package com.sansec.ca2kmc.ca;

import com.sansec.asn1.ASN1Encodable;
import com.sansec.asn1.ASN1Integer;
import com.sansec.asn1.DEROctetString;
import com.sansec.asn1.x509.AlgorithmIdentifier;
import com.sansec.ca2kmc.asn1.respond.ErrorPkgRespond;
import com.sansec.ca2kmc.asn1.respond.KMRespond;
import com.sansec.ca2kmc.asn1.respond.KSRespond;
import com.sansec.ca2kmc.asn1.respond.Respond;
import com.sansec.ca2kmc.asn1.respond.Response;
import com.sansec.ca2kmc.asn1.respond.RetKeyRespond;
import com.sansec.ca2kmc.asn1.respond.RevokeKeyRespond;
import com.sansec.ca2kmc.exceptions.CryptoException;
import com.sansec.ca2kmc.exceptions.KMCException;
import com.sansec.ca2kmc.exceptions.ResponseException;
import com.sansec.ca2kmc.utils.AlgorithmTools;
import com.sansec.ca2kmc.utils.CryptoTools;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/XDJASSL-0.0.2.jar:com/sansec/ca2kmc/ca/KMRespondParse.class */
public class KMRespondParse {
    static Logger logger = LoggerFactory.getLogger((Class<?>) KMRespondParse.class);

    public static Response parseRespond(byte[] bArr, X509Certificate x509Certificate, ASN1Integer aSN1Integer) throws Exception {
        logger.info("parseRespond()...");
        KMRespond kMRespond = KMRespond.getInstance(bArr);
        KSRespond tbsRespond = kMRespond.getTbsRespond();
        AlgorithmIdentifier signstureAlgorithm = kMRespond.getSignstureAlgorithm();
        DEROctetString signstureValue = kMRespond.getSignstureValue();
        if (!aSN1Integer.equals(tbsRespond.getTaskNo())) {
            throw new ResponseException("TaskNo of Response not equal with Request. ");
        }
        byte[] encoded = tbsRespond.getEncoded();
        String algorithmNameFromOID = AlgorithmTools.getAlgorithmNameFromOID(signstureAlgorithm.getAlgorithm());
        if (algorithmNameFromOID == null) {
            throw new ResponseException("Unsupport key algorithm oid: " + signstureAlgorithm.getAlgorithm());
        }
        try {
            if (!Boolean.valueOf(CryptoTools.verify(algorithmNameFromOID, x509Certificate.getPublicKey(), encoded, signstureValue.getOctets())).booleanValue()) {
                throw new ResponseException("Verify response signature error.");
            }
            Response response = null;
            Iterator<ASN1Encodable> it = tbsRespond.getRespondList().iterator();
            if (it.hasNext()) {
                Respond respond = Respond.getInstance(it.next());
                switch (respond.getTagNo()) {
                    case 0:
                        logger.debug("TagNo:{}", (Object) 0);
                        response = parseRetKeyRespond(0, respond.getApplyKeyRespond(), x509Certificate);
                        break;
                    case 1:
                        logger.debug("TagNo:{}", (Object) 1);
                        response = parseRetKeyRespond(1, respond.getRestoreKeyRespond(), x509Certificate);
                        break;
                    case 2:
                        logger.debug("TagNo:{}", (Object) 2);
                        response = parseRevokeKeyRespond(respond.getRevokeKeyRespond());
                        break;
                    case 3:
                        logger.debug("TagNo:{}", (Object) 3);
                        response = parseErrorPkgRespond(respond.getErrorPkgRespond());
                        break;
                    default:
                        throw new KMCException("Unknow tagNo : " + respond.getTagNo());
                }
            }
            logger.debug("Response:{}", response.toString());
            return response;
        } catch (CryptoException e) {
            logger.error(e.getMessage());
            throw new ResponseException("Verify response signature error.");
        }
    }

    private static Response parseRetKeyRespond(int i, RetKeyRespond retKeyRespond, X509Certificate x509Certificate) throws IOException {
        return new Response(i, retKeyRespond.getUserCertNo().getValue(), retKeyRespond.getRetPubKey().getDEREncoded(), retKeyRespond.getRetPriKey().getDEREncoded(), 0, null);
    }

    private static Response parseRevokeKeyRespond(RevokeKeyRespond revokeKeyRespond) {
        return new Response(2, revokeKeyRespond.getUserCertNo().getValue(), null, null, 0, null);
    }

    private static Response parseErrorPkgRespond(ErrorPkgRespond errorPkgRespond) {
        return new Response(3, null, null, null, errorPkgRespond.getErrNo().getValue().intValue(), errorPkgRespond.getErrDesc() != null ? errorPkgRespond.getErrDesc().toString() : "");
    }
}
