package de.gematik.pki.gemlibpki.ocsp;

import com.google.common.primitives.Bytes;
import de.gematik.pki.gemlibpki.exception.GemPkiRuntimeException;
import de.gematik.pki.gemlibpki.utils.GemLibPkiUtils;
import de.gematik.pki.gemlibpki.utils.P12Container;
import eu.europa.esig.dss.spi.DSSRevocationUtils;
import eu.europa.esig.dss.spi.x509.revocation.ocsp.OCSPRespStatus;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.cert.X509Certificate;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import lombok.Generated;
import lombok.NonNull;
import org.apache.commons.lang3.ArrayUtils;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.isismtt.ocsp.CertHash;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.CertID;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.OCSPResponse;
import org.bouncycastle.asn1.ocsp.OCSPResponseStatus;
import org.bouncycastle.asn1.ocsp.ResponderID;
import org.bouncycastle.asn1.ocsp.ResponseBytes;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.CertificateStatus;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.cert.ocsp.OCSPRespBuilder;
import org.bouncycastle.cert.ocsp.Req;
import org.bouncycastle.cert.ocsp.RespID;
import org.bouncycastle.cert.ocsp.UnknownStatus;
import org.bouncycastle.internal.asn1.isismtt.ISISMTTObjectIdentifiers;
import org.bouncycastle.operator.DigestCalculator;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/gematik/pki/gemlibpki/ocsp/OcspResponseGenerator.class */
public class OcspResponseGenerator {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(OcspResponseGenerator.class);

    @NonNull
    private final P12Container signer;
    private final boolean withCertHash;
    private final boolean validCertHash;
    private final boolean validSignature;
    private final CertificateIdGeneration certificateIdGeneration;

    @NonNull
    private final OCSPRespStatus respStatus;
    private final boolean withResponseBytes;

    @NonNull
    private final ResponderIdType responderIdType;

    @NonNull
    private final ZonedDateTime thisUpdate;

    @NonNull
    private final ZonedDateTime producedAt;
    private final ZonedDateTime nextUpdate;
    private final boolean withNullParameterHashAlgoOfCertId;

    @NonNull
    private final ResponseAlgoBehavior responseAlgoBehavior;

    /* loaded from: input_file:de/gematik/pki/gemlibpki/ocsp/OcspResponseGenerator$CertificateIdGeneration.class */
    public enum CertificateIdGeneration {
        VALID_CERTID,
        INVALID_CERTID_SERIAL_NUMBER,
        INVALID_CERTID_HASH_ALGO,
        INVALID_CERTID_ISSUER_NAME_HASH,
        INVALID_CERTID_ISSUER_KEY_HASH
    }

    @Generated
    /* loaded from: input_file:de/gematik/pki/gemlibpki/ocsp/OcspResponseGenerator$OcspResponseGeneratorBuilder.class */
    public static class OcspResponseGeneratorBuilder {

        @Generated
        private P12Container signer;

        @Generated
        private boolean withCertHash$set;

        @Generated
        private boolean withCertHash$value;

        @Generated
        private boolean validCertHash$set;

        @Generated
        private boolean validCertHash$value;

        @Generated
        private boolean validSignature$set;

        @Generated
        private boolean validSignature$value;

        @Generated
        private boolean certificateIdGeneration$set;

        @Generated
        private CertificateIdGeneration certificateIdGeneration$value;

        @Generated
        private boolean respStatus$set;

        @Generated
        private OCSPRespStatus respStatus$value;

        @Generated
        private boolean withResponseBytes$set;

        @Generated
        private boolean withResponseBytes$value;

        @Generated
        private boolean responderIdType$set;

        @Generated
        private ResponderIdType responderIdType$value;

        @Generated
        private boolean thisUpdate$set;

        @Generated
        private ZonedDateTime thisUpdate$value;

        @Generated
        private boolean producedAt$set;

        @Generated
        private ZonedDateTime producedAt$value;

        @Generated
        private ZonedDateTime nextUpdate;

        @Generated
        private boolean withNullParameterHashAlgoOfCertId$set;

        @Generated
        private boolean withNullParameterHashAlgoOfCertId$value;

        @Generated
        private boolean responseAlgoBehavior$set;

        @Generated
        private ResponseAlgoBehavior responseAlgoBehavior$value;

        @Generated
        OcspResponseGeneratorBuilder() {
        }

        @Generated
        public OcspResponseGeneratorBuilder signer(@NonNull P12Container p12Container) {
            if (p12Container == null) {
                throw new NullPointerException("signer is marked non-null but is null");
            }
            this.signer = p12Container;
            return this;
        }

        @Generated
        public OcspResponseGeneratorBuilder withCertHash(boolean z) {
            this.withCertHash$value = z;
            this.withCertHash$set = true;
            return this;
        }

        @Generated
        public OcspResponseGeneratorBuilder validCertHash(boolean z) {
            this.validCertHash$value = z;
            this.validCertHash$set = true;
            return this;
        }

        @Generated
        public OcspResponseGeneratorBuilder validSignature(boolean z) {
            this.validSignature$value = z;
            this.validSignature$set = true;
            return this;
        }

        @Generated
        public OcspResponseGeneratorBuilder certificateIdGeneration(CertificateIdGeneration certificateIdGeneration) {
            this.certificateIdGeneration$value = certificateIdGeneration;
            this.certificateIdGeneration$set = true;
            return this;
        }

        @Generated
        public OcspResponseGeneratorBuilder respStatus(@NonNull OCSPRespStatus oCSPRespStatus) {
            if (oCSPRespStatus == null) {
                throw new NullPointerException("respStatus is marked non-null but is null");
            }
            this.respStatus$value = oCSPRespStatus;
            this.respStatus$set = true;
            return this;
        }

        @Generated
        public OcspResponseGeneratorBuilder withResponseBytes(boolean z) {
            this.withResponseBytes$value = z;
            this.withResponseBytes$set = true;
            return this;
        }

        @Generated
        public OcspResponseGeneratorBuilder responderIdType(@NonNull ResponderIdType responderIdType) {
            if (responderIdType == null) {
                throw new NullPointerException("responderIdType is marked non-null but is null");
            }
            this.responderIdType$value = responderIdType;
            this.responderIdType$set = true;
            return this;
        }

        @Generated
        public OcspResponseGeneratorBuilder thisUpdate(@NonNull ZonedDateTime zonedDateTime) {
            if (zonedDateTime == null) {
                throw new NullPointerException("thisUpdate is marked non-null but is null");
            }
            this.thisUpdate$value = zonedDateTime;
            this.thisUpdate$set = true;
            return this;
        }

        @Generated
        public OcspResponseGeneratorBuilder producedAt(@NonNull ZonedDateTime zonedDateTime) {
            if (zonedDateTime == null) {
                throw new NullPointerException("producedAt is marked non-null but is null");
            }
            this.producedAt$value = zonedDateTime;
            this.producedAt$set = true;
            return this;
        }

        @Generated
        public OcspResponseGeneratorBuilder nextUpdate(ZonedDateTime zonedDateTime) {
            this.nextUpdate = zonedDateTime;
            return this;
        }

        @Generated
        public OcspResponseGeneratorBuilder withNullParameterHashAlgoOfCertId(boolean z) {
            this.withNullParameterHashAlgoOfCertId$value = z;
            this.withNullParameterHashAlgoOfCertId$set = true;
            return this;
        }

        @Generated
        public OcspResponseGeneratorBuilder responseAlgoBehavior(@NonNull ResponseAlgoBehavior responseAlgoBehavior) {
            if (responseAlgoBehavior == null) {
                throw new NullPointerException("responseAlgoBehavior is marked non-null but is null");
            }
            this.responseAlgoBehavior$value = responseAlgoBehavior;
            this.responseAlgoBehavior$set = true;
            return this;
        }

        @Generated
        public OcspResponseGenerator build() {
            boolean z = this.withCertHash$value;
            if (!this.withCertHash$set) {
                z = OcspResponseGenerator.$default$withCertHash();
            }
            boolean z2 = this.validCertHash$value;
            if (!this.validCertHash$set) {
                z2 = OcspResponseGenerator.$default$validCertHash();
            }
            boolean z3 = this.validSignature$value;
            if (!this.validSignature$set) {
                z3 = OcspResponseGenerator.$default$validSignature();
            }
            CertificateIdGeneration certificateIdGeneration = this.certificateIdGeneration$value;
            if (!this.certificateIdGeneration$set) {
                certificateIdGeneration = CertificateIdGeneration.VALID_CERTID;
            }
            OCSPRespStatus oCSPRespStatus = this.respStatus$value;
            if (!this.respStatus$set) {
                oCSPRespStatus = OCSPRespStatus.SUCCESSFUL;
            }
            boolean z4 = this.withResponseBytes$value;
            if (!this.withResponseBytes$set) {
                z4 = OcspResponseGenerator.$default$withResponseBytes();
            }
            ResponderIdType responderIdType = this.responderIdType$value;
            if (!this.responderIdType$set) {
                responderIdType = ResponderIdType.BY_KEY;
            }
            ZonedDateTime zonedDateTime = this.thisUpdate$value;
            if (!this.thisUpdate$set) {
                zonedDateTime = OcspResponseGenerator.$default$thisUpdate();
            }
            ZonedDateTime zonedDateTime2 = this.producedAt$value;
            if (!this.producedAt$set) {
                zonedDateTime2 = OcspResponseGenerator.$default$producedAt();
            }
            boolean z5 = this.withNullParameterHashAlgoOfCertId$value;
            if (!this.withNullParameterHashAlgoOfCertId$set) {
                z5 = OcspResponseGenerator.$default$withNullParameterHashAlgoOfCertId();
            }
            ResponseAlgoBehavior responseAlgoBehavior = this.responseAlgoBehavior$value;
            if (!this.responseAlgoBehavior$set) {
                responseAlgoBehavior = ResponseAlgoBehavior.MIRRORING;
            }
            return new OcspResponseGenerator(this.signer, z, z2, z3, certificateIdGeneration, oCSPRespStatus, z4, responderIdType, zonedDateTime, zonedDateTime2, this.nextUpdate, z5, responseAlgoBehavior);
        }

        @Generated
        public String toString() {
            return "OcspResponseGenerator.OcspResponseGeneratorBuilder(signer=" + this.signer + ", withCertHash$value=" + this.withCertHash$value + ", validCertHash$value=" + this.validCertHash$value + ", validSignature$value=" + this.validSignature$value + ", certificateIdGeneration$value=" + this.certificateIdGeneration$value + ", respStatus$value=" + this.respStatus$value + ", withResponseBytes$value=" + this.withResponseBytes$value + ", responderIdType$value=" + this.responderIdType$value + ", thisUpdate$value=" + this.thisUpdate$value + ", producedAt$value=" + this.producedAt$value + ", nextUpdate=" + this.nextUpdate + ", withNullParameterHashAlgoOfCertId$value=" + this.withNullParameterHashAlgoOfCertId$value + ", responseAlgoBehavior$value=" + this.responseAlgoBehavior$value + ")";
        }
    }

    /* loaded from: input_file:de/gematik/pki/gemlibpki/ocsp/OcspResponseGenerator$ResponderIdType.class */
    public enum ResponderIdType {
        BY_KEY,
        BY_NAME
    }

    /* loaded from: input_file:de/gematik/pki/gemlibpki/ocsp/OcspResponseGenerator$ResponseAlgoBehavior.class */
    public enum ResponseAlgoBehavior {
        SHA1,
        SHA2,
        MIRRORING
    }

    public OCSPResp generate(@NonNull OCSPReq oCSPReq, @NonNull X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        if (oCSPReq == null) {
            throw new NullPointerException("ocspReq is marked non-null but is null");
        }
        if (x509Certificate == null) {
            throw new NullPointerException("eeCert is marked non-null but is null");
        }
        return generate(oCSPReq, x509Certificate, x509Certificate2, CertificateStatus.GOOD);
    }

    public OCSPResp generate(@NonNull OCSPReq oCSPReq, @NonNull X509Certificate x509Certificate, @NonNull X509Certificate x509Certificate2, CertificateStatus certificateStatus) {
        if (oCSPReq == null) {
            throw new NullPointerException("ocspReq is marked non-null but is null");
        }
        if (x509Certificate == null) {
            throw new NullPointerException("eeCert is marked non-null but is null");
        }
        if (x509Certificate2 == null) {
            throw new NullPointerException("issuerCert is marked non-null but is null");
        }
        try {
            return generate(oCSPReq, x509Certificate, x509Certificate2, this.signer.getCertificate(), certificateStatus);
        } catch (OperatorCreationException | IOException | OCSPException e) {
            throw new GemPkiRuntimeException("Generieren der OCSP Response fehlgeschlagen.", e);
        }
    }

    static RespID createRespId(SubjectPublicKeyInfo subjectPublicKeyInfo, DigestCalculator digestCalculator) {
        try {
            OutputStream outputStream = digestCalculator.getOutputStream();
            try {
                outputStream.write(subjectPublicKeyInfo.getPublicKeyData().getBytes());
                if (outputStream != null) {
                    outputStream.close();
                }
                return new RespID(new ResponderID(new DEROctetString(digestCalculator.getDigest())));
            } finally {
            }
        } catch (IOException e) {
            throw new GemPkiRuntimeException("Generieren der RespID fehlgeschlagen.", e);
        }
    }

    private OCSPResp generate(OCSPReq oCSPReq, X509Certificate x509Certificate, X509Certificate x509Certificate2, X509Certificate x509Certificate3, CertificateStatus certificateStatus) throws OperatorCreationException, IOException, OCSPException {
        String str;
        BasicOCSPRespBuilder basicOCSPRespBuilder = this.responderIdType == ResponderIdType.BY_NAME ? new BasicOCSPRespBuilder(new RespID(new ResponderID(new X500Name(RFC4519Style.INSTANCE, x509Certificate3.getSubjectX500Principal().getName())))) : new BasicOCSPRespBuilder(createRespId(SubjectPublicKeyInfo.getInstance(x509Certificate3.getPublicKey().getEncoded()), new BcDigestCalculatorProvider().get(AlgorithmIdentifier.getInstance(new AlgorithmIdentifier(getAlgorithmForResponseAlgoBehavior(OcspUtils.getFirstSingleReq(oCSPReq)))))));
        ArrayList arrayList = new ArrayList();
        addNonceExtensionIfNecessary(oCSPReq, arrayList);
        addCertHashExtIfNecessary(x509Certificate, certificateStatus, arrayList);
        Extensions extensions = null;
        if (!arrayList.isEmpty()) {
            extensions = new Extensions((Extension[]) arrayList.toArray(i -> {
                return new Extension[i];
            }));
            basicOCSPRespBuilder.setResponseExtensions(extensions);
        }
        for (Req req : oCSPReq.getRequestList()) {
            basicOCSPRespBuilder.addResponse(generateCertificateId(req, x509Certificate2), certificateStatus, Date.from(this.thisUpdate.toInstant()), this.nextUpdate != null ? Date.from(this.nextUpdate.toInstant()) : null, extensions);
        }
        X509CertificateHolder[] x509CertificateHolderArr = {new X509CertificateHolder(GemLibPkiUtils.certToBytes(x509Certificate3))};
        String algorithm = this.signer.getPrivateKey().getAlgorithm();
        boolean z = -1;
        switch (algorithm.hashCode()) {
            case 2206:
                if (algorithm.equals("EC")) {
                    z = true;
                    break;
                }
                break;
            case 81440:
                if (algorithm.equals("RSA")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                str = "SHA256withRSA";
                break;
            case true:
                str = "SHA256WITHECDSA";
                break;
            default:
                throw new GemPkiRuntimeException("Signaturalgorithmus nicht unterstützt: " + this.signer.getPrivateKey().getAlgorithm());
        }
        String str2 = str;
        BasicOCSPResp basicOCSPResp = null;
        if (this.withResponseBytes) {
            basicOCSPResp = basicOCSPRespBuilder.build(new JcaContentSignerBuilder(str2).setProvider("BC").build(this.signer.getPrivateKey()), x509CertificateHolderArr, Date.from(this.producedAt.toInstant()));
            if (!this.validSignature) {
                log.warn("OCSP response signature invalid because of user request. Parameter 'validSignature' is set to false.");
                basicOCSPResp = invalidateOcspResponseSignature(basicOCSPResp);
            }
        }
        return createOcspResp(this.respStatus, basicOCSPResp);
    }

    private void addNonceExtensionIfNecessary(OCSPReq oCSPReq, List<Extension> list) {
        Extension extension = oCSPReq.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
        if (extension != null) {
            list.add(extension);
        }
    }

    private void addCertHashExtIfNecessary(X509Certificate x509Certificate, CertificateStatus certificateStatus, List<Extension> list) throws IOException {
        byte[] calculateSha256;
        if (!this.withCertHash) {
            log.warn("CertHash generation disabled because of user request. Parameter 'withCertHash' is set to false.");
            return;
        }
        if (certificateStatus instanceof UnknownStatus) {
            log.warn("CertHash generation disabled. Certificate status is unknown.");
            return;
        }
        if (this.validCertHash) {
            calculateSha256 = GemLibPkiUtils.calculateSha256(GemLibPkiUtils.certToBytes(x509Certificate));
        } else {
            log.warn("Invalid CertHash is generated because of user request. Parameter 'validCertHash' is set to false.");
            calculateSha256 = GemLibPkiUtils.calculateSha256("notAValidCertHash".getBytes(StandardCharsets.UTF_8));
        }
        list.add(new Extension(ISISMTTObjectIdentifiers.id_isismtt_at_certHash, false, new CertHash(new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256), calculateSha256).getEncoded()));
    }

    private static OCSPResp createOcspResp(OCSPRespStatus oCSPRespStatus, BasicOCSPResp basicOCSPResp) throws OCSPException {
        return basicOCSPResp == null ? new OCSPResp(new OCSPResponse(new OCSPResponseStatus(oCSPRespStatus.getStatusCode()), (ResponseBytes) null)) : new OCSPRespBuilder().build(oCSPRespStatus.getStatusCode(), basicOCSPResp);
    }

    private static ASN1OctetString getIssuerNameHash(CertificateIdGeneration certificateIdGeneration, CertificateID certificateID) {
        byte[] issuerNameHash;
        if (certificateIdGeneration == CertificateIdGeneration.INVALID_CERTID_ISSUER_NAME_HASH) {
            issuerNameHash = ArrayUtils.clone(certificateID.getIssuerNameHash());
            GemLibPkiUtils.changeLast4Bytes(issuerNameHash);
        } else {
            issuerNameHash = certificateID.getIssuerNameHash();
        }
        return new DEROctetString(issuerNameHash);
    }

    private static ASN1OctetString getIssuerKeyHash(CertificateIdGeneration certificateIdGeneration, CertificateID certificateID) {
        byte[] issuerKeyHash;
        if (certificateIdGeneration == CertificateIdGeneration.INVALID_CERTID_ISSUER_KEY_HASH) {
            issuerKeyHash = ArrayUtils.clone(certificateID.getIssuerKeyHash());
            GemLibPkiUtils.changeLast4Bytes(issuerKeyHash);
        } else {
            issuerKeyHash = certificateID.getIssuerKeyHash();
        }
        return new DEROctetString(issuerKeyHash);
    }

    private static ASN1Integer getCertSerialNr(CertificateIdGeneration certificateIdGeneration, CertificateID certificateID) {
        BigInteger serialNumber;
        if (certificateIdGeneration == CertificateIdGeneration.INVALID_CERTID_SERIAL_NUMBER) {
            byte[] clone = ArrayUtils.clone(certificateID.getSerialNumber().toByteArray());
            GemLibPkiUtils.changeLast4Bytes(clone);
            serialNumber = new BigInteger(1, clone);
        } else {
            serialNumber = certificateID.getSerialNumber();
        }
        return new ASN1Integer(serialNumber);
    }

    public static void verifyHashAlgoSupported(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        if (!(aSN1ObjectIdentifier.equals(OIWObjectIdentifiers.idSHA1) || aSN1ObjectIdentifier.equals(NISTObjectIdentifiers.id_sha256))) {
            throw new GemPkiRuntimeException("Unknown algorithm %s. Only %s and %s are supported.".formatted(aSN1ObjectIdentifier.getId(), OIWObjectIdentifiers.idSHA1.getId(), NISTObjectIdentifiers.id_sha256.getId()));
        }
    }

    private ASN1ObjectIdentifier getAlgorithmForResponseAlgoBehavior(Req req) {
        switch (this.responseAlgoBehavior) {
            case SHA1:
                return OIWObjectIdentifiers.idSHA1;
            case SHA2:
                return NISTObjectIdentifiers.id_sha256;
            default:
                ASN1ObjectIdentifier hashAlgOID = req.getCertID().getHashAlgOID();
                verifyHashAlgoSupported(hashAlgOID);
                return hashAlgOID;
        }
    }

    private AlgorithmIdentifier getAlgorithmIdentifier(Req req) {
        ASN1ObjectIdentifier algorithmForResponseAlgoBehavior = this.certificateIdGeneration == CertificateIdGeneration.INVALID_CERTID_HASH_ALGO ? NISTObjectIdentifiers.id_sha3_512 : getAlgorithmForResponseAlgoBehavior(req);
        return this.withNullParameterHashAlgoOfCertId ? new AlgorithmIdentifier(algorithmForResponseAlgoBehavior, DERNull.INSTANCE) : new AlgorithmIdentifier(algorithmForResponseAlgoBehavior);
    }

    private BasicOCSPResp invalidateOcspResponseSignature(BasicOCSPResp basicOCSPResp) {
        try {
            byte[] encodedFromBasicResp = DSSRevocationUtils.getEncodedFromBasicResp(basicOCSPResp);
            GemLibPkiUtils.change4Bytes(encodedFromBasicResp, Bytes.indexOf(encodedFromBasicResp, basicOCSPResp.getSignature()) + basicOCSPResp.getSignature().length);
            return DSSRevocationUtils.loadOCSPFromBinaries(encodedFromBasicResp);
        } catch (IOException e) {
            throw new GemPkiRuntimeException("Fehler beim invalidieren der OCSP Response Signatur.", e);
        }
    }

    private CertificateID generateCertificateId(Req req, @NonNull X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            throw new NullPointerException("issuerCert is marked non-null but is null");
        }
        AlgorithmIdentifier algorithmIdentifier = getAlgorithmIdentifier(req);
        CertificateID createCertificateId = OcspRequestGenerator.createCertificateId(req.getCertID().getSerialNumber(), x509Certificate, algorithmIdentifier);
        return new CertificateID(new CertID(algorithmIdentifier, getIssuerNameHash(this.certificateIdGeneration, createCertificateId), getIssuerKeyHash(this.certificateIdGeneration, createCertificateId), getCertSerialNr(this.certificateIdGeneration, createCertificateId)));
    }

    @Generated
    private static boolean $default$withCertHash() {
        return true;
    }

    @Generated
    private static boolean $default$validCertHash() {
        return true;
    }

    @Generated
    private static boolean $default$validSignature() {
        return true;
    }

    @Generated
    private static boolean $default$withResponseBytes() {
        return true;
    }

    @Generated
    private static ZonedDateTime $default$thisUpdate() {
        return ZonedDateTime.now(ZoneOffset.UTC);
    }

    @Generated
    private static ZonedDateTime $default$producedAt() {
        return ZonedDateTime.now(ZoneOffset.UTC);
    }

    @Generated
    private static boolean $default$withNullParameterHashAlgoOfCertId() {
        return false;
    }

    @Generated
    OcspResponseGenerator(@NonNull P12Container p12Container, boolean z, boolean z2, boolean z3, CertificateIdGeneration certificateIdGeneration, @NonNull OCSPRespStatus oCSPRespStatus, boolean z4, @NonNull ResponderIdType responderIdType, @NonNull ZonedDateTime zonedDateTime, @NonNull ZonedDateTime zonedDateTime2, ZonedDateTime zonedDateTime3, boolean z5, @NonNull ResponseAlgoBehavior responseAlgoBehavior) {
        if (p12Container == null) {
            throw new NullPointerException("signer is marked non-null but is null");
        }
        if (oCSPRespStatus == null) {
            throw new NullPointerException("respStatus is marked non-null but is null");
        }
        if (responderIdType == null) {
            throw new NullPointerException("responderIdType is marked non-null but is null");
        }
        if (zonedDateTime == null) {
            throw new NullPointerException("thisUpdate is marked non-null but is null");
        }
        if (zonedDateTime2 == null) {
            throw new NullPointerException("producedAt is marked non-null but is null");
        }
        if (responseAlgoBehavior == null) {
            throw new NullPointerException("responseAlgoBehavior is marked non-null but is null");
        }
        this.signer = p12Container;
        this.withCertHash = z;
        this.validCertHash = z2;
        this.validSignature = z3;
        this.certificateIdGeneration = certificateIdGeneration;
        this.respStatus = oCSPRespStatus;
        this.withResponseBytes = z4;
        this.responderIdType = responderIdType;
        this.thisUpdate = zonedDateTime;
        this.producedAt = zonedDateTime2;
        this.nextUpdate = zonedDateTime3;
        this.withNullParameterHashAlgoOfCertId = z5;
        this.responseAlgoBehavior = responseAlgoBehavior;
    }

    @Generated
    public static OcspResponseGeneratorBuilder builder() {
        return new OcspResponseGeneratorBuilder();
    }

    static {
        GemLibPkiUtils.setBouncyCastleProvider();
    }
}
