package org.xipki.litecaclient;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Enumerated;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.cmp.CMPCertificate;
import org.bouncycastle.asn1.cmp.CMPObjectIdentifiers;
import org.bouncycastle.asn1.cmp.CertRepMessage;
import org.bouncycastle.asn1.cmp.CertResponse;
import org.bouncycastle.asn1.cmp.CertifiedKeyPair;
import org.bouncycastle.asn1.cmp.ErrorMsgContent;
import org.bouncycastle.asn1.cmp.GenMsgContent;
import org.bouncycastle.asn1.cmp.GenRepContent;
import org.bouncycastle.asn1.cmp.InfoTypeAndValue;
import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.asn1.cmp.PKIStatusInfo;
import org.bouncycastle.asn1.cmp.RevDetails;
import org.bouncycastle.asn1.cmp.RevRepContent;
import org.bouncycastle.asn1.cmp.RevReqContent;
import org.bouncycastle.asn1.crmf.AttributeTypeAndValue;
import org.bouncycastle.asn1.crmf.CertId;
import org.bouncycastle.asn1.crmf.CertReqMessages;
import org.bouncycastle.asn1.crmf.CertReqMsg;
import org.bouncycastle.asn1.crmf.CertRequest;
import org.bouncycastle.asn1.crmf.CertTemplateBuilder;
import org.bouncycastle.asn1.crmf.Controls;
import org.bouncycastle.asn1.crmf.ProofOfPossession;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.CRLReason;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.cert.cmp.CMPException;
import org.bouncycastle.cert.cmp.GeneralPKIMessage;
import org.bouncycastle.cert.cmp.ProtectedPKIMessage;
import org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder;
import org.bouncycastle.cert.crmf.ProofOfPossessionSigningKeyBuilder;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.jcajce.provider.asymmetric.dsa.DSAUtil;
import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder;
import org.bouncycastle.operator.bc.BcECContentVerifierProviderBuilder;
import org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/xipki/litecaclient/CmpCaClient.class */
public class CmpCaClient {
    private static final String CMP_REQUEST_MIMETYPE = "application/pkixcmp";
    private static final String CMP_RESPONSE_MIMETYPE = "application/pkixcmp";
    private final Set<String> trustedProtectionAlgOids;
    private final URL caUrl;
    private final ContentSigner requestorSigner;
    private final X509Certificate responderCert;
    private final GeneralName requestorSubject;
    private final GeneralName responderSubject;
    private final String hashAlgo;
    private final SecureRandom random;
    private X509Certificate caCert;
    private byte[] caSubjectKeyIdentifier;
    private X500Name caSubject;
    private static final Logger LOG = LoggerFactory.getLogger(CmpCaClient.class);
    private static final ASN1ObjectIdentifier id_xipki_cmp = new ASN1ObjectIdentifier("1.3.6.2.4.1.45522.2.2");

    public CmpCaClient(String str, PrivateKey privateKey, X509Certificate x509Certificate, X509Certificate x509Certificate2, String str2) throws Exception {
        this(str, null, privateKey, x509Certificate, x509Certificate2, str2);
    }

    public CmpCaClient(String str, X509Certificate x509Certificate, PrivateKey privateKey, X509Certificate x509Certificate2, X509Certificate x509Certificate3, String str2) throws Exception {
        this.trustedProtectionAlgOids = new HashSet();
        this.caUrl = new URL(SdkUtil.requireNonBlank("caUrl", str));
        SdkUtil.requireNonNull("requestorKey", privateKey);
        SdkUtil.requireNonNull("requestorCert", x509Certificate2);
        this.hashAlgo = str2.replaceAll("-", "").toUpperCase();
        this.responderCert = (X509Certificate) SdkUtil.requireNonNull("responderCert", x509Certificate3);
        this.random = new SecureRandom();
        this.requestorSubject = new GeneralName(X500Name.getInstance(x509Certificate2.getSubjectX500Principal().getEncoded()));
        this.responderSubject = new GeneralName(X500Name.getInstance(x509Certificate3.getSubjectX500Principal().getEncoded()));
        this.requestorSigner = buildSigner(privateKey);
        for (ASN1ObjectIdentifier aSN1ObjectIdentifier : new ASN1ObjectIdentifier[]{PKCSObjectIdentifiers.sha256WithRSAEncryption, PKCSObjectIdentifiers.sha384WithRSAEncryption, PKCSObjectIdentifiers.sha512WithRSAEncryption, X9ObjectIdentifiers.ecdsa_with_SHA256, X9ObjectIdentifiers.ecdsa_with_SHA384, X9ObjectIdentifiers.ecdsa_with_SHA512, NISTObjectIdentifiers.dsa_with_sha256, NISTObjectIdentifiers.dsa_with_sha384, NISTObjectIdentifiers.dsa_with_sha512}) {
            this.trustedProtectionAlgOids.add(aSN1ObjectIdentifier.getId());
        }
        if (x509Certificate != null) {
            this.caCert = x509Certificate;
            this.caSubject = X500Name.getInstance(x509Certificate.getSubjectX500Principal().getEncoded());
            this.caSubjectKeyIdentifier = SdkUtil.extractSki(x509Certificate);
        }
    }

    public void init() throws Exception {
        TlsInit.init();
        if (this.caCert != null) {
            return;
        }
        Certificate certificate = cmpCaCerts()[0];
        this.caSubject = certificate.getSubject();
        this.caCert = SdkUtil.parseCert(certificate.getEncoded());
        this.caSubjectKeyIdentifier = SdkUtil.extractSki(this.caCert);
    }

    public void shutdown() {
        TlsInit.shutdown();
    }

    public X509Certificate getCaCert() {
        return this.caCert;
    }

    private byte[] randomTransactionId() {
        byte[] bArr = new byte[20];
        this.random.nextBytes(bArr);
        return bArr;
    }

    private byte[] randomSenderNonce() {
        byte[] bArr = new byte[16];
        this.random.nextBytes(bArr);
        return bArr;
    }

    private Certificate[] cmpCaCerts() throws Exception {
        ProtectedPKIMessageBuilder protectedPKIMessageBuilder = new ProtectedPKIMessageBuilder(2, this.requestorSubject, this.responderSubject);
        protectedPKIMessageBuilder.setMessageTime(new Date());
        protectedPKIMessageBuilder.setTransactionID(randomTransactionId());
        protectedPKIMessageBuilder.setSenderNonce(randomSenderNonce());
        protectedPKIMessageBuilder.setBody(new PKIBody(21, new GenMsgContent(new InfoTypeAndValue(id_xipki_cmp))));
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(extractGeneralRepContent(transmit(protectedPKIMessageBuilder.build(this.requestorSigner)), id_xipki_cmp.getId()));
        int size = aSN1Sequence.size();
        Certificate[] certificateArr = new Certificate[size];
        for (int i = 0; i < size; i++) {
            certificateArr[i] = CMPCertificate.getInstance(aSN1Sequence.getObjectAt(i)).getX509v3PKCert();
        }
        return certificateArr;
    }

    private ASN1Encodable extractGeneralRepContent(PKIMessage pKIMessage, String str) throws Exception {
        PKIBody body = pKIMessage.getBody();
        int type = body.getType();
        if (23 == type) {
            throw new Exception("Server returned PKIStatus: " + buildText(ErrorMsgContent.getInstance(body.getContent()).getPKIStatusInfo()));
        }
        if (22 != type) {
            throw new Exception(String.format("unknown PKI body type %s instead the expected [%s, %s]", Integer.valueOf(type), 22, 23));
        }
        InfoTypeAndValue[] infoTypeAndValueArray = GenRepContent.getInstance(body.getContent()).toInfoTypeAndValueArray();
        InfoTypeAndValue infoTypeAndValue = null;
        if (infoTypeAndValueArray != null && infoTypeAndValueArray.length > 0) {
            int length = infoTypeAndValueArray.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                InfoTypeAndValue infoTypeAndValue2 = infoTypeAndValueArray[i];
                if (str.equals(infoTypeAndValue2.getInfoType().getId())) {
                    infoTypeAndValue = infoTypeAndValue2;
                    break;
                }
                i++;
            }
        }
        if (infoTypeAndValue == null) {
            throw new Exception("the response does not contain InfoTypeAndValue " + str);
        }
        return infoTypeAndValue.getInfoValue();
    }

    private boolean verifyProtection(GeneralPKIMessage generalPKIMessage) throws CMPException, InvalidKeyException, OperatorCreationException {
        ProtectedPKIMessage protectedPKIMessage = new ProtectedPKIMessage(generalPKIMessage);
        if (protectedPKIMessage.hasPasswordBasedMacProtection()) {
            LOG.warn("protection is not signature based: " + generalPKIMessage.getHeader().getProtectionAlg().getAlgorithm().getId());
            return false;
        }
        PKIHeader header = protectedPKIMessage.getHeader();
        if (!header.getSender().equals(this.responderSubject)) {
            LOG.warn("not authorized responder '{}'", header.getSender());
            return false;
        }
        String id = protectedPKIMessage.getHeader().getProtectionAlg().getAlgorithm().getId();
        if (!this.trustedProtectionAlgOids.contains(id)) {
            LOG.warn("PKI protection algorithm is untrusted '{}'", id);
            return false;
        }
        ContentVerifierProvider contentVerifierProvider = getContentVerifierProvider(this.responderCert.getPublicKey());
        if (contentVerifierProvider != null) {
            return protectedPKIMessage.verify(contentVerifierProvider);
        }
        LOG.warn("not authorized responder '{}'", header.getSender());
        return false;
    }

    public static ContentVerifierProvider getContentVerifierProvider(PublicKey publicKey) throws InvalidKeyException {
        BcRSAContentVerifierProviderBuilder bcECContentVerifierProviderBuilder;
        RSAKeyParameters generatePublicKeyParameter;
        SdkUtil.requireNonNull("publicKey", publicKey);
        String upperCase = publicKey.getAlgorithm().toUpperCase();
        DefaultDigestAlgorithmIdentifierFinder defaultDigestAlgorithmIdentifierFinder = new DefaultDigestAlgorithmIdentifierFinder();
        if ("RSA".equals(upperCase)) {
            bcECContentVerifierProviderBuilder = new BcRSAContentVerifierProviderBuilder(defaultDigestAlgorithmIdentifierFinder);
        } else if ("DSA".equals(upperCase)) {
            bcECContentVerifierProviderBuilder = new BcDSAContentVerifierProviderBuilder(defaultDigestAlgorithmIdentifierFinder);
        } else {
            if (!"EC".equals(upperCase) && !"ECDSA".equals(upperCase)) {
                throw new InvalidKeyException("unknown key algorithm of the public key " + upperCase);
            }
            bcECContentVerifierProviderBuilder = new BcECContentVerifierProviderBuilder(defaultDigestAlgorithmIdentifierFinder);
        }
        if (publicKey instanceof RSAPublicKey) {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
            generatePublicKeyParameter = new RSAKeyParameters(false, rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent());
        } else if (publicKey instanceof ECPublicKey) {
            generatePublicKeyParameter = ECUtil.generatePublicKeyParameter(publicKey);
        } else {
            if (!(publicKey instanceof DSAPublicKey)) {
                throw new InvalidKeyException("unknown key " + publicKey.getClass().getName());
            }
            generatePublicKeyParameter = DSAUtil.generatePublicKeyParameter(publicKey);
        }
        try {
            return bcECContentVerifierProviderBuilder.build(generatePublicKeyParameter);
        } catch (OperatorCreationException e) {
            throw new InvalidKeyException("could not build ContentVerifierProvider: " + e.getMessage(), e);
        }
    }

    private PKIMessage transmit(ProtectedPKIMessage protectedPKIMessage) throws Exception {
        GeneralPKIMessage generalPKIMessage = new GeneralPKIMessage(send(protectedPKIMessage.toASN1Structure().getEncoded()));
        PKIHeader header = protectedPKIMessage.getHeader();
        PKIHeader header2 = generalPKIMessage.getHeader();
        if (!header.getTransactionID().equals(header2.getTransactionID())) {
            throw new Exception("response.transactionId != request.transactionId");
        }
        if (!header.getSenderNonce().equals(header2.getRecipNonce())) {
            throw new Exception("response.recipientNonce != request.senderNonce");
        }
        GeneralName recipient = header2.getRecipient();
        if (!this.requestorSubject.equals(recipient)) {
            throw new Exception("unknown CMP requestor " + recipient.toString());
        }
        if (!generalPKIMessage.hasProtection() && generalPKIMessage.getBody().getType() != 23) {
            throw new Exception("response is not signed");
        }
        if (verifyProtection(generalPKIMessage)) {
            return generalPKIMessage.toASN1Structure();
        }
        throw new Exception("invalid signature in PKI protection");
    }

    private X509Certificate parseEnrollCertResult(PKIMessage pKIMessage) throws Exception {
        CMPCertificate certificate;
        PKIBody body = pKIMessage.getBody();
        int type = body.getType();
        if (23 == type) {
            throw new Exception("Server returned PKIStatus: " + buildText(ErrorMsgContent.getInstance(body.getContent()).getPKIStatusInfo()));
        }
        if (3 != type) {
            throw new Exception(String.format("unknown PKI body type %s instead the expected [%s, %s]", Integer.valueOf(type), 3, 23));
        }
        CertResponse[] response = CertRepMessage.getInstance(body.getContent()).getResponse();
        if (response.length != 1) {
            throw new Exception("expected 1 CertResponse, but returned " + response.length);
        }
        CertResponse certResponse = response[0];
        PKIStatusInfo status = certResponse.getStatus();
        int intValue = status.getStatus().intValue();
        if (intValue != 0 && intValue != 1) {
            throw new Exception("Server returned PKIStatus: " + buildText(status));
        }
        CertifiedKeyPair certifiedKeyPair = certResponse.getCertifiedKeyPair();
        if (certifiedKeyPair == null || (certificate = certifiedKeyPair.getCertOrEncCert().getCertificate()) == null) {
            throw new Exception("Server did not return any certificate");
        }
        X509Certificate parseCert = SdkUtil.parseCert(certificate.getX509v3PKCert().getEncoded());
        if (verify(this.caCert, parseCert)) {
            return parseCert;
        }
        throw new Exception("The returned certificate is not issued by the given CA");
    }

    public X509Certificate requestCertViaCSR(String str, CertificationRequest certificationRequest) throws Exception {
        ProtectedPKIMessageBuilder protectedPKIMessageBuilder = new ProtectedPKIMessageBuilder(2, this.requestorSubject, this.responderSubject);
        protectedPKIMessageBuilder.setMessageTime(new Date());
        protectedPKIMessageBuilder.setTransactionID(randomTransactionId());
        protectedPKIMessageBuilder.setSenderNonce(randomSenderNonce());
        protectedPKIMessageBuilder.addGeneralInfo(new InfoTypeAndValue(CMPObjectIdentifiers.it_implicitConfirm, DERNull.INSTANCE));
        protectedPKIMessageBuilder.addGeneralInfo(new InfoTypeAndValue(CMPObjectIdentifiers.regInfo_utf8Pairs, new DERUTF8String("CERT-PROFILE?" + str + "%")));
        protectedPKIMessageBuilder.setBody(new PKIBody(4, certificationRequest));
        return parseEnrollCertResult(transmit(protectedPKIMessageBuilder.build(this.requestorSigner)));
    }

    private boolean parseRevocationResult(PKIMessage pKIMessage, BigInteger bigInteger) throws Exception {
        PKIBody body = pKIMessage.getBody();
        int type = body.getType();
        if (23 == type) {
            throw new Exception("Server returned PKIStatus: " + ErrorMsgContent.getInstance(body.getContent()).getPKIStatusInfo());
        }
        if (12 != type) {
            throw new Exception(String.format("unknown PKI body type %s instead the expected [%s, %s]", Integer.valueOf(type), 12, 23));
        }
        RevRepContent revRepContent = RevRepContent.getInstance(body.getContent());
        PKIStatusInfo[] status = revRepContent.getStatus();
        int length = status == null ? 0 : status.length;
        if (length != 1) {
            throw new Exception(String.format("incorrect number of status entries in response '%s' instead the expected '1'", Integer.valueOf(length)));
        }
        PKIStatusInfo pKIStatusInfo = status[0];
        int intValue = pKIStatusInfo.getStatus().intValue();
        if (intValue != 0 && intValue != 1) {
            LOG.warn("Server returned error: " + buildText(pKIStatusInfo));
            return false;
        }
        CertId[] revCerts = revRepContent.getRevCerts();
        if (revCerts == null) {
            return true;
        }
        CertId certId = revCerts[0];
        return this.caSubject.equals(certId.getIssuer().getName()) && bigInteger.equals(certId.getSerialNumber().getValue());
    }

    public X509Certificate requestCertViaCRMF(String str, PrivateKey privateKey, SubjectPublicKeyInfo subjectPublicKeyInfo, String str2) throws Exception {
        CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
        certTemplateBuilder.setSubject(new X500Name(str2));
        certTemplateBuilder.setPublicKey(subjectPublicKeyInfo);
        CertRequest certRequest = new CertRequest(1, certTemplateBuilder.build(), (Controls) null);
        PKIBody pKIBody = new PKIBody(2, new CertReqMessages(new CertReqMsg(certRequest, new ProofOfPossession(new ProofOfPossessionSigningKeyBuilder(certRequest).build(buildSigner(privateKey))), new AttributeTypeAndValue[]{new AttributeTypeAndValue(CMPObjectIdentifiers.regInfo_utf8Pairs, new DERUTF8String("CERT-PROFILE?" + str + "%"))})));
        ProtectedPKIMessageBuilder protectedPKIMessageBuilder = new ProtectedPKIMessageBuilder(2, this.requestorSubject, this.responderSubject);
        protectedPKIMessageBuilder.setMessageTime(new Date());
        protectedPKIMessageBuilder.setTransactionID(randomTransactionId());
        protectedPKIMessageBuilder.setSenderNonce(randomSenderNonce());
        protectedPKIMessageBuilder.addGeneralInfo(new InfoTypeAndValue(CMPObjectIdentifiers.it_implicitConfirm, DERNull.INSTANCE));
        protectedPKIMessageBuilder.setBody(pKIBody);
        return parseEnrollCertResult(transmit(protectedPKIMessageBuilder.build(this.requestorSigner)));
    }

    public boolean revokeCert(BigInteger bigInteger, CRLReason cRLReason) throws Exception {
        ProtectedPKIMessageBuilder protectedPKIMessageBuilder = new ProtectedPKIMessageBuilder(2, this.requestorSubject, this.responderSubject);
        protectedPKIMessageBuilder.setMessageTime(new Date());
        protectedPKIMessageBuilder.setTransactionID(randomTransactionId());
        protectedPKIMessageBuilder.setSenderNonce(randomSenderNonce());
        CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
        certTemplateBuilder.setIssuer(this.caSubject);
        certTemplateBuilder.setSerialNumber(new ASN1Integer(bigInteger));
        certTemplateBuilder.setExtensions(new Extensions(new Extension(Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifier(this.caSubjectKeyIdentifier).getEncoded())));
        protectedPKIMessageBuilder.setBody(new PKIBody(11, new RevReqContent(new RevDetails(certTemplateBuilder.build(), new Extensions(new Extension(Extension.reasonCode, true, new DEROctetString(new ASN1Enumerated(cRLReason.getValue().intValue()).getEncoded())))))));
        return parseRevocationResult(transmit(protectedPKIMessageBuilder.build(this.requestorSigner)), bigInteger);
    }

    private boolean verify(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        if (!x509Certificate2.getIssuerX500Principal().equals(x509Certificate.getSubjectX500Principal())) {
            return false;
        }
        try {
            x509Certificate2.verify(x509Certificate.getPublicKey());
            return true;
        } catch (Exception e) {
            LOG.debug("{} while verifying signature: {}", e.getClass().getName(), e.getMessage());
            return false;
        }
    }

    public boolean unrevokeCert(BigInteger bigInteger) throws Exception {
        return revokeCert(bigInteger, CRLReason.lookup(8));
    }

    public byte[] send(byte[] bArr) throws IOException {
        SdkUtil.requireNonNull("request", bArr);
        HttpURLConnection openHttpConn = SdkUtil.openHttpConn(this.caUrl);
        openHttpConn.setDoOutput(true);
        openHttpConn.setUseCaches(false);
        openHttpConn.setRequestMethod("POST");
        openHttpConn.setRequestProperty("Content-Type", "application/pkixcmp");
        openHttpConn.setRequestProperty("Content-Length", Integer.toString(bArr.length));
        OutputStream outputStream = openHttpConn.getOutputStream();
        outputStream.write(bArr);
        outputStream.flush();
        InputStream inputStream = openHttpConn.getInputStream();
        if (openHttpConn.getResponseCode() != 200) {
            inputStream.close();
            throw new IOException("bad response: " + openHttpConn.getResponseCode() + "    " + openHttpConn.getResponseMessage());
        }
        String contentType = openHttpConn.getContentType();
        boolean z = false;
        if (contentType != null && contentType.equalsIgnoreCase("application/pkixcmp")) {
            z = true;
        }
        if (z) {
            return SdkUtil.read(inputStream);
        }
        inputStream.close();
        throw new IOException("bad response: mime type " + contentType + " not supported!");
    }

    private ContentSigner buildSigner(PrivateKey privateKey) throws OperatorCreationException {
        String algorithm = privateKey.getAlgorithm();
        return new JcaContentSignerBuilder("EC".equalsIgnoreCase(algorithm) ? this.hashAlgo + "WITHECDSA" : this.hashAlgo + "WITH" + algorithm).build(privateKey);
    }

    private static String buildText(PKIStatusInfo pKIStatusInfo) {
        int intValue = pKIStatusInfo.getStatus().intValue();
        switch (intValue) {
            case 0:
                return "accepted (0)";
            case 1:
                return "grantedWithMods (1)";
            case 2:
                return "rejection (2)";
            case 3:
                return "waiting (3)";
            case 4:
                return "revocationWarning (4)";
            case 5:
                return "revocationNotification (5)";
            case 6:
                return "keyUpdateWarning (6)";
            default:
                return Integer.toString(intValue);
        }
    }
}
