package com.rsa.cryptoj.o;

import com.rsa.jcp.OCSPResponderConfig;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes.dex */
public class pw {

    /* renamed from: a, reason: collision with root package name */
    private static final String f2110a = "Error signing OCSP request.";

    /* renamed from: b, reason: collision with root package name */
    private static final int f2111b = 16;

    /* renamed from: c, reason: collision with root package name */
    private SecureRandom f2112c;
    private final OCSPResponderConfig d;
    private final d e;
    private final cf f;
    private byte[] g;
    private d h;
    private final List<ca> i;

    public pw(cf cfVar, List<ca> list, X509Certificate x509Certificate, PublicKey publicKey, OCSPResponderConfig oCSPResponderConfig) throws InvalidAlgorithmParameterException {
        this.f = cfVar;
        this.i = list;
        this.d = oCSPResponderConfig;
        this.e = qa.a(oCSPResponderConfig.getDigestAlgorithm(), cfVar, list, x509Certificate, publicKey);
    }

    public pw(cf cfVar, List<ca> list, X509Certificate x509Certificate, PublicKey publicKey, OCSPResponderConfig oCSPResponderConfig, byte[] bArr) throws InvalidAlgorithmParameterException, b {
        this(cfVar, list, x509Certificate, publicKey, oCSPResponderConfig);
        if (bArr != null) {
            this.h = a.a("Extensions", bArr, 0).c(a.c(2));
        }
    }

    private Object[] a(byte[] bArr) throws CertPathValidatorException {
        if (!this.d.isSigningEnabled()) {
            return null;
        }
        try {
            oe c2 = ke.c(this.d.getSigningAlgorithm(), this.f, this.i);
            c2.initSign(this.d.getSigningKey(), this.f2112c);
            c2.update(bArr);
            return new Object[]{new Object[]{ou.b(this.d.getSigningAlgorithm()).c(), null}, c2.sign(), i()};
        } catch (InvalidKeyException e) {
            throw new CertPathValidatorException(f2110a, e);
        } catch (NoSuchAlgorithmException e2) {
            throw new CertPathValidatorException(f2110a, e2);
        } catch (SignatureException e3) {
            throw new CertPathValidatorException(f2110a, e3);
        }
    }

    private void d() {
        this.g = new byte[16];
        SecureRandom secureRandom = this.f2112c;
        if (secureRandom == null) {
            cw.a(this.f).nextBytes(this.g);
        } else {
            secureRandom.nextBytes(this.g);
        }
    }

    private d e() {
        Object[] objArr = new Object[4];
        objArr[0] = null;
        objArr[1] = this.d.isSigningEnabled() ? new Object[]{f()} : null;
        objArr[2] = h();
        Object obj = this.h;
        if (obj == null) {
            obj = g();
        }
        objArr[3] = obj;
        return a.a("TBSRequest", objArr);
    }

    private d f() {
        return a.a("Name", this.d.getExtraCerts().get(0).getSubjectX500Principal().getEncoded(), 0).c(a.c(4));
    }

    private Object[] g() {
        if (!this.d.isNonceInUse()) {
            return new Object[]{qa.a()};
        }
        d();
        return new Object[]{qa.a(this.g), qa.a()};
    }

    private Object[] h() {
        return new Object[]{new Object[]{this.e, null}};
    }

    private List<d> i() throws CertPathValidatorException {
        ArrayList arrayList = new ArrayList();
        Iterator<X509Certificate> it = this.d.getExtraCerts().iterator();
        while (it.hasNext()) {
            try {
                arrayList.add(a.a("Certificate", it.next().getEncoded(), 0));
            } catch (CertificateEncodingException unused) {
                throw new CertPathValidatorException("Could not construct OCSP request: error including extra certificates.");
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] a() throws CertPathValidatorException {
        d e = e();
        return a.c(a.a("OCSPRequest", new Object[]{e, a(a.c(e))}));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] b() {
        return a.a(this.e);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] c() {
        return this.g;
    }
}
