package org.xipki.ca.certprofile.xijson.conf;

import java.math.BigInteger;
import java.util.Collection;
import java.util.LinkedList;
import java.util.List;
import org.apache.logging.log4j.core.lookup.StructuredDataLookup;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralSubtree;
import org.xipki.ca.api.profile.CertprofileException;
import org.xipki.ca.certprofile.xijson.conf.GeneralSubtreeType;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;
import org.xipki.util.CollectionUtil;
import org.xipki.util.ValidatableConf;
import org.xipki.util.exception.InvalidConfException;

/* loaded from: input_file:WEB-INF/lib/certprofile-xijson-6.4.0.jar:org/xipki/ca/certprofile/xijson/conf/NameConstraints.class */
public class NameConstraints extends ValidatableConf {
    private List<GeneralSubtreeType> permittedSubtrees;
    private List<GeneralSubtreeType> excludedSubtrees;

    public List<GeneralSubtreeType> getPermittedSubtrees() {
        if (this.permittedSubtrees == null) {
            this.permittedSubtrees = new LinkedList();
        }
        return this.permittedSubtrees;
    }

    public void setPermittedSubtrees(List<GeneralSubtreeType> list) {
        this.permittedSubtrees = list;
    }

    public List<GeneralSubtreeType> getExcludedSubtrees() {
        if (this.excludedSubtrees == null) {
            this.excludedSubtrees = new LinkedList();
        }
        return this.excludedSubtrees;
    }

    public void setExcludedSubtrees(List<GeneralSubtreeType> list) {
        this.excludedSubtrees = list;
    }

    @Override // org.xipki.util.ValidatableConf
    public void validate() throws InvalidConfException {
        if (CollectionUtil.isEmpty(this.permittedSubtrees) && CollectionUtil.isEmpty(this.excludedSubtrees)) {
            throw new InvalidConfException("permittedSubtrees and excludedSubtrees may not be both null");
        }
        validate(this.permittedSubtrees, (Collection<? extends ValidatableConf>[]) new Collection[]{this.excludedSubtrees});
    }

    public org.bouncycastle.asn1.x509.NameConstraints toXiNameConstraints() throws CertprofileException {
        GeneralSubtree[] buildGeneralSubtrees = buildGeneralSubtrees(getPermittedSubtrees());
        GeneralSubtree[] buildGeneralSubtrees2 = buildGeneralSubtrees(getExcludedSubtrees());
        if (buildGeneralSubtrees == null && buildGeneralSubtrees2 == null) {
            return null;
        }
        return new org.bouncycastle.asn1.x509.NameConstraints(buildGeneralSubtrees, buildGeneralSubtrees2);
    }

    private static GeneralSubtree[] buildGeneralSubtrees(List<GeneralSubtreeType> list) throws CertprofileException {
        if (CollectionUtil.isEmpty(list)) {
            return null;
        }
        int size = list.size();
        GeneralSubtree[] generalSubtreeArr = new GeneralSubtree[size];
        for (int i = 0; i < size; i++) {
            generalSubtreeArr[i] = buildGeneralSubtree(list.get(i));
        }
        return generalSubtreeArr;
    }

    private static GeneralSubtree buildGeneralSubtree(GeneralSubtreeType generalSubtreeType) throws CertprofileException {
        GeneralName generalName;
        GeneralSubtreeType.Base base = ((GeneralSubtreeType) Args.notNull(generalSubtreeType, StructuredDataLookup.TYPE_KEY)).getBase();
        if (base.getDirectoryName() != null) {
            generalName = new GeneralName(X509Util.reverse(new X500Name(base.getDirectoryName())));
        } else if (base.getDnsName() != null) {
            generalName = new GeneralName(2, base.getDnsName());
        } else if (base.getIpAddress() != null) {
            generalName = new GeneralName(7, base.getIpAddress());
        } else if (base.getRfc822Name() != null) {
            generalName = new GeneralName(1, base.getRfc822Name());
        } else {
            if (base.getUri() == null) {
                throw new IllegalStateException("should not reach here, unknown child of GeneralSubtreeType");
            }
            generalName = new GeneralName(6, base.getUri());
        }
        Integer minimum = generalSubtreeType.getMinimum();
        if (minimum != null && minimum.intValue() < 0) {
            throw new CertprofileException("negative minimum is not allowed: " + minimum);
        }
        BigInteger valueOf = minimum == null ? null : BigInteger.valueOf(minimum.intValue());
        Integer maximum = generalSubtreeType.getMaximum();
        if (maximum == null || maximum.intValue() >= 0) {
            return new GeneralSubtree(generalName, valueOf, maximum == null ? null : BigInteger.valueOf(maximum.intValue()));
        }
        throw new CertprofileException("negative maximum is not allowed: " + maximum);
    }
}
