package com.xdja.pki.issue;

import com.xdja.pki.asn1.issue.ASN1CRL;
import com.xdja.pki.asn1.issue.CertStatus;
import com.xdja.pki.asn1.issue.TBSIssueRequest;
import com.xdja.pki.ldap.utils.X509Utils;
import java.io.IOException;
import java.security.KeyPair;
import java.security.NoSuchProviderException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.List;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.x509.CRLReason;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.CertificateList;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import sun.security.provider.certpath.X509CertificatePair;

/* loaded from: input_file:com/xdja/pki/issue/PkixIssueReqBuilder.class */
public class PkixIssueReqBuilder extends BasicPkixIssueBuilder {
    private String hashAlgorithm;

    public PkixIssueReqBuilder(KeyPair keyPair, X509Certificate x509Certificate, String str) {
        super(keyPair, x509Certificate);
        this.hashAlgorithm = str;
    }

    public PkixIssueReq build(X509Certificate x509Certificate, X509Certificate x509Certificate2, X509Certificate x509Certificate3) throws Exception {
        if (!X509Utils.verifyCert(x509Certificate2, this.certificate.getPublicKey()) || !X509Utils.verifyCert(x509Certificate, x509Certificate3.getPublicKey()) || !X509Utils.verifyCert(x509Certificate3, x509Certificate3.getPublicKey())) {
            throw new Exception("verify is false");
        }
        this.certificate = x509Certificate3;
        return generate(TBSIssueType.UPDATE_ROOT_CERTIFICATE, new Certificate[]{X509Utils.convertCertificate(x509Certificate), X509Utils.convertCertificate(x509Certificate2), X509Utils.convertCertificate(x509Certificate3)}, null, null);
    }

    public PkixIssueReq build(X509Certificate x509Certificate) throws Exception {
        return generate(TBSIssueType.SEND_CERTIFICATE, new Certificate[]{X509Utils.convertCertificate(x509Certificate)}, null, null);
    }

    public PkixIssueReq buildSendCerts(List<X509Certificate> list) throws Exception {
        Certificate[] certificateArr = new Certificate[list.size()];
        for (int i = 0; i < list.size(); i++) {
            certificateArr[i] = X509Utils.convertCertificate(list.get(i));
        }
        return generate(TBSIssueType.SEND_CERTIFICATE, certificateArr, null, null);
    }

    public PkixIssueReq build(int i, X509CRL x509crl) throws Exception {
        return generate(TBSIssueType.SEND_CRL, null, null, new ASN1CRL[]{generateASN1CRL(i, x509crl)});
    }

    public PkixIssueReq buildSendCrls(List<PkixIssueCRL> list) throws Exception {
        ASN1CRL[] asn1crlArr = new ASN1CRL[list.size()];
        for (int i = 0; i < list.size(); i++) {
            asn1crlArr[i] = generateASN1CRL(list.get(i).getCrlSegment(), list.get(i).getCrl());
        }
        return generate(TBSIssueType.SEND_CRL, null, null, asn1crlArr);
    }

    public PkixIssueReq build(TBSIssueCRLReason tBSIssueCRLReason, X509Certificate x509Certificate) throws Exception {
        return generate(TBSIssueType.SEND_CERTIFICATE_STATUS, null, new CertStatus[]{generateCertStatus(tBSIssueCRLReason.getType(), x509Certificate)}, null);
    }

    public PkixIssueReq buildSendCertStatuses(List<PkixIssueCertStatus> list) throws Exception {
        CertStatus[] certStatusArr = new CertStatus[list.size()];
        for (int i = 0; i < list.size(); i++) {
            certStatusArr[i] = generateCertStatus(list.get(i).getReason().getType(), list.get(i).getCertificate());
        }
        return generate(TBSIssueType.SEND_CERTIFICATE_STATUS, null, certStatusArr, null);
    }

    public PkixIssueReq build(X509CertificatePair x509CertificatePair) throws Exception {
        if (x509CertificatePair.getForward() == null && x509CertificatePair.getReverse() == null) {
            throw new Exception("can not be all null");
        }
        return x509CertificatePair.getForward() == null ? generate(TBSIssueType.SEND_CROSS_CERTIFICATE, new Certificate[]{X509Utils.convertCertificate(x509CertificatePair.getReverse())}, null, null) : x509CertificatePair.getReverse() == null ? generate(TBSIssueType.SEND_CROSS_CERTIFICATE, new Certificate[]{X509Utils.convertCertificate(x509CertificatePair.getForward())}, null, null) : generate(TBSIssueType.SEND_CROSS_CERTIFICATE, new Certificate[]{X509Utils.convertCertificate(x509CertificatePair.getForward()), X509Utils.convertCertificate(x509CertificatePair.getReverse())}, null, null);
    }

    private ASN1CRL generateASN1CRL(int i, X509CRL x509crl) throws CRLException, CertificateException, NoSuchProviderException, IOException {
        byte[] extensionValue;
        ASN1Integer aSN1Integer = new ASN1Integer(0L);
        ASN1Integer aSN1Integer2 = new ASN1Integer(i);
        ASN1Integer aSN1Integer3 = new ASN1Integer(x509crl.getExtensionValue(Extension.cRLNumber.getId()));
        ASN1Integer aSN1Integer4 = null;
        if (X509Utils.isDRL(x509crl) && (extensionValue = x509crl.getExtensionValue(Extension.deltaCRLIndicator.getId())) != null) {
            aSN1Integer4 = ASN1Integer.getInstance(DEROctetString.getInstance(extensionValue).getOctets());
        }
        return new ASN1CRL(aSN1Integer, aSN1Integer2, aSN1Integer3, aSN1Integer4, CertificateList.getInstance(x509crl.getEncoded()));
    }

    private CertStatus generateCertStatus(int i, X509Certificate x509Certificate) throws Exception {
        CertificateID certificateID = new CertificateID(new BcDigestCalculatorProvider().get(new DefaultDigestAlgorithmIdentifierFinder().find(this.hashAlgorithm)), new X509CertificateHolder(this.certificate.getEncoded()), x509Certificate.getSerialNumber());
        return new CertStatus(certificateID.toASN1Primitive(), new ASN1GeneralizedTime(x509Certificate.getNotBefore()), new ASN1GeneralizedTime(x509Certificate.getNotAfter()), TBSIssueCRLStatus.INVALID.encode(), new ASN1GeneralizedTime(new Date(System.currentTimeMillis())), CRLReason.lookup(i));
    }

    private PkixIssueReq generate(TBSIssueType tBSIssueType, Certificate[] certificateArr, CertStatus[] certStatusArr, ASN1CRL[] asn1crlArr) throws Exception {
        ASN1Integer aSN1Integer;
        ASN1Integer encode = tBSIssueType.encode();
        ASN1OctetString generateTransNonce = PkixIssueUtils.generateTransNonce();
        ASN1GeneralizedTime generateTime = PkixIssueUtils.generateTime();
        switch (tBSIssueType) {
            case UPDATE_ROOT_CERTIFICATE:
            case SEND_CERTIFICATE:
            case SEND_CROSS_CERTIFICATE:
                aSN1Integer = new ASN1Integer(certificateArr.length);
                break;
            case SEND_CRL:
                aSN1Integer = new ASN1Integer(asn1crlArr.length);
                break;
            case SEND_CERTIFICATE_STATUS:
                aSN1Integer = new ASN1Integer(certStatusArr.length);
                break;
            default:
                throw new Exception("unknown type " + tBSIssueType);
        }
        TBSIssueRequest tBSIssueRequest = new TBSIssueRequest(encode, generateTransNonce, aSN1Integer, generateTime, certificateArr, certStatusArr, asn1crlArr);
        return new PkixIssueReq(tBSIssueRequest, getSignature(tBSIssueRequest));
    }
}
