package org.wildfly.security.sasl.entity;

import java.io.ByteArrayInputStream;
import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Random;
import java.util.concurrent.ThreadLocalRandom;
import javax.security.auth.x500.X500Principal;
import org.wildfly.common.Assert;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.asn1.ASN1;
import org.wildfly.security.asn1.ASN1Exception;
import org.wildfly.security.asn1.DERDecoder;
import org.wildfly.security.asn1.DEREncoder;
import org.wildfly.security.x500.GeneralName;
import org.wildfly.security.x500.TrustedAuthority;
import org.wildfly.security.x500.X500;
import org.wildfly.security.x500.X500PrincipalUtil;

/* loaded from: input_file:lib/wildfly-elytron-1.1.7.Final.jar:org/wildfly/security/sasl/entity/EntityUtil.class */
class EntityUtil {
    private static final byte[] randomCharDictionary;
    static final /* synthetic */ boolean $assertionsDisabled;

    EntityUtil() {
    }

    public static void encodeX509CertificateChain(DEREncoder dEREncoder, X509Certificate[] x509CertificateArr) throws ASN1Exception {
        try {
            dEREncoder.startSetOf();
            for (X509Certificate x509Certificate : x509CertificateArr) {
                dEREncoder.writeEncoded(x509Certificate.getEncoded());
            }
            dEREncoder.endSetOf();
        } catch (CertificateEncodingException e) {
            throw new ASN1Exception(e);
        }
    }

    public static void encodeAlgorithmIdentifier(DEREncoder dEREncoder, String str, boolean z) throws ASN1Exception {
        dEREncoder.startSequence();
        dEREncoder.encodeObjectIdentifier(str);
        if (!z) {
            dEREncoder.encodeNull();
        }
        dEREncoder.endSequence();
    }

    public static void encodeAlgorithmIdentifier(DEREncoder dEREncoder, String str) throws ASN1Exception {
        boolean z;
        boolean z2 = -1;
        switch (str.hashCode()) {
            case -754129337:
                if (str.equals(Entity.SHA1_WITH_DSA)) {
                    z2 = true;
                    break;
                }
                break;
            case -754115883:
                if (str.equals(Entity.SHA1_WITH_RSA)) {
                    z2 = false;
                    break;
                }
                break;
            case 1131632553:
                if (str.equals(Entity.SHA1_WITH_ECDSA)) {
                    z2 = 2;
                    break;
                }
                break;
        }
        switch (z2) {
            case false:
                z = false;
                break;
            case true:
            case true:
                z = true;
                break;
            default:
                throw ElytronMessages.log.asnUnrecognisedAlgorithm(str);
        }
        encodeAlgorithmIdentifier(dEREncoder, Entity.algorithmOid(str), z);
    }

    public static void encodeGeneralNames(DEREncoder dEREncoder, List<GeneralName> list) throws ASN1Exception {
        dEREncoder.startSequence();
        Iterator<GeneralName> it = list.iterator();
        while (it.hasNext()) {
            it.next().encodeTo(dEREncoder);
        }
        dEREncoder.endSequence();
    }

    public static void encodeGeneralNames(DEREncoder dEREncoder, GeneralName generalName) throws ASN1Exception {
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(generalName);
        encodeGeneralNames(dEREncoder, arrayList);
    }

    public static void encodeGeneralNames(DEREncoder dEREncoder, String str, Collection<List<?>> collection) throws ASN1Exception {
        dEREncoder.startSequence();
        if (!str.isEmpty()) {
            new GeneralName.DirectoryName(str).encodeTo(dEREncoder);
        }
        if (collection != null) {
            Iterator<List<?>> it = collection.iterator();
            while (it.hasNext()) {
                convertToGeneralName(it.next()).encodeTo(dEREncoder);
            }
        }
        dEREncoder.endSequence();
    }

    public static byte[] encodeRandomNumber(DEREncoder dEREncoder, SecureRandom secureRandom) {
        byte[] generateRandomString = generateRandomString(48, secureRandom != null ? secureRandom : ThreadLocalRandom.current());
        dEREncoder.encodeOctetString(generateRandomString);
        return generateRandomString;
    }

    public static byte[] generateRandomString(int i, Random random) {
        byte[] bArr = new byte[i];
        for (int i2 = 0; i2 < i; i2++) {
            bArr[i2] = randomCharDictionary[random.nextInt(93)];
        }
        return bArr;
    }

    public static void encodeTrustedAuthorities(DEREncoder dEREncoder, List<TrustedAuthority> list) throws ASN1Exception {
        dEREncoder.startSequence();
        Iterator<TrustedAuthority> it = list.iterator();
        while (it.hasNext()) {
            it.next().encodeTo(dEREncoder);
        }
        dEREncoder.endSequence();
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:8:0x001e. Please report as an issue. */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v21, types: [org.wildfly.security.x500.GeneralName$IPAddress] */
    /* JADX WARN: Type inference failed for: r0v25, types: [org.wildfly.security.x500.GeneralName$URIName] */
    /* JADX WARN: Type inference failed for: r0v29, types: [org.wildfly.security.x500.GeneralName$EDIPartyName] */
    /* JADX WARN: Type inference failed for: r0v34, types: [org.wildfly.security.x500.GeneralName$DirectoryName] */
    /* JADX WARN: Type inference failed for: r0v38, types: [org.wildfly.security.x500.GeneralName$X400Address] */
    /* JADX WARN: Type inference failed for: r0v42, types: [org.wildfly.security.x500.GeneralName$DNSName] */
    /* JADX WARN: Type inference failed for: r0v46, types: [org.wildfly.security.x500.GeneralName$RFC822Name] */
    /* JADX WARN: Type inference failed for: r0v56, types: [org.wildfly.security.x500.GeneralName$OtherName] */
    public static List<GeneralName> decodeGeneralNames(DERDecoder dERDecoder) throws ASN1Exception {
        ArrayList arrayList = new ArrayList();
        GeneralName.RegisteredID registeredID = null;
        dERDecoder.startSequence();
        while (dERDecoder.hasNextElement()) {
            int i = 0;
            while (true) {
                if (i <= 8) {
                    switch (i) {
                        case 0:
                            if (dERDecoder.isNextType(ASN1.CONTEXT_SPECIFIC_MASK, i, true)) {
                                dERDecoder.decodeImplicit(i);
                                dERDecoder.startSequence();
                                String decodeObjectIdentifier = dERDecoder.decodeObjectIdentifier();
                                byte[] drainElement = dERDecoder.drainElement();
                                dERDecoder.endSequence();
                                registeredID = new GeneralName.OtherName(decodeObjectIdentifier, drainElement);
                                break;
                            } else {
                                i++;
                            }
                        case 1:
                            if (dERDecoder.isNextType(ASN1.CONTEXT_SPECIFIC_MASK, i, false)) {
                                dERDecoder.decodeImplicit(i);
                                registeredID = new GeneralName.RFC822Name(dERDecoder.decodeIA5String());
                                break;
                            } else {
                                i++;
                            }
                        case 2:
                            if (dERDecoder.isNextType(ASN1.CONTEXT_SPECIFIC_MASK, i, false)) {
                                dERDecoder.decodeImplicit(i);
                                registeredID = new GeneralName.DNSName(dERDecoder.decodeIA5String());
                                break;
                            } else {
                                i++;
                            }
                        case 3:
                            if (dERDecoder.isNextType(ASN1.CONTEXT_SPECIFIC_MASK, i, true)) {
                                dERDecoder.decodeImplicit(i);
                                registeredID = new GeneralName.X400Address(dERDecoder.drainElementValue(), true);
                                break;
                            } else {
                                i++;
                            }
                        case 4:
                            if (dERDecoder.isNextType(ASN1.CONTEXT_SPECIFIC_MASK, i, true)) {
                                registeredID = new GeneralName.DirectoryName(new X500Principal(dERDecoder.drainElementValue()).getName("CANONICAL"));
                                break;
                            } else {
                                i++;
                            }
                        case 5:
                            if (dERDecoder.isNextType(ASN1.CONTEXT_SPECIFIC_MASK, i, true)) {
                                dERDecoder.decodeImplicit(i);
                                registeredID = new GeneralName.EDIPartyName(dERDecoder.drainElementValue(), true);
                                break;
                            } else {
                                i++;
                            }
                        case 6:
                            if (dERDecoder.isNextType(ASN1.CONTEXT_SPECIFIC_MASK, i, false)) {
                                dERDecoder.decodeImplicit(i);
                                registeredID = new GeneralName.URIName(dERDecoder.decodeIA5String());
                                break;
                            } else {
                                i++;
                            }
                        case GeneralName.IP_ADDRESS /* 7 */:
                            if (dERDecoder.isNextType(ASN1.CONTEXT_SPECIFIC_MASK, i, false)) {
                                dERDecoder.decodeImplicit(i);
                                registeredID = new GeneralName.IPAddress(dERDecoder.decodeOctetString());
                                break;
                            } else {
                                i++;
                            }
                        case 8:
                            if (dERDecoder.isNextType(ASN1.CONTEXT_SPECIFIC_MASK, i, false)) {
                                dERDecoder.decodeImplicit(i);
                                registeredID = new GeneralName.RegisteredID(dERDecoder.decodeObjectIdentifier());
                                break;
                            } else {
                                i++;
                            }
                        default:
                            throw ElytronMessages.log.asnInvalidGeneralNameType();
                    }
                }
            }
            arrayList.add(registeredID);
        }
        dERDecoder.endSequence();
        return arrayList;
    }

    public static X509Certificate[] decodeX509CertificateChain(DERDecoder dERDecoder) throws ASN1Exception {
        if (dERDecoder.peekType() != 49) {
            throw ElytronMessages.log.asnUnexpectedTag();
        }
        byte[] drainElement = dERDecoder.drainElement();
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            drainElement[0] = 48;
            List<? extends Certificate> certificates = certificateFactory.generateCertPath(new ByteArrayInputStream(drainElement)).getCertificates();
            return (X509Certificate[]) certificates.toArray(new X509Certificate[certificates.size()]);
        } catch (CertificateException e) {
            throw new ASN1Exception(e);
        }
    }

    public static X509Certificate[] decodeCertificateData(DERDecoder dERDecoder) throws ASN1Exception {
        X509Certificate[] x509CertificateArr;
        if (dERDecoder.peekType() == 49) {
            x509CertificateArr = decodeX509CertificateChain(dERDecoder);
        } else {
            if (dERDecoder.peekType() != 22) {
                throw ElytronMessages.log.asnUnexpectedTag();
            }
            try {
                x509CertificateArr = new X509Certificate[]{getCertificateFromUrl(dERDecoder.decodeIA5String())};
            } catch (IOException e) {
                throw ElytronMessages.log.asnUnableToReadCertificateData(e);
            }
        }
        return x509CertificateArr;
    }

    public static X509Certificate getCertificateFromUrl(String str) throws IOException {
        try {
            return getCertificateFromUrl(new URL(str));
        } catch (MalformedURLException e) {
            throw ElytronMessages.log.asnUnableToReadCertificateFromUrl(str, e);
        }
    }

    public static X509Certificate getCertificateFromUrl(URL url) throws IOException {
        Assert.checkNotNullParam("certUrl", url);
        InputStream inputStream = null;
        try {
            try {
                inputStream = url.openStream();
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
                safeClose(inputStream);
                return x509Certificate;
            } catch (CertificateException e) {
                throw ElytronMessages.log.asnUnableToReadCertificateFromUrl(url.toString(), e);
            }
        } catch (Throwable th) {
            safeClose(inputStream);
            throw th;
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:8:0x001d. Please report as an issue. */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v21, types: [org.wildfly.security.x500.TrustedAuthority$IssuerKeyHashTrustedAuthority] */
    /* JADX WARN: Type inference failed for: r0v25, types: [org.wildfly.security.x500.TrustedAuthority$IssuerNameHashTrustedAuthority] */
    /* JADX WARN: Type inference failed for: r0v35, types: [org.wildfly.security.x500.TrustedAuthority$CertificateTrustedAuthority] */
    /* JADX WARN: Type inference failed for: r0v40, types: [org.wildfly.security.x500.TrustedAuthority$NameTrustedAuthority] */
    public static List<TrustedAuthority> decodeTrustedAuthorities(DERDecoder dERDecoder) throws ASN1Exception {
        ArrayList arrayList = new ArrayList();
        TrustedAuthority.PKCS15KeyHashTrustedAuthority pKCS15KeyHashTrustedAuthority = null;
        dERDecoder.startSequence();
        while (dERDecoder.hasNextElement()) {
            int i = 0;
            while (true) {
                if (i <= 4) {
                    switch (i) {
                        case 0:
                            if (dERDecoder.isNextType(ASN1.CONTEXT_SPECIFIC_MASK, i, true)) {
                                pKCS15KeyHashTrustedAuthority = new TrustedAuthority.NameTrustedAuthority(new X500Principal(dERDecoder.drainElementValue()).getName("CANONICAL"));
                                break;
                            } else {
                                i++;
                            }
                        case 1:
                            if (dERDecoder.isNextType(ASN1.CONTEXT_SPECIFIC_MASK, i, false)) {
                                dERDecoder.decodeImplicit(i);
                                pKCS15KeyHashTrustedAuthority = new TrustedAuthority.IssuerNameHashTrustedAuthority(dERDecoder.decodeOctetString());
                                break;
                            } else {
                                i++;
                            }
                        case 2:
                            if (dERDecoder.isNextType(ASN1.CONTEXT_SPECIFIC_MASK, i, false)) {
                                dERDecoder.decodeImplicit(i);
                                pKCS15KeyHashTrustedAuthority = new TrustedAuthority.IssuerKeyHashTrustedAuthority(dERDecoder.decodeOctetString());
                                break;
                            } else {
                                i++;
                            }
                        case 3:
                            if (dERDecoder.isNextType(ASN1.CONTEXT_SPECIFIC_MASK, i, true)) {
                                dERDecoder.decodeImplicit(i);
                                byte[] drainElement = dERDecoder.drainElement();
                                drainElement[0] = 48;
                                try {
                                    pKCS15KeyHashTrustedAuthority = new TrustedAuthority.CertificateTrustedAuthority((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(drainElement)));
                                    break;
                                } catch (CertificateException e) {
                                    throw new ASN1Exception(e);
                                }
                            } else {
                                i++;
                            }
                        case 4:
                            if (dERDecoder.isNextType(ASN1.CONTEXT_SPECIFIC_MASK, i, false)) {
                                dERDecoder.decodeImplicit(i);
                                pKCS15KeyHashTrustedAuthority = new TrustedAuthority.PKCS15KeyHashTrustedAuthority(dERDecoder.decodeOctetString());
                                break;
                            } else {
                                i++;
                            }
                        default:
                            throw ElytronMessages.log.asnInvalidGeneralNameType();
                    }
                }
            }
            arrayList.add(pKCS15KeyHashTrustedAuthority);
        }
        dERDecoder.endSequence();
        return arrayList;
    }

    public static boolean matchGeneralNames(List<GeneralName> list, List<GeneralName> list2) {
        if (list == null || list2 == null) {
            return false;
        }
        for (GeneralName generalName : list) {
            Iterator<GeneralName> it = list2.iterator();
            while (it.hasNext()) {
                if (matchGeneralName(generalName, it.next())) {
                    return true;
                }
            }
        }
        return false;
    }

    public static boolean matchGeneralName(GeneralName generalName, GeneralName generalName2) {
        if (!(generalName instanceof GeneralName.DNSName) || !(generalName2 instanceof GeneralName.DirectoryName)) {
            return generalName.equals(generalName2);
        }
        return ((GeneralName.DNSName) generalName).getName().equalsIgnoreCase(X500PrincipalUtil.getAttributeValues(new X500Principal(((GeneralName.DirectoryName) generalName2).getName()), X500.OID_AT_COMMON_NAME)[0]);
    }

    public static boolean matchGeneralNames(List<GeneralName> list, X509Certificate x509Certificate) {
        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
        try {
            if (matchGeneralNames(list, convertToGeneralNames(x509Certificate.getSubjectAlternativeNames()))) {
                return true;
            }
        } catch (CertificateParsingException e) {
            if (subjectX500Principal == null) {
                throw ElytronMessages.log.unableToDetermineSubjectName(e);
            }
        }
        if (subjectX500Principal == null) {
            return false;
        }
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(new GeneralName.DirectoryName(subjectX500Principal.getName("CANONICAL")));
        return matchGeneralNames(list, arrayList);
    }

    public static String getDistinguishedNameFromGeneralNames(List<GeneralName> list) {
        for (GeneralName generalName : list) {
            if (generalName instanceof GeneralName.DirectoryName) {
                return ((GeneralName.DirectoryName) generalName).getName();
            }
        }
        return null;
    }

    private static GeneralName convertToGeneralName(List<?> list) throws ASN1Exception {
        int intValue = ((Integer) list.get(0)).intValue();
        Object obj = list.get(1);
        switch (intValue) {
            case 0:
                return new GeneralName.OtherName((byte[]) obj);
            case 1:
                return new GeneralName.RFC822Name((String) obj);
            case 2:
                return new GeneralName.DNSName((String) obj);
            case 3:
                return new GeneralName.X400Address((byte[]) obj);
            case 4:
                return new GeneralName.DirectoryName((String) obj);
            case 5:
                return new GeneralName.EDIPartyName((byte[]) obj);
            case 6:
                return new GeneralName.URIName((String) obj);
            case GeneralName.IP_ADDRESS /* 7 */:
                return new GeneralName.IPAddress((String) obj);
            case 8:
                return new GeneralName.RegisteredID((String) obj);
            default:
                throw ElytronMessages.log.asnInvalidGeneralNameType();
        }
    }

    private static List<GeneralName> convertToGeneralNames(Collection<List<?>> collection) throws ASN1Exception {
        if (collection == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        Iterator<List<?>> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(convertToGeneralName(it.next()));
        }
        return arrayList;
    }

    private static void safeClose(Closeable closeable) {
        if (closeable != null) {
            try {
                closeable.close();
            } catch (Throwable th) {
            }
        }
    }

    static {
        $assertionsDisabled = !EntityUtil.class.desiredAssertionStatus();
        byte[] bArr = new byte[93];
        int i = 0;
        byte b = 33;
        while (true) {
            byte b2 = b;
            if (b2 >= 44) {
                break;
            }
            int i2 = i;
            i++;
            bArr[i2] = b2;
            b = (byte) (b2 + 1);
        }
        byte b3 = 45;
        while (true) {
            byte b4 = b3;
            if (b4 >= Byte.MAX_VALUE) {
                break;
            }
            int i3 = i;
            i++;
            bArr[i3] = b4;
            b3 = (byte) (b4 + 1);
        }
        if (!$assertionsDisabled && i != bArr.length) {
            throw new AssertionError();
        }
        randomCharDictionary = bArr;
    }
}
