package de.trustable.cmp.client.cmpClient;

import de.trustable.cmp.client.ProtectedMessageHandler;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Random;
import java.util.Set;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.cmp.CMPCertificate;
import org.bouncycastle.asn1.cmp.CMPObjectIdentifiers;
import org.bouncycastle.asn1.cmp.CertRepMessage;
import org.bouncycastle.asn1.cmp.CertResponse;
import org.bouncycastle.asn1.cmp.ErrorMsgContent;
import org.bouncycastle.asn1.cmp.GenMsgContent;
import org.bouncycastle.asn1.cmp.InfoTypeAndValue;
import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIFreeText;
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.asn1.cmp.PKIMessages;
import org.bouncycastle.asn1.cmp.PKIStatusInfo;
import org.bouncycastle.asn1.cmp.RevDetails;
import org.bouncycastle.asn1.cmp.RevRepContent;
import org.bouncycastle.asn1.cmp.RevReqContent;
import org.bouncycastle.asn1.crmf.CertId;
import org.bouncycastle.asn1.crmf.CertReqMessages;
import org.bouncycastle.asn1.crmf.CertTemplateBuilder;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.CRLReason;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.cmp.CMPException;
import org.bouncycastle.cert.cmp.GeneralPKIMessage;
import org.bouncycastle.cert.cmp.ProtectedPKIMessage;
import org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder;
import org.bouncycastle.cert.crmf.CRMFException;
import org.bouncycastle.cert.crmf.CertificateRequestMessage;
import org.bouncycastle.cert.crmf.PKMACBuilder;
import org.bouncycastle.cert.crmf.jcajce.JcaCertificateRequestMessageBuilder;
import org.bouncycastle.cert.crmf.jcajce.JcePKMACValuesCalculator;
import org.bouncycastle.cert.jcajce.JcaX500NameUtil;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.operator.MacCalculator;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCSException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/trustable/cmp/client/cmpClient/CMPClientImpl.class */
public class CMPClientImpl {
    private static final Logger LOGGER = LoggerFactory.getLogger(CMPClientImpl.class);
    SecureRandom secRandom;
    private CMPClientConfig cmpClientConfig;

    /* loaded from: input_file:de/trustable/cmp/client/cmpClient/CMPClientImpl$CertificateResponseContent.class */
    public class CertificateResponseContent {
        X509Certificate createdCertificate;
        Set<X509Certificate> additionalCertificates = new HashSet();
        String message;

        public CertificateResponseContent() {
        }

        public X509Certificate getCreatedCertificate() {
            return this.createdCertificate;
        }

        public void setCreatedCertificate(X509Certificate x509Certificate) {
            this.createdCertificate = x509Certificate;
        }

        public Set<X509Certificate> getAdditionalCertificates() {
            return this.additionalCertificates;
        }

        public void setAdditionalCertificates(Set<X509Certificate> set) {
            this.additionalCertificates = set;
        }

        public String getMessage() {
            return this.message;
        }

        public void setMessage(String str) {
            this.message = str;
        }
    }

    private CMPClientImpl() {
        this.secRandom = new SecureRandom();
        Security.addProvider(new BouncyCastleProvider());
    }

    public CMPClientImpl(CMPClientConfig cMPClientConfig) {
        this();
        this.cmpClientConfig = cMPClientConfig;
    }

    public GenMsgContent getGeneralMessageRequest() throws GeneralSecurityException {
        FileOutputStream fileOutputStream;
        try {
            PKIMessage buildGeneralMessageRequest = buildGeneralMessageRequest(X500Name.getInstance(new X500Name("CN=User1").toASN1Primitive()), this.cmpClientConfig.getMessageHandler());
            PKIMessage pKIMessage = buildGeneralMessageRequest;
            if (this.cmpClientConfig.isMultipleMessages()) {
                trace("wrapping PKIMessage into PKIMessages");
                pKIMessage = new PKIMessages(buildGeneralMessageRequest);
            }
            byte[] encoded = pKIMessage.getEncoded();
            if (this.cmpClientConfig.isVerbose()) {
                File createTempFile = File.createTempFile("cmp_request_dump", ".der");
                fileOutputStream = new FileOutputStream(createTempFile);
                try {
                    fileOutputStream.write(encoded);
                    fileOutputStream.close();
                    trace("requestBytes in dump file : " + createTempFile.getAbsolutePath());
                    trace("requestBytes : " + Base64.getEncoder().encodeToString(encoded));
                    trace("cmp client calls url '" + this.cmpClientConfig.getCaUrl() + "' with alias '" + this.cmpClientConfig.getCmpAlias() + "'");
                } finally {
                }
            }
            byte[] sendHttpReq = this.cmpClientConfig.getRemoteTargetHandler().sendHttpReq(this.cmpClientConfig.getCaUrl() + "/" + this.cmpClientConfig.getCmpAlias(), encoded, this.cmpClientConfig.getMsgContentType(), this.cmpClientConfig.getSni(), false, this.cmpClientConfig.getP12ClientStore(), this.cmpClientConfig.getP12ClientSecret());
            if (sendHttpReq == null) {
                throw new GeneralSecurityException("remote connector returned 'null'");
            }
            if (this.cmpClientConfig.isVerbose()) {
                File createTempFile2 = File.createTempFile("cmp_response_dump", ".der");
                fileOutputStream = new FileOutputStream(createTempFile2);
                try {
                    fileOutputStream.write(sendHttpReq);
                    fileOutputStream.close();
                    trace("responseBytes in dump file : " + createTempFile2.getAbsolutePath());
                    trace("responseBytes : " + Base64.getEncoder().encodeToString(sendHttpReq));
                } finally {
                }
            }
            return readGenMsgResponse(sendHttpReq);
        } catch (IOException e) {
            log("IO / encoding problem", e);
            throw new GeneralSecurityException(e.getMessage());
        }
    }

    public CertificateResponseContent signCertificateRequest(InputStream inputStream) throws GeneralSecurityException {
        return signCertificateRequest(convertPemToPKCS10CertificationRequest(inputStream));
    }

    public CertificateResponseContent signCertificateRequest(PKCS10CertificationRequest pKCS10CertificationRequest) throws GeneralSecurityException {
        FileOutputStream fileOutputStream;
        try {
            PKIMessage buildCertRequest = buildCertRequest(this.secRandom.nextLong(), pKCS10CertificationRequest, this.cmpClientConfig.getMessageHandler());
            PKIMessage pKIMessage = buildCertRequest;
            if (this.cmpClientConfig.isMultipleMessages()) {
                trace("wrapping PKIMessage into PKIMessages");
                pKIMessage = new PKIMessages(buildCertRequest);
            }
            byte[] encoded = pKIMessage.getEncoded();
            if (this.cmpClientConfig.isVerbose()) {
                File createTempFile = File.createTempFile("cmp_request_dump", ".der");
                fileOutputStream = new FileOutputStream(createTempFile);
                try {
                    fileOutputStream.write(encoded);
                    fileOutputStream.close();
                    trace("requestBytes in dump file : " + createTempFile.getAbsolutePath());
                    trace("requestBytes : " + Base64.getEncoder().encodeToString(encoded));
                    trace("cmp client calls url '" + this.cmpClientConfig.getCaUrl() + "' with alias '" + this.cmpClientConfig.getCmpAlias() + "'");
                } finally {
                }
            }
            byte[] sendHttpReq = this.cmpClientConfig.getRemoteTargetHandler().sendHttpReq(this.cmpClientConfig.getCaUrl() + "/" + this.cmpClientConfig.getCmpAlias(), encoded, this.cmpClientConfig.getMsgContentType(), this.cmpClientConfig.getSni(), false, this.cmpClientConfig.getP12ClientStore(), this.cmpClientConfig.getP12ClientSecret());
            if (sendHttpReq == null) {
                throw new GeneralSecurityException("remote connector returned 'null'");
            }
            if (this.cmpClientConfig.isVerbose()) {
                File createTempFile2 = File.createTempFile("cmp_response_dump", ".der");
                fileOutputStream = new FileOutputStream(createTempFile2);
                try {
                    fileOutputStream.write(sendHttpReq);
                    fileOutputStream.close();
                    trace("responseBytes in dump file : " + createTempFile2.getAbsolutePath());
                } finally {
                }
            }
            trace("responseBytes : " + Base64.getEncoder().encodeToString(sendHttpReq));
            return readCertResponse(sendHttpReq, buildCertRequest);
        } catch (IOException e) {
            log("IO / encoding problem", e);
            throw new GeneralSecurityException(e.getMessage());
        } catch (CRMFException e2) {
            log("CMS format problem", e2);
            throw new GeneralSecurityException(e2.getMessage());
        } catch (CMPException e3) {
            log("CMP problem", e3);
            throw new GeneralSecurityException(e3.getMessage());
        }
    }

    public void revokeCertificate(File file, String str) throws GeneralSecurityException, IOException {
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream);
            revokeCertificate(JcaX500NameUtil.getIssuer(x509Certificate), JcaX500NameUtil.getSubject(x509Certificate), x509Certificate.getSerialNumber(), crlReasonFromString(str));
            log("revocation of certificate '" + x509Certificate.getSubjectDN().getName() + "' with reason '" + str + "' succeeded!");
            fileInputStream.close();
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public void revokeCertificate(X500Name x500Name, X500Name x500Name2, BigInteger bigInteger, CRLReason cRLReason) throws GeneralSecurityException {
        try {
            byte[] buildRevocationRequest = buildRevocationRequest(new Random().nextLong(), x500Name, x500Name2, bigInteger, cRLReason);
            trace("revocation requestBytes : " + Base64.getEncoder().encodeToString(buildRevocationRequest));
            byte[] sendHttpReq = this.cmpClientConfig.getRemoteTargetHandler().sendHttpReq(this.cmpClientConfig.getCaUrl() + "/" + this.cmpClientConfig.getCmpAlias(), buildRevocationRequest, this.cmpClientConfig.getMsgContentType(), this.cmpClientConfig.getSni(), this.cmpClientConfig.isDisableHostNameVerifier(), this.cmpClientConfig.getP12ClientStore(), this.cmpClientConfig.getP12ClientSecret());
            trace("revocation responseBytes : " + Base64.getEncoder().encodeToString(sendHttpReq));
            readRevResponse(sendHttpReq);
        } catch (CRMFException e) {
            log("CMS format problem", e);
            throw new GeneralSecurityException(e.getMessage());
        } catch (CMPException e2) {
            log("CMP problem", e2);
            throw new GeneralSecurityException(e2.getMessage());
        } catch (IOException e3) {
            log("IO / encoding problem", e3);
            throw new GeneralSecurityException(e3.getMessage());
        }
    }

    public PKIMessage buildGeneralMessageRequest(X500Name x500Name, ProtectedMessageHandler protectedMessageHandler) throws GeneralSecurityException {
        GenMsgContent genMsgContent = new GenMsgContent(new InfoTypeAndValue[]{new InfoTypeAndValue(CMPObjectIdentifiers.id_regCtrl_algId)});
        ProtectedPKIMessageBuilder pKIBuilder = getPKIBuilder(new X500Name(new RDN[0]), protectedMessageHandler.getSender(x500Name));
        protectedMessageHandler.addCertificate(pKIBuilder);
        pKIBuilder.setBody(new PKIBody(21, genMsgContent));
        return protectedMessageHandler.signMessage(pKIBuilder).toASN1Structure();
    }

    public GenMsgContent readGenMsgResponse(byte[] bArr) throws IOException, GeneralSecurityException {
        PKIMessage pkiMessage = getPkiMessage(bArr);
        PKIHeader header = pkiMessage.getHeader();
        if (LOGGER.isDebugEnabled()) {
            if (header.getRecipNonce() == null) {
                LOGGER.debug("no recip nonce");
            } else {
                LOGGER.debug("recip nonce : " + org.bouncycastle.util.encoders.Base64.toBase64String(header.getRecipNonce().getOctets()));
            }
            if (header.getSenderNonce() == null) {
                LOGGER.debug("no sender nonce");
            } else {
                LOGGER.debug("sender nonce : " + org.bouncycastle.util.encoders.Base64.toBase64String(header.getSenderNonce().getOctets()));
            }
        }
        PKIBody body = pkiMessage.getBody();
        int type = body.getType();
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Received CMP message with pvno=" + header.getPvno() + ", sender=" + header.getSender().toString() + ", recipient=" + header.getRecipient().toString());
            LOGGER.debug("Body is of type: " + type);
            LOGGER.debug("Transaction id: " + header.getTransactionID());
        }
        if (type == 23) {
            handleCMPError(body);
            return null;
        }
        if (type != 22) {
            throw new GeneralSecurityException("unexpected PKI body type :" + type);
        }
        LOGGER.debug("Rev response received");
        if (body.getContent() == null) {
            return null;
        }
        GenMsgContent genMsgContent = GenMsgContent.getInstance(body.getContent());
        InfoTypeAndValue[] infoTypeAndValueArray = genMsgContent.toInfoTypeAndValueArray();
        if (infoTypeAndValueArray != null) {
            for (InfoTypeAndValue infoTypeAndValue : infoTypeAndValueArray) {
                LOGGER.info("infoTypeAndValue : " + infoTypeAndValue.getInfoType() + " / " + infoTypeAndValue.getInfoValue());
            }
        } else {
            LOGGER.debug("no certId ");
        }
        return genMsgContent;
    }

    public PKIMessage buildCertRequest(long j, PKCS10CertificationRequest pKCS10CertificationRequest, ProtectedMessageHandler protectedMessageHandler) throws GeneralSecurityException {
        SubjectPublicKeyInfo subjectPublicKeyInfo = pKCS10CertificationRequest.getSubjectPublicKeyInfo();
        try {
            if (!pKCS10CertificationRequest.isSignatureValid(new JcaContentVerifierProviderBuilder().build(subjectPublicKeyInfo))) {
                throw new GeneralSecurityException("CSR signature validation failed");
            }
            trace("subjectDN : " + pKCS10CertificationRequest.getSubject().toString());
            ArrayList arrayList = new ArrayList();
            for (Attribute attribute : pKCS10CertificationRequest.getAttributes()) {
                for (ASN1Encodable aSN1Encodable : attribute.getAttributeValues()) {
                    if (aSN1Encodable != null) {
                        Extensions extensions = Extensions.getInstance(aSN1Encodable);
                        for (ASN1ObjectIdentifier aSN1ObjectIdentifier : extensions.getExtensionOIDs()) {
                            trace("copying oid '" + aSN1ObjectIdentifier.toString() + "' from csr to PKIMessage");
                            arrayList.add(extensions.getExtension(aSN1ObjectIdentifier));
                        }
                    }
                }
            }
            return buildCertRequest(j, pKCS10CertificationRequest.getSubject(), arrayList, subjectPublicKeyInfo, protectedMessageHandler);
        } catch (PKCSException | OperatorCreationException e) {
            throw new GeneralSecurityException((Throwable) e);
        }
    }

    public PKIMessage buildCertRequest(long j, X500Name x500Name, Collection<Extension> collection, SubjectPublicKeyInfo subjectPublicKeyInfo, ProtectedMessageHandler protectedMessageHandler) throws GeneralSecurityException {
        JcaCertificateRequestMessageBuilder jcaCertificateRequestMessageBuilder = new JcaCertificateRequestMessageBuilder(BigInteger.valueOf(j));
        if (this.cmpClientConfig.getATaVArr() != null && this.cmpClientConfig.getATaVArr().length > 0) {
            jcaCertificateRequestMessageBuilder.setRegInfo(this.cmpClientConfig.getATaVArr());
            trace("added " + this.cmpClientConfig.getATaVArr().length + " ATaVs to the request");
        }
        jcaCertificateRequestMessageBuilder.setSubject(x500Name);
        trace("set subject to '" + x500Name + "'");
        X500Name x500Name2 = new X500Name(new RDN[0]);
        try {
            for (Extension extension : collection) {
                trace("Add csr Extension : " + extension.getExtnId().getId() + " -> " + extension.getExtnValue());
                jcaCertificateRequestMessageBuilder.addExtension(extension.getExtnId(), extension.isCritical(), extension.getExtnValue().getOctets());
            }
            jcaCertificateRequestMessageBuilder.setPublicKey(subjectPublicKeyInfo);
            jcaCertificateRequestMessageBuilder.setProofOfPossessionRaVerified();
            this.cmpClientConfig.handleIssuer(jcaCertificateRequestMessageBuilder);
            CertificateRequestMessage build = jcaCertificateRequestMessageBuilder.build();
            trace("CertTemplate : " + build.getCertTemplate());
            ProtectedPKIMessageBuilder pKIBuilder = getPKIBuilder(x500Name2, protectedMessageHandler.getSender(x500Name));
            if (this.cmpClientConfig.isImplicitConfirm()) {
                pKIBuilder.addGeneralInfo(new InfoTypeAndValue(CMPObjectIdentifiers.it_implicitConfirm, DERNull.INSTANCE));
            }
            protectedMessageHandler.addCertificate(pKIBuilder);
            pKIBuilder.setBody(new PKIBody(2, new CertReqMessages(build.toASN1Structure())));
            return protectedMessageHandler.signMessage(pKIBuilder).toASN1Structure();
        } catch (CRMFException e) {
            log("Exception occurred processing extensions", e);
            throw new GeneralSecurityException(e.getMessage());
        }
    }

    public CertificateResponseContent readCertResponse(byte[] bArr, PKIMessage pKIMessage) throws IOException, CRMFException, CMPException, GeneralSecurityException {
        Certificate x509v3PKCert;
        PKIFreeText statusString;
        CertificateResponseContent certificateResponseContent = new CertificateResponseContent();
        PKIMessage pkiMessage = getPkiMessage(bArr);
        buildPKIMessage(pkiMessage);
        PKIHeader header = pKIMessage.getHeader();
        PKIHeader header2 = pkiMessage.getHeader();
        if (!header.getSenderNonce().equals(header2.getRecipNonce())) {
            ASN1OctetString recipNonce = header2.getRecipNonce();
            if (recipNonce != null) {
                log("sender nonce differ from recepient nonce " + Base64.getEncoder().encodeToString(header.getSenderNonce().getOctets()) + " != " + Base64.getEncoder().encodeToString(recipNonce.getOctets()));
                throw new GeneralSecurityException("Sender / Recip nonce mismatch");
            }
            log("Recip nonce == null");
        }
        if (!header.getTransactionID().equals(header2.getTransactionID()) && this.cmpClientConfig.isCheckTransactionIdMatch()) {
            ASN1OctetString transactionID = header2.getTransactionID();
            if (transactionID == null) {
                log("transaction id == null");
            } else {
                log("transaction id differ between request and response: " + Base64.getEncoder().encodeToString(header.getTransactionID().getOctets()) + " != " + Base64.getEncoder().encodeToString(transactionID.getOctets()));
            }
            throw new GeneralSecurityException("Sender / Recip Transaction Id mismatch");
        }
        PKIBody body = pkiMessage.getBody();
        int type = body.getType();
        if (type == 23) {
            handleCMPError(body);
            return null;
        }
        if (type != 3 && type != 1) {
            throw new GeneralSecurityException("unexpected PKI body type :" + type);
        }
        CertRepMessage certRepMessage = CertRepMessage.getInstance(body.getContent());
        handleExtraCerts(certRepMessage.getCaPubs(), certificateResponseContent);
        handleExtraCerts(pkiMessage.getExtraCerts(), certificateResponseContent);
        CertResponse[] response = certRepMessage.getResponse();
        if (response == null || response.length == 0) {
            throw new GeneralSecurityException("No CMP response found.");
        }
        trace("CMP Response body contains " + response.length + " elements");
        for (int i = 0; i < response.length; i++) {
            if (response[i] == null) {
                throw new GeneralSecurityException("CMP response element #" + i + " of " + response.length + " returns no content.");
            }
            BigInteger bigInteger = BigInteger.ZERO;
            String str = "";
            PKIStatusInfo status = response[i].getStatus();
            if (status != null && (statusString = status.getStatusString()) != null) {
                for (int i2 = 0; i2 < statusString.size(); i2++) {
                    str = str + statusString.getStringAt(i2) + "\n";
                }
            }
            certificateResponseContent.setMessage(str);
            if (response[i].getCertifiedKeyPair() == null || response[i].getCertifiedKeyPair().getCertOrEncCert() == null) {
                throw new GeneralSecurityException("CMP response contains no certificate, status :" + bigInteger + "\n" + str);
            }
            CMPCertificate certificate = response[i].getCertifiedKeyPair().getCertOrEncCert().getCertificate();
            if (certificate != null && (x509v3PKCert = certificate.getX509v3PKCert()) != null) {
                trace("#" + i + ": " + x509v3PKCert);
                certificateResponseContent.setCreatedCertificate(((X509Certificate[]) CertificateFactory.getInstance("X.509", "BC").generateCertificates(new ByteArrayInputStream(x509v3PKCert.getEncoded())).toArray(new X509Certificate[0]))[0]);
                return certificateResponseContent;
            }
        }
        return null;
    }

    private void handleExtraCerts(CMPCertificate[] cMPCertificateArr, CertificateResponseContent certificateResponseContent) throws GeneralSecurityException, IOException {
        if (cMPCertificateArr == null) {
            return;
        }
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        LOGGER.info("CMP response contains " + cMPCertificateArr.length + " extra certificates");
        for (CMPCertificate cMPCertificate : cMPCertificateArr) {
            try {
                LOGGER.info("Additional cert '" + cMPCertificate.getX509v3PKCert().getSubject() + "' included in CMP response");
                try {
                    certificateResponseContent.additionalCertificates.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(cMPCertificate.getEncoded())));
                } catch (IOException | GeneralSecurityException e) {
                    LOGGER.info("problem importing certificate: " + e.getMessage(), e);
                    throw e;
                } catch (Throwable th) {
                    LOGGER.info("problem importing certificate: " + th.getMessage(), th);
                    throw new GeneralSecurityException("problem importing certificate: " + th.getMessage());
                }
            } catch (NullPointerException e2) {
            }
        }
    }

    private PKIMessage getPkiMessage(byte[] bArr) throws IOException, GeneralSecurityException {
        ASN1Primitive dERObject = getDERObject(bArr);
        PKIMessage pKIMessage = null;
        try {
            PKIMessage[] pKIMessageArray = PKIMessages.getInstance(dERObject).toPKIMessageArray();
            if (pKIMessageArray.length > 0) {
                pKIMessage = pKIMessageArray[0];
            }
        } catch (Throwable th) {
            log("reading PKIMessages failed: " + th.getMessage());
        }
        if (pKIMessage == null) {
            pKIMessage = PKIMessage.getInstance(dERObject);
        }
        if (pKIMessage == null) {
            throw new GeneralSecurityException("No CMP message could be parsed from received DER object.");
        }
        return pKIMessage;
    }

    private GeneralPKIMessage buildPKIMessage(PKIMessage pKIMessage) throws GeneralSecurityException {
        GeneralPKIMessage generalPKIMessage = new GeneralPKIMessage(pKIMessage);
        printPKIMessageInfo(generalPKIMessage);
        if (generalPKIMessage.hasProtection()) {
            if (!this.cmpClientConfig.getMessageHandler().verifyMessage(new ProtectedPKIMessage(generalPKIMessage))) {
                throw new GeneralSecurityException("received response message has unexpected protection scheme!");
            }
            trace("message verification success");
        } else {
            warn("received response message contains NO content protection!");
        }
        return generalPKIMessage;
    }

    public byte[] buildRevocationRequest(long j, X500Name x500Name, X500Name x500Name2, BigInteger bigInteger, CRLReason cRLReason) throws IOException, CRMFException, CMPException, GeneralSecurityException {
        CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
        certTemplateBuilder.setIssuer(x500Name);
        certTemplateBuilder.setSerialNumber(new ASN1Integer(bigInteger));
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        extensionsGenerator.addExtension(Extension.reasonCode, false, cRLReason);
        Extensions generate = extensionsGenerator.generate();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(certTemplateBuilder.build());
        aSN1EncodableVector.add(generate);
        RevReqContent revReqContent = new RevReqContent(RevDetails.getInstance(new DERSequence(aSN1EncodableVector)));
        ProtectedMessageHandler messageHandler = this.cmpClientConfig.getMessageHandler();
        ProtectedPKIMessageBuilder pKIBuilder = getPKIBuilder(x500Name, messageHandler.getSender(x500Name2));
        pKIBuilder.setBody(new PKIBody(11, revReqContent));
        messageHandler.addCertificate(pKIBuilder);
        if (this.cmpClientConfig.isImplicitConfirm()) {
            pKIBuilder.addGeneralInfo(new InfoTypeAndValue(CMPObjectIdentifiers.it_implicitConfirm, DERNull.INSTANCE));
        }
        PKIMessages aSN1Structure = messageHandler.signMessage(pKIBuilder).toASN1Structure();
        trace("sender nonce : " + org.bouncycastle.util.encoders.Base64.toBase64String(aSN1Structure.getHeader().getSenderNonce().getOctets()));
        PKIMessages pKIMessages = aSN1Structure;
        if (this.cmpClientConfig.isMultipleMessages()) {
            trace("wrapping PKIMessage into PKIMessages");
            pKIMessages = new PKIMessages(aSN1Structure);
        }
        return pKIMessages.getEncoded();
    }

    public RevRepContent readRevResponse(byte[] bArr) throws IOException, CRMFException, CMPException, GeneralSecurityException {
        GeneralPKIMessage buildPKIMessage = buildPKIMessage(getPkiMessage(bArr));
        PKIHeader header = buildPKIMessage.getHeader();
        if (header.getRecipNonce() == null) {
            trace("no recipient nonce");
        } else {
            trace("recipient nonce : " + org.bouncycastle.util.encoders.Base64.toBase64String(header.getRecipNonce().getOctets()));
        }
        if (header.getSenderNonce() == null) {
            trace("no sender nonce");
        } else {
            trace("sender nonce : " + org.bouncycastle.util.encoders.Base64.toBase64String(header.getSenderNonce().getOctets()));
        }
        PKIBody body = buildPKIMessage.getBody();
        int type = body.getType();
        if (type == 23) {
            handleCMPError(body);
            return null;
        }
        if (type != 12) {
            throw new GeneralSecurityException("unexpected PKI body type :" + type);
        }
        trace("Rev response received");
        if (body.getContent() == null) {
            return null;
        }
        RevRepContent revRepContent = RevRepContent.getInstance(body.getContent());
        CertId[] revCerts = revRepContent.getRevCerts();
        if (revCerts != null) {
            for (CertId certId : revCerts) {
                trace("revoked certId : " + certId.getIssuer() + " / " + certId.getSerialNumber().getValue());
            }
        } else {
            trace("no certId ");
        }
        return revRepContent;
    }

    private void handleCMPError(PKIBody pKIBody) throws GeneralSecurityException {
        String str = "";
        ErrorMsgContent errorMsgContent = ErrorMsgContent.getInstance(pKIBody.getContent());
        if (errorMsgContent.getErrorCode() != null) {
            str = "errMsg : #" + errorMsgContent.getErrorCode() + " " + errorMsgContent.getErrorDetails() + " / " + errorMsgContent.getPKIStatusInfo().getFailInfo();
            log(str);
        }
        try {
            if (errorMsgContent.getPKIStatusInfo() != null) {
                PKIFreeText statusString = errorMsgContent.getPKIStatusInfo().getStatusString();
                for (int i = 0; i < statusString.size(); i++) {
                    trace("#" + i + ": " + statusString.getStringAt(i));
                }
            }
        } catch (NullPointerException e) {
        }
        throw new GeneralSecurityException(str);
    }

    private void printPKIMessageInfo(GeneralPKIMessage generalPKIMessage) {
        PKIHeader header = generalPKIMessage.getHeader();
        PKIBody body = generalPKIMessage.getBody();
        trace("Received " + (generalPKIMessage.hasProtection() ? " protected " : "") + "CMP message with pvno=" + header.getPvno() + ", sender=" + header.getSender().toString() + ", recipient=" + header.getRecipient().toString());
        trace("Body is of type: " + body.getType());
        trace("Transaction id: " + header.getTransactionID());
    }

    ProtectedPKIMessageBuilder getPKIBuilder(X500Name x500Name, X500Name x500Name2) {
        long nextLong = this.secRandom.nextLong();
        return getPKIBuilder(x500Name, x500Name2, ("nonce" + nextLong).getBytes(), null, ("transactionId" + nextLong).getBytes(), ("keyId" + nextLong).getBytes(), null);
    }

    public ProtectedPKIMessageBuilder getPKIBuilder(X500Name x500Name, X500Name x500Name2, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5) {
        ProtectedPKIMessageBuilder protectedPKIMessageBuilder = new ProtectedPKIMessageBuilder(new GeneralName(x500Name2), new GeneralName(x500Name));
        protectedPKIMessageBuilder.setMessageTime(new Date());
        if (bArr != null) {
            protectedPKIMessageBuilder.setSenderNonce(bArr);
        }
        if (bArr2 != null) {
            protectedPKIMessageBuilder.setRecipNonce(bArr2);
        }
        if (bArr3 != null) {
            protectedPKIMessageBuilder.setTransactionID(bArr3);
        }
        if (bArr4 != null) {
            protectedPKIMessageBuilder.setSenderKID(bArr4);
        }
        if (bArr5 != null) {
            protectedPKIMessageBuilder.setRecipKID(bArr5);
        }
        return protectedPKIMessageBuilder;
    }

    public CRLReason crlReasonFromString(String str) {
        int i = 0;
        try {
            i = Integer.parseInt(str);
        } catch (NumberFormatException e) {
            if ("keyCompromise".equalsIgnoreCase(str)) {
                i = 1;
            } else if ("cACompromise".equalsIgnoreCase(str)) {
                i = 2;
            } else if ("affiliationChanged".equalsIgnoreCase(str)) {
                i = 3;
            } else if ("superseded".equalsIgnoreCase(str)) {
                i = 4;
            } else if ("cessationOfOperation".equalsIgnoreCase(str)) {
                i = 5;
            } else if ("privilegeWithdrawn".equalsIgnoreCase(str)) {
                i = 9;
            } else if ("aACompromise".equalsIgnoreCase(str)) {
                i = 10;
            } else if ("certificateHold".equalsIgnoreCase(str)) {
                i = 6;
            } else if ("removeFromCRL".equalsIgnoreCase(str)) {
                i = 8;
            } else if ("unspecified".equalsIgnoreCase(str)) {
                i = 0;
            }
        }
        return CRLReason.lookup(i);
    }

    public static PKMACBuilder getMacCalculatorBuilder() throws CRMFException {
        JcePKMACValuesCalculator jcePKMACValuesCalculator = new JcePKMACValuesCalculator();
        jcePKMACValuesCalculator.setup(new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.14.3.2.26")), new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.2.7")));
        return new PKMACBuilder(jcePKMACValuesCalculator);
    }

    public static MacCalculator getMacCalculator(String str) throws CRMFException {
        return getMacCalculatorBuilder().build(str.toCharArray());
    }

    public ASN1Primitive getDERObject(byte[] bArr) throws IOException {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(bArr);
        try {
            ASN1Primitive readObject = aSN1InputStream.readObject();
            aSN1InputStream.close();
            return readObject;
        } catch (Throwable th) {
            aSN1InputStream.close();
            throw th;
        }
    }

    public PKCS10CertificationRequest convertPemToPKCS10CertificationRequest(InputStream inputStream) throws GeneralSecurityException {
        PKCS10CertificationRequest pKCS10CertificationRequest = null;
        PEMParser pEMParser = new PEMParser(new InputStreamReader(inputStream));
        try {
            try {
                Object readObject = pEMParser.readObject();
                if (readObject == null) {
                    throw new GeneralSecurityException("Parsing of CSR failed! Not PEM encoded?");
                }
                if (readObject instanceof PKCS10CertificationRequest) {
                    pKCS10CertificationRequest = (PKCS10CertificationRequest) readObject;
                }
                return pKCS10CertificationRequest;
            } finally {
                try {
                    pEMParser.close();
                } catch (IOException e) {
                    log("IOException on close()", e);
                }
            }
        } catch (IOException e2) {
            log("IOException, convertPemToPublicKey", e2);
            throw new GeneralSecurityException("Parsing of CSR failed! Not PEM encoded?");
        }
    }

    void warn(String str) {
        LOGGER.warn(str);
    }

    void log(String str) {
        LOGGER.info(str);
    }

    void log(String str, Exception exc) {
        LOGGER.warn(str, exc);
    }

    void trace(String str) {
        if (this.cmpClientConfig.isVerbose()) {
            LOGGER.info(str);
        }
    }
}
