package org.xipki.ca.server.impl;

import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.x509.extension.X509ExtensionUtil;
import org.xipki.ca.api.OperationException;
import org.xipki.common.util.CollectionUtil;
import org.xipki.common.util.ParamUtil;
import org.xipki.security.X509Cert;
import org.xipki.security.util.X509Util;

/* loaded from: input_file:org/xipki/ca/server/impl/PublicCaInfo.class */
class PublicCaInfo {
    private final X500Principal subject;
    private final X500Name x500Subject;
    private final String c14nSubject;
    private final byte[] subjectKeyIdentifier;
    private final GeneralNames subjectAltName;
    private final BigInteger serialNumber;
    private final X509Cert caCertificate;
    private X509Certificate crlSignerCertificate;
    private final List<String> caCertUris;
    private final List<String> ocspUris;
    private final List<String> crlUris;
    private final List<String> deltaCrlUris;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PublicCaInfo(X509Certificate x509Certificate, List<String> list, List<String> list2, List<String> list3, List<String> list4) throws OperationException {
        ParamUtil.requireNonNull("caCertificate", x509Certificate);
        this.caCertificate = new X509Cert(x509Certificate);
        this.serialNumber = x509Certificate.getSerialNumber();
        this.subject = x509Certificate.getSubjectX500Principal();
        this.x500Subject = X500Name.getInstance(this.subject.getEncoded());
        this.c14nSubject = X509Util.canonicalizName(this.x500Subject);
        try {
            this.subjectKeyIdentifier = X509Util.extractSki(x509Certificate);
            this.caCertUris = CollectionUtil.unmodifiableList(list);
            this.ocspUris = CollectionUtil.unmodifiableList(list2);
            this.crlUris = CollectionUtil.unmodifiableList(list3);
            this.deltaCrlUris = CollectionUtil.unmodifiableList(list4);
            byte[] extensionValue = x509Certificate.getExtensionValue(Extension.subjectAlternativeName.getId());
            if (extensionValue == null) {
                this.subjectAltName = null;
            } else {
                try {
                    this.subjectAltName = GeneralNames.getInstance(X509ExtensionUtil.fromExtensionValue(extensionValue));
                } catch (IOException e) {
                    throw new OperationException(OperationException.ErrorCode.INVALID_EXTENSION, "invalid SubjectAltName extension in CA certificate");
                }
            }
        } catch (CertificateEncodingException e2) {
            throw new OperationException(OperationException.ErrorCode.INVALID_EXTENSION, e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PublicCaInfo(X500Name x500Name, BigInteger bigInteger, GeneralNames generalNames, byte[] bArr, List<String> list, List<String> list2, List<String> list3, List<String> list4) throws OperationException {
        this.x500Subject = (X500Name) ParamUtil.requireNonNull(CaAuditConstants.NAME_subject, x500Name);
        this.serialNumber = (BigInteger) ParamUtil.requireNonNull("serialNumber", bigInteger);
        this.caCertificate = null;
        this.c14nSubject = X509Util.canonicalizName(x500Name);
        try {
            this.subject = new X500Principal(x500Name.getEncoded());
            this.subjectKeyIdentifier = bArr == null ? null : Arrays.copyOf(bArr, bArr.length);
            this.subjectAltName = generalNames;
            this.caCertUris = CollectionUtil.unmodifiableList(list);
            this.ocspUris = CollectionUtil.unmodifiableList(list2);
            this.crlUris = CollectionUtil.unmodifiableList(list3);
            this.deltaCrlUris = CollectionUtil.unmodifiableList(list4);
        } catch (IOException e) {
            throw new OperationException(OperationException.ErrorCode.SYSTEM_FAILURE, "invalid SubjectAltName extension in CA certificate");
        }
    }

    public List<String> caCertUris() {
        return this.caCertUris;
    }

    public List<String> ocspUris() {
        return this.ocspUris;
    }

    public List<String> crlUris() {
        return this.crlUris;
    }

    public List<String> deltaCrlUris() {
        return this.deltaCrlUris;
    }

    public X509Certificate crlSignerCertificate() {
        return this.crlSignerCertificate;
    }

    public void setCrlSignerCertificate(X509Certificate x509Certificate) {
        this.crlSignerCertificate = this.caCertificate.cert().equals(x509Certificate) ? null : x509Certificate;
    }

    public X500Principal subject() {
        return this.subject;
    }

    public X500Name x500Subject() {
        return this.x500Subject;
    }

    public String c14nSubject() {
        return this.c14nSubject;
    }

    public GeneralNames subjectAltName() {
        return this.subjectAltName;
    }

    public byte[] subjectKeyIdentifer() {
        if (this.caCertificate != null) {
            return this.caCertificate.subjectKeyIdentifier();
        }
        if (this.subjectKeyIdentifier == null) {
            return null;
        }
        return Arrays.copyOf(this.subjectKeyIdentifier, this.subjectKeyIdentifier.length);
    }

    public BigInteger serialNumber() {
        return this.serialNumber;
    }

    public X509Cert caCertificate() {
        return this.caCertificate;
    }
}
