package org.xipki.qa.ca;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.parser.Feature;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.handler.codec.http.DefaultFullHttpRequest;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.FullHttpResponse;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.HttpVersion;
import io.netty.handler.ssl.SslContext;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.util.Date;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicLong;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.cmp.CMPObjectIdentifiers;
import org.bouncycastle.asn1.cmp.CertRepMessage;
import org.bouncycastle.asn1.cmp.CertResponse;
import org.bouncycastle.asn1.cmp.ErrorMsgContent;
import org.bouncycastle.asn1.cmp.InfoTypeAndValue;
import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIHeaderBuilder;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.asn1.cmp.PKIStatusInfo;
import org.bouncycastle.asn1.crmf.AttributeTypeAndValue;
import org.bouncycastle.asn1.crmf.CertReqMessages;
import org.bouncycastle.asn1.crmf.CertReqMsg;
import org.bouncycastle.asn1.crmf.CertRequest;
import org.bouncycastle.asn1.crmf.CertTemplateBuilder;
import org.bouncycastle.asn1.crmf.Controls;
import org.bouncycastle.asn1.crmf.ProofOfPossession;
import org.bouncycastle.asn1.x509.GeneralName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.qa.BenchmarkHttpClient;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;
import org.xipki.util.BenchmarkExecutor;
import org.xipki.util.InvalidConfException;
import org.xipki.util.ValidatableConf;

/* loaded from: input_file:org/xipki/qa/ca/CaEnrollBenchmark.class */
public class CaEnrollBenchmark extends BenchmarkExecutor implements BenchmarkHttpClient.ResponseHandler {
    private static final String CONf_FILE = "xipki/ca-qa/qa-benchmark-conf.json";
    private static final String REQUEST_MIMETYPE = "application/pkixcmp";
    private static final String RESPONSE_MIMETYPE = "application/pkixcmp";
    private static final ProofOfPossession RA_VERIFIED = new ProofOfPossession();
    private static final InfoTypeAndValue IMPLICIT_CONFIRM = new InfoTypeAndValue(CMPObjectIdentifiers.it_implicitConfirm, DERNull.INSTANCE);
    private static final Logger LOG = LoggerFactory.getLogger(CaEnrollBenchmark.class);
    private final CaEnrollBenchEntry benchmarkEntry;
    private final AtomicLong index;
    private final SecureRandom random;
    private final int num;
    private final int queueSize;
    private final AtomicInteger processedRequests;
    private final Conf conf;
    private final String caHost;
    private final int caPort;
    private final int maxRequests;
    private final SslContext sslContext;
    private final boolean caGenKeyPair;

    /* loaded from: input_file:org/xipki/qa/ca/CaEnrollBenchmark$Conf.class */
    public static class Conf extends ValidatableConf {
        private String caUrl;
        private String requestorCert;
        private String responderCert;
        private BenchmarkHttpClient.SslConf ssl;
        private GeneralName requestor;
        private GeneralName responder;

        public String getCaUrl() {
            return this.caUrl;
        }

        public void setCaUrl(String str) {
            this.caUrl = str;
        }

        public String getRequestorCert() {
            return this.requestorCert;
        }

        public void setRequestorCert(String str) {
            this.requestorCert = str;
        }

        public String getResponderCert() {
            return this.responderCert;
        }

        public void setResponderCert(String str) {
            this.responderCert = str;
        }

        public BenchmarkHttpClient.SslConf getSsl() {
            return this.ssl;
        }

        public void setSsl(BenchmarkHttpClient.SslConf sslConf) {
            this.ssl = sslConf;
        }

        public GeneralName requestor() throws CertificateException, IOException {
            if (this.requestor == null && this.requestorCert != null) {
                this.requestor = new GeneralName(X509Util.parseCert(new File(this.requestorCert)).getSubject());
            }
            return this.requestor;
        }

        public GeneralName responder() throws CertificateException, IOException {
            if (this.responder == null && this.responderCert != null) {
                this.responder = new GeneralName(X509Util.parseCert(new File(this.responderCert)).getSubject());
            }
            return this.responder;
        }

        public void validate() throws InvalidConfException {
            notBlank(this.requestorCert, "requestorCert");
            notBlank(this.responderCert, "responderCert");
            notBlank(this.caUrl, "caUrl");
            notNull(this.ssl, "ssl");
            validate(this.ssl);
        }
    }

    /* loaded from: input_file:org/xipki/qa/ca/CaEnrollBenchmark$Testor.class */
    class Testor implements Runnable {
        private final BenchmarkHttpClient httpClient;

        public Testor() {
            this.httpClient = new BenchmarkHttpClient(CaEnrollBenchmark.this.caHost, CaEnrollBenchmark.this.caPort, CaEnrollBenchmark.this.sslContext, CaEnrollBenchmark.this, CaEnrollBenchmark.this.queueSize);
            this.httpClient.start();
        }

        @Override // java.lang.Runnable
        public void run() {
            PKIMessage nextCertRequest;
            while (!CaEnrollBenchmark.this.stop() && CaEnrollBenchmark.this.getErrorAccout() < 1) {
                try {
                    try {
                        nextCertRequest = CaEnrollBenchmark.this.nextCertRequest();
                    } catch (IOException | CertificateException | BenchmarkHttpClient.HttpClientException e) {
                        CaEnrollBenchmark.LOG.warn("exception", e);
                        CaEnrollBenchmark.this.account(1L, 1L);
                    }
                } catch (Error | RuntimeException e2) {
                    CaEnrollBenchmark.LOG.warn("unexpected exception", e2);
                    CaEnrollBenchmark.this.account(1L, 1L);
                }
                if (nextCertRequest == null) {
                    break;
                } else {
                    testNext(nextCertRequest);
                }
            }
            try {
                this.httpClient.shutdown();
            } catch (Exception e3) {
                CaEnrollBenchmark.LOG.warn("got IOException in requestor.stop()", e3);
            }
        }

        private void testNext(PKIMessage pKIMessage) throws BenchmarkHttpClient.HttpClientException, IOException {
            ByteBuf wrappedBuffer = Unpooled.wrappedBuffer(pKIMessage.getEncoded());
            FullHttpRequest defaultFullHttpRequest = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.POST, CaEnrollBenchmark.this.conf.caUrl, wrappedBuffer);
            defaultFullHttpRequest.headers().addInt(HttpHeaderNames.CONTENT_LENGTH, wrappedBuffer.readableBytes()).add(HttpHeaderNames.CONTENT_TYPE, "application/pkixcmp");
            this.httpClient.send(defaultFullHttpRequest);
        }
    }

    public CaEnrollBenchmark(CaEnrollBenchEntry caEnrollBenchEntry, int i, int i2, int i3, String str) throws IOException, InvalidConfException {
        super(str);
        this.random = new SecureRandom();
        this.processedRequests = new AtomicInteger(0);
        this.maxRequests = i;
        this.num = Args.positive(i2, "num");
        this.benchmarkEntry = (CaEnrollBenchEntry) Args.notNull(caEnrollBenchEntry, "benchmarkEntry");
        this.index = new AtomicLong(getSecureIndex());
        this.queueSize = i3;
        this.caGenKeyPair = caEnrollBenchEntry.getSubjectPublicKeyInfo() == null;
        InputStream newInputStream = Files.newInputStream(Paths.get(CONf_FILE, new String[0]), new OpenOption[0]);
        Throwable th = null;
        try {
            Conf conf = (Conf) JSON.parseObject(newInputStream, Conf.class, new Feature[0]);
            conf.validate();
            this.conf = conf;
            try {
                this.sslContext = conf.getSsl().buildSslContext();
                try {
                    URI uri = new URI(this.conf.getCaUrl());
                    int port = uri.getPort();
                    if (port == -1) {
                        port = uri.getScheme().equalsIgnoreCase("https") ? 443 : 80;
                    }
                    this.caHost = uri.getHost();
                    this.caPort = port;
                    if (newInputStream != null) {
                        if (0 == 0) {
                            newInputStream.close();
                            return;
                        }
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                } catch (URISyntaxException e) {
                    throw new InvalidConfException(e.getMessage(), e);
                }
            } catch (GeneralSecurityException e2) {
                throw new InvalidConfException(e2.getMessage(), e2);
            }
        } catch (Throwable th3) {
            if (newInputStream != null) {
                if (0 != 0) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th3;
        }
    }

    protected Runnable getTestor() throws Exception {
        return new Testor();
    }

    protected long getRealAccount(long j) {
        return this.num * j;
    }

    public PKIMessage nextCertRequest() throws IOException, CertificateException {
        if (this.maxRequests > 0 && this.processedRequests.getAndAdd(1) >= this.maxRequests) {
            return null;
        }
        CertReqMsg[] certReqMsgArr = new CertReqMsg[this.num];
        for (int i = 0; i < this.num; i++) {
            CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
            certTemplateBuilder.setSubject(this.benchmarkEntry.getX500Name(this.index.getAndIncrement()));
            if (!this.caGenKeyPair) {
                certTemplateBuilder.setPublicKey(this.benchmarkEntry.getSubjectPublicKeyInfo());
            }
            CertRequest certRequest = new CertRequest(new ASN1Integer(i + 1), certTemplateBuilder.build(), (Controls) null);
            String str = "certprofile?" + this.benchmarkEntry.getCertprofile() + "%";
            if (this.caGenKeyPair) {
                str = str + "ca-generate-keypair?true%";
            }
            certReqMsgArr[i] = new CertReqMsg(certRequest, RA_VERIFIED, new AttributeTypeAndValue[]{new AttributeTypeAndValue(CMPObjectIdentifiers.regInfo_utf8Pairs, new DERUTF8String(str))});
        }
        PKIHeaderBuilder pKIHeaderBuilder = new PKIHeaderBuilder(2, this.conf.requestor(), this.conf.responder());
        pKIHeaderBuilder.setMessageTime(new ASN1GeneralizedTime(new Date()));
        pKIHeaderBuilder.setTransactionID(randomBytes(8));
        pKIHeaderBuilder.setSenderNonce(randomBytes(8));
        pKIHeaderBuilder.setGeneralInfo(IMPLICIT_CONFIRM);
        return new PKIMessage(pKIHeaderBuilder.build(), new PKIBody(2, new CertReqMessages(certReqMsgArr)));
    }

    @Override // org.xipki.qa.BenchmarkHttpClient.ResponseHandler
    public void onComplete(FullHttpResponse fullHttpResponse) {
        boolean z;
        try {
            z = onComplete0(fullHttpResponse);
        } catch (Throwable th) {
            LOG.warn("unexpected exception", th);
            z = false;
        }
        account(1L, z ? 0L : 1L);
    }

    private boolean onComplete0(FullHttpResponse fullHttpResponse) {
        if (fullHttpResponse == null) {
            LOG.warn("bad response: response is null");
            return false;
        }
        if (fullHttpResponse.decoderResult().isFailure()) {
            LOG.warn("failed: {}", fullHttpResponse.decoderResult());
            return false;
        }
        if (fullHttpResponse.status().code() != HttpResponseStatus.OK.code()) {
            LOG.warn("bad response: {}", fullHttpResponse.status());
            return false;
        }
        String str = fullHttpResponse.headers().get("Content-Type");
        if (str == null) {
            LOG.warn("bad response: mandatory Content-Type not specified");
            return false;
        }
        if (!str.equalsIgnoreCase("application/pkixcmp")) {
            LOG.warn("bad response: Content-Type {} unsupported", str);
            return false;
        }
        ByteBuf content = fullHttpResponse.content();
        if (content == null || content.readableBytes() == 0) {
            LOG.warn("no body in response");
            return false;
        }
        byte[] bArr = new byte[content.readableBytes()];
        content.getBytes(content.readerIndex(), bArr);
        try {
            parseEnrollCertResult(PKIMessage.getInstance(bArr), 3, this.num);
            return true;
        } catch (Throwable th) {
            LOG.warn("exception while parsing response", th);
            return false;
        }
    }

    private void parseEnrollCertResult(PKIMessage pKIMessage, int i, int i2) throws Exception {
        PKIBody body = pKIMessage.getBody();
        int type = body.getType();
        if (23 == type) {
            throw new Exception("Server returned PKIStatus: " + buildText(ErrorMsgContent.getInstance(body.getContent()).getPKIStatusInfo()));
        }
        if (i != type) {
            throw new Exception(String.format("unknown PKI body type %s instead the expected [%s, %s]", Integer.valueOf(type), Integer.valueOf(i), 23));
        }
        CertResponse[] response = CertRepMessage.getInstance(body.getContent()).getResponse();
        if (response.length != i2) {
            throw new Exception("expected " + i2 + " CertResponse, but returned " + response.length);
        }
        for (int i3 = 0; i3 < i2; i3++) {
            CertResponse certResponse = response[i3];
            PKIStatusInfo status = certResponse.getStatus();
            int intValue = status.getStatus().intValue();
            BigInteger value = certResponse.getCertReqId().getValue();
            if (intValue != 0 && intValue != 1) {
                throw new Exception("CertReqId " + value + ": server returned PKIStatus: " + buildText(status));
            }
        }
    }

    @Override // org.xipki.qa.BenchmarkHttpClient.ResponseHandler
    public void onError() {
        account(1L, 1L);
    }

    private byte[] randomBytes(int i) {
        byte[] bArr = new byte[i];
        this.random.nextBytes(bArr);
        return bArr;
    }

    private static String buildText(PKIStatusInfo pKIStatusInfo) {
        int intValue = pKIStatusInfo.getStatus().intValue();
        switch (intValue) {
            case 0:
                return "accepted (0)";
            case 1:
                return "grantedWithMods (1)";
            case 2:
                return "rejection (2)";
            case 3:
                return "waiting (3)";
            case 4:
                return "revocationWarning (4)";
            case 5:
                return "revocationNotification (5)";
            case 6:
                return "keyUpdateWarning (6)";
            default:
                return Integer.toString(intValue);
        }
    }
}
