package org.cesecore.util;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.tsp.TSPAlgorithms;
import org.cesecore.certificates.ca.internal.SernoGeneratorRandom;
import org.cesecore.certificates.util.DnComponents;

/* loaded from: input_file:org/cesecore/util/RFC4683Tools.class */
public final class RFC4683Tools {
    public static final String LIST_SEPARATOR = "::";
    public static final String SUBJECTIDENTIFICATIONMETHOD = "subjectIdentificationMethod";
    public static final String SUBJECTIDENTIFICATIONMETHOD_OBJECTID = "1.3.6.1.5.5.7.8.6";
    private static final Logger LOG = Logger.getLogger(RFC4683Tools.class);

    public static final List<ASN1ObjectIdentifier> getAllowedHashAlgorithms() {
        return new ArrayList(TSPAlgorithms.ALLOWED);
    }

    public static final List<String> getAllowedHashAlgorithmOidStrings() {
        List<ASN1ObjectIdentifier> allowedHashAlgorithms = getAllowedHashAlgorithms();
        ArrayList arrayList = new ArrayList(allowedHashAlgorithms.size());
        Iterator<ASN1ObjectIdentifier> it = allowedHashAlgorithms.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getId());
        }
        return arrayList;
    }

    public static final String generateSimForInternalSanFormat(String str) throws IllegalArgumentException, NoSuchProviderException, NoSuchAlgorithmException {
        if (StringUtils.isNotBlank(str) && str.contains(DnComponents.SUBJECTIDENTIFICATIONMETHOD)) {
            List<String> partsFromDN = CertTools.getPartsFromDN(str, DnComponents.SUBJECTIDENTIFICATIONMETHOD);
            for (String str2 : partsFromDN) {
                if (LOG.isDebugEnabled()) {
                    LOG.info("Store user SIM strings: " + partsFromDN);
                }
                if (StringUtils.isNotBlank(str2)) {
                    String[] split = str2.split(LIST_SEPARATOR);
                    if (split.length == 4) {
                        str = str.replace(str2, generateInternalSimString(split[0], split[1], split[2], split[3]));
                    } else if (split.length != 3) {
                        throw new IllegalArgumentException("Wrong SIM input string with " + split.length + " tokens.");
                    }
                }
            }
        }
        return str;
    }

    public static final String generateInternalSimString(String str, String str2, String str3, String str4) throws IllegalArgumentException, NoSuchProviderException, NoSuchAlgorithmException {
        if (StringUtils.isBlank(str)) {
            throw new IllegalArgumentException("Hash algorithm OID string must not be null or empty: '" + str + "'.");
        }
        if (!getAllowedHashAlgorithmOidStrings().contains(str)) {
            throw new IllegalArgumentException("Hash algorithm with OID '" + str + "' is not supparted for RFC4683 (SIM).");
        }
        if (StringUtils.isBlank(str2) || str2.length() < 8) {
            throw new IllegalArgumentException("The user chosen password must not be null or empty: '" + str + "'.");
        }
        if (StringUtils.isBlank(str3)) {
            throw new IllegalArgumentException("The sensitve identification information type must not be null or empty: '" + str3 + "'.");
        }
        if (StringUtils.isBlank(str4)) {
            throw new IllegalArgumentException("The sensitve identification information must not be null or empty: '" + str4 + "'.");
        }
        StringBuilder sb = new StringBuilder();
        sb.append(str);
        String hexString = Long.toHexString(SernoGeneratorRandom.instance().getSerno().longValue());
        if (LOG.isDebugEnabled()) {
            LOG.debug("Authority random source created: " + hexString);
        }
        MessageDigest messageDigest = MessageDigest.getInstance(new ASN1ObjectIdentifier(str).getId(), "BC");
        messageDigest.update(hexString.getBytes());
        String hexString2 = toHexString(messageDigest.digest());
        sb.append(LIST_SEPARATOR).append(hexString2);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Authority random hash created: " + hexString2);
        }
        messageDigest.update((str2 + hexString + str3 + str4).getBytes());
        messageDigest.update(messageDigest.digest());
        String hexString3 = toHexString(messageDigest.digest());
        sb.append(LIST_SEPARATOR).append(hexString3);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SIM string PEPSI created: " + hexString3);
        }
        return sb.toString();
    }

    public static final ASN1Primitive createSimGeneralName(String str, String str2, String str3) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Creating SIM with hash algorithem identifier " + str + ", authority random " + str2 + " and PEPSI " + str3);
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(new ASN1ObjectIdentifier(SUBJECTIDENTIFICATIONMETHOD_OBJECTID));
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        aSN1EncodableVector2.add(new AlgorithmIdentifier(new ASN1ObjectIdentifier(str)));
        aSN1EncodableVector2.add(new DEROctetString(str2.getBytes()));
        aSN1EncodableVector2.add(new DEROctetString(str3.getBytes()));
        aSN1EncodableVector.add(new DERTaggedObject(true, 0, new DERSequence(aSN1EncodableVector2)));
        DERTaggedObject dERTaggedObject = new DERTaggedObject(false, 0, new DERSequence(aSN1EncodableVector));
        if (LOG.isDebugEnabled()) {
            LOG.debug("GeneralName (type 0 - OtherName) for SIM created " + dERTaggedObject.toString());
        }
        return dERTaggedObject;
    }

    public static String getSimStringSequence(ASN1Sequence aSN1Sequence) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Parsing RFC4683 (SIM) from SAN ASN.1 sequence: " + aSN1Sequence);
        }
        String str = null;
        if (aSN1Sequence != null && SUBJECTIDENTIFICATIONMETHOD_OBJECTID.equals(ASN1ObjectIdentifier.getInstance(aSN1Sequence.getObjectAt(0)).getId())) {
            ASN1Sequence object = aSN1Sequence.getObjectAt(1).getObject();
            String id = object.getObjectAt(0) instanceof AlgorithmIdentifier ? object.getObjectAt(0).getAlgorithm().getId() : object.getObjectAt(0).getObjectAt(0).toASN1Primitive().toString();
            str = id + LIST_SEPARATOR + new String(object.getObjectAt(1).getOctets()) + LIST_SEPARATOR + new String(object.getObjectAt(2).getOctets());
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("SIM parsed from other name: " + str);
        }
        return str;
    }

    public static final String toHexString(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer(bArr.length * 2);
        for (byte b : bArr) {
            int i = b & 255;
            if (i < 16) {
                stringBuffer.append("0");
            }
            stringBuffer.append(Integer.toHexString(i).toUpperCase());
        }
        return stringBuffer.toString();
    }

    private RFC4683Tools() {
    }
}
