package org.xipki.qa.ca.extn;

import java.io.IOException;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import java.util.Set;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1StreamParser;
import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.x500.DirectoryString;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.xipki.ca.api.BadCertTemplateException;
import org.xipki.ca.api.profile.Certprofile;
import org.xipki.ca.api.profile.CertprofileException;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType;
import org.xipki.ca.certprofile.xijson.conf.ExtnSyntax;
import org.xipki.util.CollectionUtil;
import org.xipki.util.Hex;
import org.xipki.util.InvalidConfException;

/* loaded from: input_file:org/xipki/qa/ca/extn/CheckerUtil.class */
public class CheckerUtil {
    /* JADX INFO: Access modifiers changed from: package-private */
    public static void addIfNotIn(Set<ASN1ObjectIdentifier> set, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        if (set.contains(aSN1ObjectIdentifier)) {
            return;
        }
        set.add(aSN1ObjectIdentifier);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Map<ASN1ObjectIdentifier, QaExtensionValue> buildConstantExtesions(Map<String, ExtensionType> map) throws CertprofileException {
        if (map == null) {
            return null;
        }
        HashMap hashMap = new HashMap();
        for (String str : map.keySet()) {
            ExtensionType extensionType = map.get(str);
            if (extensionType.getConstant() != null) {
                ASN1ObjectIdentifier xiOid = extensionType.getType().toXiOid();
                if (!Extension.subjectAlternativeName.equals(xiOid) && !Extension.subjectInfoAccess.equals(xiOid) && !Extension.biometricInfo.equals(xiOid)) {
                    try {
                        hashMap.put(xiOid, new QaExtensionValue(extensionType.isCritical(), extensionType.getConstant().toASN1Encodable().toASN1Primitive().getEncoded()));
                    } catch (IOException | InvalidConfException e) {
                        throw new CertprofileException("could not parse the constant extension value of type" + str, e);
                    }
                }
            }
        }
        if (CollectionUtil.isEmpty(hashMap)) {
            return null;
        }
        return Collections.unmodifiableMap(hashMap);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Map<ASN1ObjectIdentifier, ExtnSyntax> buildExtesionSyntaxes(Map<String, ExtensionType> map) throws CertprofileException {
        if (map == null) {
            return null;
        }
        HashMap hashMap = new HashMap();
        Iterator<String> it = map.keySet().iterator();
        while (it.hasNext()) {
            ExtensionType extensionType = map.get(it.next());
            if (extensionType.getSyntax() != null) {
                hashMap.put(extensionType.getType().toXiOid(), extensionType.getSyntax());
            }
        }
        if (CollectionUtil.isEmpty(hashMap)) {
            return null;
        }
        return Collections.unmodifiableMap(hashMap);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ASN1Encodable readAsn1Encodable(byte[] bArr) throws CertprofileException {
        try {
            return new ASN1StreamParser(bArr).readObject();
        } catch (IOException e) {
            throw new CertprofileException("could not parse the constant extension value", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String hex(byte[] bArr) {
        return Hex.encode(bArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Set<String> strInBnotInA(Collection<String> collection, Collection<String> collection2) {
        if (collection2 == null) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet();
        for (String str : collection2) {
            if (collection == null || !collection.contains(str)) {
                hashSet.add(str);
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static GeneralName createGeneralName(GeneralName generalName, Set<Certprofile.GeneralNameMode> set) throws BadCertTemplateException {
        int tagNo = generalName.getTagNo();
        Certprofile.GeneralNameMode generalNameMode = null;
        if (set != null) {
            Iterator<Certprofile.GeneralNameMode> it = set.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Certprofile.GeneralNameMode next = it.next();
                if (next.getTag().getTag() == tagNo) {
                    generalNameMode = next;
                    break;
                }
            }
            if (generalNameMode == null) {
                throw new BadCertTemplateException("generalName tag " + tagNo + " is not allowed");
            }
        }
        switch (tagNo) {
            case 0:
                ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(generalName.getName());
                ASN1ObjectIdentifier aSN1ObjectIdentifier = ASN1ObjectIdentifier.getInstance(aSN1Sequence.getObjectAt(0));
                if (generalNameMode != null && !generalNameMode.getAllowedTypes().contains(aSN1ObjectIdentifier)) {
                    throw new BadCertTemplateException("otherName.type " + aSN1ObjectIdentifier.getId() + " is not allowed");
                }
                ASN1String object = ASN1TaggedObject.getInstance(aSN1Sequence.getObjectAt(1)).getObject();
                if (!(object instanceof ASN1String)) {
                    throw new BadCertTemplateException("otherName.value is not a String");
                }
                String string = object.getString();
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                aSN1EncodableVector.add(aSN1ObjectIdentifier);
                aSN1EncodableVector.add(new DERTaggedObject(true, 0, new DERUTF8String(string)));
                return new GeneralName(0, new DERSequence(aSN1EncodableVector));
            case 1:
            case 2:
            case 4:
            case 6:
            case 7:
            case 8:
                return new GeneralName(tagNo, generalName.getName());
            case 3:
            default:
                throw new IllegalStateException("should not reach here, unknown GeneralName tag " + tagNo);
            case 5:
                ASN1Sequence aSN1Sequence2 = ASN1Sequence.getInstance(generalName.getName());
                String str = null;
                int i = 0;
                if (aSN1Sequence2.size() > 1) {
                    i = 0 + 1;
                    str = DirectoryString.getInstance(ASN1TaggedObject.getInstance(aSN1Sequence2.getObjectAt(0)).getObject()).getString();
                }
                int i2 = i;
                int i3 = i + 1;
                String string2 = DirectoryString.getInstance(ASN1TaggedObject.getInstance(aSN1Sequence2.getObjectAt(i2)).getObject()).getString();
                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                if (str != null) {
                    aSN1EncodableVector2.add(new DERTaggedObject(false, 0, new DirectoryString(str)));
                }
                aSN1EncodableVector2.add(new DERTaggedObject(false, 1, new DirectoryString(string2)));
                return new GeneralName(5, new DERSequence(aSN1EncodableVector2));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Set<String> getKeyUsage(byte[] bArr) {
        HashSet hashSet = new HashSet();
        KeyUsage keyUsage = KeyUsage.getInstance(bArr);
        for (org.xipki.security.KeyUsage keyUsage2 : org.xipki.security.KeyUsage.values()) {
            if (keyUsage.hasUsages(keyUsage2.getBcUsage())) {
                hashSet.add(keyUsage2.getName());
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Set<String> getExtKeyUsage(byte[] bArr) {
        HashSet hashSet = new HashSet();
        for (KeyPurposeId keyPurposeId : ExtendedKeyUsage.getInstance(bArr).getUsages()) {
            hashSet.add(keyPurposeId.getId());
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void checkAia(StringBuilder sb, AuthorityInformationAccess authorityInformationAccess, ASN1ObjectIdentifier aSN1ObjectIdentifier, Set<String> set) {
        String id = X509ObjectIdentifiers.id_ad_ocsp.equals(aSN1ObjectIdentifier) ? "OCSP" : X509ObjectIdentifiers.id_ad_caIssuers.equals(aSN1ObjectIdentifier) ? "caIssuer" : aSN1ObjectIdentifier.getId();
        LinkedList linkedList = new LinkedList();
        for (AccessDescription accessDescription : authorityInformationAccess.getAccessDescriptions()) {
            if (aSN1ObjectIdentifier.equals(accessDescription.getAccessMethod())) {
                linkedList.add(accessDescription);
            }
        }
        int size = linkedList.size();
        if (size != set.size()) {
            addViolation(sb, "number of AIA " + id + " URIs", Integer.valueOf(size), Integer.valueOf(set.size()));
            return;
        }
        HashSet hashSet = new HashSet();
        for (int i = 0; i < size; i++) {
            GeneralName accessLocation = ((AccessDescription) linkedList.get(i)).getAccessLocation();
            if (accessLocation.getTagNo() != 6) {
                addViolation(sb, "tag of accessLocation of AIA ", Integer.valueOf(accessLocation.getTagNo()), 6);
            } else {
                hashSet.add(accessLocation.getName().getString());
            }
        }
        Set<String> strInBnotInA = strInBnotInA(set, hashSet);
        if (CollectionUtil.isNotEmpty(strInBnotInA)) {
            sb.append(id).append(" URIs ").append(strInBnotInA);
            sb.append(" are present but not expected; ");
        }
        Set<String> strInBnotInA2 = strInBnotInA(hashSet, set);
        if (CollectionUtil.isNotEmpty(strInBnotInA2)) {
            sb.append(id).append(" URIs ").append(strInBnotInA2);
            sb.append(" are absent but are required; ");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void addViolation(StringBuilder sb, String str, Object obj, Object obj2) {
        sb.append(str).append(" is '").append(obj).append("' but expected '").append(obj2).append("';");
    }
}
