package com.rsa.certj.provider.revocation.ocsp;

import com.rsa.asn1.ASN1;
import com.rsa.asn1.ASN1Container;
import com.rsa.asn1.ASN_Exception;
import com.rsa.asn1.BitStringContainer;
import com.rsa.asn1.EncodedContainer;
import com.rsa.asn1.EndContainer;
import com.rsa.asn1.SequenceContainer;
import com.rsa.certj.CertJ;
import com.rsa.certj.CertJUtils;
import com.rsa.certj.DatabaseService;
import com.rsa.certj.InvalidParameterException;
import com.rsa.certj.NoServiceException;
import com.rsa.certj.cert.Certificate;
import com.rsa.certj.cert.CertificateException;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.cert.X509V3Extensions;
import com.rsa.certj.cert.extensions.AuthorityInfoAccess;
import com.rsa.certj.cert.extensions.GeneralName;
import com.rsa.certj.internal.JSAFEFactory;
import com.rsa.certj.spi.db.DatabaseException;
import com.rsa.jsafe.JSAFE_MessageDigest;
import java.util.Vector;

/* loaded from: input_file:com/rsa/certj/provider/revocation/ocsp/OCSPutil.class */
public final class OCSPutil {
    private OCSPutil() {
    }

    public static String getAIALocation(X509Certificate x509Certificate) {
        X509V3Extensions extensions = x509Certificate.getExtensions();
        if (extensions == null) {
            return null;
        }
        try {
            AuthorityInfoAccess authorityInfoAccess = (AuthorityInfoAccess) extensions.getExtensionByType(100);
            if (authorityInfoAccess == null) {
                return null;
            }
            for (int i = 0; i < authorityInfoAccess.getAccessDescriptionCount(); i++) {
                if (CertJUtils.byteArraysEqual(authorityInfoAccess.getAccessMethod(i), AuthorityInfoAccess.ID_AD_OCSP)) {
                    GeneralName accessLocation = authorityInfoAccess.getAccessLocation(i);
                    if (accessLocation.getGeneralNameType() == 7) {
                        return (String) accessLocation.getGeneralName();
                    }
                }
            }
            return null;
        } catch (CertificateException e) {
            return null;
        }
    }

    public static byte[] makeDataDigest(CertJ certJ, String str, byte[] bArr, int i, int i2) throws InvalidParameterException {
        try {
            JSAFE_MessageDigest digest = JSAFEFactory.getDigest(str, certJ.getDevice(), certJ);
            byte[] bArr2 = new byte[digest.getDigestSize()];
            digest.digestInit();
            digest.digestUpdate(bArr, i, i2);
            digest.digestFinal(bArr2, 0);
            return bArr2;
        } catch (Exception e) {
            throw new InvalidParameterException("makeDataDigest:" + e.toString());
        }
    }

    public static byte[] extractKeyDER(byte[] bArr, int i) throws ASN_Exception {
        ASN1Container endContainer = new EndContainer();
        ASN1Container sequenceContainer = new SequenceContainer(0);
        ASN1Container encodedContainer = new EncodedContainer(65280);
        ASN1Container bitStringContainer = new BitStringContainer(0);
        ASN1.berDecode(bArr, i, new ASN1Container[]{sequenceContainer, encodedContainer, bitStringContainer, endContainer});
        byte[] bArr2 = new byte[((BitStringContainer) bitStringContainer).dataLen];
        System.arraycopy(((BitStringContainer) bitStringContainer).data, ((BitStringContainer) bitStringContainer).dataOffset, bArr2, 0, ((BitStringContainer) bitStringContainer).dataLen);
        return bArr2;
    }

    public static int selectCertificateByKeyHash(CertJ certJ, DatabaseService databaseService, byte[] bArr, int i, int i2, Vector<Certificate> vector) throws DatabaseException, NoServiceException, CertificateException, InvalidParameterException {
        Certificate nextCertificate;
        int i3 = 0;
        boolean z = true;
        while (databaseService.hasMoreCertificates()) {
            if (z) {
                nextCertificate = databaseService.firstCertificate();
                z = false;
            } else {
                nextCertificate = databaseService.nextCertificate();
            }
            try {
                byte[] extractKeyDER = extractKeyDER(nextCertificate.getSubjectPublicKeyBER(), 0);
                byte[] makeDataDigest = makeDataDigest(certJ, "SHA1", extractKeyDER, 0, extractKeyDER.length);
                if (CertJUtils.byteArraysEqual(makeDataDigest, 0, makeDataDigest.length, bArr, i, i2)) {
                    vector.addElement(nextCertificate);
                    i3++;
                }
            } catch (Exception e) {
            }
        }
        return i3;
    }
}
