package koal.ra.caclient.spec;

import com.koal.common.util.Base64;
import com.koal.security.asn1.DecodeException;
import com.koal.security.asn1.EncodeException;
import com.koal.security.pki.crmf.AttributeTypeAndValue;
import com.koal.security.pki.crmf.CertId;
import com.koal.security.pki.crmf.CertReqMessages;
import com.koal.security.pki.crmf.CertReqMsg;
import com.koal.security.pki.crmf.CertRequest;
import com.koal.security.pki.crmf.Identifiers;
import com.koal.security.pki.custom.EntityType;
import com.koal.security.pki.pkcs10.CertificationRequest;
import com.koal.security.pki.x509.Certificate;
import com.koal.security.pki.x509.Extension;
import com.koal.security.pki.x509.SubjectPublicKeyInfo;
import java.math.BigInteger;
import java.security.PublicKey;
import koal.common.emengine.EMUtils;
import koal.common.emengine.util.RSAPubKeyBlob;
import koal.ra.caclient.ReqType;
import koal.ra.caclient.Util;
import koal.ra.caclient.spec.lra.LRACertRecover;
import koal.ra.caclient.spec.lra.LRACertRequest;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:koal/ra/caclient/spec/RACertRecover.class */
public class RACertRecover extends RAReqMessage {
    private static final Logger mLog = LoggerFactory.getLogger(RACertRecover.class);
    private static /* synthetic */ int[] $SWITCH_TABLE$koal$ra$caclient$ReqType;

    protected RACertRecover() {
    }

    protected RACertRecover(String str) {
        super(str);
    }

    public static RACertRecover createMessage(String str, String str2) throws RaSpecException {
        try {
            RACertRecover rACertRecover = new RACertRecover();
            if (rACertRecover.initMessage(1, str, str2, 9)) {
                return rACertRecover;
            }
            return null;
        } catch (EncodeException e) {
            mLog.error(e.getMessage(), e);
            throw new RaSpecException(-3, "Encode object failed.");
        }
    }

    public CertReqMessages getCertRequestContainer() {
        return getPKIMessage().getBody().getKrr();
    }

    public boolean addCertReqMessage(CertRequest certRequest) {
        CertReqMsg certReqMsg = new CertReqMsg();
        certReqMsg.getCertReq().copy(certRequest);
        getCertRequestContainer().addComponent(certReqMsg);
        return true;
    }

    public static CertRequest createCertRequest(int i, BigInteger bigInteger, String str, CertificationRequest certificationRequest) throws RaSpecException {
        CertRequest createCertRequest = RAMessage.createCertRequest(i, bigInteger, null, str, null, null, null, certificationRequest, null);
        if (createCertRequest == null) {
            return null;
        }
        if (bigInteger != null) {
            AttributeTypeAndValue attributeTypeAndValue = new AttributeTypeAndValue("attributeTypeAndValue");
            attributeTypeAndValue.getAttributeType().setValue(Identifiers.id_regCtrl_oldCertID);
            CertId certId = new CertId("certId");
            certId.getIssuer().setActual(certId.getIssuer().getDirectoryName());
            certId.getIssuer().getDirectoryName().addRDNs(str);
            certId.getSerialNumber().setValue(bigInteger);
            attributeTypeAndValue.getAttributeValue().setActual(certId);
            createCertRequest.getControls().addComponent(attributeTypeAndValue);
        }
        return createCertRequest;
    }

    public void initFromKeyExCert(Certificate certificate) throws RaSpecException {
        addCertReqMessage(createCertRequest(0, (BigInteger) certificate.getSerialNumber().getValue(), certificate.getIssuer().toString(), null));
    }

    public void initFromLRACertRecover(ReqType reqType, String str, Certificate certificate) throws Exception {
        String pem2PlainB64 = Util.pem2PlainB64(str);
        PublicKey publicKey = null;
        if (pem2PlainB64.indexOf("|") != -1) {
            String[] split = StringUtils.split(pem2PlainB64, "|");
            pem2PlainB64 = split[0];
            byte[] decode = Base64.decode(split[1]);
            switch ($SWITCH_TABLE$koal$ra$caclient$ReqType()[reqType.ordinal()]) {
                case Util.CERT_PROPS_NOT_AFTER /* 5 */:
                case Util.CERT_PROPS_PUBKEY /* 6 */:
                    publicKey = EMUtils.getPubKey(decode);
                    break;
                case 8:
                case 9:
                    SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo();
                    subjectPublicKeyInfo.decode(decode);
                    publicKey = subjectPublicKeyInfo.getPublicKey();
                    break;
                case 12:
                    publicKey = EMUtils.getPubKey(RSAPubKeyBlob.valueOf(decode).rsaPubKey());
                    break;
            }
        }
        switch ($SWITCH_TABLE$koal$ra$caclient$ReqType()[reqType.ordinal()]) {
            case Util.CERT_PROPS_CN /* 1 */:
                initFromPkcs10RecoverReq(pem2PlainB64, certificate);
                break;
            case Util.CERT_PROPS_DN /* 2 */:
                initFromLRARecoverReq(pem2PlainB64, certificate);
                break;
            case Util.CERT_PROPS_SN /* 3 */:
            case 10:
            default:
                throw new Exception("当前不支持 '" + reqType.name() + "' 类型的证书请求。");
            case Util.CERT_PROPS_NOT_BEFORE /* 4 */:
            case Util.CERT_PROPS_NOT_AFTER /* 5 */:
            case Util.CERT_PROPS_PUBKEY /* 6 */:
                initFromPkcs10RecoverReq(Util.rsaPubKey2PKCS10Req(pem2PlainB64), certificate);
                break;
            case 7:
            case 8:
            case 9:
                initFromPkcs10RecoverReq(Util.x509PubKey2PKCS10Req(pem2PlainB64), certificate);
                break;
            case 11:
            case 12:
                initFromPkcs10RecoverReq(Util.pubKeyBlob2PKCS10Req(pem2PlainB64), certificate);
                break;
            case 13:
                initFromPkcs10RecoverReq(Util.osccaEcPubKey2PKCS10Req(pem2PlainB64), certificate);
                break;
        }
        setProtectKey(publicKey);
    }

    public void initFromLRARecoverReq(String str, Certificate certificate) throws RaSpecException {
        byte[] decode = Base64.decode(str.getBytes());
        CertRequest certRequest = null;
        try {
            LRACertRequest createMessage = LRACertRequest.createMessage("CN=None", "CN=None", this.m_caVersion);
            createMessage.decode(decode);
            certRequest = createCertRequest(0, null, certificate.getIssuer().toString(), createMessage.getCertRequest());
        } catch (Exception e) {
        }
        if (certRequest == null) {
            try {
                LRACertRecover createMessage2 = LRACertRecover.createMessage("CN=None", "CN=None");
                createMessage2.decode(decode);
                if (certificate != null && !createMessage2.getRecoverRequest().getCertRevReq().getCertificate().getSubjectCommonName().equals(certificate.getSubjectCommonName())) {
                    throw new RaSpecException(-4, "证书恢复请求中的通用名和旧证书不匹配");
                }
                certRequest = createCertRequest(0, null, certificate.getIssuer().toString(), createMessage2.getSignatureCertRequest());
            } catch (Exception e2) {
                throw new RaSpecException("不合法的证书恢复请求: " + e2.getMessage(), e2);
            }
        }
        addCertReqMessage(certRequest);
        initFromKeyExCert(certificate);
    }

    public void initFromPkcs10RecoverReq(String str, Certificate certificate) throws RaSpecException {
        byte[] decode = Base64.decode(Util.pem2PlainB64(str).getBytes());
        CertificationRequest certificationRequest = new CertificationRequest();
        try {
            certificationRequest.decode(decode);
            addCertReqMessage(createCertRequest(0, null, certificate.getIssuer().toString(), certificationRequest));
            initFromKeyExCert(certificate);
        } catch (DecodeException e) {
            mLog.error(e.getMessage(), e);
            throw new RaSpecException(-3, "Decode object failed.");
        }
    }

    public void setEntityType(EntityType entityType) {
        int componentCount = getCertRequestContainer().getComponentCount();
        for (int i = 0; i < componentCount; i++) {
            CertRequest certReq = getCertRequestContainer().getComponent(i).getCertReq();
            AttributeTypeAndValue attributeTypeAndValue = new AttributeTypeAndValue("attributeTypeAndValue");
            attributeTypeAndValue.getAttributeType().setValue(com.koal.security.pki.custom.Identifiers.id_regCtrl_entityType);
            attributeTypeAndValue.getAttributeValue().setActual(entityType);
            Util.addOrUpdateControls(certReq.getControls(), attributeTypeAndValue);
        }
    }

    public void setExtensions(Extension[] extensionArr) throws RaSpecException {
        for (Extension extension : extensionArr) {
            this.exts.addComponent(extension);
        }
        setExtensions(getCertRequestContainer());
    }

    public void setProtectKey(PublicKey publicKey) {
        if (publicKey != null) {
            int componentCount = getCertRequestContainer().getComponentCount();
            for (int i = 0; i < componentCount; i++) {
                CertRequest certReq = getCertRequestContainer().getComponent(i).getCertReq();
                SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo();
                try {
                    subjectPublicKeyInfo.decode(publicKey.getEncoded());
                    AttributeTypeAndValue attributeTypeAndValue = new AttributeTypeAndValue("attributeTypeAndValue");
                    attributeTypeAndValue.getAttributeType().setValue(Identifiers.id_regCtrl_protocolEncrKey);
                    attributeTypeAndValue.getAttributeValue().setActual(subjectPublicKeyInfo);
                    Util.addOrUpdateControls(certReq.getControls(), attributeTypeAndValue);
                } catch (DecodeException e) {
                    throw new RuntimeException("将PublicKey转换成SubjectPublicKeyInfo时失败: " + e.getMessage());
                }
            }
        }
    }

    static /* synthetic */ int[] $SWITCH_TABLE$koal$ra$caclient$ReqType() {
        int[] iArr = $SWITCH_TABLE$koal$ra$caclient$ReqType;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[ReqType.valuesCustom().length];
        try {
            iArr2[ReqType.CMP.ordinal()] = 2;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[ReqType.CMP2.ordinal()] = 3;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[ReqType.EID_CardPubKey2.ordinal()] = 10;
        } catch (NoSuchFieldError unused3) {
        }
        try {
            iArr2[ReqType.EID_RSAPUBKEY2.ordinal()] = 6;
        } catch (NoSuchFieldError unused4) {
        }
        try {
            iArr2[ReqType.EID_X509PubKey2.ordinal()] = 9;
        } catch (NoSuchFieldError unused5) {
        }
        try {
            iArr2[ReqType.OSCCA_ECC_PUBKEY.ordinal()] = 13;
        } catch (NoSuchFieldError unused6) {
        }
        try {
            iArr2[ReqType.PKCS10.ordinal()] = 1;
        } catch (NoSuchFieldError unused7) {
        }
        try {
            iArr2[ReqType.PUBKEYBLOB.ordinal()] = 11;
        } catch (NoSuchFieldError unused8) {
        }
        try {
            iArr2[ReqType.PUBKEYBLOB2.ordinal()] = 12;
        } catch (NoSuchFieldError unused9) {
        }
        try {
            iArr2[ReqType.RSAPUBKEY.ordinal()] = 4;
        } catch (NoSuchFieldError unused10) {
        }
        try {
            iArr2[ReqType.RSAPUBKEY2.ordinal()] = 5;
        } catch (NoSuchFieldError unused11) {
        }
        try {
            iArr2[ReqType.X509PubKey.ordinal()] = 7;
        } catch (NoSuchFieldError unused12) {
        }
        try {
            iArr2[ReqType.X509PubKey2.ordinal()] = 8;
        } catch (NoSuchFieldError unused13) {
        }
        $SWITCH_TABLE$koal$ra$caclient$ReqType = iArr2;
        return iArr2;
    }
}
