package org.ejbca.core.protocol.scep;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Enumeration;
import java.util.Iterator;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.EnvelopedData;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import org.bouncycastle.asn1.cms.RecipientInfo;
import org.bouncycastle.asn1.cms.SignedData;
import org.bouncycastle.asn1.cms.SignerInfo;
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedGenerator;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest;
import org.cesecore.certificates.certificate.request.PKCS10RequestMessage;
import org.cesecore.certificates.certificate.request.RequestMessage;
import org.cesecore.util.Base64;
import org.cesecore.util.CertTools;

/* loaded from: input_file:org/ejbca/core/protocol/scep/ScepRequestMessage.class */
public class ScepRequestMessage extends PKCS10RequestMessage implements RequestMessage {
    static final long serialVersionUID = -235623330828902051L;
    public static final String id_Verisign = "2.16.840.1.113733";
    public static final String id_pki = "2.16.840.1.113733.1";
    public static final String id_attributes = "2.16.840.1.113733.1.9";
    public static final String id_messageType = "2.16.840.1.113733.1.9.2";
    public static final String id_pkiStatus = "2.16.840.1.113733.1.9.3";
    public static final String id_failInfo = "2.16.840.1.113733.1.9.4";
    public static final String id_senderNonce = "2.16.840.1.113733.1.9.5";
    public static final String id_recipientNonce = "2.16.840.1.113733.1.9.6";
    public static final String id_transId = "2.16.840.1.113733.1.9.7";
    public static final String id_extensionReq = "2.16.840.1.113733.1.9.8";
    private byte[] scepmsg;
    private int messageType = 0;
    private String senderNonce = null;
    private String transactionId = null;
    private byte[] requestKeyInfo = null;
    private int error = 0;
    private String errorText = null;
    private transient String issuerDN = null;
    private transient BigInteger serialNo = null;
    private transient SignedData sd = null;
    private transient EnvelopedData envData = null;
    private transient ContentInfo envEncData = null;
    private transient PrivateKey privateKey = null;
    private transient String jceProvider = "BC";
    private transient IssuerAndSerialNumber issuerAndSerno = null;
    private transient String preferredDigestAlg = CMSSignedGenerator.DIGEST_MD5;
    private transient Certificate signercert;
    private static Logger log = Logger.getLogger(ScepRequestMessage.class);
    public static int SCEP_TYPE_PKCSREQ = 19;
    public static int SCEP_TYPE_GETCERTINITIAL = 20;
    public static int SCEP_TYPE_GETCRL = 22;
    public static int SCEP_TYPE_GETCERT = 21;

    public ScepRequestMessage(byte[] bArr, boolean z) throws IOException {
        if (log.isTraceEnabled()) {
            log.trace(">ScepRequestMessage");
        }
        this.scepmsg = bArr;
        this.includeCACert = z;
        init();
        if (log.isTraceEnabled()) {
            log.trace("<ScepRequestMessage");
        }
    }

    private void init() throws IOException {
        ASN1Encodable objectAt;
        if (log.isTraceEnabled()) {
            log.trace(">init");
        }
        try {
            Iterator it = new CMSSignedData(this.scepmsg).getSignerInfos().getSigners().iterator();
            if (it.hasNext()) {
                this.preferredDigestAlg = ((SignerInformation) it.next()).getDigestAlgOID();
                log.debug("Set " + this.preferredDigestAlg + " as preferred digest algorithm for SCEP");
            }
        } catch (CMSException e) {
            log.error("CMSException trying to get preferred digest algorithm: ", e);
        }
        ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(this.scepmsg));
        try {
            ASN1Sequence readObject = aSN1InputStream.readObject();
            aSN1InputStream.close();
            ContentInfo contentInfo = new ContentInfo(readObject);
            String id = contentInfo.getContentType().getId();
            if (id.equals(CMSObjectIdentifiers.signedData.getId())) {
                this.sd = SignedData.getInstance(contentInfo.getContent());
                ASN1Set certificates = this.sd.getCertificates();
                if (certificates.size() > 0 && (objectAt = certificates.getObjectAt(0)) != null) {
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    new DEROutputStream(byteArrayOutputStream).writeObject(objectAt);
                    if (byteArrayOutputStream.size() > 0) {
                        this.requestKeyInfo = byteArrayOutputStream.toByteArray();
                        try {
                            this.signercert = CertTools.getCertfromByteArray(this.requestKeyInfo);
                            if (log.isDebugEnabled()) {
                                log.debug("requestKeyInfo is SubjectDN: " + CertTools.getSubjectDN(this.signercert) + ", Serial=" + CertTools.getSerialNumberAsString(this.signercert) + "; IssuerDN: " + CertTools.getIssuerDN(this.signercert).toString());
                            }
                        } catch (CertificateException e2) {
                            log.error("Error parsing requestKeyInfo : ", e2);
                        }
                    }
                }
                Enumeration objects = this.sd.getSignerInfos().getObjects();
                if (objects.hasMoreElements()) {
                    Enumeration objects2 = new SignerInfo((ASN1Sequence) objects.nextElement()).getAuthenticatedAttributes().getObjects();
                    while (objects2.hasMoreElements()) {
                        Attribute attribute = Attribute.getInstance((ASN1Sequence) objects2.nextElement());
                        if (log.isDebugEnabled()) {
                            log.debug("Found attribute: " + attribute.getAttrType().getId());
                        }
                        if (attribute.getAttrType().getId().equals(id_senderNonce)) {
                            this.senderNonce = new String(Base64.encode(ASN1OctetString.getInstance(attribute.getAttrValues().getObjects().nextElement()).getOctets(), false));
                            if (log.isDebugEnabled()) {
                                log.debug("senderNonce = " + this.senderNonce);
                            }
                        }
                        if (attribute.getAttrType().getId().equals(id_transId)) {
                            this.transactionId = DERPrintableString.getInstance(attribute.getAttrValues().getObjects().nextElement()).getString();
                            if (log.isDebugEnabled()) {
                                log.debug("transactionId = " + this.transactionId);
                            }
                        }
                        if (attribute.getAttrType().getId().equals(id_messageType)) {
                            this.messageType = Integer.parseInt(DERPrintableString.getInstance(attribute.getAttrValues().getObjects().nextElement()).getString());
                            if (log.isDebugEnabled()) {
                                log.debug("messagetype = " + this.messageType);
                            }
                        }
                    }
                }
                if (this.messageType == SCEP_TYPE_PKCSREQ || this.messageType == SCEP_TYPE_GETCRL || this.messageType == SCEP_TYPE_GETCERTINITIAL) {
                    ContentInfo encapContentInfo = this.sd.getEncapContentInfo();
                    String id2 = encapContentInfo.getContentType().getId();
                    if (id2.equals(CMSObjectIdentifiers.data.getId())) {
                        ASN1OctetString content = encapContentInfo.getContent();
                        if (log.isDebugEnabled()) {
                            log.debug("envelopedData is " + content.getOctets().length + " bytes.");
                        }
                        aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(content.getOctets()));
                        try {
                            ASN1Sequence readObject2 = aSN1InputStream.readObject();
                            aSN1InputStream.close();
                            this.envEncData = new ContentInfo(readObject2);
                            String id3 = this.envEncData.getContentType().getId();
                            if (id3.equals(CMSObjectIdentifiers.envelopedData.getId())) {
                                this.envData = new EnvelopedData(this.envEncData.getContent());
                                Enumeration objects3 = this.envData.getRecipientInfos().getObjects();
                                while (objects3.hasMoreElements()) {
                                    IssuerAndSerialNumber issuerAndSerialNumber = IssuerAndSerialNumber.getInstance(KeyTransRecipientInfo.getInstance(RecipientInfo.getInstance(objects3.nextElement()).getInfo()).getRecipientIdentifier().getId());
                                    this.issuerDN = issuerAndSerialNumber.getName().toString();
                                    this.serialNo = issuerAndSerialNumber.getSerialNumber().getValue();
                                    if (log.isDebugEnabled()) {
                                        log.debug("IssuerDN: " + this.issuerDN);
                                        log.debug("SerialNumber: " + issuerAndSerialNumber.getSerialNumber().getValue().toString(16));
                                    }
                                }
                            } else {
                                this.errorText = "EncapsulatedContentInfo does not contain PKCS7 envelopedData: ";
                                log.error(this.errorText + id3);
                                this.error = 2;
                            }
                        } finally {
                        }
                    } else {
                        this.errorText = "EncapsulatedContentInfo is not of type 'data': ";
                        log.error(this.errorText + id2);
                        this.error = 3;
                    }
                } else {
                    this.errorText = "This is not a certification request!";
                    log.error(this.errorText);
                    this.error = 4;
                }
            } else {
                this.errorText = "PKCSReq does not contain 'signedData': ";
                log.error(this.errorText + id);
                this.error = 1;
            }
            log.trace("<init");
        } finally {
        }
    }

    private void decrypt() throws CMSException, NoSuchProviderException, GeneralSecurityException, IOException {
        if (log.isTraceEnabled()) {
            log.trace(">decrypt");
        }
        if (this.privateKey == null) {
            this.errorText = "Need private key to decrypt!";
            this.error = 5;
            log.error(this.errorText);
            return;
        }
        if (this.envEncData == null) {
            this.errorText = "No enveloped data to decrypt!";
            this.error = 6;
            log.error(this.errorText);
            return;
        }
        Iterator it = new CMSEnvelopedData(this.envEncData).getRecipientInfos().getRecipients().iterator();
        byte[] bArr = null;
        if (it.hasNext()) {
            RecipientInformation recipientInformation = (RecipientInformation) it.next();
            if (log.isDebugEnabled()) {
                log.debug("Privatekey : " + this.privateKey.getAlgorithm());
            }
            JceKeyTransEnvelopedRecipient jceKeyTransEnvelopedRecipient = new JceKeyTransEnvelopedRecipient(this.privateKey);
            jceKeyTransEnvelopedRecipient.setProvider(this.jceProvider);
            jceKeyTransEnvelopedRecipient.setContentProvider("BC");
            bArr = recipientInformation.getContent(jceKeyTransEnvelopedRecipient);
        }
        if (this.messageType == SCEP_TYPE_PKCSREQ) {
            this.pkcs10 = new JcaPKCS10CertificationRequest(bArr);
            if (log.isDebugEnabled()) {
                log.debug("Successfully extracted PKCS10:" + new String(Base64.encode(this.pkcs10.getEncoded())));
            }
        }
        if (this.messageType == SCEP_TYPE_GETCRL) {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(bArr));
            try {
                ASN1Primitive readObject = aSN1InputStream.readObject();
                aSN1InputStream.close();
                this.issuerAndSerno = IssuerAndSerialNumber.getInstance(readObject);
                log.debug("Successfully extracted IssuerAndSerialNumber.");
            } catch (Throwable th) {
                aSN1InputStream.close();
                throw th;
            }
        }
        if (log.isTraceEnabled()) {
            log.trace("<decrypt");
        }
    }

    public PublicKey getRequestPublicKey() {
        if (log.isTraceEnabled()) {
            log.trace(">getRequestPublicKey()");
        }
        PublicKey publicKey = null;
        try {
            if (this.envData == null) {
                init();
                decrypt();
            }
            publicKey = super.getRequestPublicKey();
        } catch (CMSException e) {
            log.error("Error in PKCS7:", e);
        } catch (IOException e2) {
            log.error("PKCS7 not inited!");
        } catch (GeneralSecurityException e3) {
            log.error("Error in PKCS7:", e3);
        }
        if (log.isTraceEnabled()) {
            log.trace("<getRequestPublicKey()");
        }
        return publicKey;
    }

    public String getRequestAltNames() {
        if (log.isTraceEnabled()) {
            log.trace(">getRequestAltNames()");
        }
        String str = null;
        try {
            if (this.envData == null) {
                init();
                decrypt();
            }
            str = super.getRequestAltNames();
        } catch (CMSException e) {
            log.error("Error in PKCS7:", e);
        } catch (IOException e2) {
            log.error("PKCS7 not inited!");
        } catch (GeneralSecurityException e3) {
            log.error("Error in PKCS7:", e3);
        }
        if (log.isTraceEnabled()) {
            log.trace("<getRequestAltNames()");
        }
        return str;
    }

    public boolean verify() {
        if (log.isTraceEnabled()) {
            log.trace(">verify()");
        }
        boolean z = false;
        try {
            if (this.pkcs10 == null) {
                init();
                decrypt();
            }
            z = super.verify();
        } catch (CMSException e) {
            log.error("Error in PKCS7:", e);
        } catch (IOException e2) {
            log.error("PKCS7 not inited!");
        } catch (GeneralSecurityException e3) {
            log.error("Error in PKCS7:", e3);
        }
        if (log.isTraceEnabled()) {
            log.trace("<verify()");
        }
        return z;
    }

    public String getPassword() {
        if (log.isTraceEnabled()) {
            log.trace(">getPassword()");
        }
        String str = null;
        try {
            if (this.pkcs10 == null) {
                init();
                decrypt();
            }
            str = super.getPassword();
        } catch (CMSException e) {
            log.error("Error in PKCS7:", e);
        } catch (IOException e2) {
            log.error("PKCS7 not inited!");
        } catch (GeneralSecurityException e3) {
            log.error("Error in PKCS7:", e3);
        }
        if (log.isTraceEnabled()) {
            log.trace("<getPassword()");
        }
        return str;
    }

    public String getUsername() {
        if (log.isTraceEnabled()) {
            log.trace(">getUsername()");
        }
        String str = null;
        try {
            if (this.pkcs10 == null) {
                init();
                decrypt();
            }
            str = super.getUsername();
            if (str == null) {
                String partFromDN = CertTools.getPartFromDN(getRequestDN(), "SN");
                if (partFromDN == null) {
                    log.error("No SN in DN: " + getRequestDN());
                    return null;
                }
                int indexOf = partFromDN.indexOf(32);
                str = partFromDN;
                if (indexOf > 0) {
                    str = partFromDN.substring(0, indexOf);
                } else {
                    int indexOf2 = partFromDN.indexOf(43);
                    if (indexOf2 > 0) {
                        str = partFromDN.substring(0, indexOf2);
                    }
                }
            }
        } catch (GeneralSecurityException e) {
            log.error("Error in PKCS7:", e);
        } catch (CMSException e2) {
            log.error("Error in PKCS7:", e2);
        } catch (IOException e3) {
            log.error("PKCS7 not inited!");
        }
        if (log.isTraceEnabled()) {
            log.trace("<getUsername(): " + str);
        }
        return str;
    }

    public String getIssuerDN() {
        if (log.isTraceEnabled()) {
            log.trace(">getIssuerDN()");
        }
        String str = null;
        try {
            if (this.envData == null) {
                init();
            }
            str = this.issuerDN;
        } catch (IOException e) {
            log.error("PKCS7 not inited!");
        }
        if (log.isTraceEnabled()) {
            log.trace("<getIssuerDN(): " + str);
        }
        return str;
    }

    public BigInteger getSerialNo() {
        if (log.isTraceEnabled()) {
            log.trace(">getSerialNo()");
        }
        getIssuerDN();
        return this.serialNo;
    }

    public String getCRLIssuerDN() {
        if (log.isTraceEnabled()) {
            log.trace(">getCRLIssuerDN()");
        }
        String str = null;
        try {
            if (this.issuerAndSerno == null) {
                init();
                decrypt();
            }
            str = CertTools.stringToBCDNString(this.issuerAndSerno.getName().toString());
        } catch (GeneralSecurityException e) {
            log.error("Error in PKCS7:", e);
        } catch (CMSException e2) {
            log.error("Error in PKCS7:", e2);
        } catch (IOException e3) {
            log.error("PKCS7 not inited!");
        }
        if (log.isTraceEnabled()) {
            log.trace("<getCRLIssuerDN(): " + str);
        }
        return str;
    }

    public BigInteger getCRLSerialNo() {
        if (log.isTraceEnabled()) {
            log.trace(">getCRLSerialNo()");
        }
        BigInteger bigInteger = null;
        try {
            if (this.issuerAndSerno == null) {
                init();
                decrypt();
            }
            bigInteger = this.issuerAndSerno.getSerialNumber().getValue();
        } catch (IOException e) {
            log.error("PKCS7 not inited!");
        } catch (CMSException e2) {
            log.error("Error in PKCS7:", e2);
        } catch (GeneralSecurityException e3) {
            log.error("Error in PKCS7:", e3);
        }
        if (log.isTraceEnabled()) {
            log.trace("<getCRLSerialNo(): " + bigInteger);
        }
        return bigInteger;
    }

    public String getRequestDN() {
        if (log.isTraceEnabled()) {
            log.trace(">getRequestDN()");
        }
        String str = null;
        try {
            if (this.pkcs10 == null) {
                init();
                decrypt();
            }
            str = super.getRequestDN();
        } catch (CMSException e) {
            log.error("Error in PKCS7:", e);
        } catch (IOException e2) {
            log.error("PKCS7 not inited!");
        } catch (GeneralSecurityException e3) {
            log.error("Error in PKCS7:", e3);
        }
        if (log.isTraceEnabled()) {
            log.trace("<getRequestDN(): " + str);
        }
        return str;
    }

    public boolean requireKeyInfo() {
        return true;
    }

    public void setKeyInfo(Certificate certificate, PrivateKey privateKey, String str) {
        this.privateKey = privateKey;
        if (str == null) {
            this.jceProvider = "BC";
        } else {
            this.jceProvider = str;
        }
    }

    public int getErrorNo() {
        return this.error;
    }

    public String getErrorText() {
        return this.errorText;
    }

    public String getSenderNonce() {
        return this.senderNonce;
    }

    public String getTransactionId() {
        return this.transactionId;
    }

    public byte[] getRequestKeyInfo() {
        return this.requestKeyInfo;
    }

    public String getPreferredDigestAlg() {
        return this.preferredDigestAlg;
    }

    public int getMessageType() {
        return this.messageType;
    }

    public Certificate getSignerCert() {
        return this.signercert;
    }
}
