package com.karasiq.tls.x509;

import com.karasiq.tls.internal.BCConversions$DigestAlgorithm$;
import com.karasiq.tls.internal.BCConversions$SignatureDigestAlgorithm$;
import com.karasiq.tls.internal.TLSUtils$;
import com.typesafe.config.Config;
import com.typesafe.config.ConfigFactory;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Arrays;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509ExtensionUtils;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.StringContext;
import scala.collection.JavaConversions$;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.mutable.ArrayOps;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;

/* compiled from: X509Utils.scala */
/* loaded from: input_file:com/karasiq/tls/x509/X509Utils$.class */
public final class X509Utils$ {
    public static X509Utils$ MODULE$;
    private final Config config;

    static {
        new X509Utils$();
    }

    private Config config() {
        return this.config;
    }

    public boolean isCertificationAuthority(Certificate certificate) {
        return BoxesRunTime.unboxToBoolean(Option$.MODULE$.apply(BasicConstraints.fromExtensions(new X509CertificateHolder(certificate).getExtensions())).fold(() -> {
            return true;
        }, basicConstraints -> {
            return BoxesRunTime.boxToBoolean(basicConstraints.isCA());
        }));
    }

    public Option<Object> getPathLengthConstraint(Certificate certificate) {
        return Option$.MODULE$.apply(BasicConstraints.fromExtensions(new X509CertificateHolder(certificate).getExtensions())).collect(new X509Utils$$anonfun$getPathLengthConstraint$1());
    }

    public boolean isKeyUsageAllowed(Certificate certificate, int i) {
        return BoxesRunTime.unboxToBoolean(Option$.MODULE$.apply(KeyUsage.fromExtensions(new X509CertificateHolder(certificate).getExtensions())).fold(() -> {
            return true;
        }, keyUsage -> {
            return BoxesRunTime.boxToBoolean($anonfun$isKeyUsageAllowed$2(i, keyUsage));
        }));
    }

    public Option<GeneralNames> alternativeNamesOf(Certificate certificate) {
        return Option$.MODULE$.apply(GeneralNames.fromExtensions(new X509CertificateHolder(certificate).getExtensions(), Extension.subjectAlternativeName));
    }

    public Option<ASN1Encodable> alternativeNameOf(Certificate certificate, int i) {
        return alternativeNamesOf(certificate).flatMap(generalNames -> {
            return new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(generalNames.getNames())).find(generalName -> {
                return BoxesRunTime.boxToBoolean($anonfun$alternativeNameOf$2(i, generalName));
            }).map(generalName2 -> {
                return generalName2.getName();
            });
        });
    }

    private Seq<String> verifyAlgorithms() {
        return JavaConversions$.MODULE$.deprecated$u0020asScalaBuffer(config().getStringList("key-id-verify-with"));
    }

    public Option<Object> verifyAuthorityIdentifier(Certificate certificate, Certificate certificate2) {
        return Option$.MODULE$.apply(AuthorityKeyIdentifier.fromExtensions(new X509CertificateHolder(certificate).getExtensions())).map(authorityKeyIdentifier -> {
            return BoxesRunTime.boxToBoolean($anonfun$verifyAuthorityIdentifier$1(certificate2, authorityKeyIdentifier));
        });
    }

    public Option<Object> verifyPublicKeyIdentifier(Certificate certificate, SubjectPublicKeyInfo subjectPublicKeyInfo) {
        return Option$.MODULE$.apply(SubjectKeyIdentifier.fromExtensions(new X509CertificateHolder(certificate).getExtensions())).map(subjectKeyIdentifier -> {
            return BoxesRunTime.boxToBoolean($anonfun$verifyPublicKeyIdentifier$1(subjectPublicKeyInfo, subjectKeyIdentifier));
        });
    }

    public Seq<String> getCrlDistributionUrls(Certificate certificate) {
        return ((Seq) CertExtension$.MODULE$.extensionsOf(certificate).collect(new X509Utils$$anonfun$1(), Seq$.MODULE$.canBuildFrom())).toSeq().flatten(strArr -> {
            return new ArrayOps.ofRef($anonfun$getCrlDistributionUrls$1(strArr));
        });
    }

    public Option<String> getIssuerUrl(Certificate certificate) {
        return Option$.MODULE$.apply(new X509CertificateHolder(certificate).getExtension(Extension.authorityInfoAccess)).flatMap(extension -> {
            return new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(AuthorityInformationAccess.getInstance(extension).getAccessDescriptions())).find(accessDescription -> {
                return BoxesRunTime.boxToBoolean($anonfun$getIssuerUrl$2(accessDescription));
            }).map(accessDescription2 -> {
                return accessDescription2.getAccessLocation().getName().toString();
            });
        });
    }

    public Option<String> getOcspUrl(Certificate certificate) {
        return Option$.MODULE$.apply(new X509CertificateHolder(certificate).getExtensions().getExtensionParsedValue(Extension.authorityInfoAccess)).flatMap(aSN1Encodable -> {
            return new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(AuthorityInformationAccess.getInstance(aSN1Encodable.toASN1Primitive()).getAccessDescriptions())).find(accessDescription -> {
                return BoxesRunTime.boxToBoolean($anonfun$getOcspUrl$2(accessDescription));
            }).map(accessDescription2 -> {
                return accessDescription2.getAccessLocation().getName().toString();
            });
        });
    }

    public Instant expireDays(int i) {
        return Instant.now().plus(i, (TemporalUnit) ChronoUnit.DAYS);
    }

    public Instant defaultExpire() {
        return expireDays(config().getInt("expire-days"));
    }

    public int defaultKeySize(String str) {
        return config().getInt(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", "-key-size"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str.toLowerCase()})));
    }

    public String defaultKeySize$default$1() {
        return "RSA";
    }

    public String defaultSignatureHash() {
        return config().getString("sign-algorithm");
    }

    public ECParameterSpec defaultEllipticCurve() {
        return TLSUtils$.MODULE$.getEllipticCurve(config().getString("ecdsa-curve"));
    }

    public X500Name subject(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        X500NameBuilder x500NameBuilder = new X500NameBuilder();
        Predef$.MODULE$.assert(str != null, () -> {
            return "Common name required";
        });
        checkLength$1(str, checkLength$default$2$1(), checkLength$default$3$1());
        x500NameBuilder.addRDN(BCStyle.CN, str);
        if (str2 != null) {
            checkLength$1(str2, 2, 2);
            x500NameBuilder.addRDN(BCStyle.C, str2);
        } else {
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        }
        if (str3 != null) {
            checkLength$1(str3, checkLength$default$2$1(), checkLength$default$3$1());
            x500NameBuilder.addRDN(BCStyle.ST, str3);
        } else {
            BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
        }
        if (str4 != null) {
            checkLength$1(str4, checkLength$default$2$1(), checkLength$default$3$1());
            x500NameBuilder.addRDN(BCStyle.L, str4);
        } else {
            BoxedUnit boxedUnit3 = BoxedUnit.UNIT;
        }
        if (str5 != null) {
            checkLength$1(str5, checkLength$default$2$1(), checkLength$default$3$1());
            x500NameBuilder.addRDN(BCStyle.O, str5);
        } else {
            BoxedUnit boxedUnit4 = BoxedUnit.UNIT;
        }
        if (str6 != null) {
            checkLength$1(str6, checkLength$default$2$1(), checkLength$default$3$1());
            x500NameBuilder.addRDN(BCStyle.OU, str6);
        } else {
            BoxedUnit boxedUnit5 = BoxedUnit.UNIT;
        }
        if (str7 != null) {
            x500NameBuilder.addRDN(BCStyle.E, str7);
        } else {
            BoxedUnit boxedUnit6 = BoxedUnit.UNIT;
        }
        return x500NameBuilder.build();
    }

    public String subject$default$2() {
        return null;
    }

    public String subject$default$3() {
        return null;
    }

    public String subject$default$4() {
        return null;
    }

    public String subject$default$5() {
        return null;
    }

    public String subject$default$6() {
        return null;
    }

    public String subject$default$7() {
        return null;
    }

    public ContentVerifierProvider contentVerifierProvider(Certificate certificate) {
        return new JcaContentVerifierProviderBuilder().setProvider(TLSUtils$.MODULE$.provider()).build(new X509CertificateHolder(certificate));
    }

    public ContentSigner contentSigner(PrivateKey privateKey, String str) {
        return new JcaContentSignerBuilder(BCConversions$SignatureDigestAlgorithm$.MODULE$.apply(privateKey.getAlgorithm(), str)).setProvider(TLSUtils$.MODULE$.provider()).build(privateKey);
    }

    public String contentSigner$default$2() {
        return defaultSignatureHash();
    }

    public X509ExtensionUtils extensionUtils(String str) {
        return new X509ExtensionUtils(new JcaDigestCalculatorProviderBuilder().setProvider(TLSUtils$.MODULE$.provider()).build().get(BCConversions$DigestAlgorithm$.MODULE$.apply(str)));
    }

    public String extensionUtils$default$1() {
        return config().getString("key-id-algorithm");
    }

    public static final /* synthetic */ boolean $anonfun$isKeyUsageAllowed$2(int i, KeyUsage keyUsage) {
        return keyUsage.hasUsages(i);
    }

    public static final /* synthetic */ boolean $anonfun$alternativeNameOf$2(int i, GeneralName generalName) {
        return generalName.getTagNo() == i;
    }

    public static final /* synthetic */ boolean $anonfun$verifyAuthorityIdentifier$3(AuthorityKeyIdentifier authorityKeyIdentifier, GeneralNames generalNames) {
        GeneralNames authorityCertIssuer = authorityKeyIdentifier.getAuthorityCertIssuer();
        return generalNames != null ? generalNames.equals(authorityCertIssuer) : authorityCertIssuer == null;
    }

    public static final /* synthetic */ boolean $anonfun$verifyAuthorityIdentifier$5(AuthorityKeyIdentifier authorityKeyIdentifier, BigInteger bigInteger) {
        return BoxesRunTime.equalsNumNum(bigInteger, authorityKeyIdentifier.getAuthorityCertSerialNumber());
    }

    public static final /* synthetic */ boolean $anonfun$verifyAuthorityIdentifier$1(Certificate certificate, AuthorityKeyIdentifier authorityKeyIdentifier) {
        AuthorityKeyIdentifier createAuthorityKeyIdentifier = MODULE$.extensionUtils(MODULE$.extensionUtils$default$1()).createAuthorityKeyIdentifier(new X509CertificateHolder(certificate));
        return BoxesRunTime.unboxToBoolean(Option$.MODULE$.apply(authorityKeyIdentifier.getAuthorityCertIssuer()).fold(() -> {
            return true;
        }, generalNames -> {
            return BoxesRunTime.boxToBoolean($anonfun$verifyAuthorityIdentifier$3(createAuthorityKeyIdentifier, generalNames));
        })) && BoxesRunTime.unboxToBoolean(Option$.MODULE$.apply(authorityKeyIdentifier.getAuthorityCertSerialNumber()).fold(() -> {
            return true;
        }, bigInteger -> {
            return BoxesRunTime.boxToBoolean($anonfun$verifyAuthorityIdentifier$5(createAuthorityKeyIdentifier, bigInteger));
        })) && Arrays.equals(createAuthorityKeyIdentifier.getKeyIdentifier(), authorityKeyIdentifier.getKeyIdentifier());
    }

    public static final /* synthetic */ boolean $anonfun$verifyPublicKeyIdentifier$1(SubjectPublicKeyInfo subjectPublicKeyInfo, SubjectKeyIdentifier subjectKeyIdentifier) {
        return Arrays.equals(MODULE$.extensionUtils(MODULE$.extensionUtils$default$1()).createSubjectKeyIdentifier(subjectPublicKeyInfo).getKeyIdentifier(), subjectKeyIdentifier.getKeyIdentifier());
    }

    public static final /* synthetic */ Object[] $anonfun$getCrlDistributionUrls$1(String[] strArr) {
        return Predef$.MODULE$.refArrayOps(strArr);
    }

    public static final /* synthetic */ boolean $anonfun$getIssuerUrl$2(AccessDescription accessDescription) {
        ASN1ObjectIdentifier accessMethod = accessDescription.getAccessMethod();
        ASN1ObjectIdentifier aSN1ObjectIdentifier = AccessDescription.id_ad_caIssuers;
        if (accessMethod != null ? accessMethod.equals(aSN1ObjectIdentifier) : aSN1ObjectIdentifier == null) {
            if (accessDescription.getAccessLocation().getTagNo() == 6) {
                return true;
            }
        }
        return false;
    }

    public static final /* synthetic */ boolean $anonfun$getOcspUrl$2(AccessDescription accessDescription) {
        ASN1ObjectIdentifier accessMethod = accessDescription.getAccessMethod();
        ASN1ObjectIdentifier aSN1ObjectIdentifier = AccessDescription.id_ad_ocsp;
        if (accessMethod != null ? accessMethod.equals(aSN1ObjectIdentifier) : aSN1ObjectIdentifier == null) {
            if (accessDescription.getAccessLocation().getTagNo() == 6) {
                return true;
            }
        }
        return false;
    }

    private static final void checkLength$1(String str, int i, int i2) {
        Predef$.MODULE$.assert(str.length() >= i2 && str.length() <= i, () -> {
            return new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Invalid data length: ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str}));
        });
    }

    private static final int checkLength$default$2$1() {
        return 64;
    }

    private static final int checkLength$default$3$1() {
        return 1;
    }

    private X509Utils$() {
        MODULE$ = this;
        this.config = ConfigFactory.load().getConfig("karasiq.tls.x509-defaults");
    }
}
