package org.globus.gsi.util;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Principal;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertPath;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.globus.common.CoGProperties;
import org.globus.gsi.GSIConstants;
import org.globus.gsi.X509Credential;
import org.globus.gsi.bc.X509NameHelper;
import org.globus.gsi.proxy.ext.ProxyCertInfo;
import org.globus.gsi.proxy.ext.ProxyPolicy;

/* loaded from: input_file:org/globus/gsi/util/CertificateUtil.class */
public final class CertificateUtil {
    private static String provider;
    private static Log logger;
    private static final Map<String, String> KEYWORD_MAP;
    private static final Map<String, String> OID_MAP;

    private CertificateUtil() {
    }

    public static void init() {
        CertificateLoadUtil.init();
    }

    public static void setProvider(String str) {
        provider = str;
    }

    public static void installSecureRandomProvider() {
        try {
            Security.insertProviderAt((Provider) Class.forName(CoGProperties.getDefault().getSecureRandomProvider()).newInstance(), 1);
        } catch (Exception e) {
            logger.debug("Unable to install PRNG. Using default PRNG.", e);
        }
    }

    public static int getCAPathConstraint(TBSCertificateStructure tBSCertificateStructure) throws IOException {
        X509Extension extension;
        X509Extensions extensions = tBSCertificateStructure.getExtensions();
        if (extensions == null || (extension = extensions.getExtension(X509Extension.basicConstraints)) == null) {
            return -1;
        }
        BasicConstraints basicConstraints = getBasicConstraints(extension);
        if (!basicConstraints.isCA()) {
            return -1;
        }
        BigInteger pathLenConstraint = basicConstraints.getPathLenConstraint();
        return pathLenConstraint == null ? X509Credential.BUFFER_SIZE : pathLenConstraint.intValue();
    }

    public static KeyPair generateKeyPair(String str, int i) throws GeneralSecurityException {
        KeyPairGenerator keyPairGenerator = provider == null ? KeyPairGenerator.getInstance(str) : KeyPairGenerator.getInstance(str, provider);
        keyPairGenerator.initialize(i);
        return keyPairGenerator.generateKeyPair();
    }

    public static GSIConstants.CertificateType getCertificateType(TBSCertificateStructure tBSCertificateStructure) throws CertificateException, IOException {
        X509Extension extension;
        X509Extensions extensions = tBSCertificateStructure.getExtensions();
        if (extensions != null && (extension = extensions.getExtension(X509Extension.basicConstraints)) != null && getBasicConstraints(extension).isCA()) {
            return GSIConstants.CertificateType.CA;
        }
        GSIConstants.CertificateType certificateType = GSIConstants.CertificateType.EEC;
        ASN1Sequence objectAt = X509NameHelper.getLastNameEntry(tBSCertificateStructure.getSubject()).getObjectAt(0);
        if (BCStyle.CN.equals(objectAt.getObjectAt(0))) {
            certificateType = processCN(extensions, certificateType, objectAt);
        }
        return certificateType;
    }

    private static GSIConstants.CertificateType processCN(X509Extensions x509Extensions, GSIConstants.CertificateType certificateType, ASN1Sequence aSN1Sequence) throws CertificateException {
        String string = aSN1Sequence.getObjectAt(1).getString();
        GSIConstants.CertificateType certificateType2 = certificateType;
        if (string.equalsIgnoreCase("proxy")) {
            certificateType2 = GSIConstants.CertificateType.GSI_2_PROXY;
        } else if (string.equalsIgnoreCase("limited proxy")) {
            certificateType2 = GSIConstants.CertificateType.GSI_2_LIMITED_PROXY;
        } else if (x509Extensions != null) {
            boolean z = true;
            X509Extension extension = x509Extensions.getExtension(ProxyCertInfo.OID);
            if (extension == null) {
                extension = x509Extensions.getExtension(ProxyCertInfo.OLD_OID);
                z = false;
            }
            if (extension != null) {
                if (!extension.isCritical()) {
                    throw new CertificateException("proxyCertCritical");
                }
                certificateType2 = processCriticalExtension(extension, z);
            }
        }
        return certificateType2;
    }

    private static GSIConstants.CertificateType processCriticalExtension(X509Extension x509Extension, boolean z) {
        ASN1ObjectIdentifier policyLanguage = ProxyCertificateUtil.getProxyCertInfo(x509Extension).getProxyPolicy().getPolicyLanguage();
        return ProxyPolicy.IMPERSONATION.equals(policyLanguage) ? z ? GSIConstants.CertificateType.GSI_4_IMPERSONATION_PROXY : GSIConstants.CertificateType.GSI_3_IMPERSONATION_PROXY : ProxyPolicy.INDEPENDENT.equals(policyLanguage) ? z ? GSIConstants.CertificateType.GSI_4_INDEPENDENT_PROXY : GSIConstants.CertificateType.GSI_3_INDEPENDENT_PROXY : ProxyPolicy.LIMITED.equals(policyLanguage) ? z ? GSIConstants.CertificateType.GSI_4_LIMITED_PROXY : GSIConstants.CertificateType.GSI_3_LIMITED_PROXY : z ? GSIConstants.CertificateType.GSI_4_RESTRICTED_PROXY : GSIConstants.CertificateType.GSI_3_RESTRICTED_PROXY;
    }

    public static BasicConstraints getBasicConstraints(X509Extension x509Extension) throws IOException {
        return BasicConstraints.getInstance(X509Extension.convertValueToObject(x509Extension));
    }

    public static ASN1Primitive toASN1Primitive(byte[] bArr) throws IOException {
        return new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject();
    }

    public static TBSCertificateStructure getTBSCertificateStructure(X509Certificate x509Certificate) throws CertificateEncodingException, IOException {
        return TBSCertificateStructure.getInstance(toASN1Primitive(x509Certificate.getTBSCertificate()));
    }

    public static EnumSet<KeyUsage> getKeyUsage(TBSCertificateStructure tBSCertificateStructure) throws IOException {
        X509Extension extension;
        X509Extensions extensions = tBSCertificateStructure.getExtensions();
        if (extensions == null || (extension = extensions.getExtension(X509Extension.keyUsage)) == null) {
            return null;
        }
        return getKeyUsage(extension);
    }

    public static EnumSet<KeyUsage> getKeyUsage(X509Extension x509Extension) throws IOException {
        DERBitString extensionObject = getExtensionObject(x509Extension);
        EnumSet<KeyUsage> noneOf = EnumSet.noneOf(KeyUsage.class);
        for (KeyUsage keyUsage : KeyUsage.values()) {
            if (keyUsage.isSet(extensionObject)) {
                noneOf.add(keyUsage);
            }
        }
        return noneOf;
    }

    public static ASN1Primitive getExtensionObject(X509Extension x509Extension) throws IOException {
        return toASN1Primitive(x509Extension.getValue().getOctets());
    }

    public static String toGlobusID(String str) {
        return toGlobusID(str, true);
    }

    public static String toGlobusID(String str, boolean z) {
        if (str == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        String[] split = str.split(",");
        if (z) {
            for (String str2 : split) {
                String trim = str2.trim();
                if (!trim.isEmpty()) {
                    sb.append("/");
                    sb.append(trim.trim());
                }
            }
        } else {
            for (int length = split.length - 1; length >= 0; length--) {
                String trim2 = split[length].trim();
                if (!trim2.isEmpty()) {
                    sb.append("/");
                    sb.append(trim2.trim());
                }
            }
        }
        return sb.toString();
    }

    public static String toGlobusID(Principal principal) {
        return principal instanceof X509Name ? X509NameHelper.toString((X509Name) principal) : principal instanceof X500Principal ? toGlobusID((X500Principal) principal) : toGlobusID(principal.getName());
    }

    public static String toGlobusID(X500Principal x500Principal) {
        if (x500Principal == null) {
            return null;
        }
        String name = x500Principal.getName("RFC2253", OID_MAP);
        StringBuilder sb = new StringBuilder();
        boolean z = false;
        int i = 0;
        char[] charArray = name.toCharArray();
        for (int length = charArray.length - 1; length >= 0; length--) {
            char c = charArray[length];
            switch (z) {
                case false:
                default:
                    i = length;
                    z = true;
                    break;
                case true:
                    if (c == '=') {
                        z = 2;
                        break;
                    } else {
                        break;
                    }
                case true:
                    if (c == ',') {
                        sb.append('/').append(name.substring(length + 1, i + 1));
                        z = false;
                        break;
                    } else {
                        break;
                    }
            }
        }
        sb.append('/').append(name.substring(0, i + 1));
        return sb.toString().replace("\\,", ",");
    }

    public static X500Principal toPrincipal(String str) {
        if (str == null) {
            return null;
        }
        String trim = str.trim();
        StringBuilder sb = new StringBuilder(trim.length());
        if (!trim.isEmpty()) {
            boolean z = false;
            int i = 0;
            char[] charArray = trim.toCharArray();
            for (int length = charArray.length - 1; length >= 0; length--) {
                char c = charArray[length];
                switch (z) {
                    case false:
                    default:
                        if (c != '/' && c != ' ') {
                            i = length;
                            z = true;
                            break;
                        }
                        break;
                    case true:
                        if (c == '=') {
                            z = 2;
                            break;
                        } else {
                            break;
                        }
                    case true:
                        if (c != '/' && c != ' ') {
                            break;
                        } else {
                            String substring = trim.substring(length + 1, i + 1);
                            int indexOf = substring.indexOf(44);
                            if (indexOf != -1) {
                                substring = substring.substring(0, indexOf) + "\\" + substring.substring(indexOf);
                            }
                            sb.append(substring).append(',');
                            z = false;
                            break;
                        }
                        break;
                }
            }
            sb.deleteCharAt(sb.length() - 1);
        }
        return new X500Principal(sb.toString(), KEYWORD_MAP);
    }

    public static CertPath getCertPath(X509Certificate[] x509CertificateArr) throws CertificateException {
        return CertificateFactory.getInstance("X.509").generateCertPath(Arrays.asList(x509CertificateArr));
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
        setProvider("BC");
        logger = LogFactory.getLog(CertificateLoadUtil.class.getCanonicalName());
        installSecureRandomProvider();
        KEYWORD_MAP = new HashMap();
        OID_MAP = new HashMap();
        KEYWORD_MAP.put("SN", Oid.SERIALNUMBER.oid);
        KEYWORD_MAP.put("E", Oid.EmailAddress.oid);
        KEYWORD_MAP.put("EMAIL", Oid.EmailAddress.oid);
        KEYWORD_MAP.put("UNSTRUCTUREDADDRESS", Oid.UnstructuredAddress.oid);
        KEYWORD_MAP.put("UNSTRUCTUREDNAME", Oid.UnstructuredName.oid);
        KEYWORD_MAP.put("UNIQUEIDENTIFIER", Oid.UNIQUE_IDENTIFIER.oid);
        KEYWORD_MAP.put("DN", Oid.DN_QUALIFIER.oid);
        KEYWORD_MAP.put("PSEUDONYM", Oid.PSEUDONYM.oid);
        KEYWORD_MAP.put("POSTALADDRESS", Oid.POSTAL_ADDRESS.oid);
        KEYWORD_MAP.put("NAMEOFBIRTH", Oid.NAME_AT_BIRTH.oid);
        KEYWORD_MAP.put("COUNTRYOFCITIZENSHIP", Oid.COUNTRY_OF_CITIZENSHIP.oid);
        KEYWORD_MAP.put("COUNTRYOFRESIDENCE", Oid.COUNTRY_OF_RESIDENCE.oid);
        KEYWORD_MAP.put("GENDER", Oid.GENDER.oid);
        KEYWORD_MAP.put("PLACEOFBIRTH", Oid.PLACE_OF_BIRTH.oid);
        KEYWORD_MAP.put("DATEOFBIRTH", Oid.DATE_OF_BIRTH.oid);
        KEYWORD_MAP.put("POSTALCODE", Oid.POSTAL_CODE.oid);
        KEYWORD_MAP.put("BUSINESSCATEGORY", Oid.BUSINESS_CATEGORY.oid);
        KEYWORD_MAP.put("TELEPHONENUMBER", Oid.TELEPHONE_NUMBER.oid);
        KEYWORD_MAP.put("NAME", Oid.NAME.oid);
        KEYWORD_MAP.put("S", Oid.ST.oid);
        KEYWORD_MAP.put("DNQUALIFIER", Oid.DN_QUALIFIER.oid);
        KEYWORD_MAP.put("IP", Oid.IP.oid);
        OID_MAP.put(Oid.UnstructuredAddress.oid, "unstructuredAddress");
        OID_MAP.put(Oid.UnstructuredName.oid, "unstructuredName");
        OID_MAP.put(Oid.UNIQUE_IDENTIFIER.oid, "UniqueIdentifier");
        OID_MAP.put(Oid.PSEUDONYM.oid, "Pseudonym");
        OID_MAP.put(Oid.POSTAL_ADDRESS.oid, "PostalAddress");
        OID_MAP.put(Oid.NAME_AT_BIRTH.oid, "NameAtBirth");
        OID_MAP.put(Oid.COUNTRY_OF_CITIZENSHIP.oid, "CountryOfCitizenship");
        OID_MAP.put(Oid.COUNTRY_OF_RESIDENCE.oid, "CountryOfResidence");
        OID_MAP.put(Oid.GENDER.oid, "Fender");
        OID_MAP.put(Oid.PLACE_OF_BIRTH.oid, "PlaceOfBirth");
        OID_MAP.put(Oid.DATE_OF_BIRTH.oid, "DateOfBirth");
        OID_MAP.put(Oid.POSTAL_CODE.oid, "PostalCode");
        OID_MAP.put(Oid.BUSINESS_CATEGORY.oid, "BusinessCategory");
        OID_MAP.put(Oid.TELEPHONE_NUMBER.oid, "TelephoneNumber");
        OID_MAP.put(Oid.NAME.oid, "Name");
        OID_MAP.put(Oid.IP.oid, "IP");
        OID_MAP.put(Oid.T.oid, "T");
        OID_MAP.put(Oid.DN_QUALIFIER.oid, "DNQUALIFIER");
        OID_MAP.put(Oid.SURNAME.oid, "SURNAME");
        OID_MAP.put(Oid.GIVENNAME.oid, "GIVENNAME");
        OID_MAP.put(Oid.INITIALS.oid, "INITIALS");
        OID_MAP.put(Oid.GENERATION.oid, "GENERATION");
        OID_MAP.put(Oid.EmailAddress.oid, "EMAILADDRESS");
        OID_MAP.put(Oid.SERIALNUMBER.oid, "SERIALNUMBER");
    }
}
