package se.swedenconnect.ca.cmc.api;

import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import lombok.Generated;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.cmc.CMCFailInfo;
import org.bouncycastle.asn1.cmc.CMCObjectIdentifiers;
import org.bouncycastle.asn1.cmc.CMCStatusInfoV2;
import org.bouncycastle.asn1.cmc.OtherStatusInfo;
import org.bouncycastle.asn1.cmc.PKIResponse;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.util.Selector;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.swedenconnect.ca.cmc.api.data.CMCFailType;
import se.swedenconnect.ca.cmc.api.data.CMCResponse;
import se.swedenconnect.ca.cmc.api.data.CMCResponseStatus;
import se.swedenconnect.ca.cmc.api.data.CMCStatusType;
import se.swedenconnect.ca.cmc.auth.CMCUtils;
import se.swedenconnect.ca.cmc.auth.CMCValidationResult;
import se.swedenconnect.ca.cmc.auth.CMCValidator;
import se.swedenconnect.ca.cmc.model.request.CMCRequestType;
import se.swedenconnect.ca.engine.utils.CAUtils;

/* loaded from: input_file:se/swedenconnect/ca/cmc/api/CMCResponseParser.class */
public class CMCResponseParser {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(CMCResponseParser.class);
    private final CMCValidator validator;
    private final PublicKey caPublicKey;

    public CMCResponseParser(CMCValidator cMCValidator, PublicKey publicKey) {
        this.validator = cMCValidator;
        this.caPublicKey = publicKey;
    }

    public CMCResponse parseCMCresponse(byte[] bArr, CMCRequestType cMCRequestType) throws CMCMessageException {
        boolean z;
        CMCResponse.CMCResponseBuilder builder = CMCResponse.builder();
        builder.cmcResponseBytes(bArr).cmcRequestType(cMCRequestType);
        switch (cMCRequestType) {
            case issueCert:
            case getCert:
                z = true;
                break;
            default:
                z = false;
                break;
        }
        CMCValidationResult validateCMC = this.validator.validateCMC(bArr);
        if (!CMCObjectIdentifiers.id_cct_PKIResponse.equals(validateCMC.getContentType())) {
            throw new CMCMessageException("Illegal CMS content type for CMC request");
        }
        if (!validateCMC.isValid()) {
            throw new CMCMessageException(validateCMC.getErrorMessage(), validateCMC.getException());
        }
        try {
            CMSSignedData signedData = validateCMC.getSignedData();
            ASN1InputStream aSN1InputStream = new ASN1InputStream((byte[]) signedData.getSignedContent().getContent());
            try {
                PKIResponse pKIResponse = PKIResponse.getInstance(aSN1InputStream.readObject());
                aSN1InputStream.close();
                builder.pkiResponse(pKIResponse);
                byte[] bArr2 = (byte[]) CMCUtils.getCMCControlObject(CMCObjectIdentifiers.id_cmc_recipientNonce, pKIResponse).getValue();
                CMCResponseStatus responseStatus = getResponseStatus((CMCStatusInfoV2) CMCUtils.getCMCControlObject(CMCObjectIdentifiers.id_cmc_statusInfoV2, pKIResponse).getValue());
                builder.nonce(bArr2).responseStatus(responseStatus);
                if (responseStatus.getStatus().equals(CMCStatusType.success) && z) {
                    builder.returnCertificates(getResponseCertificates(signedData, validateCMC));
                } else {
                    builder.returnCertificates(new ArrayList());
                }
                return builder.build();
            } finally {
            }
        } catch (Exception e) {
            log.debug("Error parsing PKIResponse Data from CMC response", e);
            throw new CMCMessageException("Error parsing PKIResponse Data from CMC response", e);
        }
    }

    CMCResponseStatus getResponseStatus(CMCStatusInfoV2 cMCStatusInfoV2) {
        return new CMCResponseStatus(CMCStatusType.getCMCStatusType(cMCStatusInfoV2.getcMCStatus()), getCmcFailType(cMCStatusInfoV2), cMCStatusInfoV2.getStatusStringUTF8() != null ? cMCStatusInfoV2.getStatusStringUTF8().getString() : null, Arrays.asList(cMCStatusInfoV2.getBodyList()));
    }

    public static CMCFailType getCmcFailType(CMCStatusInfoV2 cMCStatusInfoV2) {
        OtherStatusInfo otherStatusInfo = cMCStatusInfoV2.getOtherStatusInfo();
        if (otherStatusInfo == null || !otherStatusInfo.isFailInfo()) {
            return null;
        }
        return CMCFailType.getCMCFailType(CMCFailInfo.getInstance(otherStatusInfo.toASN1Primitive()));
    }

    private List<X509Certificate> getResponseCertificates(CMSSignedData cMSSignedData, CMCValidationResult cMCValidationResult) throws CertificateException, CMCMessageException {
        try {
            Collection matches = cMSSignedData.getCertificates().getMatches((Selector) null);
            ArrayList<X509Certificate> arrayList = new ArrayList();
            Iterator it = matches.iterator();
            while (it.hasNext()) {
                arrayList.add(CAUtils.getCert((X509CertificateHolder) it.next()));
            }
            ArrayList<X509Certificate> arrayList2 = new ArrayList();
            for (X509Certificate x509Certificate : arrayList) {
                try {
                    x509Certificate.verify(this.caPublicKey);
                    arrayList2.add(x509Certificate);
                } catch (InvalidKeyException | SignatureException e) {
                } catch (Exception e2) {
                    throw new CMCMessageException("Invalid return certificate in CMC response");
                }
            }
            if (arrayList2.size() < 2) {
                return arrayList2;
            }
            ArrayList arrayList3 = new ArrayList();
            List certList = CAUtils.getCertList(cMCValidationResult.getSignerCertificatePath());
            for (X509Certificate x509Certificate2 : arrayList2) {
                if (!certList.contains(x509Certificate2)) {
                    arrayList3.add(x509Certificate2);
                }
            }
            return arrayList3;
        } catch (IOException e3) {
            throw new CMCMessageException("Invalid certificate(s)", e3);
        }
    }
}
