package org.wildfly.security.x500.cert;

import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
import org.wildfly.common.iteration.CodePointIterator;
import org.wildfly.security.x500.GeneralName;
import org.wildfly.security.x500.X500;
import org.wildfly.security.x500.cert._private.ElytronMessages;

/* loaded from: input_file:com/redhat/insights/jars/earApp.ear:org.wildfly.security-wildfly-elytron-x500-cert-2.0.0.Final.jar:org/wildfly/security/x500/cert/CertUtil.class */
class CertUtil {
    private static final String BASIC_CONSTRAINTS = "BasicConstraints";
    private static final String KEY_USAGE = "KeyUsage";
    private static final String CE_EXT_KEY_USAGE = "ExtendedKeyUsage";
    private static final String CE_SUBJECT_ALT_NAME = "SubjectAlternativeName";
    private static final String CE_ISSUER_ALT_NAME = "IssuerAlternativeName";
    private static final String PE_AUTHORITY_INFO_ACCESS = "AuthorityInfoAccess";
    private static final String PE_SUBJECT_INFO_ACCESS = "SubjectInfoAccess";
    private static final String CA = "ca";
    private static final String PATH_LEN = "pathlen";
    private static final String KP_SERVER_AUTH = "serverAuth";
    private static final String KP_CLIENT_AUTH = "clientAuth";
    private static final String KP_CODE_SIGNING = "codeSigning";
    private static final String KP_EMAIL_PROTECTION = "emailProtection";
    private static final String KP_TIME_STAMPING = "timeStamping";
    private static final String KP_OCSP_SIGNING = "OCSPSigning";
    private static final String AD_OCSP = "ocsp";
    private static final String AD_CA_ISSUERS = "caIssuers";
    private static final String AD_TIME_STAMPING = "timeStamping";
    private static final String AD_CA_REPOSITORY = "caRepository";
    private static final String URI = "URI";
    private static final String EMAIL = "EMAIL";
    private static final String DNS = "DNS";
    private static final String IP = "IP";
    private static final String OID = "OID";
    private static final String[] ALT_NAMES_TYPES = {EMAIL, "URI", DNS, IP, OID};
    private static final int[] DELIMS = {44, 32};

    CertUtil() {
    }

    public static X509CertificateExtension getX509CertificateExtension(boolean z, String str, String str2) throws IllegalArgumentException {
        X509CertificateExtension subjectInformationAccessExtension;
        try {
            if (str.equalsIgnoreCase(BASIC_CONSTRAINTS)) {
                CodePointIterator ofString = CodePointIterator.ofString(str2);
                CodePointIterator delimitedBy = ofString.delimitedBy(DELIMS);
                boolean parseBoolean = Boolean.parseBoolean(getKeyValue(CA, delimitedBy.drainToString()));
                skipDelims(delimitedBy, ofString, DELIMS);
                int i = -1;
                if (delimitedBy.hasNext()) {
                    i = Integer.parseInt(getKeyValue(PATH_LEN, delimitedBy.drainToString()));
                }
                subjectInformationAccessExtension = new BasicConstraintsExtension(z, parseBoolean, i);
            } else if (str.equalsIgnoreCase(KEY_USAGE)) {
                CodePointIterator ofString2 = CodePointIterator.ofString(str2);
                CodePointIterator delimitedBy2 = ofString2.delimitedBy(DELIMS);
                if (!delimitedBy2.hasNext()) {
                    throw ElytronMessages.log.invalidCertificateExtensionStringValue(str2);
                }
                ArrayList arrayList = new ArrayList();
                while (delimitedBy2.hasNext()) {
                    KeyUsage forName = KeyUsage.forName(delimitedBy2.drainToString());
                    if (forName == null) {
                        throw ElytronMessages.log.invalidCertificateExtensionStringValue(str2);
                    }
                    arrayList.add(forName);
                    skipDelims(delimitedBy2, ofString2, DELIMS);
                }
                subjectInformationAccessExtension = new KeyUsageExtension(z, (KeyUsage[]) arrayList.toArray(new KeyUsage[arrayList.size()]));
            } else if (str.equalsIgnoreCase(CE_EXT_KEY_USAGE)) {
                CodePointIterator ofString3 = CodePointIterator.ofString(str2);
                CodePointIterator delimitedBy3 = ofString3.delimitedBy(DELIMS);
                if (!delimitedBy3.hasNext()) {
                    throw ElytronMessages.log.invalidCertificateExtensionStringValue(str2);
                }
                ArrayList arrayList2 = new ArrayList();
                while (delimitedBy3.hasNext()) {
                    arrayList2.add(oidFromKeyPurpose(delimitedBy3.drainToString()));
                    skipDelims(delimitedBy3, ofString3, DELIMS);
                }
                subjectInformationAccessExtension = new ExtendedKeyUsageExtension(z, arrayList2);
            } else if (str.equalsIgnoreCase(CE_SUBJECT_ALT_NAME)) {
                subjectInformationAccessExtension = new SubjectAlternativeNamesExtension(z, getGeneralNames(str2));
            } else if (str.equalsIgnoreCase(CE_ISSUER_ALT_NAME)) {
                subjectInformationAccessExtension = new IssuerAlternativeNamesExtension(z, getGeneralNames(str2));
            } else if (str.equalsIgnoreCase(PE_AUTHORITY_INFO_ACCESS)) {
                if (z) {
                    throw ElytronMessages.log.certificateExtensionMustBeNonCritical(str);
                }
                subjectInformationAccessExtension = new AuthorityInformationAccessExtension(getAccessDescriptions(str2));
            } else {
                if (!str.equalsIgnoreCase(PE_SUBJECT_INFO_ACCESS)) {
                    throw ElytronMessages.log.certificateExtensionCreationFromStringNotSupported(str);
                }
                if (z) {
                    throw ElytronMessages.log.certificateExtensionMustBeNonCritical(str);
                }
                subjectInformationAccessExtension = new SubjectInformationAccessExtension(getAccessDescriptions(str2));
            }
            return subjectInformationAccessExtension;
        } catch (Exception e) {
            throw ElytronMessages.log.certificateExtensionCreationFromStringFailed(e);
        }
    }

    private static void skipDelims(CodePointIterator codePointIterator, CodePointIterator codePointIterator2, int... iArr) throws IllegalArgumentException {
        while (!codePointIterator.hasNext() && codePointIterator2.hasNext()) {
            if (!isDelim(codePointIterator2.next(), iArr)) {
                throw ElytronMessages.log.invalidCertificateExtensionStringValue();
            }
        }
    }

    private static boolean isDelim(int i, int... iArr) {
        for (int i2 : iArr) {
            if (i2 == i) {
                return true;
            }
        }
        return false;
    }

    private static String getKeyValue(String str, String str2) throws IllegalArgumentException {
        CodePointIterator ofString = CodePointIterator.ofString(str2);
        CodePointIterator delimitedBy = ofString.delimitedBy(58);
        if (!str.equalsIgnoreCase(delimitedBy.drainToString())) {
            throw ElytronMessages.log.invalidCertificateExtensionStringValue(str2);
        }
        skipDelims(delimitedBy, ofString, 58);
        return delimitedBy.drainToString();
    }

    private static String oidFromKeyPurpose(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -1826478197:
                if (str.equals(KP_SERVER_AUTH)) {
                    z = false;
                    break;
                }
                break;
            case 157446037:
                if (str.equals(KP_EMAIL_PROTECTION)) {
                    z = 3;
                    break;
                }
                break;
            case 1101883411:
                if (str.equals(KP_CLIENT_AUTH)) {
                    z = true;
                    break;
                }
                break;
            case 1183603288:
                if (str.equals(KP_CODE_SIGNING)) {
                    z = 2;
                    break;
                }
                break;
            case 1242227860:
                if (str.equals(KP_OCSP_SIGNING)) {
                    z = 5;
                    break;
                }
                break;
            case 1654666028:
                if (str.equals("timeStamping")) {
                    z = 4;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return X500.OID_KP_SERVER_AUTH;
            case true:
                return X500.OID_KP_CLIENT_AUTH;
            case true:
                return X500.OID_KP_CODE_SIGNING;
            case true:
                return X500.OID_KP_EMAIL_PROTECTION;
            case true:
                return X500.OID_KP_TIME_STAMPING;
            case true:
                return X500.OID_KP_OCSP_SIGNING;
            default:
                return str;
        }
    }

    private static List<GeneralName> getGeneralNames(String str) throws IllegalArgumentException {
        CodePointIterator ofString = CodePointIterator.ofString(str);
        CodePointIterator delimitedBy = ofString.delimitedBy(DELIMS);
        if (!delimitedBy.hasNext()) {
            throw ElytronMessages.log.invalidCertificateExtensionStringValue(str);
        }
        ArrayList arrayList = new ArrayList();
        while (delimitedBy.hasNext()) {
            arrayList.add(getGeneralName(delimitedBy.drainToString()));
            skipDelims(delimitedBy, ofString, DELIMS);
        }
        return arrayList;
    }

    private static GeneralName getGeneralName(String str) throws IllegalArgumentException {
        CodePointIterator ofString = CodePointIterator.ofString(str);
        CodePointIterator delimitedBy = ofString.delimitedBy(58);
        String drainToString = delimitedBy.drainToString();
        for (String str2 : ALT_NAMES_TYPES) {
            if (str2.equalsIgnoreCase(drainToString)) {
                skipDelims(delimitedBy, ofString, 58);
                String drainToString2 = ofString.drainToString();
                String upperCase = drainToString.toUpperCase(Locale.ENGLISH);
                boolean z = -1;
                switch (upperCase.hashCode()) {
                    case 2343:
                        if (upperCase.equals(IP)) {
                            z = 3;
                            break;
                        }
                        break;
                    case 67849:
                        if (upperCase.equals(DNS)) {
                            z = 2;
                            break;
                        }
                        break;
                    case 78250:
                        if (upperCase.equals(OID)) {
                            z = 4;
                            break;
                        }
                        break;
                    case 84300:
                        if (upperCase.equals("URI")) {
                            z = true;
                            break;
                        }
                        break;
                    case 66081660:
                        if (upperCase.equals(EMAIL)) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        return new GeneralName.RFC822Name(drainToString2);
                    case true:
                        return new GeneralName.URIName(drainToString2);
                    case true:
                        return new GeneralName.DNSName(drainToString2);
                    case true:
                        return new GeneralName.IPAddress(drainToString2);
                    case true:
                        return new GeneralName.RegisteredID(drainToString2);
                    default:
                        throw ElytronMessages.log.invalidCertificateExtensionStringValue(str);
                }
            }
        }
        throw ElytronMessages.log.invalidCertificateExtensionStringValue(str);
    }

    private static List<AccessDescription> getAccessDescriptions(String str) throws IllegalArgumentException {
        CodePointIterator ofString = CodePointIterator.ofString(str);
        CodePointIterator delimitedBy = ofString.delimitedBy(DELIMS);
        if (!delimitedBy.hasNext()) {
            throw ElytronMessages.log.invalidCertificateExtensionStringValue(str);
        }
        ArrayList arrayList = new ArrayList();
        while (delimitedBy.hasNext()) {
            arrayList.add(getAccessDescription(delimitedBy.drainToString()));
            skipDelims(delimitedBy, ofString, DELIMS);
        }
        return arrayList;
    }

    private static AccessDescription getAccessDescription(String str) throws IllegalArgumentException {
        CodePointIterator ofString = CodePointIterator.ofString(str);
        CodePointIterator delimitedBy = ofString.delimitedBy(58);
        if (!delimitedBy.hasNext()) {
            throw ElytronMessages.log.invalidCertificateExtensionStringValue(str);
        }
        String oidFromMethod = oidFromMethod(delimitedBy.drainToString());
        skipDelims(delimitedBy, ofString, 58);
        return new AccessDescription(oidFromMethod, getGeneralName(ofString.drainToString()));
    }

    private static String oidFromMethod(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -1825019236:
                if (str.equals(AD_CA_ISSUERS)) {
                    z = true;
                    break;
                }
                break;
            case 3405617:
                if (str.equals(AD_OCSP)) {
                    z = false;
                    break;
                }
                break;
            case 1332962888:
                if (str.equals(AD_CA_REPOSITORY)) {
                    z = 3;
                    break;
                }
                break;
            case 1654666028:
                if (str.equals("timeStamping")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return X500.OID_AD_OCSP;
            case true:
                return X500.OID_AD_CA_ISSUERS;
            case true:
                return X500.OID_AD_TIME_STAMPING;
            case true:
                return X500.OID_AD_CA_REPOSITORY;
            default:
                return str;
        }
    }
}
