package eu.emi.security.authn.x509.helpers.proxy;

import eu.emi.security.authn.x509.helpers.CertificateHelpers;
import eu.emi.security.authn.x509.proxy.ProxyPolicy;
import java.io.IOException;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERSequence;

/* loaded from: input_file:eu/emi/security/authn/x509/helpers/proxy/ProxyCertInfoExtension.class */
public class ProxyCertInfoExtension extends ASN1Encodable {
    public static final String RFC_EXTENSION_OID = "1.3.6.1.5.5.7.1.14";
    public static final String DRAFT_EXTENSION_OID = "1.3.6.1.4.1.3536.1.222";
    private int pathLen;
    private ProxyPolicy policy;

    public ProxyCertInfoExtension(int i, ProxyPolicy proxyPolicy) {
        this.pathLen = Integer.MAX_VALUE;
        this.pathLen = i;
        this.policy = proxyPolicy;
    }

    public ProxyCertInfoExtension() {
        this.pathLen = Integer.MAX_VALUE;
        this.policy = new ProxyPolicy(ProxyPolicy.INHERITALL_POLICY_OID);
    }

    public ProxyCertInfoExtension(byte[] bArr) throws IOException {
        this(ASN1Object.fromByteArray(bArr));
    }

    public ProxyCertInfoExtension(ASN1Sequence aSN1Sequence) throws IOException {
        this.pathLen = Integer.MAX_VALUE;
        int i = 0;
        if (aSN1Sequence == null || aSN1Sequence.size() == 0) {
            throw new IOException("ProxyCertInfoExtension is empty");
        }
        if (aSN1Sequence.getObjectAt(0) instanceof DERInteger) {
            this.pathLen = aSN1Sequence.getObjectAt(0).getValue().intValue();
            i = 1;
        }
        if (aSN1Sequence.size() <= i) {
            throw new IOException("ProxyCertInfoExtension parser error, expected policy, but it was not found");
        }
        if (!(aSN1Sequence.getObjectAt(i) instanceof DERSequence)) {
            throw new IOException("ProxyCertInfoExtension parser error, expected policy sequence, but got: " + aSN1Sequence.getObjectAt(i).getClass());
        }
        this.policy = new ProxyPolicy(aSN1Sequence.getObjectAt(i));
        if (aSN1Sequence.size() > i + 1) {
            throw new IOException("ProxyCertInfoExtension parser error, sequence contains too many items");
        }
    }

    public static ProxyCertInfoExtension getInstance(X509Certificate x509Certificate) throws IOException {
        byte[] extensionBytes = CertificateHelpers.getExtensionBytes(x509Certificate, RFC_EXTENSION_OID);
        if (extensionBytes == null) {
            extensionBytes = CertificateHelpers.getExtensionBytes(x509Certificate, DRAFT_EXTENSION_OID);
        }
        if (extensionBytes == null) {
            return null;
        }
        return new ProxyCertInfoExtension(extensionBytes);
    }

    public int getProxyPathLimit() {
        return this.pathLen;
    }

    public ProxyPolicy getPolicy() {
        return this.policy;
    }

    public DERObject toASN1Object() {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        if (this.pathLen != Integer.MAX_VALUE) {
            aSN1EncodableVector.add(new DERInteger(this.pathLen));
        }
        if (this.policy == null) {
            throw new IllegalArgumentException("Can't generate ProxyCertInfoExtension without mandatory policy");
        }
        aSN1EncodableVector.add(this.policy.toASN1Object());
        return new DERSequence(aSN1EncodableVector);
    }
}
