package net.ripe.rpki.commons.crypto.x509cert;

import java.io.IOException;
import java.io.Serializable;
import java.math.BigInteger;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import javax.security.auth.x500.X500Principal;
import net.ripe.rpki.commons.crypto.ValidityPeriod;
import org.apache.commons.lang.Validate;
import org.apache.commons.lang.builder.ToStringBuilder;
import org.apache.commons.lang.builder.ToStringStyle;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.x509.extension.X509ExtensionUtil;

/* loaded from: input_file:net/ripe/rpki/commons/crypto/x509cert/AbstractX509CertificateWrapper.class */
public abstract class AbstractX509CertificateWrapper implements Serializable {
    private static final long serialVersionUID = 1;
    public static final ASN1ObjectIdentifier POLICY_OID = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.14.2");
    public static final PolicyInformation POLICY_INFORMATION = new PolicyInformation(POLICY_OID);
    private final X509Certificate certificate;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractX509CertificateWrapper(X509Certificate x509Certificate) {
        Validate.notNull(x509Certificate);
        this.certificate = x509Certificate;
    }

    public X509Certificate getCertificate() {
        return this.certificate;
    }

    public ASN1ObjectIdentifier getCertificatePolicy() {
        return POLICY_OID;
    }

    public int hashCode() {
        return this.certificate.hashCode();
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj instanceof AbstractX509CertificateWrapper) {
            return this.certificate.equals(((AbstractX509CertificateWrapper) obj).certificate);
        }
        return false;
    }

    public String toString() {
        return new ToStringBuilder(this, ToStringStyle.SHORT_PREFIX_STYLE).append("serial", getSerialNumber()).append("subject", getSubject()).toString();
    }

    public boolean isEe() {
        return !isCa();
    }

    public boolean isCa() {
        try {
            byte[] extensionValue = this.certificate.getExtensionValue(X509Extension.basicConstraints.getId());
            if (extensionValue == null) {
                return false;
            }
            return BasicConstraints.getInstance(X509ExtensionUtil.fromExtensionValue(extensionValue)).isCA();
        } catch (IOException e) {
            throw new AbstractX509CertificateWrapperException(e);
        }
    }

    public boolean isRoot() {
        return this.certificate.getSubjectX500Principal().equals(this.certificate.getIssuerX500Principal());
    }

    public URI getManifestUri() {
        return findFirstSubjectInformationAccessByMethod(X509CertificateInformationAccessDescriptor.ID_AD_RPKI_MANIFEST);
    }

    public URI getRepositoryUri() {
        return findFirstSubjectInformationAccessByMethod(X509CertificateInformationAccessDescriptor.ID_AD_CA_REPOSITORY);
    }

    public boolean isObjectIssuer() {
        return getManifestUri() != null;
    }

    public byte[] getSubjectKeyIdentifier() {
        return X509CertificateUtil.getSubjectKeyIdentifier(this.certificate);
    }

    public byte[] getAuthorityKeyIdentifier() {
        return X509CertificateUtil.getAuthorityKeyIdentifier(this.certificate);
    }

    public X500Principal getSubject() {
        return this.certificate.getSubjectX500Principal();
    }

    public X500Principal getIssuer() {
        return this.certificate.getIssuerX500Principal();
    }

    public PublicKey getPublicKey() {
        return this.certificate.getPublicKey();
    }

    public ValidityPeriod getValidityPeriod() {
        return new ValidityPeriod(this.certificate.getNotBefore(), this.certificate.getNotAfter());
    }

    public BigInteger getSerialNumber() {
        return getCertificate().getSerialNumber();
    }

    public X509CertificateInformationAccessDescriptor[] getAuthorityInformationAccess() {
        try {
            byte[] extensionValue = this.certificate.getExtensionValue(X509Extension.authorityInfoAccess.getId());
            if (extensionValue == null) {
                return null;
            }
            return X509CertificateInformationAccessDescriptor.convertAccessDescriptors(AuthorityInformationAccess.getInstance(X509ExtensionUtil.fromExtensionValue(extensionValue)).getAccessDescriptions());
        } catch (IOException e) {
            throw new AbstractX509CertificateWrapperException(e);
        }
    }

    public URI findFirstAuthorityInformationAccessByMethod(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        Validate.notNull(aSN1ObjectIdentifier, "method is null");
        return findFirstByMethod(aSN1ObjectIdentifier, "rsync", getAuthorityInformationAccess());
    }

    private URI findFirstByMethod(ASN1ObjectIdentifier aSN1ObjectIdentifier, String str, X509CertificateInformationAccessDescriptor[] x509CertificateInformationAccessDescriptorArr) {
        if (x509CertificateInformationAccessDescriptorArr == null) {
            return null;
        }
        for (X509CertificateInformationAccessDescriptor x509CertificateInformationAccessDescriptor : x509CertificateInformationAccessDescriptorArr) {
            if (aSN1ObjectIdentifier.equals(x509CertificateInformationAccessDescriptor.getMethod()) && x509CertificateInformationAccessDescriptor.getLocation().getScheme().equals(str)) {
                return x509CertificateInformationAccessDescriptor.getLocation();
            }
        }
        return null;
    }

    public X509CertificateInformationAccessDescriptor[] getSubjectInformationAccess() {
        try {
            byte[] extensionValue = this.certificate.getExtensionValue(X509Extension.subjectInfoAccess.getId());
            if (extensionValue == null) {
                return null;
            }
            return X509CertificateInformationAccessDescriptor.convertAccessDescriptors(AuthorityInformationAccess.getInstance(X509ExtensionUtil.fromExtensionValue(extensionValue)).getAccessDescriptions());
        } catch (IOException e) {
            throw new AbstractX509CertificateWrapperException(e);
        }
    }

    public URI findFirstSubjectInformationAccessByMethod(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        Validate.notNull(aSN1ObjectIdentifier, "method is null");
        return findFirstByMethod(aSN1ObjectIdentifier, "rsync", getSubjectInformationAccess());
    }

    public URI[] getCrlDistributionPoints() {
        try {
            byte[] extensionValue = this.certificate.getExtensionValue(X509Extension.cRLDistributionPoints.getId());
            if (extensionValue == null) {
                return null;
            }
            return convertCrlDistributionPointToUris(CRLDistPoint.getInstance(X509ExtensionUtil.fromExtensionValue(extensionValue)));
        } catch (IOException e) {
            throw new AbstractX509CertificateWrapperException(e);
        }
    }

    public URI findFirstRsyncCrlDistributionPoint() {
        URI[] crlDistributionPoints = getCrlDistributionPoints();
        if (crlDistributionPoints == null) {
            return null;
        }
        for (URI uri : crlDistributionPoints) {
            if (uri.getScheme().equals("rsync")) {
                return uri;
            }
        }
        return null;
    }

    private URI[] convertCrlDistributionPointToUris(CRLDistPoint cRLDistPoint) {
        ArrayList arrayList = new ArrayList();
        for (DistributionPoint distributionPoint : cRLDistPoint.getDistributionPoints()) {
            Validate.isTrue(distributionPoint.getCRLIssuer() == null, "crlIssuer MUST be omitted");
            Validate.isTrue(distributionPoint.getReasons() == null, "reasons MUST be omitted");
            Validate.notNull(distributionPoint.getDistributionPoint(), "distributionPoint MUST be present");
            Validate.isTrue(distributionPoint.getDistributionPoint().getType() == 0, "distributionPoint type MUST be FULL_NAME");
            for (GeneralName generalName : distributionPoint.getDistributionPoint().getName().getNames()) {
                Validate.isTrue(generalName.getTagNo() == 6, "name MUST be a uniformResourceIdentifier");
                try {
                    arrayList.add(new URI(generalName.getName().getString()));
                } catch (URISyntaxException e) {
                    throw new IllegalArgumentException(e);
                }
            }
        }
        return (URI[]) arrayList.toArray(new URI[arrayList.size()]);
    }

    public void verify(PublicKey publicKey) throws InvalidKeyException, SignatureException {
        try {
            getCertificate().verify(publicKey, X509CertificateBuilderHelper.DEFAULT_SIGNATURE_PROVIDER);
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalArgumentException(e);
        } catch (NoSuchProviderException e2) {
            throw new IllegalArgumentException(e2);
        } catch (CertificateException e3) {
            throw new IllegalArgumentException(e3);
        }
    }

    public byte[] getEncoded() {
        try {
            return this.certificate.getEncoded();
        } catch (CertificateEncodingException e) {
            throw new AbstractX509CertificateWrapperException(e);
        }
    }
}
