package se.swedenconnect.ca.cmc.auth;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import lombok.Generated;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.cmc.BodyPartID;
import org.bouncycastle.asn1.cmc.CMCObjectIdentifiers;
import org.bouncycastle.asn1.cmc.CMCStatus;
import org.bouncycastle.asn1.cmc.CMCStatusInfoV2;
import org.bouncycastle.asn1.cmc.CertificationRequest;
import org.bouncycastle.asn1.cmc.GetCert;
import org.bouncycastle.asn1.cmc.LraPopWitness;
import org.bouncycastle.asn1.cmc.PKIData;
import org.bouncycastle.asn1.cmc.PKIResponse;
import org.bouncycastle.asn1.cmc.RevokeRequest;
import org.bouncycastle.asn1.cmc.TaggedAttribute;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.asn1.cms.Time;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.crmf.CertificateRequestMessageBuilder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.swedenconnect.ca.cmc.api.CMCMessageException;
import se.swedenconnect.ca.cmc.api.data.CMCControlObject;
import se.swedenconnect.ca.cmc.api.data.CMCControlObjectID;
import se.swedenconnect.ca.cmc.api.data.CMCResponse;
import se.swedenconnect.ca.cmc.model.admin.AdminCMCData;
import se.swedenconnect.ca.cmc.model.admin.response.CAInformation;
import se.swedenconnect.ca.cmc.model.admin.response.CertificateData;
import se.swedenconnect.ca.engine.ca.attribute.AttributeValueEncoder;
import se.swedenconnect.ca.engine.ca.models.cert.CertificateModel;
import se.swedenconnect.ca.engine.ca.models.cert.extension.ExtensionModel;
import se.swedenconnect.ca.engine.utils.CAUtils;

/* loaded from: input_file:se/swedenconnect/ca/cmc/auth/CMCUtils.class */
public class CMCUtils {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(CMCUtils.class);
    public static final SecureRandom RNG = new SecureRandom();
    public static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();

    public static CertificateRequestMessageBuilder getCRMFRequestMessageBuilder(BodyPartID bodyPartID, CertificateModel certificateModel, AttributeValueEncoder attributeValueEncoder) throws CMCMessageException {
        try {
            CertificateRequestMessageBuilder certificateRequestMessageBuilder = new CertificateRequestMessageBuilder(new BigInteger(String.valueOf(bodyPartID.getID())));
            certificateRequestMessageBuilder.setSubject(CAUtils.getX500Name(certificateModel.getSubject(), attributeValueEncoder));
            certificateRequestMessageBuilder.setPublicKey(SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(certificateModel.getPublicKey().getEncoded())));
            Iterator it = certificateModel.getExtensionModels().iterator();
            while (it.hasNext()) {
                for (Extension extension : ((ExtensionModel) it.next()).getExtensions()) {
                    certificateRequestMessageBuilder.addExtension(extension.getExtnId(), extension.isCritical(), extension.getParsedValue());
                }
            }
            return certificateRequestMessageBuilder;
        } catch (IOException e) {
            throw new CMCMessageException("Failed to create CRMF request builder - " + e.getMessage(), e);
        }
    }

    public static CertificationRequest getCertificationRequest(CertificateModel certificateModel, ContentSigner contentSigner, AttributeValueEncoder attributeValueEncoder) throws CMCMessageException {
        try {
            PKCS10CertificationRequestBuilder pKCS10CertificationRequestBuilder = new PKCS10CertificationRequestBuilder(CAUtils.getX500Name(certificateModel.getSubject(), attributeValueEncoder), SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(certificateModel.getPublicKey().getEncoded())));
            ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
            Iterator it = certificateModel.getExtensionModels().iterator();
            while (it.hasNext()) {
                Iterator it2 = ((ExtensionModel) it.next()).getExtensions().iterator();
                while (it2.hasNext()) {
                    extensionsGenerator.addExtension((Extension) it2.next());
                }
            }
            pKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
            return CertificationRequest.getInstance(pKCS10CertificationRequestBuilder.build(contentSigner).toASN1Structure().toASN1Primitive());
        } catch (IOException e) {
            throw new CMCMessageException("Failed to create PKCS#10 request - " + e.getMessage(), e);
        }
    }

    public static byte[] signEncapsulatedCMSContent(ASN1ObjectIdentifier aSN1ObjectIdentifier, ASN1Encodable aSN1Encodable, List<X509Certificate> list, ContentSigner contentSigner) throws CMCMessageException {
        try {
            JcaCertStore jcaCertStore = new JcaCertStore(list);
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).build(contentSigner, new X509CertificateHolder(Certificate.getInstance(ASN1Primitive.fromByteArray(list.get(0).getEncoded())))));
            cMSSignedDataGenerator.addCertificates(jcaCertStore);
            return cMSSignedDataGenerator.generate(new CMSProcessableByteArray(aSN1ObjectIdentifier, aSN1Encodable.toASN1Primitive().getEncoded("DER")), true).toASN1Structure().getEncoded("DL");
        } catch (GeneralSecurityException | CMSException | OperatorCreationException | IOException e) {
            String format = String.format("Failed to sign content - %s", e.getMessage());
            log.error("{}", format, e);
            throw new CMCMessageException(format, e);
        }
    }

    public static CMCControlObject getCMCControlObject(ASN1ObjectIdentifier aSN1ObjectIdentifier, PKIResponse pKIResponse) throws CMCMessageException {
        return getCMCControlObject(aSN1ObjectIdentifier, getResponseControlSequence(pKIResponse));
    }

    public static CMCControlObject getCMCControlObject(ASN1ObjectIdentifier aSN1ObjectIdentifier, PKIData pKIData) throws CMCMessageException {
        return getCMCControlObject(aSN1ObjectIdentifier, pKIData.getControlSequence());
    }

    private static CMCControlObject getCMCControlObject(ASN1ObjectIdentifier aSN1ObjectIdentifier, TaggedAttribute[] taggedAttributeArr) throws CMCMessageException {
        CMCControlObjectID controlObjectID = CMCControlObjectID.getControlObjectID(aSN1ObjectIdentifier);
        CMCControlObject.CMCControlObjectBuilder type = CMCControlObject.builder().type(controlObjectID);
        for (TaggedAttribute taggedAttribute : taggedAttributeArr) {
            ASN1ObjectIdentifier attrType = taggedAttribute.getAttrType();
            if (attrType != null && attrType.equals(controlObjectID.getOid())) {
                type.bodyPartID(taggedAttribute.getBodyPartID()).value(getRequestControlValue(controlObjectID, taggedAttribute.getAttrValues()));
            }
        }
        return type.build();
    }

    private static Object getRequestControlValue(CMCControlObjectID cMCControlObjectID, ASN1Set aSN1Set) throws CMCMessageException {
        Object controlValue = getControlValue(cMCControlObjectID, aSN1Set);
        return (CMCControlObjectID.regInfo.equals(cMCControlObjectID) || CMCControlObjectID.responseInfo.equals(cMCControlObjectID)) ? getBytesOrJsonObject((byte[]) controlValue, AdminCMCData.class) : controlValue;
    }

    private static Object getBytesOrJsonObject(byte[] bArr, Class<?> cls) {
        try {
            return OBJECT_MAPPER.readValue(bArr, cls);
        } catch (Exception e) {
            return bArr;
        }
    }

    private static Object getControlValue(CMCControlObjectID cMCControlObjectID, ASN1Set aSN1Set) throws CMCMessageException {
        try {
            if (aSN1Set.size() == 0) {
                log.debug("No values - Returning null");
                return null;
            }
            ASN1Encodable objectAt = aSN1Set.getObjectAt(0);
            if (objectAt == null) {
                log.debug("No control value - Returning null");
                return null;
            }
            if (CMCControlObjectID.regInfo.equals(cMCControlObjectID) || CMCControlObjectID.responseInfo.equals(cMCControlObjectID) || CMCControlObjectID.senderNonce.equals(cMCControlObjectID) || CMCControlObjectID.recipientNonce.equals(cMCControlObjectID)) {
                return ASN1OctetString.getInstance(objectAt).getOctets();
            }
            if (CMCControlObjectID.getCert.equals(cMCControlObjectID)) {
                return GetCert.getInstance(objectAt);
            }
            if (CMCControlObjectID.lraPOPWitness.equals(cMCControlObjectID)) {
                return LraPopWitness.getInstance(objectAt);
            }
            if (CMCControlObjectID.revokeRequest.equals(cMCControlObjectID)) {
                return RevokeRequest.getInstance(objectAt);
            }
            if (CMCControlObjectID.statusInfoV2.equals(cMCControlObjectID)) {
                return CMCStatusInfoV2.getInstance(objectAt);
            }
            log.debug("Unsupported CMC control message {} - returning null", cMCControlObjectID);
            return null;
        } catch (Exception e) {
            throw new CMCMessageException("Error extracting CMC control value", e);
        }
    }

    public static int getCMCStatusCode(CMCStatus cMCStatus) {
        return cMCStatus.toASN1Primitive().intPositiveValueExact();
    }

    public static TaggedAttribute[] getResponseControlSequence(PKIResponse pKIResponse) {
        ArrayList arrayList = new ArrayList();
        ASN1Sequence controlSequence = pKIResponse.getControlSequence();
        if (controlSequence.size() > 0) {
            Iterator it = controlSequence.iterator();
            while (it.hasNext()) {
                arrayList.add(TaggedAttribute.getInstance(it.next()));
            }
        }
        return (TaggedAttribute[]) arrayList.toArray(new TaggedAttribute[0]);
    }

    public static List<byte[]> getCertByteList(List<X509Certificate> list) throws CertificateException {
        ArrayList arrayList = new ArrayList();
        Iterator<X509Certificate> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getEncoded());
        }
        return arrayList;
    }

    public static List<byte[]> getCerHolderByteList(List<X509CertificateHolder> list) throws CertificateException {
        try {
            ArrayList arrayList = new ArrayList();
            Iterator<X509CertificateHolder> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getEncoded());
            }
            return arrayList;
        } catch (IOException e) {
            throw new CertificateException("Failed to get encoded certificate(s)", e);
        }
    }

    public static CAInformation getCAInformation(CMCResponse cMCResponse) throws CMCMessageException {
        try {
            return (CAInformation) OBJECT_MAPPER.readValue(getAdminCMCData(cMCResponse).getData(), CAInformation.class);
        } catch (JsonProcessingException e) {
            throw new CMCMessageException("Failed to parse CA information", e);
        }
    }

    public static AdminCMCData getAdminCMCData(CMCResponse cMCResponse) throws CMCMessageException {
        return (AdminCMCData) getResponseControlObject(cMCResponse, CMCObjectIdentifiers.id_cmc_responseInfo).getValue();
    }

    public static CMCControlObject getResponseControlObject(CMCResponse cMCResponse, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws CMCMessageException {
        return getCMCControlObject(aSN1ObjectIdentifier, getResponseControlSequence(cMCResponse.getPkiResponse()));
    }

    public static List<BigInteger> getAllSerials(CMCResponse cMCResponse) throws CMCMessageException {
        try {
            return (List) ((List) OBJECT_MAPPER.readValue(getAdminCMCData(cMCResponse).getData(), new TypeReference<List<String>>() { // from class: se.swedenconnect.ca.cmc.auth.CMCUtils.1
            })).stream().map(str -> {
                return new BigInteger(str, 16);
            }).collect(Collectors.toList());
        } catch (JsonProcessingException e) {
            throw new CMCMessageException("Failed to parse certificate serial numbers from CMC response", e);
        }
    }

    public static List<CertificateData> getCertList(CMCResponse cMCResponse) throws CMCMessageException {
        try {
            return (List) OBJECT_MAPPER.readValue(getAdminCMCData(cMCResponse).getData(), new TypeReference<List<CertificateData>>() { // from class: se.swedenconnect.ca.cmc.auth.CMCUtils.2
            });
        } catch (JsonProcessingException e) {
            throw new CMCMessageException("Failed to parse certificates from CMC response", e);
        }
    }

    public static Date getSigningTime(byte[] bArr) throws CMCMessageException {
        try {
            return getSigningTime(new CMSSignedData(bArr));
        } catch (CMSException e) {
            throw new CMCMessageException("Failed to parse signed signingTime attribute from a CMS signed CMC message", e);
        }
    }

    public static Date getSigningTime(CMSSignedData cMSSignedData) {
        Attribute attribute = ((SignerInformation) cMSSignedData.getSignerInfos().iterator().next()).getSignedAttributes().get(CMSAttributes.signingTime);
        if (attribute == null) {
            return null;
        }
        return Time.getInstance(attribute.getAttrValues().getObjectAt(0)).getDate();
    }
}
