package monalisa.security.gss.globusutils.bc;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import monalisa.security.gss.globusutils.Certs.CertUtil;
import monalisa.security.gss.globusutils.Certs.TrustedCertificates;
import monalisa.security.gss.globusutils.proxy.ext.ProxyCertInfo;
import monalisa.security.gss.globusutils.proxy.ext.ProxyPolicy;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERBoolean;
import org.bouncycastle.asn1.DERInputStream;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.provider.X509CertificateObject;

/* loaded from: input_file:monalisa/security/gss/globusutils/bc/BouncyCastleUtil.class */
public class BouncyCastleUtil {
    public static byte[] toByteArray(DERObject dERObject) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new DEROutputStream(byteArrayOutputStream).writeObject(dERObject);
        return byteArrayOutputStream.toByteArray();
    }

    public static DERObject toDERObject(byte[] bArr) throws IOException {
        return new DERInputStream(new ByteArrayInputStream(bArr)).readObject();
    }

    public static DERObject duplicate(DERObject dERObject) throws IOException {
        return toDERObject(toByteArray(dERObject));
    }

    public static TBSCertificateStructure getTBSCertificateStructure(X509Certificate x509Certificate) throws CertificateEncodingException, IOException {
        return TBSCertificateStructure.getInstance(toDERObject(x509Certificate.getTBSCertificate()));
    }

    public static DERObject getExtensionObject(X509Extension x509Extension) throws IOException {
        return toDERObject(x509Extension.getValue().getOctets());
    }

    public static int getCertificateType(X509Certificate x509Certificate, TrustedCertificates trustedCertificates) throws CertificateException {
        try {
            return getCertificateType(getTBSCertificateStructure(x509Certificate), trustedCertificates);
        } catch (IOException e) {
            throw new CertificateException();
        }
    }

    public static int getCertificateType(X509Certificate x509Certificate) throws CertificateException {
        try {
            return getCertificateType(getTBSCertificateStructure(x509Certificate));
        } catch (IOException e) {
            throw new CertificateException(e.getMessage());
        }
    }

    public static int getCertificateType(TBSCertificateStructure tBSCertificateStructure, TrustedCertificates trustedCertificates) throws CertificateException, IOException {
        int certificateType = getCertificateType(tBSCertificateStructure);
        if (certificateType == 3) {
            if (trustedCertificates == null) {
                trustedCertificates = TrustedCertificates.getDefaultTrustedCertificates();
            }
            if (trustedCertificates != null && trustedCertificates.getCertificate(tBSCertificateStructure.getSubject().toString()) != null) {
                certificateType = 4;
            }
        }
        return certificateType;
    }

    public static int getCertificateType(TBSCertificateStructure tBSCertificateStructure) throws CertificateException, IOException {
        X509Extension extension;
        X509Extension extension2;
        X509Extensions extensions = tBSCertificateStructure.getExtensions();
        if (extensions != null && (extension2 = extensions.getExtension(X509Extensions.BasicConstraints)) != null && getBasicConstraints(extension2).isCA()) {
            return 4;
        }
        int i = 3;
        X509Name subject = tBSCertificateStructure.getSubject();
        ASN1Set lastNameEntry = X509NameHelper.getLastNameEntry(subject);
        ASN1Sequence objectAt = lastNameEntry.getObjectAt(0);
        if (X509Name.CN.equals(objectAt.getObjectAt(0))) {
            String string = objectAt.getObjectAt(1).getString();
            if (string.equalsIgnoreCase("proxy")) {
                i = 10;
            } else if (string.equalsIgnoreCase("limited proxy")) {
                i = 11;
            } else if (extensions != null && (extension = extensions.getExtension(ProxyCertInfo.OID)) != null) {
                if (!extension.isCritical()) {
                    throw new CertificateException("ProxyCertInfo extension must be critical");
                }
                DERObjectIdentifier policyLanguage = getProxyCertInfo(extension).getProxyPolicy().getPolicyLanguage();
                i = ProxyPolicy.IMPERSONATION.equals(policyLanguage) ? 14 : ProxyPolicy.INDEPENDENT.equals(policyLanguage) ? 13 : ProxyPolicy.LIMITED.equals(policyLanguage) ? 15 : 12;
            }
            if (CertUtil.isProxy(i)) {
                X509NameHelper x509NameHelper = new X509NameHelper(tBSCertificateStructure.getIssuer());
                x509NameHelper.add((ASN1Set) duplicate(lastNameEntry));
                if (!x509NameHelper.getAsName().equals(subject)) {
                    throw new CertificateException("Issuer name + proxy CN entry is not equal to subject name");
                }
            }
        }
        return i;
    }

    public static boolean[] getKeyUsage(X509Extension x509Extension) throws IOException {
        DERBitString extensionObject = getExtensionObject(x509Extension);
        byte[] bytes = extensionObject.getBytes();
        int length = (bytes.length * 8) - extensionObject.getPadBits();
        boolean[] zArr = new boolean[length < 9 ? 9 : length];
        for (int i = 0; i != length; i++) {
            zArr[i] = (bytes[i / 8] & (128 >>> (i % 8))) != 0;
        }
        return zArr;
    }

    public static BasicConstraints getBasicConstraints(X509Extension x509Extension) throws IOException {
        ASN1Sequence extensionObject = getExtensionObject(x509Extension);
        if (extensionObject instanceof ASN1Sequence) {
            ASN1Sequence aSN1Sequence = extensionObject;
            int size = aSN1Sequence.size();
            if (size == 0) {
                return new BasicConstraints(false);
            }
            if (size == 1) {
                DERInteger objectAt = aSN1Sequence.getObjectAt(0);
                if (objectAt instanceof DERInteger) {
                    return new BasicConstraints(false, objectAt.getValue().intValue());
                }
                if (objectAt instanceof DERBoolean) {
                    return new BasicConstraints(((DERBoolean) objectAt).isTrue());
                }
            }
        }
        return BasicConstraints.getInstance(extensionObject);
    }

    public static ProxyCertInfo getProxyCertInfo(X509Extension x509Extension) throws IOException {
        return ProxyCertInfo.getInstance(getExtensionObject(x509Extension));
    }

    public static String getIdentity(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return null;
        }
        if (x509Certificate instanceof X509CertificateObject) {
            return X509NameHelper.toString(x509Certificate.getSubjectDN());
        }
        throw new IllegalArgumentException(new StringBuffer("Unexpected certificate type: ").append(x509Certificate.getClass()).toString());
    }

    public static String getIssuerIdentity(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return null;
        }
        if (x509Certificate instanceof X509CertificateObject) {
            return X509NameHelper.toString(x509Certificate.getIssuerDN());
        }
        throw new IllegalArgumentException(new StringBuffer("Unexpected certificate type: ").append(x509Certificate.getClass()).toString());
    }

    public static String getIdentity(X509Certificate[] x509CertificateArr) throws CertificateException {
        return getIdentity(getIdentityCertificate(x509CertificateArr));
    }

    public static X509Certificate getIdentityCertificate(X509Certificate[] x509CertificateArr) throws CertificateException {
        if (x509CertificateArr == null) {
            throw new IllegalArgumentException("chain == null");
        }
        for (int i = 0; i < x509CertificateArr.length; i++) {
            if (!CertUtil.isImpersonationProxy(getCertificateType(x509CertificateArr[i]))) {
                return x509CertificateArr[i];
            }
        }
        return null;
    }

    public static byte[] getExtensionValue(byte[] bArr) throws IOException {
        ASN1OctetString readObject = new DERInputStream(new ByteArrayInputStream(bArr)).readObject();
        if (readObject instanceof ASN1OctetString) {
            return readObject.getOctets();
        }
        throw new IOException("Expected octet string");
    }
}
