package dev.sigstore.plugin;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.DEROctetString;

/* loaded from: input_file:dev/sigstore/plugin/FulcioOidHelper.class */
public class FulcioOidHelper {
    private static final String SIGSTORE_OID_ROOT = "1.3.6.1.4.1.57264";
    private static final String FULCIO_OID_ROOT = "1.3.6.1.4.1.57264.1";

    @Deprecated
    private static final String FULCIO_ISSUER_OID = "1.3.6.1.4.1.57264.1.1";
    private static final String FULCIO_ISSUER_V2_OID = "1.3.6.1.4.1.57264.1.8";

    public static String getIssuer(X509Certificate x509Certificate) {
        String issuerV2 = getIssuerV2(x509Certificate);
        return issuerV2 == null ? getIssuerV1(x509Certificate) : issuerV2;
    }

    @Deprecated
    public static String getIssuerV1(X509Certificate x509Certificate) {
        return getExtensionValue(x509Certificate, FULCIO_ISSUER_OID, true);
    }

    public static String getIssuerV2(X509Certificate x509Certificate) {
        return getExtensionValue(x509Certificate, FULCIO_ISSUER_V2_OID, false);
    }

    private static String getExtensionValue(X509Certificate x509Certificate, String str, boolean z) {
        if (x509Certificate.getExtensionValue(str) == null) {
            return null;
        }
        try {
            DEROctetString fromByteArray = ASN1Sequence.fromByteArray(x509Certificate.getExtensionValue(str));
            if (fromByteArray instanceof DEROctetString) {
                DEROctetString dEROctetString = fromByteArray;
                if (z) {
                    return new String(dEROctetString.getOctets(), StandardCharsets.UTF_8);
                }
                ASN1String fromByteArray2 = ASN1Sequence.fromByteArray(dEROctetString.getOctets());
                if (fromByteArray2 instanceof ASN1String) {
                    return fromByteArray2.getString();
                }
            }
            throw new RuntimeException("Could not parse extension " + str + " in certificate because it was not an octet string");
        } catch (IOException e) {
            throw new RuntimeException("Could not parse extension " + str + " in certificate", e);
        }
    }
}
