package org.xipki.ca.api;

import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.xipki.ca.api.OperationException;
import org.xipki.security.X509Cert;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;
import org.xipki.util.ConfPairs;

/* loaded from: input_file:org/xipki/ca/api/PublicCaInfo.class */
public class PublicCaInfo {
    private final X500Principal subject;
    private final X500Name x500Subject;
    private final String c14nSubject;
    private final byte[] subjectKeyIdentifier;
    private final GeneralNames subjectAltName;
    private final X500Name x500Issuer;
    private final BigInteger serialNumber;
    private final X509Cert caCert;
    private X509Certificate crlSignerCert;
    private final CaUris caUris;
    private final ConfPairs extraControl;

    public PublicCaInfo(X509Certificate x509Certificate, CaUris caUris, ConfPairs confPairs) throws OperationException {
        Args.notNull(x509Certificate, "caCert");
        this.caUris = caUris == null ? CaUris.EMPTY_INSTANCE : caUris;
        this.caCert = new X509Cert(x509Certificate);
        this.x500Issuer = X500Name.getInstance(x509Certificate.getIssuerX500Principal().getEncoded());
        this.serialNumber = x509Certificate.getSerialNumber();
        this.subject = x509Certificate.getSubjectX500Principal();
        this.x500Subject = X500Name.getInstance(this.subject.getEncoded());
        this.c14nSubject = X509Util.canonicalizName(this.x500Subject);
        try {
            this.subjectKeyIdentifier = X509Util.extractSki(x509Certificate);
            this.extraControl = confPairs;
            byte[] extensionValue = x509Certificate.getExtensionValue(Extension.subjectAlternativeName.getId());
            if (extensionValue == null) {
                this.subjectAltName = null;
            } else {
                try {
                    this.subjectAltName = GeneralNames.getInstance(JcaX509ExtensionUtils.parseExtensionValue(extensionValue));
                } catch (IOException e) {
                    throw new OperationException(OperationException.ErrorCode.INVALID_EXTENSION, "invalid SubjectAltName extension in CA certificate");
                }
            }
        } catch (CertificateEncodingException e2) {
            throw new OperationException(OperationException.ErrorCode.INVALID_EXTENSION, e2);
        }
    }

    public PublicCaInfo(X500Name x500Name, X500Name x500Name2, BigInteger bigInteger, GeneralNames generalNames, byte[] bArr, CaUris caUris, ConfPairs confPairs) throws OperationException {
        this.x500Subject = (X500Name) Args.notNull(x500Name, "subject");
        this.x500Issuer = (X500Name) Args.notNull(x500Name, "issuer");
        this.serialNumber = (BigInteger) Args.notNull(bigInteger, "serialNumber");
        this.caUris = caUris == null ? CaUris.EMPTY_INSTANCE : caUris;
        this.caCert = null;
        this.c14nSubject = X509Util.canonicalizName(x500Name);
        try {
            this.subject = new X500Principal(x500Name.getEncoded());
            this.subjectKeyIdentifier = bArr == null ? null : Arrays.copyOf(bArr, bArr.length);
            this.subjectAltName = generalNames;
            this.extraControl = confPairs;
        } catch (IOException e) {
            throw new OperationException(OperationException.ErrorCode.SYSTEM_FAILURE, "invalid SubjectAltName extension in CA certificate");
        }
    }

    public CaUris getCaUris() {
        return this.caUris;
    }

    public X509Certificate getCrlSignerCert() {
        return this.crlSignerCert;
    }

    public void setCrlSignerCert(X509Certificate x509Certificate) {
        this.crlSignerCert = this.caCert.getCert().equals(x509Certificate) ? null : x509Certificate;
    }

    public X500Principal getSubject() {
        return this.subject;
    }

    public X500Name getX500Subject() {
        return this.x500Subject;
    }

    public X500Name getX500Issuer() {
        return this.x500Issuer;
    }

    public String getC14nSubject() {
        return this.c14nSubject;
    }

    public GeneralNames getSubjectAltName() {
        return this.subjectAltName;
    }

    public byte[] getSubjectKeyIdentifer() {
        if (this.caCert != null) {
            return this.caCert.getSubjectKeyIdentifier();
        }
        if (this.subjectKeyIdentifier == null) {
            return null;
        }
        return Arrays.copyOf(this.subjectKeyIdentifier, this.subjectKeyIdentifier.length);
    }

    public BigInteger getSerialNumber() {
        return this.serialNumber;
    }

    public X509Cert getCaCert() {
        return this.caCert;
    }

    public ConfPairs getExtraControl() {
        return this.extraControl;
    }
}
