package org.xipki.ca.server;

import java.io.ByteArrayInputStream;
import java.io.EOFException;
import java.math.BigInteger;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.util.Arrays;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.audit.AuditEvent;
import org.xipki.audit.AuditLevel;
import org.xipki.audit.AuditStatus;
import org.xipki.ca.api.CertWithDbId;
import org.xipki.ca.api.CertificateInfo;
import org.xipki.ca.api.InsuffientPermissionException;
import org.xipki.ca.api.NameId;
import org.xipki.ca.api.OperationException;
import org.xipki.ca.api.RequestType;
import org.xipki.ca.api.mgmt.CaStatus;
import org.xipki.ca.api.mgmt.RequestorInfo;
import org.xipki.security.CrlReason;
import org.xipki.security.X509Cert;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;
import org.xipki.util.Base64;
import org.xipki.util.DateUtil;
import org.xipki.util.LogUtil;
import org.xipki.util.PemEncoder;
import org.xipki.util.RandomUtil;
import org.xipki.util.StringUtil;

/* loaded from: input_file:org/xipki/ca/server/RestResponder.class */
public class RestResponder {
    private static final int OK = 200;
    private static final int BAD_REQUEST = 400;
    private static final int UNAUTHORIZED = 401;
    private static final int NOT_FOUND = 404;
    private static final int CONFLICT = 409;
    private static final int UNSUPPORTED_MEDIA_TYPE = 415;
    private static final int INTERNAL_SERVER_ERROR = 500;
    private static final int SERVICE_UNAVAILABLE = 503;
    private static final Logger LOG = LoggerFactory.getLogger(RestResponder.class);
    private final CaManagerImpl responderManager;

    /* renamed from: org.xipki.ca.server.RestResponder$1, reason: invalid class name */
    /* loaded from: input_file:org/xipki/ca/server/RestResponder$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$xipki$ca$api$OperationException$ErrorCode = new int[OperationException.ErrorCode.values().length];

        static {
            try {
                $SwitchMap$org$xipki$ca$api$OperationException$ErrorCode[OperationException.ErrorCode.ALREADY_ISSUED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$OperationException$ErrorCode[OperationException.ErrorCode.BAD_CERT_TEMPLATE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$OperationException$ErrorCode[OperationException.ErrorCode.BAD_REQUEST.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$OperationException$ErrorCode[OperationException.ErrorCode.CERT_REVOKED.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$OperationException$ErrorCode[OperationException.ErrorCode.CRL_FAILURE.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$OperationException$ErrorCode[OperationException.ErrorCode.DATABASE_FAILURE.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$OperationException$ErrorCode[OperationException.ErrorCode.NOT_PERMITTED.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$OperationException$ErrorCode[OperationException.ErrorCode.INVALID_EXTENSION.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$OperationException$ErrorCode[OperationException.ErrorCode.SYSTEM_FAILURE.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$OperationException$ErrorCode[OperationException.ErrorCode.SYSTEM_UNAVAILABLE.ordinal()] = 10;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$OperationException$ErrorCode[OperationException.ErrorCode.UNKNOWN_CERT.ordinal()] = 11;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$OperationException$ErrorCode[OperationException.ErrorCode.UNKNOWN_CERT_PROFILE.ordinal()] = 12;
            } catch (NoSuchFieldError e12) {
            }
        }
    }

    /* loaded from: input_file:org/xipki/ca/server/RestResponder$HttpRespAuditException.class */
    private static class HttpRespAuditException extends Exception {
        private static final long serialVersionUID = 1;
        private final int httpStatus;
        private final String auditMessage;
        private final AuditLevel auditLevel;
        private AuditStatus auditStatus;

        public HttpRespAuditException(int i, String str, AuditLevel auditLevel, AuditStatus auditStatus) {
            this.httpStatus = i;
            this.auditMessage = Args.notBlank(str, "auditMessage");
            this.auditLevel = (AuditLevel) Args.notNull(auditLevel, "auditLevel");
            this.auditStatus = (AuditStatus) Args.notNull(auditStatus, "auditStatus");
        }

        public int getHttpStatus() {
            return this.httpStatus;
        }

        public String getAuditMessage() {
            return this.auditMessage;
        }

        public AuditLevel getAuditLevel() {
            return this.auditLevel;
        }

        public AuditStatus getAuditStatus() {
            return this.auditStatus;
        }
    }

    /* loaded from: input_file:org/xipki/ca/server/RestResponder$RestResponse.class */
    public static class RestResponse {
        private int statusCode;
        private String contentType;
        private Map<String, String> headers;
        private byte[] body;

        public RestResponse(int i, String str, Map<String, String> map, byte[] bArr) {
            this.headers = new HashMap();
            this.statusCode = i;
            this.contentType = str;
            this.headers = map;
            this.body = bArr;
        }

        public int getStatusCode() {
            return this.statusCode;
        }

        public void setStatusCode(int i) {
            this.statusCode = i;
        }

        public String getContentType() {
            return this.contentType;
        }

        public void setContentType(String str) {
            this.contentType = str;
        }

        public Map<String, String> getHeaders() {
            return this.headers;
        }

        public void setHeaders(Map<String, String> map) {
            this.headers = map;
        }

        public byte[] getBody() {
            return this.body;
        }

        public void setBody(byte[] bArr) {
            this.body = bArr;
        }
    }

    public RestResponder(CaManagerImpl caManagerImpl) {
        this.responderManager = caManagerImpl;
    }

    public RestResponse service(String str, AuditEvent auditEvent, byte[] bArr, HttpRequestMetadataRetriever httpRequestMetadataRetriever) {
        int i;
        String str2;
        String str3;
        RequestorInfo.ByUserRequestorInfo requestor;
        X500Name subject;
        Extensions extensions;
        auditEvent.setApplicationName("ca");
        auditEvent.setName(CaAuditConstants.NAME_perf);
        auditEvent.addEventData(CaAuditConstants.NAME_req_type, RequestType.REST.name());
        String nextHexLong = RandomUtil.nextHexLong();
        auditEvent.addEventData(CaAuditConstants.NAME_mid, nextHexLong);
        AuditLevel auditLevel = AuditLevel.INFO;
        AuditStatus auditStatus = AuditStatus.SUCCESSFUL;
        try {
            try {
                try {
                    if (this.responderManager == null) {
                        LOG.error("responderManager in servlet not configured");
                        throw new HttpRespAuditException(INTERNAL_SERVER_ERROR, "responderManager in servlet not configured", AuditLevel.ERROR, AuditStatus.FAILED);
                    }
                    String str4 = null;
                    String str5 = null;
                    X509Ca x509Ca = null;
                    if (str.length() > 1) {
                        int indexOf = str.indexOf(47, 1);
                        if (indexOf == -1 || indexOf == str.length() - 1) {
                            String str6 = "invalid path " + str;
                            LOG.error(str6);
                            throw new HttpRespAuditException(NOT_FOUND, str6, AuditLevel.ERROR, AuditStatus.FAILED);
                        }
                        String lowerCase = str.substring(1, indexOf).toLowerCase();
                        str5 = str.substring(indexOf + 1);
                        str4 = this.responderManager.getCaNameForAlias(lowerCase);
                        if (str4 == null) {
                            str4 = lowerCase;
                        }
                        x509Ca = this.responderManager.getX509CaResponder(str4).getCa();
                    }
                    if (str4 == null || x509Ca == null || !x509Ca.getCaInfo().supportsRest() || x509Ca.getCaInfo().getStatus() != CaStatus.ACTIVE) {
                        String str7 = str4 == null ? "no CA is specified" : x509Ca == null ? "unknown CA '" + str4 + "'" : !x509Ca.getCaInfo().supportsRest() ? "REST is not supported by the CA '" + str4 + "'" : "CA '" + str4 + "' is out of service";
                        LOG.warn(str7);
                        throw new HttpRespAuditException(NOT_FOUND, str7, AuditLevel.INFO, AuditStatus.FAILED);
                    }
                    auditEvent.addEventData("ca", x509Ca.getCaIdent().getName());
                    auditEvent.addEventType(str5);
                    String header = httpRequestMetadataRetriever.getHeader("Authorization");
                    if (header == null || !header.startsWith("Basic ")) {
                        X509Certificate tlsClientCert = httpRequestMetadataRetriever.getTlsClientCert();
                        if (tlsClientCert == null) {
                            throw new HttpRespAuditException(UNAUTHORIZED, "no client certificate", AuditLevel.INFO, AuditStatus.FAILED);
                        }
                        requestor = x509Ca.getRequestor(tlsClientCert);
                    } else {
                        String str8 = null;
                        byte[] bArr2 = null;
                        if (header.length() > 6) {
                            byte[] decodeFast = Base64.decodeFast(header.substring(6));
                            int i2 = -1;
                            int i3 = 0;
                            while (true) {
                                if (i3 >= decodeFast.length) {
                                    break;
                                }
                                if (decodeFast[i3] == 58) {
                                    i2 = i3;
                                    break;
                                }
                                i3++;
                            }
                            if (i2 != -1 && i2 < decodeFast.length - 1) {
                                str8 = new String(Arrays.copyOfRange(decodeFast, 0, i2));
                                bArr2 = Arrays.copyOfRange(decodeFast, i2 + 1, decodeFast.length);
                            }
                        }
                        if (str8 == null) {
                            throw new HttpRespAuditException(UNAUTHORIZED, "invalid Authorization information", AuditLevel.INFO, AuditStatus.FAILED);
                        }
                        NameId authenticateUser = x509Ca.authenticateUser(str8, bArr2);
                        if (authenticateUser == null) {
                            throw new HttpRespAuditException(UNAUTHORIZED, "could not authenticate user", AuditLevel.INFO, AuditStatus.FAILED);
                        }
                        requestor = x509Ca.getByUserRequestor(authenticateUser);
                    }
                    if (requestor == null) {
                        throw new OperationException(OperationException.ErrorCode.NOT_PERMITTED, "no requestor specified");
                    }
                    auditEvent.addEventData(CaAuditConstants.NAME_requestor, requestor.getIdent().getName());
                    String str9 = null;
                    byte[] bArr3 = null;
                    if ("cacert".equalsIgnoreCase(str5)) {
                        str9 = "application/pkix-cert";
                        bArr3 = x509Ca.getCaInfo().getCert().getEncodedCert();
                    } else if ("dhpoc-certs".equalsIgnoreCase(str5)) {
                        DhpocControl dhpocControl = this.responderManager.getX509Ca(str4).getCaInfo().getDhpocControl();
                        if (dhpocControl == null) {
                            bArr3 = new byte[0];
                        } else {
                            str9 = "application/x-pem-file";
                            bArr3 = StringUtil.toUtf8Bytes(X509Util.encodeCertificates(dhpocControl.getCertificates()));
                        }
                    } else if ("cacertchain".equalsIgnoreCase(str5)) {
                        str9 = "application/x-pem-file";
                        List<X509Cert> certchain = x509Ca.getCaInfo().getCertchain();
                        int size = 1 + (certchain == null ? 0 : certchain.size());
                        X509Cert[] x509CertArr = new X509Cert[size];
                        x509CertArr[0] = x509Ca.getCaInfo().getCert();
                        if (size > 1) {
                            for (int i4 = 1; i4 < size; i4++) {
                                x509CertArr[i4] = certchain.get(i4 - 1);
                            }
                        }
                        bArr3 = StringUtil.toUtf8Bytes(X509Util.encodeCertificates(x509CertArr));
                    } else if ("enroll-cert".equalsIgnoreCase(str5) || "enroll-cert-cagenkeypair".equalsIgnoreCase(str5)) {
                        String parameter = httpRequestMetadataRetriever.getParameter("profile");
                        if (StringUtil.isBlank(parameter)) {
                            throw new HttpRespAuditException(BAD_REQUEST, "required parameter profile not specified", AuditLevel.INFO, AuditStatus.FAILED);
                        }
                        String lowerCase2 = parameter.toLowerCase();
                        try {
                            requestor.assertPermitted(1);
                            if (!requestor.isCertprofilePermitted(lowerCase2)) {
                                throw new OperationException(OperationException.ErrorCode.NOT_PERMITTED, "certprofile " + lowerCase2 + " is not allowed");
                            }
                            String parameter2 = httpRequestMetadataRetriever.getParameter("not-before");
                            Date parseUtcTimeyyyyMMddhhmmss = parameter2 == null ? null : DateUtil.parseUtcTimeyyyyMMddhhmmss(parameter2);
                            String parameter3 = httpRequestMetadataRetriever.getParameter("not-after");
                            Date parseUtcTimeyyyyMMddhhmmss2 = parameter3 == null ? null : DateUtil.parseUtcTimeyyyyMMddhhmmss(parameter3);
                            if ("enroll-cert-cagenkeypair".equalsIgnoreCase(str5)) {
                                String header2 = httpRequestMetadataRetriever.getHeader("Content-Type");
                                if (header2.startsWith("text/plain")) {
                                    Properties properties = new Properties();
                                    properties.load(new ByteArrayInputStream(bArr));
                                    String property = properties.getProperty(CaAuditConstants.NAME_subject);
                                    if (property == null) {
                                        throw new OperationException(OperationException.ErrorCode.BAD_CERT_TEMPLATE, "subject is not specified");
                                    }
                                    try {
                                        subject = new X500Name(property);
                                        extensions = null;
                                    } catch (Exception e) {
                                        throw new OperationException(OperationException.ErrorCode.BAD_CERT_TEMPLATE, "invalid subject");
                                    }
                                } else {
                                    if (!"application/pkcs10".equalsIgnoreCase(header2)) {
                                        throw new HttpRespAuditException(UNSUPPORTED_MEDIA_TYPE, "unsupported media type " + header2, AuditLevel.INFO, AuditStatus.FAILED);
                                    }
                                    CertificationRequestInfo certificationRequestInfo = CertificationRequest.getInstance(bArr).getCertificationRequestInfo();
                                    subject = certificationRequestInfo.getSubject();
                                    extensions = CaUtil.getExtensions(certificationRequestInfo);
                                }
                                CertificateInfo generateCert = x509Ca.generateCert(new CertTemplateData(subject, null, parseUtcTimeyyyyMMddhhmmss, parseUtcTimeyyyyMMddhhmmss2, extensions, lowerCase2, null, true), (RequestorInfo) requestor, RequestType.REST, (byte[]) null, nextHexLong);
                                if (x509Ca.getCaInfo().isSaveRequest()) {
                                    x509Ca.addRequestCert(x509Ca.addRequest(bArr), generateCert.getCert().getCertId().longValue());
                                }
                                str9 = "application/x-pem-file";
                                byte[] encode = PemEncoder.encode(generateCert.getPrivateKey().getEncoded(), PemEncoder.PemLabel.PRIVATE_KEY);
                                byte[] encode2 = PemEncoder.encode(generateCert.getCert().getEncodedCert(), PemEncoder.PemLabel.CERTIFICATE);
                                bArr3 = new byte[encode.length + 2 + encode2.length];
                                System.arraycopy(encode, 0, bArr3, 0, encode.length);
                                bArr3[encode.length] = 13;
                                bArr3[encode.length + 1] = 10;
                                System.arraycopy(encode2, 0, bArr3, encode.length + 2, encode2.length);
                            } else {
                                String header3 = httpRequestMetadataRetriever.getHeader("Content-Type");
                                if (!"application/pkcs10".equalsIgnoreCase(header3)) {
                                    throw new HttpRespAuditException(UNSUPPORTED_MEDIA_TYPE, "unsupported media type " + header3, AuditLevel.INFO, AuditStatus.FAILED);
                                }
                                CertificationRequest certificationRequest = CertificationRequest.getInstance(bArr);
                                if (!x509Ca.verifyCsr(certificationRequest)) {
                                    throw new OperationException(OperationException.ErrorCode.BAD_POP);
                                }
                                CertificationRequestInfo certificationRequestInfo2 = certificationRequest.getCertificationRequestInfo();
                                CertificateInfo generateCert2 = x509Ca.generateCert(new CertTemplateData(certificationRequestInfo2.getSubject(), certificationRequestInfo2.getSubjectPublicKeyInfo(), parseUtcTimeyyyyMMddhhmmss, parseUtcTimeyyyyMMddhhmmss2, CaUtil.getExtensions(certificationRequestInfo2), lowerCase2), (RequestorInfo) requestor, RequestType.REST, (byte[]) null, nextHexLong);
                                if (x509Ca.getCaInfo().isSaveRequest()) {
                                    x509Ca.addRequestCert(x509Ca.addRequest(bArr), generateCert2.getCert().getCertId().longValue());
                                }
                                CertWithDbId cert = generateCert2.getCert();
                                if (cert == null) {
                                    LOG.warn("could not generate certificate");
                                    throw new HttpRespAuditException(INTERNAL_SERVER_ERROR, "could not generate certificate", AuditLevel.INFO, AuditStatus.FAILED);
                                }
                                str9 = "application/pkix-cert";
                                bArr3 = cert.getEncodedCert();
                            }
                        } catch (InsuffientPermissionException e2) {
                            throw new OperationException(OperationException.ErrorCode.NOT_PERMITTED, e2.getMessage());
                        }
                    } else if ("revoke-cert".equalsIgnoreCase(str5) || "delete-cert".equalsIgnoreCase(str5)) {
                        try {
                            requestor.assertPermitted("revoke-cert".equalsIgnoreCase(str5) ? 2 : 8);
                            String parameter4 = httpRequestMetadataRetriever.getParameter("ca-sha1");
                            if (StringUtil.isBlank(parameter4)) {
                                throw new HttpRespAuditException(BAD_REQUEST, "required parameter ca-sha1 not specified", AuditLevel.INFO, AuditStatus.FAILED);
                            }
                            String parameter5 = httpRequestMetadataRetriever.getParameter("serial-number");
                            if (StringUtil.isBlank(parameter5)) {
                                throw new HttpRespAuditException(BAD_REQUEST, "required parameter serial-number not specified", AuditLevel.INFO, AuditStatus.FAILED);
                            }
                            if (!parameter4.equalsIgnoreCase(x509Ca.getHexSha1OfCert())) {
                                throw new HttpRespAuditException(BAD_REQUEST, "unknown ca-sha1", AuditLevel.INFO, AuditStatus.FAILED);
                            }
                            BigInteger bigInt = toBigInt(parameter5);
                            if ("revoke-cert".equalsIgnoreCase(str5)) {
                                String parameter6 = httpRequestMetadataRetriever.getParameter(CaAuditConstants.NAME_reason);
                                CrlReason forNameOrText = parameter6 == null ? CrlReason.UNSPECIFIED : CrlReason.forNameOrText(parameter6);
                                if (forNameOrText == CrlReason.REMOVE_FROM_CRL) {
                                    x509Ca.unrevokeCert(bigInt, nextHexLong);
                                } else {
                                    String parameter7 = httpRequestMetadataRetriever.getParameter("invalidity-time");
                                    x509Ca.revokeCert(bigInt, forNameOrText, StringUtil.isNotBlank(parameter7) ? DateUtil.parseUtcTimeyyyyMMddhhmmss(parameter7) : null, nextHexLong);
                                }
                            } else if ("delete-cert".equalsIgnoreCase(str5)) {
                                x509Ca.removeCert(bigInt, nextHexLong);
                            }
                        } catch (InsuffientPermissionException e3) {
                            throw new OperationException(OperationException.ErrorCode.NOT_PERMITTED, e3.getMessage());
                        }
                    } else if ("crl".equalsIgnoreCase(str5)) {
                        try {
                            requestor.assertPermitted(64);
                            String parameter8 = httpRequestMetadataRetriever.getParameter("crl-number");
                            BigInteger bigInteger = null;
                            if (StringUtil.isNotBlank(parameter8)) {
                                try {
                                    bigInteger = toBigInt(parameter8);
                                } catch (NumberFormatException e4) {
                                    String str10 = "invalid crlNumber '" + parameter8 + "'";
                                    LOG.warn(str10);
                                    throw new HttpRespAuditException(BAD_REQUEST, str10, AuditLevel.INFO, AuditStatus.FAILED);
                                }
                            }
                            X509CRL crl = x509Ca.getCrl(bigInteger);
                            if (crl == null) {
                                LOG.warn("could not get CRL");
                                throw new HttpRespAuditException(INTERNAL_SERVER_ERROR, "could not get CRL", AuditLevel.INFO, AuditStatus.FAILED);
                            }
                            str9 = "application/pkix-crl";
                            bArr3 = crl.getEncoded();
                        } catch (InsuffientPermissionException e5) {
                            throw new OperationException(OperationException.ErrorCode.NOT_PERMITTED, e5.getMessage());
                        }
                    } else {
                        if (!"new-crl".equalsIgnoreCase(str5)) {
                            String str11 = "invalid command '" + str5 + "'";
                            LOG.error(str11);
                            throw new HttpRespAuditException(NOT_FOUND, str11, AuditLevel.INFO, AuditStatus.FAILED);
                        }
                        try {
                            requestor.assertPermitted(32);
                            X509CRL generateCrlOnDemand = x509Ca.generateCrlOnDemand(nextHexLong);
                            if (generateCrlOnDemand == null) {
                                LOG.warn("could not generate CRL");
                                throw new HttpRespAuditException(INTERNAL_SERVER_ERROR, "could not generate CRL", AuditLevel.INFO, AuditStatus.FAILED);
                            }
                            str9 = "application/pkix-crl";
                            bArr3 = generateCrlOnDemand.getEncoded();
                        } catch (InsuffientPermissionException e6) {
                            throw new OperationException(OperationException.ErrorCode.NOT_PERMITTED, e6.getMessage());
                        }
                    }
                    HashMap hashMap = new HashMap();
                    hashMap.put("X-xipki-pkistatus", "accepted");
                    RestResponse restResponse = new RestResponse(OK, str9, hashMap, bArr3);
                    auditEvent.setStatus(auditStatus);
                    auditEvent.setLevel(auditLevel);
                    if (0 != 0) {
                        auditEvent.addEventData(CaAuditConstants.NAME_message, (Object) null);
                    }
                    return restResponse;
                } catch (Throwable th) {
                    if (th instanceof EOFException) {
                        LogUtil.warn(LOG, th, "connection reset by peer");
                    } else {
                        LOG.error("Throwable thrown, this should not happen!", th);
                    }
                    AuditLevel auditLevel2 = AuditLevel.ERROR;
                    AuditStatus auditStatus2 = AuditStatus.FAILED;
                    RestResponse restResponse2 = new RestResponse(INTERNAL_SERVER_ERROR, null, null, null);
                    auditEvent.setStatus(auditStatus2);
                    auditEvent.setLevel(auditLevel2);
                    if ("internal error" != 0) {
                        auditEvent.addEventData(CaAuditConstants.NAME_message, "internal error");
                    }
                    return restResponse2;
                }
            } catch (OperationException e7) {
                OperationException.ErrorCode errorCode = e7.getErrorCode();
                if (LOG.isWarnEnabled()) {
                    LogUtil.warn(LOG, e7, StringUtil.concat("generate certificate, OperationException: code=", new String[]{errorCode.name(), ", message=", e7.getErrorMessage()}));
                }
                switch (AnonymousClass1.$SwitchMap$org$xipki$ca$api$OperationException$ErrorCode[errorCode.ordinal()]) {
                    case PasswordHash.SALT_INDEX /* 1 */:
                        i = BAD_REQUEST;
                        str2 = "badRequest";
                        break;
                    case PasswordHash.PBKDF2_INDEX /* 2 */:
                        i = BAD_REQUEST;
                        str2 = "badCertTemplate";
                        break;
                    case 3:
                        i = BAD_REQUEST;
                        str2 = "badRequest";
                        break;
                    case 4:
                        i = CONFLICT;
                        str2 = "certRevoked";
                        break;
                    case 5:
                        i = INTERNAL_SERVER_ERROR;
                        str2 = "systemFailure";
                        break;
                    case 6:
                        i = INTERNAL_SERVER_ERROR;
                        str2 = "systemFailure";
                        break;
                    case 7:
                        i = UNAUTHORIZED;
                        str2 = "notAuthorized";
                        break;
                    case 8:
                        i = BAD_REQUEST;
                        str2 = "badRequest";
                        break;
                    case 9:
                        i = INTERNAL_SERVER_ERROR;
                        str2 = "systemFailure";
                        break;
                    case 10:
                        i = SERVICE_UNAVAILABLE;
                        str2 = "systemUnavail";
                        break;
                    case 11:
                        i = BAD_REQUEST;
                        str2 = "badCertId";
                        break;
                    case 12:
                        i = BAD_REQUEST;
                        str2 = "badCertTemplate";
                        break;
                    default:
                        i = INTERNAL_SERVER_ERROR;
                        str2 = "systemFailure";
                        break;
                }
                auditEvent.setStatus(AuditStatus.FAILED);
                auditEvent.addEventData(CaAuditConstants.NAME_message, errorCode.name());
                switch (AnonymousClass1.$SwitchMap$org$xipki$ca$api$OperationException$ErrorCode[errorCode.ordinal()]) {
                    case 6:
                    case 9:
                        str3 = errorCode.name();
                        break;
                    default:
                        str3 = errorCode.name() + ": " + e7.getErrorMessage();
                        break;
                }
                HashMap hashMap2 = new HashMap();
                hashMap2.put("X-xipki-pkistatus", "rejection");
                if (StringUtil.isNotBlank(str2)) {
                    hashMap2.put("X-xipki-fail-info", str2);
                }
                RestResponse restResponse3 = new RestResponse(i, null, hashMap2, null);
                auditEvent.setStatus(auditStatus);
                auditEvent.setLevel(auditLevel);
                if (str3 != null) {
                    auditEvent.addEventData(CaAuditConstants.NAME_message, str3);
                }
                return restResponse3;
            } catch (HttpRespAuditException e8) {
                AuditStatus auditStatus3 = e8.getAuditStatus();
                AuditLevel auditLevel3 = e8.getAuditLevel();
                String auditMessage = e8.getAuditMessage();
                RestResponse restResponse4 = new RestResponse(e8.getHttpStatus(), null, null, null);
                auditEvent.setStatus(auditStatus3);
                auditEvent.setLevel(auditLevel3);
                if (auditMessage != null) {
                    auditEvent.addEventData(CaAuditConstants.NAME_message, auditMessage);
                }
                return restResponse4;
            }
        } catch (Throwable th2) {
            auditEvent.setStatus(auditStatus);
            auditEvent.setLevel(auditLevel);
            if (0 != 0) {
                auditEvent.addEventData(CaAuditConstants.NAME_message, (Object) null);
            }
            throw th2;
        }
    }

    private static BigInteger toBigInt(String str) {
        String trim = str.trim();
        if (!trim.startsWith("0x") && !trim.startsWith("0X")) {
            return new BigInteger(trim);
        }
        if (trim.length() > 2) {
            return new BigInteger(trim.substring(2), 16);
        }
        throw new NumberFormatException("invalid integer '" + trim + "'");
    }
}
