package org.xipki.ca.gateway;

import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.crmf.DhSigStatic;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.slf4j.Logger;
import org.xipki.audit.AuditEvent;
import org.xipki.audit.AuditStatus;
import org.xipki.security.DHSigStaticKeyCertPair;
import org.xipki.security.EdECConstants;
import org.xipki.security.ObjectIdentifiers;
import org.xipki.security.SecurityFactory;
import org.xipki.util.Args;

/* loaded from: input_file:WEB-INF/lib/gateway-common-6.3.0.jar:org/xipki/ca/gateway/GatewayUtil.class */
public class GatewayUtil {
    public static void logAuditEvent(Logger logger, AuditEvent auditEvent) {
        if (auditEvent == null) {
            return;
        }
        if (auditEvent.getStatus() == AuditStatus.FAILED) {
            if (logger.isWarnEnabled()) {
                logger.warn(auditEvent.toTextMessage());
            }
        } else if (logger.isInfoEnabled()) {
            logger.info(auditEvent.toTextMessage());
        }
    }

    public static boolean verifyCsr(CertificationRequest certificationRequest, SecurityFactory securityFactory, PopControl popControl) {
        Args.notNull(certificationRequest, "csr");
        Args.notNull(popControl, "popControl");
        ASN1ObjectIdentifier algorithm = certificationRequest.getSignatureAlgorithm().getAlgorithm();
        DHSigStaticKeyCertPair dHSigStaticKeyCertPair = null;
        if (ObjectIdentifiers.Xipki.id_alg_dhPop_x25519.equals(algorithm) || ObjectIdentifiers.Xipki.id_alg_dhPop_x448.equals(algorithm)) {
            IssuerAndSerialNumber issuerAndSerial = DhSigStatic.getInstance(certificationRequest.getSignature().getBytes()).getIssuerAndSerial();
            dHSigStaticKeyCertPair = popControl.getDhKeyCertPair(issuerAndSerial.getName(), issuerAndSerial.getSerialNumber().getValue(), EdECConstants.getName(certificationRequest.getCertificationRequestInfo().getSubjectPublicKeyInfo().getAlgorithm().getAlgorithm()));
            if (dHSigStaticKeyCertPair == null) {
                return false;
            }
        }
        return securityFactory.verifyPop(certificationRequest, popControl.getPopAlgoValidator(), dHSigStaticKeyCertPair);
    }
}
