package eu.emi.security.authn.x509.helpers.proxy;

import eu.emi.security.authn.x509.helpers.CertificateHelpers;
import eu.emi.security.authn.x509.proxy.BaseProxyCertificateOptions;
import eu.emi.security.authn.x509.proxy.ProxyPolicy;
import java.io.IOException;
import java.security.cert.X509Certificate;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;

/* loaded from: input_file:eu/emi/security/authn/x509/helpers/proxy/ProxyHelper.class */
public class ProxyHelper {
    public static ExtendedProxyType getProxyType(X509Certificate x509Certificate) {
        String str;
        if (x509Certificate.getExtensionValue(RFCProxyCertInfoExtension.RFC_EXTENSION_OID) != null && x509Certificate.getExtensionValue(RFCProxyCertInfoExtension.RFC_EXTENSION_OID).length > 0) {
            return ExtendedProxyType.RFC3820;
        }
        if (x509Certificate.getExtensionValue(DraftRFCProxyCertInfoExtension.DRAFT_EXTENSION_OID) != null && x509Certificate.getExtensionValue(DraftRFCProxyCertInfoExtension.DRAFT_EXTENSION_OID).length > 0) {
            return ExtendedProxyType.DRAFT_RFC;
        }
        try {
            str = getLastCN(x509Certificate.getSubjectX500Principal());
        } catch (IllegalArgumentException e) {
            str = "";
        }
        return ("proxy".equals(str.toLowerCase()) || "limited proxy".equals(str.toLowerCase())) ? ExtendedProxyType.LEGACY : ExtendedProxyType.NOT_A_PROXY;
    }

    public static String getLastCN(X500Principal x500Principal) throws IllegalArgumentException {
        return getLastCN(CertificateHelpers.toX500Name(x500Principal));
    }

    public static String getLastCN(X500Name x500Name) throws IllegalArgumentException {
        RDN[] rDNs = x500Name.getRDNs();
        if (rDNs.length == 0) {
            throw new IllegalArgumentException("The DN is empty");
        }
        RDN rdn = rDNs[rDNs.length - 1];
        if (rdn.isMultiValued()) {
            throw new IllegalArgumentException("The DN is ended with a multivalued RDN");
        }
        AttributeTypeAndValue first = rdn.getFirst();
        if (first.getType().equals(BCStyle.CN)) {
            return IETFUtils.valueToString(first.getValue());
        }
        throw new IllegalArgumentException("The DN is not ended with a CN AVA");
    }

    public static int getProxyPathLimit(X509Certificate x509Certificate) throws IOException {
        ProxyCertInfoExtension proxyCertInfoExtension = ProxyCertInfoExtension.getInstance(x509Certificate);
        return proxyCertInfoExtension == null ? BaseProxyCertificateOptions.UNLIMITED_PROXY_LENGTH : proxyCertInfoExtension.getProxyPathLimit();
    }

    public static boolean isLimited(X509Certificate x509Certificate) throws IOException {
        String str;
        ExtendedProxyType proxyType = getProxyType(x509Certificate);
        if (proxyType == ExtendedProxyType.RFC3820 || proxyType == ExtendedProxyType.DRAFT_RFC) {
            return ProxyPolicy.LIMITED_PROXY_OID.equals(ProxyCertInfoExtension.getInstance(x509Certificate).getPolicy().getPolicyOID());
        }
        if (proxyType != ExtendedProxyType.LEGACY) {
            return false;
        }
        try {
            str = getLastCN(x509Certificate.getSubjectX500Principal());
        } catch (IllegalArgumentException e) {
            str = "";
        }
        return "limited proxy".equals(str.toLowerCase());
    }
}
