package com.rsa.jcp;

import com.rsa.cryptoj.o.a;
import com.rsa.cryptoj.o.b;
import com.rsa.cryptoj.o.ca;
import com.rsa.cryptoj.o.ce;
import com.rsa.cryptoj.o.cf;
import com.rsa.cryptoj.o.d;
import com.rsa.cryptoj.o.ka;
import com.rsa.cryptoj.o.ov;
import com.rsa.cryptoj.o.pw;
import com.rsa.cryptoj.o.px;
import com.rsa.cryptoj.o.pz;
import com.rsa.cryptoj.o.qa;
import com.rsa.jsafe.crypto.FIPS140Context;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes.dex */
public final class OCSP {
    private OCSP() {
    }

    private static byte[] a(X509Certificate x509Certificate, boolean z3, cf cfVar) {
        cfVar.l();
        return z3 ? a.c(a.a("Name", x509Certificate.getSubjectX500Principal().getEncoded(), 0).c(a.c(1))) : qa.a(x509Certificate.getPublicKey(), true, cfVar, ka.f6625a);
    }

    public static OCSPStatusType checkRevocationStatus(byte[] bArr, X509Certificate x509Certificate, PublicKey publicKey) throws OCSPException {
        px pxVar = new px(ce.a(), ka.f6625a, bArr);
        if (!pxVar.c()) {
            throw new OCSPException(pxVar.d());
        }
        try {
            px.a a4 = pxVar.a(x509Certificate, publicKey);
            if (a4 != null) {
                return OCSPStatusType.a(a4.f());
            }
            throw new OCSPException("Response did not contain status for specified certificate.");
        } catch (InvalidAlgorithmParameterException e4) {
            throw new OCSPException(e4);
        }
    }

    public static byte[] createNonceExtension(byte[] bArr) {
        return a.c(qa.a(bArr));
    }

    public static byte[] createRequestExtensions(List<byte[]> list) {
        ArrayList arrayList = new ArrayList();
        Iterator<byte[]> it = list.iterator();
        boolean z3 = false;
        while (it.hasNext()) {
            try {
                d a4 = a.a("Extension", it.next(), 0);
                if (a4.a("extnID").equals(ov.dg.c())) {
                    z3 = true;
                }
                arrayList.add(a4);
            } catch (b unused) {
                throw new InvalidParameterException("Input contained invalid extension encoding.");
            }
        }
        if (!z3) {
            arrayList.add(qa.a());
        }
        return a.c(a.a("Extensions", arrayList));
    }

    public static byte[] createResponderIDBytes(X509Certificate x509Certificate, boolean z3) {
        return a(x509Certificate, z3, ce.a());
    }

    public static byte[] createResponderIDBytes(X509Certificate x509Certificate, boolean z3, FIPS140Context fIPS140Context) {
        return a(x509Certificate, z3, com.rsa.jsafe.provider.b.a(fIPS140Context));
    }

    public static byte[] sendRequest(String str, X509Certificate x509Certificate, PublicKey publicKey) throws OCSPException {
        return sendRequest(str, x509Certificate, publicKey, createRequestExtensions(new ArrayList()));
    }

    public static byte[] sendRequest(String str, X509Certificate x509Certificate, PublicKey publicKey, byte[] bArr) throws OCSPException {
        cf a4 = ce.a();
        try {
            List<ca> list = ka.f6625a;
            pw pwVar = new pw(a4, list, x509Certificate, publicKey, new OCSPResponderConfig(str), bArr);
            pz pzVar = new pz(a4, list);
            byte[] a5 = pzVar.a(pwVar, str, (String) null);
            if (a5 != null) {
                return a5;
            }
            throw new OCSPException("OCSP request was unsuccessful: " + pzVar.a());
        } catch (b unused) {
            throw new OCSPException("Invalid DER-encoded extensions.");
        } catch (InvalidAlgorithmParameterException e4) {
            throw new OCSPException(e4.getMessage());
        }
    }
}
