package org.xipki.scep.message;

import java.io.IOException;
import java.security.PrivateKey;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.cms.CMSAbsentContent;
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
import org.bouncycastle.cms.KeyTransRecipientInfoGenerator;
import org.bouncycastle.cms.SimpleAttributeTableGenerator;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JceAsymmetricKeyWrapper;
import org.xipki.scep.transaction.FailInfo;
import org.xipki.scep.transaction.MessageType;
import org.xipki.scep.transaction.Nonce;
import org.xipki.scep.transaction.PkiStatus;
import org.xipki.scep.transaction.TransactionId;
import org.xipki.scep.util.ScepConstants;
import org.xipki.scep.util.ScepUtil;
import org.xipki.security.SignAlgo;
import org.xipki.security.X509Cert;
import org.xipki.util.Args;
import org.xipki.util.CollectionUtil;

/* loaded from: input_file:org/xipki/scep/message/PkiMessage.class */
public class PkiMessage {
    private static final Set<ASN1ObjectIdentifier> SCEP_ATTR_TYPES = CollectionUtil.asSet(new ASN1ObjectIdentifier[]{ScepConstants.ID_FAILINFO, ScepConstants.ID_MESSAGE_TYPE, ScepConstants.ID_PKI_STATUS, ScepConstants.ID_RECIPIENT_NONCE, ScepConstants.ID_SENDER_NONCE, ScepConstants.ID_TRANSACTION_ID, ScepConstants.ID_SCEP_FAILINFOTEXT, CMSAttributes.signingTime});
    private final Map<ASN1ObjectIdentifier, ASN1Encodable> signedAttributes;
    private final Map<ASN1ObjectIdentifier, ASN1Encodable> unsignedAttributes;
    private final MessageType messageType;
    private final Nonce senderNonce;
    private final TransactionId transactionId;
    private Nonce recipientNonce;
    private PkiStatus pkiStatus;
    private FailInfo failInfo;
    private String failInfoText;
    private ASN1Encodable messageData;

    public PkiMessage(TransactionId transactionId, MessageType messageType) {
        this(transactionId, messageType, Nonce.randomNonce());
    }

    public PkiMessage(TransactionId transactionId, MessageType messageType, Nonce nonce) {
        this.signedAttributes = new HashMap();
        this.unsignedAttributes = new HashMap();
        this.transactionId = (TransactionId) Args.notNull(transactionId, "transactionId");
        this.messageType = (MessageType) Args.notNull(messageType, "messageType");
        this.senderNonce = (Nonce) Args.notNull(nonce, "senderNonce");
    }

    public TransactionId getTransactionId() {
        return this.transactionId;
    }

    public Nonce getSenderNonce() {
        return this.senderNonce;
    }

    public MessageType getMessageType() {
        return this.messageType;
    }

    public Nonce getRecipientNonce() {
        return this.recipientNonce;
    }

    public void setRecipientNonce(Nonce nonce) {
        this.recipientNonce = nonce;
    }

    public PkiStatus getPkiStatus() {
        return this.pkiStatus;
    }

    public void setPkiStatus(PkiStatus pkiStatus) {
        this.pkiStatus = pkiStatus;
    }

    public FailInfo getFailInfo() {
        return this.failInfo;
    }

    public void setFailInfo(FailInfo failInfo) {
        this.failInfo = failInfo;
    }

    public String getFailInfoText() {
        return this.failInfoText;
    }

    public void setFailInfoText(String str) {
        this.failInfoText = str;
    }

    public ASN1Encodable getMessageData() {
        return this.messageData;
    }

    public void setMessageData(ASN1Encodable aSN1Encodable) {
        this.messageData = aSN1Encodable;
    }

    public ASN1Encodable addSignendAttribute(ASN1ObjectIdentifier aSN1ObjectIdentifier, ASN1Encodable aSN1Encodable) {
        if (SCEP_ATTR_TYPES.contains(aSN1ObjectIdentifier)) {
            throw new IllegalArgumentException("Adding SCEP attribute via addSignedAttribute() method is not permitted");
        }
        return this.signedAttributes.put(aSN1ObjectIdentifier, aSN1Encodable);
    }

    public ASN1Encodable addUnsignendAttribute(ASN1ObjectIdentifier aSN1ObjectIdentifier, ASN1Encodable aSN1Encodable) {
        return this.unsignedAttributes.put(aSN1ObjectIdentifier, aSN1Encodable);
    }

    public ASN1Encodable removeSignedAttribute(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return this.signedAttributes.remove(aSN1ObjectIdentifier);
    }

    public ASN1Encodable removeUnsignedAttribute(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return this.unsignedAttributes.remove(aSN1ObjectIdentifier);
    }

    public ASN1Encodable getSignedAtrributeValue(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return this.signedAttributes.get(aSN1ObjectIdentifier);
    }

    public ASN1Encodable getUnsignedAtrributeValue(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return this.unsignedAttributes.get(aSN1ObjectIdentifier);
    }

    private AttributeTable getSignedAttributes() {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        addAttribute(aSN1EncodableVector, ScepConstants.ID_MESSAGE_TYPE, new DERPrintableString(Integer.toString(this.messageType.getCode())));
        addAttribute(aSN1EncodableVector, ScepConstants.ID_SENDER_NONCE, new DEROctetString(this.senderNonce.getBytes()));
        addAttribute(aSN1EncodableVector, ScepConstants.ID_TRANSACTION_ID, new DERPrintableString(this.transactionId.getId()));
        if (this.failInfo != null) {
            addAttribute(aSN1EncodableVector, ScepConstants.ID_FAILINFO, new DERPrintableString(Integer.toString(this.failInfo.getCode())));
        }
        if (this.failInfoText != null && !this.failInfoText.isEmpty()) {
            addAttribute(aSN1EncodableVector, ScepConstants.ID_SCEP_FAILINFOTEXT, new DERUTF8String(this.failInfoText));
        }
        if (this.pkiStatus != null) {
            addAttribute(aSN1EncodableVector, ScepConstants.ID_PKI_STATUS, new DERPrintableString(Integer.toString(this.pkiStatus.getCode())));
        }
        if (this.recipientNonce != null) {
            addAttribute(aSN1EncodableVector, ScepConstants.ID_RECIPIENT_NONCE, new DEROctetString(this.recipientNonce.getBytes()));
        }
        for (Map.Entry<ASN1ObjectIdentifier, ASN1Encodable> entry : this.signedAttributes.entrySet()) {
            addAttribute(aSN1EncodableVector, entry.getKey(), entry.getValue());
        }
        return new AttributeTable(aSN1EncodableVector);
    }

    private AttributeTable getUnsignedAttributes() {
        if (this.unsignedAttributes.isEmpty()) {
            return null;
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (Map.Entry<ASN1ObjectIdentifier, ASN1Encodable> entry : this.unsignedAttributes.entrySet()) {
            addAttribute(aSN1EncodableVector, entry.getKey(), entry.getValue());
        }
        return new AttributeTable(aSN1EncodableVector);
    }

    public ContentInfo encode(PrivateKey privateKey, SignAlgo signAlgo, X509Cert x509Cert, X509Cert[] x509CertArr, X509Cert x509Cert2, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws MessageEncodingException {
        Args.notNull(privateKey, "signerKey");
        try {
            return encode(new JcaContentSignerBuilder(signAlgo.getJceName()).build(privateKey), x509Cert, x509CertArr, x509Cert2, aSN1ObjectIdentifier);
        } catch (OperatorCreationException e) {
            throw new MessageEncodingException((Throwable) e);
        }
    }

    public ContentInfo encode(ContentSigner contentSigner, X509Cert x509Cert, X509Cert[] x509CertArr, X509Cert x509Cert2, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws MessageEncodingException {
        CMSAbsentContent cMSProcessableByteArray;
        Args.notNull(contentSigner, "signer");
        Args.notNull(x509Cert, "signerCert");
        if (this.messageData != null) {
            Args.notNull(x509Cert2, "recipientCert");
            Args.notNull(aSN1ObjectIdentifier, "encAlgId");
        }
        if (this.messageData == null) {
            cMSProcessableByteArray = new CMSAbsentContent();
        } else {
            try {
                cMSProcessableByteArray = new CMSProcessableByteArray(CMSObjectIdentifiers.envelopedData, encrypt(x509Cert2, aSN1ObjectIdentifier).getEncoded());
            } catch (IOException e) {
                throw new MessageEncodingException(e);
            }
        }
        try {
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            JcaSignerInfoGeneratorBuilder jcaSignerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new BcDigestCalculatorProvider());
            jcaSignerInfoGeneratorBuilder.setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(getSignedAttributes()));
            AttributeTable unsignedAttributes = getUnsignedAttributes();
            if (unsignedAttributes != null) {
                jcaSignerInfoGeneratorBuilder.setUnsignedAttributeGenerator(new SimpleAttributeTableGenerator(unsignedAttributes));
            }
            ScepUtil.addCmsCertSet(cMSSignedDataGenerator, x509CertArr);
            try {
                cMSSignedDataGenerator.addSignerInfoGenerator(jcaSignerInfoGeneratorBuilder.build(contentSigner, x509Cert.toBcCert()));
                return cMSSignedDataGenerator.generate(cMSProcessableByteArray, true).toASN1Structure();
            } catch (Exception e2) {
                throw new MessageEncodingException(e2);
            }
        } catch (Exception e3) {
            throw new MessageEncodingException(e3);
        }
    }

    private CMSEnvelopedData encrypt(X509Cert x509Cert, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws MessageEncodingException {
        Args.notNull(x509Cert, "recipient");
        Args.notNull(aSN1ObjectIdentifier, "encAlgId");
        try {
            byte[] encoded = this.messageData.toASN1Primitive().getEncoded();
            CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
            CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(encoded);
            cMSEnvelopedDataGenerator.addRecipientInfoGenerator(new KeyTransRecipientInfoGenerator(new IssuerAndSerialNumber(x509Cert.getIssuer(), x509Cert.getSerialNumber()), new JceAsymmetricKeyWrapper(x509Cert.getPublicKey())) { // from class: org.xipki.scep.message.PkiMessage.1
            });
            try {
                return cMSEnvelopedDataGenerator.generate(cMSProcessableByteArray, new JceCMSContentEncryptorBuilder(aSN1ObjectIdentifier).build());
            } catch (CMSException e) {
                throw new MessageEncodingException((Throwable) e);
            }
        } catch (IOException e2) {
            throw new MessageEncodingException(e2);
        }
    }

    private static void addAttribute(ASN1EncodableVector aSN1EncodableVector, ASN1ObjectIdentifier aSN1ObjectIdentifier, ASN1Encodable aSN1Encodable) {
        aSN1EncodableVector.add(new Attribute(aSN1ObjectIdentifier, new DERSet(aSN1Encodable)));
    }
}
