package se.swedenconnect.ca.cmc.api;

import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.ASN1UTF8String;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cmc.BodyPartID;
import org.bouncycastle.asn1.cmc.CMCObjectIdentifiers;
import org.bouncycastle.asn1.cmc.CertificationRequest;
import org.bouncycastle.asn1.cmc.GetCert;
import org.bouncycastle.asn1.cmc.OtherMsg;
import org.bouncycastle.asn1.cmc.PKIData;
import org.bouncycastle.asn1.cmc.RevokeRequest;
import org.bouncycastle.asn1.cmc.TaggedAttribute;
import org.bouncycastle.asn1.cmc.TaggedCertificationRequest;
import org.bouncycastle.asn1.cmc.TaggedContentInfo;
import org.bouncycastle.asn1.cmc.TaggedRequest;
import org.bouncycastle.asn1.crmf.CertReqMsg;
import org.bouncycastle.asn1.x509.CRLReason;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.cert.crmf.CRMFException;
import org.bouncycastle.cert.crmf.CertificateRequestMessage;
import org.bouncycastle.cert.crmf.CertificateRequestMessageBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import se.swedenconnect.ca.cmc.api.data.CMCRequest;
import se.swedenconnect.ca.cmc.auth.CMCUtils;
import se.swedenconnect.ca.cmc.model.request.CMCRequestModel;
import se.swedenconnect.ca.cmc.model.request.CMCRequestType;
import se.swedenconnect.ca.cmc.model.request.impl.CMCAdminRequestModel;
import se.swedenconnect.ca.cmc.model.request.impl.CMCCertificateRequestModel;
import se.swedenconnect.ca.cmc.model.request.impl.CMCGetCertRequestModel;
import se.swedenconnect.ca.cmc.model.request.impl.CMCRevokeRequestModel;
import se.swedenconnect.ca.engine.ca.attribute.AttributeValueEncoder;
import se.swedenconnect.ca.engine.configuration.CAAlgorithmRegistry;

/* loaded from: input_file:se/swedenconnect/ca/cmc/api/CMCRequestFactory.class */
public class CMCRequestFactory {
    private static final SecureRandom RNG = new SecureRandom();
    private final List<X509Certificate> signerCertChain;
    private final ContentSigner signer;

    public CMCRequestFactory(List<X509Certificate> list, ContentSigner contentSigner) {
        this.signerCertChain = list;
        this.signer = contentSigner;
    }

    public CMCRequest getCMCRequest(CMCRequestModel cMCRequestModel) throws CMCMessageException {
        CMCRequest.CMCRequestBuilder builder = CMCRequest.builder();
        CMCRequestType cmcRequestType = cMCRequestModel.getCmcRequestType();
        Date date = new Date();
        builder.cmcRequestType(cmcRequestType).nonce(cMCRequestModel.getNonce());
        PKIData pKIData = null;
        try {
            switch (cmcRequestType) {
                case issueCert:
                    pKIData = createCertRequest((CMCCertificateRequestModel) cMCRequestModel, date);
                    addCertRequestData(pKIData, builder);
                    break;
                case revoke:
                    pKIData = new PKIData(getCertRevocationControlSequence((CMCRevokeRequestModel) cMCRequestModel), new TaggedRequest[0], new TaggedContentInfo[0], new OtherMsg[0]);
                    break;
                case admin:
                    pKIData = createAdminRequest((CMCAdminRequestModel) cMCRequestModel);
                    break;
                case getCert:
                    pKIData = createGetCertRequest((CMCGetCertRequestModel) cMCRequestModel, date);
                    break;
            }
            builder.pkiData(pKIData).cmcRequestBytes(CMCUtils.signEncapsulatedCMSContent(CMCObjectIdentifiers.id_cct_PKIData, pKIData, this.signerCertChain, this.signer));
            return builder.build();
        } catch (Exception e) {
            throw new CMCMessageException("Error generating CMC request", e);
        }
    }

    private PKIData createGetCertRequest(CMCGetCertRequestModel cMCGetCertRequestModel, Date date) {
        return new PKIData(getGetCertsControlSequence(cMCGetCertRequestModel, date), new TaggedRequest[0], new TaggedContentInfo[0], new OtherMsg[0]);
    }

    private TaggedAttribute[] getGetCertsControlSequence(CMCGetCertRequestModel cMCGetCertRequestModel, Date date) {
        ArrayList arrayList = new ArrayList();
        addNonceControl(arrayList, cMCGetCertRequestModel.getNonce());
        addRegistrationInfoControl(arrayList, cMCGetCertRequestModel);
        arrayList.add(getControl(CMCObjectIdentifiers.id_cmc_getCert, new GetCert(new GeneralName(cMCGetCertRequestModel.getIssuerName()), cMCGetCertRequestModel.getSerialNumber())));
        return (TaggedAttribute[]) arrayList.toArray(new TaggedAttribute[0]);
    }

    private PKIData createAdminRequest(CMCAdminRequestModel cMCAdminRequestModel) {
        return new PKIData(getAdminControlSequence(cMCAdminRequestModel), new TaggedRequest[0], new TaggedContentInfo[0], new OtherMsg[0]);
    }

    private TaggedAttribute[] getAdminControlSequence(CMCAdminRequestModel cMCAdminRequestModel) {
        ArrayList arrayList = new ArrayList();
        addNonceControl(arrayList, cMCAdminRequestModel.getNonce());
        addRegistrationInfoControl(arrayList, cMCAdminRequestModel);
        return (TaggedAttribute[]) arrayList.toArray(new TaggedAttribute[0]);
    }

    private PKIData createCertRequest(CMCCertificateRequestModel cMCCertificateRequestModel, Date date) throws NoSuchAlgorithmException, OperatorCreationException, CRMFException, CMCMessageException {
        TaggedRequest taggedRequest;
        BodyPartID bodyPartId = getBodyPartId();
        TaggedAttribute[] certRequestControlSequence = getCertRequestControlSequence(cMCCertificateRequestModel, cMCCertificateRequestModel.getNonce(), bodyPartId);
        PrivateKey certReqPrivate = cMCCertificateRequestModel.getCertReqPrivate();
        if (certReqPrivate != null) {
            taggedRequest = new TaggedRequest(new TaggedCertificationRequest(bodyPartId, CMCUtils.getCertificationRequest(cMCCertificateRequestModel.getCertificateModel(), new JcaContentSignerBuilder(CAAlgorithmRegistry.getSigAlgoName(cMCCertificateRequestModel.getP10Algorithm())).build(certReqPrivate), new AttributeValueEncoder())));
        } else {
            CertificateRequestMessageBuilder cRMFRequestMessageBuilder = CMCUtils.getCRMFRequestMessageBuilder(bodyPartId, cMCCertificateRequestModel.getCertificateModel(), new AttributeValueEncoder());
            extendCertTemplate(cRMFRequestMessageBuilder, cMCCertificateRequestModel);
            taggedRequest = new TaggedRequest(cRMFRequestMessageBuilder.build().toASN1Structure());
        }
        return new PKIData(certRequestControlSequence, new TaggedRequest[]{taggedRequest}, new TaggedContentInfo[0], new OtherMsg[0]);
    }

    protected void extendCertTemplate(CertificateRequestMessageBuilder certificateRequestMessageBuilder, CMCCertificateRequestModel cMCCertificateRequestModel) {
    }

    private static BodyPartID getBodyPartId() {
        return getBodyPartId(new BigInteger(31, RNG).add(BigInteger.ONE));
    }

    private static BodyPartID getBodyPartId(BigInteger bigInteger) {
        return new BodyPartID(Long.parseLong(bigInteger.toString(10)));
    }

    private TaggedAttribute[] getCertRevocationControlSequence(CMCRevokeRequestModel cMCRevokeRequestModel) {
        ArrayList arrayList = new ArrayList();
        addNonceControl(arrayList, cMCRevokeRequestModel.getNonce());
        addRegistrationInfoControl(arrayList, cMCRevokeRequestModel);
        arrayList.add(getControl(CMCObjectIdentifiers.id_cmc_revokeRequest, new RevokeRequest(cMCRevokeRequestModel.getIssuerName(), new ASN1Integer(cMCRevokeRequestModel.getSerialNumber()), CRLReason.lookup(cMCRevokeRequestModel.getReason()), new ASN1GeneralizedTime(cMCRevokeRequestModel.getRevocationDate()), (ASN1OctetString) null, (ASN1UTF8String) null)));
        return (TaggedAttribute[]) arrayList.toArray(new TaggedAttribute[0]);
    }

    private TaggedAttribute[] getCertRequestControlSequence(CMCCertificateRequestModel cMCCertificateRequestModel, byte[] bArr, BodyPartID bodyPartID) {
        ArrayList arrayList = new ArrayList();
        addNonceControl(arrayList, bArr);
        addRegistrationInfoControl(arrayList, cMCCertificateRequestModel);
        if (cMCCertificateRequestModel.isLraPopWitness()) {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(getBodyPartId());
            aSN1EncodableVector.add(new DERSequence(bodyPartID));
            arrayList.add(getControl(CMCObjectIdentifiers.id_cmc_lraPOPWitness, new DERSequence(aSN1EncodableVector)));
        }
        return (TaggedAttribute[]) arrayList.toArray(new TaggedAttribute[0]);
    }

    private void addRegistrationInfoControl(List<TaggedAttribute> list, CMCRequestModel cMCRequestModel) {
        byte[] registrationInfo = cMCRequestModel.getRegistrationInfo();
        if (registrationInfo != null) {
            list.add(getControl(CMCObjectIdentifiers.id_cmc_regInfo, new DEROctetString(registrationInfo)));
        }
    }

    public static void addNonceControl(List<TaggedAttribute> list, byte[] bArr) {
        if (bArr != null) {
            list.add(getControl(CMCObjectIdentifiers.id_cmc_senderNonce, new DEROctetString(bArr)));
        }
    }

    public static TaggedAttribute getControl(ASN1ObjectIdentifier aSN1ObjectIdentifier, ASN1Encodable... aSN1EncodableArr) {
        return getControl(aSN1ObjectIdentifier, null, aSN1EncodableArr);
    }

    public static TaggedAttribute getControl(ASN1ObjectIdentifier aSN1ObjectIdentifier, BodyPartID bodyPartID, ASN1Encodable... aSN1EncodableArr) {
        if (bodyPartID == null) {
            bodyPartID = getBodyPartId();
        }
        return new TaggedAttribute(bodyPartID, aSN1ObjectIdentifier, getSet(aSN1EncodableArr));
    }

    public static ASN1Set getSet(ASN1Encodable... aSN1EncodableArr) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (ASN1Encodable aSN1Encodable : aSN1EncodableArr) {
            aSN1EncodableVector.add(aSN1Encodable);
        }
        return new DERSet(aSN1EncodableVector);
    }

    private void addCertRequestData(PKIData pKIData, CMCRequest.CMCRequestBuilder cMCRequestBuilder) {
        if (pKIData == null || pKIData.getReqSequence() == null) {
            return;
        }
        for (TaggedRequest taggedRequest : pKIData.getReqSequence()) {
            CertReqMsg value = taggedRequest.getValue();
            if (value instanceof TaggedCertificationRequest) {
                ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(((TaggedCertificationRequest) value).toASN1Primitive());
                cMCRequestBuilder.certificationRequest(CertificationRequest.getInstance(aSN1Sequence.getObjectAt(1))).certReqBodyPartId(BodyPartID.getInstance(aSN1Sequence.getObjectAt(0)));
                return;
            } else {
                if (value instanceof CertReqMsg) {
                    cMCRequestBuilder.certificateRequestMessage(new CertificateRequestMessage(value)).certReqBodyPartId(new BodyPartID(value.getCertReq().getCertReqId().longValueExact()));
                    return;
                }
            }
        }
    }
}
