package org.cesecore.certificates.certificate.request;

import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.DirectoryString;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.cms.CMSSignedGenerator;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest;
import org.cesecore.util.CeSecoreNameStyle;
import org.cesecore.util.CertTools;

/* loaded from: input_file:org/cesecore/certificates/certificate/request/PKCS10RequestMessage.class */
public class PKCS10RequestMessage implements RequestMessage {
    static final long serialVersionUID = 3597275157018205137L;
    private static final Logger log = Logger.getLogger(PKCS10RequestMessage.class);
    protected byte[] p10msg;
    protected String password;
    protected String username;
    protected Date notAfter;
    protected Date notBefore;
    protected boolean includeCACert;
    private transient String preferredDigestAlg;
    protected transient JcaPKCS10CertificationRequest pkcs10;
    private int error;
    private String errorText;
    private List<Certificate> additionalCaCertificates;
    private List<Certificate> additionalExtraCertsCertificates;

    public PKCS10RequestMessage() {
        this.password = null;
        this.username = null;
        this.notAfter = null;
        this.notBefore = null;
        this.includeCACert = true;
        this.preferredDigestAlg = CMSSignedGenerator.DIGEST_SHA1;
        this.pkcs10 = null;
        this.error = 0;
        this.errorText = null;
        this.additionalCaCertificates = new ArrayList();
        this.additionalExtraCertsCertificates = new ArrayList();
    }

    public PKCS10RequestMessage(byte[] bArr) {
        this.password = null;
        this.username = null;
        this.notAfter = null;
        this.notBefore = null;
        this.includeCACert = true;
        this.preferredDigestAlg = CMSSignedGenerator.DIGEST_SHA1;
        this.pkcs10 = null;
        this.error = 0;
        this.errorText = null;
        this.additionalCaCertificates = new ArrayList();
        this.additionalExtraCertsCertificates = new ArrayList();
        if (log.isTraceEnabled()) {
            log.trace(">PKCS10RequestMessage(byte[])");
        }
        this.p10msg = bArr;
        init();
        if (log.isTraceEnabled()) {
            log.trace("<PKCS10RequestMessage(byte[])");
        }
    }

    public PKCS10RequestMessage(JcaPKCS10CertificationRequest jcaPKCS10CertificationRequest) throws IOException {
        this.password = null;
        this.username = null;
        this.notAfter = null;
        this.notBefore = null;
        this.includeCACert = true;
        this.preferredDigestAlg = CMSSignedGenerator.DIGEST_SHA1;
        this.pkcs10 = null;
        this.error = 0;
        this.errorText = null;
        this.additionalCaCertificates = new ArrayList();
        this.additionalExtraCertsCertificates = new ArrayList();
        if (log.isTraceEnabled()) {
            log.trace(">PKCS10RequestMessage(ExtendedPKCS10CertificationRequest)");
        }
        this.p10msg = jcaPKCS10CertificationRequest.getEncoded();
        this.pkcs10 = jcaPKCS10CertificationRequest;
        if (log.isTraceEnabled()) {
            log.trace("<PKCS10RequestMessage(ExtendedPKCS10CertificationRequest)");
        }
    }

    private void init() {
        if (this.p10msg == null) {
            throw new NullPointerException("Cannot initiate with p10msg == null");
        }
        try {
            this.pkcs10 = new JcaPKCS10CertificationRequest(this.p10msg);
        } catch (IOException e) {
            log.warn("PKCS10 not initiated! " + e.getMessage());
        }
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public PublicKey getRequestPublicKey() throws InvalidKeyException, NoSuchAlgorithmException {
        if (this.pkcs10 == null) {
            if (this.p10msg == null) {
                return null;
            }
            init();
        }
        return this.pkcs10.getPublicKey();
    }

    public void setPassword(String str) {
        this.password = str;
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public String getPassword() {
        ASN1OctetString objectAt;
        DirectoryString dERIA5String;
        if (this.password != null) {
            return this.password;
        }
        try {
            if (this.pkcs10 == null) {
                init();
            }
            String str = null;
            Attribute[] attributes = this.pkcs10.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_challengePassword);
            if (attributes.length == 0) {
                Attribute[] attributes2 = this.pkcs10.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
                if (attributes2.length == 0) {
                    return null;
                }
                if (log.isDebugEnabled()) {
                    log.debug("got extension request");
                }
                ASN1Set attrValues = attributes2[0].getAttrValues();
                if (attrValues.size() == 0) {
                    return null;
                }
                Extension extension = Extensions.getInstance(attrValues.getObjectAt(0)).getExtension(PKCSObjectIdentifiers.pkcs_9_at_challengePassword);
                if (extension == null) {
                    if (!log.isDebugEnabled()) {
                        return null;
                    }
                    log.debug("no challenge password extension");
                    return null;
                }
                objectAt = extension.getExtnValue();
            } else {
                objectAt = attributes[0].getAttrValues().getObjectAt(0);
            }
            if (objectAt != null) {
                try {
                    dERIA5String = DirectoryString.getInstance(objectAt);
                } catch (IllegalArgumentException e) {
                    dERIA5String = DERIA5String.getInstance(objectAt);
                }
                if (dERIA5String != null) {
                    str = dERIA5String.getString();
                }
            }
            return str;
        } catch (NullPointerException e2) {
            log.error("PKCS10 not initated! " + e2.getMessage());
            return null;
        }
    }

    public void setUsername(String str) {
        this.username = str;
    }

    public void setNotAfter(Date date) {
        this.notAfter = date;
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public String getUsername() {
        if (this.username != null) {
            return this.username;
        }
        X500Name requestX500Name = getRequestX500Name();
        String str = null;
        if (requestX500Name == null) {
            log.info("No requestDN in request, probably we could not read/parse/decrypt request.");
        } else {
            RDN[] rDNs = requestX500Name.getRDNs(CeSecoreNameStyle.CN);
            if (rDNs.length == 0) {
                log.info("No CN in DN: " + requestX500Name.toString());
            } else {
                AttributeTypeAndValue[] typesAndValues = rDNs[0].getTypesAndValues();
                int length = typesAndValues.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    AttributeTypeAndValue attributeTypeAndValue = typesAndValues[i];
                    if (attributeTypeAndValue.getType().equals(CeSecoreNameStyle.CN)) {
                        str = attributeTypeAndValue.getValue().toString();
                        break;
                    }
                    i++;
                }
                int indexOf = str.indexOf(32);
                if (indexOf > 0) {
                    str = str.substring(0, indexOf);
                }
            }
        }
        if (log.isDebugEnabled()) {
            log.debug("UserName='" + str + "'");
        }
        return str;
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public String getIssuerDN() {
        return null;
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public BigInteger getSerialNo() {
        return null;
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public String getCRLIssuerDN() {
        return null;
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public BigInteger getCRLSerialNo() {
        return null;
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public String getRequestDN() {
        String str = null;
        X500Name requestX500Name = getRequestX500Name();
        if (requestX500Name != null) {
            str = requestX500Name.toString().replace("+unstructuredName=", ",unstructuredName=").replace(" + unstructuredName=", ",unstructuredName=").replace("+unstructuredAddress=", ",unstructuredAddress=").replace(" + unstructuredAddress=", ",unstructuredAddress=");
        }
        if (log.isDebugEnabled()) {
            log.debug("getRequestDN: " + str);
        }
        return str;
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public X500Name getRequestX500Name() {
        try {
            if (this.pkcs10 == null) {
                init();
            }
            return X500Name.getInstance(new CeSecoreNameStyle(), this.pkcs10.getSubject());
        } catch (NullPointerException e) {
            log.error("PKCS10 not inited: " + e.getMessage());
            return null;
        }
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public String getRequestAltNames() {
        String str = null;
        try {
            Extensions requestExtensions = getRequestExtensions();
            if (requestExtensions != null) {
                Extension extension = requestExtensions.getExtension(Extension.subjectAlternativeName);
                if (extension != null) {
                    str = CertTools.getAltNameStringFromExtension(extension);
                } else if (log.isDebugEnabled()) {
                    log.debug("no subject altName extension");
                }
            }
        } catch (IllegalArgumentException e) {
            if (log.isDebugEnabled()) {
                log.debug("pkcs_9_extensionRequest does not contain Extensions that it should, ignoring invalid encoded extension request.");
            }
        }
        return str;
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public Date getRequestValidityNotBefore() {
        return this.notBefore;
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public Date getRequestValidityNotAfter() {
        return this.notAfter;
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public Extensions getRequestExtensions() {
        try {
            if (this.pkcs10 == null) {
                init();
            }
            Extensions extensions = null;
            Attribute[] attributes = this.pkcs10.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
            if (attributes.length != 0) {
                if (log.isDebugEnabled()) {
                    log.debug("got request extension");
                }
                ASN1Set attrValues = attributes[0].getAttrValues();
                if (attrValues.size() > 0) {
                    try {
                        extensions = Extensions.getInstance(attrValues.getObjectAt(0));
                    } catch (IllegalArgumentException e) {
                        if (log.isDebugEnabled()) {
                            log.debug("pkcs_9_extensionRequest does not contain Extensions that it should, ignoring invalid encoded extension request.");
                        }
                    }
                }
            }
            return extensions;
        } catch (NullPointerException e2) {
            log.error("PKCS10 not inited! " + e2.getMessage());
            return null;
        }
    }

    public PKCS10CertificationRequest getCertificationRequest() {
        try {
            if (this.pkcs10 == null) {
                init();
            }
            return this.pkcs10;
        } catch (NullPointerException e) {
            log.error("PKCS10 not inited! " + e.getMessage());
            return null;
        }
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public boolean verify() throws InvalidKeyException, NoSuchAlgorithmException {
        return verify(null);
    }

    public boolean verify(PublicKey publicKey) throws InvalidKeyException, NoSuchAlgorithmException {
        if (log.isTraceEnabled()) {
            log.trace(">verify()");
        }
        if (this.pkcs10 == null) {
            init();
        }
        try {
            try {
                try {
                    boolean isSignatureValid = this.pkcs10.isSignatureValid(publicKey == null ? CertTools.genContentVerifierProvider(this.pkcs10.getPublicKey()) : CertTools.genContentVerifierProvider(publicKey));
                    if (log.isTraceEnabled()) {
                        log.trace("<verify()");
                    }
                    return isSignatureValid;
                } catch (PKCSException e) {
                    log.error("Signature could not be processed.", e);
                    if (!log.isTraceEnabled()) {
                        return false;
                    }
                    log.trace("<verify()");
                    return false;
                }
            } catch (OperatorCreationException e2) {
                log.error("Content verifier provider could not be created.", e2);
                if (!log.isTraceEnabled()) {
                    return false;
                }
                log.trace("<verify()");
                return false;
            }
        } catch (Throwable th) {
            if (log.isTraceEnabled()) {
                log.trace("<verify()");
            }
            throw th;
        }
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public boolean requireKeyInfo() {
        return false;
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public void setKeyInfo(Certificate certificate, PrivateKey privateKey, String str) {
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public int getErrorNo() {
        return this.error;
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public String getErrorText() {
        return this.errorText;
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public String getSenderNonce() {
        return null;
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public String getTransactionId() {
        return null;
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public byte[] getRequestKeyInfo() {
        return null;
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public String getPreferredDigestAlg() {
        return this.preferredDigestAlg;
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public boolean includeCACert() {
        return this.includeCACert;
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public int getRequestType() {
        return 0;
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public int getRequestId() {
        return 0;
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public void setResponseKeyInfo(PrivateKey privateKey, String str) {
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public List<Certificate> getAdditionalCaCertificates() {
        return this.additionalCaCertificates;
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public void setAdditionalCaCertificates(List<Certificate> list) {
        this.additionalCaCertificates = list;
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public List<Certificate> getAdditionalExtraCertsCertificates() {
        return this.additionalExtraCertsCertificates;
    }

    @Override // org.cesecore.certificates.certificate.request.RequestMessage
    public void setAdditionalExtraCertsCertificates(List<Certificate> list) {
        this.additionalExtraCertsCertificates = list;
    }
}
