package org.xipki.ca.api.profile;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.ca.api.profile.Certprofile;
import org.xipki.security.ObjectIdentifiers;
import org.xipki.util.Args;
import org.xipki.util.CollectionUtil;
import org.xipki.util.PermissionConstants;
import org.xipki.util.StringUtil;

/* loaded from: input_file:WEB-INF/lib/ca-api-6.4.0.jar:org/xipki/ca/api/profile/SubjectDnSpec.class */
public class SubjectDnSpec {
    private static final List<ASN1ObjectIdentifier> FORWARD_DNS;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) SubjectDnSpec.class);
    private static final Range RANGE_64 = new Range(1, 64);
    private static final Range RANGE_128 = new Range(1, Integer.valueOf(PermissionConstants.ENROLL_CROSS));
    private static final Range RANGE_255 = new Range(1, 255);
    private static final Range RANGE_POSTAL_CODE = new Range(1, 40);
    private static final Range RANGE_COUNTRY_NAME = new Range(2, 2);
    private static final Range RANGE_POSTAL_ADDRESS = new Range(0, 30);
    private static final Range RANGE_GENDER = new Range(1, 1);
    private static final Range RANGE_DATE_OF_BIRTH = new Range(15, 15);
    private static final Range RANGE_NAME = new Range(1, Integer.valueOf(PermissionConstants.GEN_KEYPAIR));
    private static final Set<Certprofile.StringType> DIRECTORY_STRINGS = CollectionUtil.asUnmodifiableSet(Certprofile.StringType.bmpString, Certprofile.StringType.printableString, Certprofile.StringType.teletexString, Certprofile.StringType.utf8String);
    private static final Set<Certprofile.StringType> PRINTABLE_STRING_ONLY = CollectionUtil.asUnmodifiableSet(Certprofile.StringType.printableString);
    private static final Set<Certprofile.StringType> IA5_STRING_ONLY = CollectionUtil.asUnmodifiableSet(Certprofile.StringType.ia5String);
    private static final Map<ASN1ObjectIdentifier, Certprofile.StringType> DFLT_STRING_TYPES = new HashMap();
    private static final Map<ASN1ObjectIdentifier, Range> RANGES = new HashMap();
    private static final Map<ASN1ObjectIdentifier, TextVadidator> PATTERNS = new HashMap();
    private static final Map<ASN1ObjectIdentifier, Certprofile.RdnControl> CONTROLS = new HashMap();
    private static final Map<ASN1ObjectIdentifier, Set<Certprofile.StringType>> STRING_TYPE_SET = new HashMap();
    private static final Set<String> COUNTRY_AREA_CODES = new HashSet();

    private SubjectDnSpec() {
    }

    private static void conf(Set<ASN1ObjectIdentifier> set, ASN1ObjectIdentifier aSN1ObjectIdentifier, Range range, Set<Certprofile.StringType> set2) {
        set.add(aSN1ObjectIdentifier);
        if (range != null) {
            RANGES.put(aSN1ObjectIdentifier, range);
        }
        if (set2 != null) {
            STRING_TYPE_SET.put(aSN1ObjectIdentifier, set2);
            if (set2.size() == 1) {
                DFLT_STRING_TYPES.put(aSN1ObjectIdentifier, set2.iterator().next());
            }
        }
    }

    public static Range getStringLengthRange(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return RANGES.get(Args.notNull(aSN1ObjectIdentifier, "rdnType"));
    }

    public static TextVadidator getPattern(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return PATTERNS.get(Args.notNull(aSN1ObjectIdentifier, "rdnType"));
    }

    public static Certprofile.StringType getStringType(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return DFLT_STRING_TYPES.get(Args.notNull(aSN1ObjectIdentifier, "rdnType"));
    }

    public static Certprofile.RdnControl getRdnControl(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        Certprofile.RdnControl rdnControl = CONTROLS.get(Args.notNull(aSN1ObjectIdentifier, "rdnType"));
        if (rdnControl == null) {
            rdnControl = new Certprofile.RdnControl(aSN1ObjectIdentifier, 0, 9);
            rdnControl.setStringType(Certprofile.StringType.utf8String);
        }
        return rdnControl;
    }

    public static void fixRdnControl(Certprofile.RdnControl rdnControl) throws CertprofileException {
        ASN1ObjectIdentifier type = ((Certprofile.RdnControl) Args.notNull(rdnControl, "control")).getType();
        Certprofile.StringType stringType = rdnControl.getStringType();
        if (stringType == null) {
            Certprofile.StringType stringType2 = DFLT_STRING_TYPES.get(type);
            if (stringType2 != null) {
                rdnControl.setStringType(stringType2);
            }
        } else if (STRING_TYPE_SET.containsKey(type) && !STRING_TYPE_SET.get(type).contains(stringType)) {
            throw new CertprofileException(String.format("%s is not allowed %s", stringType.name(), type.getId()));
        }
        if (rdnControl.getPattern() == null && PATTERNS.containsKey(type)) {
            rdnControl.setPattern(PATTERNS.get(type));
        }
        Range range = RANGES.get(type);
        if (range == null) {
            rdnControl.setStringLengthRange(null);
            return;
        }
        Range stringLengthRange = rdnControl.getStringLengthRange();
        if (stringLengthRange == null) {
            rdnControl.setStringLengthRange(range);
            return;
        }
        boolean z = false;
        Integer min = range.getMin();
        Integer min2 = stringLengthRange.getMin();
        if (min2 == null) {
            z = true;
            min2 = min;
        } else if (min != null && min.intValue() > min2.intValue()) {
            z = true;
            min2 = min;
        }
        Integer max = range.getMax();
        Integer max2 = stringLengthRange.getMax();
        if (max2 == null) {
            z = true;
            max2 = max;
        } else if (max != null && max.intValue() < max2.intValue()) {
            z = true;
            max2 = max;
        }
        if (z) {
            stringLengthRange.setRange(min2, max2);
        }
    }

    public static List<ASN1ObjectIdentifier> getForwardDNs() {
        return FORWARD_DNS;
    }

    public static boolean isValidCountryAreaCode(String str) {
        Args.notBlank(str, "code");
        return COUNTRY_AREA_CODES.isEmpty() || COUNTRY_AREA_CODES.contains(str.toUpperCase());
    }

    private static BufferedReader getReader(String str, String str2) {
        String property = System.getProperty(str);
        if (StringUtil.isNotBlank(property)) {
            LOG.info("read from file " + property);
            try {
                return Files.newBufferedReader(Paths.get(property, new String[0]));
            } catch (IOException e) {
                throw new IllegalStateException("could not access non-existing file " + property);
            }
        }
        InputStream resourceAsStream = SubjectDnSpec.class.getResourceAsStream(str2);
        if (resourceAsStream == null) {
            throw new IllegalStateException("could not access non-existing resource " + str2);
        }
        LOG.info("read from resource " + str2);
        return new BufferedReader(new InputStreamReader(resourceAsStream, StandardCharsets.UTF_8));
    }

    static {
        BufferedReader reader = getReader("org.xipki.ca.rdnorder.cfg", "/conf/rdnorder.cfg");
        ArrayList arrayList = new ArrayList(25);
        while (true) {
            try {
                try {
                    String readLine = reader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    String trim = readLine.trim();
                    if (!trim.isEmpty() && !trim.startsWith("#")) {
                        arrayList.add(new ASN1ObjectIdentifier(trim));
                    }
                } catch (Exception e) {
                    throw new ExceptionInInitializerError(new Exception("could not load RDN order: " + e.getMessage(), e));
                }
            } finally {
            }
        }
        FORWARD_DNS = Collections.unmodifiableList(arrayList);
        if (LOG.isInfoEnabled()) {
            StringBuilder sb = new StringBuilder(500);
            sb.append("forward RDNs: ");
            for (ASN1ObjectIdentifier aSN1ObjectIdentifier : FORWARD_DNS) {
                String name = ObjectIdentifiers.getName(aSN1ObjectIdentifier);
                if (name == null) {
                    sb.append(aSN1ObjectIdentifier.getId());
                } else {
                    sb.append(name).append(" (").append(aSN1ObjectIdentifier.getId()).append("), ");
                }
            }
            if (!FORWARD_DNS.isEmpty()) {
                sb.delete(sb.length() - 2, sb.length());
            }
            LOG.info(sb.toString());
        }
        reader = getReader("org.xipki.ca.areacode.cfg", "/conf/areacode.cfg");
        while (true) {
            try {
                try {
                    String readLine2 = reader.readLine();
                    if (readLine2 == null) {
                        break;
                    }
                    String trim2 = readLine2.trim();
                    if (!trim2.isEmpty() && !trim2.startsWith("#")) {
                        StringTokenizer stringTokenizer = new StringTokenizer(trim2, ";");
                        if (stringTokenizer.countTokens() != 4) {
                            LOG.warn("invalid country/area line {}", trim2);
                        } else {
                            stringTokenizer.nextToken();
                            COUNTRY_AREA_CODES.add(stringTokenizer.nextToken().trim().toUpperCase());
                        }
                    }
                } finally {
                    try {
                        reader.close();
                    } catch (IOException e2) {
                    }
                }
            } catch (Exception e3) {
                throw new ExceptionInInitializerError(new Exception("could not load area code: " + e3.getMessage(), e3));
            }
        }
        if (LOG.isInfoEnabled()) {
            ArrayList arrayList2 = new ArrayList(COUNTRY_AREA_CODES);
            Collections.sort(arrayList2);
            LOG.info("area/country codes: {}", arrayList2);
        }
        try {
            reader.close();
        } catch (IOException e4) {
        }
        HashSet<ASN1ObjectIdentifier> hashSet = new HashSet();
        conf(hashSet, ObjectIdentifiers.DN.businessCategory, RANGE_128, DIRECTORY_STRINGS);
        for (ASN1ObjectIdentifier aSN1ObjectIdentifier2 : new ASN1ObjectIdentifier[]{ObjectIdentifiers.DN.C, ObjectIdentifiers.DN.countryOfCitizenship, ObjectIdentifiers.DN.countryOfResidence, ObjectIdentifiers.DN.jurisdictionOfIncorporationCountryName}) {
            conf(hashSet, aSN1ObjectIdentifier2, RANGE_COUNTRY_NAME, PRINTABLE_STRING_ONLY);
        }
        conf(hashSet, ObjectIdentifiers.DN.CN, RANGE_64, DIRECTORY_STRINGS);
        conf(hashSet, ObjectIdentifiers.DN.emailAddress, RANGE_255, IA5_STRING_ONLY);
        conf(hashSet, ObjectIdentifiers.DN.dateOfBirth, RANGE_DATE_OF_BIRTH, null);
        PATTERNS.put(ObjectIdentifiers.DN.dateOfBirth, TextVadidator.DATE_OF_BIRTH);
        conf(hashSet, ObjectIdentifiers.DN.DC, null, IA5_STRING_ONLY);
        conf(hashSet, ObjectIdentifiers.DN.dmdName, null, DIRECTORY_STRINGS);
        conf(hashSet, ObjectIdentifiers.DN.gender, RANGE_GENDER, PRINTABLE_STRING_ONLY);
        PATTERNS.put(ObjectIdentifiers.DN.gender, TextVadidator.GENDER);
        conf(hashSet, ObjectIdentifiers.DN.generationQualifier, RANGE_64, DIRECTORY_STRINGS);
        conf(hashSet, ObjectIdentifiers.DN.givenName, RANGE_64, DIRECTORY_STRINGS);
        conf(hashSet, ObjectIdentifiers.DN.initials, RANGE_64, DIRECTORY_STRINGS);
        conf(hashSet, ObjectIdentifiers.DN.userid, null, DIRECTORY_STRINGS);
        for (ASN1ObjectIdentifier aSN1ObjectIdentifier3 : new ASN1ObjectIdentifier[]{ObjectIdentifiers.DN.localityName, ObjectIdentifiers.DN.jurisdictionOfIncorporationLocalityName}) {
            conf(hashSet, aSN1ObjectIdentifier3, RANGE_128, DIRECTORY_STRINGS);
        }
        conf(hashSet, ObjectIdentifiers.DN.name, RANGE_NAME, DIRECTORY_STRINGS);
        conf(hashSet, ObjectIdentifiers.DN.nameAtBirth, RANGE_64, DIRECTORY_STRINGS);
        conf(hashSet, ObjectIdentifiers.DN.O, RANGE_64, DIRECTORY_STRINGS);
        conf(hashSet, ObjectIdentifiers.DN.organizationIdentifier, RANGE_64, DIRECTORY_STRINGS);
        conf(hashSet, ObjectIdentifiers.DN.NIF, RANGE_64, DIRECTORY_STRINGS);
        conf(hashSet, ObjectIdentifiers.DN.CIF, RANGE_64, DIRECTORY_STRINGS);
        conf(hashSet, ObjectIdentifiers.DN.OU, RANGE_64, DIRECTORY_STRINGS);
        conf(hashSet, ObjectIdentifiers.DN.placeOfBirth, RANGE_128, DIRECTORY_STRINGS);
        conf(hashSet, ObjectIdentifiers.DN.postalAddress, RANGE_POSTAL_ADDRESS, DIRECTORY_STRINGS);
        conf(hashSet, ObjectIdentifiers.DN.postalCode, RANGE_POSTAL_CODE, DIRECTORY_STRINGS);
        conf(hashSet, ObjectIdentifiers.DN.pseudonym, RANGE_64, DIRECTORY_STRINGS);
        conf(hashSet, ObjectIdentifiers.DN.dnQualifier, RANGE_64, PRINTABLE_STRING_ONLY);
        conf(hashSet, ObjectIdentifiers.DN.serialNumber, RANGE_64, PRINTABLE_STRING_ONLY);
        for (ASN1ObjectIdentifier aSN1ObjectIdentifier4 : new ASN1ObjectIdentifier[]{ObjectIdentifiers.DN.ST, ObjectIdentifiers.DN.jurisdictionOfIncorporationStateOrProvinceName}) {
            conf(hashSet, aSN1ObjectIdentifier4, RANGE_128, DIRECTORY_STRINGS);
        }
        conf(hashSet, ObjectIdentifiers.DN.street, RANGE_128, DIRECTORY_STRINGS);
        conf(hashSet, ObjectIdentifiers.DN.surname, RANGE_64, DIRECTORY_STRINGS);
        conf(hashSet, ObjectIdentifiers.DN.T, RANGE_64, DIRECTORY_STRINGS);
        conf(hashSet, ObjectIdentifiers.DN.telephoneNumber, null, DIRECTORY_STRINGS);
        conf(hashSet, ObjectIdentifiers.DN.uniqueIdentifier, null, DIRECTORY_STRINGS);
        conf(hashSet, ObjectIdentifiers.DN.unstructuredAddress, null, DIRECTORY_STRINGS);
        conf(hashSet, ObjectIdentifiers.DN.unstructuredName, null, DIRECTORY_STRINGS);
        for (ASN1ObjectIdentifier aSN1ObjectIdentifier5 : hashSet) {
            Certprofile.RdnControl rdnControl = new Certprofile.RdnControl(aSN1ObjectIdentifier5, 0, 9);
            rdnControl.setStringType(DFLT_STRING_TYPES.get(aSN1ObjectIdentifier5));
            rdnControl.setStringLengthRange(RANGES.get(aSN1ObjectIdentifier5));
            TextVadidator textVadidator = PATTERNS.get(aSN1ObjectIdentifier5);
            if (textVadidator != null) {
                rdnControl.setPattern(textVadidator);
            }
            CONTROLS.put(aSN1ObjectIdentifier5, rdnControl);
        }
    }
}
