package org.xipki.ca.gateway.cmp;

import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import org.xipki.ca.sdk.CertsMode;
import org.xipki.security.AlgorithmValidator;
import org.xipki.security.CollectionAlgorithmValidator;
import org.xipki.security.HashAlgo;
import org.xipki.security.SignAlgo;
import org.xipki.util.CollectionUtil;
import org.xipki.util.exception.InvalidConfException;

/* loaded from: input_file:WEB-INF/classes/org/xipki/ca/gateway/cmp/CmpControl.class */
public class CmpControl {
    private static final int DFLT_MESSAGE_TIME_BIAS = 300;
    private static final int DFLT_CONFIRM_WAIT_TIME = 300;
    private static final int DFLT_PBM_ITERATIONCOUNT = 10240;
    private final boolean confirmCert;
    private final boolean sendCaCert;
    private final boolean sendCertChain;
    private final boolean messageTimeRequired;
    private final boolean sendResponderCert;
    private final int messageTimeBias;
    private final int confirmWaitTime;
    private final int confirmWaitTimeMs;
    private HashAlgo responsePbmOwf;
    private final List<HashAlgo> requestPbmOwfs;
    private SignAlgo responsePbmMac;
    private final List<SignAlgo> requestPbmMacs;
    private final int responsePbmIterationCount;
    private final CollectionAlgorithmValidator sigAlgoValidator;

    public CmpControl(CmpControlConf cmpControlConf) throws InvalidConfException {
        this.confirmCert = getBoolean(cmpControlConf.getConfirmCert(), false);
        this.sendCaCert = getBoolean(cmpControlConf.getSendCaCert(), false);
        this.sendCertChain = getBoolean(cmpControlConf.getSendCertChain(), false);
        this.sendResponderCert = getBoolean(cmpControlConf.getSendResponderCert(), true);
        this.messageTimeRequired = getBoolean(cmpControlConf.getMessageTimeRequired(), true);
        this.messageTimeBias = getInt(cmpControlConf.getMessageTimeBias(), 300);
        this.confirmWaitTime = getInt(cmpControlConf.getConfirmWaitTime(), 300);
        if (this.confirmWaitTime < 0) {
            throw new InvalidConfException("invalid confirmWaitTime " + this.confirmWaitTime);
        }
        this.confirmWaitTimeMs = this.confirmWaitTime * 1000;
        List<String> requestSigAlgos = cmpControlConf.getRequestSigAlgos();
        if (CollectionUtil.isEmpty(requestSigAlgos)) {
            throw new InvalidConfException("requestSigAlgos is not set");
        }
        try {
            this.sigAlgoValidator = CollectionAlgorithmValidator.buildAlgorithmValidator(requestSigAlgos);
            try {
                if (cmpControlConf.getResponsePbmMac() != null) {
                    this.responsePbmMac = SignAlgo.getInstance(cmpControlConf.getResponsePbmMac());
                }
                if (cmpControlConf.getResponsePbmOwf() != null) {
                    this.responsePbmOwf = HashAlgo.getInstance(cmpControlConf.getResponsePbmOwf());
                }
                List<String> requestPbmOwfs = cmpControlConf.getRequestPbmOwfs();
                List<String> requestPbmMacs = cmpControlConf.getRequestPbmMacs();
                Integer responsePbmIterationCount = cmpControlConf.getResponsePbmIterationCount();
                responsePbmIterationCount = responsePbmIterationCount == null ? Integer.valueOf(DFLT_PBM_ITERATIONCOUNT) : responsePbmIterationCount;
                if (responsePbmIterationCount.intValue() <= 0) {
                    throw new InvalidConfException("invalid pbmIterationCount " + responsePbmIterationCount);
                }
                this.responsePbmIterationCount = responsePbmIterationCount.intValue();
                requestPbmOwfs = CollectionUtil.isEmpty(requestPbmOwfs) ? Collections.singletonList("SHA256") : requestPbmOwfs;
                requestPbmMacs = CollectionUtil.isEmpty(requestPbmMacs) ? Collections.singletonList("HMACSHA256") : requestPbmMacs;
                this.requestPbmOwfs = new ArrayList(requestPbmOwfs.size());
                for (int i = 0; i < requestPbmOwfs.size(); i++) {
                    String str = requestPbmOwfs.get(i);
                    try {
                        HashAlgo hashAlgo = HashAlgo.getInstance(str);
                        this.requestPbmOwfs.add(hashAlgo);
                        if (i == 0 && this.responsePbmOwf == null) {
                            this.responsePbmOwf = hashAlgo;
                        }
                    } catch (Exception e) {
                        throw new InvalidConfException("invalid pbmPwf " + str, e);
                    }
                }
                this.requestPbmMacs = new ArrayList(requestPbmMacs.size());
                for (int i2 = 0; i2 < requestPbmMacs.size(); i2++) {
                    String str2 = requestPbmMacs.get(i2);
                    try {
                        SignAlgo signAlgo = SignAlgo.getInstance(str2);
                        this.requestPbmMacs.add(signAlgo);
                        if (i2 == 0 && this.responsePbmMac == null) {
                            this.responsePbmMac = signAlgo;
                        }
                    } catch (NoSuchAlgorithmException e2) {
                        throw new InvalidConfException("invalid pbmMac " + str2, e2);
                    }
                }
            } catch (NoSuchAlgorithmException e3) {
                throw new InvalidConfException(e3.getMessage(), e3);
            }
        } catch (NoSuchAlgorithmException e4) {
            throw new InvalidConfException("invalid signature algorithm", e4);
        }
    }

    public CertsMode getCaCertsMode() {
        return !this.sendCaCert ? CertsMode.NONE : this.sendCertChain ? CertsMode.CHAIN : CertsMode.CERT;
    }

    public boolean isMessageTimeRequired() {
        return this.messageTimeRequired;
    }

    public boolean isConfirmCert() {
        return this.confirmCert;
    }

    public int getMessageTimeBias() {
        return this.messageTimeBias;
    }

    public int getConfirmWaitTime() {
        return this.confirmWaitTime;
    }

    public int getConfirmWaitTimeMs() {
        return this.confirmWaitTimeMs;
    }

    public boolean isSendResponderCert() {
        return this.sendResponderCert;
    }

    public AlgorithmValidator getSigAlgoValidator() {
        return this.sigAlgoValidator;
    }

    public HashAlgo getResponsePbmOwf() {
        return this.responsePbmOwf;
    }

    public SignAlgo getResponsePbmMac() {
        return this.responsePbmMac;
    }

    public int getResponsePbmIterationCount() {
        return this.responsePbmIterationCount;
    }

    public boolean isRequestPbmOwfPermitted(HashAlgo hashAlgo) {
        return this.requestPbmOwfs.contains(hashAlgo);
    }

    public boolean isRequestPbmMacPermitted(SignAlgo signAlgo) {
        return this.requestPbmMacs.contains(signAlgo);
    }

    private static boolean getBoolean(Boolean bool, boolean z) {
        return bool == null ? z : bool.booleanValue();
    }

    private static int getInt(Integer num, int i) {
        return num == null ? i : num.intValue();
    }
}
