package eu.emi.security.authn.x509.impl;

import eu.emi.security.authn.x509.helpers.proxy.ProxyTracingExtension;
import java.security.PublicKey;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:eu/emi/security/authn/x509/impl/X509Formatter.class */
public class X509Formatter {
    private final FormatMode mode;
    private static final String[] USAGES;
    private static final String EKU = "1.3.6.1.5.5.7.3.";
    private static final Map<String, String> EXT_USAGES;

    public X509Formatter(FormatMode formatMode) {
        this.mode = formatMode;
    }

    public String format(X509Certificate x509Certificate) {
        String str = (this.mode.equals(FormatMode.COMPACT_ONE_LINE) || this.mode.equals(FormatMode.MEDIUM_ONE_LINE)) ? ", " : "\n";
        StringBuilder sb = new StringBuilder(256);
        String readableForm = X500NameUtils.getReadableForm(x509Certificate.getSubjectX500Principal());
        String readableForm2 = X500NameUtils.getReadableForm(x509Certificate.getIssuerX500Principal());
        sb.append(x509Certificate.getType()).append(" v").append(x509Certificate.getVersion());
        sb.append(" certificate").append(str);
        sb.append("Subject: ").append(readableForm).append(str);
        sb.append("Issuer: ").append(readableForm2);
        if (this.mode.equals(FormatMode.COMPACT) || this.mode.equals(FormatMode.COMPACT_ONE_LINE)) {
            return sb.toString();
        }
        sb.append(str);
        sb.append("Valid from: " + x509Certificate.getNotBefore()).append(str);
        sb.append("Valid to: " + x509Certificate.getNotAfter());
        if (this.mode.equals(FormatMode.MEDIUM) || this.mode.equals(FormatMode.MEDIUM_ONE_LINE)) {
            return sb.toString();
        }
        sb.append(str);
        try {
            Collection<List<?>> issuerAlternativeNames = x509Certificate.getIssuerAlternativeNames();
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
            if (issuerAlternativeNames != null) {
                appendAltNames(sb, "Issuer alternative names", str, issuerAlternativeNames);
            }
            if (subjectAlternativeNames != null) {
                appendAltNames(sb, "Subject alternative names", str, subjectAlternativeNames);
            }
            sb.append("CA: ").append(x509Certificate.getBasicConstraints() == Integer.MAX_VALUE).append(str);
            PublicKey publicKey = x509Certificate.getPublicKey();
            String str2 = publicKey instanceof RSAPublicKey ? " " + ((RSAPublicKey) publicKey).getModulus().bitLength() + "bit" : "";
            if (publicKey instanceof DSAPublicKey) {
                str2 = " " + ((DSAPublicKey) publicKey).getParams().getG().bitLength() + "bit";
            }
            sb.append("Signature alg: ").append(x509Certificate.getSigAlgName()).append(str);
            sb.append("Public key type: ").append(publicKey.getAlgorithm()).append(str2).append(str);
            boolean[] keyUsage = x509Certificate.getKeyUsage();
            if (keyUsage != null) {
                sb.append("Allowed usage:");
                for (int i = 0; i < keyUsage.length; i++) {
                    if (keyUsage[i]) {
                        sb.append(" ").append(USAGES[i]);
                    }
                }
                sb.append(str);
            }
            if (extendedKeyUsage != null) {
                sb.append("Allowed extended usage:");
                for (String str3 : extendedKeyUsage) {
                    String str4 = EXT_USAGES.get(str3);
                    if (str4 == null) {
                        str4 = str3;
                    }
                    sb.append(" ").append(str4);
                }
                sb.append(str);
            }
            sb.append("Serial number: ").append(x509Certificate.getSerialNumber());
            return sb.toString();
        } catch (CertificateParsingException e) {
            throw new IllegalArgumentException("The certificate can not be sucessfuly parsed", e);
        }
    }

    private void appendAltNames(StringBuilder sb, String str, String str2, Collection<List<?>> collection) {
        sb.append(str).append(": ").append(str2);
        for (List<?> list : collection) {
            sb.append("  ");
            Integer num = (Integer) list.get(0);
            Object obj = list.get(1);
            String arrays = (num.intValue() == 0 || num.intValue() == 3 || num.intValue() == 5) ? Arrays.toString((byte[]) obj) : (String) obj;
            switch (num.intValue()) {
                case 0:
                    sb.append("other: ").append(arrays).append(str2);
                    break;
                case ProxyTracingExtension.ISSUER_EXTENSION /* 1 */:
                    sb.append("email: ").append(arrays).append(str2);
                    break;
                case ProxyTracingExtension.SUBJECT_EXTENSION /* 2 */:
                    sb.append("DNS: ").append(arrays).append(str2);
                    break;
                case 3:
                    sb.append("X.400: ").append(arrays).append(str2);
                    break;
                case 4:
                    sb.append("DN: ").append(arrays).append(str2);
                    break;
                case 5:
                    sb.append("EDI party: ").append(arrays).append(str2);
                    break;
                case 6:
                    sb.append("URI: ").append(arrays).append(str2);
                    break;
                case 7:
                    sb.append("IP: ").append(arrays).append(str2);
                    break;
                case 8:
                    sb.append("OID: ").append(arrays).append(str2);
                    break;
            }
        }
    }

    public String format(X509Certificate[] x509CertificateArr) {
        return format(x509CertificateArr, true);
    }

    public String format(X509Certificate[] x509CertificateArr, boolean z) {
        StringBuilder sb = new StringBuilder();
        if (z) {
            sb.append("Certificate chain, ").append(x509CertificateArr.length).append(" elements:\n");
        }
        for (int i = 0; i < x509CertificateArr.length; i++) {
            sb.append("-----Certificate ").append(i + 1).append("-----\n");
            sb.append(format(x509CertificateArr[i])).append("\n");
            if (i + 1 < x509CertificateArr.length) {
                sb.append("\n");
            }
        }
        return sb.toString();
    }

    static {
        CertificateUtils.configureSecProvider();
        USAGES = new String[]{"digitalSignature", "nonRepudiation", "keyEncipherment", "dataEncipherment", "keyAgreement", "keyCertSign", "CRLSign", "encipherOnly", "decipherOnly"};
        EXT_USAGES = new HashMap(16);
        EXT_USAGES.put("2.5.29.37.0", "anyExtendedKeyUsage");
        EXT_USAGES.put("1.3.6.1.5.5.7.3.1", "serverAuth");
        EXT_USAGES.put("1.3.6.1.5.5.7.3.2", "clientAuth");
        EXT_USAGES.put("1.3.6.1.5.5.7.3.3", "codeSigning");
        EXT_USAGES.put("1.3.6.1.5.5.7.3.4", "emailProtection");
        EXT_USAGES.put("1.3.6.1.5.5.7.3.5", "ipsecEndSystem");
        EXT_USAGES.put("1.3.6.1.5.5.7.3.6", "ipsecTunnel");
        EXT_USAGES.put("1.3.6.1.5.5.7.3.7", "ipsecUser");
        EXT_USAGES.put("1.3.6.1.5.5.7.3.8", "timeStamping");
        EXT_USAGES.put("1.3.6.1.5.5.7.3.9", "OCSPSigning");
        EXT_USAGES.put("1.3.6.1.5.5.7.3.10", "dvcs");
        EXT_USAGES.put("1.3.6.1.5.5.7.3.11", "sbgpCertAAServerAuth");
        EXT_USAGES.put("1.3.6.1.5.5.7.3.12", "scvp_responder");
        EXT_USAGES.put("1.3.6.1.5.5.7.3.13", "eapOverPPP");
        EXT_USAGES.put("1.3.6.1.5.5.7.3.14", "eapOverLAN");
        EXT_USAGES.put("1.3.6.1.5.5.7.3.15", "scvpServer");
        EXT_USAGES.put("1.3.6.1.5.5.7.3.16", "scvpClient");
        EXT_USAGES.put("1.3.6.1.5.5.7.3.17", "ipsecIKE");
        EXT_USAGES.put("1.3.6.1.5.5.7.3.18", "capwapAC");
        EXT_USAGES.put("1.3.6.1.5.5.7.3.19", "capwapWTP");
        EXT_USAGES.put("1.3.6.1.4.1.311.20.2.2", "smartcardlogon");
    }
}
