package com.baltimore.jpkiplus.pkiservices;

import com.baltimore.jcrypto.asn1.ASN1Integer;
import com.baltimore.jcrypto.asn1.ASN1ObjectIdentifier;
import com.baltimore.jcrypto.asn1.ASN1OctetString;
import com.baltimore.jcrypto.pkcs.Attributes;
import com.baltimore.jcrypto.utils.OIDs;
import com.baltimore.jpkiplus.crs.PKCSReq;
import com.baltimore.jpkiplus.pkcs7.CertificateChain;
import com.baltimore.jpkiplus.pkidevice.KeyProvider;
import com.baltimore.jpkiplus.policies.PKIPolicy;
import com.baltimore.jpkiplus.transporter.CRSTransporter;
import com.baltimore.jpkiplus.transporter.EmailTransporter;
import com.baltimore.jpkiplus.transporter.HTTPTransporter;
import com.baltimore.jpkiplus.transporter.Transporter;
import com.baltimore.jpkiplus.vaults.Vault;
import com.baltimore.jpkiplus.x509.JCRYPTO_X509CertRequest;
import com.baltimore.jpkiplus.x509.JCRYPTO_X509Certificate;
import com.baltimore.jpkiplus.x509.JCRYPTO_X509Extensions;
import com.baltimore.jpkiplus.x509.Name;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.util.Vector;

/* compiled from: [DashoPro-V1.3-013000] */
/* loaded from: input_file:com/baltimore/jpkiplus/pkiservices/PKIServicesClient.class */
public class PKIServicesClient {
    int a;
    public String urlBase;
    public String storeBase;
    public PrivateKey privateKey;
    private JCRYPTO_X509Certificate b;
    private SecureRandom c;

    public Vector applyForCertificate(Transporter transporter, Vault vault, Name name) throws PKIServicesException {
        try {
            Vector vector = new Vector();
            PKIPolicy policy = vault.getPolicy();
            if (!vault.hasIdentity()) {
                vault.generateIdentity((byte[]) null, name);
            }
            KeyProvider primaryKeyProvider = vault.primaryKeyProvider();
            if (primaryKeyProvider == null) {
                primaryKeyProvider = vault.secondaryKeyProvider();
            }
            if (primaryKeyProvider == null) {
                throw new PKIServicesException("Impossible to create a KeyProvider with that Vault.");
            }
            Vector privateKeys = primaryKeyProvider.getPrivateKeys();
            Vector vector2 = new Vector();
            for (int i = 0; i < privateKeys.size(); i++) {
                vector2.addElement(privateKeys.elementAt(i));
            }
            for (int i2 = 0; i2 < vector2.size(); i2++) {
                this.privateKey = (PrivateKey) vector2.elementAt(i2);
                Vector certChains = primaryKeyProvider.getCertChains(this.privateKey);
                Vector vector3 = new Vector();
                for (int i3 = 0; i3 < certChains.size(); i3++) {
                    vector3.addElement(certChains.elementAt(i3));
                }
                for (int i4 = 0; i4 < vector3.size(); i4++) {
                    CertificateChain certificateChain = (CertificateChain) vector3.elementAt(i4);
                    this.b = new JCRYPTO_X509Certificate();
                    this.b = certificateChain.getCertificate();
                    if (this.b != null) {
                        Name name2 = new Name(this.b.getSubjectDN());
                        if (!this.b.isSelfSigned()) {
                            continue;
                        } else {
                            if (name2 == null && policy.getKeyManagementRules() == null) {
                                throw new PKIServicesException(" New XML Policy and passed Distinguished Name are null.");
                            }
                            JCRYPTO_X509CertRequest jCRYPTO_X509CertRequest = new JCRYPTO_X509CertRequest(name2, this.b.getPublicKey(), new ASN1ObjectIdentifier(this.b.getSigAlgOID()));
                            JCRYPTO_X509Extensions extensions = this.b.getASNTBSCertificate().getExtensions();
                            for (int i5 = 0; i5 < extensions.getNumberExtensions(); i5++) {
                                jCRYPTO_X509CertRequest.addExtension(extensions.getExtension(i5));
                            }
                            jCRYPTO_X509CertRequest.sign(this.privateKey);
                            vector.addElement(a(transporter, jCRYPTO_X509CertRequest));
                            if (transporter instanceof EmailTransporter) {
                                return vector;
                            }
                        }
                    }
                }
            }
            return vector;
        } catch (Exception e) {
            throw new PKIServicesException("PKIServicesClient::applyForCertificate - ", e);
        }
    }

    public JCRYPTO_X509Certificate retrieveCertificate(Transporter transporter, Vault vault, byte[] bArr) throws PKIServicesException {
        try {
            CertificateChain retrieveCertificateChain = retrieveCertificateChain(transporter, vault, bArr);
            JCRYPTO_X509Certificate jCRYPTO_X509Certificate = null;
            if (retrieveCertificateChain != null) {
                jCRYPTO_X509Certificate = retrieveCertificateChain.getCertificate();
            }
            return jCRYPTO_X509Certificate;
        } catch (Exception e) {
            throw new PKIServicesException("PKIServicesClient::retrieveCertificate - ", e);
        }
    }

    public static CertificateChain retrieveCertificateChain(Transporter transporter, Vault vault, byte[] bArr) throws PKIServicesException {
        try {
            CertificateChain certificateChain = null;
            if (transporter instanceof HTTPTransporter) {
                CertificateChain cert = bArr == null ? ((HTTPTransporter) transporter).getCert() : ((HTTPTransporter) transporter).getCert(bArr);
                vault.updateSelfSignedCert(cert);
                return cert;
            }
            if (transporter instanceof EmailTransporter) {
                if (((EmailTransporter) transporter).getResponse()) {
                    certificateChain = ((EmailTransporter) transporter).getCertificateChain();
                    vault.updateSelfSignedCert(certificateChain);
                }
                return certificateChain;
            }
            if (!(transporter instanceof CRSTransporter)) {
                return null;
            }
            try {
                ((CRSTransporter) transporter).parseCRSResponse(((CRSTransporter) transporter).sendData(bArr));
                if (((CRSTransporter) transporter).getPKIStatus() == 0) {
                    CertificateChain certChain = ((CRSTransporter) transporter).getCertChain();
                    vault.updateSelfSignedCert(certChain);
                    return certChain;
                }
                if (((CRSTransporter) transporter).getPKIStatus() == 1) {
                    throw new PKIServicesException("Request is still to be approved");
                }
                throw new PKIServicesException("Request is Invalid");
            } catch (Exception e) {
                throw new PKIServicesException(new StringBuffer("Error while parsign Response from Server :").append(e.getMessage()).toString());
            }
        } catch (Exception e2) {
            throw new PKIServicesException("PKIServicesClient::retrieveCertificateChain - ", e2);
        }
    }

    private byte[] a(Transporter transporter, JCRYPTO_X509CertRequest jCRYPTO_X509CertRequest) throws PKIServicesException {
        byte[] bArr = null;
        try {
            if (transporter instanceof HTTPTransporter) {
                if (this.urlBase == null || this.storeBase == null) {
                    ((HTTPTransporter) transporter).sendRequest(jCRYPTO_X509CertRequest);
                } else {
                    ((HTTPTransporter) transporter).sendRequest(this.urlBase, this.storeBase, jCRYPTO_X509CertRequest);
                }
                bArr = ((HTTPTransporter) transporter).getID();
            } else if (transporter instanceof EmailTransporter) {
                ((EmailTransporter) transporter).sendRequest(jCRYPTO_X509CertRequest);
                bArr = new byte[]{0};
            } else if (transporter instanceof CRSTransporter) {
                PKCSReq pKCSReq = new PKCSReq(jCRYPTO_X509CertRequest, ((CRSTransporter) transporter).getCRSRegInfos());
                Attributes attributes = new Attributes();
                attributes.addAttribute(OIDs.id_version, new ASN1Integer(0));
                attributes.addAttribute(OIDs.id_messageType, new ASN1Integer(19));
                attributes.addAttribute(OIDs.id_pkiStatus, new ASN1Integer(0));
                attributes.addAttribute(OIDs.id_transId, new ASN1Integer(MessageDigest.getInstance("MD5").digest(jCRYPTO_X509CertRequest.getPublicKey().getEncoded())));
                if (this.c == null) {
                    this.c = SecureRandom.getInstance("BBS");
                    this.c.setSeed(System.currentTimeMillis());
                }
                byte[] bArr2 = new byte[8];
                this.c.nextBytes(bArr2);
                attributes.addAttribute(OIDs.id_senderNonce, new ASN1OctetString(bArr2));
                bArr = ((CRSTransporter) transporter).createRequest(pKCSReq.toDER(), attributes, this.b, this.privateKey, "SHA1");
                ((CRSTransporter) transporter).sendData(bArr);
                this.b = null;
                this.privateKey = null;
                this.a++;
            }
            return bArr;
        } catch (Exception e) {
            throw new PKIServicesException("PKIServicesClient::sendRequest - ", e);
        }
    }

    public void setSecureRandom(SecureRandom secureRandom) {
        this.c = secureRandom;
    }

    public void setStoreBase(String str) {
        this.storeBase = str;
    }

    public void setURLBase(String str) {
        this.urlBase = str;
    }
}
