package org.italiangrid.voms.asn1;

import eu.emi.security.authn.x509.X509Credential;
import eu.emi.security.authn.x509.proxy.CertificateExtension;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Random;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.cert.AttributeCertificateHolder;
import org.bouncycastle.cert.AttributeCertificateIssuer;
import org.bouncycastle.cert.X509AttributeCertificateHolder;
import org.bouncycastle.cert.X509v2AttributeCertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.italiangrid.voms.VOMSError;
import org.italiangrid.voms.VOMSGenericAttribute;

/* loaded from: input_file:org/italiangrid/voms/asn1/VOMSACGenerator.class */
public class VOMSACGenerator implements VOMSConstants {
    public static final ASN1ObjectIdentifier FAKE_EXT_OID = new ASN1ObjectIdentifier("1.3.6.1.4.1.8005.100.120.82");
    private X509Credential aaCredential;
    private String host;
    private int port;
    private String voName;
    private String voURI;
    private boolean vomsCompatibility = true;
    private boolean includeEmptyACCertsExtension = false;
    private boolean skipACCertsExtension = false;
    private boolean useFakeSignatureBits = false;
    private boolean includeFakeCriticalExtensions = false;
    private boolean includeCriticalNoRevAvail = false;
    private boolean includeCriticalAKID = false;
    private ContentSigner signer;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/italiangrid/voms/asn1/VOMSACGenerator$RandomContentSigner.class */
    public static class RandomContentSigner implements ContentSigner {
        public static int SIG_LENGHT = 1024;
        ByteArrayOutputStream bos = new ByteArrayOutputStream();
        AlgorithmIdentifier sigAlgId;

        public RandomContentSigner(String str) {
            this.sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(str);
        }

        public AlgorithmIdentifier getAlgorithmIdentifier() {
            return this.sigAlgId;
        }

        public OutputStream getOutputStream() {
            return this.bos;
        }

        public byte[] getSignature() {
            try {
                this.bos.close();
            } catch (IOException e) {
            }
            Random random = new Random();
            byte[] bArr = new byte[SIG_LENGHT];
            random.nextBytes(bArr);
            return bArr;
        }
    }

    private ContentSigner getSigner() {
        if (this.signer == null) {
            JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(this.aaCredential.getCertificate().getSigAlgName());
            jcaContentSignerBuilder.setProvider(BouncyCastleProvider.PROVIDER_NAME);
            try {
                if (this.useFakeSignatureBits) {
                    this.signer = new RandomContentSigner(this.aaCredential.getCertificate().getSigAlgName());
                } else {
                    this.signer = jcaContentSignerBuilder.build(this.aaCredential.getKey());
                }
            } catch (OperatorCreationException e) {
                throw new VOMSError(e.getMessage(), e);
            }
        }
        return this.signer;
    }

    public VOMSACGenerator(X509Credential x509Credential, String str, String str2, int i) {
        this.aaCredential = x509Credential;
        this.voName = str;
        this.host = str2;
        this.port = i;
        this.voURI = String.format("%s://%s:%d", this.voName, this.host, Integer.valueOf(this.port));
    }

    private ASN1Encodable buildACCertsExtensionContent() {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        if (this.includeEmptyACCertsExtension) {
            aSN1EncodableVector.add(new DERSequence());
        } else {
            aSN1EncodableVector.add(new DERSequence(getCertAsDEREncodable(this.aaCredential.getCertificate())));
        }
        return new DERSequence(aSN1EncodableVector);
    }

    private AuthorityKeyIdentifier buildAuthorityKeyIdentifier() {
        byte[] extensionValue = this.aaCredential.getCertificate().getExtensionValue(X509Extension.authorityKeyIdentifier.toString());
        if (extensionValue != null) {
            return new AuthorityKeyIdentifier(extensionValue);
        }
        return null;
    }

    private ASN1Encodable buildFQANsAttributeContent(List<String> list) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        aSN1EncodableVector.add(new DERTaggedObject(0, buildPolicyAuthorityInfo()));
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            aSN1EncodableVector2.add(new DEROctetString(it.next().getBytes()));
        }
        aSN1EncodableVector.add(new DERSequence(aSN1EncodableVector2));
        return new DERSequence(aSN1EncodableVector);
    }

    private ASN1Encodable buildGAExtensionContent(List<VOMSGenericAttribute> list) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        Iterator<VOMSGenericAttribute> it = list.iterator();
        while (it.hasNext()) {
            aSN1EncodableVector2.add(buildTagSequence(it.next()));
        }
        aSN1EncodableVector.add(new GeneralNames(buildPolicyAuthorityInfo()));
        aSN1EncodableVector.add(new DERSequence(aSN1EncodableVector2));
        return this.vomsCompatibility ? new DERSequence(new DERSequence(new DERSequence(aSN1EncodableVector))) : new DERSequence(new DERSequence(aSN1EncodableVector));
    }

    private AttributeCertificateHolder buildHolder(X509Certificate x509Certificate) throws CertificateEncodingException {
        return new AttributeCertificateHolder(new JcaX509CertificateHolder(x509Certificate).getSubject(), x509Certificate.getSerialNumber());
    }

    private AttributeCertificateIssuer buildIssuer() throws CertificateEncodingException {
        return new AttributeCertificateIssuer(new JcaX509CertificateHolder(this.aaCredential.getCertificate()).getSubject());
    }

    private GeneralName buildPolicyAuthorityInfo() {
        return new GeneralName(6, this.voURI);
    }

    private DERSequence buildTagSequence(VOMSGenericAttribute vOMSGenericAttribute) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(getDEROctetString(vOMSGenericAttribute.getName()));
        aSN1EncodableVector.add(getDEROctetString(vOMSGenericAttribute.getValue()));
        aSN1EncodableVector.add(getDEROctetString(vOMSGenericAttribute.getContext()));
        return new DERSequence(aSN1EncodableVector);
    }

    private ASN1Encodable buildTargetsExtensionContent(List<String> list) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            DERTaggedObject dERTaggedObject = new DERTaggedObject(0, new GeneralName(6, it.next()));
            if (this.vomsCompatibility) {
                aSN1EncodableVector.add(new DERSequence(dERTaggedObject));
            } else {
                aSN1EncodableVector.add(dERTaggedObject);
            }
        }
        return new DERSequence(new DERSequence(aSN1EncodableVector));
    }

    public synchronized X509AttributeCertificateHolder generateVOMSAttributeCertificate(List<String> list, List<VOMSGenericAttribute> list2, List<String> list3, X509Certificate x509Certificate, BigInteger bigInteger, Date date, Date date2) {
        try {
            X509v2AttributeCertificateBuilder x509v2AttributeCertificateBuilder = new X509v2AttributeCertificateBuilder(buildHolder(x509Certificate), buildIssuer(), bigInteger, date, date2);
            x509v2AttributeCertificateBuilder.addAttribute(VOMS_FQANS_OID, buildFQANsAttributeContent(list));
            if (list2 != null && !list2.isEmpty()) {
                x509v2AttributeCertificateBuilder.addExtension(VOMS_GENERIC_ATTRS_OID, false, buildGAExtensionContent(list2));
            }
            if (list3 != null && !list3.isEmpty()) {
                x509v2AttributeCertificateBuilder.addExtension(X509Extension.targetInformation, true, buildTargetsExtensionContent(list3));
            }
            if (!this.skipACCertsExtension) {
                x509v2AttributeCertificateBuilder.addExtension(VOMS_CERTS_OID, false, buildACCertsExtensionContent());
            }
            if (this.includeFakeCriticalExtensions) {
                x509v2AttributeCertificateBuilder.addExtension(FAKE_EXT_OID, true, new DERSequence());
            }
            if (this.includeCriticalNoRevAvail) {
                x509v2AttributeCertificateBuilder.addExtension(X509Extension.noRevAvail, true, new DERNull());
            }
            if (this.includeCriticalAKID) {
                ASN1Encodable buildAuthorityKeyIdentifier = buildAuthorityKeyIdentifier();
                x509v2AttributeCertificateBuilder.addExtension(X509Extension.authorityKeyIdentifier, true, buildAuthorityKeyIdentifier != null ? buildAuthorityKeyIdentifier : new DERNull());
            }
            return x509v2AttributeCertificateBuilder.build(getSigner());
        } catch (CertificateEncodingException e) {
            throw new VOMSError(e.getMessage(), e);
        }
    }

    public synchronized CertificateExtension generateVOMSExtension(List<X509AttributeCertificateHolder> list) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        Iterator<X509AttributeCertificateHolder> it = list.iterator();
        while (it.hasNext()) {
            aSN1EncodableVector.add(it.next().toASN1Structure());
        }
        return new CertificateExtension(VOMS_EXTENSION_OID.getId(), new DERSequence(aSN1EncodableVector).toASN1Object(), false);
    }

    private DEREncodable getCertAsDEREncodable(X509Certificate x509Certificate) {
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(x509Certificate.getEncoded()));
            DERObject readObject = aSN1InputStream.readObject();
            aSN1InputStream.close();
            return readObject;
        } catch (IOException e) {
            throw new VOMSError("Error encoding X509 certificate: " + e.getMessage(), e);
        } catch (CertificateEncodingException e2) {
            throw new VOMSError("Error encoding X509 certificate: " + e2.getMessage(), e2);
        }
    }

    private DEROctetString getDEROctetString(String str) {
        return new DEROctetString(str.getBytes());
    }

    public synchronized void setIncludeEmptyACCertsExtension(boolean z) {
        this.includeEmptyACCertsExtension = z;
    }

    public synchronized void setSkipACCertsExtension(boolean z) {
        this.skipACCertsExtension = z;
    }

    public synchronized void setUseFakeSignatureBits(boolean z) {
        this.useFakeSignatureBits = z;
    }

    public synchronized void setIncludeFakeCriticalExtensions(boolean z) {
        this.includeFakeCriticalExtensions = z;
    }

    public synchronized void setIncludeCriticalNoRevAvail(boolean z) {
        this.includeCriticalNoRevAvail = z;
    }

    public synchronized void setIncludeCriticalAKID(boolean z) {
        this.includeCriticalAKID = z;
    }
}
