package org.xipki.qa.ca.extn;

import java.math.BigInteger;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralSubtree;
import org.xipki.ca.api.profile.Certprofile;
import org.xipki.ca.certprofile.xijson.conf.GeneralSubtreeType;
import org.xipki.ca.certprofile.xijson.conf.InhibitAnyPolicy;
import org.xipki.ca.certprofile.xijson.conf.NameConstraints;
import org.xipki.qa.ca.IssuerInfo;
import org.xipki.security.KeyUsage;
import org.xipki.security.util.X509Util;
import org.xipki.util.CollectionUtil;
import org.xipki.util.CompareUtil;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/xipki/qa/ca/extn/H2nChecker.class */
public class H2nChecker extends ExtensionChecker {
    private static final List<String> ALL_USAGES = Arrays.asList(KeyUsage.digitalSignature.getName(), KeyUsage.contentCommitment.getName(), KeyUsage.keyEncipherment.getName(), KeyUsage.dataEncipherment.getName(), KeyUsage.keyAgreement.getName(), KeyUsage.keyCertSign.getName(), KeyUsage.cRLSign.getName(), KeyUsage.encipherOnly.getName(), KeyUsage.decipherOnly.getName());

    /* JADX INFO: Access modifiers changed from: package-private */
    public H2nChecker(ExtensionsChecker extensionsChecker) {
        super(extensionsChecker);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkExtnInhibitAnyPolicy(StringBuilder sb, byte[] bArr, Extensions extensions, Certprofile.ExtensionControl extensionControl) {
        InhibitAnyPolicy inhibitAnyPolicy = this.caller.getInhibitAnyPolicy();
        if (inhibitAnyPolicy == null) {
            this.caller.checkConstantExtnValue(Extension.inhibitAnyPolicy, sb, bArr, extensions, extensionControl);
            return;
        }
        int intValue = ASN1Integer.getInstance(bArr).getPositiveValue().intValue();
        if (intValue != inhibitAnyPolicy.getSkipCerts()) {
            CheckerUtil.addViolation(sb, "skipCerts", Integer.valueOf(intValue), Integer.valueOf(inhibitAnyPolicy.getSkipCerts()));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkExtnIssuerAltNames(StringBuilder sb, byte[] bArr, IssuerInfo issuerInfo) {
        byte[] extensionCoreValue = issuerInfo.getCert().getExtensionCoreValue(Extension.subjectAlternativeName);
        if (extensionCoreValue == null) {
            sb.append("issuerAlternativeName is present but expected 'none'; ");
        } else {
            if (Arrays.equals(extensionCoreValue, bArr)) {
                return;
            }
            CheckerUtil.addViolation(sb, "issuerAltNames", CheckerUtil.hex(bArr), CheckerUtil.hex(extensionCoreValue));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public void checkExtnKeyUsage(StringBuilder sb, boolean[] zArr, Extensions extensions, Certprofile.ExtensionControl extensionControl) {
        byte[] constantExtensionValue;
        Extension extension;
        int length = zArr.length;
        if (length > 9) {
            sb.append("invalid syntax: size of valid bits is larger than 9: ").append(length);
            sb.append("; ");
        }
        HashSet hashSet = new HashSet();
        for (int i = 0; i < length; i++) {
            if (zArr[i]) {
                hashSet.add(ALL_USAGES.get(i));
            }
        }
        Set hashSet2 = new HashSet();
        Iterator<Certprofile.KeyUsageControl> it = getKeyusage(true).iterator();
        while (it.hasNext()) {
            hashSet2.add(it.next().getKeyUsage().getName());
        }
        Set<Certprofile.KeyUsageControl> keyusage = getKeyusage(false);
        if (extensions != null && extensionControl.isRequest() && CollectionUtil.isNotEmpty(keyusage) && (extension = extensions.getExtension(Extension.keyUsage)) != null) {
            org.bouncycastle.asn1.x509.KeyUsage keyUsage = org.bouncycastle.asn1.x509.KeyUsage.getInstance(extension.getParsedValue());
            for (Certprofile.KeyUsageControl keyUsageControl : keyusage) {
                if (keyUsage.hasUsages(keyUsageControl.getKeyUsage().getBcUsage())) {
                    hashSet2.add(keyUsageControl.getKeyUsage().getName());
                }
            }
        }
        if (CollectionUtil.isEmpty(hashSet2) && (constantExtensionValue = this.caller.getConstantExtensionValue(Extension.keyUsage)) != null) {
            hashSet2 = CheckerUtil.getKeyUsage(constantExtensionValue);
        }
        Set<String> strInBnotInA = CheckerUtil.strInBnotInA(hashSet2, hashSet);
        if (CollectionUtil.isNotEmpty(strInBnotInA)) {
            sb.append("usages ").append(strInBnotInA).append(" are present but not expected; ");
        }
        Set<String> strInBnotInA2 = CheckerUtil.strInBnotInA(hashSet, hashSet2);
        if (CollectionUtil.isNotEmpty(strInBnotInA2)) {
            sb.append("usages ").append(strInBnotInA2).append(" are absent but are required; ");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set<Certprofile.KeyUsageControl> getKeyusage(boolean z) {
        HashSet hashSet = new HashSet();
        Set<Certprofile.KeyUsageControl> keyusages = getCertprofile().extensions().getKeyusages();
        if (keyusages != null) {
            for (Certprofile.KeyUsageControl keyUsageControl : keyusages) {
                if (keyUsageControl.isRequired() == z) {
                    hashSet.add(keyUsageControl);
                }
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkExtnNameConstraints(StringBuilder sb, byte[] bArr, Extensions extensions, Certprofile.ExtensionControl extensionControl) {
        NameConstraints nameConstraints = this.caller.getNameConstraints();
        if (nameConstraints == null) {
            this.caller.checkConstantExtnValue(Extension.nameConstraints, sb, bArr, extensions, extensionControl);
            return;
        }
        org.bouncycastle.asn1.x509.NameConstraints nameConstraints2 = org.bouncycastle.asn1.x509.NameConstraints.getInstance(bArr);
        checkExtnNameConstraintsSubtrees(sb, "PermittedSubtrees", nameConstraints2.getPermittedSubtrees(), nameConstraints.getPermittedSubtrees());
        checkExtnNameConstraintsSubtrees(sb, "ExcludedSubtrees", nameConstraints2.getExcludedSubtrees(), nameConstraints.getExcludedSubtrees());
    }

    private void checkExtnNameConstraintsSubtrees(StringBuilder sb, String str, GeneralSubtree[] generalSubtreeArr, List<GeneralSubtreeType> list) {
        GeneralName generalName;
        int length = generalSubtreeArr == null ? 0 : generalSubtreeArr.length;
        int size = list == null ? 0 : list.size();
        if (length != size) {
            CheckerUtil.addViolation(sb, "size of " + str, Integer.valueOf(length), Integer.valueOf(size));
            return;
        }
        if (generalSubtreeArr == null || list == null) {
            return;
        }
        for (int i = 0; i < length; i++) {
            GeneralSubtree generalSubtree = generalSubtreeArr[i];
            GeneralSubtreeType generalSubtreeType = list.get(i);
            BigInteger minimum = generalSubtree.getMinimum();
            int intValue = minimum == null ? 0 : minimum.intValue();
            Integer minimum2 = generalSubtreeType.getMinimum();
            int intValue2 = minimum2 == null ? 0 : minimum2.intValue();
            String str2 = str + " [" + i + "]";
            if (intValue != intValue2) {
                CheckerUtil.addViolation(sb, "minimum of " + str2, Integer.valueOf(intValue), Integer.valueOf(intValue2));
            }
            BigInteger maximum = generalSubtree.getMaximum();
            Integer valueOf = maximum == null ? null : Integer.valueOf(maximum.intValue());
            Integer maximum2 = generalSubtreeType.getMaximum();
            if (!CompareUtil.equalsObject(valueOf, maximum2)) {
                CheckerUtil.addViolation(sb, "maxmum of " + str2, valueOf, maximum2);
            }
            GeneralName base = generalSubtree.getBase();
            GeneralSubtreeType.Base base2 = generalSubtreeType.getBase();
            if (generalSubtreeType.getBase().getDirectoryName() != null) {
                generalName = new GeneralName(X509Util.reverse(new X500Name(base2.getDirectoryName())));
            } else if (base2.getDnsName() != null) {
                generalName = new GeneralName(2, base2.getDnsName());
            } else if (base2.getIpAddress() != null) {
                generalName = new GeneralName(7, base2.getIpAddress());
            } else if (base2.getRfc822Name() != null) {
                generalName = new GeneralName(1, base2.getRfc822Name());
            } else {
                if (base2.getUri() == null) {
                    throw new IllegalStateException("should not reach here, unknown child of GeneralName");
                }
                generalName = new GeneralName(6, base2.getUri());
            }
            if (!base.equals(generalName)) {
                CheckerUtil.addViolation(sb, "base of " + str2, base, generalName);
            }
        }
    }
}
