package org.xipki.ca.server;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.zip.ZipEntry;
import java.util.zip.ZipOutputStream;
import org.apache.logging.log4j.core.lookup.StructuredDataLookup;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.ReasonFlags;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.xipki.audit.services.MacAuditService;
import org.xipki.ca.api.mgmt.CaMgmtException;
import org.xipki.ca.api.profile.Certprofile;
import org.xipki.ca.api.profile.ExtensionValue;
import org.xipki.ca.api.profile.ExtensionValues;
import org.xipki.ca.api.profile.SubjectDnSpec;
import org.xipki.security.ObjectIdentifiers;
import org.xipki.security.SignAlgo;
import org.xipki.security.X509Cert;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;
import org.xipki.util.Base64;
import org.xipki.util.CollectionUtil;
import org.xipki.util.ConfPairs;
import org.xipki.util.FileOrBinary;
import org.xipki.util.FileOrValue;
import org.xipki.util.IoUtil;
import org.xipki.util.PermissionConstants;
import org.xipki.util.StringUtil;

/* loaded from: input_file:WEB-INF/lib/ca-server-6.4.0.jar:org/xipki/ca/server/CaUtil.class */
public class CaUtil {
    private static final ASN1ObjectIdentifier id_ce = new ASN1ObjectIdentifier("2.5.29");
    private static final List<ASN1ObjectIdentifier> SORTED_EXTENSIONS = Collections.unmodifiableList(Arrays.asList(Extension.subjectKeyIdentifier, Extension.authorityKeyIdentifier, Extension.basicConstraints, Extension.keyUsage, Extension.extendedKeyUsage, Extension.privateKeyUsagePeriod, Extension.subjectAlternativeName, Extension.issuerAlternativeName, Extension.authorityInfoAccess, Extension.cRLDistributionPoints, Extension.freshestCRL, Extension.certificatePolicies, Extension.qCStatements, Extension.nameConstraints, Extension.policyConstraints, Extension.policyMappings, Extension.subjectInfoAccess, Extension.subjectDirectoryAttributes));

    private CaUtil() {
    }

    public static void addExtensions(ExtensionValues extensionValues, X509v3CertificateBuilder x509v3CertificateBuilder) throws CertIOException {
        if (extensionValues == null) {
            return;
        }
        for (ASN1ObjectIdentifier aSN1ObjectIdentifier : SORTED_EXTENSIONS) {
            ExtensionValue removeExtensionTuple = extensionValues.removeExtensionTuple(aSN1ObjectIdentifier);
            if (removeExtensionTuple != null) {
                x509v3CertificateBuilder.addExtension(aSN1ObjectIdentifier, removeExtensionTuple.isCritical(), removeExtensionTuple.getValue());
            }
        }
        Iterator it = new HashSet(extensionValues.getExtensionTypes()).iterator();
        while (it.hasNext()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier2 = (ASN1ObjectIdentifier) it.next();
            if (aSN1ObjectIdentifier2.on(id_ce)) {
                ExtensionValue removeExtensionTuple2 = extensionValues.removeExtensionTuple(aSN1ObjectIdentifier2);
                x509v3CertificateBuilder.addExtension(aSN1ObjectIdentifier2, removeExtensionTuple2.isCritical(), removeExtensionTuple2.getValue());
            }
        }
        Iterator it2 = new HashSet(extensionValues.getExtensionTypes()).iterator();
        while (it2.hasNext()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier3 = (ASN1ObjectIdentifier) it2.next();
            if (!aSN1ObjectIdentifier3.on(ObjectIdentifiers.id_pen)) {
                ExtensionValue removeExtensionTuple3 = extensionValues.removeExtensionTuple(aSN1ObjectIdentifier3);
                x509v3CertificateBuilder.addExtension(aSN1ObjectIdentifier3, removeExtensionTuple3.isCritical(), removeExtensionTuple3.getValue());
            }
        }
        Iterator it3 = new HashSet(extensionValues.getExtensionTypes()).iterator();
        while (it3.hasNext()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier4 = (ASN1ObjectIdentifier) it3.next();
            ExtensionValue removeExtensionTuple4 = extensionValues.removeExtensionTuple(aSN1ObjectIdentifier4);
            x509v3CertificateBuilder.addExtension(aSN1ObjectIdentifier4, removeExtensionTuple4.isCritical(), removeExtensionTuple4.getValue());
        }
    }

    @SafeVarargs
    public static <T> List<T> asModifiableList(T... tArr) {
        ArrayList arrayList = new ArrayList(tArr.length);
        arrayList.addAll(Arrays.asList(tArr));
        return arrayList;
    }

    public static BasicConstraints createBasicConstraints(Certprofile.CertLevel certLevel, Integer num) {
        return certLevel == Certprofile.CertLevel.EndEntity ? new BasicConstraints(false) : num != null ? new BasicConstraints(num.intValue()) : new BasicConstraints(true);
    }

    public static AuthorityInformationAccess createAuthorityInformationAccess(List<String> list, List<String> list2) {
        if (CollectionUtil.isEmpty(list) && CollectionUtil.isEmpty(list2)) {
            throw new IllegalArgumentException("caIssuerUris and ospUris may not be both empty");
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        if (CollectionUtil.isNotEmpty(list)) {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                aSN1EncodableVector.add(new AccessDescription(X509ObjectIdentifiers.id_ad_caIssuers, new GeneralName(6, it.next())));
            }
        }
        if (CollectionUtil.isNotEmpty(list2)) {
            Iterator<String> it2 = list2.iterator();
            while (it2.hasNext()) {
                aSN1EncodableVector.add(new AccessDescription(X509ObjectIdentifiers.id_ad_ocsp, new GeneralName(6, it2.next())));
            }
        }
        return AuthorityInformationAccess.getInstance(new DERSequence(aSN1EncodableVector));
    }

    public static CRLDistPoint createCrlDistributionPoints(List<String> list, X500Name x500Name, X500Name x500Name2) {
        int size = Args.notEmpty((List) list, "crlUris").size();
        DistributionPoint[] distributionPointArr = new DistributionPoint[1];
        GeneralName[] generalNameArr = new GeneralName[size];
        for (int i = 0; i < size; i++) {
            generalNameArr[i] = new GeneralName(6, list.get(i));
        }
        DistributionPointName distributionPointName = new DistributionPointName(new GeneralNames(generalNameArr));
        GeneralNames generalNames = null;
        if (x500Name2 != null && !x500Name2.equals(x500Name)) {
            generalNames = new GeneralNames(new GeneralName(x500Name2));
        }
        distributionPointArr[0] = new DistributionPoint(distributionPointName, (ReasonFlags) null, generalNames);
        return new CRLDistPoint(distributionPointArr);
    }

    public static X500Name sortX509Name(X500Name x500Name) {
        RDN[] rDNs = ((X500Name) Args.notNull(x500Name, "name")).getRDNs();
        LinkedList linkedList = new LinkedList();
        Iterator<ASN1ObjectIdentifier> it = SubjectDnSpec.getForwardDNs().iterator();
        while (it.hasNext()) {
            RDN[] rdns = getRdns(rDNs, it.next());
            if (rdns != null && rdns.length != 0) {
                linkedList.addAll(Arrays.asList(rdns));
            }
        }
        return new X500Name((RDN[]) linkedList.toArray(new RDN[0]));
    }

    private static RDN[] getRdns(RDN[] rdnArr, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        Args.notNull(rdnArr, "rdns");
        Args.notNull(aSN1ObjectIdentifier, StructuredDataLookup.TYPE_KEY);
        ArrayList arrayList = new ArrayList(1);
        for (RDN rdn : rdnArr) {
            if (rdn.getFirst().getType().equals(aSN1ObjectIdentifier)) {
                arrayList.add(rdn);
            }
        }
        if (CollectionUtil.isEmpty(arrayList)) {
            return null;
        }
        return (RDN[]) arrayList.toArray(new RDN[0]);
    }

    public static String canonicalizeSignerConf(String str) throws CaMgmtException {
        byte[] decode;
        if (!str.contains("file:") && !str.contains("base64:")) {
            return str;
        }
        ConfPairs confPairs = new ConfPairs(str);
        String value = confPairs.value(MacAuditService.KEY_ALGO);
        if (value != null) {
            try {
                confPairs.putPair(MacAuditService.KEY_ALGO, SignAlgo.getInstance(value).getJceName());
            } catch (NoSuchAlgorithmException e) {
                throw new CaMgmtException(e);
            }
        }
        String value2 = confPairs.value("keystore");
        if (StringUtil.startsWithIgnoreCase(value2, "file:")) {
            try {
                decode = IoUtil.read(value2.substring("file:".length()), true);
            } catch (IOException e2) {
                throw new CaMgmtException("IOException: " + e2.getMessage(), e2);
            }
        } else {
            if (!StringUtil.startsWithIgnoreCase(value2, "base64:")) {
                return str;
            }
            decode = Base64.decode(value2.substring("base64:".length()));
        }
        confPairs.putPair("keystore", "base64:" + Base64.encodeToString(decode));
        return confPairs.getEncoded();
    }

    public static FileOrValue createFileOrValue(ZipOutputStream zipOutputStream, String str, String str2) throws IOException {
        if (StringUtil.isBlank(str)) {
            return null;
        }
        FileOrValue fileOrValue = new FileOrValue();
        if (str.length() < 256) {
            fileOrValue.setValue(str);
        } else {
            fileOrValue.setFile(str2);
            zipOutputStream.putNextEntry(new ZipEntry(str2));
            try {
                zipOutputStream.write(StringUtil.toUtf8Bytes(str));
                zipOutputStream.closeEntry();
            } catch (Throwable th) {
                zipOutputStream.closeEntry();
                throw th;
            }
        }
        return fileOrValue;
    }

    public static FileOrBinary createFileOrBase64Value(ZipOutputStream zipOutputStream, String str, String str2) throws IOException {
        if (StringUtil.isBlank(str)) {
            return null;
        }
        return createFileOrBinary(zipOutputStream, Base64.decode(str), str2);
    }

    public static FileOrBinary createFileOrBinary(ZipOutputStream zipOutputStream, byte[] bArr, String str) throws IOException {
        if (bArr == null || bArr.length == 0) {
            return null;
        }
        FileOrBinary fileOrBinary = new FileOrBinary();
        if (bArr.length < 256) {
            fileOrBinary.setBinary(bArr);
        } else {
            fileOrBinary.setFile(str);
            zipOutputStream.putNextEntry(new ZipEntry(str));
            try {
                zipOutputStream.write(bArr);
                zipOutputStream.closeEntry();
            } catch (Throwable th) {
                zipOutputStream.closeEntry();
                throw th;
            }
        }
        return fileOrBinary;
    }

    public static List<String> getPermissions(int i) {
        LinkedList linkedList = new LinkedList();
        if (1023 == i) {
            linkedList.add(PermissionConstants.getTextForCode(i));
        } else {
            for (Integer num : PermissionConstants.getPermissions()) {
                if ((i & num.intValue()) != 0) {
                    linkedList.add(PermissionConstants.getTextForCode(num.intValue()));
                }
            }
        }
        return linkedList;
    }

    public static String encodeCertchain(List<X509Cert> list) {
        return X509Util.encodeCertificates((X509Cert[]) list.toArray(new X509Cert[0]));
    }

    public static List<X509Cert> buildCertChain(X509Cert x509Cert, List<X509Cert> list) throws CaMgmtException {
        X509Cert[] buildCertPath = X509Util.buildCertPath(x509Cert, list, false);
        if (buildCertPath == null || list.size() != buildCertPath.length) {
            throw new CaMgmtException("could not build certchain containing all specified certs");
        }
        return Arrays.asList(buildCertPath);
    }

    public static X509Cert parseCert(byte[] bArr) throws CaMgmtException {
        try {
            return X509Util.parseCert(bArr);
        } catch (CertificateException e) {
            throw new CaMgmtException("could not parse certificate", e);
        }
    }

    public static X500Name removeEmptyRdns(X500Name x500Name) {
        RDN[] rDNs = x500Name.getRDNs();
        ArrayList arrayList = new ArrayList(rDNs.length);
        boolean z = false;
        for (RDN rdn : rDNs) {
            if (StringUtil.isBlank(X509Util.rdnValueToString(rdn.getFirst().getValue()))) {
                z = true;
            } else {
                arrayList.add(rdn);
            }
        }
        return z ? new X500Name((RDN[]) arrayList.toArray(new RDN[0])) : x500Name;
    }
}
