package se.swedenconnect.ca.cmc.auth.impl;

import java.lang.management.ManagementFactory;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import java.util.stream.Collectors;
import lombok.Generated;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.cmc.CMCObjectIdentifiers;
import org.bouncycastle.asn1.cmc.PKIData;
import org.bouncycastle.cms.CMSSignedData;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.swedenconnect.ca.cmc.auth.CMCReplayChecker;
import se.swedenconnect.ca.cmc.auth.CMCReplayException;
import se.swedenconnect.ca.cmc.auth.CMCUtils;

/* loaded from: input_file:se/swedenconnect/ca/cmc/auth/impl/DefaultCMCReplayChecker.class */
public class DefaultCMCReplayChecker implements CMCReplayChecker {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(DefaultCMCReplayChecker.class);
    private static final Date startupTime = new Date(ManagementFactory.getRuntimeMXBean().getStartTime());
    private List<ReplayData> nonceList;
    long maxAgeMillis;
    long retentionMillis;
    long futureTimeSkewMillis;

    /* loaded from: input_file:se/swedenconnect/ca/cmc/auth/impl/DefaultCMCReplayChecker$ReplayData.class */
    public static class ReplayData {
        byte[] nonce;
        Date messageTime;

        @Generated
        public byte[] getNonce() {
            return this.nonce;
        }

        @Generated
        public Date getMessageTime() {
            return this.messageTime;
        }

        @Generated
        public ReplayData(byte[] bArr, Date date) {
            this.nonce = bArr;
            this.messageTime = date;
        }
    }

    public DefaultCMCReplayChecker(int i, long j, long j2) {
        this.nonceList = new ArrayList();
        this.maxAgeMillis = 1000 * i;
        this.retentionMillis = 1000 * j;
        this.futureTimeSkewMillis = 1000 * j2;
        log.info("Replay checker created with system start time = {}, max age sec={}, retention sec={}, future time skew sec={}", new Object[]{startupTime, Integer.valueOf(i), Long.valueOf(j), Long.valueOf(j2)});
    }

    public DefaultCMCReplayChecker(int i, long j) {
        this(i, j, 60L);
    }

    public DefaultCMCReplayChecker() {
        this(120, 200L, 60L);
    }

    @Override // se.swedenconnect.ca.cmc.auth.CMCReplayChecker
    public void validate(CMSSignedData cMSSignedData) throws CMCReplayException {
        try {
            consolidateReplayData();
            ASN1InputStream aSN1InputStream = new ASN1InputStream((byte[]) cMSSignedData.getSignedContent().getContent());
            try {
                PKIData pKIData = PKIData.getInstance(aSN1InputStream.readObject());
                aSN1InputStream.close();
                Date signingTime = CMCUtils.getSigningTime(cMSSignedData);
                Date date = new Date(System.currentTimeMillis() - this.maxAgeMillis);
                Date date2 = new Date(System.currentTimeMillis() + this.futureTimeSkewMillis);
                if (signingTime == null) {
                    throw new CMCReplayException("Replay check failed: Message time is missing in CMC request");
                }
                if (signingTime.before(startupTime)) {
                    throw new CMCReplayException("Replay check failed: Request older than system startup time");
                }
                if (signingTime.before(date)) {
                    throw new CMCReplayException("Replay check failed: Request is to lod");
                }
                if (signingTime.after(date2)) {
                    throw new CMCReplayException("Replay check failed: Request time in future time");
                }
                byte[] bArr = (byte[]) CMCUtils.getCMCControlObject(CMCObjectIdentifiers.id_cmc_senderNonce, pKIData).getValue();
                if (bArr == null) {
                    throw new CMCReplayException("Replay check failed: Request nonce is missing");
                }
                if (this.nonceList.stream().anyMatch(replayData -> {
                    return Arrays.equals(bArr, replayData.getNonce());
                })) {
                    throw new CMCReplayException("Replay check failed: Replay of request nonce");
                }
                this.nonceList.add(new ReplayData(bArr, signingTime));
            } finally {
            }
        } catch (Exception e) {
            if (!(e instanceof CMCReplayException)) {
                throw new CMCReplayException("Error processing replay data - Replay check failed", e);
            }
            throw ((CMCReplayException) e);
        }
    }

    private void consolidateReplayData() {
        Date date = new Date(System.currentTimeMillis() - this.retentionMillis);
        this.nonceList = (List) this.nonceList.stream().filter(replayData -> {
            return replayData.getMessageTime().after(date);
        }).collect(Collectors.toList());
    }
}
