package com.rsa.certj.provider.pki.cmp;

import com.rsa.asn1.ASN1Container;
import com.rsa.asn1.ASN1Template;
import com.rsa.asn1.ASN_Exception;
import com.rsa.asn1.EncodedContainer;
import com.rsa.asn1.EndContainer;
import com.rsa.asn1.IntegerContainer;
import com.rsa.asn1.OctetStringContainer;
import com.rsa.asn1.SequenceContainer;
import com.rsa.certj.cert.Certificate;
import com.rsa.certj.cert.CertificateException;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.spi.pki.PKIException;
import com.rsa.certj.spi.pki.PKIStatusInfo;
import com.rsa.jsafe.JSAFE_Exception;
import com.rsa.jsafe.JSAFE_MessageDigest;
import java.util.StringTokenizer;

/* JADX INFO: Access modifiers changed from: private */
/* loaded from: input_file:com/rsa/certj/provider/pki/cmp/Caa.class */
public final class Caa {
    private PKIStatusInfo a;
    private byte[] b;
    private final CMPCertConfirmMessage c;

    private Caa(CMPCertConfirmMessage cMPCertConfirmMessage, PKIStatusInfo pKIStatusInfo, Certificate certificate, String str) throws CMPException {
        this.c = cMPCertConfirmMessage;
        this.a = pKIStatusInfo;
        this.b = a(certificate, str);
    }

    private byte[] a() throws CMPException {
        EncodedContainer encodedContainer;
        try {
            ASN1Container sequenceContainer = new SequenceContainer(0, true, 0);
            ASN1Container endContainer = new EndContainer();
            ASN1Container octetStringContainer = new OctetStringContainer(0, true, 0, this.b, 0, this.b.length);
            if (this.a == null) {
                encodedContainer = new EncodedContainer(65536, false, 0, (byte[]) null, 0, 0);
            } else {
                try {
                    byte[] bArr = new byte[this.a.getDERLen(65536)];
                    this.a.getDEREncoding(bArr, 0, 65536);
                    encodedContainer = new EncodedContainer(65536, true, 0, bArr, 0, bArr.length);
                } catch (PKIException e) {
                    throw new CMPException("CMPCertConfirmMessage$CertStatus.derEncode: unable to encode StatusInfo");
                }
            }
            ASN1Template aSN1Template = new ASN1Template(new ASN1Container[]{sequenceContainer, octetStringContainer, new IntegerContainer(0, true, 0, 0), encodedContainer, endContainer});
            byte[] bArr2 = new byte[aSN1Template.derEncodeInit()];
            aSN1Template.derEncode(bArr2, 0);
            return bArr2;
        } catch (ASN_Exception e2) {
            throw new CMPException(new StringBuffer().append("CMPCertConfirmMessage$CertStatus.derEncode: encoding CertStatus faild(").append(e2.getMessage()).append(").").toString());
        }
    }

    private byte[] a(Certificate certificate, String str) throws CMPException {
        if (!(certificate instanceof X509Certificate)) {
            throw new CMPException("CMPCertConfirmMessage$CertStatus.createCertHash: cert has to be an instance of X509Certificate.");
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        try {
            StringTokenizer stringTokenizer = new StringTokenizer(x509Certificate.getSignatureAlgorithm(), "/");
            if (!stringTokenizer.hasMoreTokens()) {
                throw new CMPException("CMPCertConfirmMessage$CertStatus.createCertHash: unable to get signature algorithm from cert.");
            }
            String nextToken = stringTokenizer.nextToken();
            try {
                JSAFE_MessageDigest jSAFE_MessageDigest = JSAFE_MessageDigest.getInstance(nextToken, str);
                jSAFE_MessageDigest.digestInit();
                byte[] bArr = new byte[x509Certificate.getDERLen(0)];
                try {
                    x509Certificate.getDEREncoding(bArr, 0, 0);
                    try {
                        jSAFE_MessageDigest.digestUpdate(bArr, 0, bArr.length);
                        return jSAFE_MessageDigest.digestFinal();
                    } catch (JSAFE_Exception e) {
                        throw new CMPException(new StringBuffer().append("CMPCertConfirmMessage$CertStatus.createCertHash: unable to compute digest(").append(e.getMessage()).append(").").toString());
                    }
                } catch (CertificateException e2) {
                    throw new CMPException(new StringBuffer().append("CMPCertConfirmMessage$CertStatus.createCertHash: unable to get DER encoding of cert(").append(e2.getMessage()).append(").").toString());
                }
            } catch (JSAFE_Exception e3) {
                throw new CMPException(new StringBuffer().append("CMPCertConfirmMessage$CertStatus.createCertHash: unable to get digest algorithm for ").append(nextToken).append("(").append(e3.getMessage()).append(").").toString());
            }
        } catch (CertificateException e4) {
            throw new CMPException("CMPCertConfirmMessage$CertStatus.createCertHash: unable to get signature algorithm from cert.");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Caa(CMPCertConfirmMessage cMPCertConfirmMessage, PKIStatusInfo pKIStatusInfo, Certificate certificate, String str, Cy cy) throws CMPException {
        this(cMPCertConfirmMessage, pKIStatusInfo, certificate, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] a(Caa caa) throws CMPException {
        return caa.a();
    }
}
