package de.gematik.pki.gemlibpki.ocsp;

import de.gematik.pki.gemlibpki.exception.GemPkiRuntimeException;
import de.gematik.pki.gemlibpki.utils.GemLibPkiUtils;
import java.math.BigInteger;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import lombok.Generated;
import lombok.NonNull;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;

/* loaded from: input_file:de/gematik/pki/gemlibpki/ocsp/OcspRequestGenerator.class */
public final class OcspRequestGenerator {
    public static OCSPReq generateSingleOcspRequest(@NonNull X509Certificate x509Certificate, @NonNull X509Certificate x509Certificate2) {
        if (x509Certificate == null) {
            throw new NullPointerException("x509EeCert is marked non-null but is null");
        }
        if (x509Certificate2 == null) {
            throw new NullPointerException("x509IssuerCert is marked non-null but is null");
        }
        return generateSingleOcspRequest(x509Certificate, x509Certificate2, new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE));
    }

    public static CertificateID createCertificateId(@NonNull BigInteger bigInteger, @NonNull X509Certificate x509Certificate, @NonNull AlgorithmIdentifier algorithmIdentifier) {
        if (bigInteger == null) {
            throw new NullPointerException("serialNumber is marked non-null but is null");
        }
        if (x509Certificate == null) {
            throw new NullPointerException("x509IssuerCert is marked non-null but is null");
        }
        if (algorithmIdentifier == null) {
            throw new NullPointerException("algorithmIdentifier is marked non-null but is null");
        }
        try {
            return new CertificateID(new JcaDigestCalculatorProviderBuilder().build().get(algorithmIdentifier), new JcaX509CertificateHolder(x509Certificate), bigInteger);
        } catch (OperatorCreationException | CertificateEncodingException | OCSPException e) {
            throw new GemPkiRuntimeException("Generieren der OCSP CertID fehlgeschlagen.", e);
        }
    }

    public static OCSPReq generateSingleOcspRequest(@NonNull X509Certificate x509Certificate, @NonNull X509Certificate x509Certificate2, @NonNull AlgorithmIdentifier algorithmIdentifier) {
        if (x509Certificate == null) {
            throw new NullPointerException("x509EeCert is marked non-null but is null");
        }
        if (x509Certificate2 == null) {
            throw new NullPointerException("x509IssuerCert is marked non-null but is null");
        }
        if (algorithmIdentifier == null) {
            throw new NullPointerException("algorithmIdentifier is marked non-null but is null");
        }
        try {
            CertificateID createCertificateId = createCertificateId(x509Certificate.getSerialNumber(), x509Certificate2, algorithmIdentifier);
            OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
            oCSPReqBuilder.addRequest(createCertificateId);
            return oCSPReqBuilder.build();
        } catch (OCSPException e) {
            throw new GemPkiRuntimeException("Generieren des OCSP Requests fehlgeschlagen.", e);
        }
    }

    @Generated
    private OcspRequestGenerator() {
    }

    static {
        GemLibPkiUtils.setBouncyCastleProvider();
    }
}
