package org.qipki.crypto.x509;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.Attribute;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.NameConstraints;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.PrivateKeyUsagePeriod;
import org.bouncycastle.asn1.x509.ReasonFlags;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.x509.extension.X509ExtensionUtil;
import org.joda.time.DateTime;
import org.joda.time.Interval;
import org.qi4j.api.injection.scope.Service;
import org.qipki.crypto.CryptoFailure;
import org.qipki.crypto.codec.CryptCodex;

/* loaded from: input_file:org/qipki/crypto/x509/X509ExtensionsReaderImpl.class */
public class X509ExtensionsReaderImpl implements X509ExtensionsReader {
    private final CryptCodex cryptCodex;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/qipki/crypto/x509/X509ExtensionsReaderImpl$ImmutableMapEntry.class */
    public static class ImmutableMapEntry implements Map.Entry<X509GeneralName, String> {
        private final X509GeneralName key;
        private final String value;

        public ImmutableMapEntry(X509GeneralName x509GeneralName, String str) {
            this.key = x509GeneralName;
            this.value = str;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.Map.Entry
        public X509GeneralName getKey() {
            return this.key;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.Map.Entry
        public String getValue() {
            return this.value;
        }

        @Override // java.util.Map.Entry
        public String setValue(String str) {
            throw new UnsupportedOperationException("This Map.Entry is immutable.");
        }
    }

    public X509ExtensionsReaderImpl(@Service CryptCodex cryptCodex) {
        this.cryptCodex = cryptCodex;
    }

    @Override // org.qipki.crypto.x509.X509ExtensionsReader
    public List<X509ExtensionHolder> extractRequestedExtensions(PKCS10CertificationRequest pKCS10CertificationRequest) {
        ArrayList arrayList = new ArrayList();
        ASN1Set attributes = pKCS10CertificationRequest.getCertificationRequestInfo().getAttributes();
        if (attributes == null) {
            return arrayList;
        }
        X509Extensions x509Extensions = null;
        int i = 0;
        while (true) {
            if (i >= attributes.size()) {
                break;
            }
            if (attributes.getObjectAt(i) instanceof DERSequence) {
                Attribute attribute = new Attribute(attributes.getObjectAt(i));
                if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
                    ASN1Set attrValues = attribute.getAttrValues();
                    if (attrValues.size() >= 1) {
                        x509Extensions = new X509Extensions(attrValues.getObjectAt(0));
                        break;
                    }
                } else {
                    continue;
                }
            }
            i++;
        }
        if (x509Extensions != null) {
            Enumeration oids = x509Extensions.oids();
            while (oids.hasMoreElements()) {
                DERObjectIdentifier dERObjectIdentifier = (DERObjectIdentifier) oids.nextElement();
                X509Extension extension = x509Extensions.getExtension(dERObjectIdentifier);
                arrayList.add(new X509ExtensionHolder(dERObjectIdentifier, extension.isCritical(), X509Extension.convertValueToObject(extension)));
            }
        }
        return arrayList;
    }

    @Override // org.qipki.crypto.x509.X509ExtensionsReader
    public AuthorityKeyIdentifier getAuthorityKeyIdentifier(X509Certificate x509Certificate) {
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
            if (extensionValue == null) {
                return null;
            }
            return new AuthorityKeyIdentifier(new ASN1InputStream(new ByteArrayInputStream(new ASN1InputStream(new ByteArrayInputStream(extensionValue)).readObject().getOctets())).readObject());
        } catch (IOException e) {
            throw new CryptoFailure("Unable to extract AuthorityKeyIdentifier from X509Certificate extensions", e);
        }
    }

    @Override // org.qipki.crypto.x509.X509ExtensionsReader
    public byte[] getSubjectKeyIdentifier(X509Certificate x509Certificate) {
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(X509Extensions.SubjectKeyIdentifier.getId());
            if (extensionValue == null) {
                return null;
            }
            return SubjectKeyIdentifier.getInstance(ASN1Object.fromByteArray(ASN1Object.fromByteArray(extensionValue).getOctets())).getKeyIdentifier();
        } catch (IOException e) {
            throw new CryptoFailure("Unable to extract SubjectKeyIdentifier from X509Certificate extensions", e);
        }
    }

    @Override // org.qipki.crypto.x509.X509ExtensionsReader
    public Set<KeyUsage> getKeyUsages(X509Certificate x509Certificate) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage != null) {
            KeyUsage[] values = KeyUsage.values();
            for (int i = 0; i < keyUsage.length; i++) {
                if (keyUsage[i]) {
                    linkedHashSet.add(values[i]);
                }
            }
        }
        return linkedHashSet;
    }

    @Override // org.qipki.crypto.x509.X509ExtensionsReader
    public Set<ExtendedKeyUsage> getExtendedKeyUsages(X509Certificate x509Certificate) {
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(X509Extensions.ExtendedKeyUsage.getId());
            if (extensionValue == null) {
                return Collections.emptySet();
            }
            org.bouncycastle.asn1.x509.ExtendedKeyUsage extendedKeyUsage = org.bouncycastle.asn1.x509.ExtendedKeyUsage.getInstance(ASN1Sequence.fromByteArray(ASN1Object.fromByteArray(extensionValue).getOctets()));
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            for (ExtendedKeyUsage extendedKeyUsage2 : ExtendedKeyUsage.values()) {
                if (extendedKeyUsage.hasKeyPurposeId(extendedKeyUsage2.getKeyPurposeId())) {
                    linkedHashSet.add(extendedKeyUsage2);
                }
            }
            return linkedHashSet;
        } catch (IOException e) {
            throw new CryptoFailure("Unable to extract ExtendedKeyUsages from X509Certificate extensions", e);
        }
    }

    @Override // org.qipki.crypto.x509.X509ExtensionsReader
    public Set<NetscapeCertType> getNetscapeCertTypes(X509Certificate x509Certificate) {
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(MiscObjectIdentifiers.netscapeCertType.getId());
            if (extensionValue == null) {
                return Collections.emptySet();
            }
            int intValue = new org.bouncycastle.asn1.misc.NetscapeCertType(ASN1Object.fromByteArray(ASN1Object.fromByteArray(extensionValue).getOctets())).intValue();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            for (NetscapeCertType netscapeCertType : NetscapeCertType.values()) {
                if ((intValue & netscapeCertType.getIntValue()) == netscapeCertType.getIntValue()) {
                    linkedHashSet.add(netscapeCertType);
                }
            }
            return linkedHashSet;
        } catch (IOException e) {
            throw new CryptoFailure("Unable to extract NetscapeCertType from X509Certificate extensions", e);
        }
    }

    @Override // org.qipki.crypto.x509.X509ExtensionsReader
    public String getNetscapeCertComment(X509Certificate x509Certificate) {
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(MiscObjectIdentifiers.netscapeCertComment.getId());
            if (extensionValue == null) {
                return null;
            }
            return ASN1Object.fromByteArray(extensionValue).toString();
        } catch (IOException e) {
            throw new CryptoFailure("Unable to extract NetscapeCertComment from X509Certificate extensions", e);
        }
    }

    @Override // org.qipki.crypto.x509.X509ExtensionsReader
    public Interval getPrivateKeyUsagePeriod(X509Certificate x509Certificate) {
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(X509Extensions.PrivateKeyUsagePeriod.getId());
            if (extensionValue == null) {
                return null;
            }
            PrivateKeyUsagePeriod privateKeyUsagePeriod = PrivateKeyUsagePeriod.getInstance(ASN1Object.fromByteArray(extensionValue));
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMddHHmmssz");
            return new Interval(new DateTime(simpleDateFormat.parse(privateKeyUsagePeriod.getNotBefore().getTime())), new DateTime(simpleDateFormat.parse(privateKeyUsagePeriod.getNotAfter().getTime())));
        } catch (IOException e) {
            throw new CryptoFailure("Unable to extract PrivateKeyUsagePeriod from X509Certificate extensions", e);
        } catch (ParseException e2) {
            throw new CryptoFailure("Unable to extract PrivateKeyUsagePeriod from X509Certificate extensions", e2);
        }
    }

    @Override // org.qipki.crypto.x509.X509ExtensionsReader
    public DistributionPoint[] getCRLDistributionPoints(X509Certificate x509Certificate) {
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(X509Extensions.CRLDistributionPoints.getId());
            if (extensionValue == null) {
                return null;
            }
            return CRLDistPoint.getInstance(X509ExtensionUtil.fromExtensionValue(extensionValue)).getDistributionPoints();
        } catch (IOException e) {
            throw new CryptoFailure("Unable to extract CRLDistributionPoints from X509Certificate extensions", e);
        }
    }

    @Override // org.qipki.crypto.x509.X509ExtensionsReader
    public Set<PolicyInformation> getCertificatePolicies(X509Certificate x509Certificate) {
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(X509Extensions.CertificatePolicies.getId());
            if (extensionValue == null) {
                return Collections.emptySet();
            }
            ASN1Sequence fromByteArray = ASN1Object.fromByteArray(extensionValue);
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            for (int i = 0; i < fromByteArray.size(); i++) {
                linkedHashSet.add(PolicyInformation.getInstance(fromByteArray.getObjectAt(i)));
            }
            return linkedHashSet;
        } catch (IOException e) {
            throw new CryptoFailure("Unable to extract CertificatePolicies from X509Certificate extensions", e);
        }
    }

    @Override // org.qipki.crypto.x509.X509ExtensionsReader
    public Set<PolicyMapping> getPolicyMappings(X509Certificate x509Certificate) {
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(X509Extensions.PolicyMappings.getId());
            if (extensionValue == null) {
                return Collections.emptySet();
            }
            ASN1Sequence fromByteArray = ASN1Object.fromByteArray(extensionValue);
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            for (int i = 0; i < fromByteArray.size(); i++) {
                ASN1Sequence objectAt = fromByteArray.getObjectAt(i);
                PolicyMapping policyMapping = new PolicyMapping();
                if (objectAt.size() > 0) {
                    policyMapping.setIssuerDomainPolicyOID(objectAt.getObjectAt(0).getId());
                }
                if (objectAt.size() > 1) {
                    policyMapping.setIssuerDomainPolicyOID(objectAt.getObjectAt(1).getId());
                }
                linkedHashSet.add(policyMapping);
            }
            return linkedHashSet;
        } catch (IOException e) {
            throw new CryptoFailure("Unable to extract PolicyMappings from X509Certificate extensions", e);
        }
    }

    @Override // org.qipki.crypto.x509.X509ExtensionsReader
    public GeneralNames getSubjectAlternativeNames(X509Certificate x509Certificate) {
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(X509Extensions.SubjectAlternativeName.getId());
            if (extensionValue == null) {
                return null;
            }
            return GeneralNames.getInstance(ASN1Object.fromByteArray(ASN1Object.fromByteArray(extensionValue).getOctets()));
        } catch (IOException e) {
            throw new CryptoFailure("Unable to extract SubjectAlternativeName from X509Certificate extensions", e);
        }
    }

    @Override // org.qipki.crypto.x509.X509ExtensionsReader
    public GeneralNames getIssuerAlternativeNames(X509Certificate x509Certificate) {
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(X509Extensions.IssuerAlternativeName.getId());
            if (extensionValue == null) {
                return null;
            }
            return GeneralNames.getInstance(ASN1Object.fromByteArray(ASN1Object.fromByteArray(extensionValue).getOctets()));
        } catch (IOException e) {
            throw new CryptoFailure("Unable to extract IssuerAlternativeName from X509Certificate extensions", e);
        }
    }

    @Override // org.qipki.crypto.x509.X509ExtensionsReader
    public BasicConstraints getBasicConstraints(X509Certificate x509Certificate) {
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(X509Extensions.BasicConstraints.getId());
            if (extensionValue == null) {
                return null;
            }
            return BasicConstraints.getInstance(ASN1Object.fromByteArray(ASN1Object.fromByteArray(extensionValue).getOctets()));
        } catch (IOException e) {
            throw new CryptoFailure("Unable to extract BasicConstraints from X509Certificate extensions", e);
        }
    }

    @Override // org.qipki.crypto.x509.X509ExtensionsReader
    public NameConstraints getNameConstraints(X509Certificate x509Certificate) {
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(X509Extensions.NameConstraints.getId());
            if (extensionValue == null) {
                return null;
            }
            return new NameConstraints(ASN1Object.fromByteArray(extensionValue));
        } catch (IOException e) {
            throw new CryptoFailure("Unable to extract NameConstraints from X509Certificate extensions", e);
        }
    }

    @Override // org.qipki.crypto.x509.X509ExtensionsReader
    public Set<PolicyConstraint> getPolicyConstraints(X509Certificate x509Certificate) {
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(X509Extensions.PolicyConstraints.getId());
            if (extensionValue == null) {
                return Collections.emptySet();
            }
            ASN1Sequence fromByteArray = ASN1Object.fromByteArray(extensionValue);
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            for (int i = 0; i < fromByteArray.size(); i++) {
                DERTaggedObject objectAt = fromByteArray.getObjectAt(i);
                DERInteger dERInteger = new DERInteger(objectAt.getObject().getOctets());
                PolicyConstraint policyConstraint = new PolicyConstraint();
                switch (objectAt.getTagNo()) {
                    case 0:
                        policyConstraint.setRequireExplicitPolicy(dERInteger.getValue().intValue());
                        break;
                    case 1:
                        policyConstraint.setInhibitPolicyMapping(dERInteger.getValue().intValue());
                        break;
                }
                linkedHashSet.add(policyConstraint);
            }
            return linkedHashSet;
        } catch (IOException e) {
            throw new CryptoFailure("Unable to extract PolicyConstraints from X509Certificate extensions", e);
        }
    }

    @Override // org.qipki.crypto.x509.X509ExtensionsReader
    public Set<RevocationReason> getRevocationReasons(ReasonFlags reasonFlags) {
        if (reasonFlags == null) {
            return Collections.emptySet();
        }
        int intValue = reasonFlags.intValue();
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (RevocationReason revocationReason : RevocationReason.values()) {
            if ((intValue & revocationReason.reason()) == revocationReason.reason()) {
                linkedHashSet.add(revocationReason);
            }
        }
        return linkedHashSet;
    }

    @Override // org.qipki.crypto.x509.X509ExtensionsReader
    public Map<X509GeneralName, String> asMap(GeneralNames generalNames) {
        if (generalNames == null) {
            return Collections.emptyMap();
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (GeneralName generalName : generalNames.getNames()) {
            Map.Entry<X509GeneralName, String> asImmutableMapEntry = asImmutableMapEntry(generalName);
            linkedHashMap.put(asImmutableMapEntry.getKey(), asImmutableMapEntry.getValue());
        }
        return linkedHashMap;
    }

    @Override // org.qipki.crypto.x509.X509ExtensionsReader
    public Map.Entry<X509GeneralName, String> asImmutableMapEntry(GeneralName generalName) {
        X509GeneralName x509GeneralName;
        String obj;
        switch (generalName.getTagNo()) {
            case 0:
                ASN1Sequence name = generalName.getName();
                x509GeneralName = X509GeneralName.otherName;
                obj = this.cryptCodex.toString(name.getObjectAt(1));
                break;
            case 1:
                x509GeneralName = X509GeneralName.rfc822Name;
                obj = generalName.getName().toString();
                break;
            case 2:
                x509GeneralName = X509GeneralName.dNSName;
                obj = generalName.getName().toString();
                break;
            case 3:
                x509GeneralName = X509GeneralName.x400Address;
                obj = generalName.getName().toString();
                break;
            case 4:
                x509GeneralName = X509GeneralName.directoryName;
                obj = new X500Principal(generalName.getName().toString()).getName("CANONICAL");
                break;
            case 5:
                x509GeneralName = X509GeneralName.ediPartyName;
                obj = generalName.getName().toString();
                break;
            case 6:
                x509GeneralName = X509GeneralName.uniformResourceIdentifier;
                obj = generalName.getName().toString();
                break;
            case 7:
                byte[] octets = generalName.getName().getOctets();
                StringBuilder sb = new StringBuilder();
                for (int i = 0; i < octets.length; i++) {
                    sb.append(octets[i] & 255);
                    if (i + 1 < octets.length) {
                        sb.append(".");
                    }
                }
                x509GeneralName = X509GeneralName.iPAddress;
                obj = sb.toString();
                break;
            case 8:
                x509GeneralName = X509GeneralName.registeredID;
                obj = generalName.getName().toString();
                break;
            default:
                x509GeneralName = X509GeneralName.unknownGeneralName;
                obj = generalName.getName().toString();
                break;
        }
        return new ImmutableMapEntry(x509GeneralName, obj);
    }
}
