package org.jscep.server;

import com.microsoft.identity.broker4j.workplacejoin.ProviderUtil;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import kotlin.AndroidStorageSupplierCompanion;
import kotlin.getActivityPackageName;
import kotlin.getNameValueStore;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCRLStore;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSAbsentContent;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.SignerInfoGeneratorBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.encoders.Base64;
import org.jscep.asn1.IssuerAndSubject;
import org.jscep.message.CertRep;
import org.jscep.message.MessageDecodingException;
import org.jscep.message.MessageEncodingException;
import org.jscep.message.PkcsPkiEnvelopeDecoder;
import org.jscep.message.PkcsPkiEnvelopeEncoder;
import org.jscep.message.PkiMessage;
import org.jscep.message.PkiMessageDecoder;
import org.jscep.message.PkiMessageEncoder;
import org.jscep.transaction.FailInfo;
import org.jscep.transaction.MessageType;
import org.jscep.transaction.Nonce;
import org.jscep.transaction.OperationFailureException;
import org.jscep.transaction.TransactionId;
import org.jscep.transport.request.Operation;
import org.jscep.transport.response.Capability;

/* loaded from: classes5.dex */
public abstract class ScepServlet extends HttpServlet {
    private static final String GET = "GET";
    private static final AndroidStorageSupplierCompanion LOGGER = getNameValueStore.getMediaItem(ScepServlet.class);
    private static final String MSG_PARAM = "message";
    private static final String OP_PARAM = "operation";
    private static final String POST = "POST";
    private static final long serialVersionUID = 1;

    private void doGetCaCaps(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        httpServletResponse.setHeader("Content-Type", "text/plain");
        Iterator<Capability> it = doCapabilities(httpServletRequest.getParameter("message")).iterator();
        while (it.hasNext()) {
            httpServletResponse.getWriter().write(it.next().toString());
            httpServletResponse.getWriter().write(10);
        }
        httpServletResponse.getWriter().close();
    }

    private void doGetCaCert(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        byte[] encoded;
        List<X509Certificate> doGetCaCertificate = doGetCaCertificate(httpServletRequest.getParameter("message"));
        if (doGetCaCertificate.size() == 0) {
            httpServletResponse.sendError(500, "GetCaCert failed to obtain CA from store");
            encoded = new byte[0];
        } else if (doGetCaCertificate.size() == 1) {
            httpServletResponse.setHeader("Content-Type", "application/x-x509-ca-cert");
            encoded = doGetCaCertificate.get(0).getEncoded();
        } else {
            httpServletResponse.setHeader("Content-Type", "application/x-x509-ca-ra-cert");
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            try {
                cMSSignedDataGenerator.addCertificates(new JcaCertStore(doGetCaCertificate));
                encoded = cMSSignedDataGenerator.generate(new CMSAbsentContent()).getEncoded();
            } catch (CertificateEncodingException e) {
                IOException iOException = new IOException();
                iOException.initCause(e);
                throw iOException;
            }
        }
        httpServletResponse.getOutputStream().write(encoded);
        httpServletResponse.getOutputStream().close();
    }

    private void doGetNextCaCert(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        httpServletResponse.setHeader("Content-Type", "application/x-x509-next-ca-cert");
        List<X509Certificate> nextCaCertificate = getNextCaCertificate(httpServletRequest.getParameter("message"));
        if (nextCaCertificate.size() == 0) {
            httpServletResponse.sendError(501, "GetNextCACert Not Supported");
            return;
        }
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        try {
            cMSSignedDataGenerator.addCertificates(new JcaCertStore(nextCaCertificate));
            cMSSignedDataGenerator.addSignerInfoGenerator(new SignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).build(new JcaContentSignerBuilder("SHA1withRSA").build(getRecipientKey()), new X509CertificateHolder(getRecipient().getEncoded())));
            httpServletResponse.getOutputStream().write(cMSSignedDataGenerator.generate(new CMSAbsentContent()).getEncoded());
            httpServletResponse.getOutputStream().close();
        } catch (CertificateEncodingException e) {
            IOException iOException = new IOException();
            iOException.initCause(e);
            throw iOException;
        }
    }

    private String fixBrokenBase64(String str) {
        return str.replace(' ', '+');
    }

    private byte[] getMessageBytes(HttpServletRequest httpServletRequest) throws IOException {
        if (httpServletRequest.getMethod().equals(POST)) {
            return getActivityPackageName.toByteArray(httpServletRequest.getInputStream());
        }
        try {
            if (getOperation(httpServletRequest) != Operation.PKI_OPERATION) {
                return new byte[0];
            }
            String parameter = httpServletRequest.getParameter("message");
            if (parameter.length() == 0) {
                return new byte[0];
            }
            AndroidStorageSupplierCompanion androidStorageSupplierCompanion = LOGGER;
            if (androidStorageSupplierCompanion.isDebugEnabled()) {
                androidStorageSupplierCompanion.onItemLoaded("Decoding {}", parameter);
            }
            return Base64.decode(fixBrokenBase64(parameter));
        } catch (IllegalArgumentException unused) {
            return new byte[0];
        }
    }

    private CMSSignedData getMessageData(X509CRL x509crl) throws IOException, CMSException, GeneralSecurityException {
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        cMSSignedDataGenerator.addCRLs(x509crl == null ? new JcaCRLStore(Collections.emptyList()) : new JcaCRLStore(Collections.singleton(x509crl)));
        return cMSSignedDataGenerator.generate(new CMSAbsentContent());
    }

    private CMSSignedData getMessageData(List<X509Certificate> list) throws IOException, CMSException, GeneralSecurityException {
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        try {
            cMSSignedDataGenerator.addCertificates(new JcaCertStore(list));
            return cMSSignedDataGenerator.generate(new CMSAbsentContent());
        } catch (CertificateEncodingException e) {
            IOException iOException = new IOException();
            iOException.initCause(e);
            throw iOException;
        }
    }

    private Operation getOperation(HttpServletRequest httpServletRequest) {
        if (httpServletRequest.getParameter(OP_PARAM) == null) {
            return null;
        }
        return Operation.forName(httpServletRequest.getParameter(OP_PARAM));
    }

    protected abstract Set<Capability> doCapabilities(String str) throws Exception;

    protected abstract List<X509Certificate> doEnrol(PKCS10CertificationRequest pKCS10CertificationRequest, X509Certificate x509Certificate, TransactionId transactionId) throws Exception;

    protected abstract List<X509Certificate> doGetCaCertificate(String str) throws Exception;

    protected abstract List<X509Certificate> doGetCert(X500Name x500Name, BigInteger bigInteger) throws Exception;

    protected abstract List<X509Certificate> doGetCertInitial(X500Name x500Name, X500Name x500Name2, TransactionId transactionId) throws Exception;

    protected abstract X509CRL doGetCrl(X500Name x500Name, BigInteger bigInteger) throws Exception;

    protected abstract List<X509Certificate> getNextCaCertificate(String str) throws Exception;

    protected abstract X509Certificate getRecipient();

    protected abstract PrivateKey getRecipientKey();

    protected abstract X509Certificate getSigner();

    protected abstract X509Certificate[] getSignerCertificateChain();

    protected abstract PrivateKey getSignerKey();

    public final void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        CertRep certRep;
        List<X509Certificate> doEnrol;
        CertRep certRep2;
        List<X509Certificate> doGetCertInitial;
        List<X509Certificate> doGetCert;
        byte[] messageBytes = getMessageBytes(httpServletRequest);
        try {
            Operation operation = getOperation(httpServletRequest);
            if (operation == null) {
                httpServletResponse.sendError(400, "Missing \"operation\" parameter.");
                return;
            }
            AndroidStorageSupplierCompanion androidStorageSupplierCompanion = LOGGER;
            androidStorageSupplierCompanion.getTappableElementInsets("Incoming Operation: " + operation);
            String method = httpServletRequest.getMethod();
            Operation operation2 = Operation.PKI_OPERATION;
            if (operation == operation2) {
                if (!method.equals(POST) && !method.equals(GET)) {
                    httpServletResponse.setStatus(405);
                    httpServletResponse.addHeader("Allow", "GET, POST");
                    return;
                }
            } else if (!method.equals(GET)) {
                httpServletResponse.setStatus(405);
                httpServletResponse.addHeader("Allow", GET);
                return;
            }
            androidStorageSupplierCompanion.getTappableElementInsets("Method " + method + " Allowed for Operation: " + operation);
            if (operation == Operation.GET_CA_CAPS) {
                try {
                    androidStorageSupplierCompanion.getTappableElementInsets("Invoking doGetCaCaps");
                    doGetCaCaps(httpServletRequest, httpServletResponse);
                    return;
                } catch (Exception e) {
                    throw new ServletException(e);
                }
            }
            if (operation == Operation.GET_CA_CERT) {
                try {
                    androidStorageSupplierCompanion.getTappableElementInsets("Invoking doGetCaCert");
                    doGetCaCert(httpServletRequest, httpServletResponse);
                    return;
                } catch (Exception e2) {
                    throw new ServletException(e2);
                }
            }
            if (operation == Operation.GET_NEXT_CA_CERT) {
                try {
                    androidStorageSupplierCompanion.getTappableElementInsets("Invoking doGetNextCaCert");
                    doGetNextCaCert(httpServletRequest, httpServletResponse);
                    return;
                } catch (Exception e3) {
                    throw new ServletException(e3);
                }
            }
            if (operation != operation2) {
                httpServletResponse.sendError(400, "Unknown Operation");
                return;
            }
            httpServletResponse.setHeader("Content-Type", "application/x-pki-message");
            try {
                CMSSignedData cMSSignedData = new CMSSignedData(messageBytes);
                try {
                    try {
                        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance(ProviderUtil.X509).generateCertificate(new ByteArrayInputStream(cMSSignedData.getCertificates().getMatches(null).iterator().next().getEncoded()));
                        try {
                            PkiMessage<?> decode = new PkiMessageDecoder(x509Certificate, new PkcsPkiEnvelopeDecoder(getRecipient(), getRecipientKey())).decode(cMSSignedData);
                            androidStorageSupplierCompanion.onItemLoaded("Processing message {}", decode);
                            MessageType messageType = decode.getMessageType();
                            Object messageData = decode.getMessageData();
                            Nonce nextNonce = Nonce.nextNonce();
                            TransactionId transactionId = decode.getTransactionId();
                            Nonce senderNonce = decode.getSenderNonce();
                            if (messageType == MessageType.GET_CERT) {
                                IssuerAndSerialNumber issuerAndSerialNumber = (IssuerAndSerialNumber) messageData;
                                try {
                                    doGetCert = doGetCert(issuerAndSerialNumber.getName(), issuerAndSerialNumber.getSerialNumber().getValue());
                                } catch (OperationFailureException e4) {
                                    certRep = new CertRep(transactionId, nextNonce, senderNonce, e4.getFailInfo());
                                } catch (Exception e5) {
                                    throw new ServletException(e5);
                                }
                                if (doGetCert.size() != 0) {
                                    certRep = new CertRep(transactionId, nextNonce, senderNonce, getMessageData(doGetCert));
                                    certRep2 = certRep;
                                    httpServletResponse.getOutputStream().write(new PkiMessageEncoder(getSignerKey(), getSigner(), getSignerCertificateChain(), new PkcsPkiEnvelopeEncoder(x509Certificate, "DESede")).encode(certRep2).getEncoded());
                                    httpServletResponse.getOutputStream().close();
                                }
                                certRep2 = new CertRep(transactionId, nextNonce, senderNonce, FailInfo.badCertId);
                                try {
                                    httpServletResponse.getOutputStream().write(new PkiMessageEncoder(getSignerKey(), getSigner(), getSignerCertificateChain(), new PkcsPkiEnvelopeEncoder(x509Certificate, "DESede")).encode(certRep2).getEncoded());
                                    httpServletResponse.getOutputStream().close();
                                } catch (MessageEncodingException e6) {
                                    LOGGER.onTransact("Error decoding response", e6);
                                    throw new ServletException(e6);
                                }
                            }
                            if (messageType == MessageType.GET_CERT_INITIAL) {
                                IssuerAndSubject issuerAndSubject = (IssuerAndSubject) messageData;
                                try {
                                    doGetCertInitial = doGetCertInitial(X500Name.getInstance(issuerAndSubject.getIssuer()), X500Name.getInstance(issuerAndSubject.getSubject()), transactionId);
                                } catch (OperationFailureException e7) {
                                    certRep = new CertRep(transactionId, nextNonce, senderNonce, e7.getFailInfo());
                                } catch (Exception e8) {
                                    throw new ServletException(e8);
                                }
                                if (doGetCertInitial.size() == 0) {
                                    certRep2 = new CertRep(transactionId, nextNonce, senderNonce);
                                    httpServletResponse.getOutputStream().write(new PkiMessageEncoder(getSignerKey(), getSigner(), getSignerCertificateChain(), new PkcsPkiEnvelopeEncoder(x509Certificate, "DESede")).encode(certRep2).getEncoded());
                                    httpServletResponse.getOutputStream().close();
                                }
                                certRep = new CertRep(transactionId, nextNonce, senderNonce, getMessageData(doGetCertInitial));
                                certRep2 = certRep;
                                httpServletResponse.getOutputStream().write(new PkiMessageEncoder(getSignerKey(), getSigner(), getSignerCertificateChain(), new PkcsPkiEnvelopeEncoder(x509Certificate, "DESede")).encode(certRep2).getEncoded());
                                httpServletResponse.getOutputStream().close();
                            }
                            if (messageType == MessageType.GET_CRL) {
                                IssuerAndSerialNumber issuerAndSerialNumber2 = (IssuerAndSerialNumber) messageData;
                                X500Name name = issuerAndSerialNumber2.getName();
                                BigInteger value = issuerAndSerialNumber2.getSerialNumber().getValue();
                                try {
                                    androidStorageSupplierCompanion.getTappableElementInsets("Invoking doGetCrl");
                                    certRep2 = new CertRep(transactionId, nextNonce, senderNonce, getMessageData(doGetCrl(name, value)));
                                } catch (OperationFailureException e9) {
                                    LOGGER.onTransact("Error executing GetCRL request", e9);
                                    certRep2 = new CertRep(transactionId, nextNonce, senderNonce, e9.getFailInfo());
                                } catch (Exception e10) {
                                    LOGGER.onTransact("Error executing GetCRL request", e10);
                                    throw new ServletException(e10);
                                }
                            } else {
                                if (messageType != MessageType.PKCS_REQ) {
                                    throw new ServletException("Unknown Message for Operation");
                                }
                                PKCS10CertificationRequest pKCS10CertificationRequest = (PKCS10CertificationRequest) messageData;
                                try {
                                    androidStorageSupplierCompanion.getTappableElementInsets("Invoking doEnrol");
                                    doEnrol = doEnrol(pKCS10CertificationRequest, x509Certificate, transactionId);
                                } catch (OperationFailureException e11) {
                                    certRep = new CertRep(transactionId, nextNonce, senderNonce, e11.getFailInfo());
                                } catch (Exception e12) {
                                    throw new ServletException(e12);
                                }
                                if (doEnrol.size() == 0) {
                                    certRep2 = new CertRep(transactionId, nextNonce, senderNonce);
                                } else {
                                    certRep = new CertRep(transactionId, nextNonce, senderNonce, getMessageData(doEnrol));
                                    certRep2 = certRep;
                                }
                            }
                            httpServletResponse.getOutputStream().write(new PkiMessageEncoder(getSignerKey(), getSigner(), getSignerCertificateChain(), new PkcsPkiEnvelopeEncoder(x509Certificate, "DESede")).encode(certRep2).getEncoded());
                            httpServletResponse.getOutputStream().close();
                        } catch (MessageDecodingException e13) {
                            LOGGER.onTransact("Error decoding request", e13);
                            throw new ServletException(e13);
                        }
                    } catch (CertificateException e14) {
                        throw new ServletException(e14);
                    }
                } catch (CertificateException e15) {
                    throw new ServletException(e15);
                }
            } catch (CMSException e16) {
                throw new ServletException(e16);
            }
        } catch (IllegalArgumentException unused) {
            httpServletResponse.sendError(400, "Invalid \"operation\" parameter.");
        }
    }
}
