package org.xipki.ca.qa;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.regex.Pattern;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBMPString;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERT61String;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.xipki.ca.api.BadCertTemplateException;
import org.xipki.ca.api.profile.CertprofileException;
import org.xipki.ca.api.profile.RdnControl;
import org.xipki.ca.api.profile.StringType;
import org.xipki.ca.api.profile.x509.SpecialX509CertprofileBehavior;
import org.xipki.ca.api.profile.x509.SubjectControl;
import org.xipki.ca.api.profile.x509.SubjectDnSpec;
import org.xipki.common.qa.ValidationIssue;
import org.xipki.common.util.CollectionUtil;
import org.xipki.common.util.ParamUtil;
import org.xipki.security.ObjectIdentifiers;
import org.xipki.security.util.X509Util;

/* loaded from: input_file:org/xipki/ca/qa/SubjectChecker.class */
public class SubjectChecker {
    private final SpecialX509CertprofileBehavior specialBehavior;
    private final SubjectControl subjectControl;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.xipki.ca.qa.SubjectChecker$1, reason: invalid class name */
    /* loaded from: input_file:org/xipki/ca/qa/SubjectChecker$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$xipki$ca$api$profile$StringType = new int[StringType.values().length];

        static {
            try {
                $SwitchMap$org$xipki$ca$api$profile$StringType[StringType.bmpString.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$profile$StringType[StringType.printableString.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$profile$StringType[StringType.teletexString.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$profile$StringType[StringType.utf8String.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$profile$StringType[StringType.ia5String.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    public SubjectChecker(SpecialX509CertprofileBehavior specialX509CertprofileBehavior, SubjectControl subjectControl) throws CertprofileException {
        this.specialBehavior = specialX509CertprofileBehavior;
        this.subjectControl = (SubjectControl) ParamUtil.requireNonNull("subjectControl", subjectControl);
    }

    public List<ValidationIssue> checkSubject(X500Name x500Name, X500Name x500Name2) {
        ValidationIssue validationIssue;
        ParamUtil.requireNonNull("subject", x500Name);
        ParamUtil.requireNonNull("requestedSubject", x500Name2);
        HashSet hashSet = new HashSet();
        Iterator it = this.subjectControl.types().iterator();
        while (it.hasNext()) {
            hashSet.add((ASN1ObjectIdentifier) it.next());
        }
        for (ASN1ObjectIdentifier aSN1ObjectIdentifier : x500Name.getAttributeTypes()) {
            hashSet.add(aSN1ObjectIdentifier);
        }
        LinkedList linkedList = new LinkedList();
        ValidationIssue validationIssue2 = new ValidationIssue("X509.SUBJECT.group", "X509 subject RDN group");
        linkedList.add(validationIssue2);
        if (CollectionUtil.isNonEmpty(this.subjectControl.groups())) {
            for (String str : new HashSet(this.subjectControl.groups())) {
                boolean z = false;
                RDN rdn = null;
                Iterator it2 = this.subjectControl.getTypesForGroup(str).iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    RDN[] rDNs = x500Name.getRDNs((ASN1ObjectIdentifier) it2.next());
                    if (rDNs != null && rDNs.length != 0) {
                        if (rDNs.length > 1) {
                            validationIssue2.setFailureMessage("AttributeTypeAndValues of group " + str + " is not in one RDN");
                            z = true;
                            break;
                        }
                        if (rdn != null) {
                            if (rdn != rDNs[0]) {
                                validationIssue2.setFailureMessage("AttributeTypeAndValues of group " + str + " is not in one RDN");
                                z = true;
                                break;
                            }
                        } else {
                            rdn = rDNs[0];
                        }
                    }
                }
                if (z) {
                    break;
                }
            }
        }
        Iterator it3 = hashSet.iterator();
        while (it3.hasNext()) {
            try {
                validationIssue = checkSubjectAttribute((ASN1ObjectIdentifier) it3.next(), x500Name, x500Name2);
            } catch (BadCertTemplateException e) {
                validationIssue = new ValidationIssue("X509.SUBJECT.REQUEST", "Subject in request");
                validationIssue.setFailureMessage(e.getMessage());
            }
            linkedList.add(validationIssue);
        }
        return linkedList;
    }

    private ValidationIssue checkSubjectAttribute(ASN1ObjectIdentifier aSN1ObjectIdentifier, X500Name x500Name, X500Name x500Name2) throws BadCertTemplateException {
        return this.subjectControl.getGroup(aSN1ObjectIdentifier) != null ? checkSubjectAttributeMultiValued(aSN1ObjectIdentifier, x500Name, x500Name2) : checkSubjectAttributeNotMultiValued(aSN1ObjectIdentifier, x500Name, x500Name2);
    }

    private ValidationIssue checkSubjectAttributeNotMultiValued(ASN1ObjectIdentifier aSN1ObjectIdentifier, X500Name x500Name, X500Name x500Name2) throws BadCertTemplateException {
        ValidationIssue createSubjectIssue = createSubjectIssue(aSN1ObjectIdentifier);
        RdnControl control = this.subjectControl.getControl(aSN1ObjectIdentifier);
        int minOccurs = control == null ? 0 : control.minOccurs();
        int maxOccurs = control == null ? 0 : control.maxOccurs();
        RDN[] rDNs = x500Name.getRDNs(aSN1ObjectIdentifier);
        int length = rDNs == null ? 0 : rDNs.length;
        if (length < minOccurs || length > maxOccurs) {
            createSubjectIssue.setFailureMessage("number of RDNs '" + length + "' is not within [" + minOccurs + ", " + maxOccurs + "]");
            return createSubjectIssue;
        }
        RDN[] rDNs2 = x500Name2.getRDNs(aSN1ObjectIdentifier);
        if (length == 0) {
            if (maxOccurs > 0 && rDNs2 != null && rDNs2.length > 0) {
                createSubjectIssue.setFailureMessage("is absent but expected present");
            }
            return createSubjectIssue;
        }
        StringBuilder sb = new StringBuilder();
        StringType stringType = control != null ? control.stringType() : null;
        List<String> linkedList = new LinkedList();
        if (rDNs2 != null) {
            for (RDN rdn : rDNs2) {
                linkedList.add(getRdnTextValueOfRequest(rdn));
            }
            if (control != null && control.patterns() != null) {
                linkedList = sort(linkedList, control.patterns());
            }
        }
        if (rDNs == null) {
            return createSubjectIssue;
        }
        for (int i = 0; i < rDNs.length; i++) {
            AttributeTypeAndValue[] typesAndValues = rDNs[i].getTypesAndValues();
            if (typesAndValues.length > 1) {
                sb.append("size of RDN[" + i + "] is '" + typesAndValues.length + "' but expected '1'");
                sb.append("; ");
            } else {
                String atvValueString = getAtvValueString("RDN[" + i + "]", typesAndValues[0], stringType, sb);
                if (atvValueString != null) {
                    checkAttributeTypeAndValue("RDN[" + i + "]", aSN1ObjectIdentifier, atvValueString, control, linkedList, i, sb);
                }
            }
        }
        int length2 = sb.length();
        if (length2 > 2) {
            sb.delete(length2 - 2, length2);
            createSubjectIssue.setFailureMessage(sb.toString());
        }
        return createSubjectIssue;
    }

    private ValidationIssue checkSubjectAttributeMultiValued(ASN1ObjectIdentifier aSN1ObjectIdentifier, X500Name x500Name, X500Name x500Name2) throws BadCertTemplateException {
        ValidationIssue createSubjectIssue = createSubjectIssue(aSN1ObjectIdentifier);
        RDN[] rDNs = x500Name.getRDNs(aSN1ObjectIdentifier);
        int length = rDNs == null ? 0 : rDNs.length;
        RDN[] rDNs2 = x500Name2.getRDNs(aSN1ObjectIdentifier);
        if (length != 1) {
            if (length != 0) {
                createSubjectIssue.setFailureMessage("number of RDNs '" + length + "' is not 1");
            } else if (rDNs2 != null && rDNs2.length > 0) {
                createSubjectIssue.setFailureMessage("is absent but expected present");
            }
            return createSubjectIssue;
        }
        RdnControl control = this.subjectControl.getControl(aSN1ObjectIdentifier);
        StringType stringType = control != null ? control.stringType() : null;
        List<String> linkedList = new LinkedList();
        if (rDNs2 != null) {
            for (RDN rdn : rDNs2) {
                linkedList.add(getRdnTextValueOfRequest(rdn));
            }
            if (control != null && control.patterns() != null) {
                linkedList = sort(linkedList, control.patterns());
            }
        }
        if (rDNs == null) {
            return createSubjectIssue;
        }
        StringBuilder sb = new StringBuilder();
        AttributeTypeAndValue[] typesAndValues = rDNs[0].getTypesAndValues();
        LinkedList linkedList2 = new LinkedList();
        for (AttributeTypeAndValue attributeTypeAndValue : typesAndValues) {
            if (aSN1ObjectIdentifier.equals(attributeTypeAndValue.getType())) {
                linkedList2.add(attributeTypeAndValue);
            }
        }
        int size = linkedList2.size();
        int minOccurs = control == null ? 0 : control.minOccurs();
        int maxOccurs = control == null ? 0 : control.maxOccurs();
        if (size < minOccurs || size > maxOccurs) {
            createSubjectIssue.setFailureMessage("number of AttributeTypeAndValuess '" + size + "' is not within [" + minOccurs + ", " + maxOccurs + "]");
            return createSubjectIssue;
        }
        for (int i = 0; i < size; i++) {
            String atvValueString = getAtvValueString("AttributeTypeAndValue[" + i + "]", (AttributeTypeAndValue) linkedList2.get(i), stringType, sb);
            if (atvValueString != null) {
                checkAttributeTypeAndValue("AttributeTypeAndValue[" + i + "]", aSN1ObjectIdentifier, atvValueString, control, linkedList, i, sb);
            }
        }
        int length2 = sb.length();
        if (length2 > 2) {
            sb.delete(length2 - 2, length2);
            createSubjectIssue.setFailureMessage(sb.toString());
        }
        return createSubjectIssue;
    }

    private void checkAttributeTypeAndValue(String str, ASN1ObjectIdentifier aSN1ObjectIdentifier, String str2, RdnControl rdnControl, List<String> list, int i, StringBuilder sb) throws BadCertTemplateException {
        String str3 = str2;
        if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(aSN1ObjectIdentifier)) {
            if (!SubjectDnSpec.PATTERN_DATE_OF_BIRTH.matcher(str3).matches()) {
                throw new BadCertTemplateException("Value of RDN dateOfBirth does not have format YYYMMDD000000Z");
            }
        } else if (rdnControl != null) {
            String prefix = rdnControl.prefix();
            if (prefix != null) {
                if (!str3.startsWith(prefix)) {
                    sb.append(str).append(" '").append(str3).append("' does not start with prefix '").append(prefix).append("'; ");
                    return;
                }
                str3 = str3.substring(prefix.length());
            }
            String suffix = rdnControl.suffix();
            if (suffix != null) {
                if (!str3.endsWith(suffix)) {
                    sb.append(str).append(" '").append(str3).append("' does not end with suffix '").append(suffix).append("'; ");
                    return;
                }
                str3 = str3.substring(0, str3.length() - suffix.length());
            }
            List patterns = rdnControl.patterns();
            if (patterns != null) {
                Pattern pattern = (Pattern) patterns.get(i);
                if (!pattern.matcher(str3).matches()) {
                    sb.append(str).append(" '").append(str3).append("' is not valid against regex '").append(pattern.pattern()).append("'; ");
                    return;
                }
            }
        }
        if (CollectionUtil.isEmpty(list)) {
            if (aSN1ObjectIdentifier.equals(ObjectIdentifiers.DN_SERIALNUMBER)) {
                return;
            }
            sb.append("is present but not contained in the request");
            sb.append("; ");
            return;
        }
        String str4 = list.get(i);
        if (ObjectIdentifiers.DN_CN.equals(aSN1ObjectIdentifier) && this.specialBehavior != null && SpecialX509CertprofileBehavior.gematik_gSMC_K.equals(this.specialBehavior)) {
            if (str3.startsWith(str4 + "-")) {
                return;
            }
            sb.append("content '").append(str3).append("' does not start with '").append(str4).append("-'; ");
        } else {
            if (aSN1ObjectIdentifier.equals(ObjectIdentifiers.DN_SERIALNUMBER) || str3.equals(str4)) {
                return;
            }
            sb.append("content '").append(str3).append("' but expected '").append(str4).append("'; ");
        }
    }

    private static List<String> sort(List<String> list, List<Pattern> list2) {
        ArrayList arrayList = new ArrayList(list.size());
        for (Pattern pattern : list2) {
            for (String str : list) {
                if (!arrayList.contains(str) && pattern.matcher(str).matches()) {
                    arrayList.add(str);
                }
            }
        }
        for (String str2 : list) {
            if (!arrayList.contains(str2)) {
                arrayList.add(str2);
            }
        }
        return arrayList;
    }

    private static boolean matchStringType(ASN1Encodable aSN1Encodable, StringType stringType) {
        boolean z;
        switch (AnonymousClass1.$SwitchMap$org$xipki$ca$api$profile$StringType[stringType.ordinal()]) {
            case 1:
                z = aSN1Encodable instanceof DERBMPString;
                break;
            case 2:
                z = aSN1Encodable instanceof DERPrintableString;
                break;
            case 3:
                z = aSN1Encodable instanceof DERT61String;
                break;
            case 4:
                z = aSN1Encodable instanceof DERUTF8String;
                break;
            case 5:
                z = aSN1Encodable instanceof DERIA5String;
                break;
            default:
                throw new RuntimeException("should not reach here, unknown StringType " + stringType);
        }
        return z;
    }

    private static String getRdnTextValueOfRequest(RDN rdn) throws BadCertTemplateException {
        ASN1ObjectIdentifier type = rdn.getFirst().getType();
        ASN1GeneralizedTime value = rdn.getFirst().getValue();
        if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(type)) {
            if (value instanceof ASN1GeneralizedTime) {
                return value.getTimeString();
            }
            throw new BadCertTemplateException("requested RDN is not of GeneralizedTime");
        }
        if (!ObjectIdentifiers.DN_POSTAL_ADDRESS.equals(type)) {
            return X509Util.rdnValueToString(value);
        }
        if (!(value instanceof ASN1Sequence)) {
            throw new BadCertTemplateException("requested RDN is not of Sequence");
        }
        ASN1Sequence aSN1Sequence = (ASN1Sequence) value;
        int size = aSN1Sequence.size();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < size; i++) {
            sb.append("[").append(i).append("]=").append(X509Util.rdnValueToString(aSN1Sequence.getObjectAt(i))).append(",");
        }
        return sb.toString();
    }

    private static ValidationIssue createSubjectIssue(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        ValidationIssue validationIssue;
        String name = ObjectIdentifiers.getName(aSN1ObjectIdentifier);
        if (name == null) {
            validationIssue = new ValidationIssue("X509.SUBJECT." + aSN1ObjectIdentifier.getId().replace('.', '_'), "attribute " + aSN1ObjectIdentifier.getId());
        } else {
            validationIssue = new ValidationIssue("X509.SUBJECT." + name, "attribute " + name + " (" + aSN1ObjectIdentifier.getId() + ")");
        }
        return validationIssue;
    }

    private static String getAtvValueString(String str, AttributeTypeAndValue attributeTypeAndValue, StringType stringType, StringBuilder sb) {
        ASN1ObjectIdentifier type = attributeTypeAndValue.getType();
        ASN1GeneralizedTime value = attributeTypeAndValue.getValue();
        if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(type)) {
            if (value instanceof ASN1GeneralizedTime) {
                return value.getTimeString();
            }
            sb.append(str).append(" is not of type GeneralizedTime; ");
            return null;
        }
        if (!ObjectIdentifiers.DN_POSTAL_ADDRESS.equals(type)) {
            if (matchStringType(value, stringType)) {
                return X509Util.rdnValueToString(value);
            }
            sb.append(str).append(" is not of type " + stringType.name()).append("; ");
            return null;
        }
        if (!(value instanceof ASN1Sequence)) {
            sb.append(str).append(" is not of type Sequence; ");
            return null;
        }
        ASN1Sequence aSN1Sequence = (ASN1Sequence) value;
        int size = aSN1Sequence.size();
        StringBuilder sb2 = new StringBuilder();
        boolean z = true;
        int i = 0;
        while (true) {
            if (i >= size) {
                break;
            }
            ASN1Encodable objectAt = aSN1Sequence.getObjectAt(i);
            if (!matchStringType(objectAt, stringType)) {
                sb.append(str).append(".[").append(i).append("] is not of type ").append(stringType.name()).append("; ");
                z = false;
                break;
            }
            sb2.append("[").append(i).append("]=").append(X509Util.rdnValueToString(objectAt)).append(",");
            i++;
        }
        if (z) {
            return sb2.toString();
        }
        return null;
    }
}
