package org.digidoc4j.ddoc.factory;

import java.io.ByteArrayInputStream;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Enumeration;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.digidoc4j.ddoc.utils.ConvertUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/digidoc4j/ddoc/factory/DigiDocGenFactory.class */
public class DigiDocGenFactory {
    private static final String DIGI_OID_LIVE_TEST = "1.3.6.1.4.1.10015.1.2";
    private static Logger m_logger = LoggerFactory.getLogger(DigiDocGenFactory.class);
    private static final String DIGI_OID_TEST_TEST = "1.3.6.1.4.1.10015.3.2";
    public static final String[] TEST_OIDS_PREFS = {"1.3.6.1.4.1.10015.3.7", "1.3.6.1.4.1.10015.7", "1.3.6.1.4.1.10015.3.3", "1.3.6.1.4.1.10015.3.11", DIGI_OID_TEST_TEST, "1.3.6.1.4.1.10015.3.1"};

    private static boolean certHasPolicy(X509Certificate x509Certificate, String str) {
        X509Extensions extensions;
        String id;
        try {
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("Read cert policies: " + x509Certificate.getSerialNumber().toString());
            }
            TBSCertificateStructure tBSCertificate = new X509CertificateStructure(new ASN1InputStream(new ByteArrayInputStream(x509Certificate.getEncoded())).readObject()).getTBSCertificate();
            if (tBSCertificate.getVersion() == 3 && (extensions = tBSCertificate.getExtensions()) != null) {
                Enumeration oids = extensions.oids();
                while (oids.hasMoreElements()) {
                    Object nextElement = oids.nextElement();
                    if (nextElement instanceof ASN1ObjectIdentifier) {
                        ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) nextElement;
                        ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(extensions.getExtension(aSN1ObjectIdentifier).getValue().getOctets()));
                        if (aSN1ObjectIdentifier.equals(X509Extension.certificatePolicies)) {
                            ASN1Sequence readObject = aSN1InputStream.readObject();
                            for (int i = 0; i != readObject.size(); i++) {
                                PolicyInformation policyInformation = PolicyInformation.getInstance(readObject.getObjectAt(i));
                                if (policyInformation != null && (id = policyInformation.getPolicyIdentifier().getId()) != null) {
                                    if (m_logger.isDebugEnabled()) {
                                        m_logger.debug("Policy: " + id);
                                    }
                                    if (id.startsWith(str)) {
                                        return true;
                                    }
                                }
                            }
                        } else {
                            continue;
                        }
                    }
                }
            }
            return false;
        } catch (Exception e) {
            m_logger.error("Error reading cert policies: " + e);
            return false;
        }
    }

    public static boolean isPre2011IdCard(X509Certificate x509Certificate) {
        return (x509Certificate == null || !(x509Certificate.getPublicKey() instanceof RSAPublicKey) || ((RSAPublicKey) x509Certificate.getPublicKey()).getModulus().bitLength() != 1024 || certHasPolicy(x509Certificate, DIGI_OID_LIVE_TEST) || certHasPolicy(x509Certificate, DIGI_OID_TEST_TEST)) ? false : true;
    }

    public static boolean isTestCard(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return false;
        }
        String commonName = ConvertUtils.getCommonName(x509Certificate.getSubjectDN().getName());
        for (int i = 0; i < TEST_OIDS_PREFS.length; i++) {
            String str = TEST_OIDS_PREFS[i];
            if (i != 1) {
                if (certHasPolicy(x509Certificate, str)) {
                    return true;
                }
            } else if (certHasPolicy(x509Certificate, str) && commonName != null && commonName.indexOf("TEST") != -1) {
                return true;
            }
        }
        return false;
    }
}
