package org.cesecore.certificates.ca;

import java.io.IOException;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.InvocationTargetException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.operator.OperatorCreationException;
import org.cesecore.certificates.ca.catoken.CAToken;
import org.cesecore.certificates.ca.extendedservices.ExtendedCAService;
import org.cesecore.certificates.ca.extendedservices.ExtendedCAServiceInfo;
import org.cesecore.certificates.ca.extendedservices.ExtendedCAServiceNotActiveException;
import org.cesecore.certificates.ca.extendedservices.ExtendedCAServiceRequest;
import org.cesecore.certificates.ca.extendedservices.ExtendedCAServiceRequestException;
import org.cesecore.certificates.ca.extendedservices.ExtendedCAServiceResponse;
import org.cesecore.certificates.ca.extendedservices.IllegalExtendedCAServiceRequestException;
import org.cesecore.certificates.certificate.CertificateCreateException;
import org.cesecore.certificates.certificate.certextensions.AvailableCustomCertificateExtensionsConfiguration;
import org.cesecore.certificates.certificate.certextensions.CertificateExtensionException;
import org.cesecore.certificates.certificate.request.RequestMessage;
import org.cesecore.certificates.certificateprofile.CertificateProfile;
import org.cesecore.certificates.crl.RevokedCertInfo;
import org.cesecore.certificates.endentity.EndEntityInformation;
import org.cesecore.certificates.util.AlgorithmConstants;
import org.cesecore.internal.InternalResources;
import org.cesecore.internal.UpgradeableDataHashMap;
import org.cesecore.keys.token.CryptoToken;
import org.cesecore.keys.token.CryptoTokenOfflineException;
import org.cesecore.util.Base64;
import org.cesecore.util.CertTools;
import org.cesecore.util.ValidityDate;

/* loaded from: input_file:org/cesecore/certificates/ca/CA.class */
public abstract class CA extends UpgradeableDataHashMap implements Serializable {
    private static final long serialVersionUID = -8755429830955594642L;
    private static Logger log = Logger.getLogger(CA.class);
    private static final InternalResources intres = InternalResources.getInstance();
    public static final String CATYPE = "catype";
    protected static final String SUBJECTDN = "subjectdn";
    protected static final String CAID = "caid";
    protected static final String NAME = "name";
    protected static final String VALIDITY = "validity";
    protected static final String EXPIRETIME = "expiretime";
    protected static final String CERTIFICATECHAIN = "certificatechain";
    protected static final String ROLLOVERCERTIFICATECHAIN = "rollovercertificatechain";
    public static final String CATOKENDATA = "catoken";
    protected static final String SIGNEDBY = "signedby";
    protected static final String DESCRIPTION = "description";
    protected static final String REVOCATIONREASON = "revokationreason";
    protected static final String REVOCATIONDATE = "revokationdate";
    protected static final String CERTIFICATEPROFILEID = "certificateprofileid";
    protected static final String CRLPERIOD = "crlperiod";
    protected static final String DELTACRLPERIOD = "deltacrlperiod";
    protected static final String CRLISSUEINTERVAL = "crlIssueInterval";
    protected static final String CRLOVERLAPTIME = "crlOverlapTime";
    protected static final String CRLPUBLISHERS = "crlpublishers";
    private static final String FINISHUSER = "finishuser";
    protected static final String REQUESTCERTCHAIN = "requestcertchain";
    protected static final String EXTENDEDCASERVICES = "extendedcaservices";
    protected static final String EXTENDEDCASERVICE = "extendedcaservice";
    protected static final String APPROVALSETTINGS = "approvalsettings";
    protected static final String NUMBEROFREQAPPROVALS = "numberofreqapprovals";
    protected static final String INCLUDEINHEALTHCHECK = "includeinhealthcheck";
    private static final String DO_ENFORCE_UNIQUE_PUBLIC_KEYS = "doEnforceUniquePublicKeys";
    private static final String DO_ENFORCE_UNIQUE_DISTINGUISHED_NAME = "doEnforceUniqueDistinguishedName";
    private static final String DO_ENFORCE_UNIQUE_SUBJECTDN_SERIALNUMBER = "doEnforceUniqueSubjectDNSerialnumber";
    private static final String USE_CERTREQ_HISTORY = "useCertreqHistory";
    private static final String USE_USER_STORAGE = "useUserStorage";
    private static final String USE_CERTIFICATE_STORAGE = "useCertificateStorage";
    private static final String LATESTLINKCERTIFICATE = "latestLinkCertificate";
    private HashMap<Integer, ExtendedCAService> extendedcaservicemap = new HashMap<>();
    private ArrayList<Certificate> certificatechain = null;
    private ArrayList<Certificate> requestcertchain = null;
    private CAInfo cainfo = null;
    private CAToken caToken = null;

    /* JADX INFO: Access modifiers changed from: protected */
    public CA() {
    }

    public CA(CAInfo cAInfo) {
        init(cAInfo);
    }

    public void init(CAInfo cAInfo) {
        this.data = new LinkedHashMap<>();
        this.cainfo = cAInfo;
        this.data.put(VALIDITY, Long.valueOf(cAInfo.getValidity()));
        setSignedBy(cAInfo.getSignedBy());
        this.data.put(DESCRIPTION, cAInfo.getDescription());
        this.data.put(REVOCATIONREASON, -1);
        this.data.put(CERTIFICATEPROFILEID, Integer.valueOf(cAInfo.getCertificateProfileId()));
        setCRLPeriod(cAInfo.getCRLPeriod());
        setCRLIssueInterval(cAInfo.getCRLIssueInterval());
        setCRLOverlapTime(cAInfo.getCRLOverlapTime());
        setDeltaCRLPeriod(cAInfo.getDeltaCRLPeriod());
        setCRLPublishers(cAInfo.getCRLPublishers());
        setFinishUser(cAInfo.getFinishUser());
        setIncludeInHealthCheck(cAInfo.getIncludeInHealthCheck());
        setDoEnforceUniquePublicKeys(cAInfo.isDoEnforceUniquePublicKeys());
        setDoEnforceUniqueDistinguishedName(cAInfo.isDoEnforceUniqueDistinguishedName());
        setDoEnforceUniqueSubjectDNSerialnumber(cAInfo.isDoEnforceUniqueSubjectDNSerialnumber());
        setUseCertReqHistory(cAInfo.isUseCertReqHistory());
        setUseUserStorage(cAInfo.isUseUserStorage());
        setUseCertificateStorage(cAInfo.isUseCertificateStorage());
        ArrayList arrayList = new ArrayList();
        for (ExtendedCAServiceInfo extendedCAServiceInfo : cAInfo.getExtendedCAServiceInfos()) {
            createExtendedCAService(extendedCAServiceInfo);
            if (log.isDebugEnabled()) {
                log.debug("Adding extended service to CA '" + cAInfo.getName() + "': " + extendedCAServiceInfo.getType() + ", " + extendedCAServiceInfo.getImplClass());
            }
            arrayList.add(Integer.valueOf(extendedCAServiceInfo.getType()));
        }
        this.data.put(EXTENDEDCASERVICES, arrayList);
        setApprovalSettings(cAInfo.getApprovalSettings());
        setNumOfRequiredApprovals(cAInfo.getNumOfReqApprovals());
    }

    private void createExtendedCAService(ExtendedCAServiceInfo extendedCAServiceInfo) {
        try {
            setExtendedCAService((ExtendedCAService) Class.forName(extendedCAServiceInfo.getImplClass()).getConstructor(ExtendedCAServiceInfo.class).newInstance(extendedCAServiceInfo));
        } catch (ClassNotFoundException e) {
            log.warn("failed to add extended CA service: ", e);
        } catch (IllegalAccessException e2) {
            log.warn("failed to add extended CA service: ", e2);
        } catch (IllegalArgumentException e3) {
            log.warn("failed to add extended CA service: ", e3);
        } catch (InstantiationException e4) {
            log.warn("failed to add extended CA service: ", e4);
        } catch (NoSuchMethodException e5) {
            log.warn("failed to add extended CA service: ", e5);
        } catch (SecurityException e6) {
            log.warn("failed to add extended CA service: ", e6);
        } catch (InvocationTargetException e7) {
            log.warn("failed to add extended CA service: ", e7);
        }
    }

    public CA(HashMap<Object, Object> hashMap) {
        init(hashMap);
    }

    public void init(HashMap<Object, Object> hashMap) {
        loadData(hashMap);
        this.extendedcaservicemap = new HashMap<>();
    }

    public void setCAInfo(CAInfo cAInfo) {
        this.cainfo = cAInfo;
    }

    public CAInfo getCAInfo() {
        return this.cainfo;
    }

    public String getSubjectDN() {
        return this.cainfo.getSubjectDN();
    }

    public void setSubjectDN(String str) {
        this.cainfo.subjectdn = str;
    }

    public int getCAId() {
        return this.cainfo.getCAId();
    }

    public void setCAId(int i) {
        this.cainfo.caid = i;
    }

    public String getName() {
        return this.cainfo.getName();
    }

    public void setName(String str) {
        this.cainfo.name = str;
    }

    public int getStatus() {
        return this.cainfo.getStatus();
    }

    public void setStatus(int i) {
        this.cainfo.status = i;
    }

    public int getCAType() {
        return ((Integer) this.data.get(CATYPE)).intValue();
    }

    public long getValidity() {
        return ((Number) this.data.get(VALIDITY)).longValue();
    }

    public void setValidity(long j) {
        this.data.put(VALIDITY, Long.valueOf(j));
    }

    public Date getExpireTime() {
        return (Date) this.data.get(EXPIRETIME);
    }

    public void setExpireTime(Date date) {
        this.data.put(EXPIRETIME, date);
    }

    public int getSignedBy() {
        return ((Integer) this.data.get(SIGNEDBY)).intValue();
    }

    public void setSignedBy(int i) {
        this.data.put(SIGNEDBY, Integer.valueOf(i));
    }

    public String getDescription() {
        return (String) this.data.get(DESCRIPTION);
    }

    public void setDescription(String str) {
        this.data.put(DESCRIPTION, str);
    }

    public int getRevocationReason() {
        return ((Integer) this.data.get(REVOCATIONREASON)).intValue();
    }

    public void setRevocationReason(int i) {
        this.data.put(REVOCATIONREASON, Integer.valueOf(i));
    }

    public Date getRevocationDate() {
        return (Date) this.data.get(REVOCATIONDATE);
    }

    public void setRevocationDate(Date date) {
        this.data.put(REVOCATIONDATE, date);
    }

    public long getCRLPeriod() {
        return ((Long) this.data.get(CRLPERIOD)).longValue();
    }

    public void setCRLPeriod(long j) {
        this.data.put(CRLPERIOD, Long.valueOf(j));
    }

    public long getDeltaCRLPeriod() {
        if (this.data.containsKey(DELTACRLPERIOD)) {
            return ((Long) this.data.get(DELTACRLPERIOD)).longValue();
        }
        return 0L;
    }

    public void setDeltaCRLPeriod(long j) {
        this.data.put(DELTACRLPERIOD, Long.valueOf(j));
    }

    public long getCRLIssueInterval() {
        return ((Long) this.data.get(CRLISSUEINTERVAL)).longValue();
    }

    public void setCRLIssueInterval(long j) {
        this.data.put(CRLISSUEINTERVAL, Long.valueOf(j));
    }

    public long getCRLOverlapTime() {
        return ((Long) this.data.get(CRLOVERLAPTIME)).longValue();
    }

    public void setCRLOverlapTime(long j) {
        this.data.put(CRLOVERLAPTIME, Long.valueOf(j));
    }

    public Collection<Integer> getCRLPublishers() {
        return (Collection) this.data.get(CRLPUBLISHERS);
    }

    public void setCRLPublishers(Collection<Integer> collection) {
        this.data.put(CRLPUBLISHERS, collection);
    }

    public int getCertificateProfileId() {
        return ((Integer) this.data.get(CERTIFICATEPROFILEID)).intValue();
    }

    public CAToken getCAToken() {
        if (this.caToken == null) {
            HashMap hashMap = (HashMap) this.data.get(CATOKENDATA);
            CAToken cAToken = new CAToken(hashMap);
            String str = (String) hashMap.get(CAToken.SIGNATUREALGORITHM);
            String str2 = (String) hashMap.get(CAToken.ENCRYPTIONALGORITHM);
            String str3 = CAToken.DEFAULT_KEYSEQUENCE;
            Object obj = hashMap.get(CAToken.SEQUENCE);
            if (obj != null) {
                str3 = (String) obj;
            }
            int i = 1;
            Object obj2 = hashMap.get(CAToken.SEQUENCE_FORMAT);
            if (obj2 != null) {
                i = ((Integer) obj2).intValue();
            }
            cAToken.setSignatureAlgorithm(str);
            cAToken.setEncryptionAlgorithm(str2);
            cAToken.setKeySequence(str3);
            cAToken.setKeySequenceFormat(i);
            this.caToken = cAToken;
        }
        return this.caToken;
    }

    public void setCAToken(CAToken cAToken) throws InvalidAlgorithmException {
        String signatureAlgorithm = cAToken.getSignatureAlgorithm();
        if (StringUtils.isNotEmpty(signatureAlgorithm) && !ArrayUtils.contains(AlgorithmConstants.AVAILABLE_SIGALGS, signatureAlgorithm)) {
            throw new InvalidAlgorithmException(intres.getLocalizedMessage("createcert.invalidsignaturealg", signatureAlgorithm, ArrayUtils.toString(AlgorithmConstants.AVAILABLE_SIGALGS)));
        }
        String encryptionAlgorithm = cAToken.getEncryptionAlgorithm();
        if (StringUtils.isNotEmpty(encryptionAlgorithm) && !ArrayUtils.contains(AlgorithmConstants.AVAILABLE_SIGALGS, encryptionAlgorithm)) {
            throw new InvalidAlgorithmException(intres.getLocalizedMessage("createcert.invalidsignaturealg", encryptionAlgorithm, ArrayUtils.toString(AlgorithmConstants.AVAILABLE_SIGALGS)));
        }
        this.data.put(CATOKENDATA, cAToken.saveData());
        this.caToken = cAToken;
    }

    public Collection<Certificate> getRequestCertificateChain() {
        Collection collection;
        if (this.requestcertchain == null && (collection = (Collection) this.data.get(REQUESTCERTCHAIN)) != null) {
            this.requestcertchain = new ArrayList<>();
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                try {
                    this.requestcertchain.add(CertTools.getCertfromByteArray(Base64.decode(((String) it.next()).getBytes())));
                } catch (CertificateParsingException e) {
                    throw new IllegalStateException("Database seems to contain invalid certificate information.", e);
                }
            }
        }
        return this.requestcertchain;
    }

    public void setRequestCertificateChain(Collection<Certificate> collection) {
        ArrayList arrayList = new ArrayList();
        Iterator<Certificate> it = collection.iterator();
        while (it.hasNext()) {
            try {
                arrayList.add(new String(Base64.encode(it.next().getEncoded())));
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        this.data.put(REQUESTCERTCHAIN, arrayList);
        this.requestcertchain = new ArrayList<>();
        this.requestcertchain.addAll(collection);
    }

    public Collection<Certificate> getCertificateChain() {
        if (this.certificatechain == null) {
            Collection<String> collection = (Collection) this.data.get(CERTIFICATECHAIN);
            if (collection == null) {
                return null;
            }
            this.certificatechain = new ArrayList<>();
            for (String str : collection) {
                try {
                    Certificate certfromByteArray = CertTools.getCertfromByteArray(Base64.decode(str.getBytes()));
                    if (certfromByteArray == null) {
                        throw new IllegalArgumentException("Can not create certificate object from: " + str);
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("Adding CA certificate from CERTIFICATECHAIN to certificatechain:");
                        log.debug("Cert subjectDN: " + CertTools.getSubjectDN(certfromByteArray));
                        log.debug("Cert issuerDN: " + CertTools.getIssuerDN(certfromByteArray));
                    }
                    this.certificatechain.add(certfromByteArray);
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }
        }
        return this.certificatechain;
    }

    public void setCertificateChain(Collection<Certificate> collection) {
        Iterator<Certificate> it = collection.iterator();
        ArrayList arrayList = new ArrayList();
        while (it.hasNext()) {
            try {
                arrayList.add(new String(Base64.encode(it.next().getEncoded())));
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        this.data.put(CERTIFICATECHAIN, arrayList);
        this.certificatechain = new ArrayList<>();
        this.certificatechain.addAll(collection);
        this.cainfo.setCertificateChain(collection);
    }

    public void setRolloverCertificateChain(Collection<Certificate> collection) {
        Iterator<Certificate> it = collection.iterator();
        ArrayList arrayList = new ArrayList();
        while (it.hasNext()) {
            try {
                arrayList.add(new String(Base64.encode(it.next().getEncoded())));
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        this.data.put(ROLLOVERCERTIFICATECHAIN, arrayList);
    }

    public List<Certificate> getRolloverCertificateChain() {
        List list = (List) this.data.get(ROLLOVERCERTIFICATECHAIN);
        if (list == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList(list.size());
        Iterator it = list.iterator();
        while (it.hasNext()) {
            try {
                arrayList.add(CertTools.getCertfromByteArray(Base64.decode(((String) it.next()).getBytes("US-ASCII"))));
            } catch (UnsupportedEncodingException e) {
                throw new IllegalStateException(e);
            } catch (CertificateParsingException e2) {
                throw new IllegalStateException(e2);
            }
        }
        return arrayList;
    }

    public void clearRolloverCertificateChain() {
        this.data.remove(ROLLOVERCERTIFICATECHAIN);
    }

    public Certificate getCACertificate() {
        if (this.certificatechain == null) {
            getCertificateChain();
            if (this.certificatechain == null) {
                return null;
            }
        }
        if (this.certificatechain.size() == 0) {
            return null;
        }
        Certificate certificate = this.certificatechain.get(0);
        if (log.isDebugEnabled()) {
            log.debug("CA certificate chain is " + this.certificatechain.size() + " levels deep.");
            log.debug("CA-cert subjectDN: " + CertTools.getSubjectDN(certificate));
            log.debug("CA-cert issuerDN: " + CertTools.getIssuerDN(certificate));
        }
        return certificate;
    }

    public boolean getUseNextCACert(RequestMessage requestMessage) {
        Certificate cACertificate = getCACertificate();
        if (requestMessage == null) {
            log.trace("getUseNextCACert: request is null. most likely this is a new CA");
            return false;
        }
        BigInteger serialNo = requestMessage.getSerialNo();
        if (serialNo == null) {
            log.debug("getUseNextCACert: No serial number in request. Will use current CA cert.");
            return false;
        }
        BigInteger serialNumber = CertTools.getSerialNumber(cACertificate);
        if (serialNumber == null || serialNumber.equals(serialNo)) {
            log.trace("getUseNextCACert: CA serial number matches request serial number");
            return false;
        }
        List<Certificate> rolloverCertificateChain = getRolloverCertificateChain();
        if (rolloverCertificateChain == null || rolloverCertificateChain.isEmpty()) {
            log.debug("getUseNextCACert: Serial number in request does not match CA serial number, and no roll over certificate chain is present. Will use current CA cert.");
            return false;
        }
        BigInteger serialNumber2 = CertTools.getSerialNumber(rolloverCertificateChain.get(0));
        if (serialNumber2 == null || !serialNumber2.equals(serialNo)) {
            log.debug("getUseNextCACert: Serial number in request does not match CA serial number nor next (rollover) CA cert. Will use current CA cert.");
            return false;
        }
        log.debug("getUseNextCACert: Serial number in request matches next (rollover) CA cert. Using next CA cert and key.");
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean getFinishUser() {
        return getBoolean(FINISHUSER, true);
    }

    private void setFinishUser(boolean z) {
        putBoolean(FINISHUSER, z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean getIncludeInHealthCheck() {
        return getBoolean(INCLUDEINHEALTHCHECK, true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setIncludeInHealthCheck(boolean z) {
        putBoolean(INCLUDEINHEALTHCHECK, z);
    }

    public boolean isDoEnforceUniquePublicKeys() {
        return getBoolean(DO_ENFORCE_UNIQUE_PUBLIC_KEYS, false);
    }

    private void setDoEnforceUniquePublicKeys(boolean z) {
        putBoolean(DO_ENFORCE_UNIQUE_PUBLIC_KEYS, z);
    }

    public boolean isDoEnforceUniqueDistinguishedName() {
        return getBoolean(DO_ENFORCE_UNIQUE_DISTINGUISHED_NAME, false);
    }

    private void setDoEnforceUniqueDistinguishedName(boolean z) {
        putBoolean(DO_ENFORCE_UNIQUE_DISTINGUISHED_NAME, z);
    }

    public boolean isDoEnforceUniqueSubjectDNSerialnumber() {
        return getBoolean(DO_ENFORCE_UNIQUE_SUBJECTDN_SERIALNUMBER, false);
    }

    private void setDoEnforceUniqueSubjectDNSerialnumber(boolean z) {
        putBoolean(DO_ENFORCE_UNIQUE_SUBJECTDN_SERIALNUMBER, z);
    }

    public boolean isUseCertReqHistory() {
        return getBoolean(USE_CERTREQ_HISTORY, true);
    }

    private void setUseCertReqHistory(boolean z) {
        putBoolean(USE_CERTREQ_HISTORY, z);
    }

    public boolean isUseUserStorage() {
        return getBoolean(USE_USER_STORAGE, true);
    }

    private void setUseUserStorage(boolean z) {
        putBoolean(USE_USER_STORAGE, z);
    }

    public boolean isUseCertificateStorage() {
        return getBoolean(USE_CERTIFICATE_STORAGE, true);
    }

    private void setUseCertificateStorage(boolean z) {
        putBoolean(USE_CERTIFICATE_STORAGE, z);
    }

    public Collection<Integer> getApprovalSettings() {
        return this.data.get(APPROVALSETTINGS) == null ? new ArrayList() : (Collection) this.data.get(APPROVALSETTINGS);
    }

    public void setApprovalSettings(Collection<Integer> collection) {
        this.data.put(APPROVALSETTINGS, collection);
    }

    public int getNumOfRequiredApprovals() {
        if (this.data.get(NUMBEROFREQAPPROVALS) == null) {
            return 1;
        }
        return ((Integer) this.data.get(NUMBEROFREQAPPROVALS)).intValue();
    }

    public void setNumOfRequiredApprovals(int i) {
        this.data.put(NUMBEROFREQAPPROVALS, Integer.valueOf(i));
    }

    public void updateCA(CryptoToken cryptoToken, CAInfo cAInfo, AvailableCustomCertificateExtensionsConfiguration availableCustomCertificateExtensionsConfiguration) throws InvalidAlgorithmException {
        this.data.put(VALIDITY, Long.valueOf(cAInfo.getValidity()));
        this.data.put(DESCRIPTION, cAInfo.getDescription());
        this.data.put(CRLPERIOD, Long.valueOf(cAInfo.getCRLPeriod()));
        this.data.put(DELTACRLPERIOD, Long.valueOf(cAInfo.getDeltaCRLPeriod()));
        this.data.put(CRLISSUEINTERVAL, Long.valueOf(cAInfo.getCRLIssueInterval()));
        this.data.put(CRLOVERLAPTIME, Long.valueOf(cAInfo.getCRLOverlapTime()));
        this.data.put(CRLPUBLISHERS, cAInfo.getCRLPublishers());
        this.data.put(APPROVALSETTINGS, cAInfo.getApprovalSettings());
        this.data.put(NUMBEROFREQAPPROVALS, Integer.valueOf(cAInfo.getNumOfReqApprovals()));
        if (cAInfo.getCertificateProfileId() > 0) {
            this.data.put(CERTIFICATEPROFILEID, Integer.valueOf(cAInfo.getCertificateProfileId()));
        }
        if (cAInfo.getCAToken() != null) {
            setCAToken(cAInfo.getCAToken());
        }
        setFinishUser(cAInfo.getFinishUser());
        setIncludeInHealthCheck(cAInfo.getIncludeInHealthCheck());
        setDoEnforceUniquePublicKeys(cAInfo.isDoEnforceUniquePublicKeys());
        setDoEnforceUniqueDistinguishedName(cAInfo.isDoEnforceUniqueDistinguishedName());
        setDoEnforceUniqueSubjectDNSerialnumber(cAInfo.isDoEnforceUniqueSubjectDNSerialnumber());
        setUseCertReqHistory(cAInfo.isUseCertReqHistory());
        setUseUserStorage(cAInfo.isUseUserStorage());
        setUseCertificateStorage(cAInfo.isUseCertificateStorage());
        Collection<Certificate> certificateChain = cAInfo.getCertificateChain();
        if (certificateChain != null && certificateChain.size() > 0) {
            setCertificateChain(certificateChain);
            setExpireTime(CertTools.getNotAfter(certificateChain.iterator().next()));
        }
        Collection<ExtendedCAServiceInfo> extendedCAServiceInfos = cAInfo.getExtendedCAServiceInfos();
        if (extendedCAServiceInfos != null) {
            ArrayList arrayList = new ArrayList();
            Collection<Integer> externalCAServiceTypes = getExternalCAServiceTypes();
            for (ExtendedCAServiceInfo extendedCAServiceInfo : extendedCAServiceInfos) {
                ExtendedCAService extendedCAService = getExtendedCAService(extendedCAServiceInfo.getType());
                if (extendedCAService == null) {
                    if (log.isDebugEnabled()) {
                        log.debug("Creating new extended CA service of type: " + extendedCAServiceInfo.getType());
                    }
                    createExtendedCAService(extendedCAServiceInfo);
                    externalCAServiceTypes.add(Integer.valueOf(extendedCAServiceInfo.getType()));
                    arrayList.add(extendedCAServiceInfo);
                } else {
                    if (log.isDebugEnabled()) {
                        log.debug("Updating extended CA service of type: " + extendedCAServiceInfo.getType());
                    }
                    extendedCAService.update(cryptoToken, extendedCAServiceInfo, this, availableCustomCertificateExtensionsConfiguration);
                    setExtendedCAService(extendedCAService);
                    arrayList.add(extendedCAService.getExtendedCAServiceInfo());
                }
            }
            cAInfo.setExtendedCAServiceInfos(arrayList);
            this.data.put(EXTENDEDCASERVICES, externalCAServiceTypes);
        }
        if (cAInfo.getStatus() == 7) {
            updateUninitializedCA(cAInfo);
        }
        this.cainfo = cAInfo;
    }

    public void updateUninitializedCA(CAInfo cAInfo) {
        setSignedBy(cAInfo.getSignedBy());
    }

    public Certificate generateCertificate(CryptoToken cryptoToken, EndEntityInformation endEntityInformation, PublicKey publicKey, int i, Date date, long j, CertificateProfile certificateProfile, String str, AvailableCustomCertificateExtensionsConfiguration availableCustomCertificateExtensionsConfiguration) throws Exception {
        if (date == null) {
            date = new Date();
        }
        return generateCertificate(cryptoToken, endEntityInformation, null, publicKey, i, date, j != -1 ? ValidityDate.getDate(j, date) : null, certificateProfile, null, str, availableCustomCertificateExtensionsConfiguration);
    }

    public abstract Certificate generateCertificate(CryptoToken cryptoToken, EndEntityInformation endEntityInformation, RequestMessage requestMessage, PublicKey publicKey, int i, Date date, Date date2, CertificateProfile certificateProfile, Extensions extensions, String str, CertificateGenerationParams certificateGenerationParams, AvailableCustomCertificateExtensionsConfiguration availableCustomCertificateExtensionsConfiguration) throws CryptoTokenOfflineException, CAOfflineException, InvalidAlgorithmException, IllegalValidityException, IllegalNameException, OperatorCreationException, CertificateCreateException, CertificateExtensionException, SignatureException;

    public final Certificate generateCertificate(CryptoToken cryptoToken, EndEntityInformation endEntityInformation, RequestMessage requestMessage, PublicKey publicKey, int i, Date date, Date date2, CertificateProfile certificateProfile, Extensions extensions, String str, AvailableCustomCertificateExtensionsConfiguration availableCustomCertificateExtensionsConfiguration) throws CryptoTokenOfflineException, CAOfflineException, InvalidAlgorithmException, IllegalValidityException, IllegalNameException, OperatorCreationException, CertificateCreateException, CertificateExtensionException, SignatureException {
        return generateCertificate(cryptoToken, endEntityInformation, requestMessage, publicKey, i, date, date2, certificateProfile, extensions, str, null, availableCustomCertificateExtensionsConfiguration);
    }

    public abstract X509CRLHolder generateCRL(CryptoToken cryptoToken, Collection<RevokedCertInfo> collection, int i) throws Exception;

    public abstract X509CRLHolder generateDeltaCRL(CryptoToken cryptoToken, Collection<RevokedCertInfo> collection, int i, int i2) throws Exception;

    public abstract byte[] createPKCS7(CryptoToken cryptoToken, Certificate certificate, boolean z) throws SignRequestSignatureException;

    public abstract byte[] createPKCS7Rollover(CryptoToken cryptoToken, int i) throws SignRequestSignatureException;

    public abstract byte[] createRequest(CryptoToken cryptoToken, Collection<ASN1Encodable> collection, String str, Certificate certificate, int i) throws CryptoTokenOfflineException;

    public abstract byte[] createAuthCertSignRequest(CryptoToken cryptoToken, byte[] bArr) throws CryptoTokenOfflineException;

    public abstract byte[] encryptKeys(CryptoToken cryptoToken, String str, KeyPair keyPair) throws IOException, CryptoTokenOfflineException, NoSuchAlgorithmException, NoSuchProviderException, CMSException;

    public abstract KeyPair decryptKeys(CryptoToken cryptoToken, String str, byte[] bArr) throws CMSException, CryptoTokenOfflineException, IOException, ClassNotFoundException;

    public abstract byte[] encryptData(CryptoToken cryptoToken, byte[] bArr, int i) throws CryptoTokenOfflineException, NoSuchAlgorithmException, NoSuchProviderException, CMSException, IOException;

    public abstract byte[] decryptData(CryptoToken cryptoToken, byte[] bArr, int i) throws CMSException, CryptoTokenOfflineException;

    public void initExtendedService(CryptoToken cryptoToken, int i, CA ca, AvailableCustomCertificateExtensionsConfiguration availableCustomCertificateExtensionsConfiguration) throws Exception {
        ExtendedCAService extendedCAService = getExtendedCAService(i);
        if (extendedCAService != null) {
            extendedCAService.init(cryptoToken, ca, availableCustomCertificateExtensionsConfiguration);
            setExtendedCAService(extendedCAService);
        }
    }

    public ExtendedCAServiceInfo getExtendedCAServiceInfo(int i) {
        ExtendedCAServiceInfo extendedCAServiceInfo = null;
        ExtendedCAService extendedCAService = getExtendedCAService(i);
        if (extendedCAService != null) {
            extendedCAServiceInfo = extendedCAService.getExtendedCAServiceInfo();
        }
        return extendedCAServiceInfo;
    }

    public ExtendedCAServiceResponse extendedService(CryptoToken cryptoToken, ExtendedCAServiceRequest extendedCAServiceRequest) throws ExtendedCAServiceRequestException, IllegalExtendedCAServiceRequestException, ExtendedCAServiceNotActiveException, CertificateEncodingException, CertificateException, OperatorCreationException {
        ExtendedCAService extendedCAService = getExtendedCAService(extendedCAServiceRequest.getServiceType());
        if (extendedCAService != null) {
            extendedCAService.setCA(this);
            return extendedCAService.extendedService(cryptoToken, extendedCAServiceRequest);
        }
        log.error("Extended CA service is null for service request: " + extendedCAServiceRequest.getClass().getName());
        throw new IllegalExtendedCAServiceRequestException();
    }

    public HashMap getExtendedCAServiceData(int i) {
        return (HashMap) this.data.get(EXTENDEDCASERVICE + i);
    }

    public void setExtendedCAServiceData(int i, HashMap hashMap) {
        this.data.put(EXTENDEDCASERVICE + i, hashMap);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ExtendedCAService getExtendedCAService(int i) {
        ExtendedCAService extendedCAService = null;
        try {
            extendedCAService = this.extendedcaservicemap.get(Integer.valueOf(i));
            if (extendedCAService == null) {
                HashMap extendedCAServiceData = getExtendedCAServiceData(i);
                if (extendedCAServiceData != null) {
                    String str = (String) extendedCAServiceData.get(ExtendedCAServiceInfo.IMPLEMENTATIONCLASS);
                    if (str == null) {
                        log.error("implementation classname is null for extended service type: " + i + ". Service not created.");
                    } else {
                        if (log.isDebugEnabled()) {
                            log.debug("implementation classname for extended service type: " + i + " is " + str);
                        }
                        extendedCAService = (ExtendedCAService) Class.forName(str).getConstructor(HashMap.class).newInstance(extendedCAServiceData);
                        this.extendedcaservicemap.put(Integer.valueOf(i), extendedCAService);
                    }
                } else {
                    log.error("Servicedata is null for extended CA service of type: " + i);
                }
            }
        } catch (ClassNotFoundException e) {
            log.warn("Extended CA service of type " + i + " can not get created: ", e);
        } catch (IllegalAccessException e2) {
            log.warn("Extended CA service of type " + i + " can not get created: ", e2);
        } catch (IllegalArgumentException e3) {
            log.warn("Extended CA service of type " + i + " can not get created: ", e3);
        } catch (InstantiationException e4) {
            log.warn("Extended CA service of type " + i + " can not get created: ", e4);
        } catch (NoSuchMethodException e5) {
            log.warn("Extended CA service of type " + i + " can not get created: ", e5);
        } catch (SecurityException e6) {
            log.warn("Extended CA service of type " + i + " can not get created: ", e6);
        } catch (InvocationTargetException e7) {
            log.warn("Extended CA service of type " + i + " can not get created: ", e7);
        }
        return extendedCAService;
    }

    public void setExtendedCAService(ExtendedCAService extendedCAService) {
        ExtendedCAServiceInfo extendedCAServiceInfo = extendedCAService.getExtendedCAServiceInfo();
        setExtendedCAServiceData(extendedCAServiceInfo.getType(), (HashMap) extendedCAService.saveData());
        this.extendedcaservicemap.put(Integer.valueOf(extendedCAServiceInfo.getType()), extendedCAService);
    }

    public Collection<Integer> getExternalCAServiceTypes() {
        return this.data.get(EXTENDEDCASERVICES) == null ? new ArrayList() : (Collection) this.data.get(EXTENDEDCASERVICES);
    }

    public abstract boolean upgradeExtendedCAServices();

    public abstract void createOrRemoveLinkCertificate(CryptoToken cryptoToken, boolean z, CertificateProfile certificateProfile, AvailableCustomCertificateExtensionsConfiguration availableCustomCertificateExtensionsConfiguration) throws CryptoTokenOfflineException;

    /* JADX INFO: Access modifiers changed from: protected */
    public void updateLatestLinkCertificate(byte[] bArr) {
        if (bArr == null) {
            this.data.remove(LATESTLINKCERTIFICATE);
            return;
        }
        try {
            this.data.put(LATESTLINKCERTIFICATE, new String(Base64.encode(bArr), "UTF8"));
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    public byte[] getLatestLinkCertificate() {
        if (this.data.get(LATESTLINKCERTIFICATE) == null) {
            return null;
        }
        try {
            return Base64.decode(((String) this.data.get(LATESTLINKCERTIFICATE)).getBytes("UTF8"));
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }
}
