package org.xipki.ca.server.mgmt.api;

import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.xipki.security.AlgorithmValidator;
import org.xipki.security.CollectionAlgorithmValidator;
import org.xipki.security.HashAlgo;
import org.xipki.security.util.AlgorithmUtil;
import org.xipki.util.CollectionUtil;
import org.xipki.util.ConfPairs;
import org.xipki.util.InvalidConfException;
import org.xipki.util.ParamUtil;
import org.xipki.util.StringUtil;

/* loaded from: input_file:org/xipki/ca/server/mgmt/api/CmpControl.class */
public class CmpControl {
    public static final String ALGO_DELIMITER = ":";
    public static final String KEY_CONFIRM_CERT = "confirm.cert";
    public static final String KEY_SEND_CA = "send.ca";
    public static final String KEY_SEND_RESPONDER = "send.responder";
    public static final String KEY_MESSAGETIME_REQUIRED = "messagetime.required";
    public static final String KEY_MESSAGETIME_BIAS = "messagetime.bias";
    public static final String KEY_CONFIRM_WAITTIME = "confirm.waittime";
    public static final String KEY_PROTECTION_SIGALGO = "protection.sigalgo";
    public static final String KEY_PROTECTION_PBM_OWF = "protection.pbm.owf";
    public static final String KEY_PROTECTION_PBM_MAC = "protection.pbm.mac";
    public static final String KEY_PROTECTION_PBM_IC = "protection.pbm.ic";
    public static final String KEY_POPO_SIGALGO = "popo.sigalgo";
    public static final String KEY_GROUP_ENROLL = "group.enroll";
    public static final String KEY_RR_AKI_REQUIRED = "rr.aki.required";
    private static final int DFLT_MESSAGE_TIME_BIAS = 300;
    private static final int DFLT_CONFIRM_WAIT_TIME = 300;
    private static final int DFLT_PBM_ITERATIONCOUNT = 10240;
    private final String conf;
    private final boolean confirmCert;
    private final boolean sendCaCert;
    private final boolean messageTimeRequired;
    private final boolean sendResponderCert;
    private final int messageTimeBias;
    private final int confirmWaitTime;
    private final long confirmWaitTimeMs;
    private final boolean groupEnroll;
    private final boolean rrAkiRequired;
    private AlgorithmIdentifier responsePbmOwf;
    private List<ASN1ObjectIdentifier> requestPbmOwfs;
    private AlgorithmIdentifier responsePbmMac;
    private List<ASN1ObjectIdentifier> requestPbmMacs;
    private int responsePbmIterationCount = DFLT_PBM_ITERATIONCOUNT;
    private final CollectionAlgorithmValidator sigAlgoValidator;
    private final CollectionAlgorithmValidator popoAlgoValidator;

    public CmpControl(String str) throws InvalidConfException {
        ParamUtil.requireNonNull("conf", str);
        ConfPairs confPairs = new ConfPairs(str);
        this.confirmCert = getBoolean(confPairs, KEY_CONFIRM_CERT, false);
        this.sendCaCert = getBoolean(confPairs, KEY_SEND_CA, false);
        this.sendResponderCert = getBoolean(confPairs, KEY_SEND_RESPONDER, true);
        this.groupEnroll = getBoolean(confPairs, KEY_GROUP_ENROLL, false);
        this.messageTimeRequired = getBoolean(confPairs, KEY_MESSAGETIME_REQUIRED, true);
        this.messageTimeBias = getInt(confPairs, KEY_MESSAGETIME_BIAS, 300);
        this.rrAkiRequired = getBoolean(confPairs, KEY_RR_AKI_REQUIRED, false);
        this.confirmWaitTime = getInt(confPairs, KEY_CONFIRM_WAITTIME, 300);
        if (this.confirmWaitTime < 0) {
            throw new InvalidConfException("invalid confirm.waittime");
        }
        this.confirmWaitTimeMs = this.confirmWaitTime * 1000;
        String value = confPairs.value(KEY_PROTECTION_SIGALGO);
        if (value == null) {
            throw new InvalidConfException(KEY_PROTECTION_SIGALGO + " is not set");
        }
        try {
            this.sigAlgoValidator = new CollectionAlgorithmValidator(splitAlgos(value));
            confPairs.putPair(KEY_PROTECTION_SIGALGO, algosAsString(this.sigAlgoValidator.getAlgoNames()));
            String value2 = confPairs.value(KEY_POPO_SIGALGO);
            if (value2 == null) {
                throw new InvalidConfException(KEY_POPO_SIGALGO + " is not set");
            }
            try {
                this.popoAlgoValidator = new CollectionAlgorithmValidator(splitAlgos(value2));
                confPairs.putPair(KEY_POPO_SIGALGO, algosAsString(this.popoAlgoValidator.getAlgoNames()));
                String value3 = confPairs.value(KEY_PROTECTION_PBM_OWF);
                List<String> split = StringUtil.isBlank(value3) ? null : StringUtil.split(value3, ALGO_DELIMITER);
                String value4 = confPairs.value(KEY_PROTECTION_PBM_MAC);
                List<String> split2 = StringUtil.isBlank(value4) ? null : StringUtil.split(value4, ALGO_DELIMITER);
                String value5 = confPairs.value(KEY_PROTECTION_PBM_IC);
                initPbm(confPairs, split, split2, value5 == null ? null : Integer.valueOf(Integer.parseInt(value5)));
                this.conf = confPairs.getEncoded();
            } catch (NoSuchAlgorithmException e) {
                throw new InvalidConfException("invalid " + KEY_POPO_SIGALGO + ": " + value2, e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new InvalidConfException("invalid " + KEY_PROTECTION_SIGALGO + ": " + value, e2);
        }
    }

    public CmpControl(Boolean bool, Boolean bool2, Boolean bool3, Boolean bool4, Boolean bool5, Integer num, Integer num2, Boolean bool6, List<String> list, List<String> list2, List<String> list3, List<String> list4, Integer num3) throws InvalidConfException {
        if (num2 != null) {
            ParamUtil.requireMin("confirmWaitTime", num2.intValue(), 0);
        }
        ConfPairs confPairs = new ConfPairs();
        this.confirmCert = bool == null ? false : bool.booleanValue();
        confPairs.putPair(KEY_CONFIRM_CERT, Boolean.toString(this.confirmCert));
        this.sendCaCert = bool2 == null ? false : bool2.booleanValue();
        confPairs.putPair(KEY_SEND_CA, Boolean.toString(this.sendCaCert));
        this.messageTimeRequired = bool3 == null ? true : bool3.booleanValue();
        confPairs.putPair(KEY_MESSAGETIME_REQUIRED, Boolean.toString(this.messageTimeRequired));
        this.sendResponderCert = bool4 == null ? true : bool4.booleanValue();
        confPairs.putPair(KEY_SEND_RESPONDER, Boolean.toString(this.sendResponderCert));
        this.rrAkiRequired = bool5 == null ? true : bool5.booleanValue();
        confPairs.putPair(KEY_RR_AKI_REQUIRED, Boolean.toString(this.rrAkiRequired));
        this.messageTimeBias = num == null ? 300 : num.intValue();
        confPairs.putPair(KEY_MESSAGETIME_BIAS, Integer.toString(this.messageTimeBias));
        this.confirmWaitTime = num2 == null ? 300 : num2.intValue();
        confPairs.putPair(KEY_CONFIRM_WAITTIME, Integer.toString(this.confirmWaitTime));
        this.confirmWaitTimeMs = this.confirmWaitTime * 1000;
        this.groupEnroll = bool6 == null ? false : bool6.booleanValue();
        try {
            this.sigAlgoValidator = new CollectionAlgorithmValidator(list);
            if (CollectionUtil.isNonEmpty(list)) {
                confPairs.putPair(KEY_PROTECTION_SIGALGO, algosAsString(this.sigAlgoValidator.getAlgoNames()));
            }
            try {
                this.popoAlgoValidator = new CollectionAlgorithmValidator(list2);
                if (CollectionUtil.isNonEmpty(list2)) {
                    confPairs.putPair(KEY_POPO_SIGALGO, algosAsString(this.popoAlgoValidator.getAlgoNames()));
                }
                initPbm(confPairs, list3, list4, num3);
                if (CollectionUtil.isNonEmpty(list3)) {
                    confPairs.putPair(KEY_PROTECTION_PBM_OWF, algosAsString(list3));
                }
                if (CollectionUtil.isNonEmpty(list4)) {
                    confPairs.putPair(KEY_PROTECTION_PBM_MAC, algosAsString(list4));
                }
                confPairs.putPair(KEY_PROTECTION_PBM_IC, Integer.toString(this.responsePbmIterationCount));
                this.conf = confPairs.getEncoded();
            } catch (NoSuchAlgorithmException e) {
                throw new InvalidConfException("invalid popoAlgos", e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new InvalidConfException("invalid sigAlgos", e2);
        }
    }

    private void initPbm(ConfPairs confPairs, List<String> list, List<String> list2, Integer num) throws InvalidConfException {
        if (num == null) {
            num = Integer.valueOf(DFLT_PBM_ITERATIONCOUNT);
        }
        if (CollectionUtil.isEmpty(list)) {
            list = Arrays.asList("SHA256");
        }
        if (CollectionUtil.isEmpty(list2)) {
            list2 = Arrays.asList("HMACSHA256");
        }
        if (num.intValue() <= 0) {
            throw new InvalidConfException("invalid pbmIterationCount " + num);
        }
        this.responsePbmIterationCount = num.intValue();
        confPairs.putPair(KEY_PROTECTION_PBM_IC, Integer.toString(num.intValue()));
        this.requestPbmOwfs = new ArrayList(list.size());
        ArrayList arrayList = new ArrayList(list.size());
        for (int i = 0; i < list.size(); i++) {
            String str = list.get(i);
            try {
                HashAlgo nonNullInstance = HashAlgo.getNonNullInstance(str);
                arrayList.add(nonNullInstance.getName());
                this.requestPbmOwfs.add(nonNullInstance.getOid());
                if (i == 0) {
                    this.responsePbmOwf = nonNullInstance.getAlgorithmIdentifier();
                }
            } catch (Exception e) {
                throw new InvalidConfException("invalid pbmPwf " + str, e);
            }
        }
        confPairs.putPair(KEY_PROTECTION_PBM_OWF, algosAsString(arrayList));
        arrayList.clear();
        this.requestPbmMacs = new ArrayList(list2.size());
        for (int i2 = 0; i2 < list2.size(); i2++) {
            String str2 = list2.get(i2);
            try {
                AlgorithmIdentifier macAlgId = AlgorithmUtil.getMacAlgId(str2);
                arrayList.add(AlgorithmUtil.getSigOrMacAlgoName(macAlgId));
                this.requestPbmMacs.add(macAlgId.getAlgorithm());
                if (i2 == 0) {
                    this.responsePbmMac = macAlgId;
                }
            } catch (NoSuchAlgorithmException e2) {
                throw new InvalidConfException("invalid pbmMac " + str2, e2);
            }
        }
        confPairs.putPair(KEY_PROTECTION_PBM_MAC, algosAsString(arrayList));
    }

    public boolean isMessageTimeRequired() {
        return this.messageTimeRequired;
    }

    public boolean isConfirmCert() {
        return this.confirmCert;
    }

    public int getMessageTimeBias() {
        return this.messageTimeBias;
    }

    public int getConfirmWaitTime() {
        return this.confirmWaitTime;
    }

    public long getConfirmWaitTimeMs() {
        return this.confirmWaitTimeMs;
    }

    public boolean isSendCaCert() {
        return this.sendCaCert;
    }

    public boolean isRrAkiRequired() {
        return this.rrAkiRequired;
    }

    public boolean isSendResponderCert() {
        return this.sendResponderCert;
    }

    public boolean isGroupEnroll() {
        return this.groupEnroll;
    }

    public AlgorithmValidator getSigAlgoValidator() {
        return this.sigAlgoValidator;
    }

    public AlgorithmValidator getPopoAlgoValidator() {
        return this.popoAlgoValidator;
    }

    public AlgorithmIdentifier getResponsePbmOwf() {
        return this.responsePbmOwf;
    }

    public AlgorithmIdentifier getResponsePbmMac() {
        return this.responsePbmMac;
    }

    public int getResponsePbmIterationCount() {
        return this.responsePbmIterationCount;
    }

    public boolean isRequestPbmOwfPermitted(AlgorithmIdentifier algorithmIdentifier) {
        ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
        Iterator<ASN1ObjectIdentifier> it = this.requestPbmOwfs.iterator();
        while (it.hasNext()) {
            if (it.next().equals(algorithm)) {
                return true;
            }
        }
        return false;
    }

    public boolean isRequestPbmMacPermitted(AlgorithmIdentifier algorithmIdentifier) {
        ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
        Iterator<ASN1ObjectIdentifier> it = this.requestPbmMacs.iterator();
        while (it.hasNext()) {
            if (it.next().equals(algorithm)) {
                return true;
            }
        }
        return false;
    }

    public String getConf() {
        return this.conf;
    }

    public int hashCode() {
        return this.conf.hashCode();
    }

    public String toString() {
        return toString(false);
    }

    public String toString(boolean z) {
        Object[] objArr = new Object[22];
        objArr[0] = Boolean.valueOf(this.confirmCert);
        objArr[1] = "\n  send CA cert: ";
        objArr[2] = Boolean.valueOf(this.sendCaCert);
        objArr[3] = "\n  message time required: ";
        objArr[4] = Boolean.valueOf(this.messageTimeRequired);
        objArr[5] = "\n  send responder cert: ";
        objArr[6] = Boolean.valueOf(this.sendResponderCert);
        objArr[7] = "\n  message time bias: ";
        objArr[8] = Integer.valueOf(this.messageTimeBias);
        objArr[9] = "\n  confirm waiting time: ";
        objArr[10] = Integer.valueOf(this.confirmWaitTime);
        objArr[11] = "s";
        objArr[12] = "\n  hroup enroll: ";
        objArr[13] = Boolean.valueOf(this.groupEnroll);
        objArr[14] = "\n  AKI in revocation request required: ";
        objArr[15] = Boolean.valueOf(this.rrAkiRequired);
        objArr[16] = "\n  signature algorithms: ";
        objArr[17] = this.sigAlgoValidator.getAlgoNames();
        objArr[18] = "\n  POPO algorithms: ";
        objArr[19] = this.popoAlgoValidator.getAlgoNames();
        objArr[20] = z ? "\n  encoded: " : "";
        objArr[21] = z ? this.conf : "";
        return StringUtil.concatObjects("  confirm cert: ", objArr);
    }

    public boolean equals(Object obj) {
        if (obj instanceof CmpControl) {
            return this.conf.equals(((CmpControl) obj).conf);
        }
        return false;
    }

    private static boolean getBoolean(ConfPairs confPairs, String str, boolean z) {
        String value = confPairs.value(str);
        boolean parseBoolean = StringUtil.isBlank(value) ? z : Boolean.parseBoolean(value);
        confPairs.putPair(str, Boolean.toString(parseBoolean));
        return parseBoolean;
    }

    private static int getInt(ConfPairs confPairs, String str, int i) {
        String value = confPairs.value(str);
        int parseInt = StringUtil.isBlank(value) ? i : Integer.parseInt(value);
        confPairs.putPair(str, Integer.toString(parseInt));
        return parseInt;
    }

    private static String algosAsString(Collection<String> collection) {
        return StringUtil.collectionAsString(collection, ALGO_DELIMITER);
    }

    private static Set<String> splitAlgos(String str) {
        return StringUtil.splitAsSet(str, ALGO_DELIMITER);
    }
}
