package org.glite.security.util.proxy;

import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.x509.X509Name;
import org.glite.security.util.CertUtil;

/* loaded from: input_file:org/glite/security/util/proxy/ProxyCertificateInfo.class */
public class ProxyCertificateInfo {
    public static final int LEGACY_PROXY = 52;
    public static final int DRAFT_RFC_PROXY = 53;
    public static final int RFC3820_PROXY = 54;
    public static final int CA_CERT = 71;
    public static final int USER_CERT = 72;
    public static final int UNKNOWN_PROXY_TYPE = 99;
    public static final int UNDEFINED_TYPE = -1;
    private int m_proxyType = -1;
    private X509Certificate m_cert;

    public ProxyCertificateInfo(X509Certificate x509Certificate) {
        this.m_cert = x509Certificate;
    }

    public int getProxyType() {
        if (this.m_proxyType != -1) {
            return this.m_proxyType;
        }
        if (this.m_cert.getExtensionValue(ProxyCertInfoExtension.PROXY_CERT_INFO_EXTENSION_OID) != null && this.m_cert.getExtensionValue(ProxyCertInfoExtension.PROXY_CERT_INFO_EXTENSION_OID).length > 0) {
            this.m_proxyType = 54;
            return this.m_proxyType;
        }
        if (this.m_cert.getExtensionValue(ProxyCertInfoExtension.DRAFT_PROXY_CERT_INFO_EXTENSION_OID) != null && this.m_cert.getExtensionValue(ProxyCertInfoExtension.DRAFT_PROXY_CERT_INFO_EXTENSION_OID).length > 0) {
            this.m_proxyType = 53;
            return this.m_proxyType;
        }
        X509Name subjectDN = this.m_cert.getSubjectDN();
        if (!X509Name.CN.equals((DERObjectIdentifier) subjectDN.getOIDs().lastElement())) {
            this.m_proxyType = 99;
            return this.m_proxyType;
        }
        String str = (String) subjectDN.getValues().lastElement();
        if ("proxy".equals(str.toLowerCase()) || "limited proxy".equals(str.toLowerCase())) {
            this.m_proxyType = 52;
            return this.m_proxyType;
        }
        this.m_proxyType = 99;
        return this.m_proxyType;
    }

    public static boolean isLegacyDN(X509Name x509Name) {
        if (((DERObjectIdentifier) x509Name.getOIDs().lastElement()) != X509Name.CN) {
            return false;
        }
        String str = (String) x509Name.getValues().lastElement();
        return "proxy".equals(str.toLowerCase()) || "limited proxy".equals(str.toLowerCase());
    }

    public boolean isLimited() throws CertificateException, IOException {
        if (this.m_proxyType == -1) {
            getProxyType();
        }
        if (this.m_proxyType == 52) {
            X509Name subjectDN = this.m_cert.getSubjectDN();
            if (((DERObjectIdentifier) subjectDN.getOIDs().lastElement()) != X509Name.CN) {
                throw new CertificateException("The certificate DN doesn't end with CN RDN as required for legacy proxies");
            }
            return "limited proxy".equals(((String) subjectDN.getValues().lastElement()).toLowerCase());
        }
        if (this.m_proxyType == 54 || this.m_proxyType == 53) {
            return getProxyPolicyOID().equals(ProxyPolicy.LIMITED_PROXY_OID);
        }
        throw new CertificateException("Can't determine whether the proxy is limited as it isn't legacy proxy or rfc 3820 proxy and thus unsupported or invalid");
    }

    public String getProxyTracingIssuer() throws IOException {
        byte[] extensionBytes = CertUtil.getExtensionBytes(this.m_cert, ProxyTracingExtension.PROXY_TRACING_ISSUER_EXTENSION_OID);
        if (extensionBytes == null || extensionBytes.length == 0) {
            return null;
        }
        return new ProxyTracingExtension(extensionBytes).getURL();
    }

    public String getProxyTracingSubject() throws IOException {
        byte[] extensionBytes = CertUtil.getExtensionBytes(this.m_cert, ProxyTracingExtension.PROXY_TRACING_SUBJECT_EXTENSION_OID);
        if (extensionBytes == null || extensionBytes.length == 0) {
            return null;
        }
        return new ProxyTracingExtension(extensionBytes).getURL();
    }

    public String getSAMLExtension() throws IOException {
        byte[] extensionBytes = CertUtil.getExtensionBytes(this.m_cert, SAMLExtension.SAML_OID);
        if (extensionBytes == null || extensionBytes.length == 0) {
            extensionBytes = CertUtil.getExtensionBytes(this.m_cert, SAMLExtension.LEGACY_SAML_OID);
        }
        if (extensionBytes == null || extensionBytes.length == 0) {
            return null;
        }
        return new SAMLExtension(extensionBytes).getSAML();
    }

    public ProxyCertInfoExtension getProxyCertInfoExtension() throws CertificateException, IOException {
        if (getProxyType() != 54 && getProxyType() != 53) {
            throw new CertificateException("Trying to get proxyPathLimit from legacy or unsupported proxy type");
        }
        byte[] extensionBytes = CertUtil.getExtensionBytes(this.m_cert, ProxyCertInfoExtension.PROXY_CERT_INFO_EXTENSION_OID);
        if (extensionBytes == null) {
            extensionBytes = CertUtil.getExtensionBytes(this.m_cert, ProxyCertInfoExtension.DRAFT_PROXY_CERT_INFO_EXTENSION_OID);
        }
        if (extensionBytes == null) {
            throw new CertificateException("The mandatory CertificateInfoExtention is missing, certificate is invalid RFC 3820 or draft RFC certificate.");
        }
        return new ProxyCertInfoExtension(extensionBytes);
    }

    public int getProxyPathLimit() throws CertificateException, IOException {
        return getProxyCertInfoExtension().getProxyPathLimit();
    }

    public String getProxyPolicyOID() throws CertificateException, IOException {
        return getProxyCertInfoExtension().getPolicy().getPolicyOID();
    }

    public ASN1OctetString getPolicyASN1() throws CertificateException, IOException {
        return getProxyCertInfoExtension().getPolicy().getPolicyASN1();
    }

    public ProxyRestrictionData getProxySourceRestrictions() throws IOException {
        byte[] extensionBytes = CertUtil.getExtensionBytes(this.m_cert, ProxyRestrictionData.SOURCE_RESTRICTION_OID);
        if (extensionBytes == null) {
            return null;
        }
        return new ProxyRestrictionData(extensionBytes);
    }

    public ProxyRestrictionData getProxyTargetRestrictions() throws IOException {
        byte[] extensionBytes = CertUtil.getExtensionBytes(this.m_cert, ProxyRestrictionData.TARGET_RESTRICTION_OID);
        if (extensionBytes == null) {
            return null;
        }
        return new ProxyRestrictionData(extensionBytes);
    }
}
