package org.xipki.ca.gateway.cmp;

import java.io.IOException;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.text.ParseException;
import java.time.Duration;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Locale;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Enumerated;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.cmp.CMPCertificate;
import org.bouncycastle.asn1.cmp.CMPObjectIdentifiers;
import org.bouncycastle.asn1.cmp.CertConfirmContent;
import org.bouncycastle.asn1.cmp.CertRepMessage;
import org.bouncycastle.asn1.cmp.CertResponse;
import org.bouncycastle.asn1.cmp.CertStatus;
import org.bouncycastle.asn1.cmp.ErrorMsgContent;
import org.bouncycastle.asn1.cmp.InfoTypeAndValue;
import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIFailureInfo;
import org.bouncycastle.asn1.cmp.PKIFreeText;
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIHeaderBuilder;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.asn1.cmp.PKIStatus;
import org.bouncycastle.asn1.cmp.PKIStatusInfo;
import org.bouncycastle.asn1.cmp.RevDetails;
import org.bouncycastle.asn1.cmp.RevRepContentBuilder;
import org.bouncycastle.asn1.cmp.RevReqContent;
import org.bouncycastle.asn1.crmf.AttributeTypeAndValue;
import org.bouncycastle.asn1.crmf.CertId;
import org.bouncycastle.asn1.crmf.CertReqMessages;
import org.bouncycastle.asn1.crmf.CertReqMsg;
import org.bouncycastle.asn1.crmf.CertTemplate;
import org.bouncycastle.asn1.crmf.Controls;
import org.bouncycastle.asn1.crmf.OptionalValidity;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.crmf.CertificateRequestMessage;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.audit.AuditEvent;
import org.xipki.audit.AuditStatus;
import org.xipki.ca.gateway.CaNameSigners;
import org.xipki.ca.gateway.GatewayUtil;
import org.xipki.ca.gateway.PopControl;
import org.xipki.ca.gateway.Requestor;
import org.xipki.ca.gateway.RequestorAuthenticator;
import org.xipki.ca.sdk.ConfirmCertRequestEntry;
import org.xipki.ca.sdk.ConfirmCertsRequest;
import org.xipki.ca.sdk.EnrollCertRequestEntry;
import org.xipki.ca.sdk.EnrollCertsRequest;
import org.xipki.ca.sdk.EnrollOrPollCertsResponse;
import org.xipki.ca.sdk.EnrollOrPullCertResponseEntry;
import org.xipki.ca.sdk.ErrorEntry;
import org.xipki.ca.sdk.OldCertInfoByIssuerAndSerial;
import org.xipki.ca.sdk.RevokeCertRequestEntry;
import org.xipki.ca.sdk.RevokeCertsRequest;
import org.xipki.ca.sdk.SdkClient;
import org.xipki.ca.sdk.SdkErrorResponseException;
import org.xipki.ca.sdk.SingleCertSerialEntry;
import org.xipki.ca.sdk.UnsuspendOrRemoveRequest;
import org.xipki.ca.sdk.X500NameType;
import org.xipki.cmp.CmpUtf8Pairs;
import org.xipki.cmp.CmpUtil;
import org.xipki.security.CrlReason;
import org.xipki.security.SecurityFactory;
import org.xipki.security.util.X509Util;
import org.xipki.util.DateUtil;
import org.xipki.util.Hex;
import org.xipki.util.LogUtil;
import org.xipki.util.StringUtil;
import org.xipki.util.exception.ErrorCode;
import org.xipki.util.exception.InsufficientPermissionException;
import org.xipki.util.exception.OperationException;

/* loaded from: input_file:org/xipki/ca/gateway/cmp/CmpResponder.class */
public class CmpResponder extends BaseCmpResponder {
    private static final Logger LOG = LoggerFactory.getLogger(BaseCmpResponder.class);

    public CmpResponder(CmpControl cmpControl, SdkClient sdkClient, SecurityFactory securityFactory, CaNameSigners caNameSigners, RequestorAuthenticator requestorAuthenticator, PopControl popControl) throws NoSuchAlgorithmException {
        super(cmpControl, sdkClient, securityFactory, caNameSigners, requestorAuthenticator, popControl);
        LOG.info("XiPKI CMP-Gateway version {}", StringUtil.getVersion(getClass()));
    }

    private CertRepMessage processCertReqMessages(String str, String str2, boolean z, PKIMessage pKIMessage, Requestor requestor, ASN1OctetString aSN1OctetString, CertReqMessages certReqMessages, AuditEvent auditEvent) throws InsufficientPermissionException, IOException, SdkErrorResponseException {
        CertReqMsg[] certReqMsgArray = certReqMessages.toCertReqMsgArray();
        int length = certReqMsgArray.length;
        boolean z2 = pKIMessage.getBody().getType() == 7;
        String[] extractCertProfile = CmpUtil.extractCertProfile(pKIMessage.getHeader().getGeneralInfo());
        int length2 = extractCertProfile == null ? 0 : extractCertProfile.length;
        if (length2 == 0) {
            extractCertProfile = new String[length];
        } else if (length2 < length) {
            extractCertProfile = (String[]) Arrays.copyOf(extractCertProfile, length);
        }
        if (extractCertProfile.length == length && StringUtil.isNotBlank(str2)) {
            for (int i = 0; i < length; i++) {
                if (StringUtil.isBlank(extractCertProfile[i])) {
                    extractCertProfile[i] = str2;
                }
            }
        }
        boolean z3 = false;
        int i2 = 0;
        while (true) {
            if (i2 >= length) {
                break;
            }
            if (StringUtil.isBlank(extractCertProfile[i2])) {
                z3 = true;
                break;
            }
            i2++;
        }
        if (length2 > length || (!z2 && z3)) {
            CertResponse[] certResponseArr = new CertResponse[length];
            for (int i3 = 0; i3 < length; i3++) {
                certResponseArr[i3] = new CertResponse(certReqMsgArray[i3].getCertReq().getCertReqId(), generateRejectionStatus(1048576, "number of specified cert profile names is not correct"));
            }
            auditEvent.setStatus(AuditStatus.FAILED);
            return new CertRepMessage((CMPCertificate[]) null, certResponseArr);
        }
        ArrayList arrayList = new ArrayList(length);
        HashMap hashMap = new HashMap();
        for (int i4 = 0; i4 < length; i4++) {
            CertReqMsg certReqMsg = certReqMsgArray[i4];
            ASN1Integer certReqId = certReqMsg.getCertReq().getCertReqId();
            CertificateRequestMessage certificateRequestMessage = new CertificateRequestMessage(certReqMsg);
            CertTemplate certTemplate = certificateRequestMessage.getCertTemplate();
            SubjectPublicKeyInfo publicKey = certTemplate.getPublicKey();
            X500Name subject = certTemplate.getSubject();
            OptionalValidity validity = certTemplate.getValidity();
            Long l = null;
            if (validity != null) {
                r35 = validity.getNotBefore() != null ? Long.valueOf(DateUtil.toEpochSecond(validity.getNotBefore().getDate())) : null;
                if (validity.getNotAfter() != null) {
                    l = Long.valueOf(DateUtil.toEpochSecond(validity.getNotAfter().getDate()));
                }
            }
            OldCertInfoByIssuerAndSerial oldCertInfoByIssuerAndSerial = null;
            if (z2) {
                Controls controls = certReqMsg.getCertReq().getControls();
                AttributeTypeAndValue attributeTypeAndValue = null;
                if (controls != null) {
                    try {
                        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(controls.getEncoded());
                        int size = aSN1Sequence.size();
                        int i5 = 0;
                        while (true) {
                            if (i5 >= size) {
                                break;
                            }
                            AttributeTypeAndValue attributeTypeAndValue2 = AttributeTypeAndValue.getInstance(aSN1Sequence.getObjectAt(i5));
                            if (attributeTypeAndValue2.getType().equals(CMPObjectIdentifiers.regCtrl_oldCertID)) {
                                attributeTypeAndValue = attributeTypeAndValue2;
                                break;
                            }
                            i5++;
                        }
                    } catch (IOException e) {
                        addErrCertResp(hashMap, i4, certReqId, 1073741824, "could not parse the controls");
                    }
                }
                if (attributeTypeAndValue == null) {
                    addErrCertResp(hashMap, i4, certReqId, 1048576, "no getCtrl oldCertID is specified");
                } else {
                    CertId certId = CertId.getInstance(attributeTypeAndValue.getValue());
                    if (4 != certId.getIssuer().getTagNo()) {
                        addErrCertResp(hashMap, i4, certReqId, 8, "invalid regCtrl oldCertID");
                    } else {
                        oldCertInfoByIssuerAndSerial = new OldCertInfoByIssuerAndSerial(false, new X500NameType(certId.getIssuer().getName().toASN1Primitive().getEncoded()), certId.getSerialNumber().getValue());
                    }
                }
            }
            String str3 = extractCertProfile[i4];
            if (!StringUtil.isNotBlank(str3) || requestor.isCertprofilePermitted(str, str3)) {
                if (publicKey == null) {
                    checkPermission(requestor, 256);
                } else if (!certificateRequestMessage.hasProofOfPossession()) {
                    addErrCertResp(hashMap, i4, certReqId, 16384, "no POP");
                } else if (!verifyPop(certificateRequestMessage, publicKey)) {
                    LOG.warn("could not validate POP for request {}", certReqId.getValue());
                    addErrCertResp(hashMap, i4, certReqId, 16384, "invalid POP");
                }
                EnrollCertRequestEntry enrollCertRequestEntry = new EnrollCertRequestEntry();
                enrollCertRequestEntry.setNotBefore(r35);
                enrollCertRequestEntry.setNotAfter(l);
                enrollCertRequestEntry.setCertReqId(certReqId.getValue());
                if (StringUtil.isNotBlank(str3)) {
                    enrollCertRequestEntry.setCertprofile(str3);
                }
                try {
                    enrollCertRequestEntry.extensions(certTemplate.getExtensions());
                    if (publicKey != null) {
                        try {
                            enrollCertRequestEntry.setSubjectPublicKey(publicKey.getEncoded());
                        } catch (IOException e2) {
                            LogUtil.warn(LOG, e2, "could not encode extensions " + certReqId.getValue());
                            addErrCertResp(hashMap, i4, certReqId, 1048576, "invalid public key");
                        }
                    }
                    enrollCertRequestEntry.setSubject(new X500NameType(subject));
                    if (oldCertInfoByIssuerAndSerial != null) {
                        enrollCertRequestEntry.setOldCertIsn(oldCertInfoByIssuerAndSerial);
                    }
                    arrayList.add(enrollCertRequestEntry);
                } catch (IOException e3) {
                    LogUtil.warn(LOG, e3, "could not encode extensions " + certReqId.getValue());
                    addErrCertResp(hashMap, i4, certReqId, 1048576, "invalid extensions");
                }
            } else {
                addErrCertResp(hashMap, i4, certReqId, 65536, "certprofile " + str3 + " is not allowed");
            }
        }
        if (arrayList.size() == length) {
            return enrollCerts(str, z, z2, pKIMessage.getBody().getType() == 13, requestor, aSN1OctetString, (EnrollCertRequestEntry[]) arrayList.toArray(new EnrollCertRequestEntry[0]), auditEvent);
        }
        auditEvent.setStatus(AuditStatus.FAILED);
        CertResponse[] certResponseArr2 = new CertResponse[length];
        for (int i6 = 0; i6 < length; i6++) {
            certResponseArr2[i6] = (CertResponse) hashMap.get(Integer.valueOf(i6));
            if (certResponseArr2[i6] == null) {
                certResponseArr2[i6] = new CertResponse(certReqMsgArray[i6].getCertReq().getCertReqId(), generateRejectionStatus(32, "failure in the parallel entries in the same request"));
            }
        }
        return new CertRepMessage((CMPCertificate[]) null, certResponseArr2);
    }

    private PKIBody processP10cr(String str, String str2, Requestor requestor, ASN1OctetString aSN1OctetString, PKIHeader pKIHeader, CertificationRequest certificationRequest, AuditEvent auditEvent) throws SdkErrorResponseException {
        CertRepMessage enrollCerts;
        ASN1Integer aSN1Integer = new ASN1Integer(-1L);
        if (GatewayUtil.verifyCsr(certificationRequest, this.securityFactory, this.popControl)) {
            InfoTypeAndValue[] generalInfo = pKIHeader.getGeneralInfo();
            CmpUtf8Pairs extractUtf8Pairs = CmpUtil.extractUtf8Pairs(generalInfo);
            String str3 = null;
            String[] extractCertProfile = CmpUtil.extractCertProfile(generalInfo);
            if (extractCertProfile != null && extractCertProfile.length > 0) {
                str3 = extractCertProfile[0];
            }
            Long l = null;
            Long l2 = null;
            if (extractUtf8Pairs != null) {
                String value = extractUtf8Pairs.value("notbefore");
                if (value != null) {
                    l = Long.valueOf(DateUtil.parseUtcTimeyyyyMMddhhmmss(value).getEpochSecond());
                }
                String value2 = extractUtf8Pairs.value("notafter");
                if (value2 != null) {
                    l2 = Long.valueOf(DateUtil.parseUtcTimeyyyyMMddhhmmss(value2).getEpochSecond());
                }
            }
            if (str3 == null) {
                str3 = str2;
            }
            if (str3 == null) {
                LOG.warn("no certprofile is specified");
                enrollCerts = buildErrCertResp(aSN1Integer, 1048576, "badCertTemplate");
            } else {
                String lowerCase = str3.toLowerCase();
                if (requestor.isCertprofilePermitted(str, lowerCase)) {
                    EnrollCertRequestEntry enrollCertRequestEntry = new EnrollCertRequestEntry();
                    enrollCertRequestEntry.setCertprofile(lowerCase);
                    enrollCertRequestEntry.setCertReqId(BigInteger.valueOf(-1L));
                    enrollCertRequestEntry.setNotBefore(l);
                    enrollCertRequestEntry.setNotAfter(l2);
                    try {
                        enrollCertRequestEntry.setP10req(certificationRequest.getEncoded());
                        try {
                            enrollCerts = enrollCerts(str, false, false, false, requestor, aSN1OctetString, new EnrollCertRequestEntry[]{enrollCertRequestEntry}, auditEvent);
                        } catch (IOException e) {
                            LogUtil.error(LOG, e);
                            return buildErrorMsgPkiBody(PKIStatus.rejection, 1073741824, null);
                        }
                    } catch (IOException e2) {
                        LogUtil.error(LOG, e2);
                        return buildErrorMsgPkiBody(PKIStatus.rejection, 32, "invalid PKCS#10 request");
                    }
                } else {
                    enrollCerts = buildErrCertResp(aSN1Integer, 65536, "certprofile " + lowerCase + " is not allowed");
                }
            }
        } else {
            LOG.warn("could not validate POP for the pkcs#10 requst");
            enrollCerts = buildErrCertResp(aSN1Integer, 16384, "invalid POP");
        }
        if (auditEvent.getStatus() == null || auditEvent.getStatus() != AuditStatus.FAILED) {
            PKIStatusInfo status = enrollCerts.getResponse()[0].getStatus();
            int intValue = status.getStatus().intValue();
            if (intValue != 0 && intValue != 1 && intValue != 3) {
                auditEvent.setStatus(AuditStatus.FAILED);
                PKIFreeText statusString = status.getStatusString();
                if (statusString != null) {
                    auditEvent.addEventData("message", statusString.getStringAtUTF8(0).getString());
                }
            }
        }
        return new PKIBody(3, enrollCerts);
    }

    private CertRepMessage enrollCerts(String str, boolean z, boolean z2, boolean z3, Requestor requestor, ASN1OctetString aSN1OctetString, EnrollCertRequestEntry[] enrollCertRequestEntryArr, AuditEvent auditEvent) throws IOException, SdkErrorResponseException {
        X500Name subject;
        String encode = Hex.encode(aSN1OctetString.getOctets());
        EnrollCertsRequest enrollCertsRequest = new EnrollCertsRequest();
        enrollCertsRequest.setExplicitConfirm(Boolean.valueOf(this.cmpControl.isConfirmCert()));
        enrollCertsRequest.setGroupEnroll(Boolean.valueOf(z));
        enrollCertsRequest.setConfirmWaitTimeMs(Integer.valueOf((int) this.cmpControl.getConfirmWaitTime().toMillis()));
        enrollCertsRequest.setCaCertMode(this.cmpControl.getCaCertsMode());
        enrollCertsRequest.setTransactionId(encode);
        enrollCertsRequest.setEntries(enrollCertRequestEntryArr);
        for (EnrollCertRequestEntry enrollCertRequestEntry : enrollCertRequestEntryArr) {
            auditEvent.addEventData(BaseCmpResponder.HTTP_HEADER_certprofile, enrollCertRequestEntry.getCertprofile());
            if (enrollCertRequestEntry.getSubject() != null) {
                subject = enrollCertRequestEntry.getSubject().toX500Name();
            } else {
                try {
                    subject = X509Util.parseCsrInRequest(enrollCertRequestEntry.getP10req()).getCertificationRequestInfo().getSubject();
                } catch (OperationException e) {
                    throw new SdkErrorResponseException(ErrorCode.BAD_REQUEST, "error parsing PKCS#10 request");
                }
            }
            auditEvent.addEventData("req_subject", "\"" + X509Util.x500NameText(subject) + "\"");
        }
        EnrollOrPollCertsResponse enrollCrossCerts = z3 ? this.sdk.enrollCrossCerts(str, enrollCertsRequest) : z2 ? this.sdk.reenrollCerts(str, enrollCertsRequest) : this.sdk.enrollCerts(str, enrollCertsRequest);
        EnrollOrPullCertResponseEntry[] entries = enrollCrossCerts.getEntries();
        CertResponse[] certResponseArr = new CertResponse[entries.length];
        for (int i = 0; i < entries.length; i++) {
            EnrollOrPullCertResponseEntry enrollOrPullCertResponseEntry = entries[i];
            ErrorEntry error = enrollOrPullCertResponseEntry.getError();
            if (error != null) {
                certResponseArr[i] = new CertResponse(new ASN1Integer(enrollOrPullCertResponseEntry.getId()), buildPKIStatusInfo(error.getCode(), error.getMessage()));
            } else {
                certResponseArr[i] = postProcessCertInfo(new ASN1Integer(enrollOrPullCertResponseEntry.getId()), requestor, enrollOrPullCertResponseEntry.getCert(), enrollOrPullCertResponseEntry.getPrivateKey());
            }
        }
        CMPCertificate[] cMPCertificateArr = null;
        byte[][] extraCerts = enrollCrossCerts.getExtraCerts();
        if (extraCerts != null && extraCerts.length > 0) {
            cMPCertificateArr = new CMPCertificate[extraCerts.length];
            for (int i2 = 0; i2 < extraCerts.length; i2++) {
                cMPCertificateArr[i2] = new CMPCertificate(Certificate.getInstance(extraCerts[i2]));
            }
        }
        return new CertRepMessage(cMPCertificateArr, certResponseArr);
    }

    private PKIBody unRevokeCertificates(RevReqContent revReqContent, boolean z, AuditEvent auditEvent) throws IOException, SdkErrorResponseException {
        SingleCertSerialEntry[] entries;
        RevDetails[] revDetailsArray = revReqContent.toRevDetailsArray();
        if (revDetailsArray == null || revDetailsArray.length == 0) {
            return buildErrorMsgPkiBody(PKIStatus.rejection, 32, "no entry is specified");
        }
        ArrayList arrayList = z ? new ArrayList(revDetailsArray.length) : null;
        ArrayList arrayList2 = z ? null : new ArrayList(revDetailsArray.length);
        X500Name x500Name = null;
        byte[] bArr = null;
        for (RevDetails revDetails : revDetailsArray) {
            CertTemplate certDetails = revDetails.getCertDetails();
            X500Name issuer = certDetails.getIssuer();
            if (issuer == null) {
                return buildErrorMsgPkiBody(PKIStatus.rejection, 1048576, "issuer is not present");
            }
            if (x500Name == null) {
                x500Name = issuer;
            } else if (!x500Name.equals(issuer)) {
                return buildErrorMsgPkiBody(PKIStatus.rejection, 1048576, "not all issuers are of the same");
            }
            if (certDetails.getSerialNumber() == null) {
                return buildErrorMsgPkiBody(PKIStatus.rejection, 1048576, "serialNumber is not present");
            }
            BigInteger value = certDetails.getSerialNumber().getValue();
            if (certDetails.getSigningAlg() != null || certDetails.getValidity() != null || certDetails.getSubject() != null || certDetails.getPublicKey() != null || certDetails.getIssuerUID() != null || certDetails.getSubjectUID() != null) {
                return buildErrorMsgPkiBody(PKIStatus.rejection, 1048576, "only version, issuer and serialNumber in RevDetails.certDetails are allowed, but more is specified");
            }
            if (certDetails.getExtensions() != null) {
                Extensions extensions = certDetails.getExtensions();
                ASN1Primitive[] criticalExtensionOIDs = extensions.getCriticalExtensionOIDs();
                if (criticalExtensionOIDs != null) {
                    for (ASN1Primitive aSN1Primitive : criticalExtensionOIDs) {
                        if (!Extension.authorityKeyIdentifier.equals(aSN1Primitive)) {
                            return buildErrorMsgPkiBody(PKIStatus.rejection, 1048576, "unknown critical extension " + aSN1Primitive.getId());
                        }
                    }
                }
                Extension extension = extensions.getExtension(Extension.authorityKeyIdentifier);
                if (extension != null) {
                    AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(extension.getParsedValue());
                    if (authorityKeyIdentifier.getKeyIdentifier() == null) {
                        return buildErrorMsgPkiBody(PKIStatus.rejection, 1048576, "issuer's AKI not present");
                    }
                    if (bArr == null) {
                        bArr = authorityKeyIdentifier.getKeyIdentifier();
                    } else if (!Arrays.equals(bArr, authorityKeyIdentifier.getKeyIdentifier())) {
                        return buildErrorMsgPkiBody(PKIStatus.rejection, 1048576, "not all AKIs are of the same");
                    }
                }
            }
            if (z) {
                Instant instant = null;
                Extensions crlEntryDetails = revDetails.getCrlEntryDetails();
                if (crlEntryDetails != null) {
                    ASN1Encodable extensionParsedValue = crlEntryDetails.getExtensionParsedValue(Extension.reasonCode);
                    r24 = extensionParsedValue != null ? CrlReason.forReasonCode(ASN1Enumerated.getInstance(extensionParsedValue).getValue().intValue()) : null;
                    ASN1Encodable extensionParsedValue2 = crlEntryDetails.getExtensionParsedValue(Extension.invalidityDate);
                    if (extensionParsedValue2 != null) {
                        try {
                            instant = ASN1GeneralizedTime.getInstance(extensionParsedValue2).getDate().toInstant();
                        } catch (ParseException e) {
                            return buildErrorMsgPkiBody(PKIStatus.rejection, 1048576, "invalid extension InvalidityDate");
                        }
                    }
                }
                if (r24 == null) {
                    r24 = CrlReason.UNSPECIFIED;
                }
                auditEvent.addEventData("reason", r24);
                arrayList.add(new RevokeCertRequestEntry(value, r24, instant == null ? null : Long.valueOf(instant.getEpochSecond())));
            } else {
                arrayList2.add(value);
            }
            auditEvent.addEventData("serial", LogUtil.formatCsn(value));
        }
        if (z) {
            RevokeCertsRequest revokeCertsRequest = new RevokeCertsRequest();
            revokeCertsRequest.setEntries((RevokeCertRequestEntry[]) arrayList.toArray(new RevokeCertRequestEntry[0]));
            revokeCertsRequest.setIssuer(new X500NameType(x500Name));
            revokeCertsRequest.setAuthorityKeyIdentifier(bArr);
            entries = this.sdk.revokeCerts(revokeCertsRequest).getEntries();
        } else {
            UnsuspendOrRemoveRequest unsuspendOrRemoveRequest = new UnsuspendOrRemoveRequest();
            unsuspendOrRemoveRequest.setEntries((BigInteger[]) arrayList2.toArray(new BigInteger[0]));
            unsuspendOrRemoveRequest.setIssuer(new X500NameType(x500Name));
            unsuspendOrRemoveRequest.setAuthorityKeyIdentifier(bArr);
            entries = this.sdk.unsuspendCerts(unsuspendOrRemoveRequest).getEntries();
        }
        GeneralName generalName = new GeneralName(x500Name);
        RevRepContentBuilder revRepContentBuilder = new RevRepContentBuilder();
        for (SingleCertSerialEntry singleCertSerialEntry : entries) {
            ErrorEntry error = singleCertSerialEntry.getError();
            revRepContentBuilder.add(error == null ? new PKIStatusInfo(PKIStatus.granted) : buildPKIStatusInfo(error.getCode(), error.getMessage()), new CertId(generalName, singleCertSerialEntry.getSerialNumber()));
        }
        return new PKIBody(12, revRepContentBuilder.build());
    }

    @Override // org.xipki.ca.gateway.cmp.BaseCmpResponder
    protected PKIBody confirmCertificates(String str, ASN1OctetString aSN1OctetString, CertConfirmContent certConfirmContent) throws SdkErrorResponseException {
        int intValue;
        CertStatus[] certStatusArray = certConfirmContent.toCertStatusArray();
        ConfirmCertRequestEntry[] confirmCertRequestEntryArr = new ConfirmCertRequestEntry[certStatusArray.length];
        for (int i = 0; i < confirmCertRequestEntryArr.length; i++) {
            CertStatus certStatus = certStatusArray[i];
            PKIStatusInfo statusInfo = certStatus.getStatusInfo();
            boolean z = true;
            if (statusInfo != null && 0 != (intValue = statusInfo.getStatus().intValue()) && 1 != intValue) {
                z = false;
            }
            confirmCertRequestEntryArr[i] = new ConfirmCertRequestEntry(z, certStatus.getCertReqId().getValue(), certStatus.getCertHash().getOctets());
        }
        try {
            this.sdk.confirmCerts(str, new ConfirmCertsRequest(Hex.encode(aSN1OctetString.getOctets()), confirmCertRequestEntryArr));
            return new PKIBody(19, DERNull.INSTANCE);
        } catch (IOException e) {
            return new PKIBody(23, new ErrorMsgContent(new PKIStatusInfo(PKIStatus.rejection, (PKIFreeText) null, new PKIFailureInfo(1073741824))));
        }
    }

    @Override // org.xipki.ca.gateway.cmp.BaseCmpResponder
    protected PKIBody revokePendingCertificates(String str, ASN1OctetString aSN1OctetString) throws SdkErrorResponseException {
        try {
            this.sdk.revokePendingCerts(str, Hex.encode(aSN1OctetString.getOctets()));
            return new PKIBody(19, DERNull.INSTANCE);
        } catch (IOException e) {
            return new PKIBody(23, new ErrorMsgContent(new PKIStatusInfo(PKIStatus.rejection, (PKIFreeText) null, new PKIFailureInfo(1073741824))));
        }
    }

    @Override // org.xipki.ca.gateway.cmp.BaseCmpResponder
    protected PKIBody cmpEnrollCert(String str, String str2, boolean z, PKIMessage pKIMessage, PKIHeaderBuilder pKIHeaderBuilder, PKIHeader pKIHeader, PKIBody pKIBody, Requestor requestor, ASN1OctetString aSN1OctetString, AuditEvent auditEvent) throws InsufficientPermissionException, SdkErrorResponseException {
        PKIBody pKIBody2;
        InfoTypeAndValue infoTypeAndValue;
        if (str2 != null) {
            str2 = str2.toLowerCase(Locale.ROOT);
        }
        Duration confirmWaitTime = this.cmpControl.getConfirmWaitTime();
        int type = pKIBody.getType();
        try {
            if (type == 0) {
                checkPermission(requestor, 1);
                pKIBody2 = new PKIBody(1, processCertReqMessages(str, str2, z, pKIMessage, requestor, aSN1OctetString, CertReqMessages.getInstance(pKIBody.getContent()), auditEvent));
            } else if (type == 2) {
                checkPermission(requestor, 1);
                pKIBody2 = new PKIBody(3, processCertReqMessages(str, str2, z, pKIMessage, requestor, aSN1OctetString, CertReqMessages.getInstance(pKIBody.getContent()), auditEvent));
            } else if (type == 7) {
                checkPermission(requestor, 16);
                pKIBody2 = new PKIBody(8, processCertReqMessages(str, str2, z, pKIMessage, requestor, aSN1OctetString, CertReqMessages.getInstance(pKIBody.getContent()), auditEvent));
            } else if (type == 4) {
                checkPermission(requestor, 1);
                pKIBody2 = processP10cr(str, str2, requestor, aSN1OctetString, pKIHeader, X509Util.parseCsrInRequest(pKIBody.getContent()), auditEvent);
            } else {
                if (type != 13) {
                    throw new IllegalStateException("should not reach here");
                }
                checkPermission(requestor, 128);
                pKIBody2 = new PKIBody(14, processCertReqMessages(str, str2, z, pKIMessage, requestor, aSN1OctetString, CertReqMessages.getInstance(pKIBody.getContent()), auditEvent));
            }
            if (this.cmpControl.isConfirmCert() || !CmpUtil.isImplicitConfirm(pKIHeader)) {
                Instant now = Instant.now();
                pKIHeaderBuilder.setMessageTime(new ASN1GeneralizedTime(Date.from(now)));
                infoTypeAndValue = new InfoTypeAndValue(CMPObjectIdentifiers.it_confirmWaitTime, new ASN1GeneralizedTime(Date.from((Instant) confirmWaitTime.addTo(now))));
            } else {
                infoTypeAndValue = CmpUtil.getImplicitConfirmGeneralInfo();
            }
            pKIHeaderBuilder.setGeneralInfo(infoTypeAndValue);
            return pKIBody2;
        } catch (OperationException | IOException e) {
            LogUtil.error(LOG, e);
            return buildErrorMsgPkiBody(PKIStatus.rejection, 1073741824, null);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:65:0x009d, code lost:
    
        return buildErrorMsgPkiBody(org.bouncycastle.asn1.cmp.PKIStatus.rejection, 32, "invalid CRLReason " + r27);
     */
    @Override // org.xipki.ca.gateway.cmp.BaseCmpResponder
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected org.bouncycastle.asn1.cmp.PKIBody cmpUnRevokeCertificates(java.lang.String r11, org.bouncycastle.asn1.cmp.PKIMessage r12, org.bouncycastle.asn1.cmp.PKIHeaderBuilder r13, org.bouncycastle.asn1.cmp.PKIHeader r14, org.bouncycastle.asn1.cmp.PKIBody r15, org.xipki.ca.gateway.Requestor r16, org.xipki.audit.AuditEvent r17) throws org.xipki.ca.sdk.SdkErrorResponseException {
        /*
            Method dump skipped, instructions count: 398
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.xipki.ca.gateway.cmp.CmpResponder.cmpUnRevokeCertificates(java.lang.String, org.bouncycastle.asn1.cmp.PKIMessage, org.bouncycastle.asn1.cmp.PKIHeaderBuilder, org.bouncycastle.asn1.cmp.PKIHeader, org.bouncycastle.asn1.cmp.PKIBody, org.xipki.ca.gateway.Requestor, org.xipki.audit.AuditEvent):org.bouncycastle.asn1.cmp.PKIBody");
    }
}
