package org.xipki.ca.server.mgmt.api.x509;

import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.List;
import org.xipki.ca.api.NameId;
import org.xipki.ca.server.mgmt.api.CaEntry;
import org.xipki.ca.server.mgmt.api.CaMgmtException;
import org.xipki.common.util.Base64;
import org.xipki.common.util.CompareUtil;
import org.xipki.common.util.LogUtil;
import org.xipki.common.util.ParamUtil;
import org.xipki.security.CertRevocationInfo;
import org.xipki.security.HashAlgoType;
import org.xipki.security.KeyUsage;
import org.xipki.security.util.X509Util;

/* loaded from: input_file:org/xipki/ca/server/mgmt/api/x509/X509CaEntry.class */
public class X509CaEntry extends CaEntry {
    private List<String> crlUris;
    private List<String> deltaCrlUris;
    private List<String> ocspUris;
    private List<String> cacertUris;
    private X509Certificate cert;
    private String crlSignerName;
    private int serialNoBitLen;
    private long nextCrlNumber;
    private int numCrls;
    private CertRevocationInfo revocationInfo;
    private String subject;
    private String hexSha1OfCert;

    public X509CaEntry(NameId nameId, int i, long j, String str, String str2, X509CaUris x509CaUris, int i2, int i3) throws CaMgmtException {
        super(nameId, str, str2, i3);
        init(i, j, x509CaUris, i2);
    }

    private void init(int i, long j, X509CaUris x509CaUris, int i2) throws CaMgmtException {
        this.numCrls = ParamUtil.requireMin("numCrls", i2, 1);
        this.serialNoBitLen = ParamUtil.requireRange("serialNoBitLen", i, 63, 159);
        this.nextCrlNumber = ParamUtil.requireMin("nextCrlNumber", j, 1L);
        this.cacertUris = x509CaUris.cacertUris();
        this.ocspUris = x509CaUris.ocspUris();
        this.crlUris = x509CaUris.crlUris();
        this.deltaCrlUris = x509CaUris.deltaCrlUris();
    }

    public void setCertificate(X509Certificate x509Certificate) throws CaMgmtException {
        if (x509Certificate == null) {
            this.cert = null;
            this.subject = null;
            this.hexSha1OfCert = null;
        } else {
            if (!X509Util.hasKeyusage(x509Certificate, KeyUsage.keyCertSign)) {
                throw new CaMgmtException("CA certificate does not have keyusage keyCertSign");
            }
            this.cert = x509Certificate;
            this.subject = X509Util.getRfc4519Name(x509Certificate.getSubjectX500Principal());
            try {
                this.hexSha1OfCert = HashAlgoType.SHA1.hexHash(x509Certificate.getEncoded());
            } catch (CertificateEncodingException e) {
                throw new CaMgmtException("could not encoded certificate", e);
            }
        }
    }

    public int serialNoBitLen() {
        return this.serialNoBitLen;
    }

    public void setSerialNoBitLen(int i) {
        this.serialNoBitLen = ParamUtil.requireMin("serialNoBitLen", i, 63);
    }

    public long nextCrlNumber() {
        return this.nextCrlNumber;
    }

    public void setNextCrlNumber(long j) {
        this.nextCrlNumber = j;
    }

    public List<String> crlUris() {
        return this.crlUris;
    }

    public String crlUrisAsString() {
        return toString(this.crlUris);
    }

    public List<String> deltaCrlUris() {
        return this.deltaCrlUris;
    }

    public String deltaCrlUrisAsString() {
        return toString(this.deltaCrlUris);
    }

    public List<String> ocspUris() {
        return this.ocspUris;
    }

    public String ocspUrisAsString() {
        return toString(this.ocspUris);
    }

    public List<String> cacertUris() {
        return this.cacertUris;
    }

    public String cacertUrisAsString() {
        return toString(this.cacertUris);
    }

    public X509Certificate certificate() {
        return this.cert;
    }

    public int numCrls() {
        return this.numCrls;
    }

    public String crlSignerName() {
        return this.crlSignerName;
    }

    public void setCrlSignerName(String str) {
        this.crlSignerName = str == null ? null : str.toUpperCase();
    }

    @Override // org.xipki.ca.server.mgmt.api.CaEntry
    public String toString(boolean z, boolean z2) {
        String str;
        StringBuilder sb = new StringBuilder(1000);
        sb.append(super.toString(z, z2));
        if (sb.charAt(sb.length() - 1) != '\n') {
            sb.append('\n');
        }
        sb.append("serialNoBitLen: ").append(this.serialNoBitLen).append('\n');
        sb.append("nextCrlNumber: ").append(this.nextCrlNumber).append('\n');
        sb.append("deltaCrlUris: ").append(deltaCrlUrisAsString()).append('\n');
        sb.append("crlUris: ").append(crlUrisAsString()).append('\n');
        sb.append("ocspUris: ").append(ocspUrisAsString()).append('\n');
        sb.append("caCertUris: ").append(cacertUrisAsString()).append('\n');
        sb.append("cert: ").append("\n");
        if (this.cert == null) {
            sb.append("\tnull").append("\n");
        } else {
            sb.append("\tissuer: ").append(X509Util.getRfc4519Name(this.cert.getIssuerX500Principal())).append("\n");
            sb.append("\tserialNumber: ").append(LogUtil.formatCsn(this.cert.getSerialNumber())).append("\n");
            sb.append("\tsubject: ").append(this.subject).append("\n");
            sb.append("\tnotBefore: ").append(this.cert.getNotBefore()).append("\n");
            sb.append("\tnotAfter: ").append(this.cert.getNotAfter()).append("\n");
            if (z) {
                try {
                    str = Base64.encodeToString(this.cert.getEncoded());
                } catch (CertificateEncodingException e) {
                    str = "ERROR, could not encode the certificate";
                }
                sb.append("\tencoded: ").append(str).append("\n");
            }
        }
        sb.append("crlSignerName: ").append(this.crlSignerName).append('\n');
        sb.append("revocation: ");
        sb.append(this.revocationInfo == null ? "not revoked" : "revoked");
        sb.append("\n");
        if (this.revocationInfo != null) {
            sb.append("\treason: ").append(this.revocationInfo.reason().description()).append("\n");
            sb.append("\trevoked at ").append(this.revocationInfo.revocationTime()).append("\n");
        }
        return sb.toString();
    }

    public CertRevocationInfo revocationInfo() {
        return this.revocationInfo;
    }

    public void setRevocationInfo(CertRevocationInfo certRevocationInfo) {
        this.revocationInfo = certRevocationInfo;
    }

    public Date crlBaseTime() {
        if (this.cert == null) {
            return null;
        }
        return this.cert.getNotBefore();
    }

    public String subject() {
        return this.subject;
    }

    public String hexSha1OfCert() {
        return this.hexSha1OfCert;
    }

    @Override // org.xipki.ca.server.mgmt.api.CaEntry
    public void setExtraControl(String str) {
        super.setExtraControl(str);
    }

    @Override // org.xipki.ca.server.mgmt.api.CaEntry
    public boolean equals(Object obj) {
        return equals(obj, false);
    }

    public boolean equals(Object obj, boolean z) {
        if (!(obj instanceof X509CaEntry) || !super.equals(obj)) {
            return false;
        }
        X509CaEntry x509CaEntry = (X509CaEntry) obj;
        return (z || this.nextCrlNumber == x509CaEntry.nextCrlNumber) && CompareUtil.equalsObject(this.crlUris, x509CaEntry.crlUris) && CompareUtil.equalsObject(this.deltaCrlUris, x509CaEntry.deltaCrlUris) && CompareUtil.equalsObject(this.ocspUris, x509CaEntry.ocspUris) && CompareUtil.equalsObject(this.cacertUris, x509CaEntry.cacertUris) && CompareUtil.equalsObject(this.cert, x509CaEntry.cert) && CompareUtil.equalsObject(this.crlSignerName, x509CaEntry.crlSignerName) && this.serialNoBitLen == x509CaEntry.serialNoBitLen && this.numCrls == x509CaEntry.numCrls && CompareUtil.equalsObject(this.revocationInfo, x509CaEntry.revocationInfo);
    }

    @Override // org.xipki.ca.server.mgmt.api.CaEntry
    public int hashCode() {
        return ident().hashCode();
    }
}
