package se.swedenconnect.ca.cmc.api.client.impl;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import java.util.Objects;
import lombok.Generated;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import se.swedenconnect.ca.cmc.CMCException;
import se.swedenconnect.ca.cmc.api.CMCCertificateModelBuilder;
import se.swedenconnect.ca.cmc.api.CMCMessageException;
import se.swedenconnect.ca.cmc.api.CMCRequestFactory;
import se.swedenconnect.ca.cmc.api.CMCResponseParser;
import se.swedenconnect.ca.cmc.api.client.CMCClient;
import se.swedenconnect.ca.cmc.api.client.CMCClientHttpConnector;
import se.swedenconnect.ca.cmc.api.client.CMCHttpResponseData;
import se.swedenconnect.ca.cmc.api.client.CMCResponseExtract;
import se.swedenconnect.ca.cmc.api.data.CMCRequest;
import se.swedenconnect.ca.cmc.api.data.CMCResponse;
import se.swedenconnect.ca.cmc.auth.CMCUtils;
import se.swedenconnect.ca.cmc.auth.impl.DefaultCMCValidator;
import se.swedenconnect.ca.cmc.model.admin.AdminCMCData;
import se.swedenconnect.ca.cmc.model.admin.AdminRequestType;
import se.swedenconnect.ca.cmc.model.admin.request.ListCerts;
import se.swedenconnect.ca.cmc.model.admin.response.CAInformation;
import se.swedenconnect.ca.cmc.model.admin.response.StaticCAInformation;
import se.swedenconnect.ca.cmc.model.request.impl.CMCAdminRequestModel;
import se.swedenconnect.ca.cmc.model.request.impl.CMCCertificateRequestModel;
import se.swedenconnect.ca.cmc.model.request.impl.CMCGetCertRequestModel;
import se.swedenconnect.ca.cmc.model.request.impl.CMCRevokeRequestModel;
import se.swedenconnect.ca.engine.ca.models.cert.CertNameModel;
import se.swedenconnect.ca.engine.ca.models.cert.CertificateModel;
import se.swedenconnect.ca.engine.ca.repository.SortBy;
import se.swedenconnect.ca.engine.configuration.CAAlgorithmRegistry;
import se.swedenconnect.security.credential.PkiCredential;

/* loaded from: input_file:se/swedenconnect/ca/cmc/api/client/impl/AbstractCMCClient.class */
public abstract class AbstractCMCClient implements CMCClient {
    protected static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
    protected int connectTimeout = 1000;
    protected int readTimeout = 5000;
    protected int timeSkew = 60000;
    protected int maxAge = 60000;
    protected int caInfoMaxAge = 600000;
    protected CMCClientHttpConnector cmcClientHttpConnector;
    protected CAInformation cachedCAInformation;
    protected Date lastCAInfoRecache;
    protected final CMCRequestFactory cmcRequestFactory;
    protected final CMCResponseParser cmcResponseParser;
    protected final URL cmcRequestUrl;
    protected final X509Certificate caCertificate;

    public AbstractCMCClient(String str, PkiCredential pkiCredential, String str2, X509Certificate x509Certificate, X509Certificate x509Certificate2) throws MalformedURLException, OperatorCreationException, NoSuchAlgorithmException, CertificateEncodingException {
        if (((PkiCredential) Objects.requireNonNull(pkiCredential, "cmcClientCredential must not be null")).getCertificate() == null) {
            throw new IllegalArgumentException("Invalid CMC client credential - missing certificate");
        }
        this.cmcRequestUrl = new URL(str);
        this.cmcRequestFactory = new CMCRequestFactory(List.of(pkiCredential.getCertificate()), new JcaContentSignerBuilder(CAAlgorithmRegistry.getSigAlgoName(str2)).build(pkiCredential.getPrivateKey()));
        this.caCertificate = x509Certificate2;
        this.cmcResponseParser = new CMCResponseParser(new DefaultCMCValidator(x509Certificate), x509Certificate2.getPublicKey());
        this.cmcClientHttpConnector = new ProxyCMCClientHttpConnector(null);
    }

    @Override // se.swedenconnect.ca.cmc.api.client.CMCClient
    public CMCResponse getAllCertSerialNumbers() throws CMCException {
        return getCMCResponse(this.cmcRequestFactory.getCMCRequest(new CMCAdminRequestModel(AdminCMCData.builder().adminRequestType(AdminRequestType.allCertSerials).build())));
    }

    @Override // se.swedenconnect.ca.cmc.api.client.CMCClient
    public CMCResponse issueCertificate(CertificateModel certificateModel) throws CMCException {
        return getCMCResponse(this.cmcRequestFactory.getCMCRequest(new CMCCertificateRequestModel(certificateModel, null)));
    }

    @Override // se.swedenconnect.ca.cmc.api.client.CMCClient
    public CMCResponse issueCertificate(CertificateModel certificateModel, PrivateKey privateKey, String str, byte[] bArr) throws CMCException {
        return getCMCResponse(privateKey == null ? getIssueCertCRMFRequest(certificateModel, bArr) : getIssueCertPKCS10Request(certificateModel, privateKey, str, bArr));
    }

    private CMCRequest getIssueCertCRMFRequest(CertificateModel certificateModel, byte[] bArr) throws CMCException {
        Objects.requireNonNull(certificateModel, "Certificate model must not be null");
        return this.cmcRequestFactory.getCMCRequest(new CMCCertificateRequestModel(certificateModel, bArr));
    }

    private CMCRequest getIssueCertPKCS10Request(CertificateModel certificateModel, PrivateKey privateKey, String str, byte[] bArr) throws CMCException {
        Objects.requireNonNull(certificateModel, "Certificate model must not be null");
        Objects.requireNonNull(privateKey, "Certificate private key must not be null");
        Objects.requireNonNull(str, "PKCS10 signing algorithm must not be null");
        return this.cmcRequestFactory.getCMCRequest(new CMCCertificateRequestModel(certificateModel, privateKey, str, bArr));
    }

    @Override // se.swedenconnect.ca.cmc.api.client.CMCClient
    public CMCResponse getIssuedCertificate(BigInteger bigInteger) throws CMCException {
        return getCMCResponse(this.cmcRequestFactory.getCMCRequest(new CMCGetCertRequestModel(bigInteger, getCertificateHolder(this.caCertificate).getSubject())));
    }

    @Override // se.swedenconnect.ca.cmc.api.client.CMCClient
    public CMCResponse revokeCertificate(BigInteger bigInteger, int i, Date date) throws CMCException {
        return getCMCResponse(this.cmcRequestFactory.getCMCRequest(new CMCRevokeRequestModel(bigInteger, i, date, getCertificateHolder(this.caCertificate).getSubject())));
    }

    @Override // se.swedenconnect.ca.cmc.api.client.CMCClient
    public CMCResponse listCertificates(int i, int i2, SortBy sortBy, boolean z, boolean z2) throws CMCException {
        try {
            return getCMCResponse(this.cmcRequestFactory.getCMCRequest(new CMCAdminRequestModel(AdminCMCData.builder().adminRequestType(AdminRequestType.listCerts).data(OBJECT_MAPPER.writeValueAsString(ListCerts.builder().pageSize(i).pageIndex(i2).sortBy(sortBy).notRevoked(z).descending(z2).build())).build())));
        } catch (JsonProcessingException e) {
            throw new CMCMessageException("Failed to write certificates in JSON", e);
        }
    }

    @Override // se.swedenconnect.ca.cmc.api.client.CMCClient
    public CMCCertificateModelBuilder getCertificateModelBuilder(PublicKey publicKey, CertNameModel<?> certNameModel, boolean z, boolean z2) throws CMCException {
        StaticCAInformation staticCAInformation = getStaticCAInformation();
        CMCCertificateModelBuilder cMCCertificateModelBuilder = CMCCertificateModelBuilder.getInstance(publicKey, getCertificateHolder(this.caCertificate), staticCAInformation.getCaAlgorithm());
        if (z) {
            cMCCertificateModelBuilder.crlDistributionPoints(staticCAInformation.getCrlDpURLs());
        }
        if (z2) {
            cMCCertificateModelBuilder.ocspServiceUrl(staticCAInformation.getOcspResponserUrl());
        }
        cMCCertificateModelBuilder.subject(certNameModel);
        return cMCCertificateModelBuilder;
    }

    @Override // se.swedenconnect.ca.cmc.api.client.CMCClient
    public CAInformation getCAInformation(boolean z) throws CMCException {
        if (!z && this.cachedCAInformation != null && this.lastCAInfoRecache != null) {
            if (this.lastCAInfoRecache.after(new Date(System.currentTimeMillis() - this.caInfoMaxAge))) {
                return this.cachedCAInformation;
            }
        }
        this.cachedCAInformation = CMCResponseExtract.extractCAInformation(getCaInfo());
        this.lastCAInfoRecache = new Date();
        return this.cachedCAInformation;
    }

    protected CMCResponse getCaInfo() throws CMCException {
        return getCMCResponse(this.cmcRequestFactory.getCMCRequest(new CMCAdminRequestModel(AdminCMCData.builder().adminRequestType(AdminRequestType.caInfo).build())));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CMCResponse getCMCResponse(CMCRequest cMCRequest) throws CMCException {
        CMCHttpResponseData sendCmcRequest = this.cmcClientHttpConnector.sendCmcRequest(cMCRequest.getCmcRequestBytes(), this.cmcRequestUrl, this.connectTimeout, this.readTimeout);
        if (sendCmcRequest.getResponseCode() > 205 || sendCmcRequest.getException() != null) {
            throw new CMCClientConnectionException("Http connection to CA failed");
        }
        byte[] data = sendCmcRequest.getData();
        Date date = new Date(System.currentTimeMillis() - this.maxAge);
        Date date2 = new Date(System.currentTimeMillis() + this.timeSkew);
        Date signingTime = CMCUtils.getSigningTime(data);
        if (signingTime.before(date)) {
            throw new CMCMessageException("CMC Response is to old");
        }
        if (signingTime.after(date2)) {
            throw new CMCMessageException("CMC Response is predated - possible time skew problem");
        }
        CMCResponse parseCMCresponse = this.cmcResponseParser.parseCMCresponse(data, cMCRequest.getCmcRequestType());
        if (Arrays.equals(cMCRequest.getNonce(), parseCMCresponse.getNonce())) {
            return parseCMCresponse;
        }
        throw new CMCMessageException("CMC response and request nonce mismatch");
    }

    private X509CertificateHolder getCertificateHolder(X509Certificate x509Certificate) throws CMCMessageException {
        try {
            return new JcaX509CertificateHolder(x509Certificate);
        } catch (CertificateEncodingException e) {
            throw new CMCMessageException("Failed to get encoding of CA certificate");
        }
    }

    @Override // se.swedenconnect.ca.cmc.api.client.CMCClient
    @Generated
    public void setConnectTimeout(int i) {
        this.connectTimeout = i;
    }

    @Override // se.swedenconnect.ca.cmc.api.client.CMCClient
    @Generated
    public void setReadTimeout(int i) {
        this.readTimeout = i;
    }

    @Override // se.swedenconnect.ca.cmc.api.client.CMCClient
    @Generated
    public void setTimeSkew(int i) {
        this.timeSkew = i;
    }

    @Override // se.swedenconnect.ca.cmc.api.client.CMCClient
    @Generated
    public void setMaxAge(int i) {
        this.maxAge = i;
    }

    @Override // se.swedenconnect.ca.cmc.api.client.CMCClient
    @Generated
    public void setCaInfoMaxAge(int i) {
        this.caInfoMaxAge = i;
    }

    @Override // se.swedenconnect.ca.cmc.api.client.CMCClient
    @Generated
    public void setCmcClientHttpConnector(CMCClientHttpConnector cMCClientHttpConnector) {
        this.cmcClientHttpConnector = cMCClientHttpConnector;
    }

    @Override // se.swedenconnect.ca.cmc.api.client.CMCClient
    @Generated
    public CMCClientHttpConnector getCmcClientHttpConnector() {
        return this.cmcClientHttpConnector;
    }
}
