package at.gv.egiz.bku.accesscontroller;

import at.gv.egiz.bku.utils.urldereferencer.HTTPURLProtocolHandlerImpl;
import java.net.URL;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.propertyeditors.StringArrayPropertyEditor;

/* loaded from: input_file:BKULocal.war:WEB-INF/lib/bkucommon-1.4.1.jar:at/gv/egiz/bku/accesscontroller/AuthenticationClassifier.class */
public class AuthenticationClassifier {
    private static AuthenticationClassifier instance = new AuthenticationClassifier();
    private static final String GOV_DOMAIN = ".gv.at";
    private final Logger log = LoggerFactory.getLogger(AuthenticationClassifier.class);

    private AuthenticationClassifier() {
    }

    public static boolean isGovAgency(X509Certificate x509Certificate) {
        Logger logger = LoggerFactory.getLogger(AuthenticationClassifier.class);
        for (String str : x509Certificate.getSubjectX500Principal().getName().split(StringArrayPropertyEditor.DEFAULT_SEPARATOR)) {
            if (str.startsWith("CN=")) {
                String str2 = str.split("=")[1];
                logger.trace("Analyzing cn dn: " + str2);
                if (str2.endsWith(GOV_DOMAIN)) {
                    return true;
                }
            }
        }
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                for (List<?> list : subjectAlternativeNames) {
                    logger.trace("Analyzing subj. alt name: " + list);
                    if (((Integer) list.get(0)).intValue() == 2 && ((String) list.get(1)).endsWith(GOV_DOMAIN)) {
                        return true;
                    }
                }
            }
        } catch (CertificateParsingException e) {
            logger.error("Failed to parse certificate.", (Throwable) e);
        }
        return (x509Certificate.getExtensionValue("1.2.40.0.10.1.1.1") == null && x509Certificate.getExtensionValue("1.2.40.0.10.1.1.2") == null) ? false : true;
    }

    protected AuthenticationClass getMyAuthenticationClass(boolean z, URL url, X509Certificate x509Certificate) {
        if (!z) {
            return AuthenticationClass.ANONYMOUS;
        }
        if (!url.getProtocol().equalsIgnoreCase(HTTPURLProtocolHandlerImpl.HTTPS)) {
            return AuthenticationClass.PSEUDO_ANONYMOUS;
        }
        if (x509Certificate == null) {
            this.log.warn("HTTPS connection does not provide certificate. Therefore, assuming authentication class '" + AuthenticationClass.PSEUDO_ANONYMOUS + "'.");
            return AuthenticationClass.PSEUDO_ANONYMOUS;
        }
        if (!isGovAgency(x509Certificate) && x509Certificate.getExtensionValue("1.2.40.0.10.1.1.1") == null) {
            return AuthenticationClass.CERTIFIED;
        }
        return AuthenticationClass.CERTIFIED_GOV_AGENCY;
    }

    public static AuthenticationClass getAuthenticationClass(boolean z, URL url, X509Certificate x509Certificate) {
        return instance.getMyAuthenticationClass(z, url, x509Certificate);
    }
}
