package org.xipki.security.cmp;

import java.util.Date;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.cmp.CMPObjectIdentifiers;
import org.bouncycastle.asn1.cmp.InfoTypeAndValue;
import org.bouncycastle.asn1.cmp.PBMParameter;
import org.bouncycastle.asn1.cmp.PKIFreeText;
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.asn1.crmf.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.cert.cmp.CMPException;
import org.bouncycastle.cert.cmp.ProtectedPKIMessage;
import org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder;
import org.bouncycastle.cert.crmf.CRMFException;
import org.bouncycastle.cert.crmf.PKMACBuilder;
import org.bouncycastle.cert.crmf.jcajce.JcePKMACValuesCalculator;
import org.xipki.security.ConcurrentBagEntrySigner;
import org.xipki.security.ConcurrentContentSigner;
import org.xipki.security.NoIdleSignerException;
import org.xipki.util.Args;

/* loaded from: input_file:WEB-INF/lib/security-5.0.0.jar:org/xipki/security/cmp/CmpUtil.class */
public class CmpUtil {
    private CmpUtil() {
    }

    public static PKIMessage addProtection(PKIMessage pKIMessage, ConcurrentContentSigner concurrentContentSigner, GeneralName generalName, boolean z) throws CMPException, NoIdleSignerException {
        GeneralName generalName2;
        Args.notNull(pKIMessage, "pkiMessage");
        Args.notNull(concurrentContentSigner, "signer");
        if (generalName != null) {
            generalName2 = generalName;
        } else {
            if (concurrentContentSigner.getCertificate() == null) {
                throw new IllegalArgumentException("signer without certificate is not allowed");
            }
            generalName2 = new GeneralName(X500Name.getInstance(concurrentContentSigner.getCertificate().getSubjectX500Principal().getEncoded()));
        }
        ProtectedPKIMessageBuilder newProtectedPKIMessageBuilder = newProtectedPKIMessageBuilder(pKIMessage, generalName2, null);
        if (z) {
            newProtectedPKIMessageBuilder.addCMPCertificate(concurrentContentSigner.getBcCertificate());
        }
        ConcurrentBagEntrySigner borrowSigner = concurrentContentSigner.borrowSigner();
        try {
            ProtectedPKIMessage build = newProtectedPKIMessageBuilder.build(borrowSigner.value());
            concurrentContentSigner.requiteSigner(borrowSigner);
            return build.toASN1Structure();
        } catch (Throwable th) {
            concurrentContentSigner.requiteSigner(borrowSigner);
            throw th;
        }
    }

    public static PKIMessage addProtection(PKIMessage pKIMessage, char[] cArr, PBMParameter pBMParameter, GeneralName generalName, byte[] bArr) throws CMPException {
        ProtectedPKIMessageBuilder newProtectedPKIMessageBuilder = newProtectedPKIMessageBuilder(pKIMessage, generalName, bArr);
        try {
            PKMACBuilder pKMACBuilder = new PKMACBuilder(new JcePKMACValuesCalculator());
            pKMACBuilder.setParameters(pBMParameter);
            return newProtectedPKIMessageBuilder.build(pKMACBuilder.build(cArr)).toASN1Structure();
        } catch (CRMFException e) {
            throw new CMPException(e.getMessage(), e);
        }
    }

    private static ProtectedPKIMessageBuilder newProtectedPKIMessageBuilder(PKIMessage pKIMessage, GeneralName generalName, byte[] bArr) throws CMPException {
        PKIHeader header = pKIMessage.getHeader();
        ProtectedPKIMessageBuilder protectedPKIMessageBuilder = new ProtectedPKIMessageBuilder(generalName, header.getRecipient());
        PKIFreeText freeText = header.getFreeText();
        if (freeText != null) {
            protectedPKIMessageBuilder.setFreeText(freeText);
        }
        InfoTypeAndValue[] generalInfo = header.getGeneralInfo();
        if (generalInfo != null) {
            for (InfoTypeAndValue infoTypeAndValue : generalInfo) {
                protectedPKIMessageBuilder.addGeneralInfo(infoTypeAndValue);
            }
        }
        ASN1OctetString recipKID = header.getRecipKID();
        if (recipKID != null) {
            protectedPKIMessageBuilder.setRecipKID(recipKID.getOctets());
        }
        ASN1OctetString recipNonce = header.getRecipNonce();
        if (recipNonce != null) {
            protectedPKIMessageBuilder.setRecipNonce(recipNonce.getOctets());
        }
        if (bArr != null) {
            protectedPKIMessageBuilder.setSenderKID(bArr);
        }
        ASN1OctetString senderNonce = header.getSenderNonce();
        if (senderNonce != null) {
            protectedPKIMessageBuilder.setSenderNonce(senderNonce.getOctets());
        }
        ASN1OctetString transactionID = header.getTransactionID();
        if (transactionID != null) {
            protectedPKIMessageBuilder.setTransactionID(transactionID.getOctets());
        }
        if (header.getMessageTime() != null) {
            protectedPKIMessageBuilder.setMessageTime(new Date());
        }
        protectedPKIMessageBuilder.setBody(pKIMessage.getBody());
        return protectedPKIMessageBuilder;
    }

    public static boolean isImplictConfirm(PKIHeader pKIHeader) {
        Args.notNull(pKIHeader, "header");
        InfoTypeAndValue[] generalInfo = pKIHeader.getGeneralInfo();
        if (generalInfo == null) {
            return false;
        }
        for (InfoTypeAndValue infoTypeAndValue : generalInfo) {
            if (CMPObjectIdentifiers.it_implicitConfirm.equals(infoTypeAndValue.getInfoType())) {
                return true;
            }
        }
        return false;
    }

    public static InfoTypeAndValue getImplictConfirmGeneralInfo() {
        return new InfoTypeAndValue(CMPObjectIdentifiers.it_implicitConfirm, DERNull.INSTANCE);
    }

    public static CmpUtf8Pairs extract(InfoTypeAndValue[] infoTypeAndValueArr) {
        if (infoTypeAndValueArr == null) {
            return null;
        }
        for (InfoTypeAndValue infoTypeAndValue : infoTypeAndValueArr) {
            if (CMPObjectIdentifiers.regInfo_utf8Pairs.equals(infoTypeAndValue.getInfoType())) {
                return new CmpUtf8Pairs(((ASN1String) infoTypeAndValue.getInfoValue()).getString());
            }
        }
        return null;
    }

    public static CmpUtf8Pairs extract(AttributeTypeAndValue[] attributeTypeAndValueArr) {
        if (attributeTypeAndValueArr == null) {
            return null;
        }
        for (AttributeTypeAndValue attributeTypeAndValue : attributeTypeAndValueArr) {
            if (CMPObjectIdentifiers.regInfo_utf8Pairs.equals(attributeTypeAndValue.getType())) {
                return new CmpUtf8Pairs(((ASN1String) attributeTypeAndValue.getValue()).getString());
            }
        }
        return null;
    }

    public static InfoTypeAndValue buildInfoTypeAndValue(CmpUtf8Pairs cmpUtf8Pairs) {
        Args.notNull(cmpUtf8Pairs, "utf8Pairs");
        return new InfoTypeAndValue(CMPObjectIdentifiers.regInfo_utf8Pairs, new DERUTF8String(cmpUtf8Pairs.encoded()));
    }

    public static AttributeTypeAndValue buildAttributeTypeAndValue(CmpUtf8Pairs cmpUtf8Pairs) {
        Args.notNull(cmpUtf8Pairs, "utf8Pairs");
        return new AttributeTypeAndValue(CMPObjectIdentifiers.regInfo_utf8Pairs, new DERUTF8String(cmpUtf8Pairs.encoded()));
    }
}
