package org.cesecore.keybind.impl;

import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.cesecore.config.AvailableExtendedKeyUsagesConfiguration;
import org.cesecore.keybind.CertificateImportException;
import org.cesecore.keybind.InternalKeyBindingBase;
import org.cesecore.util.CertTools;
import org.cesecore.util.ui.DynamicUiProperty;

/* loaded from: input_file:org/cesecore/keybind/impl/OcspKeyBinding.class */
public class OcspKeyBinding extends InternalKeyBindingBase {
    private static final long serialVersionUID = 1;
    private static final Logger log = Logger.getLogger(OcspKeyBinding.class);
    public static final String IMPLEMENTATION_ALIAS = "OcspKeyBinding";
    public static final String PROPERTY_NON_EXISTING_GOOD = "nonexistingisgood";
    public static final String PROPERTY_NON_EXISTING_REVOKED = "nonexistingisrevoked";
    public static final String PROPERTY_NON_EXISTING_UNAUTHORIZED = "nonexistingisunauthorized";
    public static final String PROPERTY_INCLUDE_CERT_CHAIN = "includecertchain";
    public static final String PROPERTY_INCLUDE_SIGN_CERT = "includesigncert";
    public static final String PROPERTY_RESPONDER_ID_TYPE = "responderidtype";
    public static final String PROPERTY_REQUIRE_TRUSTED_SIGNATURE = "requireTrustedSignature";
    public static final String PROPERTY_UNTIL_NEXT_UPDATE = "untilNextUpdate";
    public static final String PROPERTY_MAX_AGE = "maxAge";
    public static final String PROPERTY_ENABLE_NONCE = "enableNonce";

    /* loaded from: input_file:org/cesecore/keybind/impl/OcspKeyBinding$ResponderIdType.class */
    public enum ResponderIdType {
        KEYHASH(2, "KeyHash"),
        NAME(1, "Name");

        private final int numericValue;
        private final String label;
        private static Map<Integer, ResponderIdType> numericValueLookupMap = new HashMap();

        ResponderIdType(int i, String str) {
            this.numericValue = i;
            this.label = str;
        }

        public int getNumericValue() {
            return this.numericValue;
        }

        public String getLabel() {
            return this.label;
        }

        public static ResponderIdType getFromNumericValue(int i) {
            return numericValueLookupMap.get(Integer.valueOf(i));
        }

        static {
            for (ResponderIdType responderIdType : values()) {
                numericValueLookupMap.put(Integer.valueOf(responderIdType.getNumericValue()), responderIdType);
            }
        }
    }

    public OcspKeyBinding() {
        addProperty(new DynamicUiProperty<>(PROPERTY_NON_EXISTING_GOOD, Boolean.FALSE));
        addProperty(new DynamicUiProperty<>(PROPERTY_NON_EXISTING_REVOKED, Boolean.FALSE));
        addProperty(new DynamicUiProperty<>(PROPERTY_NON_EXISTING_UNAUTHORIZED, Boolean.FALSE));
        addProperty(new DynamicUiProperty<>(PROPERTY_INCLUDE_CERT_CHAIN, Boolean.TRUE));
        addProperty(new DynamicUiProperty<>(PROPERTY_INCLUDE_SIGN_CERT, Boolean.TRUE));
        addProperty(new DynamicUiProperty<>(PROPERTY_RESPONDER_ID_TYPE, ResponderIdType.KEYHASH.name(), Arrays.asList(ResponderIdType.KEYHASH.name(), ResponderIdType.NAME.name())));
        addProperty(new DynamicUiProperty<>(PROPERTY_REQUIRE_TRUSTED_SIGNATURE, Boolean.FALSE));
        addProperty(new DynamicUiProperty<>(PROPERTY_UNTIL_NEXT_UPDATE, 0L));
        addProperty(new DynamicUiProperty<>(PROPERTY_MAX_AGE, 0L));
        addProperty(new DynamicUiProperty<>(PROPERTY_ENABLE_NONCE, Boolean.TRUE));
    }

    @Override // org.cesecore.keybind.InternalKeyBinding
    public String getImplementationAlias() {
        return IMPLEMENTATION_ALIAS;
    }

    @Override // org.cesecore.keybind.InternalKeyBindingBase, org.cesecore.internal.UpgradeableDataHashMap, org.cesecore.internal.IUpgradeableData
    public float getLatestVersion() {
        return 1.0f;
    }

    @Override // org.cesecore.keybind.InternalKeyBindingBase
    protected void upgrade(float f, float f2) {
    }

    @Override // org.cesecore.keybind.InternalKeyBindingBase, org.cesecore.keybind.InternalKeyBinding
    public void assertCertificateCompatability(Certificate certificate, AvailableExtendedKeyUsagesConfiguration availableExtendedKeyUsagesConfiguration) throws CertificateImportException {
        assertCertificateCompatabilityInternal(certificate, availableExtendedKeyUsagesConfiguration);
    }

    public boolean getNonExistingGood() {
        return ((Boolean) getProperty(PROPERTY_NON_EXISTING_GOOD).getValue()).booleanValue();
    }

    public void setNonExistingGood(boolean z) {
        setProperty(PROPERTY_NON_EXISTING_GOOD, Boolean.valueOf(z));
    }

    public boolean getNonExistingRevoked() {
        return ((Boolean) getProperty(PROPERTY_NON_EXISTING_REVOKED).getValue()).booleanValue();
    }

    public void setNonExistingRevoked(boolean z) {
        setProperty(PROPERTY_NON_EXISTING_REVOKED, Boolean.valueOf(z));
    }

    public boolean getNonExistingUnauthorized() {
        if (getProperty(PROPERTY_NON_EXISTING_UNAUTHORIZED) == null) {
            setNonExistingUnauthorized(false);
        }
        return ((Boolean) getProperty(PROPERTY_NON_EXISTING_UNAUTHORIZED).getValue()).booleanValue();
    }

    public void setNonExistingUnauthorized(boolean z) {
        setProperty(PROPERTY_NON_EXISTING_UNAUTHORIZED, Boolean.valueOf(z));
    }

    public boolean getIncludeCertChain() {
        return ((Boolean) getProperty(PROPERTY_INCLUDE_CERT_CHAIN).getValue()).booleanValue();
    }

    public void setIncludeCertChain(boolean z) {
        setProperty(PROPERTY_INCLUDE_CERT_CHAIN, Boolean.valueOf(z));
    }

    public boolean getIncludeSignCert() {
        return ((Boolean) getProperty(PROPERTY_INCLUDE_SIGN_CERT).getValue()).booleanValue();
    }

    public void setIncludeSignCert(boolean z) {
        setProperty(PROPERTY_INCLUDE_SIGN_CERT, Boolean.valueOf(z));
    }

    public ResponderIdType getResponderIdType() {
        return ResponderIdType.valueOf((String) getProperty(PROPERTY_RESPONDER_ID_TYPE).getValue());
    }

    public void setResponderIdType(ResponderIdType responderIdType) {
        setProperty(PROPERTY_RESPONDER_ID_TYPE, responderIdType.name());
    }

    public boolean getRequireTrustedSignature() {
        return ((Boolean) getProperty(PROPERTY_REQUIRE_TRUSTED_SIGNATURE).getValue()).booleanValue();
    }

    public void setRequireTrustedSignature(boolean z) {
        setProperty(PROPERTY_REQUIRE_TRUSTED_SIGNATURE, Boolean.valueOf(z));
    }

    public long getUntilNextUpdate() {
        return ((Long) getProperty(PROPERTY_UNTIL_NEXT_UPDATE).getValue()).longValue();
    }

    public void setUntilNextUpdate(long j) {
        setProperty(PROPERTY_UNTIL_NEXT_UPDATE, Long.valueOf(j));
    }

    public long getMaxAge() {
        return ((Long) getProperty(PROPERTY_MAX_AGE).getValue()).longValue();
    }

    public void setMaxAge(long j) {
        setProperty(PROPERTY_MAX_AGE, Long.valueOf(j));
    }

    public boolean isNonceEnabled() {
        if (getProperty(PROPERTY_ENABLE_NONCE) == null) {
            setNonceEnabled(true);
        }
        return ((Boolean) getProperty(PROPERTY_ENABLE_NONCE).getValue()).booleanValue();
    }

    public void setNonceEnabled(boolean z) {
        setProperty(PROPERTY_ENABLE_NONCE, Boolean.valueOf(z));
    }

    public static boolean isOcspSigningCertificate(Certificate certificate, AvailableExtendedKeyUsagesConfiguration availableExtendedKeyUsagesConfiguration) {
        try {
            assertCertificateCompatabilityInternal(certificate, availableExtendedKeyUsagesConfiguration);
            return true;
        } catch (CertificateImportException e) {
            return false;
        }
    }

    private static void assertCertificateCompatabilityInternal(Certificate certificate, AvailableExtendedKeyUsagesConfiguration availableExtendedKeyUsagesConfiguration) throws CertificateImportException {
        if (certificate == null) {
            throw new CertificateImportException("No certificate provided.");
        }
        if (!(certificate instanceof X509Certificate)) {
            throw new CertificateImportException("Only X509 certificates are supported for OCSP.");
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            if (log.isDebugEnabled()) {
                log.debug("SubjectDN: " + CertTools.getSubjectDN(x509Certificate) + " IssuerDN: " + CertTools.getIssuerDN(x509Certificate));
                boolean[] keyUsage = x509Certificate.getKeyUsage();
                log.debug("Key usages: " + Arrays.toString(keyUsage));
                if (keyUsage != null) {
                    log.debug("Key usage (digitalSignature): " + x509Certificate.getKeyUsage()[0]);
                    log.debug("Key usage (nonRepudiation):   " + x509Certificate.getKeyUsage()[1]);
                    log.debug("Key usage (keyEncipherment):  " + x509Certificate.getKeyUsage()[2]);
                }
            }
            if (x509Certificate.getExtendedKeyUsage() == null) {
                throw new CertificateImportException("No Extended Key Usage present in certificate.");
            }
            for (String str : x509Certificate.getExtendedKeyUsage()) {
                log.debug("EKU: " + str + " (" + availableExtendedKeyUsagesConfiguration.getAllEKUOidsAndNames().get(str) + ")");
            }
            if (!x509Certificate.getExtendedKeyUsage().contains(KeyPurposeId.id_kp_OCSPSigning.getId())) {
                throw new CertificateImportException("Extended Key Usage 1.3.6.1.5.5.7.3.9 (EKU_PKIX_OCSPSIGNING) is required.");
            }
            if (x509Certificate.getKeyUsage() != null && !x509Certificate.getKeyUsage()[0] && !x509Certificate.getKeyUsage()[1]) {
                throw new CertificateImportException("Key Usage digitalSignature is required (nonRepudiation would also be accepted).");
            }
        } catch (CertificateParsingException e) {
            throw new CertificateImportException(e.getMessage(), e);
        }
    }
}
