package com.wso2.openbanking.accelerator.common.util.eidas.certificate.extractor;

import com.wso2.openbanking.accelerator.common.exception.CertificateValidationException;
import com.wso2.openbanking.accelerator.common.util.eidas.certificate.extractor.common.PSD2QCStatement;
import com.wso2.openbanking.accelerator.common.util.eidas.certificate.extractor.common.PSD2QCType;
import com.wso2.openbanking.accelerator.common.util.eidas.certificate.extractor.common.PSPRole;
import com.wso2.openbanking.accelerator.common.util.eidas.certificate.extractor.error.CertValidationErrors;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;

/* loaded from: input_file:com/wso2/openbanking/accelerator/common/util/eidas/certificate/extractor/CertificateContentExtractor.class */
public class CertificateContentExtractor {
    private static final Log log = LogFactory.getLog(CertificateContentExtractor.class);

    private CertificateContentExtractor() {
    }

    public static CertificateContent extract(X509Certificate x509Certificate) throws CertificateValidationException {
        if (x509Certificate == null) {
            log.error("Error reading certificate ");
            throw new CertificateValidationException(CertValidationErrors.CERTIFICATE_INVALID.toString());
        }
        CertificateContent certificateContent = new CertificateContent();
        certificateContent.setNotAfter(x509Certificate.getNotAfter());
        certificateContent.setNotBefore(x509Certificate.getNotBefore());
        PSD2QCType psd2QCType = PSD2QCStatement.getPsd2QCType(x509Certificate);
        List<PSPRole> roles = psd2QCType.getPspRoles().getRoles();
        ArrayList arrayList = new ArrayList();
        Iterator<PSPRole> it = roles.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getPsd2RoleName());
        }
        certificateContent.setPspRoles(arrayList);
        certificateContent.setNcaName(psd2QCType.getnCAName().getString());
        certificateContent.setNcaId(psd2QCType.getnCAId().getString());
        try {
            X500Name subject = new JcaX509CertificateHolder(x509Certificate).getSubject();
            certificateContent.setPspAuthorisationNumber(getNameValueFromX500Name(subject, BCStyle.ORGANIZATION_IDENTIFIER));
            certificateContent.setName(getNameValueFromX500Name(subject, BCStyle.CN));
            if (log.isDebugEnabled()) {
                log.debug("Extracted TPP eIDAS certificate data: [ " + certificateContent.toString() + " ]");
            }
            return certificateContent;
        } catch (CertificateEncodingException e) {
            log.error("Certificate read error. caused by, ", e);
            throw new CertificateValidationException(CertValidationErrors.CERTIFICATE_INVALID.toString(), e);
        }
    }

    private static String getNameValueFromX500Name(X500Name x500Name, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return ArrayUtils.contains(x500Name.getAttributeTypes(), aSN1ObjectIdentifier) ? IETFUtils.valueToString(x500Name.getRDNs(aSN1ObjectIdentifier)[0].getFirst().getValue()) : "";
    }
}
