package org.cesecore.certificates.certificate.certextensions.standard;

import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.List;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.cesecore.certificates.ca.CA;
import org.cesecore.certificates.ca.internal.CertificateValidity;
import org.cesecore.certificates.certificate.certextensions.CertificateExtensionException;
import org.cesecore.certificates.certificateprofile.CertificateProfile;
import org.cesecore.certificates.endentity.EndEntityInformation;
import org.cesecore.certificates.ocsp.SHA1DigestCalculator;
import org.cesecore.util.CertTools;

/* loaded from: input_file:org/cesecore/certificates/certificate/certextensions/standard/AuthorityKeyIdentifier.class */
public class AuthorityKeyIdentifier extends StandardCertificateExtension {
    private static final long serialVersionUID = 1;
    private static final Logger log = Logger.getLogger(AuthorityKeyIdentifier.class);

    @Override // org.cesecore.certificates.certificate.certextensions.standard.StandardCertificateExtension
    public void init(CertificateProfile certificateProfile) {
        super.setOID(Extension.authorityKeyIdentifier.getId());
        super.setCriticalFlag(certificateProfile.getAuthorityKeyIdentifierCritical());
    }

    @Override // org.cesecore.certificates.certificate.certextensions.CertificateExtension
    public ASN1Encodable getValue(EndEntityInformation endEntityInformation, CA ca, CertificateProfile certificateProfile, PublicKey publicKey, PublicKey publicKey2, CertificateValidity certificateValidity) throws CertificateExtensionException {
        byte[] subjectKeyId;
        org.bouncycastle.asn1.x509.AuthorityKeyIdentifier createAuthorityKeyIdentifier = new JcaX509ExtensionUtils(SHA1DigestCalculator.buildSha1Instance()).createAuthorityKeyIdentifier(publicKey2);
        X509Certificate cACertificate = getCACertificate(ca, publicKey2);
        boolean z = certificateProfile.getType() == 8;
        if (cACertificate != null && !z && (subjectKeyId = CertTools.getSubjectKeyId(cACertificate)) != null) {
            DEROctetString dEROctetString = new DEROctetString(subjectKeyId);
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(new DERTaggedObject(false, 0, dEROctetString));
            createAuthorityKeyIdentifier = org.bouncycastle.asn1.x509.AuthorityKeyIdentifier.getInstance(new DERSequence(aSN1EncodableVector));
            if (log.isDebugEnabled()) {
                log.debug("Using AuthorityKeyIdentifier from CA-certificates SubjectKeyIdentifier.");
            }
        }
        return createAuthorityKeyIdentifier;
    }

    private X509Certificate getCACertificate(CA ca, PublicKey publicKey) {
        List<Certificate> rolloverCertificateChain = ca.getRolloverCertificateChain();
        return (rolloverCertificateChain == null || !rolloverCertificateChain.get(0).getPublicKey().equals(publicKey)) ? (X509Certificate) ca.getCACertificate() : (X509Certificate) rolloverCertificateChain.get(0);
    }
}
