package com.google.code.jscep.transaction;

import com.google.code.jscep.PKIOperationFailureException;
import com.google.code.jscep.operations.DelayablePKIOperation;
import com.google.code.jscep.operations.GetCertInitial;
import com.google.code.jscep.operations.PKIOperation;
import com.google.code.jscep.pkcs7.MessageData;
import com.google.code.jscep.pkcs7.PkiMessage;
import com.google.code.jscep.pkcs7.PkiMessageGenerator;
import com.google.code.jscep.pkcs7.SignedDataParser;
import com.google.code.jscep.pkcs7.SignedDataUtil;
import com.google.code.jscep.request.PKCSReq;
import com.google.code.jscep.transport.Transport;
import com.google.code.jscep.util.LoggingUtil;
import com.google.code.jscep.x509.X509Util;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.cert.CertStore;
import java.security.cert.X509Certificate;
import java.util.logging.Logger;
import org.bouncycastle.asn1.DEREncodable;

/* loaded from: input_file:com/google/code/jscep/transaction/Transaction.class */
public class Transaction {
    private static NonceQueue QUEUE = new NonceQueue(20);
    private static Logger LOGGER = LoggingUtil.getLogger("com.google.code.jscep.transaction");
    private final KeyPair keyPair;
    private final Transport transport;
    private final PkiMessageGenerator msgGenerator;
    private final X509Certificate issuer;
    private final X509Certificate subject;
    private final String digestAlgorithm;
    private final TransactionId transId;

    /* JADX INFO: Access modifiers changed from: package-private */
    public Transaction(Transport transport, KeyPair keyPair, PkiMessageGenerator pkiMessageGenerator, String str, X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        this.transport = transport;
        this.keyPair = keyPair;
        this.digestAlgorithm = str;
        this.msgGenerator = pkiMessageGenerator;
        this.issuer = x509Certificate;
        this.subject = x509Certificate2;
        this.transId = TransactionId.createTransactionId(keyPair, str);
    }

    public TransactionId getId() {
        return this.transId;
    }

    public <T extends DEREncodable> CertStore performOperation(DelayablePKIOperation<T> delayablePKIOperation, long j) throws IOException, PKIOperationFailureException {
        LOGGER.entering(getClass().getName(), "performOperation", new Object[]{delayablePKIOperation, Long.valueOf(j)});
        this.msgGenerator.setMessageType(delayablePKIOperation.getMessageType());
        this.msgGenerator.setSenderNonce(Nonce.nextNonce());
        this.msgGenerator.setTransactionId(this.transId);
        this.msgGenerator.setMessageData(MessageData.getInstance(delayablePKIOperation.mo5getMessage()));
        PkiMessage generate = this.msgGenerator.generate();
        PkiMessage pkiMessage = (PkiMessage) this.transport.sendMessage(new PKCSReq(generate, this.keyPair));
        validateResponse(generate, pkiMessage);
        GetCertInitial getCertInitial = new GetCertInitial(X509Util.toX509Name(this.issuer.getIssuerX500Principal()), X509Util.toX509Name(this.subject.getSubjectX500Principal()));
        PkiMessageGenerator m9clone = this.msgGenerator.m9clone();
        m9clone.setMessageType(MessageType.GetCertInitial);
        m9clone.setMessageData(MessageData.getInstance(getCertInitial.mo5getMessage()));
        while (pkiMessage.getPkiStatus() == PkiStatus.PENDING) {
            try {
                Thread.sleep(j * 1000);
                m9clone.setSenderNonce(Nonce.nextNonce());
                pkiMessage = (PkiMessage) this.transport.sendMessage(new PKCSReq(m9clone.generate(), this.keyPair));
            } catch (InterruptedException e) {
                throw new RuntimeException(e);
            }
        }
        if (pkiMessage.getPkiStatus() == PkiStatus.FAILURE) {
            throw new PKIOperationFailureException(pkiMessage.getFailInfo());
        }
        return extractCertStore(pkiMessage);
    }

    public <T extends DEREncodable> CertStore performOperation(PKIOperation<T> pKIOperation) throws IOException, PKIOperationFailureException {
        LOGGER.entering(getClass().getName(), "performOperation", pKIOperation);
        this.msgGenerator.setMessageType(pKIOperation.getMessageType());
        this.msgGenerator.setSenderNonce(Nonce.nextNonce());
        this.msgGenerator.setTransactionId(TransactionId.createTransactionId(this.keyPair, this.digestAlgorithm));
        this.msgGenerator.setMessageData(MessageData.getInstance(pKIOperation.mo5getMessage()));
        PkiMessage generate = this.msgGenerator.generate();
        PkiMessage pkiMessage = (PkiMessage) this.transport.sendMessage(new PKCSReq(generate, this.keyPair));
        validateResponse(generate, pkiMessage);
        if (pkiMessage.getPkiStatus() == PkiStatus.FAILURE) {
            throw new PKIOperationFailureException(pkiMessage.getFailInfo());
        }
        if (pkiMessage.getPkiStatus() == PkiStatus.PENDING) {
            throw new IllegalStateException(PkiStatus.PENDING + " not expected.");
        }
        return extractCertStore(pkiMessage);
    }

    private CertStore extractCertStore(PkiMessage pkiMessage) throws IOException {
        try {
            return SignedDataUtil.extractCertStore(new SignedDataParser().parse(pkiMessage.getPkcsPkiEnvelope().getMessageData().getContent()));
        } catch (GeneralSecurityException e) {
            IOException iOException = new IOException(e);
            LOGGER.throwing(getClass().getName(), "getContent", iOException);
            throw iOException;
        }
    }

    private void validateResponse(PkiMessage pkiMessage, PkiMessage pkiMessage2) throws IOException {
        if (!pkiMessage2.getTransactionId().equals(pkiMessage.getTransactionId())) {
            IOException iOException = new IOException("Transaction ID Mismatch: Sent [" + pkiMessage.getTransactionId() + "]; Received [" + pkiMessage2.getTransactionId() + "]");
            LOGGER.throwing(getClass().getName(), "performOperation", iOException);
            throw iOException;
        }
        if (!pkiMessage2.getRecipientNonce().equals(pkiMessage.getSenderNonce())) {
            throw new InvalidNonceException("Response recipient nonce and request sender nonce are not equal");
        }
        if (QUEUE.contains(pkiMessage2.getSenderNonce())) {
            throw new InvalidNonceException("This nonce has been encountered before.  Possible replay attack?");
        }
        QUEUE.offer(pkiMessage2.getSenderNonce());
    }

    public String toString() {
        return "Transaction [\n]";
    }
}
