package eu.emi.security.authn.x509.proxy;

import eu.emi.security.authn.x509.helpers.JavaAndBCStyle;
import eu.emi.security.authn.x509.helpers.proxy.DraftRFCProxyCertInfoExtension;
import eu.emi.security.authn.x509.helpers.proxy.ProxyAddressRestrictionData;
import eu.emi.security.authn.x509.helpers.proxy.ProxyCertInfoExtension;
import eu.emi.security.authn.x509.helpers.proxy.ProxyHelper;
import eu.emi.security.authn.x509.helpers.proxy.ProxySAMLExtension;
import eu.emi.security.authn.x509.helpers.proxy.ProxyTracingExtension;
import eu.emi.security.authn.x509.helpers.proxy.RFCProxyCertInfoExtension;
import eu.emi.security.authn.x509.impl.CertificateUtils;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.List;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;

/* loaded from: input_file:eu/emi/security/authn/x509/proxy/ProxyCSRInfo.class */
public class ProxyCSRInfo {
    private PKCS10CertificationRequest csr;
    private List<CertificateExtension> extensions = new ArrayList();
    private String samlAssertion;
    private ProxyCertInfoExtension proxyExt;
    private String proxyExtOid;
    private String tracingSubject;
    private String tracingIssuer;
    private String[][] sourceRestrictions;
    private String[][] targetRestrictions;

    public ProxyCSRInfo(PKCS10CertificationRequest pKCS10CertificationRequest) throws CertificateException {
        this.csr = pKCS10CertificationRequest;
        try {
            parseRequestedExtensions();
        } catch (IOException e) {
            throw new CertificateException("The CSR can not be parsed as a Proxy CSR", e);
        }
    }

    public ProxyType getProxyType() {
        String str;
        if (this.proxyExtOid != null && this.proxyExtOid.equals(RFCProxyCertInfoExtension.RFC_EXTENSION_OID)) {
            return ProxyType.RFC3820;
        }
        if (this.proxyExtOid != null && this.proxyExtOid.equals(DraftRFCProxyCertInfoExtension.DRAFT_EXTENSION_OID)) {
            return ProxyType.DRAFT_RFC;
        }
        try {
            str = getLastCN();
        } catch (IOException e) {
            throw new IllegalArgumentException("The CSR can not be parsed", e);
        } catch (IllegalArgumentException e2) {
            str = "";
        }
        if ("proxy".equals(str.toLowerCase()) || "limited proxy".equals(str.toLowerCase())) {
            return ProxyType.LEGACY;
        }
        return null;
    }

    private String getLastCN() throws IllegalArgumentException, IOException {
        return ProxyHelper.getLastCN(X500Name.getInstance(new JavaAndBCStyle(), X500Name.getInstance(this.csr.getSubject().getEncoded("DER"))));
    }

    public Boolean isLimited() {
        String str;
        ProxyPolicy policy = getPolicy();
        if (policy != null) {
            return Boolean.valueOf(ProxyPolicy.LIMITED_PROXY_OID.equals(policy.getPolicyOID()));
        }
        try {
            str = getLastCN();
        } catch (IOException e) {
            throw new IllegalArgumentException("The CSR can not be parsed", e);
        } catch (IllegalArgumentException e2) {
            str = "";
        }
        if (str.toLowerCase().equals("proxy")) {
            return false;
        }
        return "limited proxy".equals(str.toLowerCase()) ? true : null;
    }

    public ProxyPolicy getPolicy() {
        if (this.proxyExt == null) {
            return null;
        }
        return this.proxyExt.getPolicy();
    }

    public String getProxyTracingIssuer() {
        return this.tracingIssuer;
    }

    public String getProxyTracingSubject() {
        return this.tracingSubject;
    }

    public String getSAMLExtension() {
        return this.samlAssertion;
    }

    public Integer getProxyPathLimit() {
        return this.proxyExt == null ? Integer.valueOf(BaseProxyCertificateOptions.UNLIMITED_PROXY_LENGTH) : Integer.valueOf(this.proxyExt.getProxyPathLimit());
    }

    public String[][] getProxySourceRestrictions() {
        return this.sourceRestrictions;
    }

    public String[][] getProxyTargetRestrictions() {
        return this.targetRestrictions;
    }

    private void parseRequestedExtensions() throws IOException {
        Attribute[] attributes = this.csr.getAttributes();
        if (attributes == null) {
            return;
        }
        for (Attribute attribute : attributes) {
            if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.getId().equals(attribute.getAttrType().getId()) && attribute.getAttrValues().size() != 0) {
                handleRequestedExtension(new CertificateExtension(attribute.getAttrValues().getObjectAt(0).toASN1Primitive().getEncoded("DER")));
            }
        }
    }

    /* JADX WARN: Type inference failed for: r1v13, types: [java.lang.String[], java.lang.String[][]] */
    /* JADX WARN: Type inference failed for: r1v17, types: [java.lang.String[], java.lang.String[][]] */
    private void handleRequestedExtension(CertificateExtension certificateExtension) throws IOException {
        String oid = certificateExtension.getOid();
        byte[] encoded = certificateExtension.getValue().toASN1Primitive().getEncoded("DER");
        if (oid.equals(DraftRFCProxyCertInfoExtension.DRAFT_EXTENSION_OID)) {
            this.proxyExtOid = oid;
            this.proxyExt = new DraftRFCProxyCertInfoExtension(encoded);
            return;
        }
        if (oid.equals(RFCProxyCertInfoExtension.RFC_EXTENSION_OID)) {
            this.proxyExtOid = oid;
            this.proxyExt = new RFCProxyCertInfoExtension(encoded);
            return;
        }
        if (oid.equals(ProxySAMLExtension.LEGACY_SAML_OID) || oid.equals(ProxySAMLExtension.SAML_OID)) {
            this.samlAssertion = new ProxySAMLExtension(encoded).getSAML();
            return;
        }
        if (oid.equals(ProxyTracingExtension.PROXY_TRACING_ISSUER_EXTENSION_OID)) {
            this.tracingIssuer = new ProxyTracingExtension(encoded).getURL();
            return;
        }
        if (oid.equals(ProxyTracingExtension.PROXY_TRACING_SUBJECT_EXTENSION_OID)) {
            this.tracingSubject = new ProxyTracingExtension(encoded).getURL();
            return;
        }
        if (oid.equals(ProxyAddressRestrictionData.SOURCE_RESTRICTION_OID)) {
            this.sourceRestrictions = new String[2];
            this.sourceRestrictions[0] = new ProxyAddressRestrictionData(encoded).getPermittedAddresses();
            this.sourceRestrictions[1] = new ProxyAddressRestrictionData(encoded).getExcludedAddresses();
        } else {
            if (!oid.equals(ProxyAddressRestrictionData.TARGET_RESTRICTION_OID)) {
                this.extensions.add(certificateExtension);
                return;
            }
            this.targetRestrictions = new String[2];
            this.targetRestrictions[0] = new ProxyAddressRestrictionData(encoded).getPermittedAddresses();
            this.targetRestrictions[1] = new ProxyAddressRestrictionData(encoded).getExcludedAddresses();
        }
    }

    static {
        CertificateUtils.configureSecProvider();
    }
}
