package org.ejbca.core.model.ca.caadmin.extendedcaservices;

import java.io.Serializable;
import java.security.KeyPair;
import java.util.HashMap;
import java.util.LinkedHashMap;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.bouncycastle.cms.CMSException;
import org.cesecore.certificates.ca.CA;
import org.cesecore.certificates.ca.extendedservices.ExtendedCAService;
import org.cesecore.certificates.ca.extendedservices.ExtendedCAServiceInfo;
import org.cesecore.certificates.ca.extendedservices.ExtendedCAServiceNotActiveException;
import org.cesecore.certificates.ca.extendedservices.ExtendedCAServiceRequest;
import org.cesecore.certificates.ca.extendedservices.ExtendedCAServiceRequestException;
import org.cesecore.certificates.ca.extendedservices.ExtendedCAServiceResponse;
import org.cesecore.certificates.ca.extendedservices.IllegalExtendedCAServiceRequestException;
import org.cesecore.keys.token.CryptoToken;
import org.cesecore.keys.util.KeyTools;
import org.cesecore.util.Base64;
import org.cesecore.util.CryptoProviderTools;
import org.ejbca.core.model.InternalEjbcaResources;

/* loaded from: input_file:org/ejbca/core/model/ca/caadmin/extendedcaservices/KeyRecoveryCAService.class */
public class KeyRecoveryCAService extends ExtendedCAService implements Serializable {
    private static final long serialVersionUID = 2400252746958812175L;
    private static Logger log = Logger.getLogger(KeyRecoveryCAService.class);
    private static final InternalEjbcaResources intres = InternalEjbcaResources.getInstance();
    public static final float LATEST_VERSION = 1.0f;
    public static final String SERVICENAME = "KEYRECOVERYCASERVICE";

    public KeyRecoveryCAService(ExtendedCAServiceInfo extendedCAServiceInfo) {
        super(extendedCAServiceInfo);
        if (log.isDebugEnabled()) {
            log.debug("KeyRecoveryCAService : constructor " + extendedCAServiceInfo.getStatus());
        }
        CryptoProviderTools.installBCProviderIfNotAvailable();
        this.data = new LinkedHashMap();
        this.data.put("IMPLCLASS", getClass().getName());
        this.data.put("extendedcaservicetype", 5);
        this.data.put("version", new Float(1.0f));
        setStatus(extendedCAServiceInfo.getStatus());
    }

    public KeyRecoveryCAService(HashMap<?, ?> hashMap) {
        super(hashMap);
        CryptoProviderTools.installBCProviderIfNotAvailable();
        loadData(hashMap);
    }

    public void init(CryptoToken cryptoToken, CA ca) throws Exception {
        if (log.isDebugEnabled()) {
            log.debug("KeyRecoveryCAService : init ");
        }
        setCA(ca);
        setStatus(getExtendedCAServiceInfo().getStatus());
    }

    public void update(CryptoToken cryptoToken, ExtendedCAServiceInfo extendedCAServiceInfo, CA ca) {
        if (log.isDebugEnabled()) {
            log.debug("KeyRecoveryCAService : update " + extendedCAServiceInfo.getStatus());
        }
        setStatus(extendedCAServiceInfo.getStatus());
        setCA(ca);
    }

    public ExtendedCAServiceResponse extendedService(CryptoToken cryptoToken, ExtendedCAServiceRequest extendedCAServiceRequest) throws ExtendedCAServiceRequestException, IllegalExtendedCAServiceRequestException, ExtendedCAServiceNotActiveException {
        KeyRecoveryCAServiceResponse keyRecoveryCAServiceResponse;
        KeyPair decryptKeys;
        if (log.isTraceEnabled()) {
            log.trace(">extendedService");
        }
        if (getStatus() != 2) {
            String localizedMessage = intres.getLocalizedMessage("caservice.notactive", "KeyRecovery");
            log.error(localizedMessage);
            throw new ExtendedCAServiceNotActiveException(localizedMessage);
        }
        if (!(extendedCAServiceRequest instanceof KeyRecoveryCAServiceRequest)) {
            throw new IllegalExtendedCAServiceRequestException("Not a KeyRecoveryCAServiceRequest: " + extendedCAServiceRequest.getClass().getName());
        }
        KeyRecoveryCAServiceRequest keyRecoveryCAServiceRequest = (KeyRecoveryCAServiceRequest) extendedCAServiceRequest;
        if (keyRecoveryCAServiceRequest.getCommand() == 1) {
            try {
                String aliasFromPurpose = getCa().getCAToken().getAliasFromPurpose(3);
                if (log.isDebugEnabled()) {
                    log.debug("Encrypting using alias '" + aliasFromPurpose + "' from crypto token " + cryptoToken.getId());
                }
                String str = null;
                try {
                    str = new String(Base64.encode(KeyTools.createSubjectKeyId(cryptoToken.getPublicKey(aliasFromPurpose)).getKeyIdentifier(), false));
                } catch (Exception e) {
                    log.warn("Error creating subjectKeyId for key recovery, cryptoToken: " + cryptoToken.getId() + ", keyAlias: " + aliasFromPurpose, e);
                }
                keyRecoveryCAServiceResponse = new KeyRecoveryCAServiceResponse(1, getCa().encryptKeys(cryptoToken, aliasFromPurpose, keyRecoveryCAServiceRequest.getKeyPair()), cryptoToken.getId(), aliasFromPurpose, str);
            } catch (Exception e2) {
                throw new IllegalExtendedCAServiceRequestException(e2);
            } catch (CMSException e3) {
                log.error("encrypt:", e3.getUnderlyingException());
                throw new IllegalExtendedCAServiceRequestException(e3);
            }
        } else {
            if (keyRecoveryCAServiceRequest.getCommand() != 2) {
                throw new IllegalExtendedCAServiceRequestException("Illegal command: " + keyRecoveryCAServiceRequest.getCommand());
            }
            try {
                String keyAlias = keyRecoveryCAServiceRequest.getKeyAlias();
                String aliasFromPurpose2 = getCa().getCAToken().getAliasFromPurpose(3);
                if (StringUtils.isEmpty(keyAlias)) {
                    keyAlias = aliasFromPurpose2;
                }
                try {
                    if (log.isDebugEnabled()) {
                        log.debug("Trying to decrypt using alias '" + keyAlias + "' from crypto token " + cryptoToken.getId());
                    }
                    decryptKeys = getCa().decryptKeys(cryptoToken, keyAlias, keyRecoveryCAServiceRequest.getKeyData());
                } catch (Exception e4) {
                    if (log.isDebugEnabled()) {
                        log.debug("Decryption with alias '" + keyAlias + "' failed, trying defaultAlias: ", e4);
                    }
                    if (StringUtils.equals(keyAlias, aliasFromPurpose2)) {
                        throw e4;
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("Trying to decrypt using default alias '" + aliasFromPurpose2 + "' from crypto token " + cryptoToken.getId());
                    }
                    decryptKeys = getCa().decryptKeys(cryptoToken, aliasFromPurpose2, keyRecoveryCAServiceRequest.getKeyData());
                }
                String str2 = null;
                try {
                    str2 = new String(Base64.encode(KeyTools.createSubjectKeyId(cryptoToken.getPublicKey(keyAlias)).getKeyIdentifier(), false));
                } catch (Exception e5) {
                    log.warn("Error creating subjectKeyId for key recovery, cryptoToken: " + cryptoToken.getId() + ", keyAlias: " + keyAlias, e5);
                }
                keyRecoveryCAServiceResponse = new KeyRecoveryCAServiceResponse(1, decryptKeys, cryptoToken.getId(), keyAlias, str2);
            } catch (Exception e6) {
                throw new IllegalExtendedCAServiceRequestException(e6);
            } catch (CMSException e7) {
                log.error("decrypt:", e7.getUnderlyingException());
                throw new IllegalExtendedCAServiceRequestException(e7);
            } catch (RuntimeException e8) {
                throw e8;
            }
        }
        if (log.isTraceEnabled()) {
            log.trace("<extendedService");
        }
        return keyRecoveryCAServiceResponse;
    }

    public float getLatestVersion() {
        return 1.0f;
    }

    public void upgrade() {
        if (Float.compare(1.0f, getVersion()) != 0) {
            log.info(intres.getLocalizedMessage("caservice.upgrade", new Float(getVersion())));
            this.data.put("version", new Float(1.0f));
        }
    }

    public ExtendedCAServiceInfo getExtendedCAServiceInfo() {
        return new KeyRecoveryCAServiceInfo(getStatus());
    }
}
