package org.jscep.transaction;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.CertStore;
import java.security.cert.X509Certificate;
import java.util.logging.Logger;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.cms.CMSSignedData;
import org.jscep.asn1.IssuerAndSubject;
import org.jscep.content.CertRepContentHandler;
import org.jscep.message.CertRep;
import org.jscep.message.GetCertInitial;
import org.jscep.message.PKCSReq;
import org.jscep.message.PkiMessage;
import org.jscep.message.PkiMessageDecoder;
import org.jscep.message.PkiMessageEncoder;
import org.jscep.pkcs7.SignedDataUtil;
import org.jscep.transaction.Transaction;
import org.jscep.transport.Transport;
import org.jscep.util.LoggingUtil;
import org.jscep.x509.X509Util;

/* loaded from: input_file:org/jscep/transaction/EnrollmentTransaction.class */
public class EnrollmentTransaction extends Transaction {
    private final TransactionId transId;
    private final PKCSReq request;
    private static NonceQueue QUEUE = new NonceQueue(20);
    private static Logger LOGGER = LoggingUtil.getLogger((Class<?>) EnrollmentTransaction.class);

    public EnrollmentTransaction(PkiMessageEncoder pkiMessageEncoder, PkiMessageDecoder pkiMessageDecoder, CertificationRequest certificationRequest) throws IOException {
        super(pkiMessageEncoder, pkiMessageDecoder);
        this.transId = TransactionId.createTransactionId(X509Util.getPublicKey(certificationRequest), "SHA-1");
        this.request = new PKCSReq(this.transId, Nonce.nextNonce(), certificationRequest);
    }

    @Override // org.jscep.transaction.Transaction
    public TransactionId getId() {
        return this.transId;
    }

    @Override // org.jscep.transaction.Transaction
    public Transaction.State send(Transport transport) throws IOException {
        CertRep certRep = (CertRep) this.decoder.decode((CMSSignedData) transport.sendRequest(new org.jscep.request.PKCSReq(this.encoder.encode(this.request), new CertRepContentHandler())));
        validateExchange(this.request, certRep);
        if (certRep.getPkiStatus() == PkiStatus.FAILURE) {
            this.failInfo = certRep.getFailInfo();
            this.state = Transaction.State.CERT_NON_EXISTANT;
        } else if (certRep.getPkiStatus() == PkiStatus.SUCCESS) {
            this.certStore = extractCertStore(certRep);
            this.state = Transaction.State.CERT_ISSUED;
        } else {
            this.state = Transaction.State.CERT_REQ_PENDING;
        }
        return this.state;
    }

    public Transaction.State poll(Transport transport, X509Certificate x509Certificate) throws IOException {
        CertRep certRep = (CertRep) this.decoder.decode((CMSSignedData) transport.sendRequest(new org.jscep.request.PKCSReq(this.encoder.encode(new GetCertInitial(this.transId, Nonce.nextNonce(), new IssuerAndSubject(X509Util.toX509Name(x509Certificate.getIssuerX500Principal()), ((CertificationRequest) this.request.getMessageData()).getCertificationRequestInfo().getSubject()))), new CertRepContentHandler())));
        validateExchange(this.request, certRep);
        if (certRep.getPkiStatus() == PkiStatus.FAILURE) {
            this.failInfo = certRep.getFailInfo();
            this.state = Transaction.State.CERT_NON_EXISTANT;
        } else if (certRep.getPkiStatus() == PkiStatus.SUCCESS) {
            this.certStore = extractCertStore(certRep);
            this.state = Transaction.State.CERT_ISSUED;
        } else {
            this.state = Transaction.State.CERT_REQ_PENDING;
        }
        return this.state;
    }

    private CertStore extractCertStore(CertRep certRep) throws IOException {
        try {
            return SignedDataUtil.extractCertStore(certRep.getMessageData());
        } catch (GeneralSecurityException e) {
            IOException iOException = new IOException(e);
            LOGGER.throwing(getClass().getName(), "getContent", iOException);
            throw iOException;
        }
    }

    private void validateExchange(PkiMessage<?> pkiMessage, CertRep certRep) throws IOException {
        if (!certRep.getTransactionId().equals(pkiMessage.getTransactionId())) {
            IOException iOException = new IOException("Transaction ID Mismatch");
            LOGGER.throwing(getClass().getName(), "validateResponse", iOException);
            throw iOException;
        }
        if (!certRep.getRecipientNonce().equals(pkiMessage.getSenderNonce())) {
            InvalidNonceException invalidNonceException = new InvalidNonceException("Response recipient nonce and request sender nonce are not equal");
            LOGGER.throwing(getClass().getName(), "validateResponse", invalidNonceException);
            throw invalidNonceException;
        }
        if (!QUEUE.contains(certRep.getSenderNonce())) {
            QUEUE.offer(certRep.getSenderNonce());
        } else {
            InvalidNonceException invalidNonceException2 = new InvalidNonceException("This nonce has been encountered before.  Possible replay attack?");
            LOGGER.throwing(getClass().getName(), "validateResponse", invalidNonceException2);
            throw invalidNonceException2;
        }
    }
}
