package defpackage;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.ocsp.OCSPException;

/* loaded from: classes2.dex */
public class aqj {
    private List a = new ArrayList();
    private xx b = null;
    private zk c = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public class a {
        aqg a;
        zk b;

        public a(aqg aqgVar, zk zkVar) {
            this.a = aqgVar;
            this.b = zkVar;
        }

        public sz toRequest() throws Exception {
            return new sz(this.a.toASN1Object(), this.b);
        }
    }

    private aqi a(mh mhVar, PrivateKey privateKey, X509Certificate[] x509CertificateArr, String str, SecureRandom secureRandom) throws OCSPException, NoSuchProviderException {
        Iterator it = this.a.iterator();
        ke keVar = new ke();
        while (it.hasNext()) {
            try {
                keVar.add(((a) it.next()).toRequest());
            } catch (Exception e) {
                throw new OCSPException("exception creating Request", e);
            }
        }
        th thVar = new th(this.b, new mm(keVar), this.c);
        tf tfVar = null;
        if (mhVar != null) {
            if (this.b == null) {
                throw new OCSPException("requestorName must be specified if request is signed.");
            }
            try {
                Signature signature = Signature.getInstance(mhVar.getId(), str);
                if (secureRandom != null) {
                    signature.initSign(privateKey, secureRandom);
                } else {
                    signature.initSign(privateKey);
                }
                try {
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    new km(byteArrayOutputStream).writeObject(thVar);
                    signature.update(byteArrayOutputStream.toByteArray());
                    lq lqVar = new lq(signature.sign());
                    xb xbVar = new xb(mhVar, new me());
                    if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
                        tfVar = new tf(xbVar, lqVar);
                    } else {
                        ke keVar2 = new ke();
                        for (int i = 0; i != x509CertificateArr.length; i++) {
                            try {
                                keVar2.add(new zh((kn) a(x509CertificateArr[i].getEncoded())));
                            } catch (IOException e2) {
                                throw new OCSPException("error processing certs", e2);
                            } catch (CertificateEncodingException e3) {
                                throw new OCSPException("error encoding certs", e3);
                            }
                        }
                        tfVar = new tf(xbVar, lqVar, new mm(keVar2));
                    }
                } catch (Exception e4) {
                    throw new OCSPException("exception processing TBSRequest: " + e4, e4);
                }
            } catch (InvalidKeyException e5) {
                throw new OCSPException("exception creating signature: " + e5, e5);
            } catch (NoSuchAlgorithmException e6) {
                throw new OCSPException("exception creating signature: " + e6, e6);
            }
        }
        return new aqi(new sw(thVar, tfVar));
    }

    private mg a(byte[] bArr) throws IOException {
        if (bArr == null) {
            return null;
        }
        return new kg(bArr).readObject();
    }

    public void addRequest(aqg aqgVar) {
        this.a.add(new a(aqgVar, null));
    }

    public void addRequest(aqg aqgVar, zk zkVar) {
        this.a.add(new a(aqgVar, zkVar));
    }

    public aqi generate() throws OCSPException {
        try {
            return a(null, null, null, null, null);
        } catch (NoSuchProviderException e) {
            throw new OCSPException("no provider! - " + e, e);
        }
    }

    public aqi generate(String str, PrivateKey privateKey, X509Certificate[] x509CertificateArr, String str2) throws OCSPException, NoSuchProviderException, IllegalArgumentException {
        return generate(str, privateKey, x509CertificateArr, str2, null);
    }

    public aqi generate(String str, PrivateKey privateKey, X509Certificate[] x509CertificateArr, String str2, SecureRandom secureRandom) throws OCSPException, NoSuchProviderException, IllegalArgumentException {
        if (str == null) {
            throw new IllegalArgumentException("no signing algorithm specified");
        }
        try {
            return a(aqn.a(str), privateKey, x509CertificateArr, str2, secureRandom);
        } catch (IllegalArgumentException unused) {
            throw new IllegalArgumentException("unknown signing algorithm specified: " + str);
        }
    }

    public Iterator getSignatureAlgNames() {
        return aqn.a();
    }

    public void setRequestExtensions(zk zkVar) {
        this.c = zkVar;
    }

    public void setRequestorName(X500Principal x500Principal) {
        try {
            this.b = new xx(4, new alj(x500Principal.getEncoded()));
        } catch (IOException e) {
            throw new IllegalArgumentException("cannot encode principal: " + e);
        }
    }

    public void setRequestorName(xx xxVar) {
        this.b = xxVar;
    }
}
