package org.openoces.ooapi.validation;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.openoces.ooapi.exceptions.NonOcesCertificateException;

/* loaded from: input_file:org/openoces/ooapi/validation/CRLDistributionPointsExtractor.class */
public class CRLDistributionPointsExtractor {
    public static CRLDistributionPoints extractCRLDistributionPoints(X509Certificate x509Certificate) {
        CRLDistPoint extractCrlDistributionPointsExtension = extractCrlDistributionPointsExtension(x509Certificate);
        return new CRLDistributionPoints(extractFullCrlDistributionPoint(extractCrlDistributionPointsExtension), extractPartitionedCrlDistributionPoint(extractCrlDistributionPointsExtension));
    }

    private static CRLDistPoint extractCrlDistributionPointsExtension(X509Certificate x509Certificate) {
        Extensions extractExtensions = extractExtensions(x509Certificate);
        Enumeration oids = extractExtensions.oids();
        while (oids.hasMoreElements()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) oids.nextElement();
            if (aSN1ObjectIdentifier.equals(Extension.cRLDistributionPoints)) {
                return convertToCRLDistPoint(extractExtensions, aSN1ObjectIdentifier);
            }
        }
        throw new NonOcesCertificateException("Not an OCES certificate: Missing CRL distribution points extension");
    }

    private static String extractFullCrlDistributionPoint(CRLDistPoint cRLDistPoint) {
        DERIA5String extractGeneralName = extractGeneralName(cRLDistPoint, 6);
        if (extractGeneralName != null) {
            return extractGeneralName.getString();
        }
        return null;
    }

    private static String extractPartitionedCrlDistributionPoint(CRLDistPoint cRLDistPoint) {
        ASN1Encodable extractGeneralName = extractGeneralName(cRLDistPoint, 4);
        if (extractGeneralName == null) {
            return null;
        }
        return extractPartitionedCrlDistributionPoint(extractGeneralName);
    }

    private static String extractPartitionedCrlDistributionPoint(ASN1Encodable aSN1Encodable) {
        String str = "";
        String str2 = "";
        for (RDN rdn : ((X500Name) aSN1Encodable).getRDNs()) {
            AttributeTypeAndValue first = rdn.getFirst();
            str = BCStyle.INSTANCE.oidToDisplayName(first.getType()) + "=" + first.getValue().getString() + str2 + str;
            str2 = ",";
        }
        return str;
    }

    private static Extensions extractExtensions(X509Certificate x509Certificate) {
        return extractExtensions(toAsn1(x509Certificate));
    }

    private static CRLDistPoint convertToCRLDistPoint(Extensions extensions, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        try {
            return CRLDistPoint.getInstance(new ASN1InputStream(new ByteArrayInputStream(extensions.getExtension(aSN1ObjectIdentifier).getExtnValue().getOctets())).readObject());
        } catch (IOException e) {
            throw new IllegalStateException("IO error while extracting CRL Distribution points", e);
        }
    }

    private static ASN1Sequence toAsn1(X509Certificate x509Certificate) {
        try {
            return new ASN1InputStream(x509Certificate.getEncoded()).readObject();
        } catch (IOException e) {
            throw new IllegalStateException("IO error while extracting CRL Distribution points", e);
        } catch (CertificateEncodingException e2) {
            throw new IllegalStateException("Error while extracting CRL Distribution points", e2);
        }
    }

    private static Extensions extractExtensions(ASN1Sequence aSN1Sequence) {
        Extensions extensions = Certificate.getInstance(aSN1Sequence).getTBSCertificate().getExtensions();
        if (extensions == null) {
            throw new NonOcesCertificateException("No X509 extensions found");
        }
        return extensions;
    }

    private static ASN1Encodable extractGeneralName(CRLDistPoint cRLDistPoint, int i) {
        for (DistributionPoint distributionPoint : cRLDistPoint.getDistributionPoints()) {
            DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
            if (distributionPoint2.getType() == 0) {
                for (GeneralName generalName : GeneralNames.getInstance(distributionPoint2.getName()).getNames()) {
                    if (generalName.getTagNo() == i) {
                        return generalName.getName();
                    }
                }
            }
        }
        return null;
    }
}
