package com.rsa.certj.provider.pki.cmp;

import com.rsa.asn1.ASN1;
import com.rsa.asn1.ASN1Container;
import com.rsa.asn1.ASN1Template;
import com.rsa.asn1.ASN_Exception;
import com.rsa.asn1.EncodedContainer;
import com.rsa.asn1.EndContainer;
import com.rsa.asn1.IntegerContainer;
import com.rsa.asn1.OctetStringContainer;
import com.rsa.asn1.OfContainer;
import com.rsa.asn1.SequenceContainer;
import com.rsa.certj.CertJ;
import com.rsa.certj.InvalidParameterException;
import com.rsa.certj.cert.Certificate;
import com.rsa.certj.cert.CertificateException;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.spi.pki.PKIException;
import com.rsa.certj.spi.pki.PKIStatusInfo;
import com.rsa.jsafe.JSAFE_Exception;
import com.rsa.jsafe.JSAFE_MessageDigest;
import java.util.StringTokenizer;

/* loaded from: input_file:weblogic.jar:com/rsa/certj/provider/pki/cmp/CMPCertConfirmMessage.class */
public final class CMPCertConfirmMessage extends CMPRequestCommon {
    private PKIStatusInfo statusInfo;
    private Certificate certReturned;

    /* renamed from: com.rsa.certj.provider.pki.cmp.CMPCertConfirmMessage$1, reason: invalid class name */
    /* loaded from: input_file:weblogic.jar:com/rsa/certj/provider/pki/cmp/CMPCertConfirmMessage$1.class */
    class AnonymousClass1 {
    }

    /* loaded from: input_file:weblogic.jar:com/rsa/certj/provider/pki/cmp/CMPCertConfirmMessage$CertConfirmContent.class */
    private class CertConfirmContent {
        private CertStatus certStatus;
        private final CMPCertConfirmMessage this$0;

        private CertConfirmContent(CMPCertConfirmMessage cMPCertConfirmMessage, PKIStatusInfo pKIStatusInfo, Certificate certificate, String str) throws CMPException {
            this.this$0 = cMPCertConfirmMessage;
            this.certStatus = new CertStatus(cMPCertConfirmMessage, pKIStatusInfo, certificate, str, null);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public byte[] derEncode(int i) throws CMPException {
            OfContainer ofContainer = new OfContainer(i, true, 0, ASN1.SEQUENCE, ASN1.ENCODED, ASN1.SEQUENCE, 0);
            try {
                byte[] derEncode = this.certStatus.derEncode();
                ofContainer.addContainer(new EncodedContainer(0, true, 0, derEncode, 0, derEncode.length));
                ASN1Template aSN1Template = new ASN1Template(new ASN1Container[]{ofContainer});
                try {
                    byte[] bArr = new byte[aSN1Template.derEncodeInit()];
                    aSN1Template.derEncode(bArr, 0);
                    return bArr;
                } catch (ASN_Exception e) {
                    throw new CMPException(new StringBuffer().append("CMPCertConfirmMessage$CertConfirmContent.derEncode: encoding CertConfirmContent faild(").append(e.getMessage()).append(").").toString());
                }
            } catch (ASN_Exception e2) {
                throw new CMPException(new StringBuffer().append("CMPCertConfirmMessage$CertConfirmContent.derEncode: unable to add an element to OfContainer(").append(e2.getMessage()).append(").").toString());
            }
        }

        CertConfirmContent(CMPCertConfirmMessage cMPCertConfirmMessage, PKIStatusInfo pKIStatusInfo, Certificate certificate, String str, AnonymousClass1 anonymousClass1) throws CMPException {
            this(cMPCertConfirmMessage, pKIStatusInfo, certificate, str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic.jar:com/rsa/certj/provider/pki/cmp/CMPCertConfirmMessage$CertStatus.class */
    public class CertStatus {
        private PKIStatusInfo statusInfo;
        private byte[] certHash;
        private final CMPCertConfirmMessage this$0;

        private CertStatus(CMPCertConfirmMessage cMPCertConfirmMessage, PKIStatusInfo pKIStatusInfo, Certificate certificate, String str) throws CMPException {
            this.this$0 = cMPCertConfirmMessage;
            this.statusInfo = pKIStatusInfo;
            this.certHash = createCertHash(certificate, str);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public byte[] derEncode() throws CMPException {
            EncodedContainer encodedContainer;
            SequenceContainer sequenceContainer = new SequenceContainer(0, true, 0);
            EndContainer endContainer = new EndContainer();
            OctetStringContainer octetStringContainer = new OctetStringContainer(0, true, 0, this.certHash, 0, this.certHash.length);
            if (this.statusInfo == null) {
                encodedContainer = new EncodedContainer(65536, false, 0, null, 0, 0);
            } else {
                try {
                    byte[] bArr = new byte[this.statusInfo.getDERLen(65536)];
                    this.statusInfo.getDEREncoding(bArr, 0, 65536);
                    encodedContainer = new EncodedContainer(65536, true, 0, bArr, 0, bArr.length);
                } catch (PKIException e) {
                    throw new CMPException("CMPCertConfirmMessage$CertStatus.derEncode: unable to encode StatusInfo");
                }
            }
            ASN1Template aSN1Template = new ASN1Template(new ASN1Container[]{sequenceContainer, octetStringContainer, new IntegerContainer(0, true, 0, 0), encodedContainer, endContainer});
            try {
                byte[] bArr2 = new byte[aSN1Template.derEncodeInit()];
                aSN1Template.derEncode(bArr2, 0);
                return bArr2;
            } catch (ASN_Exception e2) {
                throw new CMPException(new StringBuffer().append("CMPCertConfirmMessage$CertStatus.derEncode: encoding CertStatus faild(").append(e2.getMessage()).append(").").toString());
            }
        }

        private byte[] createCertHash(Certificate certificate, String str) throws CMPException {
            if (!(certificate instanceof X509Certificate)) {
                throw new CMPException("CMPCertConfirmMessage$CertStatus.createCertHash: cert has to be an instance of X509Certificate.");
            }
            X509Certificate x509Certificate = (X509Certificate) certificate;
            try {
                StringTokenizer stringTokenizer = new StringTokenizer(x509Certificate.getSignatureAlgorithm(), "/");
                if (!stringTokenizer.hasMoreTokens()) {
                    throw new CMPException("CMPCertConfirmMessage$CertStatus.createCertHash: unable to get signature algorithm from cert.");
                }
                String nextToken = stringTokenizer.nextToken();
                try {
                    JSAFE_MessageDigest jSAFE_MessageDigest = JSAFE_MessageDigest.getInstance(nextToken, str);
                    jSAFE_MessageDigest.digestInit();
                    byte[] bArr = new byte[x509Certificate.getDERLen(0)];
                    try {
                        x509Certificate.getDEREncoding(bArr, 0, 0);
                        try {
                            jSAFE_MessageDigest.digestUpdate(bArr, 0, bArr.length);
                            return jSAFE_MessageDigest.digestFinal();
                        } catch (JSAFE_Exception e) {
                            throw new CMPException(new StringBuffer().append("CMPCertConfirmMessage$CertStatus.createCertHash: unable to compute digest(").append(e.getMessage()).append(").").toString());
                        }
                    } catch (CertificateException e2) {
                        throw new CMPException(new StringBuffer().append("CMPCertConfirmMessage$CertStatus.createCertHash: unable to get DER encoding of cert(").append(e2.getMessage()).append(").").toString());
                    }
                } catch (JSAFE_Exception e3) {
                    throw new CMPException(new StringBuffer().append("CMPCertConfirmMessage$CertStatus.createCertHash: unable to get digest algorithm for ").append(nextToken).append("(").append(e3.getMessage()).append(").").toString());
                }
            } catch (CertificateException e4) {
                throw new CMPException("CMPCertConfirmMessage$CertStatus.createCertHash: unable to get signature algorithm from cert.");
            }
        }

        CertStatus(CMPCertConfirmMessage cMPCertConfirmMessage, PKIStatusInfo pKIStatusInfo, Certificate certificate, String str, AnonymousClass1 anonymousClass1) throws CMPException {
            this(cMPCertConfirmMessage, pKIStatusInfo, certificate, str);
        }
    }

    public CMPCertConfirmMessage(CMPCertResponseCommon cMPCertResponseCommon, PKIStatusInfo pKIStatusInfo) throws InvalidParameterException {
        super(24, null);
        if (cMPCertResponseCommon == null) {
            throw new InvalidParameterException("CMPCertConfirmMessage.CMPCertConfirmMessage: response should not be null.");
        }
        setRecipNonce(cMPCertResponseCommon.getSenderNonce());
        this.statusInfo = pKIStatusInfo;
        this.certReturned = cMPCertResponseCommon.getCertificate();
        if (this.certReturned == null) {
            throw new InvalidParameterException("CMPCertConfirmMessage.CMPCertConfirmMessage: response should contain certificate.");
        }
        setTransactionID(cMPCertResponseCommon.getTransactionID());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Certificate getCertificateReturned() {
        return this.certReturned;
    }

    @Override // com.rsa.certj.provider.pki.cmp.CMPRequestCommon
    protected byte[] derEncodeBody(CertJ certJ) throws CMPException {
        return new CertConfirmContent(this, this.statusInfo, this.certReturned, certJ.getDevice(), null).derEncode(10485760 | getMessageType());
    }
}
