package org.ejbca.core.protocol.scep;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.cert.CRL;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Hashtable;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.smime.SMIMECapability;
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessable;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSSignedGenerator;
import org.cesecore.certificates.certificate.request.CertificateResponseMessage;
import org.cesecore.certificates.certificate.request.FailInfo;
import org.cesecore.certificates.certificate.request.RequestMessage;
import org.cesecore.certificates.certificate.request.ResponseStatus;
import org.cesecore.util.Base64;
import org.cesecore.util.CertTools;

/* loaded from: input_file:org/ejbca/core/protocol/scep/ScepResponseMessage.class */
public class ScepResponseMessage implements CertificateResponseMessage {
    static final long serialVersionUID = 2016710353393853879L;
    private static Logger log = Logger.getLogger(ScepResponseMessage.class);
    private byte[] responseMessage = null;
    private ResponseStatus status = ResponseStatus.SUCCESS;
    private FailInfo failInfo = FailInfo.BAD_REQUEST;
    private String failText = null;
    private String senderNonce = null;
    private String recipientNonce = null;
    private String transactionId = null;
    private byte[] recipientKeyInfo = null;
    private transient Certificate cert = null;
    private transient CRL crl = null;
    private transient Collection<Certificate> signCertChain = null;
    private transient Certificate caCert = null;
    private transient PrivateKey signKey = null;
    private transient String provider = "BC";
    private transient boolean includeCACert = true;
    private transient String digestAlg = CMSSignedGenerator.DIGEST_MD5;

    public void setCertificate(Certificate certificate) {
        this.cert = certificate;
    }

    public Certificate getCertificate() {
        try {
            return CertTools.getCertfromByteArray(this.cert.getEncoded());
        } catch (CertificateEncodingException e) {
            throw new Error("Could not encode certificate. This should not happen", e);
        } catch (CertificateException e2) {
            throw new Error("Response was created without containing valid certificate. This should not happen", e2);
        }
    }

    public void setCrl(CRL crl) {
        this.crl = crl;
    }

    public void setIncludeCACert(boolean z) {
        this.includeCACert = z;
    }

    public void setCACert(Certificate certificate) {
        this.caCert = certificate;
    }

    public byte[] getResponseMessage() throws CertificateEncodingException {
        return this.responseMessage;
    }

    public void setStatus(ResponseStatus responseStatus) {
        this.status = responseStatus;
    }

    public ResponseStatus getStatus() {
        return this.status;
    }

    public void setFailInfo(FailInfo failInfo) {
        this.failInfo = failInfo;
    }

    public FailInfo getFailInfo() {
        return this.failInfo;
    }

    public void setFailText(String str) {
        this.failText = str;
    }

    public String getFailText() {
        return this.failText;
    }

    public boolean create() throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException {
        CMSProcessableByteArray cMSProcessableByteArray;
        boolean z = false;
        try {
            if (this.status.equals(ResponseStatus.SUCCESS)) {
                log.debug("Creating a STATUS_OK message.");
            } else if (this.status.equals(ResponseStatus.FAILURE)) {
                log.debug("Creating a STATUS_FAILED message (or returning false).");
                if (this.failInfo.equals(FailInfo.WRONG_AUTHORITY) || this.failInfo.equals(FailInfo.INCORRECT_DATA)) {
                    return false;
                }
            } else {
                log.debug("Creating a STATUS_PENDING message.");
            }
            if (this.status.equals(ResponseStatus.SUCCESS)) {
                CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
                ArrayList arrayList = new ArrayList();
                if (this.crl != null) {
                    log.debug("Adding CRL to response message (inner signer)");
                    arrayList.add(this.crl);
                } else if (this.cert != null) {
                    log.debug("Adding certificates to response message");
                    arrayList.add(this.cert);
                    if (this.includeCACert) {
                        if (this.caCert != null) {
                            log.debug("Including explicitly set CA certificate in SCEP response.");
                            arrayList.add(this.caCert);
                        } else {
                            log.debug("Including message signer certificate in SCEP response.");
                            arrayList.add(this.signCertChain.iterator().next());
                        }
                    }
                }
                CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "BC");
                CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
                cMSSignedDataGenerator.addCertificatesAndCRLs(certStore);
                CMSSignedData generate = cMSSignedDataGenerator.generate((CMSProcessable) null, false, "BC");
                if (this.recipientKeyInfo != null) {
                    try {
                        X509Certificate x509Certificate = (X509Certificate) CertTools.getCertfromByteArray(this.recipientKeyInfo);
                        log.debug("Added recipient information - issuer: '" + CertTools.getIssuerDN(x509Certificate) + "', serno: '" + CertTools.getSerialNumberAsString(x509Certificate));
                        cMSEnvelopedDataGenerator.addKeyTransRecipient(x509Certificate);
                    } catch (CertificateParsingException e) {
                        throw new IllegalArgumentException("Can not decode recipients self signed certificate!", e);
                    }
                } else {
                    cMSEnvelopedDataGenerator.addKeyTransRecipient((X509Certificate) this.cert);
                }
                try {
                    CMSEnvelopedData generate2 = cMSEnvelopedDataGenerator.generate(new CMSProcessableByteArray(generate.getEncoded()), SMIMECapability.dES_CBC.getId(), "BC");
                    log.debug("Enveloped data is " + generate2.getEncoded().length + " bytes long");
                    cMSProcessableByteArray = new CMSProcessableByteArray(generate2.getEncoded());
                } catch (IOException e2) {
                    throw new IllegalStateException("Unexpected IOException caught", e2);
                }
            } else {
                cMSProcessableByteArray = new CMSProcessableByteArray(new byte[0]);
            }
            CMSSignedDataGenerator cMSSignedDataGenerator2 = new CMSSignedDataGenerator();
            Hashtable hashtable = new Hashtable();
            Attribute attribute = new Attribute(new ASN1ObjectIdentifier(ScepRequestMessage.id_messageType), new DERSet(new DERPrintableString("3")));
            hashtable.put(attribute.getAttrType(), attribute);
            if (this.transactionId != null) {
                ASN1ObjectIdentifier aSN1ObjectIdentifier = new ASN1ObjectIdentifier(ScepRequestMessage.id_transId);
                log.debug("Added transactionId: " + this.transactionId);
                Attribute attribute2 = new Attribute(aSN1ObjectIdentifier, new DERSet(new DERPrintableString(this.transactionId)));
                hashtable.put(attribute2.getAttrType(), attribute2);
            }
            Attribute attribute3 = new Attribute(new ASN1ObjectIdentifier(ScepRequestMessage.id_pkiStatus), new DERSet(new DERPrintableString(this.status.getStringValue())));
            hashtable.put(attribute3.getAttrType(), attribute3);
            if (this.status.equals(ResponseStatus.FAILURE)) {
                ASN1ObjectIdentifier aSN1ObjectIdentifier2 = new ASN1ObjectIdentifier(ScepRequestMessage.id_failInfo);
                log.debug("Added failInfo: " + this.failInfo.getValue());
                Attribute attribute4 = new Attribute(aSN1ObjectIdentifier2, new DERSet(new DERPrintableString(this.failInfo.getValue())));
                hashtable.put(attribute4.getAttrType(), attribute4);
            }
            if (this.senderNonce != null) {
                ASN1ObjectIdentifier aSN1ObjectIdentifier3 = new ASN1ObjectIdentifier(ScepRequestMessage.id_senderNonce);
                log.debug("Added senderNonce: " + this.senderNonce);
                Attribute attribute5 = new Attribute(aSN1ObjectIdentifier3, new DERSet(new DEROctetString(Base64.decode(this.senderNonce.getBytes()))));
                hashtable.put(attribute5.getAttrType(), attribute5);
            }
            if (this.recipientNonce != null) {
                ASN1ObjectIdentifier aSN1ObjectIdentifier4 = new ASN1ObjectIdentifier(ScepRequestMessage.id_recipientNonce);
                log.debug("Added recipientNonce: " + this.recipientNonce);
                Attribute attribute6 = new Attribute(aSN1ObjectIdentifier4, new DERSet(new DEROctetString(Base64.decode(this.recipientNonce.getBytes()))));
                hashtable.put(attribute6.getAttrType(), attribute6);
            }
            Certificate next = this.signCertChain.iterator().next();
            log.debug("Signing SCEP message with cert: " + CertTools.getSubjectDN(next));
            cMSSignedDataGenerator2.addSigner(this.signKey, (X509Certificate) next, this.digestAlg, new AttributeTable(hashtable), (AttributeTable) null);
            try {
                this.responseMessage = cMSSignedDataGenerator2.generate(cMSProcessableByteArray, true, this.provider).getEncoded();
                if (this.responseMessage != null) {
                    z = true;
                }
            } catch (IOException e3) {
                throw new IllegalStateException("Unexpected IOException caught.", e3);
            }
        } catch (CMSException e4) {
            log.error("Error creating CMS message: ", e4);
        } catch (InvalidAlgorithmParameterException e5) {
            log.error("Error creating CertStore: ", e5);
        } catch (CertStoreException e6) {
            log.error("Error creating CertStore: ", e6);
        }
        return z;
    }

    public boolean requireSignKeyInfo() {
        return true;
    }

    public void setSignKeyInfo(Collection<Certificate> collection, PrivateKey privateKey, String str) {
        this.signCertChain = collection;
        this.signKey = privateKey;
        if (str != null) {
            this.provider = str;
        }
    }

    public void setSenderNonce(String str) {
        this.senderNonce = str;
    }

    public void setRecipientNonce(String str) {
        this.recipientNonce = str;
    }

    public void setTransactionId(String str) {
        this.transactionId = str;
    }

    public void setRecipientKeyInfo(byte[] bArr) {
        this.recipientKeyInfo = bArr;
    }

    public void setPreferredDigestAlg(String str) {
        this.digestAlg = str;
    }

    public void setRequestType(int i) {
    }

    public void setRequestId(int i) {
    }

    public void setProtectionParamsFromRequest(RequestMessage requestMessage) {
    }
}
