package org.xipki.ca.api.mgmt.entry;

import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.xipki.audit.services.MacAuditService;
import org.xipki.ca.api.CaUris;
import org.xipki.ca.api.NameId;
import org.xipki.ca.api.mgmt.CaManager;
import org.xipki.ca.api.mgmt.CaMgmtException;
import org.xipki.ca.api.mgmt.CaStatus;
import org.xipki.ca.api.mgmt.CrlControl;
import org.xipki.ca.api.mgmt.CtlogControl;
import org.xipki.ca.api.mgmt.RevokeSuspendedControl;
import org.xipki.ca.api.mgmt.ValidityMode;
import org.xipki.security.CertRevocationInfo;
import org.xipki.security.HashAlgo;
import org.xipki.security.KeyUsage;
import org.xipki.security.SignAlgo;
import org.xipki.security.X509Cert;
import org.xipki.security.XiSecurityException;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;
import org.xipki.util.CollectionUtil;
import org.xipki.util.CompareUtil;
import org.xipki.util.ConfPairs;
import org.xipki.util.PermissionConstants;
import org.xipki.util.StringUtil;
import org.xipki.util.Validity;
import org.xipki.util.http.HttpStatusCode;

/* loaded from: input_file:WEB-INF/lib/ca-mgmt-api-6.4.0.jar:org/xipki/ca/api/mgmt/entry/CaEntry.class */
public class CaEntry extends MgmtEntry {
    private NameId ident;
    private CaStatus status;
    private Validity maxValidity;
    private String signerType;
    private String signerConf;
    private CrlControl crlControl;
    private String crlSignerName;
    private CtlogControl ctlogControl;
    private RevokeSuspendedControl revokeSuspendedControl;
    private List<String> keypairGenNames;
    private boolean saveKeypair;
    private boolean saveCert = true;
    private ValidityMode validityMode = ValidityMode.STRICT;
    private int permission;
    private int expirationPeriod;
    private int keepExpiredCertInDays;
    private ConfPairs extraControl;
    private CaUris caUris;
    private X509Cert cert;
    private int pathLenConstraint;
    private List<X509Cert> certchain;
    private int serialNoLen;
    private long nextCrlNumber;
    private int numCrls;
    private CertRevocationInfo revocationInfo;
    private String subject;
    private String hexSha1OfCert;

    /* loaded from: input_file:WEB-INF/lib/ca-mgmt-api-6.4.0.jar:org/xipki/ca/api/mgmt/entry/CaEntry$CaSignerConf.class */
    public static class CaSignerConf {
        private final SignAlgo algo;
        private final String conf;

        private CaSignerConf(SignAlgo signAlgo, String str) {
            this.algo = signAlgo;
            this.conf = str;
        }

        public SignAlgo getAlgo() {
            return this.algo;
        }

        public String getConf() {
            return this.conf;
        }
    }

    private CaEntry() {
    }

    public CaEntry(NameId nameId, int i, long j, String str, String str2, CaUris caUris, int i2, int i3) {
        this.ident = (NameId) Args.notNull(nameId, "ident");
        this.signerType = Args.toNonBlankLower(str, "signerType");
        this.expirationPeriod = Args.notNegative(i3, "expirationPeriod");
        this.signerConf = Args.notBlank(str2, "signerConf");
        this.numCrls = Args.positive(i2, "numCrls");
        this.serialNoLen = Args.range(i, "serialNoLen", 1, 20);
        this.nextCrlNumber = Args.positive(j, "nextCrlNumber");
        this.caUris = caUris == null ? CaUris.EMPTY_INSTANCE : caUris;
    }

    public CaEntry copy() {
        CaEntry caEntry = new CaEntry();
        caEntry.ident = this.ident;
        caEntry.serialNoLen = this.serialNoLen;
        caEntry.nextCrlNumber = this.nextCrlNumber;
        caEntry.signerType = this.signerType;
        caEntry.signerConf = this.signerConf;
        caEntry.caUris = this.caUris;
        caEntry.numCrls = this.numCrls;
        caEntry.expirationPeriod = this.expirationPeriod;
        caEntry.status = this.status;
        caEntry.maxValidity = this.maxValidity;
        caEntry.crlControl = this.crlControl;
        caEntry.crlSignerName = this.crlSignerName;
        caEntry.ctlogControl = this.ctlogControl;
        caEntry.revokeSuspendedControl = this.revokeSuspendedControl;
        caEntry.keypairGenNames = this.keypairGenNames;
        caEntry.saveKeypair = this.saveKeypair;
        caEntry.saveCert = this.saveCert;
        caEntry.validityMode = this.validityMode;
        caEntry.permission = this.permission;
        caEntry.keepExpiredCertInDays = this.keepExpiredCertInDays;
        caEntry.extraControl = this.extraControl;
        caEntry.pathLenConstraint = this.pathLenConstraint;
        caEntry.revocationInfo = this.revocationInfo;
        caEntry.cert = this.cert;
        caEntry.certchain = this.certchain;
        caEntry.subject = this.subject;
        caEntry.hexSha1OfCert = this.hexSha1OfCert;
        return caEntry;
    }

    public static List<CaSignerConf> splitCaSignerConfs(String str) throws XiSecurityException {
        ConfPairs confPairs = new ConfPairs(str);
        String value = confPairs.value(MacAuditService.KEY_ALGO);
        if (value == null) {
            throw new XiSecurityException("no algo is defined in CA signerConf");
        }
        List<String> split = StringUtil.split(value, ParameterizedMessage.ERROR_MSG_SEPARATOR);
        if (CollectionUtil.isEmpty(split)) {
            throw new XiSecurityException("empty algo is defined in CA signerConf");
        }
        ArrayList arrayList = new ArrayList(split.size());
        Iterator<String> it = split.iterator();
        while (it.hasNext()) {
            try {
                SignAlgo signAlgo = SignAlgo.getInstance(it.next());
                confPairs.putPair(MacAuditService.KEY_ALGO, signAlgo.getJceName());
                arrayList.add(new CaSignerConf(signAlgo, confPairs.getEncoded()));
            } catch (NoSuchAlgorithmException e) {
                throw new XiSecurityException(e.getMessage(), e);
            }
        }
        return arrayList;
    }

    public NameId getIdent() {
        return this.ident;
    }

    public Validity getMaxValidity() {
        return this.maxValidity;
    }

    public void setMaxValidity(Validity validity) {
        this.maxValidity = validity;
    }

    public int getKeepExpiredCertInDays() {
        return this.keepExpiredCertInDays;
    }

    public void setKeepExpiredCertInDays(int i) {
        this.keepExpiredCertInDays = i;
    }

    public void setSignerConf(String str) {
        this.signerConf = Args.notBlank(str, "signerConf");
    }

    public String getSignerConf() {
        return this.signerConf;
    }

    public CaStatus getStatus() {
        return this.status;
    }

    public void setStatus(CaStatus caStatus) {
        this.status = caStatus;
    }

    public String getSignerType() {
        return this.signerType;
    }

    public void setCrlControl(CrlControl crlControl) {
        this.crlControl = crlControl;
    }

    public CrlControl getCrlControl() {
        return this.crlControl;
    }

    public CtlogControl getCtlogControl() {
        return this.ctlogControl;
    }

    public void setCtlogControl(CtlogControl ctlogControl) {
        this.ctlogControl = ctlogControl;
    }

    public RevokeSuspendedControl getRevokeSuspendedControl() {
        return this.revokeSuspendedControl;
    }

    public void setRevokeSuspendedControl(RevokeSuspendedControl revokeSuspendedControl) {
        this.revokeSuspendedControl = revokeSuspendedControl;
    }

    public String getCrlSignerName() {
        return this.crlSignerName;
    }

    public void setCrlSignerName(String str) {
        this.crlSignerName = str == null ? null : str.toLowerCase();
    }

    public List<String> getKeypairGenNames() {
        return this.keypairGenNames;
    }

    public void setKeypairGenNames(List<String> list) {
        this.keypairGenNames = list == null ? null : CollectionUtil.toLowerCaseList(list);
    }

    public boolean isSaveKeypair() {
        return this.saveKeypair;
    }

    public void setSaveKeypair(boolean z) {
        this.saveKeypair = z;
    }

    public boolean isSaveCert() {
        return this.saveCert;
    }

    public void setSaveCert(boolean z) {
        this.saveCert = z;
    }

    public ValidityMode getValidityMode() {
        return this.validityMode;
    }

    public void setValidityMode(ValidityMode validityMode) {
        this.validityMode = (ValidityMode) Args.notNull(validityMode, "mode");
    }

    public int getPermission() {
        return this.permission;
    }

    public void setPermission(int i) {
        this.permission = i;
    }

    public int getExpirationPeriod() {
        return this.expirationPeriod;
    }

    public ConfPairs getExtraControl() {
        return this.extraControl;
    }

    public void setExtraControl(ConfPairs confPairs) {
        this.extraControl = confPairs;
    }

    public String toString() {
        return toString(false);
    }

    public String toString(boolean z) {
        return toString(z, true);
    }

    public String toString(boolean z, boolean z2) {
        String encoded;
        if (this.extraControl == null) {
            encoded = CaManager.NULL;
        } else {
            encoded = this.extraControl.getEncoded();
            if (!z && encoded.length() > 100) {
                encoded = StringUtil.concat(encoded.substring(0, 97), "...");
            }
        }
        String concatObjectsCap = this.revocationInfo != null ? StringUtil.concatObjectsCap(30, "\n\treason: ", this.revocationInfo.getReason().getDescription(), "\n\trevoked at ", this.revocationInfo.getRevocationTime()) : "";
        int size = this.certchain == null ? 0 : this.certchain.size();
        StringBuilder sb = new StringBuilder(20 + (size * HttpStatusCode.SC_OK));
        sb.append("\ncertchain: ");
        if (size > 0) {
            for (int i = 0; i < size; i++) {
                sb.append("\ncert[").append(i).append("]:\n");
                sb.append(X509Util.formatCert(this.certchain.get(i), z));
            }
        } else {
            sb.append(CaManager.NULL);
        }
        List<String> permissionToStringSet = PermissionConstants.permissionToStringSet(this.permission);
        String str = "";
        if (!permissionToStringSet.isEmpty()) {
            StringBuilder sb2 = new StringBuilder();
            Iterator<String> it = permissionToStringSet.iterator();
            while (it.hasNext()) {
                sb2.append(it.next()).append(", ");
            }
            str = sb2.substring(0, sb2.length() - 2);
        }
        Object[] objArr = new Object[49];
        objArr[0] = this.ident.getId();
        objArr[1] = "\nname:                 ";
        objArr[2] = this.ident.getName();
        objArr[3] = "\nstatus:               ";
        objArr[4] = this.status == null ? CaManager.NULL : this.status.getStatus();
        objArr[5] = "\nmax. validity:        ";
        objArr[6] = this.maxValidity;
        objArr[7] = "\nexpiration period:    ";
        objArr[8] = Integer.valueOf(this.expirationPeriod);
        objArr[9] = "d";
        objArr[10] = "\nsigner type:          ";
        objArr[11] = this.signerType;
        objArr[12] = "\nsigner conf:          ";
        objArr[13] = this.signerConf == null ? CaManager.NULL : SignerEntry.signerConfToString(this.signerConf, z, z2);
        objArr[14] = "\nCRL signer name:      ";
        objArr[15] = this.crlSignerName;
        objArr[16] = "\nsave certificate:     ";
        objArr[17] = Boolean.valueOf(this.saveCert);
        objArr[18] = "\nsave keypair:         ";
        objArr[19] = Boolean.valueOf(this.saveKeypair);
        objArr[20] = "\nvalidity mode:        ";
        objArr[21] = this.validityMode;
        objArr[22] = "\npermission:           ";
        objArr[23] = str;
        objArr[24] = "\nkeep expired certs:   ";
        objArr[25] = this.keepExpiredCertInDays < 0 ? "forever" : this.keepExpiredCertInDays + " days";
        objArr[26] = "\nextra control:        ";
        objArr[27] = encoded;
        objArr[28] = "\nserial number length: ";
        objArr[29] = Integer.valueOf(this.serialNoLen);
        objArr[30] = " bytes";
        objArr[31] = "\nrevocation:           ";
        objArr[32] = this.revocationInfo == null ? "not revoked" : "revoked";
        objArr[33] = concatObjectsCap;
        objArr[34] = "\nnext CRL number:      ";
        objArr[35] = Long.valueOf(this.nextCrlNumber);
        objArr[36] = "\nKeyPair generation names: ";
        objArr[37] = this.keypairGenNames;
        objArr[38] = "\n";
        objArr[39] = this.caUris;
        objArr[40] = "\nCRL control:\n";
        objArr[41] = this.crlControl == null ? "  null" : this.crlControl.toString(z);
        objArr[42] = "\nCTLog control:\n";
        objArr[43] = this.ctlogControl == null ? "  null" : this.ctlogControl.toString();
        objArr[44] = "\nrevoke suspended certificates control: \n";
        objArr[45] = this.revokeSuspendedControl == null ? "  null" : this.revokeSuspendedControl.toString();
        objArr[46] = "\ncert: \n";
        objArr[47] = X509Util.formatCert(this.cert, z);
        objArr[48] = sb.toString();
        return StringUtil.concatObjectsCap(1500, "id:                   ", objArr);
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj instanceof CaEntry) {
            return equals((CaEntry) obj, false, false);
        }
        return false;
    }

    public boolean equals(CaEntry caEntry, boolean z, boolean z2) {
        return (z || this.nextCrlNumber == caEntry.nextCrlNumber) && CompareUtil.equalsObject(this.caUris, caEntry.caUris) && CompareUtil.equalsObject(this.cert, caEntry.cert) && CompareUtil.equalsObject(this.certchain, caEntry.certchain) && CompareUtil.equalsObject(this.crlControl, caEntry.crlControl) && CompareUtil.equalsObject(this.crlSignerName, caEntry.crlSignerName) && CompareUtil.equalsObject(this.ctlogControl, caEntry.ctlogControl) && this.expirationPeriod == caEntry.expirationPeriod && CompareUtil.equalsObject(this.extraControl, caEntry.extraControl) && this.ident.equals(caEntry.ident, z2) && this.keepExpiredCertInDays == caEntry.keepExpiredCertInDays && CompareUtil.equalsObject(this.maxValidity, caEntry.maxValidity) && this.numCrls == caEntry.numCrls && this.permission == caEntry.permission && CompareUtil.equalsObject(this.revocationInfo, caEntry.revocationInfo) && CompareUtil.equalsObject(this.revokeSuspendedControl, caEntry.revokeSuspendedControl) && this.saveCert == caEntry.saveCert && this.saveKeypair == caEntry.saveKeypair && CompareUtil.equalsObject(this.keypairGenNames, caEntry.keypairGenNames) && this.serialNoLen == caEntry.serialNoLen && this.signerType.equals(caEntry.signerType) && CompareUtil.equalsObject(this.signerConf, caEntry.signerConf) && CompareUtil.equalsObject(this.status, caEntry.status) && CompareUtil.equalsObject(this.validityMode, caEntry.validityMode);
    }

    public int hashCode() {
        return this.ident.hashCode();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r2v1, types: [byte[], byte[][]] */
    public void setCert(X509Cert x509Cert) throws CaMgmtException {
        if (x509Cert == null) {
            this.cert = null;
            this.subject = null;
            this.hexSha1OfCert = null;
        } else {
            if (!x509Cert.hasKeyusage(KeyUsage.keyCertSign)) {
                throw new CaMgmtException("CA certificate does not have keyusage keyCertSign");
            }
            this.cert = x509Cert;
            this.pathLenConstraint = x509Cert.getBasicConstraints();
            if (this.pathLenConstraint < 0) {
                throw new CaMgmtException("given certificate is not a CA certificate");
            }
            this.subject = x509Cert.getSubjectText();
            this.hexSha1OfCert = HashAlgo.SHA1.hexHash(new byte[]{x509Cert.getEncoded()});
        }
    }

    public int getSerialNoLen() {
        return this.serialNoLen;
    }

    public void setSerialNoLen(int i) {
        this.serialNoLen = Args.range(i, "serialNoLen", 1, 20);
    }

    public long getNextCrlNumber() {
        return this.nextCrlNumber;
    }

    public void setNextCrlNumber(long j) {
        this.nextCrlNumber = j;
    }

    public CaUris getCaUris() {
        return this.caUris;
    }

    public X509Cert getCert() {
        return this.cert;
    }

    public List<X509Cert> getCertchain() {
        return this.certchain;
    }

    public void setCertchain(List<X509Cert> list) {
        this.certchain = list;
    }

    public int getNumCrls() {
        return this.numCrls;
    }

    public CertRevocationInfo getRevocationInfo() {
        return this.revocationInfo;
    }

    public void setRevocationInfo(CertRevocationInfo certRevocationInfo) {
        this.revocationInfo = certRevocationInfo;
    }

    public String getSubject() {
        return this.subject;
    }

    public int getPathLenConstraint() {
        return this.pathLenConstraint;
    }

    public String getHexSha1OfCert() {
        return this.hexSha1OfCert;
    }
}
