package com.rsa.certj.provider.pki.cmp;

import com.rsa.asn1.ASN1Container;
import com.rsa.asn1.ASN1Template;
import com.rsa.asn1.ASN_Exception;
import com.rsa.asn1.EncodedContainer;
import com.rsa.asn1.EndContainer;
import com.rsa.asn1.OfContainer;
import com.rsa.asn1.SequenceContainer;
import com.rsa.certj.CertJ;
import com.rsa.certj.InvalidParameterException;
import com.rsa.certj.cert.CRLEntryExtension;
import com.rsa.certj.cert.CertificateException;
import com.rsa.certj.cert.X500Name;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.cert.X509V3Extensions;
import com.rsa.certj.crmf.CRMFException;
import com.rsa.certj.crmf.CertTemplate;
import com.rsa.jsafe.JSAFE_PublicKey;

/* loaded from: input_file:com/rsa/certj/provider/pki/cmp/CMPRevokeRequestMessage.class */
public final class CMPRevokeRequestMessage extends CMPRequestCommon {
    private X509Certificate[] certsToBeRevoked;
    private X509V3Extensions[] crlEntryExtensionsList;

    public CMPRevokeRequestMessage(X509Certificate[] x509CertificateArr, X509V3Extensions[] x509V3ExtensionsArr) throws InvalidParameterException {
        super(11, null);
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new InvalidParameterException("CMPRevokeRequestMessage.CMPRevokeRequestMessage: certsToBeRevoked should not be empty.");
        }
        int length = x509CertificateArr.length;
        if (x509V3ExtensionsArr != null && length != x509V3ExtensionsArr.length) {
            throw new InvalidParameterException("CMPRevokeRequestMessage.CMPRevokeRequestMessage: certsToBeRevoked and crlEntryExtensionsList should have the same number of elements.");
        }
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (x509Certificate == null) {
                throw new InvalidParameterException("CMPRevokeRequestMessage.CMPRevokeRequestMessage: An element of certsToBeRevoked should not be null.");
            }
        }
        if (x509V3ExtensionsArr != null) {
            for (int i = 0; i < length; i++) {
                X509V3Extensions x509V3Extensions = x509V3ExtensionsArr[i];
                if (x509V3Extensions != null) {
                    checkCRLEntryExtensions(x509V3Extensions);
                }
            }
        }
        this.certsToBeRevoked = x509CertificateArr;
        this.crlEntryExtensionsList = x509V3ExtensionsArr;
    }

    public CMPRevokeRequestMessage(X509Certificate x509Certificate, X509V3Extensions x509V3Extensions) throws InvalidParameterException {
        super(11, null, null, null);
        if (x509Certificate == null) {
            throw new InvalidParameterException("CMPRevokeRequestMessage.CMPRevokeRequestMessage: certToBeRevoked should not be null.");
        }
        this.certsToBeRevoked = new X509Certificate[1];
        this.certsToBeRevoked[0] = x509Certificate;
        if (x509V3Extensions != null) {
            checkCRLEntryExtensions(x509V3Extensions);
            this.crlEntryExtensionsList = new X509V3Extensions[1];
            this.crlEntryExtensionsList[0] = x509V3Extensions;
        }
    }

    private void checkCRLEntryExtensions(X509V3Extensions x509V3Extensions) throws InvalidParameterException {
        if (x509V3Extensions.getExtensionsType() != 3) {
            throw new InvalidParameterException("CMPRevokeRequestMessage.checkCRLEntryExtensions: extensions should be of type X509V3Extensions.X509_EXT_TYPE_CRL_ENTRY.");
        }
        for (int i = 0; i < x509V3Extensions.getExtensionCount(); i++) {
            if (!(x509V3Extensions.getExtensionByIndex(i) instanceof CRLEntryExtension)) {
                throw new InvalidParameterException("CMPRevokeRequestMessage.checkCRLEntryExtensions: extensions should consists of CRLEntryExtension.");
                break;
            }
        }
    }

    @Override // com.rsa.certj.provider.pki.cmp.CMPRequestCommon
    protected byte[] derEncodeBody(CertJ certJ) throws CMPException {
        EncodedContainer encodedContainer;
        try {
            ASN1Container ofContainer = new OfContainer(10485760 | getMessageType(), true, 0, 12288, new EncodedContainer(12288));
            for (int i = 0; i < this.certsToBeRevoked.length; i++) {
                X509Certificate x509Certificate = this.certsToBeRevoked[i];
                X509V3Extensions x509V3Extensions = this.crlEntryExtensionsList != null ? this.crlEntryExtensionsList[i] : null;
                CertTemplate certToTemplate = certToTemplate(x509Certificate, certJ);
                try {
                    byte[] bArr = new byte[certToTemplate.getDERLen(0)];
                    certToTemplate.getDEREncoding(bArr, 0, 0);
                    ASN1Container encodedContainer2 = new EncodedContainer(0, true, 0, bArr, 0, bArr.length);
                    if (x509V3Extensions == null) {
                        encodedContainer = new EncodedContainer(65536, false, 0, (byte[]) null, 0, 0);
                    } else {
                        byte[] bArr2 = new byte[x509V3Extensions.getDERLen(0)];
                        x509V3Extensions.getDEREncoding(bArr2, 0, 0);
                        encodedContainer = new EncodedContainer(65536, true, 0, bArr2, 0, bArr2.length);
                    }
                    ASN1Template aSN1Template = new ASN1Template(new ASN1Container[]{new SequenceContainer(0, true, 0), encodedContainer2, encodedContainer, new EndContainer()});
                    try {
                        byte[] bArr3 = new byte[aSN1Template.derEncodeInit()];
                        aSN1Template.derEncode(bArr3, 0);
                        ofContainer.addContainer(new EncodedContainer(0, true, 0, bArr3, 0, bArr3.length));
                    } catch (ASN_Exception e) {
                        throw new CMPException("CMPRevokeRequestMessage.derEncode: encoding RevDetails failed.", e);
                    }
                } catch (CRMFException e2) {
                    throw new CMPException("CMPRevokeRequestMessage.derEncode: unable to encode certDetails.", e2);
                }
            }
            ASN1Template aSN1Template2 = new ASN1Template(new ASN1Container[]{ofContainer});
            byte[] bArr4 = new byte[aSN1Template2.derEncodeInit()];
            aSN1Template2.derEncode(bArr4, 0);
            return bArr4;
        } catch (ASN_Exception e3) {
            throw new CMPException("CMPRevokeRequestMessage.derEncode: encoding RevDetails failed.", e3);
        }
    }

    private CertTemplate certToTemplate(X509Certificate x509Certificate, CertJ certJ) throws CMPException {
        try {
            CertTemplate certTemplate = new CertTemplate();
            byte[] serialNumber = x509Certificate.getSerialNumber();
            certTemplate.setSerialNumber(serialNumber, 0, serialNumber.length);
            X500Name issuerName = x509Certificate.getIssuerName();
            if (issuerName != null) {
                certTemplate.setIssuerName(issuerName);
            }
            X500Name subjectName = x509Certificate.getSubjectName();
            if (subjectName != null) {
                certTemplate.setSubjectName(subjectName, false);
            }
            JSAFE_PublicKey subjectPublicKey = x509Certificate.getSubjectPublicKey(certJ.getDevice());
            if (subjectPublicKey != null) {
                certTemplate.setSubjectPublicKey(subjectPublicKey);
            }
            return certTemplate;
        } catch (CertificateException e) {
            throw new CMPException("CMPRevokeRequestMessage.certToTemplate: unable to set public key of X509Certificate.", e);
        } catch (CRMFException e2) {
            throw new CMPException("CMPRevokeRequestMessage.certToTemplate: unable to convert X509Certificate to CertTemplate.", e2);
        }
    }
}
