package org.xipki.ocsp.server;

import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Certificate;
import org.xipki.ocsp.server.type.ResponderID;
import org.xipki.ocsp.server.type.TaggedCertSequence;
import org.xipki.security.ConcurrentContentSigner;
import org.xipki.security.HashAlgo;
import org.xipki.security.X509Cert;
import org.xipki.util.Args;

/* loaded from: input_file:WEB-INF/lib/ocsp-server-5.3.9.jar:org/xipki/ocsp/server/ResponseSigner.class */
class ResponseSigner {
    private final Map<String, ConcurrentContentSigner> algoSignerMap;
    private final List<ConcurrentContentSigner> signers;
    private final TaggedCertSequence sequenceOfCert;
    private final X509Cert cert;
    private final TaggedCertSequence sequenceOfCertChain;
    private final X509Cert[] certChain;
    private final ResponderID responderIdByName;
    private final ResponderID responderIdByKey;
    private final boolean macSigner;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v27, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r1v21, types: [byte[], byte[][]] */
    public ResponseSigner(List<ConcurrentContentSigner> list) throws CertificateException, IOException {
        this.signers = Args.notEmpty((List) list, "signers");
        ConcurrentContentSigner concurrentContentSigner = list.get(0);
        this.macSigner = concurrentContentSigner.isMac();
        if (this.macSigner) {
            this.responderIdByName = null;
            this.cert = null;
            this.certChain = null;
            this.sequenceOfCert = null;
            this.sequenceOfCertChain = null;
            this.responderIdByKey = new ResponderID(concurrentContentSigner.getSha1OfMacKey());
        } else {
            X509Cert[] certificateChain = concurrentContentSigner.getCertificateChain();
            if (certificateChain == null || certificateChain.length == 0) {
                throw new CertificateException("no certificate is bound with the signer");
            }
            int length = certificateChain.length;
            if (length > 1) {
                X509Cert x509Cert = certificateChain[length - 1];
                if (x509Cert.getIssuer().equals(x509Cert.getSubject())) {
                    length--;
                }
            }
            this.certChain = new X509Cert[length];
            System.arraycopy(certificateChain, 0, this.certChain, 0, length);
            this.cert = this.certChain[0];
            byte[] encoded = this.cert.getEncoded();
            this.sequenceOfCert = new TaggedCertSequence(encoded);
            ?? r0 = new byte[this.certChain.length];
            r0[0] = encoded;
            for (int i = 1; i < this.certChain.length; i++) {
                r0[i] = this.certChain[i].getEncoded();
            }
            this.sequenceOfCertChain = new TaggedCertSequence((byte[][]) r0);
            Certificate certificate = Certificate.getInstance(encoded);
            this.responderIdByName = new ResponderID(certificate.getSubject());
            this.responderIdByKey = new ResponderID(HashAlgo.SHA1.hash(new byte[]{certificate.getSubjectPublicKeyInfo().getPublicKeyData().getBytes()}));
        }
        this.algoSignerMap = new HashMap();
        for (ConcurrentContentSigner concurrentContentSigner2 : list) {
            this.algoSignerMap.put(concurrentContentSigner2.getAlgorithmName(), concurrentContentSigner2);
        }
    }

    public boolean isMacSigner() {
        return this.macSigner;
    }

    public ConcurrentContentSigner getFirstSigner() {
        return this.signers.get(0);
    }

    public ConcurrentContentSigner getSignerForPreferredSigAlgs(List<AlgorithmIdentifier> list) {
        if (list == null) {
            return this.signers.get(0);
        }
        Iterator<AlgorithmIdentifier> it = list.iterator();
        while (it.hasNext()) {
            String signatureAlgorithmName = getSignatureAlgorithmName(it.next());
            if (this.algoSignerMap.containsKey(signatureAlgorithmName)) {
                return this.algoSignerMap.get(signatureAlgorithmName);
            }
        }
        return null;
    }

    public ResponderID getResponderId(boolean z) {
        return z ? this.responderIdByName : this.responderIdByKey;
    }

    public X509Cert getCert() {
        return this.cert;
    }

    public X509Cert[] getCertChain() {
        return this.certChain;
    }

    public TaggedCertSequence getSequenceOfCert() {
        return this.sequenceOfCert;
    }

    public TaggedCertSequence getSequenceOfCertChain() {
        return this.sequenceOfCertChain;
    }

    public boolean isHealthy() {
        Iterator<ConcurrentContentSigner> it = this.signers.iterator();
        while (it.hasNext()) {
            if (!it.next().isHealthy()) {
                return false;
            }
        }
        return true;
    }

    private static String getSignatureAlgorithmName(AlgorithmIdentifier algorithmIdentifier) {
        ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
        if (!PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algorithm)) {
            return algorithm.getId();
        }
        return RSASSAPSSparams.getInstance(algorithmIdentifier.getParameters()).getHashAlgorithm().getAlgorithm().getId() + "WITHRSAANDMGF1";
    }
}
