package org.forgerock.openam.sdk.org.forgerock.opendj.ldap.schema;

import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import org.forgerock.openam.sdk.com.forgerock.opendj.ldap.CoreMessages;
import org.forgerock.openam.sdk.com.forgerock.opendj.util.StaticUtils;
import org.forgerock.openam.sdk.org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.Assertion;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.ByteSequence;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.ByteString;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.ByteStringBuilder;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.DN;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.DecodeException;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.GSERParser;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.3.jar:org/forgerock/openam/sdk/org/forgerock/opendj/ldap/schema/CertificateExactMatchingRuleImpl.class */
public final class CertificateExactMatchingRuleImpl extends AbstractEqualityMatchingRuleImpl {
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    private static final String GSER_ID_SERIALNUMBER = "serialNumber";
    private static final String GSER_ID_ISSUER = "issuer";
    private static final String GSER_ID_RDNSEQUENCE = "rdnSequence";

    /* JADX INFO: Access modifiers changed from: package-private */
    public CertificateExactMatchingRuleImpl() {
        super(SchemaConstants.EMR_CERTIFICATE_EXACT_NAME);
    }

    @Override // org.forgerock.openam.sdk.org.forgerock.opendj.ldap.schema.MatchingRuleImpl
    public ByteString normalizeAttributeValue(Schema schema, ByteSequence byteSequence) throws DecodeException {
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(byteSequence.toByteArray()));
            return createEncodedValue(x509Certificate.getSerialNumber(), normalizeDN(schema, x509Certificate.getIssuerX500Principal().getName("RFC2253")));
        } catch (CertificateException e) {
            logger.trace(CoreMessages.ERR_MR_CERTIFICATE_MATCH_PARSE_ERROR.get(e.getMessage()));
            return byteSequence.toByteString();
        }
    }

    @Override // org.forgerock.openam.sdk.org.forgerock.opendj.ldap.schema.AbstractEqualityMatchingRuleImpl, org.forgerock.openam.sdk.org.forgerock.opendj.ldap.schema.AbstractMatchingRuleImpl, org.forgerock.openam.sdk.org.forgerock.opendj.ldap.schema.MatchingRuleImpl
    public Assertion getAssertion(Schema schema, ByteSequence byteSequence) throws DecodeException {
        GSERParser gSERParser = new GSERParser(byteSequence.toString());
        try {
            gSERParser.readStartSequence();
            try {
                if (!GSER_ID_SERIALNUMBER.equals(gSERParser.nextNamedValueIdentifier())) {
                    throw DecodeException.error(CoreMessages.ERR_MR_CERTIFICATE_MATCH_IDENTIFIER_NOT_FOUND.get(GSER_ID_SERIALNUMBER));
                }
                BigInteger nextBigInteger = gSERParser.nextBigInteger();
                gSERParser.skipSeparator();
                if (!GSER_ID_ISSUER.equals(gSERParser.nextNamedValueIdentifier())) {
                    throw DecodeException.error(CoreMessages.ERR_MR_CERTIFICATE_MATCH_IDENTIFIER_NOT_FOUND.get(GSER_ID_ISSUER));
                }
                if (!GSER_ID_RDNSEQUENCE.equals(gSERParser.nextChoiceValueIdentifier())) {
                    throw DecodeException.error(CoreMessages.ERR_MR_CERTIFICATE_MATCH_IDENTIFIER_NOT_FOUND.get(GSER_ID_RDNSEQUENCE));
                }
                String nextString = gSERParser.nextString();
                gSERParser.readEndSequence();
                if (gSERParser.hasNext()) {
                    throw DecodeException.error(CoreMessages.ERR_MR_CERTIFICATE_MATCH_EXPECTED_END.get());
                }
                return defaultAssertion(createEncodedValue(nextBigInteger, normalizeDN(schema, nextString)));
            } catch (DecodeException e) {
                throw DecodeException.error(CoreMessages.ERR_MR_CERTIFICATE_MATCH_GSER_INVALID.get(StaticUtils.getExceptionMessage(e)));
            }
        } catch (DecodeException e2) {
            logger.traceException(e2);
            return defaultAssertion(normalizeAttributeValue(schema, byteSequence));
        }
    }

    private ByteString normalizeDN(Schema schema, String str) throws DecodeException {
        try {
            return DN.valueOf(str, schema.asNonStrictSchema()).toNormalizedByteString();
        } catch (Exception e) {
            logger.traceException(e);
            throw DecodeException.error(CoreMessages.ERR_MR_CERTIFICATE_MATCH_INVALID_DN.get(str, StaticUtils.getExceptionMessage(e)));
        }
    }

    private static ByteString createEncodedValue(BigInteger bigInteger, ByteString byteString) {
        return new ByteStringBuilder().appendBytes(byteString).appendByte(0).appendBytes(bigInteger.toByteArray()).toByteString();
    }
}
