package org.xipki.ocsp.server;

import java.io.File;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import org.xipki.ocsp.server.OcspServerConf;
import org.xipki.security.CertpathValidationModel;
import org.xipki.security.HashAlgo;
import org.xipki.security.X509Cert;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;
import org.xipki.util.CollectionUtil;
import org.xipki.util.FileOrBinary;
import org.xipki.util.exception.InvalidConfException;

/* loaded from: input_file:org/xipki/ocsp/server/RequestOption.class */
public class RequestOption {
    static final Set<HashAlgo> SUPPORTED_HASH_ALGORITHMS = CollectionUtil.asSet(new HashAlgo[]{HashAlgo.SHA1, HashAlgo.SHA224, HashAlgo.SHA256, HashAlgo.SHA384, HashAlgo.SHA512, HashAlgo.SHA3_224, HashAlgo.SHA3_256, HashAlgo.SHA3_384, HashAlgo.SHA3_512, HashAlgo.SHAKE128, HashAlgo.SHAKE256, HashAlgo.SM3});
    private final boolean supportsHttpGet;
    private final boolean signatureRequired;
    private final boolean validateSignature;
    private final int maxRequestListCount;
    private final int maxRequestSize;
    private final Collection<Integer> versions;
    private final QuadrupleState nonceOccurrence;
    private final int nonceMinLen;
    private final int nonceMaxLen;
    private final Set<HashAlgo> hashAlgos;
    private final Set<X509Cert> trustanchors;
    private final Set<X509Cert> certs;
    private final CertpathValidationModel certpathValidationModel;

    /* JADX INFO: Access modifiers changed from: package-private */
    public RequestOption(OcspServerConf.RequestOption requestOption) throws InvalidConfException {
        Set<X509Cert> certs;
        Args.notNull(requestOption, "conf");
        this.supportsHttpGet = requestOption.isSupportsHttpGet();
        this.signatureRequired = requestOption.isSignatureRequired();
        this.validateSignature = requestOption.isValidateSignature();
        OcspServerConf.Nonce nonce = requestOption.getNonce();
        this.nonceOccurrence = requestOption.getNonce().getOccurrence();
        this.nonceMinLen = nonce.getMinLen() != null ? nonce.getMinLen().intValue() : 4;
        this.nonceMaxLen = nonce.getMaxLen() != null ? nonce.getMaxLen().intValue() : 96;
        if (this.nonceMinLen < 0) {
            throw new InvalidConfException("invalid nonceMinLen (<1): " + this.nonceMinLen);
        }
        if (this.nonceMinLen > this.nonceMaxLen) {
            throw new InvalidConfException("nonceMinLen > nonceMaxLen");
        }
        this.maxRequestListCount = requestOption.getMaxRequestListCount();
        if (this.maxRequestListCount < 1) {
            throw new InvalidConfException("invalid maxRequestListCount " + this.maxRequestListCount);
        }
        this.maxRequestSize = requestOption.getMaxRequestSize();
        if (this.maxRequestSize < 100) {
            throw new InvalidConfException("invalid maxRequestSize " + this.maxRequestSize);
        }
        this.versions = new HashSet();
        for (String str : requestOption.getVersions()) {
            if (!"v1".equalsIgnoreCase(str)) {
                throw new InvalidConfException("invalid OCSP request version '" + str + "'");
            }
            this.versions.add(0);
        }
        this.hashAlgos = new HashSet();
        if (requestOption.getHashAlgorithms().isEmpty()) {
            this.hashAlgos.addAll(SUPPORTED_HASH_ALGORITHMS);
        } else {
            for (String str2 : requestOption.getHashAlgorithms()) {
                try {
                    HashAlgo hashAlgo = HashAlgo.getInstance(str2);
                    if (!SUPPORTED_HASH_ALGORITHMS.contains(hashAlgo)) {
                        throw new InvalidConfException("hash algorithm " + str2 + " is unsupported");
                    }
                    this.hashAlgos.add(hashAlgo);
                } catch (NoSuchAlgorithmException e) {
                    throw new InvalidConfException(e.getMessage());
                }
            }
        }
        OcspServerConf.CertpathValidation certpathValidation = requestOption.getCertpathValidation();
        if (certpathValidation == null) {
            if (this.validateSignature) {
                throw new InvalidConfException("certpathValidation is not specified");
            }
            this.trustanchors = null;
            this.certs = null;
            this.certpathValidationModel = CertpathValidationModel.PKIX;
            return;
        }
        this.certpathValidationModel = certpathValidation.getValidationModel();
        try {
            Set<X509Cert> certs2 = getCerts(certpathValidation.getTrustanchors());
            this.trustanchors = new HashSet(certs2.size());
            this.trustanchors.addAll(certs2);
            OcspServerConf.CertCollection certs3 = certpathValidation.getCerts();
            if (certs3 == null) {
                certs = null;
            } else {
                try {
                    certs = getCerts(certs3);
                } catch (Exception e2) {
                    throw new InvalidConfException("could not initialize the certs: " + e2.getMessage(), e2);
                }
            }
            this.certs = certs;
        } catch (Exception e3) {
            throw new InvalidConfException("could not initialize the trustanchors: " + e3.getMessage(), e3);
        }
    }

    public Set<HashAlgo> getHashAlgos() {
        return this.hashAlgos;
    }

    public boolean isSignatureRequired() {
        return this.signatureRequired;
    }

    public boolean isValidateSignature() {
        return this.validateSignature;
    }

    public boolean supportsHttpGet() {
        return this.supportsHttpGet;
    }

    public QuadrupleState getNonceOccurrence() {
        return this.nonceOccurrence;
    }

    public int getMaxRequestListCount() {
        return this.maxRequestListCount;
    }

    public int getMaxRequestSize() {
        return this.maxRequestSize;
    }

    public int getNonceMinLen() {
        return this.nonceMinLen;
    }

    public int getNonceMaxLen() {
        return this.nonceMaxLen;
    }

    public boolean allows(HashAlgo hashAlgo) {
        return hashAlgo != null && this.hashAlgos.contains(hashAlgo);
    }

    public CertpathValidationModel getCertpathValidationModel() {
        return this.certpathValidationModel;
    }

    public Set<X509Cert> getTrustanchors() {
        return this.trustanchors;
    }

    public boolean isVersionAllowed(Integer num) {
        return this.versions == null || this.versions.contains(num);
    }

    public Set<X509Cert> getCerts() {
        return this.certs;
    }

    private static Set<X509Cert> getCerts(OcspServerConf.CertCollection certCollection) throws CertificateException, IOException {
        Args.notNull(certCollection, "conf");
        HashSet hashSet = new HashSet();
        if (certCollection.getCerts() != null) {
            for (FileOrBinary fileOrBinary : certCollection.getCerts()) {
                hashSet.add(X509Util.parseCert(fileOrBinary.readContent()));
            }
        } else {
            if (certCollection.getDir() == null) {
                throw new IllegalStateException("should not happen, neither keystore nor dir is defined");
            }
            File[] listFiles = new File(certCollection.getDir()).listFiles();
            if (listFiles != null) {
                for (File file : listFiles) {
                    if (file.exists() && file.isFile()) {
                        hashSet.add(X509Util.parseCert(file));
                    }
                }
            }
        }
        return hashSet;
    }
}
