package com.rsa.cryptoj.f;

import com.rsa.jcp.OCSPResponderConfig;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

/* renamed from: com.rsa.cryptoj.f.hb, reason: case insensitive filesystem */
/* loaded from: input_file:META-INF/lib/cryptoj-5.0.1-FIPS.jar:com/rsa/cryptoj/f/hb.class */
public class C0192hb {
    private static final String a = "Error signing OCSP request.";
    private static final int b = 16;
    private SecureRandom c;
    private final OCSPResponderConfig d;
    private AbstractC0360jm e;
    private final C0160fx f;
    private byte[] g;
    private AbstractC0360jm h;

    public C0192hb(C0160fx c0160fx, X509Certificate x509Certificate, PublicKey publicKey, OCSPResponderConfig oCSPResponderConfig, byte[] bArr) throws InvalidAlgorithmParameterException, oU {
        this(c0160fx, x509Certificate, publicKey, oCSPResponderConfig);
        if (bArr != null) {
            this.h = C0596sf.a("Extensions", bArr, 0).c(C0596sf.c(2));
        }
    }

    public C0192hb(C0160fx c0160fx, X509Certificate x509Certificate, PublicKey publicKey, OCSPResponderConfig oCSPResponderConfig) throws InvalidAlgorithmParameterException {
        this.f = c0160fx;
        this.d = oCSPResponderConfig;
        this.e = eC.a(oCSPResponderConfig.getDigestAlgorithm(), c0160fx, x509Certificate, publicKey);
    }

    private void d() {
        this.g = new byte[16];
        if (this.c == null) {
            C0413ll.a().b(this.g);
        } else {
            this.c.nextBytes(this.g);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] a() throws CertPathValidatorException {
        AbstractC0360jm e = e();
        return C0596sf.c(C0596sf.a("OCSPRequest", new Object[]{e, a(C0596sf.c(e))}));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] b() {
        return C0596sf.a(this.e);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] c() {
        return this.g;
    }

    private AbstractC0360jm e() {
        Object[] objArr = new Object[4];
        objArr[0] = null;
        objArr[1] = this.d.isSigningEnabled() ? new Object[]{f()} : null;
        objArr[2] = h();
        objArr[3] = this.h == null ? g() : this.h;
        return C0596sf.a("TBSRequest", objArr);
    }

    private AbstractC0360jm f() {
        return C0596sf.a("Name", ((X509Certificate) this.d.getExtraCerts().get(0)).getSubjectX500Principal().getEncoded(), 0).c(C0596sf.c(4));
    }

    private Object[] g() {
        if (!this.d.isNonceInUse()) {
            return new Object[]{eC.a()};
        }
        d();
        return new Object[]{eC.a(this.g), eC.a()};
    }

    private Object[] h() {
        return new Object[]{new Object[]{this.e, null}};
    }

    private Object[] a(byte[] bArr) throws CertPathValidatorException {
        if (!this.d.isSigningEnabled()) {
            return null;
        }
        try {
            AbstractC0726y c = C0067ck.c(this.d.getSigningAlgorithm(), this.f);
            c.initSign(this.d.getSigningKey(), this.c);
            c.update(bArr);
            return new Object[]{new Object[]{sI.b(this.d.getSigningAlgorithm()).c(), null}, c.sign(), i()};
        } catch (InvalidKeyException e) {
            throw new CertPathValidatorException(a, e);
        } catch (NoSuchAlgorithmException e2) {
            throw new CertPathValidatorException(a, e2);
        } catch (SignatureException e3) {
            throw new CertPathValidatorException(a, e3);
        }
    }

    private List i() throws CertPathValidatorException {
        ArrayList arrayList = new ArrayList();
        Iterator it = this.d.getExtraCerts().iterator();
        while (it.hasNext()) {
            try {
                arrayList.add(C0596sf.a("Certificate", ((X509Certificate) it.next()).getEncoded(), 0));
            } catch (CertificateEncodingException e) {
                throw new CertPathValidatorException("Could not construct OCSP request: error including extra certificates.");
            }
        }
        return arrayList;
    }
}
