package com.webauthn4j.attestation.statement;

import com.webauthn4j.validator.exception.CertificateException;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import sun.security.x509.X500Name;

/* loaded from: input_file:com/webauthn4j/attestation/statement/AttestationCertificate.class */
public class AttestationCertificate {
    public static final int CERTIFICATE_VERSION_3 = 3;
    public static final int NON_CA = -1;
    private static final Map<String, String> cHashMap = new HashMap();
    private X509Certificate certificate;

    public AttestationCertificate(X509Certificate x509Certificate) {
        this.certificate = x509Certificate;
    }

    public X509Certificate getCertificate() {
        return this.certificate;
    }

    public String getSubjectCountry() {
        try {
            return getX500Name().getCountry();
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    public String getSubjectOrganization() {
        try {
            return getX500Name().getOrganization();
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    public String getSubjectOrganizationUnit() {
        try {
            return getX500Name().getOrganizationalUnit();
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    public String getSubjectCommonName() {
        try {
            return getX500Name().getCommonName();
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    public void validate() {
        if (this.certificate.getVersion() != 3) {
            throw new CertificateException("Attestation certificate must be version 3");
        }
        String subjectCountry = getSubjectCountry();
        if (subjectCountry == null || subjectCountry.isEmpty()) {
            throw new CertificateException("Subject-C must be present");
        }
        String subjectOrganization = getSubjectOrganization();
        if (subjectOrganization == null || subjectOrganization.isEmpty()) {
            throw new CertificateException("Subject-O must be present");
        }
        String subjectOrganizationUnit = getSubjectOrganizationUnit();
        if (subjectOrganizationUnit == null || !subjectOrganizationUnit.equals("Authenticator Attestation")) {
            throw new CertificateException("Subject-OU must be present");
        }
        String subjectCommonName = getSubjectCommonName();
        if (subjectCommonName == null || subjectCommonName.isEmpty()) {
            throw new CertificateException("Subject-CN must be present");
        }
        if (this.certificate.getBasicConstraints() != -1) {
            throw new CertificateException("Attestation certificate must not be CA certificate");
        }
    }

    private X500Name getX500Name() throws IOException {
        return new X500Name(this.certificate.getSubjectX500Principal().getName());
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        return Objects.equals(this.certificate, ((AttestationCertificate) obj).certificate);
    }

    public int hashCode() {
        return Objects.hash(this.certificate);
    }

    static {
        cHashMap.put("", "");
    }
}
