package org.cesecore.certificates.certificate.request;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Collection;
import java.util.Random;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.crmf.CertRequest;
import org.bouncycastle.jce.netscape.NetscapeCertRequest;
import org.bouncycastle.util.encoders.DecoderException;
import org.cesecore.certificates.ca.SignRequestSignatureException;
import org.cesecore.certificates.util.AlgorithmConstants;
import org.cesecore.keys.util.KeyTools;
import org.cesecore.util.Base64;
import org.cesecore.util.CertTools;
import org.cesecore.util.FileTools;
import org.ejbca.cvc.CVCAuthenticatedRequest;
import org.ejbca.cvc.CVCertificate;
import org.ejbca.cvc.CertificateParser;
import org.ejbca.cvc.exception.ConstructionException;
import org.ejbca.cvc.exception.ParseException;

/* loaded from: input_file:org/cesecore/certificates/certificate/request/RequestMessageUtils.class */
public class RequestMessageUtils {
    static final long serialVersionUID = 3597275157018205139L;
    private static final Logger log = Logger.getLogger(RequestMessageUtils.class);

    public static RequestMessage parseRequestMessage(byte[] bArr) {
        RequestMessage genCVCRequestMessage;
        try {
            genCVCRequestMessage = genPKCS10RequestMessage(bArr);
        } catch (IllegalArgumentException e) {
            log.debug("Can not parse PKCS10 request, trying CVC instead: " + e.getMessage());
            genCVCRequestMessage = genCVCRequestMessage(bArr);
        }
        return genCVCRequestMessage;
    }

    public static CertificateResponseMessage createResponseMessage(Class<? extends ResponseMessage> cls, RequestMessage requestMessage, Collection<Certificate> collection, PrivateKey privateKey, String str) {
        try {
            CertificateResponseMessage certificateResponseMessage = (CertificateResponseMessage) cls.newInstance();
            if (certificateResponseMessage.requireSignKeyInfo()) {
                certificateResponseMessage.setSignKeyInfo(collection, privateKey, str);
            }
            if (requestMessage.getSenderNonce() != null) {
                certificateResponseMessage.setRecipientNonce(requestMessage.getSenderNonce());
            }
            if (requestMessage.getTransactionId() != null) {
                certificateResponseMessage.setTransactionId(requestMessage.getTransactionId());
            }
            byte[] bArr = new byte[16];
            new Random().nextBytes(bArr);
            certificateResponseMessage.setSenderNonce(new String(Base64.encode(bArr)));
            if (requestMessage.getRequestKeyInfo() != null) {
                certificateResponseMessage.setRecipientKeyInfo(requestMessage.getRequestKeyInfo());
            }
            certificateResponseMessage.setPreferredDigestAlg(requestMessage.getPreferredDigestAlg());
            certificateResponseMessage.setIncludeCACert(requestMessage.includeCACert());
            certificateResponseMessage.setRequestType(requestMessage.getRequestType());
            certificateResponseMessage.setRequestId(requestMessage.getRequestId());
            certificateResponseMessage.setProtectionParamsFromRequest(requestMessage);
            return certificateResponseMessage;
        } catch (IllegalAccessException e) {
            log.error("Error creating response message", e);
            return null;
        } catch (InstantiationException e2) {
            log.error("Error creating response message", e2);
            return null;
        }
    }

    public static PKCS10RequestMessage genPKCS10RequestMessage(byte[] bArr) {
        byte[] decodedBytes = getDecodedBytes(bArr);
        if (decodedBytes == null) {
            return null;
        }
        return new PKCS10RequestMessage(decodedBytes);
    }

    public static CVCRequestMessage genCVCRequestMessage(byte[] bArr) {
        byte[] decodedBytes = getDecodedBytes(bArr);
        if (decodedBytes == null) {
            return null;
        }
        return new CVCRequestMessage(decodedBytes);
    }

    public static byte[] getDecodedBytes(byte[] bArr) {
        byte[] bArr2;
        try {
            bArr2 = getRequestBytes(bArr);
        } catch (IOException e) {
            log.debug("Message not base64 encoded? Trying as binary: " + e.getMessage());
            bArr2 = bArr;
        }
        return bArr2;
    }

    public static byte[] getRequestBytes(byte[] bArr) throws IOException {
        byte[] decode;
        try {
            decode = FileTools.getBytesFromPEM(bArr, CertTools.BEGIN_CERTIFICATE_REQUEST, CertTools.END_CERTIFICATE_REQUEST);
        } catch (IOException e) {
            try {
                decode = FileTools.getBytesFromPEM(bArr, CertTools.BEGIN_KEYTOOL_CERTIFICATE_REQUEST, CertTools.END_KEYTOOL_CERTIFICATE_REQUEST);
            } catch (IOException e2) {
                try {
                    decode = FileTools.getBytesFromPEM(bArr, CertTools.BEGIN_CERTIFICATE, CertTools.END_CERTIFICATE);
                } catch (IOException e3) {
                    try {
                        decode = Base64.decode(bArr);
                        if (decode == null) {
                            throw new IOException("Base64 decode of buffer returns null");
                        }
                    } catch (DecoderException e4) {
                        throw new IOException("Base64 decode fails, message not base64 encoded: " + e4.getMessage());
                    }
                }
            }
        }
        return decode;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static RequestMessage getSimpleRequestMessageFromType(String str, String str2, String str3, int i) throws SignRequestSignatureException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, IOException, SignatureException, InvalidKeySpecException, ParseException, ConstructionException, NoSuchFieldException {
        byte[] decode;
        SimpleRequestMessage simpleRequestMessage = null;
        if (i == 0) {
            PKCS10RequestMessage genPKCS10RequestMessage = genPKCS10RequestMessage(str3.getBytes());
            SimpleRequestMessage simpleRequestMessage2 = new SimpleRequestMessage(genPKCS10RequestMessage.getRequestPublicKey(), str, str2);
            simpleRequestMessage2.setRequestExtensions(genPKCS10RequestMessage.getRequestExtensions());
            simpleRequestMessage = simpleRequestMessage2;
        } else if (i == 2) {
            byte[] bytes = str3.getBytes();
            if (bytes != null) {
                if (log.isDebugEnabled()) {
                    log.debug("Received NS request: " + new String(bytes));
                }
                byte[] decode2 = Base64.decode(bytes);
                if (decode2 == null) {
                    return null;
                }
                ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(decode2));
                ASN1Sequence readObject = aSN1InputStream.readObject();
                aSN1InputStream.close();
                NetscapeCertRequest netscapeCertRequest = new NetscapeCertRequest(readObject);
                netscapeCertRequest.setChallenge("challenge");
                if (!netscapeCertRequest.verify("challenge")) {
                    if (log.isDebugEnabled()) {
                        log.debug("SPKAC POPO verification Failed");
                    }
                    throw new SignRequestSignatureException("Invalid signature in NetscapeCertRequest, popo-verification failed.");
                }
                if (log.isDebugEnabled()) {
                    log.debug("POPO verification successful");
                }
                simpleRequestMessage = new SimpleRequestMessage(netscapeCertRequest.getPublicKey(), str, str2);
            }
        } else if (i == 1) {
            ASN1InputStream aSN1InputStream2 = new ASN1InputStream(Base64.decode(str3.getBytes()));
            try {
                CertRequest certRequest = CertRequest.getInstance(aSN1InputStream2.readObject().getObjectAt(0).getObjectAt(0));
                SimpleRequestMessage simpleRequestMessage3 = new SimpleRequestMessage(KeyFactory.getInstance(AlgorithmConstants.KEYALGORITHM_RSA, "BC").generatePublic(new X509EncodedKeySpec(certRequest.getCertTemplate().getPublicKey().getEncoded())), str, str2);
                simpleRequestMessage3.setRequestExtensions(certRequest.getCertTemplate().getExtensions());
                simpleRequestMessage = simpleRequestMessage3;
                aSN1InputStream2.close();
            } catch (Throwable th) {
                aSN1InputStream2.close();
                throw th;
            }
        } else if (i == 3) {
            try {
                decode = FileTools.getBytesFromPEM(str3.getBytes(), CertTools.BEGIN_PUBLIC_KEY, CertTools.END_PUBLIC_KEY);
            } catch (IOException e) {
                try {
                    decode = Base64.decode(str3.getBytes());
                    if (decode == null) {
                        throw new IOException("Base64 decode of buffer returns null");
                    }
                } catch (DecoderException e2) {
                    throw new IOException("Base64 decode fails, message not base64 encoded: " + e2.getMessage());
                }
            }
            simpleRequestMessage = new SimpleRequestMessage(KeyTools.getPublicKeyFromBytes(decode), str, str2);
        } else if (i == 4) {
            CVCAuthenticatedRequest parseCVCObject = CertificateParser.parseCVCObject(Base64.decode(str3.getBytes()));
            CVCRequestMessage cVCRequestMessage = new CVCRequestMessage((parseCVCObject instanceof CVCAuthenticatedRequest ? parseCVCObject.getRequest() : (CVCertificate) parseCVCObject).getDEREncoded());
            cVCRequestMessage.setUsername(str);
            cVCRequestMessage.setPassword(str2);
            if (!cVCRequestMessage.verify()) {
                if (log.isDebugEnabled()) {
                    log.debug("CVC POPO verification Failed");
                }
                throw new SignRequestSignatureException("Invalid inner signature in CVCRequest, popo-verification failed.");
            }
            if (log.isDebugEnabled()) {
                log.debug("POPO verification successful");
            }
            simpleRequestMessage = cVCRequestMessage;
        }
        return simpleRequestMessage;
    }
}
