package net.ripe.rpki.commons.ta.serializers;

import java.io.IOException;
import java.io.StringReader;
import java.net.URI;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import java.util.UUID;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import net.ripe.rpki.commons.crypto.CertificateRepositoryObject;
import net.ripe.rpki.commons.crypto.cms.manifest.ManifestCms;
import net.ripe.rpki.commons.crypto.cms.roa.RoaCms;
import net.ripe.rpki.commons.crypto.crl.X509Crl;
import net.ripe.rpki.commons.crypto.util.CertificateRepositoryObjectFactory;
import net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate;
import net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificateParser;
import net.ripe.rpki.commons.ta.domain.response.ErrorResponse;
import net.ripe.rpki.commons.ta.domain.response.RevocationResponse;
import net.ripe.rpki.commons.ta.domain.response.SigningResponse;
import net.ripe.rpki.commons.ta.domain.response.TaResponse;
import net.ripe.rpki.commons.ta.domain.response.TrustAnchorResponse;
import net.ripe.rpki.commons.util.XML;
import net.ripe.rpki.commons.validation.ValidationResult;
import net.ripe.rpki.commons.xml.DomXmlSerializer;
import net.ripe.rpki.commons.xml.DomXmlSerializerException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:net/ripe/rpki/commons/ta/serializers/TrustAnchorResponseSerializer.class */
public class TrustAnchorResponseSerializer extends DomXmlSerializer<TrustAnchorResponse> {
    private static final Base64.Decoder BASE64_DECODER = Base64.getMimeDecoder();
    private static final Base64.Encoder BASE64_ENCODER = Base64.getEncoder();
    public static final String CREATION_TIMESTAMP = "requestCreationTimestamp";
    public static final String TRUST_ANCHOR_RESPONSE = "TrustAnchorResponse";
    public static final String X_509_RESOURCE_CERTIFICATE = "X509ResourceCertificate";
    public static final String CRL = "CRL";
    public static final String MANIFEST = "Manifest";
    public static final String ROA = "Roa";
    public static final String ROA_PREFIX = "RoaPrefix";
    public static final String TA_RESPONSES = "taResponses";
    public static final String SIGNING_RESPONSE = "SigningResponse";
    public static final String REVOCATION_RESPONSE = "RevocationResponse";
    public static final String ERROR_RESPONSE = "ErrorResponse";
    public static final String PUBLISHED_OBJECTS = "publishedObjects";
    public static final String URI_ELEMENT = "uri";
    public static final String ENTRY_ELEMENT = "entry";
    public static final String REQUEST_ID = "requestId";
    public static final String RESOURCE_CLASS_NAME = "resourceClassName";
    public static final String ENCODED_PUBLIC_KEY = "encodedPublicKey";
    public static final String MESSAGE = "message";
    public static final String PUBLICATION_URI = "publicationUri";
    public static final String CERTIFICATE = "certificate";
    public static final String ENCODED = "encoded";

    public TrustAnchorResponseSerializer() {
        super("");
    }

    @Override // net.ripe.rpki.commons.xml.XmlSerializer
    public String serialize(TrustAnchorResponse trustAnchorResponse) {
        if (trustAnchorResponse == null) {
            return null;
        }
        try {
            Document newDocument = XML.newNamespaceAwareDocumentBuilder().newDocument();
            Element addChild = addChild(newDocument, newDocument, TRUST_ANCHOR_RESPONSE);
            Long requestCreationTimestamp = trustAnchorResponse.getRequestCreationTimestamp();
            if (requestCreationTimestamp != null) {
                addChild(newDocument, addChild, CREATION_TIMESTAMP).setTextContent(requestCreationTimestamp.toString());
            }
            List<TaResponse> taResponses = trustAnchorResponse.getTaResponses();
            if (taResponses != null) {
                Element addChild2 = addChild(newDocument, addChild, TA_RESPONSES);
                for (TaResponse taResponse : taResponses) {
                    if (taResponse instanceof SigningResponse) {
                        serializeSigningResponse(newDocument, addChild2, (SigningResponse) taResponse);
                    } else if (taResponse instanceof RevocationResponse) {
                        serializeRevocationResponse(newDocument, addChild2, (RevocationResponse) taResponse);
                    } else if (taResponse instanceof ErrorResponse) {
                        serializeErrorResponse(newDocument, addChild2, (ErrorResponse) taResponse);
                    }
                }
            }
            Map<URI, CertificateRepositoryObject> publishedObjects = trustAnchorResponse.getPublishedObjects();
            if (publishedObjects != null) {
                Element addChild3 = addChild(newDocument, addChild, PUBLISHED_OBJECTS);
                for (Map.Entry<URI, CertificateRepositoryObject> entry : publishedObjects.entrySet()) {
                    Element addChild4 = addChild(newDocument, addChild3, ENTRY_ELEMENT);
                    addChild(newDocument, addChild4, URI_ELEMENT).setTextContent(entry.getKey().toString());
                    addEncodedObject(newDocument, addChild4, entry.getValue());
                }
            }
            return serialize(newDocument);
        } catch (ParserConfigurationException | TransformerException e) {
            throw new DomXmlSerializerException(e);
        }
    }

    private void serializeSigningResponse(Document document, Element element, SigningResponse signingResponse) {
        Element addChild = addChild(document, element, SIGNING_RESPONSE);
        addChild(document, addChild, "requestId").setTextContent(signingResponse.getRequestId().toString());
        addChild(document, addChild, "resourceClassName").setTextContent(signingResponse.getResourceClassName());
        addChild(document, addChild, PUBLICATION_URI).setTextContent(signingResponse.getPublicationUri().toString());
        addChild(document, addChild(document, addChild, CERTIFICATE), ENCODED).setTextContent(BASE64_ENCODER.encodeToString(signingResponse.getCertificate().getEncoded()));
    }

    private void serializeRevocationResponse(Document document, Element element, RevocationResponse revocationResponse) {
        Element addChild = addChild(document, element, REVOCATION_RESPONSE);
        addChild(document, addChild, "requestId").setTextContent(revocationResponse.getRequestId().toString());
        addChild(document, addChild, "resourceClassName").setTextContent(revocationResponse.getResourceClassName());
        addChild(document, addChild, "encodedPublicKey").setTextContent(revocationResponse.getEncodedPublicKey());
    }

    private void serializeErrorResponse(Document document, Element element, ErrorResponse errorResponse) {
        Element addChild = addChild(document, element, ERROR_RESPONSE);
        addChild(document, addChild, "requestId").setTextContent(errorResponse.getRequestId().toString());
        addChild(document, addChild, MESSAGE).setTextContent(errorResponse.getMessage());
    }

    private void addEncodedObject(Document document, Element element, CertificateRepositoryObject certificateRepositoryObject) {
        String str;
        if (certificateRepositoryObject instanceof X509ResourceCertificate) {
            str = X_509_RESOURCE_CERTIFICATE;
        } else if (certificateRepositoryObject instanceof X509Crl) {
            str = CRL;
        } else if (certificateRepositoryObject instanceof ManifestCms) {
            str = MANIFEST;
        } else {
            if (!(certificateRepositoryObject instanceof RoaCms)) {
                throw new RuntimeException("Not implemented serialisation of '" + certificateRepositoryObject.getClass() + "'");
            }
            str = ROA;
        }
        Element addChild = addChild(document, element, str);
        addChild(document, addChild, ENCODED).setTextContent(BASE64_ENCODER.encodeToString(certificateRepositoryObject.getEncoded()));
    }

    @Override // net.ripe.rpki.commons.xml.XmlSerializer
    public TrustAnchorResponse deserialize(String str) {
        try {
            StringReader stringReader = new StringReader(str);
            try {
                Element orElseThrow = getElement(XML.newNamespaceAwareDocumentBuilder().parse(new InputSource(stringReader)), TRUST_ANCHOR_RESPONSE).orElseThrow(() -> {
                    return new DomXmlSerializerException("TrustAnchorResponse element not found");
                });
                String elementTextContent = getElementTextContent(getSingleChildElement(orElseThrow, CREATION_TIMESTAMP));
                try {
                    long parseLong = Long.parseLong(elementTextContent);
                    Element singleChildElement = getSingleChildElement(orElseThrow, TA_RESPONSES);
                    List<TaResponse> taSigningResponses = getTaSigningResponses(singleChildElement);
                    taSigningResponses.addAll(getTaRevocationResponses(singleChildElement));
                    taSigningResponses.addAll(getTaErrorResponses(singleChildElement));
                    TrustAnchorResponse trustAnchorResponse = new TrustAnchorResponse(Long.valueOf(parseLong), getPublishedObjects(orElseThrow), taSigningResponses);
                    stringReader.close();
                    return trustAnchorResponse;
                } catch (NumberFormatException e) {
                    throw new DomXmlSerializerException("creationTimestamp content is not a number: " + elementTextContent, e);
                }
            } catch (Throwable th) {
                try {
                    stringReader.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (IOException | ParserConfigurationException | SAXException e2) {
            throw new DomXmlSerializerException(e2);
        }
    }

    private Map<URI, CertificateRepositoryObject> getPublishedObjects(Element element) {
        TreeMap treeMap = new TreeMap();
        Iterator<Element> it = getChildElements(getSingleChildElement(element, PUBLISHED_OBJECTS), ENTRY_ELEMENT).iterator();
        while (it.hasNext()) {
            NodeList childNodes = it.next().getChildNodes();
            String str = null;
            CertificateRepositoryObject certificateRepositoryObject = null;
            for (int i = 0; i < childNodes.getLength(); i++) {
                Node item = childNodes.item(i);
                if (URI_ELEMENT.equals(item.getLocalName())) {
                    str = getElementTextContent((Element) item);
                }
                if (X_509_RESOURCE_CERTIFICATE.equals(item.getLocalName())) {
                    certificateRepositoryObject = parseObject((Element) item, str, "tmp.cer");
                } else if (CRL.equals(item.getLocalName())) {
                    certificateRepositoryObject = parseObject((Element) item, str, "tmp.crl");
                } else if (MANIFEST.equals(item.getLocalName())) {
                    certificateRepositoryObject = parseObject((Element) item, str, "tmp.mft");
                } else if (ROA.equals(item.getLocalName())) {
                    certificateRepositoryObject = parseObject((Element) item, str, "tmp.roa");
                }
            }
            if (str == null) {
                throw new DomXmlSerializerException("<uri> is not found inside of an entry");
            }
            if (certificateRepositoryObject == null) {
                throw new DomXmlSerializerException("Object is not found inside of an entry");
            }
            treeMap.put(URI.create(str), certificateRepositoryObject);
        }
        return treeMap;
    }

    private CertificateRepositoryObject parseObject(Element element, String str, String str2) {
        return CertificateRepositoryObjectFactory.createCertificateRepositoryObject(getBase64(element), ValidationResult.withLocation(str != null ? str : str2));
    }

    private byte[] getBase64(Element element) {
        return BASE64_DECODER.decode(getElementTextContent(element));
    }

    private List<TaResponse> getTaSigningResponses(Element element) {
        ArrayList arrayList = new ArrayList();
        for (Element element2 : getChildElements(element, SIGNING_RESPONSE)) {
            String elementTextContent = getElementTextContent(getSingleChildElement(element2, "requestId"));
            String elementTextContent2 = getElementTextContent(getSingleChildElement(element2, "resourceClassName"));
            String elementTextContent3 = getElementTextContent(getSingleChildElement(element2, PUBLICATION_URI));
            byte[] decode = BASE64_DECODER.decode(getElementTextContent(getSingleChildElement(getSingleChildElement(element2, CERTIFICATE), ENCODED)));
            X509ResourceCertificateParser x509ResourceCertificateParser = new X509ResourceCertificateParser();
            x509ResourceCertificateParser.parse("request-" + elementTextContent + ".cer", decode);
            arrayList.add(new SigningResponse(UUID.fromString(elementTextContent), elementTextContent2, URI.create(elementTextContent3), x509ResourceCertificateParser.getCertificate()));
        }
        return arrayList;
    }

    private Collection<? extends TaResponse> getTaRevocationResponses(Element element) {
        ArrayList arrayList = new ArrayList();
        for (Element element2 : getChildElements(element, REVOCATION_RESPONSE)) {
            String elementTextContent = getElementTextContent(getSingleChildElement(element2, "requestId"));
            arrayList.add(new RevocationResponse(UUID.fromString(elementTextContent), getElementTextContent(getSingleChildElement(element2, "resourceClassName")), getElementTextContent(getSingleChildElement(element2, "encodedPublicKey"))));
        }
        return arrayList;
    }

    private Collection<? extends TaResponse> getTaErrorResponses(Element element) {
        ArrayList arrayList = new ArrayList();
        for (Element element2 : getChildElements(element, ERROR_RESPONSE)) {
            String elementTextContent = getElementTextContent(getSingleChildElement(element2, "requestId"));
            arrayList.add(new ErrorResponse(UUID.fromString(elementTextContent), getElementTextContent(getSingleChildElement(element2, MESSAGE))));
        }
        return arrayList;
    }
}
