package net.netca.pki.encoding.asn1.pki.ocsp;

import net.netca.pki.PkiException;
import net.netca.pki.encoding.asn1.ASN1Data;
import net.netca.pki.encoding.asn1.ASN1Object;
import net.netca.pki.encoding.asn1.ASN1TypeManager;
import net.netca.pki.encoding.asn1.BitString;
import net.netca.pki.encoding.asn1.Integer;
import net.netca.pki.encoding.asn1.Sequence;
import net.netca.pki.encoding.asn1.SequenceOf;
import net.netca.pki.encoding.asn1.SequenceType;
import net.netca.pki.encoding.asn1.TaggedValue;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.Extensions;
import net.netca.pki.encoding.asn1.pki.GeneralName;
import net.netca.pki.encoding.asn1.pki.Verifible;
import net.netca.pki.encoding.asn1.pki.X509Certificate;

/* loaded from: classes3.dex */
public final class OCSPRequest {
    public static final int V1 = 0;
    private static final SequenceType type = (SequenceType) ASN1TypeManager.getInstance().get("OCSPRequest");
    private X509Certificate cert;
    private ASN1Data req;

    public OCSPRequest(Sequence sequence) throws PkiException {
        this.cert = null;
        if (!type.match(sequence)) {
            throw new PkiException("not OCSPRequest");
        }
        this.req = new ASN1Data("OCSPRequest", sequence);
    }

    public OCSPRequest(byte[] bArr) throws PkiException {
        this(bArr, 0, bArr.length);
    }

    public OCSPRequest(byte[] bArr, int i2, int i3) throws PkiException {
        this.cert = null;
        ASN1Object decode = ASN1Object.decode(bArr, i2, i3, type);
        if (decode == null) {
            throw new PkiException("not OCSPRequest");
        }
        this.req = new ASN1Data("OCSPRequest", decode);
    }

    public static OCSPRequest decode(byte[] bArr) throws PkiException {
        return new OCSPRequest(bArr);
    }

    public static SequenceType getASN1Type() {
        return type;
    }

    private boolean matchGeneralName(X509Certificate x509Certificate, GeneralName generalName) throws PkiException {
        if (generalName.getType() != 4) {
            return false;
        }
        byte[] encode = generalName.getDirectoryName().getASN1Object().encode();
        byte[] encode2 = x509Certificate.getSubject().getASN1Object().encode();
        if (encode.length != encode2.length) {
            return false;
        }
        for (int i2 = 0; i2 < encode.length; i2++) {
            if (encode[i2] != encode2[i2]) {
                return false;
            }
        }
        return true;
    }

    public byte[] derEncode() throws PkiException {
        return this.req.encode();
    }

    public ASN1Object getASN1Object() {
        return this.req.getValue();
    }

    public Extensions getExtensions() throws PkiException {
        ASN1Object value = this.req.getValue("tbsRequest.requestExtensions.value");
        if (value == null) {
            return null;
        }
        return new Extensions((SequenceOf) value);
    }

    public X509Certificate getOptionalSignCert(int i2) throws PkiException {
        ASN1Object value = this.req.getValue("optionalSignature.value.certs.value");
        if (value != null) {
            return new X509Certificate((Sequence) ((SequenceOf) value).get(i2));
        }
        throw new PkiException("get Optional Sign Cert fail");
    }

    public int getOptionalSignCertCount() throws PkiException {
        ASN1Object value = this.req.getValue("optionalSignature.value.certs.value");
        if (value != null) {
            return ((SequenceOf) value).size();
        }
        throw new PkiException("get Optional Sign Cert Count fail");
    }

    public RequestList getRequestList() throws PkiException {
        ASN1Object value = this.req.getValue("tbsRequest.requestList");
        if (value != null) {
            return new RequestList((SequenceOf) value);
        }
        throw new PkiException("get requestList fail");
    }

    public GeneralName getRequestorName() throws PkiException {
        ASN1Object value = this.req.getValue("tbsRequest.requestorName.value");
        if (value == null) {
            return null;
        }
        return new GeneralName((TaggedValue) value);
    }

    public byte[] getSignature() throws PkiException {
        ASN1Object value = this.req.getValue("optionalSignature.value.signature");
        if (value == null) {
            throw new PkiException("get signature fail");
        }
        BitString bitString = (BitString) value;
        if (bitString.getUnusedBits() == 0) {
            return bitString.getValue();
        }
        throw new PkiException("signature's unusedBits is not zeor " + bitString.getUnusedBits());
    }

    public AlgorithmIdentifier getSignatureAlgorithmIdentifier() throws PkiException {
        ASN1Object value = this.req.getValue("optionalSignature.value.signatureAlgorithm");
        if (value != null) {
            return new AlgorithmIdentifier((Sequence) value);
        }
        throw new PkiException("get signature algorithm fail");
    }

    public X509Certificate getSignatureCert() throws PkiException {
        return this.cert;
    }

    public byte[] getTbs() throws PkiException {
        ASN1Object value = this.req.getValue("tbsRequest");
        if (value != null) {
            return value.encode();
        }
        throw new PkiException("get tbsRequest fail");
    }

    public int getVersion() throws PkiException {
        ASN1Object value = this.req.getValue("tbsRequest.version.value");
        if (value != null) {
            return ((Integer) value).getIntegerValue();
        }
        throw new PkiException("get version fail");
    }

    public boolean hasSignature() {
        return this.req.getValue("optionalSignature") != null;
    }

    public boolean verifySignature(Verifible verifible) throws PkiException {
        return verifySignature(verifible, null);
    }

    public boolean verifySignature(Verifible verifible, X509Certificate x509Certificate) throws PkiException {
        if (!hasSignature()) {
            throw new PkiException("no signature");
        }
        GeneralName requestorName = getRequestorName();
        AlgorithmIdentifier signatureAlgorithmIdentifier = getSignatureAlgorithmIdentifier();
        byte[] tbs = getTbs();
        byte[] signature = getSignature();
        if (x509Certificate != null && matchGeneralName(x509Certificate, requestorName)) {
            if (!verifible.verify(x509Certificate.getSubjectPublicKeyInfo().getPublicKey(), signatureAlgorithmIdentifier, tbs, 0, tbs.length, signature)) {
                return false;
            }
            this.cert = x509Certificate;
            return true;
        }
        int optionalSignCertCount = getOptionalSignCertCount();
        for (int i2 = 0; i2 < optionalSignCertCount; i2++) {
            X509Certificate optionalSignCert = getOptionalSignCert(i2);
            if (matchGeneralName(optionalSignCert, requestorName)) {
                if (!verifible.verify(optionalSignCert.getSubjectPublicKeyInfo().getPublicKey(), signatureAlgorithmIdentifier, tbs, 0, tbs.length, signature)) {
                    return false;
                }
                this.cert = optionalSignCert;
                return true;
            }
        }
        return false;
    }
}
