package org.xipki.ca.api.profile;

import java.io.Closeable;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.logging.log4j.core.lookup.StructuredDataLookup;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERBMPString;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERT61String;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.CertificatePolicies;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.xipki.ca.api.PublicCaInfo;
import org.xipki.ca.api.profile.KeypairGenControl;
import org.xipki.ca.api.profile.SubjectKeyIdentifierControl;
import org.xipki.security.HashAlgo;
import org.xipki.security.KeyUsage;
import org.xipki.security.SignAlgo;
import org.xipki.util.Args;
import org.xipki.util.CollectionUtil;
import org.xipki.util.ConfPairs;
import org.xipki.util.StringUtil;
import org.xipki.util.TripleState;
import org.xipki.util.Validity;
import org.xipki.util.exception.BadCertTemplateException;

/* loaded from: input_file:WEB-INF/lib/ca-api-6.4.0.jar:org/xipki/ca/api/profile/Certprofile.class */
public abstract class Certprofile implements Closeable {

    /* loaded from: input_file:WEB-INF/lib/ca-api-6.4.0.jar:org/xipki/ca/api/profile/Certprofile$AuthorityInfoAccessControl.class */
    public static class AuthorityInfoAccessControl {
        private final boolean includesCaIssuers;
        private final boolean includesOcsp;
        private final Set<String> ocspProtocols;
        private final Set<String> caIssuersProtocols;

        public AuthorityInfoAccessControl(boolean z, boolean z2, Set<String> set, Set<String> set2) {
            this.includesCaIssuers = z;
            this.includesOcsp = z2;
            this.ocspProtocols = set2 == null ? null : Set.copyOf(set2);
            this.caIssuersProtocols = set == null ? null : Set.copyOf(set);
        }

        public boolean isIncludesCaIssuers() {
            return this.includesCaIssuers;
        }

        public boolean isIncludesOcsp() {
            return this.includesOcsp;
        }

        public Set<String> getOcspProtocols() {
            return this.ocspProtocols;
        }

        public Set<String> getCaIssuersProtocols() {
            return this.caIssuersProtocols;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/ca-api-6.4.0.jar:org/xipki/ca/api/profile/Certprofile$CertDomain.class */
    public enum CertDomain {
        RFC5280,
        CABForumBR
    }

    /* loaded from: input_file:WEB-INF/lib/ca-api-6.4.0.jar:org/xipki/ca/api/profile/Certprofile$CertLevel.class */
    public enum CertLevel {
        RootCA,
        SubCA,
        CROSS,
        EndEntity
    }

    /* loaded from: input_file:WEB-INF/lib/ca-api-6.4.0.jar:org/xipki/ca/api/profile/Certprofile$CrlDistributionPointsControl.class */
    public static class CrlDistributionPointsControl {
        private final Set<String> protocols;

        public CrlDistributionPointsControl(Set<String> set) {
            this.protocols = set == null ? null : Set.copyOf(set);
        }

        public Set<String> getProtocols() {
            return this.protocols;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/ca-api-6.4.0.jar:org/xipki/ca/api/profile/Certprofile$ExtKeyUsageControl.class */
    public static class ExtKeyUsageControl {
        private final ASN1ObjectIdentifier extKeyUsage;
        private final boolean required;

        public ExtKeyUsageControl(ASN1ObjectIdentifier aSN1ObjectIdentifier, boolean z) {
            this.extKeyUsage = (ASN1ObjectIdentifier) Args.notNull(aSN1ObjectIdentifier, "extKeyUsage");
            this.required = z;
        }

        public ASN1ObjectIdentifier getExtKeyUsage() {
            return this.extKeyUsage;
        }

        public boolean isRequired() {
            return this.required;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/ca-api-6.4.0.jar:org/xipki/ca/api/profile/Certprofile$ExtensionControl.class */
    public static class ExtensionControl {
        private final boolean critical;
        private final boolean required;
        private final TripleState inRequest;

        public ExtensionControl(boolean z, boolean z2, TripleState tripleState) {
            this.critical = z;
            this.required = z2;
            this.inRequest = tripleState == null ? TripleState.forbidden : tripleState;
        }

        public boolean isCritical() {
            return this.critical;
        }

        public boolean isRequired() {
            return this.required;
        }

        public TripleState getInRequest() {
            return this.inRequest;
        }

        public boolean isPermittedInRequest() {
            return TripleState.required == this.inRequest || TripleState.optional == this.inRequest;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/ca-api-6.4.0.jar:org/xipki/ca/api/profile/Certprofile$GeneralNameMode.class */
    public static class GeneralNameMode {
        private final GeneralNameTag tag;
        private final Set<ASN1ObjectIdentifier> allowedTypes;

        public GeneralNameMode(GeneralNameTag generalNameTag) {
            this.tag = (GeneralNameTag) Args.notNull(generalNameTag, "tag");
            this.allowedTypes = null;
        }

        public GeneralNameMode(GeneralNameTag generalNameTag, Set<ASN1ObjectIdentifier> set) {
            this.tag = (GeneralNameTag) Args.notNull(generalNameTag, "tag");
            this.allowedTypes = CollectionUtil.isEmpty(set) ? Collections.emptySet() : CollectionUtil.unmodifiableSet(set);
        }

        public GeneralNameTag getTag() {
            return this.tag;
        }

        public Set<ASN1ObjectIdentifier> getAllowedTypes() {
            return this.allowedTypes;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/ca-api-6.4.0.jar:org/xipki/ca/api/profile/Certprofile$GeneralNameTag.class */
    public enum GeneralNameTag {
        otherName(0),
        rfc822Name(1),
        DNSName(2),
        x400Adress(3),
        directoryName(4),
        ediPartyName(5),
        uniformResourceIdentifier(6),
        IPAddress(7),
        registeredID(8);

        private final int tag;

        GeneralNameTag(int i) {
            this.tag = i;
        }

        public int getTag() {
            return this.tag;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/ca-api-6.4.0.jar:org/xipki/ca/api/profile/Certprofile$KeyUsageControl.class */
    public static class KeyUsageControl {
        private final KeyUsage keyUsage;
        private final boolean required;

        public KeyUsageControl(String str, boolean z) {
            this.keyUsage = KeyUsage.getKeyUsage((String) Args.notNull(str, "keyUsage"));
            this.required = z;
        }

        public KeyUsage getKeyUsage() {
            return this.keyUsage;
        }

        public boolean isRequired() {
            return this.required;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/ca-api-6.4.0.jar:org/xipki/ca/api/profile/Certprofile$RdnControl.class */
    public static class RdnControl {
        private final int minOccurs;
        private final int maxOccurs;
        private final ASN1ObjectIdentifier type;
        private TextVadidator pattern;
        private StringType stringType;
        private Range stringLengthRange;
        private String prefix;
        private String suffix;
        private String value;
        private final boolean valueOverridable;
        private String group;
        private boolean notInSubject;

        public RdnControl(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
            this(aSN1ObjectIdentifier, 1, 1);
        }

        public RdnControl(ASN1ObjectIdentifier aSN1ObjectIdentifier, String str, boolean z) {
            this.type = (ASN1ObjectIdentifier) Args.notNull(aSN1ObjectIdentifier, StructuredDataLookup.TYPE_KEY);
            this.minOccurs = 1;
            this.maxOccurs = 1;
            if (StringUtil.isBlank(str)) {
                this.value = null;
                this.valueOverridable = true;
            } else {
                this.value = str;
                this.valueOverridable = z;
            }
        }

        public RdnControl(ASN1ObjectIdentifier aSN1ObjectIdentifier, int i, int i2) {
            if (i < 0 || i2 < 1 || i > i2) {
                throw new IllegalArgumentException(String.format("illegal minOccurs=%s, maxOccurs=%s", Integer.valueOf(i), Integer.valueOf(i2)));
            }
            this.type = (ASN1ObjectIdentifier) Args.notNull(aSN1ObjectIdentifier, StructuredDataLookup.TYPE_KEY);
            this.minOccurs = i;
            this.maxOccurs = i2;
            this.valueOverridable = true;
        }

        public int getMinOccurs() {
            return this.minOccurs;
        }

        public int getMaxOccurs() {
            return this.maxOccurs;
        }

        public ASN1ObjectIdentifier getType() {
            return this.type;
        }

        public StringType getStringType() {
            return this.stringType;
        }

        public TextVadidator getPattern() {
            return this.pattern;
        }

        public Range getStringLengthRange() {
            return this.stringLengthRange;
        }

        public void setStringType(StringType stringType) {
            this.stringType = stringType;
        }

        public void setStringLengthRange(Range range) {
            this.stringLengthRange = range;
        }

        public void setPattern(TextVadidator textVadidator) {
            this.pattern = textVadidator;
        }

        public String getPrefix() {
            return this.prefix;
        }

        public void setPrefix(String str) {
            this.prefix = str;
        }

        public String getSuffix() {
            return this.suffix;
        }

        public void setSuffix(String str) {
            this.suffix = str;
        }

        public String getGroup() {
            return this.group;
        }

        public void setGroup(String str) {
            this.group = str;
        }

        public String getValue() {
            return this.value;
        }

        public boolean isValueOverridable() {
            return this.valueOverridable;
        }

        public boolean isNotInSubject() {
            return this.notInSubject;
        }

        public void setNotInSubject(boolean z) {
            this.notInSubject = z;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/ca-api-6.4.0.jar:org/xipki/ca/api/profile/Certprofile$StringType.class */
    public enum StringType {
        teletexString,
        printableString,
        utf8String,
        bmpString,
        ia5String;

        public ASN1Encodable createString(String str) {
            Args.notNull(str, "text");
            if (teletexString == this) {
                return new DERT61String(str);
            }
            if (printableString == this) {
                return new DERPrintableString(str);
            }
            if (utf8String == this) {
                return new DERUTF8String(str);
            }
            if (bmpString == this) {
                return new DERBMPString(str);
            }
            if (ia5String == this) {
                return new DERIA5String(str, true);
            }
            throw new IllegalStateException("should not reach here, unknown StringType " + name());
        }
    }

    /* loaded from: input_file:WEB-INF/lib/ca-api-6.4.0.jar:org/xipki/ca/api/profile/Certprofile$SubjectControl.class */
    public static class SubjectControl {
        private final Map<ASN1ObjectIdentifier, RdnControl> controls;
        private final Map<ASN1ObjectIdentifier, String> typeGroups;
        private final Map<String, Set<ASN1ObjectIdentifier>> groupTypes;
        private final Set<String> groups;
        private final List<ASN1ObjectIdentifier> types;

        public SubjectControl(List<RdnControl> list, boolean z) {
            Args.notEmpty((List) list, "controls");
            this.typeGroups = new HashMap();
            ArrayList arrayList = new ArrayList(list.size());
            if (z) {
                Iterator<RdnControl> it = list.iterator();
                while (it.hasNext()) {
                    arrayList.add(it.next().getType());
                }
            } else {
                HashSet<ASN1ObjectIdentifier> hashSet = new HashSet();
                Iterator<RdnControl> it2 = list.iterator();
                while (it2.hasNext()) {
                    hashSet.add(it2.next().getType());
                }
                for (ASN1ObjectIdentifier aSN1ObjectIdentifier : SubjectDnSpec.getForwardDNs()) {
                    if (hashSet.contains(aSN1ObjectIdentifier)) {
                        arrayList.add(aSN1ObjectIdentifier);
                    }
                }
                for (ASN1ObjectIdentifier aSN1ObjectIdentifier2 : hashSet) {
                    if (!arrayList.contains(aSN1ObjectIdentifier2)) {
                        arrayList.add(aSN1ObjectIdentifier2);
                    }
                }
            }
            this.types = Collections.unmodifiableList(arrayList);
            HashSet hashSet2 = new HashSet();
            this.groupTypes = new HashMap();
            this.controls = new HashMap();
            for (RdnControl rdnControl : list) {
                ASN1ObjectIdentifier type = rdnControl.getType();
                this.controls.put(type, rdnControl);
                String group = rdnControl.getGroup();
                if (!StringUtil.isBlank(group)) {
                    hashSet2.add(group);
                    this.typeGroups.put(type, group);
                    this.groupTypes.computeIfAbsent(group, str -> {
                        return new HashSet();
                    }).add(type);
                }
            }
            this.groups = Collections.unmodifiableSet(hashSet2);
        }

        public RdnControl getControl(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
            Args.notNull(aSN1ObjectIdentifier, StructuredDataLookup.TYPE_KEY);
            return this.controls.isEmpty() ? SubjectDnSpec.getRdnControl(aSN1ObjectIdentifier) : this.controls.get(aSN1ObjectIdentifier);
        }

        public String getGroup(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
            return this.typeGroups.get(Args.notNull(aSN1ObjectIdentifier, StructuredDataLookup.TYPE_KEY));
        }

        public Set<ASN1ObjectIdentifier> getTypesForGroup(String str) {
            return this.groupTypes.get(Args.notNull(str, "group"));
        }

        public Set<String> getGroups() {
            return this.groups;
        }

        public List<ASN1ObjectIdentifier> getTypes() {
            return this.types;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/ca-api-6.4.0.jar:org/xipki/ca/api/profile/Certprofile$SubjectInfo.class */
    public static class SubjectInfo {
        private final X500Name grantedSubject;
        private final String warning;

        public SubjectInfo(X500Name x500Name, String str) {
            this.grantedSubject = (X500Name) Args.notNull(x500Name, "grantedSubject");
            this.warning = str;
        }

        public X500Name getGrantedSubject() {
            return this.grantedSubject;
        }

        public String getWarning() {
            return this.warning;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/ca-api-6.4.0.jar:org/xipki/ca/api/profile/Certprofile$X509CertVersion.class */
    public enum X509CertVersion {
        v1(0),
        v2(1),
        v3(2);

        private final int versionNumber;

        X509CertVersion(int i) {
            this.versionNumber = i;
        }

        public int getVersionNumber() {
            return this.versionNumber;
        }

        public static X509CertVersion forName(String str) {
            Args.notNull(str, "version");
            for (X509CertVersion x509CertVersion : values()) {
                if (x509CertVersion.name().equalsIgnoreCase(str)) {
                    return x509CertVersion;
                }
            }
            throw new IllegalArgumentException("invalid X509CertVersion " + str);
        }
    }

    public NotAfterMode getNotAfterMode() {
        return NotAfterMode.BY_CA;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
    }

    public X509CertVersion getVersion() {
        return X509CertVersion.v3;
    }

    public List<SignAlgo> getSignatureAlgorithms() {
        return null;
    }

    public boolean useIssuerAndSerialInAki() {
        return false;
    }

    public abstract SubjectControl getSubjectControl();

    public abstract AuthorityInfoAccessControl getAiaControl();

    public abstract CrlDistributionPointsControl getCrlDpControl();

    public abstract CrlDistributionPointsControl getFreshestCrlControl();

    public abstract CertificatePolicies getCertificatePolicies();

    public abstract Set<GeneralNameMode> getSubjectAltNameModes();

    public Set<ExtKeyUsageControl> getExtendedKeyUsages() {
        return null;
    }

    public Map<ASN1ObjectIdentifier, Set<GeneralNameMode>> getSubjectInfoAccessModes() {
        return null;
    }

    public abstract Map<ASN1ObjectIdentifier, ExtensionControl> getExtensionControls();

    public abstract void initialize(String str) throws CertprofileException;

    public abstract CertLevel getCertLevel();

    public abstract CertDomain getCertDomain();

    public KeypairGenControl getKeypairGenControl() {
        return KeypairGenControl.ForbiddenKeypairGenControl.INSTANCE;
    }

    public abstract Map<ASN1ObjectIdentifier, KeyParametersOption> getKeyAlgorithms();

    public abstract Set<KeyUsageControl> getKeyUsage();

    public abstract Integer getPathLenBasicConstraint();

    public abstract Instant getNotBefore(Instant instant);

    public abstract Validity getValidity();

    public boolean hasNoWellDefinedExpirationDate() {
        return false;
    }

    public abstract SubjectPublicKeyInfo checkPublicKey(SubjectPublicKeyInfo subjectPublicKeyInfo) throws CertprofileException, BadCertTemplateException;

    public abstract SubjectInfo getSubject(X500Name x500Name) throws CertprofileException, BadCertTemplateException;

    public SubjectInfo getSubject(X500Name x500Name, SubjectPublicKeyInfo subjectPublicKeyInfo) throws CertprofileException, BadCertTemplateException {
        return getSubject(x500Name);
    }

    public abstract ExtensionValues getExtensions(Map<ASN1ObjectIdentifier, ExtensionControl> map, X500Name x500Name, X500Name x500Name2, Map<ASN1ObjectIdentifier, Extension> map2, Instant instant, Instant instant2, PublicCaInfo publicCaInfo) throws CertprofileException, BadCertTemplateException;

    public int getMaxCertSize() {
        return 0;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v2, types: [byte[], byte[][]] */
    public SubjectKeyIdentifier getSubjectKeyIdentifier(SubjectPublicKeyInfo subjectPublicKeyInfo) throws CertprofileException {
        HashAlgo hashAlgo;
        boolean z;
        SubjectKeyIdentifierControl subjectKeyIdentifierControl = getSubjectKeyIdentifierControl();
        SubjectKeyIdentifierControl.SubjectKeyIdentifierMethod subjectKeyIdentifierMethod = null;
        String str = null;
        if (subjectKeyIdentifierControl != null) {
            subjectKeyIdentifierMethod = subjectKeyIdentifierControl.getMethod();
            str = subjectKeyIdentifierControl.getHashAlgo();
        }
        if (str == null) {
            hashAlgo = HashAlgo.SHA1;
        } else {
            try {
                hashAlgo = HashAlgo.getInstance(str);
            } catch (NoSuchAlgorithmException e) {
                throw new CertprofileException("unknown hash algorithm " + str);
            }
        }
        byte[] hash = hashAlgo.hash(new byte[]{subjectPublicKeyInfo.getPublicKeyData().getBytes()});
        if (subjectKeyIdentifierMethod != null && subjectKeyIdentifierMethod != SubjectKeyIdentifierControl.SubjectKeyIdentifierMethod.METHOD_1) {
            if (subjectKeyIdentifierMethod != SubjectKeyIdentifierControl.SubjectKeyIdentifierMethod.METHOD_2) {
                throw new CertprofileException("unknown SubjectKeyIdentifierMethod " + subjectKeyIdentifierMethod);
            }
            byte[] copyOfRange = Arrays.copyOfRange(hash, hash.length - 8, hash.length);
            copyOfRange[0] = (byte) (copyOfRange[0] & 15);
            copyOfRange[0] = (byte) (copyOfRange[0] | 64);
            hash = copyOfRange;
        }
        String truncateMethod = subjectKeyIdentifierControl == null ? null : subjectKeyIdentifierControl.getTruncateMethod();
        if (StringUtil.isNotBlank(truncateMethod)) {
            if (StringUtil.startsWithIgnoreCase(truncateMethod, "L:")) {
                z = true;
            } else {
                if (!StringUtil.startsWithIgnoreCase(truncateMethod, "R:")) {
                    throw new CertprofileException("unknown TruncateMethod " + truncateMethod);
                }
                z = false;
            }
            try {
                int parseUnsignedInt = Integer.parseUnsignedInt(truncateMethod.substring(2));
                if (parseUnsignedInt < hash.length) {
                    hash = z ? Arrays.copyOf(hash, parseUnsignedInt) : Arrays.copyOfRange(hash, hash.length - parseUnsignedInt, hash.length);
                }
            } catch (NumberFormatException e2) {
                throw new CertprofileException("invalid TruncateMethod " + truncateMethod);
            }
        }
        return new SubjectKeyIdentifier(hash);
    }

    protected SubjectKeyIdentifierControl getSubjectKeyIdentifierControl() {
        return null;
    }

    public String getSerialNumberMode() {
        return null;
    }

    public BigInteger generateSerialNumber(X500Name x500Name, SubjectPublicKeyInfo subjectPublicKeyInfo, X500Name x500Name2, SubjectPublicKeyInfo subjectPublicKeyInfo2, ConfPairs confPairs) throws CertprofileException {
        throw new UnsupportedOperationException("generateSerialNumber unsupported");
    }
}
