package iaik.x509.ocsp.utils;

import iaik.asn1.ASN;
import iaik.asn1.ASN1;
import iaik.asn1.ASN1Object;
import iaik.asn1.BIT_STRING;
import iaik.asn1.CON_SPEC;
import iaik.asn1.DerCoder;
import iaik.asn1.ObjectID;
import iaik.asn1.SEQUENCE;
import iaik.asn1.structures.AlgorithmID;
import iaik.asn1.structures.GeneralName;
import iaik.asn1.structures.Name;
import iaik.pkcs.PKCSException;
import iaik.pkcs.pkcs12.CertificateBag;
import iaik.pkcs.pkcs12.PKCS12;
import iaik.pkcs.pkcs7.IssuerAndSerialNumber;
import iaik.utils.CryptoUtils;
import iaik.utils.Util;
import iaik.x509.RevokedCertificate;
import iaik.x509.V3Extension;
import iaik.x509.X509CRL;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionException;
import iaik.x509.extensions.CertificateIssuer;
import iaik.x509.extensions.ExtendedKeyUsage;
import iaik.x509.extensions.IssuingDistributionPoint;
import iaik.x509.extensions.ReasonCode;
import iaik.x509.ocsp.BasicOCSPResponse;
import iaik.x509.ocsp.CertID;
import iaik.x509.ocsp.CertStatus;
import iaik.x509.ocsp.OCSPException;
import iaik.x509.ocsp.OCSPRequest;
import iaik.x509.ocsp.OCSPResponse;
import iaik.x509.ocsp.ReqCert;
import iaik.x509.ocsp.Request;
import iaik.x509.ocsp.ResponderID;
import iaik.x509.ocsp.RevokedInfo;
import iaik.x509.ocsp.SingleResponse;
import iaik.x509.ocsp.UnknownInfo;
import iaik.x509.ocsp.extensions.CrlID;
import iaik.x509.ocsp.extensions.Nonce;
import iaik.x509.ocsp.extensions.ServiceLocator;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.util.Date;
import java.util.Enumeration;
import java.util.GregorianCalendar;
import java.util.Vector;

/* loaded from: input_file:120091-10/SUNWamsci/reloc/SUNWam/lib/iaik_jce_full.jar:iaik/x509/ocsp/utils/ResponseGenerator.class */
public class ResponseGenerator {
    private boolean d;
    private Vector e;
    private Vector a;
    private X509Certificate[] c;
    private PrivateKey b;
    private int f;
    private PrintWriter g;

    public void writeTo(OutputStream outputStream) throws IOException {
        try {
            SEQUENCE sequence = new SEQUENCE();
            sequence.addComponent(new ResponderID((Name) this.c[0].getSubjectDN()).toASN1Object());
            if (this.e.size() > 0) {
                Enumeration elements = this.e.elements();
                SEQUENCE sequence2 = new SEQUENCE();
                while (elements.hasMoreElements()) {
                    sequence2.addComponent(((Name) elements.nextElement()).toASN1Object());
                }
                sequence.addComponent(sequence2);
            }
            if (this.a.size() > 0) {
                Enumeration elements2 = this.a.elements();
                SEQUENCE sequence3 = new SEQUENCE();
                while (elements2.hasMoreElements()) {
                    sequence3.addComponent(((SingleResponse) elements2.nextElement()).toASN1Object());
                }
                sequence.addComponent(new CON_SPEC(0, sequence3));
            }
            ASN1 asn1 = new ASN1(sequence);
            AlgorithmID algorithmID = AlgorithmID.sha1WithRSAEncryption;
            if (!(this.b instanceof RSAPrivateKey)) {
                if (!(this.b instanceof DSAPrivateKey)) {
                    throw new IOException(new StringBuffer("Cannot sign basic response. Unknown key algorithm: ").append(this.b.getAlgorithm()).toString());
                }
                algorithmID = AlgorithmID.dsa;
            }
            Signature signatureInstance = algorithmID.getSignatureInstance();
            signatureInstance.initSign(this.b);
            signatureInstance.update(asn1.toByteArray());
            SEQUENCE sequence4 = new SEQUENCE();
            sequence4.addComponent(asn1.toASN1Object());
            sequence4.addComponent(new BIT_STRING(signatureInstance.sign()));
            DerCoder.encodeTo(sequence4, outputStream);
        } catch (Exception e) {
            throw new IOException(e.getMessage());
        }
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(new StringBuffer("Responder: ").append(this.c[0].getSubjectDN()).append("\n").toString());
        stringBuffer.append(new StringBuffer("Cert Issuers: ").append(this.e.size()).append("\n").toString());
        stringBuffer.append(new StringBuffer("Cached responses: ").append(this.a.size()).toString());
        return stringBuffer.toString();
    }

    public void setDebugStream(OutputStream outputStream) {
        if (outputStream == null) {
            this.g = null;
        } else {
            this.g = new PrintWriter(outputStream, true);
        }
    }

    public SingleResponse removeSingleResponse(ReqCert reqCert) {
        Enumeration elements = this.a.elements();
        while (elements.hasMoreElements()) {
            SingleResponse singleResponse = (SingleResponse) elements.nextElement();
            if (singleResponse.isResponseFor(reqCert) && this.a.removeElement(singleResponse)) {
                return singleResponse;
            }
        }
        return null;
    }

    public boolean removeCertificateIssuer(Name name) {
        return this.e.removeElement(name);
    }

    public void removeAllSingleResponses() {
        this.a.removeAllElements();
    }

    public void removeAllCertIssuers() {
        this.e.removeAllElements();
    }

    public void printDebug(boolean z) {
        if (z) {
            setDebugStream(System.out);
        } else {
            setDebugStream(null);
        }
    }

    public void init(InputStream inputStream) throws IOException {
        try {
            this.a.removeAllElements();
            this.e.removeAllElements();
            ASN1 asn1 = new ASN1(inputStream);
            byte[] firstObject = asn1.getFirstObject();
            ASN1Object componentAt = asn1.getComponentAt(0);
            if (!new ResponderID(componentAt.getComponentAt(0)).isResponderIdFor(this.c[0])) {
                throw new IOException("Initialization failed. Response not created by this generator!");
            }
            for (int i = 1; i < componentAt.countComponents(); i++) {
                ASN1Object componentAt2 = componentAt.getComponentAt(i);
                if (componentAt2.isA(ASN.CON_SPEC)) {
                    SEQUENCE sequence = (SEQUENCE) componentAt2.getValue();
                    for (int i2 = 0; i2 < sequence.countComponents(); i2++) {
                        this.a.addElement(new SingleResponse(sequence.getComponentAt(i2)));
                    }
                } else {
                    for (int i3 = 0; i3 < componentAt2.countComponents(); i3++) {
                        this.e.addElement(new Name(componentAt2.getComponentAt(i3)));
                    }
                }
            }
            byte[] bArr = (byte[]) asn1.getComponentAt(1).getValue();
            AlgorithmID algorithmID = AlgorithmID.sha1WithRSAEncryption;
            if (!(this.b instanceof RSAPrivateKey)) {
                if (!(this.b instanceof DSAPrivateKey)) {
                    throw new IOException(new StringBuffer("Cannot verify basic response. Unknown key algorithm: ").append(this.b.getAlgorithm()).toString());
                }
                algorithmID = AlgorithmID.dsa;
            }
            Signature signatureInstance = algorithmID.getSignatureInstance();
            signatureInstance.initVerify(this.c[0].getPublicKey());
            signatureInstance.update(firstObject);
            if (!signatureInstance.verify(bArr)) {
                throw new IOException("Cannot init generator. Signture verification error!");
            }
        } catch (Exception e) {
            throw new IOException(e.getMessage());
        }
    }

    private boolean a(ReqCert reqCert) {
        Name name = null;
        try {
            switch (reqCert.getType()) {
                case 0:
                    CertID certID = (CertID) reqCert.getReqCert();
                    byte[] issuerNameHash = certID.getIssuerNameHash();
                    if (CryptoUtils.equalsBlock(issuerNameHash, CertID.calculateIssuerNameHash((Name) this.c[0].getSubjectDN(), certID.getHashAlgorithm()))) {
                        return true;
                    }
                    if (CryptoUtils.equalsBlock(issuerNameHash, CertID.calculateIssuerNameHash((Name) this.c[0].getIssuerDN(), certID.getHashAlgorithm())) && this.d) {
                        return true;
                    }
                    Enumeration elements = this.e.elements();
                    while (true) {
                        if (!elements.hasMoreElements()) {
                            break;
                        } else {
                            Name name2 = (Name) elements.nextElement();
                            if (CryptoUtils.equalsBlock(issuerNameHash, CertID.calculateIssuerNameHash(name2, certID.getHashAlgorithm()))) {
                                name = name2;
                                break;
                            }
                        }
                    }
                    break;
                case 1:
                case 2:
                    Name a = a(reqCert.getReqCert());
                    if (a.equals(this.c[0].getSubjectDN())) {
                        return true;
                    }
                    if (a.equals(this.c[0].getIssuerDN()) && this.d) {
                        return true;
                    }
                    Enumeration elements2 = this.e.elements();
                    while (true) {
                        if (!elements2.hasMoreElements()) {
                            break;
                        } else {
                            Name name3 = (Name) elements2.nextElement();
                            if (a.equals(name3)) {
                                name = name3;
                                break;
                            }
                        }
                    }
                    break;
            }
        } catch (Exception unused) {
        }
        if (name == null) {
            return false;
        }
        if (name.equals((Name) this.c[0].getSubjectDN())) {
            return true;
        }
        return name.equals((Name) this.c[0].getIssuerDN()) && this.d;
    }

    public Enumeration getSingleResponses() {
        return this.a.elements();
    }

    private SingleResponse a(Request request, int i, int i2) {
        try {
            ServiceLocator serviceLocator = request.getServiceLocator();
            if (serviceLocator != null) {
                a(new StringBuffer("Request contains the ServiceLocator extension with issuer ").append(serviceLocator.getIssuer()).append(".").toString(), i, i2);
                if (!serviceLocator.getIssuer().equals(this.c[0].getSubjectDN())) {
                    a("Service Locator does not reference this reponder: sending unknown response.", i, i2);
                    return new SingleResponse(request.getReqCert(), new CertStatus(new UnknownInfo()), new Date());
                }
            }
        } catch (X509ExtensionException unused) {
        }
        Enumeration elements = this.a.elements();
        while (elements.hasMoreElements()) {
            SingleResponse singleResponse = (SingleResponse) elements.nextElement();
            if (singleResponse.isResponseFor(request.getReqCert())) {
                a("Cached response detected.", i, i2);
                a(new StringBuffer("Status of response is: ").append(singleResponse.getCertStatus()).toString());
                return singleResponse;
            }
        }
        a("No single response cached. Creating new...", i, i2);
        a("Searching for authorized issuer...", i, i2);
        ReqCert reqCert = request.getReqCert();
        CertStatus certStatus = new CertStatus(new UnknownInfo());
        if (a(reqCert)) {
            certStatus = new CertStatus();
            a("Authorized issuer found. CertStatus good.", i, i2);
        } else {
            a("No authorized issuer found. CertStatus unknown.", i, i2);
        }
        return new SingleResponse(reqCert, certStatus, new Date());
    }

    public SingleResponse getSingleResponse(Request request) {
        return a(request, -1, -1);
    }

    public SingleResponse getSingleResponse(ReqCert reqCert) {
        Enumeration elements = this.a.elements();
        while (elements.hasMoreElements()) {
            SingleResponse singleResponse = (SingleResponse) elements.nextElement();
            if (singleResponse.isResponseFor(reqCert)) {
                return singleResponse;
            }
        }
        return null;
    }

    public PrivateKey getResponderKey() {
        return this.b;
    }

    public X509Certificate[] getResponderCertificates() {
        return this.c;
    }

    private static Name a(Object obj) {
        if (obj instanceof IssuerAndSerialNumber) {
            return ((IssuerAndSerialNumber) obj).getIssuer();
        }
        if (obj instanceof X509Certificate) {
            return (Name) ((X509Certificate) obj).getIssuerDN();
        }
        return null;
    }

    private void a(String str, int i, int i2) {
        if (this.g != null) {
            this.g.println(new StringBuffer("(rg_debug").append(i > 0 ? new StringBuffer(" ").append(i).append("_").append(i2).append(") ").toString() : ") ").append(str).toString());
        }
    }

    private void a(String str, int i) {
        if (this.g != null) {
            this.g.println(new StringBuffer("(rg_debug").append(i > 0 ? new StringBuffer(" ").append(i).append(") ").toString() : ") ").append(str).toString());
        }
    }

    private void a(String str) {
        a(str, -1, -1);
    }

    private static SingleResponse a(RevokedCertificate revokedCertificate, PublicKey publicKey, Name name, Date date, Date date2, int i) throws Exception {
        RevokedInfo revokedInfo = new RevokedInfo(revokedCertificate.getRevocationDate());
        try {
            ReasonCode reasonCode = (ReasonCode) revokedCertificate.getExtension(ReasonCode.oid);
            if (reasonCode != null) {
                revokedInfo.setRevocationReason(reasonCode);
            }
        } catch (X509ExtensionException unused) {
        }
        SingleResponse singleResponse = new SingleResponse(i == 0 ? new ReqCert(0, new CertID(AlgorithmID.sha1, name, publicKey, revokedCertificate.getSerialNumber())) : new ReqCert(1, new IssuerAndSerialNumber(name, revokedCertificate.getSerialNumber())), new CertStatus(revokedInfo), date);
        if (date2 != null) {
            singleResponse.setNextUpdate(date2);
        }
        return singleResponse;
    }

    public OCSPResponse createOCSPResponse(InputStream inputStream, PublicKey publicKey, AlgorithmID algorithmID, V3Extension[] v3ExtensionArr) {
        int i = -1;
        if (this.g != null) {
            int i2 = this.f + 1;
            this.f = i2;
            i = i2;
        }
        OCSPRequest oCSPRequest = null;
        int i3 = 0;
        a("Parsing request...", i);
        try {
            oCSPRequest = new OCSPRequest(inputStream);
            if (oCSPRequest.containsSignature()) {
                a("Request is signed.", i);
                boolean z = false;
                if (publicKey != null) {
                    a("Verifying signature with using supplied requestor key.", i);
                    try {
                        oCSPRequest.verify(publicKey);
                        z = true;
                        a("Signature ok", i);
                    } catch (Exception unused) {
                    }
                }
                if (!z && oCSPRequest.containsCertificates()) {
                    a("Verifying signature with included signer cert...", i);
                    a(new StringBuffer("Signature ok from request signer ").append(oCSPRequest.verify().getSubjectDN()).toString(), i);
                    z = true;
                }
                if (!z) {
                    a("Request signed but cannot verify signature since missing signer key. Sending malformed request!", i);
                    i3 = 1;
                }
            } else {
                a("Unsigned request!", i);
            }
        } catch (OCSPException e) {
            a(new StringBuffer("Included certs do not belong to signer; sending malformedRequest : ").append(e.getMessage()).toString(), i);
            i3 = 1;
        } catch (IOException e2) {
            a(new StringBuffer("Encoding error; sending malformedRequest ").append(e2.getMessage()).toString(), i);
            i3 = 1;
        } catch (InvalidKeyException e3) {
            a(new StringBuffer("Signer key invalid; sending malformedRequest : ").append(e3.getMessage()).toString(), i);
            i3 = 1;
        } catch (NoSuchAlgorithmException e4) {
            a(new StringBuffer("Cannot verify; sending internalError: ").append(e4.getMessage()).toString(), i);
            i3 = 2;
        } catch (SignatureException e5) {
            a(new StringBuffer("Signature verification error; sending malformedRequest : ").append(e5.getMessage()).toString(), i);
            i3 = 1;
        } catch (Exception e6) {
            if (this.g != null) {
                e6.printStackTrace();
            }
            a(new StringBuffer("Some error occured during request parsing/verification; sending tryLater ").append(e6.getMessage()).toString(), i);
            i3 = 3;
        }
        if (i3 != 0) {
            return new OCSPResponse(i3);
        }
        try {
            ObjectID[] accepatableResponseTypes = oCSPRequest.getAccepatableResponseTypes();
            if (accepatableResponseTypes != null && accepatableResponseTypes.length > 0) {
                boolean z2 = false;
                int i4 = 0;
                while (true) {
                    if (i4 >= accepatableResponseTypes.length) {
                        break;
                    }
                    if (accepatableResponseTypes[i4].equals(BasicOCSPResponse.responseType)) {
                        z2 = true;
                        break;
                    }
                    i4++;
                }
                if (!z2) {
                    a("Warning! Client does not support basic response type. Using it anyway...", i);
                }
            }
        } catch (Exception unused2) {
        }
        a("Create successful response.", i);
        OCSPResponse oCSPResponse = new OCSPResponse(0);
        BasicOCSPResponse basicOCSPResponse = new BasicOCSPResponse();
        try {
            basicOCSPResponse.setResponderID(new ResponderID((Name) this.c[0].getSubjectDN()));
            basicOCSPResponse.setProducedAt(new GregorianCalendar().getTime());
            a("Processing requests...", i);
            Request[] requestList = oCSPRequest.getRequestList();
            SingleResponse[] singleResponseArr = new SingleResponse[requestList.length];
            for (int i5 = 0; i5 < requestList.length; i5++) {
                a(new StringBuffer("Processing Request No. ").append(i5 + 1).toString(), i);
                singleResponseArr[i5] = a(requestList[i5], i, i5 + 1);
            }
            basicOCSPResponse.setSingleResponses(singleResponseArr);
            try {
                Nonce nonce = (Nonce) oCSPRequest.getExtension(Nonce.oid);
                if (nonce != null) {
                    a("Nonce included in request. Copy into response.", i);
                    basicOCSPResponse.addExtension(nonce);
                }
            } catch (Exception e7) {
                a(new StringBuffer("Error in setting Nonce for response (ignore this): ").append(e7.getMessage()).toString(), i);
            }
            if (v3ExtensionArr != null) {
                for (int i6 = 0; i6 < v3ExtensionArr.length; i6++) {
                    a(new StringBuffer("Adding extension ").append(v3ExtensionArr[i6].getName()).toString(), i);
                    try {
                        basicOCSPResponse.addExtension(v3ExtensionArr[i6]);
                    } catch (Exception unused3) {
                        a(new StringBuffer("Cannot add extension ").append(v3ExtensionArr[i6].getName()).append(", ignore this").toString(), i);
                    }
                }
            }
            a("Sign response.", i);
            basicOCSPResponse.setCertificates(this.c);
            try {
                basicOCSPResponse.sign(algorithmID, this.b);
                oCSPResponse.setResponse(basicOCSPResponse);
                return oCSPResponse;
            } catch (Exception e8) {
                a(new StringBuffer("Error signing response: ").append(e8.getMessage()).toString(), i);
                a("Send tryLater response", i);
                return new OCSPResponse(3);
            }
        } catch (Exception e9) {
            if (this.g != null) {
                e9.printStackTrace();
            }
            a(new StringBuffer("Some error occured; sending tryLater ").append(e9.getMessage()).toString(), i);
            return new OCSPResponse(3);
        }
    }

    private boolean a(X509Certificate x509Certificate) {
        try {
            ExtendedKeyUsage extendedKeyUsage = (ExtendedKeyUsage) x509Certificate.getExtension(ExtendedKeyUsage.oid);
            if (extendedKeyUsage == null) {
                return false;
            }
            for (ObjectID objectID : extendedKeyUsage.getKeyPurposeIDs()) {
                if (objectID.equals(ExtendedKeyUsage.ocspSigning)) {
                    a("Responder cert is allowed to sign OCSP responses (ExtendenKeyUsage purpose ocspSigning is set).");
                    return true;
                }
            }
            return false;
        } catch (X509ExtensionException unused) {
            return false;
        }
    }

    public void addResponseEntry(SingleResponse singleResponse) {
        int size = this.a.size();
        for (int i = 0; i < size; i++) {
            if (((SingleResponse) this.a.elementAt(i)).isResponseFor(singleResponse.getReqCert())) {
                this.a.setElementAt(singleResponse, i);
                return;
            }
        }
        this.a.addElement(singleResponse);
    }

    public void addResponseEntry(ReqCert reqCert, CertStatus certStatus, Date date, Date date2) {
        SingleResponse singleResponse = new SingleResponse(reqCert, certStatus, date);
        if (date2 != null) {
            singleResponse.setNextUpdate(date2);
        }
        addResponseEntry(singleResponse);
    }

    public void addResponseEntries(X509CRL x509crl, X509Certificate x509Certificate, int i, CrlID crlID) throws SignatureException, OCSPException {
        if (i < 0 || i > 2) {
            throw new OCSPException(new StringBuffer("Invalid reqCertType (").append(i).append(")! Only can create ").append("responses for ReqCert types certID or issuerSerial from crl!").toString());
        }
        if (x509crl == null) {
            throw new IllegalArgumentException("Cannot create entries from a null CRL!");
        }
        if (x509Certificate == null) {
            throw new IllegalArgumentException("Cannot create entries from CRL; missing crl issuer cert!");
        }
        a("Verifying crl with issuer key!");
        try {
            x509crl.verify(x509Certificate.getPublicKey());
            addCertificateIssuer((Name) x509Certificate.getSubjectDN());
            boolean z = false;
            try {
                IssuingDistributionPoint issuingDistributionPoint = (IssuingDistributionPoint) x509crl.getExtension(IssuingDistributionPoint.oid);
                if (issuingDistributionPoint != null && issuingDistributionPoint.getIndirectCRL()) {
                    z = true;
                    a("Indirect CRL!");
                }
            } catch (X509ExtensionException unused) {
            }
            if (!z && !this.c[0].getSubjectDN().equals(x509crl.getIssuerDN())) {
                a("No indirect crl but crl issuer different from ocsp response signer.");
                if (!this.d) {
                    throw new OCSPException("Cannot create response entries for this crl. CRL issuer is different from response signer which is not allowed for OCSP signing!");
                }
                a("Responder is allowed to sign OCSP responses.");
                if (!this.c[0].getIssuerDN().equals(x509crl.getIssuerDN())) {
                    throw new OCSPException("Cannot create response entries for this crl. Responder is allowed to sign OCSP responses, but not by the authorized by the CRL issuer!");
                }
                a("Responder is authorized from crl issuer.");
            }
            if (!z) {
                a("Create response entries for non indirect crl...");
                RevokedCertificate revokedCertificate = null;
                for (Object obj : x509crl.getRevokedCertificates().toArray()) {
                    try {
                        revokedCertificate = (RevokedCertificate) obj;
                        SingleResponse a = a(revokedCertificate, x509Certificate.getPublicKey(), (Name) x509Certificate.getSubjectDN(), x509crl.getThisUpdate(), x509crl.getNextUpdate(), i);
                        if (crlID != null) {
                            a.setCrlID(crlID);
                        }
                        addResponseEntry(a);
                    } catch (Exception e) {
                        throw new OCSPException(new StringBuffer("Error processing revocation entry ").append(revokedCertificate.getSerialNumber()).append(": ").append(e.getMessage()).toString());
                    }
                }
                return;
            }
            a("Create response entries for indirect crl...");
            Object[] array = x509crl.getRevokedCertificates().toArray();
            Name name = (Name) x509Certificate.getSubjectDN();
            boolean z2 = true;
            for (int i2 = 0; i2 < array.length; i2++) {
                RevokedCertificate revokedCertificate2 = (RevokedCertificate) array[i2];
                try {
                    CertificateIssuer certificateIssuer = (CertificateIssuer) revokedCertificate2.getExtension(CertificateIssuer.oid);
                    if (certificateIssuer != null) {
                        a(new StringBuffer("Entry number ").append(i2).append(" contains certificate issuer extension.").toString());
                        GeneralName generalName = (GeneralName) certificateIssuer.getIssuer().getNames().nextElement();
                        if (generalName.getType() != 4) {
                            throw new OCSPException(new StringBuffer("Error processing revocation entry ").append(revokedCertificate2.getSerialNumber()).append(": ").append("CertificateIssuer is not a directoryName!").toString());
                            break;
                        } else {
                            name = (Name) generalName.getName();
                            z2 = true;
                        }
                    }
                } catch (X509ExtensionException unused2) {
                }
                if (z2) {
                    if (!name.equals(this.c[0].getSubjectDN()) && (!name.equals(this.c[0].getIssuerDN()) || !this.d)) {
                        throw new OCSPException(new StringBuffer("Error processing revocation entry ").append(revokedCertificate2.getSerialNumber()).append(": ").append("responder not authorized for signing this entry!").toString());
                    }
                    addCertificateIssuer(name);
                    z2 = false;
                }
                try {
                    SingleResponse a2 = a(revokedCertificate2, null, name, x509crl.getThisUpdate(), x509crl.getNextUpdate(), 1);
                    if (crlID != null) {
                        a2.setCrlID(crlID);
                    }
                    addResponseEntry(a2);
                } catch (Exception unused3) {
                    throw new OCSPException(new StringBuffer("Error processing revocation entry ").append(revokedCertificate2.getSerialNumber()).toString());
                }
            }
        } catch (Exception e2) {
            throw new SignatureException(new StringBuffer("Error verifying crl: ").append(e2.getMessage()).toString());
        }
    }

    public void addResponseEntries(X509CRL x509crl, X509Certificate x509Certificate, int i) throws SignatureException, OCSPException {
        addResponseEntries(x509crl, x509Certificate, i, null);
    }

    public void addCertificateIssuer(Name name) {
        int size = this.e.size();
        for (int i = 0; i < size; i++) {
            if (name.equals((Name) this.e.elementAt(i))) {
                return;
            }
        }
        this.e.addElement(name);
    }

    public ResponseGenerator(PrivateKey privateKey, X509Certificate[] x509CertificateArr) {
        this();
        if (privateKey == null) {
            throw new IllegalArgumentException("Cannot create ResponseGenerator. Missing responder key!");
        }
        if (x509CertificateArr == null || x509CertificateArr.length < 1) {
            throw new IllegalArgumentException("Cannot create ResponseGenerator. Missing responder certs!");
        }
        this.b = privateKey;
        this.c = x509CertificateArr;
        this.d = a(x509CertificateArr[0]);
    }

    public ResponseGenerator(PKCS12 pkcs12, char[] cArr) throws PKCSException {
        this();
        if (!pkcs12.verify(cArr)) {
            throw new PKCSException("Verification error!");
        }
        pkcs12.decrypt(cArr);
        this.b = pkcs12.getKeyBag().getPrivateKey();
        try {
            this.c = Util.convertCertificateChain(CertificateBag.getCertificates(pkcs12.getCertificateBags()));
            this.c = Util.arrangeCertificateChain(this.c, false);
            if (this.c == null) {
                throw new PKCSException("Cannot sort certificates included in PKCS#12 object!");
            }
            if (this.b == null) {
                throw new IllegalArgumentException("Cannot create ResponseGenerator. Missing responder key!");
            }
            if (this.c == null || this.c.length < 1) {
                throw new IllegalArgumentException("Cannot create ResponseGenerator. Missing responder certs!");
            }
            this.d = a(this.c[0]);
        } catch (Exception e) {
            throw new PKCSException(new StringBuffer("Error reading certificates: ").append(e.getMessage()).toString());
        }
    }

    ResponseGenerator() {
        this.a = new Vector();
        this.e = new Vector();
        this.g = null;
        this.d = false;
        this.f = 0;
    }
}
