package eu.emi.security.authn.x509.proxy;

import eu.emi.security.authn.x509.helpers.proxy.ProxyAddressRestrictionData;
import eu.emi.security.authn.x509.impl.CertificateUtils;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.bouncycastle.asn1.x509.AttributeCertificate;

/* loaded from: input_file:eu/emi/security/authn/x509/proxy/BaseProxyCertificateOptions.class */
public abstract class BaseProxyCertificateOptions {
    public static final int DEFAULT_KEY_USAGE = 176;
    public static final int DEFAULT_LIFETIME = 43200;
    public static final int UNLIMITED_PROXY_LENGTH = Integer.MAX_VALUE;
    private final X509Certificate[] parentChain;
    private Date notBefore;
    private ProxyType type;
    private List<CertificateExtension> extensions;
    private String[] targetRestrictionPermitted;
    private String[] targetRestrictionExcluded;
    private String[] sourceRestrictionPermitted;
    private String[] sourceRestrictionExcluded;
    private String proxyTracingSubject;
    private String proxyTracingIssuer;
    private String samlAssertion;
    private AttributeCertificate[] attributeCertificates;
    private int lifetime = DEFAULT_LIFETIME;
    private boolean limited = false;
    private BigInteger serialNumber = null;
    private int proxyPathLimit = UNLIMITED_PROXY_LENGTH;
    private int proxyKeyUsageMask = -1;
    private ProxyPolicy policy = null;

    /* JADX INFO: Access modifiers changed from: protected */
    public BaseProxyCertificateOptions(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("parent certificate chain must be set");
        }
        this.parentChain = (X509Certificate[]) Arrays.copyOf(x509CertificateArr, x509CertificateArr.length);
        this.extensions = new ArrayList();
        this.notBefore = new Date();
        if (!ProxyUtils.isProxy(x509CertificateArr)) {
            this.type = ProxyType.RFC3820;
            return;
        }
        try {
            ProxyChainType proxyType = new ProxyChainInfo(x509CertificateArr).getProxyType();
            if (proxyType == ProxyChainType.RFC3820) {
                this.type = ProxyType.RFC3820;
                return;
            }
            if (proxyType == ProxyChainType.DRAFT_RFC) {
                this.type = ProxyType.DRAFT_RFC;
            } else if (proxyType == ProxyChainType.LEGACY) {
                this.type = ProxyType.LEGACY;
            } else {
                this.type = ProxyType.RFC3820;
            }
        } catch (CertificateException e) {
            throw new IllegalArgumentException("Can not parse the parentCertChain argument", e);
        }
    }

    public X509Certificate[] getParentCertChain() {
        return this.parentChain;
    }

    public void setValidityBounds(Date date, Date date2) {
        this.notBefore = new Date();
        this.notBefore.setTime((date.getTime() / 1000) * 1000);
        if (date2.before(date)) {
            throw new IllegalArgumentException("notBefore argument value must be earlier than notAfter");
        }
        this.lifetime = (int) ((date2.getTime() / 1000) - (date.getTime() / 1000));
    }

    public void setLifetime(int i) {
        this.notBefore = new Date();
        this.lifetime = i;
    }

    public void setLifetime(long j, TimeUnit timeUnit) {
        long seconds = timeUnit.toSeconds(j);
        if (seconds > 2147483647L) {
            throw new IllegalArgumentException("This implementation allows for proxy lifetimes up to 2147483647 seconds");
        }
        setLifetime((int) seconds);
    }

    public int getLifetime() {
        return this.lifetime;
    }

    public Date getNotBefore() {
        return this.notBefore;
    }

    public int getProxyKeyUsageMask() {
        return this.proxyKeyUsageMask;
    }

    public void setProxyKeyUsageMask(int i) throws IllegalArgumentException {
        if ((i & 128) == 0) {
            throw new IllegalArgumentException("The digital signature bit must be always set for the proxy");
        }
        this.proxyKeyUsageMask = i;
    }

    public void setType(ProxyType proxyType) throws IllegalArgumentException {
        this.type = proxyType;
    }

    public ProxyType getType() {
        return this.type;
    }

    public void setLimited(boolean z) {
        this.limited = z;
        if (z) {
            setPolicy(new ProxyPolicy(ProxyPolicy.LIMITED_PROXY_OID));
        } else {
            setPolicy(new ProxyPolicy(ProxyPolicy.INHERITALL_POLICY_OID));
        }
    }

    public boolean isLimited() {
        return this.limited;
    }

    public void setSerialNumber(BigInteger bigInteger) {
        this.serialNumber = bigInteger;
    }

    public BigInteger getSerialNumber() {
        return this.serialNumber;
    }

    public void setProxyPathLimit(int i) {
        this.proxyPathLimit = (i == Integer.MAX_VALUE || i < 0) ? UNLIMITED_PROXY_LENGTH : i;
    }

    public int getProxyPathLimit() {
        return this.proxyPathLimit;
    }

    public void addExtension(CertificateExtension certificateExtension) {
        this.extensions.add(certificateExtension);
    }

    public List<CertificateExtension> getExtensions() {
        ArrayList arrayList = new ArrayList(this.extensions.size());
        arrayList.addAll(this.extensions);
        return arrayList;
    }

    public void setPolicy(ProxyPolicy proxyPolicy) {
        this.policy = proxyPolicy.m55clone();
    }

    public ProxyPolicy getPolicy() {
        if (this.policy == null) {
            return null;
        }
        return this.policy.m55clone();
    }

    public void setTargetRestrictionPermittedAddresses(String[] strArr) throws IllegalArgumentException {
        this.targetRestrictionPermitted = (String[]) strArr.clone();
    }

    public void setTargetRestrictionPermittedAddresses(byte[][] bArr) throws IllegalArgumentException {
        this.targetRestrictionPermitted = ProxyAddressRestrictionData.convert2strings(bArr);
    }

    public String[] getTargetRestrictionPermittedAddresses() {
        if (this.targetRestrictionPermitted == null) {
            return null;
        }
        return (String[]) this.targetRestrictionPermitted.clone();
    }

    public void setSourceRestrictionPermittedAddresses(String[] strArr) throws IllegalArgumentException {
        this.sourceRestrictionPermitted = (String[]) strArr.clone();
    }

    public void setSourceRestrictionPermittedAddresses(byte[][] bArr) throws IllegalArgumentException {
        this.sourceRestrictionPermitted = ProxyAddressRestrictionData.convert2strings(bArr);
    }

    public String[] getSourceRestrictionPermittedAddresses() {
        if (this.sourceRestrictionPermitted == null) {
            return null;
        }
        return (String[]) this.sourceRestrictionPermitted.clone();
    }

    public void setTargetRestrictionExcludedAddresses(String[] strArr) throws IllegalArgumentException {
        this.targetRestrictionExcluded = (String[]) strArr.clone();
    }

    public void setTargetRestrictionExcludedAddresses(byte[][] bArr) throws IllegalArgumentException {
        this.targetRestrictionExcluded = ProxyAddressRestrictionData.convert2strings(bArr);
    }

    public String[] getTargetRestrictionExcludedAddresses() {
        if (this.targetRestrictionExcluded == null) {
            return null;
        }
        return (String[]) this.targetRestrictionExcluded.clone();
    }

    public void setSourceRestrictionExcludedAddresses(String[] strArr) throws IllegalArgumentException {
        this.sourceRestrictionExcluded = (String[]) strArr.clone();
    }

    public void setSourceRestrictionExcludedAddresses(byte[][] bArr) throws IllegalArgumentException {
        this.sourceRestrictionExcluded = ProxyAddressRestrictionData.convert2strings(bArr);
    }

    public String[] getSourceRestrictionExcludedAddresses() {
        if (this.sourceRestrictionExcluded == null) {
            return null;
        }
        return (String[]) this.sourceRestrictionExcluded.clone();
    }

    public void setProxyTracingIssuer(String str) {
        this.proxyTracingIssuer = str;
    }

    public String getProxyTracingIssuer() {
        return this.proxyTracingIssuer;
    }

    public void setProxyTracingSubject(String str) {
        this.proxyTracingSubject = str;
    }

    public String getProxyTracingSubject() {
        return this.proxyTracingSubject;
    }

    public String getSAMLAssertion() {
        return this.samlAssertion;
    }

    public void setSAMLAssertion(String str) {
        this.samlAssertion = str;
    }

    public void setAttributeCertificates(AttributeCertificate[] attributeCertificateArr) throws IOException {
        this.attributeCertificates = new AttributeCertificate[attributeCertificateArr.length];
        for (int i = 0; i < attributeCertificateArr.length; i++) {
            this.attributeCertificates[i] = AttributeCertificate.getInstance(attributeCertificateArr[i].getEncoded("DER"));
        }
    }

    public AttributeCertificate[] getAttributeCertificates() throws IOException {
        if (this.attributeCertificates == null) {
            return null;
        }
        AttributeCertificate[] attributeCertificateArr = new AttributeCertificate[this.attributeCertificates.length];
        for (int i = 0; i < this.attributeCertificates.length; i++) {
            attributeCertificateArr[i] = AttributeCertificate.getInstance(this.attributeCertificates[i].getEncoded("DER"));
        }
        return attributeCertificateArr;
    }

    static {
        CertificateUtils.configureSecProvider();
    }
}
