package at.gv.egovernment.moa.sig.tsl.utils;

import at.gv.egovernment.moa.sig.tsl.TslConstants;
import at.gv.egovernment.moa.sig.tsl.database.dao.DigitalIdContext;
import at.gv.egovernment.moa.sig.tsl.engine.data.ITslEvaluationResult;
import at.gv.egovernment.moa.sig.tsl.exception.TslEvaluationException;
import at.gv.egovernment.moa.sig.tsl.exception.TslProcessingException;
import iaik.asn1.structures.PolicyInformation;
import iaik.pki.utils.CertUtil;
import iaik.utils.Util;
import iaik.x509.X509ExtensionInitException;
import iaik.x509.extensions.CertificatePolicies;
import iaik.x509.extensions.KeyUsage;
import iaik.x509.extensions.SubjectKeyIdentifier;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.etsi.uri._01903.v1_3.ObjectIdentifierType;
import org.etsi.uri.trstsvc.svcinfoext.esigdir_1999_93_ec_trustedlist.__.CriteriaListType;
import org.etsi.uri.trstsvc.svcinfoext.esigdir_1999_93_ec_trustedlist.__.KeyUsageBitType;
import org.etsi.uri.trstsvc.svcinfoext.esigdir_1999_93_ec_trustedlist.__.KeyUsageType;
import org.etsi.uri.trstsvc.svcinfoext.esigdir_1999_93_ec_trustedlist.__.PoliciesListType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:at/gv/egovernment/moa/sig/tsl/utils/TslCertificateUtils.class */
public class TslCertificateUtils {
    private static final Logger log = LoggerFactory.getLogger(TslCertificateUtils.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: at.gv.egovernment.moa.sig.tsl.utils.TslCertificateUtils$3, reason: invalid class name */
    /* loaded from: input_file:at/gv/egovernment/moa/sig/tsl/utils/TslCertificateUtils$3.class */
    public static /* synthetic */ class AnonymousClass3 {
        static final /* synthetic */ int[] $SwitchMap$at$gv$egovernment$moa$sig$tsl$TslConstants$Asssert = new int[TslConstants.Asssert.values().length];

        static {
            try {
                $SwitchMap$at$gv$egovernment$moa$sig$tsl$TslConstants$Asssert[TslConstants.Asssert.all.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$at$gv$egovernment$moa$sig$tsl$TslConstants$Asssert[TslConstants.Asssert.atLeastOne.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$at$gv$egovernment$moa$sig$tsl$TslConstants$Asssert[TslConstants.Asssert.none.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:at/gv/egovernment/moa/sig/tsl/utils/TslCertificateUtils$And.class */
    public static class And extends Op {
        private And() {
            super();
        }

        @Override // at.gv.egovernment.moa.sig.tsl.utils.TslCertificateUtils.Op
        boolean eval(boolean z, Expr expr) {
            if (z) {
                return expr.eval();
            }
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:at/gv/egovernment/moa/sig/tsl/utils/TslCertificateUtils$Expr.class */
    public static abstract class Expr implements Runnable {
        protected boolean result;

        private Expr() {
        }

        boolean eval() {
            run();
            return this.result;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:at/gv/egovernment/moa/sig/tsl/utils/TslCertificateUtils$None.class */
    public static class None extends Op {
        private None() {
            super();
        }

        @Override // at.gv.egovernment.moa.sig.tsl.utils.TslCertificateUtils.Op
        boolean eval(boolean z, Expr expr) {
            return z && !expr.eval();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:at/gv/egovernment/moa/sig/tsl/utils/TslCertificateUtils$Op.class */
    public static abstract class Op {
        private Op() {
        }

        abstract boolean eval(boolean z, Expr expr);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:at/gv/egovernment/moa/sig/tsl/utils/TslCertificateUtils$Or.class */
    public static class Or extends Op {
        private Or() {
            super();
        }

        @Override // at.gv.egovernment.moa.sig.tsl.utils.TslCertificateUtils.Op
        boolean eval(boolean z, Expr expr) {
            if (z) {
                return true;
            }
            return expr.eval();
        }
    }

    public static String getFingerPrint(X509Certificate x509Certificate) throws TslProcessingException {
        byte[] digest;
        try {
            if (x509Certificate instanceof iaik.x509.X509Certificate) {
                digest = ((iaik.x509.X509Certificate) x509Certificate).getFingerprint(TslConstants.CERT_HASH_NAME);
            } else {
                MessageDigest messageDigest = MessageDigest.getInstance(TslConstants.CERT_HASH_NAME);
                messageDigest.update(x509Certificate.getEncoded());
                digest = messageDigest.digest();
            }
            return Util.toString(digest, "");
        } catch (NoSuchAlgorithmException | CertificateEncodingException e) {
            log.error("Can not caluclate fingerprint from X509 certificate", e);
            throw new TslProcessingException("Can not caluclate fingerprint from X509 certificate", e);
        }
    }

    public static String getSubjectKeyIdentifier(X509Certificate x509Certificate) throws TslProcessingException {
        try {
            SubjectKeyIdentifier extension = CertUtil.getExtension(x509Certificate instanceof iaik.x509.X509Certificate ? (iaik.x509.X509Certificate) x509Certificate : new iaik.x509.X509Certificate(x509Certificate.getEncoded()), SubjectKeyIdentifier.oid);
            if (extension instanceof SubjectKeyIdentifier) {
                return Util.toString(extension.get(), "");
            }
            log.info("Find no SubjectKeyIdentifier in certificate: {}", ((iaik.x509.X509Certificate) x509Certificate).getFingerprint(TslConstants.CERT_HASH_NAME));
            return null;
        } catch (NoSuchAlgorithmException | CertificateException e) {
            log.error("Can not extract SubjectKeyIdentifier from X509 certificate", e);
            throw new TslProcessingException("Can not extract SubjectKeyIdentifier from X509 certificate", e);
        }
    }

    public static boolean matchCriteriaList(Map.Entry<iaik.x509.X509Certificate, ITslEvaluationResult> entry, CriteriaListType criteriaListType) throws TslEvaluationException {
        boolean z;
        Op none;
        TslConstants.Asssert valueOf = TslConstants.Asssert.valueOf(criteriaListType.getAssert());
        switch (AnonymousClass3.$SwitchMap$at$gv$egovernment$moa$sig$tsl$TslConstants$Asssert[valueOf.ordinal()]) {
            case DigitalIdContext.EVALUATE_CERT_PARAM_CHECKAT /* 1 */:
                z = true;
                none = new And();
                break;
            case DigitalIdContext.EVALUATE_CERT_PARAM_NOW /* 2 */:
                z = false;
                none = new Or();
                break;
            case DigitalIdContext.EVALUATE_CERT_PARAM_FINGERPRINT /* 3 */:
                z = true;
                none = new None();
                break;
            default:
                throw new TslEvaluationException("Invalid value for assert: " + valueOf);
        }
        List<KeyUsageType> keyUsage = criteriaListType.getKeyUsage();
        List<PoliciesListType> policySet = criteriaListType.getPolicySet();
        if (keyUsage.size() + policySet.size() == 0) {
            log.warn("Criteria list contains no KeyUsage or Policy information. Something is suspect in this TSP");
            throw new TslEvaluationException("Criteria list contains no KeyUsage or Policy information.");
        }
        Iterator<KeyUsageType> it = keyUsage.iterator();
        while (it.hasNext()) {
            final List<KeyUsageBitType> keyUsageBit = it.next().getKeyUsageBit();
            if (keyUsageBit.size() == 0) {
                log.info("TSP KeyUsage information is empty");
                throw new TslEvaluationException("TSP KeyUsage information is empty");
            }
            try {
                final KeyUsage extension = entry.getKey().getExtension(KeyUsage.oid);
                z = none.eval(z, new Expr() { // from class: at.gv.egovernment.moa.sig.tsl.utils.TslCertificateUtils.1
                    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                    {
                        super();
                    }

                    @Override // java.lang.Runnable
                    public void run() {
                        this.result = TslCertificateUtils.matchKeyUsage(extension, keyUsageBit);
                    }
                });
            } catch (X509ExtensionInitException e) {
                log.warn("Can not extract KeyUsage information from EndEntity certificate extension", e);
                throw new TslEvaluationException("Can not extract KeyUsage information from EndEntity certificate extension", e);
            }
        }
        Iterator<PoliciesListType> it2 = policySet.iterator();
        while (it2.hasNext()) {
            final List<ObjectIdentifierType> policyIdentifier = it2.next().getPolicyIdentifier();
            if (policyIdentifier.size() == 0) {
                log.info("TSP Policy information is empty");
                throw new TslEvaluationException("TSP Policy information is empty");
            }
            try {
                final CertificatePolicies extension2 = ((X509Certificate) entry.getKey()).getExtension(CertificatePolicies.oid);
                z = none.eval(z, new Expr() { // from class: at.gv.egovernment.moa.sig.tsl.utils.TslCertificateUtils.2
                    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                    {
                        super();
                    }

                    @Override // java.lang.Runnable
                    public void run() {
                        this.result = TslCertificateUtils.matchPolicySet(extension2, policyIdentifier);
                    }
                });
            } catch (X509ExtensionInitException e2) {
                log.warn("Can not extract Policy information from EndEntity certificate extension", e2);
                throw new TslEvaluationException("Can not extract Policy information from EndEntity certificate extension", e2);
            }
        }
        Iterator<CriteriaListType> it3 = criteriaListType.getCriteriaList().iterator();
        while (it3.hasNext()) {
            z = z && matchCriteriaList(entry, it3.next());
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean matchKeyUsage(KeyUsage keyUsage, List<KeyUsageBitType> list) {
        for (KeyUsageBitType keyUsageBitType : list) {
            if (keyUsageBitType.isValue() != keyUsage.isSet(TslConstants.KeyUseageVal[TslConstants.KeyUseageBit.valueOf(keyUsageBitType.getName()).ordinal()])) {
                return false;
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean matchPolicySet(CertificatePolicies certificatePolicies, List<ObjectIdentifierType> list) {
        PolicyInformation[] policyInformation = certificatePolicies.getPolicyInformation();
        ArrayList arrayList = new ArrayList(policyInformation.length);
        for (PolicyInformation policyInformation2 : policyInformation) {
            arrayList.add(policyInformation2.getPolicyIdentifier().getID());
        }
        Iterator<ObjectIdentifierType> it = list.iterator();
        while (it.hasNext()) {
            if (!arrayList.contains(it.next().getIdentifier().getValue())) {
                return false;
            }
        }
        return true;
    }
}
