package org.jscep.transaction;

import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.cert.CRL;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.Callable;
import java.util.logging.Logger;
import org.bouncycastle.asn1.DEREncodable;
import org.jscep.PKIOperationFailureException;
import org.jscep.operations.DelayablePKIOperation;
import org.jscep.operations.GetCRL;
import org.jscep.operations.GetCert;
import org.jscep.operations.GetCertInitial;
import org.jscep.operations.PKCSReq;
import org.jscep.operations.PKIOperation;
import org.jscep.pkcs7.MessageData;
import org.jscep.pkcs7.PkiMessage;
import org.jscep.pkcs7.PkiMessageGenerator;
import org.jscep.pkcs7.SignedDataParser;
import org.jscep.pkcs7.SignedDataUtil;
import org.jscep.transport.Transport;
import org.jscep.util.LoggingUtil;
import org.jscep.x509.X509Util;

/* loaded from: input_file:org/jscep/transaction/Transaction.class */
public class Transaction {
    private static NonceQueue QUEUE = new NonceQueue(20);
    private static Logger LOGGER = LoggingUtil.getLogger((Class<?>) Transaction.class);
    private final KeyPair clientKeyPair;
    private final Transport transport;
    private final X509Certificate serverCertificate;
    private final X509Certificate clientCertificate;
    private final TransactionId transId;
    private final X509Certificate issuerCertificate;
    private String digestAlg;
    private FailInfo failInfo;
    private CertStore certStore;
    private Callable<State> task;
    private State state = State.CERT_NON_EXISTANT;
    private final PkiMessageGenerator msgGenerator = new PkiMessageGenerator();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jscep/transaction/Transaction$InitialCertTask.class */
    public class InitialCertTask implements Callable<State> {
        private InitialCertTask() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.concurrent.Callable
        public State call() throws IOException {
            if (Transaction.this.state != State.CERT_REQ_PENDING) {
                throw new IllegalStateException();
            }
            Transaction.this.performOperation(new GetCertInitial(X509Util.toX509Name(Transaction.this.serverCertificate.getIssuerX500Principal()), X509Util.toX509Name(Transaction.this.clientCertificate.getSubjectX500Principal())));
            return State.CERT_REQ_PENDING;
        }
    }

    /* loaded from: input_file:org/jscep/transaction/Transaction$State.class */
    public enum State {
        CERT_REQ_PENDING,
        CERT_NON_EXISTANT,
        CERT_ISSUED
    }

    Transaction(X509Certificate x509Certificate, X509Certificate x509Certificate2, X509Certificate x509Certificate3, KeyPair keyPair, String str, String str2, Transport transport) {
        this.issuerCertificate = x509Certificate;
        this.transport = transport;
        this.serverCertificate = x509Certificate2;
        this.clientCertificate = x509Certificate3;
        this.clientKeyPair = keyPair;
        this.transId = TransactionId.createTransactionId(keyPair, str);
        this.digestAlg = str;
        this.msgGenerator.setTransactionId(this.transId);
        this.msgGenerator.setMessageDigest(str);
        this.msgGenerator.setSigner(x509Certificate3);
        this.msgGenerator.setKeyPair(keyPair);
        this.msgGenerator.setCipherAlgorithm(str2);
        this.msgGenerator.setRecipient(x509Certificate2);
    }

    public State getState() {
        return this.state;
    }

    public FailInfo getFailureReason() {
        if (this.state != State.CERT_NON_EXISTANT) {
            throw new IllegalStateException();
        }
        return this.failInfo;
    }

    public List<X509Certificate> getIssuedCertificates() throws IOException {
        if (this.state != State.CERT_ISSUED) {
            throw new IllegalStateException();
        }
        try {
            return getCertificates(this.certStore.getCertificates(null));
        } catch (CertStoreException e) {
            throw new IOException(e);
        }
    }

    public Callable<State> getTask() {
        if (this.state != State.CERT_REQ_PENDING) {
            throw new IllegalStateException();
        }
        return this.task;
    }

    public List<X509Certificate> getCertificate(BigInteger bigInteger) throws IOException, PKIOperationFailureException {
        performOperation(new GetCert(this.issuerCertificate.getIssuerX500Principal(), bigInteger));
        if (getState() == State.CERT_ISSUED) {
            try {
                return getCertificates(this.certStore.getCertificates(null));
            } catch (CertStoreException e) {
                throw new RuntimeException(e);
            }
        }
        if (getState() == State.CERT_REQ_PENDING) {
            throw new IllegalStateException();
        }
        throw new PKIOperationFailureException(getFailureReason());
    }

    private List<X509Certificate> getCertificates(Collection<? extends Certificate> collection) {
        ArrayList arrayList = new ArrayList();
        Iterator<? extends Certificate> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add((X509Certificate) it.next());
        }
        return arrayList;
    }

    private boolean supportsDistributionPoints(X509Certificate x509Certificate) {
        return x509Certificate.getExtensionValue("2.5.29.31") != null;
    }

    public List<X509CRL> getCRL() throws IOException, PKIOperationFailureException {
        X509Certificate x509Certificate = this.issuerCertificate;
        if (supportsDistributionPoints(this.issuerCertificate)) {
            throw new UnsupportedOperationException();
        }
        performOperation(new GetCRL(x509Certificate.getIssuerX500Principal(), x509Certificate.getSerialNumber()));
        if (getState() == State.CERT_ISSUED) {
            try {
                return getCRLs(this.certStore.getCRLs(null));
            } catch (CertStoreException e) {
                throw new RuntimeException(e);
            }
        }
        if (getState() == State.CERT_REQ_PENDING) {
            throw new IllegalStateException();
        }
        throw new PKIOperationFailureException(getFailureReason());
    }

    private List<X509CRL> getCRLs(Collection<? extends CRL> collection) {
        ArrayList arrayList = new ArrayList();
        Iterator<? extends CRL> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add((X509CRL) it.next());
        }
        return arrayList;
    }

    public State enrollCertificate(X509Certificate x509Certificate, KeyPair keyPair, char[] cArr) throws IOException {
        return performOperation(new PKCSReq(keyPair, x509Certificate, this.digestAlg, cArr));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public <T extends DEREncodable> State performOperation(PKIOperation<T> pKIOperation) throws IOException {
        LOGGER.entering(getClass().getName(), "performOperation", pKIOperation);
        this.msgGenerator.setMessageType(pKIOperation.getMessageType());
        this.msgGenerator.setSenderNonce(Nonce.nextNonce());
        this.msgGenerator.setMessageData(MessageData.getInstance(pKIOperation.mo5getMessage()));
        PkiMessage generate = this.msgGenerator.generate();
        PkiMessage pkiMessage = (PkiMessage) this.transport.sendMessage(new org.jscep.request.PKCSReq(generate, this.clientKeyPair));
        validateExchange(generate, pkiMessage);
        if (pkiMessage.getPkiStatus() == PkiStatus.FAILURE) {
            this.failInfo = pkiMessage.getFailInfo();
            this.state = State.CERT_NON_EXISTANT;
        } else if (pkiMessage.getPkiStatus() != PkiStatus.PENDING) {
            this.certStore = extractCertStore(pkiMessage);
            this.state = State.CERT_ISSUED;
        } else {
            if (!(pKIOperation instanceof DelayablePKIOperation)) {
                throw new IllegalStateException(PkiStatus.PENDING + " not expected for " + pKIOperation.getMessageType());
            }
            this.task = new InitialCertTask();
            this.state = State.CERT_REQ_PENDING;
        }
        return this.state;
    }

    private CertStore extractCertStore(PkiMessage pkiMessage) throws IOException {
        try {
            return SignedDataUtil.extractCertStore(new SignedDataParser().parse(pkiMessage.getPkcsPkiEnvelope().getMessageData().getContent()));
        } catch (GeneralSecurityException e) {
            IOException iOException = new IOException(e);
            LOGGER.throwing(getClass().getName(), "getContent", iOException);
            throw iOException;
        }
    }

    private void validateExchange(PkiMessage pkiMessage, PkiMessage pkiMessage2) throws IOException {
        if (!pkiMessage2.getTransactionId().equals(pkiMessage.getTransactionId())) {
            IOException iOException = new IOException("Transaction ID Mismatch");
            LOGGER.throwing(getClass().getName(), "validateResponse", iOException);
            throw iOException;
        }
        if (!pkiMessage2.getRecipientNonce().equals(pkiMessage.getSenderNonce())) {
            InvalidNonceException invalidNonceException = new InvalidNonceException("Response recipient nonce and request sender nonce are not equal");
            LOGGER.throwing(getClass().getName(), "validateResponse", invalidNonceException);
            throw invalidNonceException;
        }
        if (!QUEUE.contains(pkiMessage2.getSenderNonce())) {
            QUEUE.offer(pkiMessage2.getSenderNonce());
        } else {
            InvalidNonceException invalidNonceException2 = new InvalidNonceException("This nonce has been encountered before.  Possible replay attack?");
            LOGGER.throwing(getClass().getName(), "validateResponse", invalidNonceException2);
            throw invalidNonceException2;
        }
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append("Transaction [\n");
        sb.append("\ttransactionId: " + this.transId + "\n");
        sb.append("]");
        return sb.toString();
    }

    public static Transaction createTransaction(X509Certificate x509Certificate, X509Certificate x509Certificate2, X509Certificate x509Certificate3, KeyPair keyPair, String str, String str2, Transport transport) {
        LOGGER.entering(Transaction.class.getName(), "createTransaction");
        Transaction transaction = new Transaction(x509Certificate, x509Certificate2, x509Certificate3, keyPair, str, str2, transport);
        LOGGER.exiting(Transaction.class.getName(), "createTransaction", transaction);
        return transaction;
    }
}
