package org.cesecore.certificates.certificate;

import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Logger;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.util.encoders.Base64;
import org.cesecore.keys.util.KeyTools;
import org.cesecore.util.CertTools;

/* loaded from: input_file:org/cesecore/certificates/certificate/HashID.class */
public class HashID {
    private static final Logger log = Logger.getLogger(HashID.class);
    private final boolean isOK;
    private final String b64;
    private final String b64url;
    private final Integer key;

    private HashID(byte[] bArr) {
        String str = new String(Base64.encode(bArr));
        if (str.length() == 28 && str.charAt(27) == '=') {
            this.isOK = true;
            this.b64 = str.substring(0, 27);
        } else {
            this.isOK = false;
            this.b64 = str;
        }
        this.b64url = this.b64.replaceAll("\\+", "%2B");
        this.key = Integer.valueOf(new BigInteger(bArr).hashCode());
    }

    private static byte[] hashFromPrincipalDN(X500Principal x500Principal) {
        return CertTools.generateSHA1Fingerprint(x500Principal.getEncoded());
    }

    private static HashID getFromDN(X500Principal x500Principal) {
        HashID hashID = new HashID(hashFromPrincipalDN(x500Principal));
        if (!hashID.isOK) {
            log.error("The DN '" + x500Principal.getName() + "' has a non valid Hash identification string: " + hashID.b64);
        } else if (log.isDebugEnabled()) {
            log.debug("The DN '" + x500Principal.getName() + "' is identified by the Hash string '" + hashID.b64 + "' when accessing the VA.");
        }
        return hashID;
    }

    public static HashID getFromSubjectDN(X509Certificate x509Certificate) {
        return getFromDN(x509Certificate.getSubjectX500Principal());
    }

    public static HashID getFromIssuerDN(X509Certificate x509Certificate) {
        return getFromDN(x509Certificate.getIssuerX500Principal());
    }

    public static HashID getFromIssuerDN(X509CertificateHolder x509CertificateHolder) throws CertificateException {
        return getFromIssuerDN(new JcaX509CertificateConverter().getCertificate(x509CertificateHolder));
    }

    public static HashID getFromDNString(String str) {
        return getFromDN(new X500Principal(new X509Principal(CertTools.isDNReversed(str) ? CertTools.reverseDN(str) : str).getEncoded()));
    }

    public static HashID getFromB64(String str) {
        return new HashID(Base64.decode(str.length() == 27 ? str + '=' : str));
    }

    public static HashID getFromKeyID(X509Certificate x509Certificate) {
        HashID hashID = new HashID(KeyTools.createSubjectKeyId(x509Certificate.getPublicKey()).getKeyIdentifier());
        if (!hashID.isOK) {
            log.error("The certificate with subject DN '" + x509Certificate.getSubjectX500Principal().getName() + "' gives a sKIDHash with a not valid format: " + hashID.b64);
        } else if (log.isDebugEnabled()) {
            log.debug("The certificate with subject DN '" + x509Certificate.getSubjectX500Principal().getName() + "' can be fetched with 'search.cgi?sKIDHash=" + hashID.b64 + "' from the VA.");
        }
        return hashID;
    }

    public static HashID getFromAuthorityKeyId(X509Certificate x509Certificate) throws IOException {
        if (CertTools.getAuthorityKeyId(x509Certificate) == null) {
            return null;
        }
        HashID hashID = new HashID(CertTools.getAuthorityKeyId(x509Certificate));
        if (!hashID.isOK) {
            log.error("The certificate with subject DN '" + x509Certificate.getSubjectX500Principal().getName() + "' don't have a valid AuthorityKeyId: " + hashID.b64);
        }
        return hashID;
    }

    public String getB64url() {
        return this.b64url;
    }

    public Integer getKey() {
        return this.key;
    }

    public String getB64() {
        return this.b64;
    }
}
