package org.jscep.message;

import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Hashtable;
import java.util.Map;
import org.jscep.asn1.IssuerAndSubject;
import org.jscep.asn1.ScepObjectIdentifier;
import org.jscep.transaction.FailInfo;
import org.jscep.transaction.MessageType;
import org.jscep.transaction.Nonce;
import org.jscep.transaction.PkiStatus;
import org.jscep.transaction.TransactionId;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.DERObjectIdentifier;
import org.spongycastle.asn1.DEROctetString;
import org.spongycastle.asn1.DERPrintableString;
import org.spongycastle.asn1.cms.Attribute;
import org.spongycastle.asn1.cms.IssuerAndSerialNumber;
import org.spongycastle.asn1.cms.SignedData;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cms.CMSEnvelopedData;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.CMSSignedData;
import org.spongycastle.cms.CMSTypedData;
import org.spongycastle.cms.SignerInformation;
import org.spongycastle.cms.jcajce.JcaSignerId;
import org.spongycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.pkcs.PKCS10CertificationRequest;
import org.spongycastle.util.StoreException;

/* loaded from: classes3.dex */
public final class PkiMessageDecoder {
    private static final Logger LOGGER = LoggerFactory.getLogger(PkiMessageDecoder.class);
    private final PkcsPkiEnvelopeDecoder decoder;
    private final X509Certificate signer;

    public PkiMessageDecoder(X509Certificate x509Certificate, PkcsPkiEnvelopeDecoder pkcsPkiEnvelopeDecoder) {
        this.decoder = pkcsPkiEnvelopeDecoder;
        this.signer = x509Certificate;
    }

    private CMSEnvelopedData getEnvelopedData(Object obj) throws MessageDecodingException {
        try {
            return new CMSEnvelopedData((byte[]) obj);
        } catch (CMSException e) {
            throw new MessageDecodingException(e);
        }
    }

    private FailInfo toFailInfo(Attribute attribute) {
        return FailInfo.valueOf(Integer.valueOf(((DERPrintableString) attribute.getAttrValues().getObjectAt(0)).getString()).intValue());
    }

    private MessageType toMessageType(Attribute attribute) {
        return MessageType.valueOf(Integer.valueOf(((DERPrintableString) attribute.getAttrValues().getObjectAt(0)).getString()).intValue());
    }

    private Nonce toNonce(Attribute attribute) {
        if (attribute == null) {
            return null;
        }
        return new Nonce(((DEROctetString) attribute.getAttrValues().getObjectAt(0)).getOctets());
    }

    private DERObjectIdentifier toOid(ScepObjectIdentifier scepObjectIdentifier) {
        return new DERObjectIdentifier(scepObjectIdentifier.id());
    }

    private PkiStatus toPkiStatus(Attribute attribute) {
        return PkiStatus.valueOf(Integer.valueOf(((DERPrintableString) attribute.getAttrValues().getObjectAt(0)).getString()).intValue());
    }

    private TransactionId toTransactionId(Attribute attribute) {
        return new TransactionId(((DERPrintableString) attribute.getAttrValues().getObjectAt(0)).getOctets());
    }

    private void validate(CMSSignedData cMSSignedData) {
        SignedData signedData = SignedData.getInstance(cMSSignedData.toASN1Structure().getContent());
        LOGGER.debug("pkiMessage version: {}", signedData.getVersion());
        LOGGER.debug("pkiMessage contentInfo contentType: {}", signedData.getEncapContentInfo().getContentType());
    }

    public PkiMessage<?> decode(CMSSignedData cMSSignedData) throws MessageDecodingException {
        LOGGER.debug("Decoding pkiMessage");
        validate(cMSSignedData);
        CMSTypedData signedContent = cMSSignedData.getSignedContent();
        SignerInformation signerInformation = cMSSignedData.getSignerInfos().get(new JcaSignerId(this.signer));
        if (signerInformation == null) {
            throw new MessageDecodingException("Could not for signerInfo for " + this.signer.getSubjectDN());
        }
        LOGGER.debug("pkiMessage digest algorithm: {}", signerInformation.getDigestAlgorithmID().getAlgorithm());
        LOGGER.debug("pkiMessage encryption algorithm: {}", signerInformation.getEncryptionAlgOID());
        try {
            Collection<X509CertificateHolder> matches = cMSSignedData.getCertificates().getMatches(signerInformation.getSID());
            if (matches.size() > 0) {
                X509CertificateHolder next = matches.iterator().next();
                LOGGER.debug("Verifying pkiMessage using key belonging to [dn={}; serial={}]", next.getSubject(), next.getSerialNumber());
                try {
                    if (!signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().build(next))) {
                        LOGGER.warn("pkiMessage verification failed.");
                        throw new MessageDecodingException("pkiMessage verification failed.");
                    }
                    LOGGER.debug("pkiMessage verified.");
                } catch (CertificateException e) {
                    throw new MessageDecodingException(e);
                } catch (CMSException e2) {
                    throw new MessageDecodingException(e2);
                } catch (OperatorCreationException e3) {
                    throw new MessageDecodingException(e3);
                }
            } else {
                LOGGER.warn("Unable to verify message because the signedData contained no certificates.");
            }
            Hashtable hashtable = signerInformation.getSignedAttributes().toHashtable();
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("pkiMessage has {} signed attributes:", Integer.valueOf(signerInformation.getSignedAttributes().size()));
                for (Map.Entry entry : hashtable.entrySet()) {
                    LOGGER.debug("  {}: {}", ((ASN1ObjectIdentifier) entry.getKey()).getId(), ((Attribute) entry.getValue()).getAttrValues());
                }
            }
            MessageType messageType = toMessageType((Attribute) hashtable.get(toOid(ScepObjectIdentifier.MESSAGE_TYPE)));
            Nonce nonce = toNonce((Attribute) hashtable.get(toOid(ScepObjectIdentifier.SENDER_NONCE)));
            TransactionId transactionId = toTransactionId((Attribute) hashtable.get(toOid(ScepObjectIdentifier.TRANS_ID)));
            if (messageType == MessageType.CERT_REP) {
                PkiStatus pkiStatus = toPkiStatus((Attribute) hashtable.get(toOid(ScepObjectIdentifier.PKI_STATUS)));
                Nonce nonce2 = toNonce((Attribute) hashtable.get(toOid(ScepObjectIdentifier.RECIPIENT_NONCE)));
                if (pkiStatus == PkiStatus.FAILURE) {
                    FailInfo failInfo = toFailInfo((Attribute) hashtable.get(toOid(ScepObjectIdentifier.FAIL_INFO)));
                    LOGGER.debug("Finished decoding pkiMessage");
                    return new CertRep(transactionId, nonce, nonce2, failInfo);
                }
                if (pkiStatus == PkiStatus.PENDING) {
                    LOGGER.debug("Finished decoding pkiMessage");
                    return new CertRep(transactionId, nonce, nonce2);
                }
                try {
                    CMSSignedData cMSSignedData2 = new CMSSignedData(this.decoder.decode(getEnvelopedData(signedContent.getContent())));
                    LOGGER.debug("Finished decoding pkiMessage");
                    return new CertRep(transactionId, nonce, nonce2, cMSSignedData2);
                } catch (CMSException e4) {
                    throw new MessageDecodingException(e4);
                }
            }
            byte[] decode = this.decoder.decode(getEnvelopedData(signedContent.getContent()));
            if (messageType == MessageType.GET_CERT) {
                IssuerAndSerialNumber issuerAndSerialNumber = IssuerAndSerialNumber.getInstance(decode);
                LOGGER.debug("Finished decoding pkiMessage");
                return new GetCert(transactionId, nonce, issuerAndSerialNumber);
            }
            if (messageType == MessageType.GET_CERT_INITIAL) {
                IssuerAndSubject issuerAndSubject = new IssuerAndSubject(decode);
                LOGGER.debug("Finished decoding pkiMessage");
                return new GetCertInitial(transactionId, nonce, issuerAndSubject);
            }
            if (messageType == MessageType.GET_CRL) {
                IssuerAndSerialNumber issuerAndSerialNumber2 = IssuerAndSerialNumber.getInstance(decode);
                LOGGER.debug("Finished decoding pkiMessage");
                return new GetCrl(transactionId, nonce, issuerAndSerialNumber2);
            }
            try {
                PKCS10CertificationRequest pKCS10CertificationRequest = new PKCS10CertificationRequest(decode);
                LOGGER.debug("Finished decoding pkiMessage");
                return new PkcsReq(transactionId, nonce, pKCS10CertificationRequest);
            } catch (IOException e5) {
                throw new MessageDecodingException(e5);
            }
        } catch (StoreException e6) {
            throw new MessageDecodingException(e6);
        }
    }
}
