package se.swedenconnect.ca.cmc.api;

import java.util.Arrays;
import lombok.Generated;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.cmc.BodyPartID;
import org.bouncycastle.asn1.cmc.CMCObjectIdentifiers;
import org.bouncycastle.asn1.cmc.CertificationRequest;
import org.bouncycastle.asn1.cmc.LraPopWitness;
import org.bouncycastle.asn1.cmc.PKIData;
import org.bouncycastle.asn1.cmc.TaggedCertificationRequest;
import org.bouncycastle.asn1.cmc.TaggedRequest;
import org.bouncycastle.asn1.crmf.CertReqMsg;
import org.bouncycastle.cert.crmf.CertificateRequestMessage;
import org.bouncycastle.cms.CMSSignedData;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.swedenconnect.ca.cmc.api.data.CMCRequest;
import se.swedenconnect.ca.cmc.auth.CMCReplayChecker;
import se.swedenconnect.ca.cmc.auth.CMCUtils;
import se.swedenconnect.ca.cmc.auth.CMCValidationResult;
import se.swedenconnect.ca.cmc.auth.CMCValidator;
import se.swedenconnect.ca.cmc.model.admin.AdminCMCData;
import se.swedenconnect.ca.cmc.model.request.CMCRequestType;

/* loaded from: input_file:se/swedenconnect/ca/cmc/api/CMCRequestParser.class */
public class CMCRequestParser {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(CMCRequestParser.class);
    private final CMCValidator validator;
    private final CMCReplayChecker replayChecker;

    public CMCRequestParser(CMCValidator cMCValidator, CMCReplayChecker cMCReplayChecker) {
        this.validator = cMCValidator;
        this.replayChecker = cMCReplayChecker;
    }

    public CMCRequest parseCMCrequest(byte[] bArr) throws CMCMessageException {
        ASN1InputStream aSN1InputStream;
        CMCRequest cMCRequest = new CMCRequest();
        cMCRequest.setCmcRequestBytes(bArr);
        CMCValidationResult validateCMC = this.validator.validateCMC(bArr);
        if (!CMCObjectIdentifiers.id_cct_PKIData.equals(validateCMC.getContentType())) {
            throw new CMCMessageException("Illegal CMS content type for CMC request");
        }
        if (!validateCMC.isValid()) {
            try {
                aSN1InputStream = new ASN1InputStream((byte[]) validateCMC.getSignedData().getSignedContent().getContent());
                try {
                    byte[] bArr2 = (byte[]) CMCUtils.getCMCControlObject(CMCObjectIdentifiers.id_cmc_senderNonce, PKIData.getInstance(aSN1InputStream.readObject())).getValue();
                    aSN1InputStream.close();
                    throw new CMCParsingException(validateCMC.getErrorMessage(), bArr2);
                } finally {
                }
            } catch (Exception e) {
                throw new CMCMessageException("Unable to retrieve nonce value", e);
            }
        }
        try {
            CMSSignedData signedData = validateCMC.getSignedData();
            aSN1InputStream = new ASN1InputStream((byte[]) signedData.getSignedContent().getContent());
            try {
                PKIData pKIData = PKIData.getInstance(aSN1InputStream.readObject());
                aSN1InputStream.close();
                this.replayChecker.validate(signedData);
                cMCRequest.setPkiData(pKIData);
                TaggedRequest[] reqSequence = pKIData.getReqSequence();
                if (reqSequence.length > 0) {
                    TaggedCertificationRequest value = reqSequence[0].getValue();
                    boolean z = false;
                    if (value instanceof TaggedCertificationRequest) {
                        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(value.toASN1Primitive());
                        cMCRequest.setCertReqBodyPartId(BodyPartID.getInstance(aSN1Sequence.getObjectAt(0)));
                        cMCRequest.setCertificationRequest(CertificationRequest.getInstance(aSN1Sequence.getObjectAt(1)));
                        z = true;
                    }
                    if (value instanceof CertReqMsg) {
                        cMCRequest.setCertificateRequestMessage(new CertificateRequestMessage((CertReqMsg) value));
                        BodyPartID bodyPartID = new BodyPartID(((CertReqMsg) value).getCertReq().getCertReqId().longValueExact());
                        cMCRequest.setCertReqBodyPartId(bodyPartID);
                        z = isLraWitnessMatch(pKIData, bodyPartID);
                    }
                    if (!z) {
                        throw new IllegalArgumentException("POP check failed");
                    }
                }
                setRequestType(cMCRequest);
                cMCRequest.setNonce((byte[]) CMCUtils.getCMCControlObject(CMCObjectIdentifiers.id_cmc_senderNonce, pKIData).getValue());
                return cMCRequest;
            } finally {
                try {
                    aSN1InputStream.close();
                } catch (Throwable th) {
                    th.addSuppressed(th);
                }
            }
        } catch (Exception e2) {
            if (e2 instanceof CMCMessageException) {
                throw ((CMCMessageException) e2);
            }
            log.debug("Error parsing PKI Data from CMC request: {}", e2.toString());
            throw new CMCMessageException("Error parsing PKI Data from CMC request", e2);
        }
    }

    private boolean isLraWitnessMatch(PKIData pKIData, BodyPartID bodyPartID) throws CMCMessageException {
        LraPopWitness lraPopWitness = (LraPopWitness) CMCUtils.getCMCControlObject(CMCObjectIdentifiers.id_cmc_lraPOPWitness, pKIData).getValue();
        if (lraPopWitness != null) {
            return Arrays.asList(lraPopWitness.getBodyIds()).contains(bodyPartID);
        }
        return false;
    }

    private void setRequestType(CMCRequest cMCRequest) throws CMCMessageException {
        if (cMCRequest.getCertificationRequest() != null || cMCRequest.getCertificateRequestMessage() != null) {
            cMCRequest.setCmcRequestType(CMCRequestType.issueCert);
            return;
        }
        if (CMCUtils.getCMCControlObject(CMCObjectIdentifiers.id_cmc_revokeRequest, cMCRequest.getPkiData()).getValue() != null) {
            cMCRequest.setCmcRequestType(CMCRequestType.revoke);
        } else if (CMCUtils.getCMCControlObject(CMCObjectIdentifiers.id_cmc_getCert, cMCRequest.getPkiData()).getValue() != null) {
            cMCRequest.setCmcRequestType(CMCRequestType.getCert);
        } else {
            if (!(CMCUtils.getCMCControlObject(CMCObjectIdentifiers.id_cmc_regInfo, cMCRequest.getPkiData()).getValue() instanceof AdminCMCData)) {
                throw new CMCMessageException("Illegal request type");
            }
            cMCRequest.setCmcRequestType(CMCRequestType.admin);
        }
    }
}
