;
import com.rsa.cryptoj.f.eC;
import com.rsa.cryptoj.f.hS;
import com.rsa.cryptoj.f.kT;
import com.rsa.cryptoj.f.oU;
import com.rsa.jsafe.crypto.FIPS140Context;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:META-INF/lib/cryptoj-5.0.1-FIPS.jar:com/rsa/jcp/OCSP.class */
public final class OCSP {
    private OCSP() {
    }

    public static byte[] sendRequest(String str, X509Certificate x509Certificate, PublicKey publicKey) throws OCSPException {
        C0506ox.d();
        return sendRequest(str, x509Certificate, publicKey, createRequestExtensions(new ArrayList()));
    }

    public static byte[] sendRequest(String str, X509Certificate x509Certificate, PublicKey publicKey, byte[] bArr) throws OCSPException {
        C0506ox.d();
        C0160fx a = C0487oe.a();
        try {
            C0192hb c0192hb = new C0192hb(a, x509Certificate, publicKey, new OCSPResponderConfig(str), bArr);
            kT kTVar = new kT(a);
            byte[] a2 = kTVar.a(c0192hb, str, (String) null);
            if (a2 == null) {
                throw new OCSPException("OCSP request was unsuccessful: " + kTVar.a());
            }
            return a2;
        } catch (oU e) {
            throw new OCSPException("Invalid DER-encoded extensions.");
        } catch (InvalidAlgorithmParameterException e2) {
            throw new OCSPException(e2.getMessage());
        }
    }

    public static OCSPStatusType checkRevocationStatus(byte[] bArr, X509Certificate x509Certificate, PublicKey publicKey) throws OCSPException {
        C0506ox.d();
        C0600sj c0600sj = new C0600sj(C0487oe.a(), bArr);
        if (!c0600sj.c()) {
            throw new OCSPException(c0600sj.d());
        }
        try {
            C0600sj.a a = c0600sj.a(x509Certificate, publicKey);
            if (a == null) {
                throw new OCSPException("Response did not contain status for specified certificate.");
            }
            return OCSPStatusType.a(a.f());
        } catch (InvalidAlgorithmParameterException e) {
            throw new OCSPException(e);
        }
    }

    public static byte[] createNonceExtension(byte[] bArr) {
        C0506ox.d();
        return C0596sf.c(eC.a(bArr));
    }

    public static byte[] createRequestExtensions(List<byte[]> list) {
        C0506ox.d();
        boolean z = false;
        ArrayList arrayList = new ArrayList();
        Iterator<byte[]> it = list.iterator();
        while (it.hasNext()) {
            try {
                AbstractC0360jm a = C0596sf.a("Extension", it.next(), 0);
                if (a.a("extnID").equals(hS.cP.c())) {
                    z = true;
                }
                arrayList.add(a);
            } catch (oU e) {
                throw new InvalidParameterException("Input contained invalid extension encoding.");
            }
        }
        if (!z) {
            arrayList.add(eC.a());
        }
        return C0596sf.c(C0596sf.a("Extensions", arrayList));
    }

    public static byte[] createResponderIDBytes(X509Certificate x509Certificate, boolean z, FIPS140Mode fIPS140Mode) {
        C0506ox.d();
        if (C0667uw.a()) {
            return a(x509Certificate, z, C0160fx.a(fIPS140Mode.getValue(), 11));
        }
        throw new SecurityException("Cannot use this API with non-FIPS 140 toolkit");
    }

    public static byte[] createResponderIDBytes(X509Certificate x509Certificate, boolean z, FIPS140Context fIPS140Context) {
        C0506ox.d();
        if (C0667uw.a()) {
            return a(x509Certificate, z, C0160fx.a(fIPS140Context.getModeValue(), fIPS140Context.getRoleValue()));
        }
        throw new SecurityException("Cannot use this API with non-FIPS 140 toolkit");
    }

    public static byte[] createResponderIDBytes(X509Certificate x509Certificate, boolean z) {
        C0506ox.d();
        return a(x509Certificate, z, C0487oe.a());
    }

    private static byte[] a(X509Certificate x509Certificate, boolean z, C0160fx c0160fx) {
        return z ? C0596sf.c(C0596sf.a("Name", x509Certificate.getSubjectX500Principal().getEncoded(), 0).c(C0596sf.c(1))) : eC.a(x509Certificate.getPublicKey(), true, c0160fx);
    }
}
