package com.xdja.pki.gmssl.x509.utils;

import com.xdja.pki.gmssl.asn1.x509.SubjectInformationAccess;
import java.io.IOException;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Vector;
import org.apache.log4j.HTMLLayout;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.Attribute;
import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.CRLNumber;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.GeneralSubtree;
import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.NameConstraints;
import org.bouncycastle.asn1.x509.PolicyConstraints;
import org.bouncycastle.asn1.x509.ReasonFlags;
import org.bouncycastle.asn1.x509.SubjectDirectoryAttributes;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib-provided/gmssl-pki-utils-1.3.5-SNAPSHOT.jar:com/xdja/pki/gmssl/x509/utils/GMSSLExtensionUtils.class */
public class GMSSLExtensionUtils {
    private static Logger logger = LoggerFactory.getLogger(GMSSLExtensionUtils.class.getName());

    public static Extension genAuthorityInfoAccessExtension(String str) throws IOException {
        return new Extension(Extension.authorityInfoAccess, false, new AuthorityInformationAccess(new AccessDescription(AccessDescription.id_ad_caIssuers, new GeneralName(6, new DEROctetString(str.getBytes())))).getEncoded());
    }

    public static Extension genAuthorityInfoAccessExtension(String str, String str2) throws IOException {
        return new Extension(Extension.authorityInfoAccess, false, new AuthorityInformationAccess(new AccessDescription[]{new AccessDescription(AccessDescription.id_ad_caIssuers, new GeneralName(6, new DEROctetString(str.getBytes()))), new AccessDescription(AccessDescription.id_ad_ocsp, new GeneralName(6, new DEROctetString(str2.getBytes())))}).getEncoded());
    }

    public static Extension genSubjectInfoAccessExtension(String str, String str2) throws IOException {
        return new Extension(Extension.subjectInfoAccess, false, new SubjectInformationAccess(new AccessDescription[]{new AccessDescription(SubjectInformationAccess.id_ad_caRepository, new GeneralName(6, new DEROctetString(str.getBytes()))), new AccessDescription(AccessDescription.id_ad_ocsp, new GeneralName(6, new DEROctetString(str2.getBytes())))}).getEncoded());
    }

    public static Extension genRootCertKeyUsageExtension() throws IOException {
        return new Extension(Extension.keyUsage, true, new KeyUsage(6).getEncoded());
    }

    public static Extension genSignatureCertKeyUsageExtension() throws IOException {
        return new Extension(Extension.keyUsage, true, new KeyUsage(192).getEncoded());
    }

    public static Extension genOCSPCertExtendedKeyUsageExtension() throws IOException {
        return new Extension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_OCSPSigning).getEncoded());
    }

    public static Extension genEncryptCertKeyUsageExtension() throws IOException {
        return new Extension(Extension.keyUsage, true, new KeyUsage(56).getEncoded());
    }

    public static Extension genAuthorityKeyIdentifierExtension(X509Certificate x509Certificate) throws NoSuchAlgorithmException, CertificateEncodingException, IOException {
        return new Extension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(x509Certificate).getEncoded());
    }

    public static Extension genSubjectKeyIdentifierExtension(PublicKey publicKey) throws IOException, NoSuchAlgorithmException {
        return new Extension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(publicKey).getEncoded());
    }

    public static Extension genBasicConstraintsExtension(Integer num) throws IOException {
        return num == null ? new Extension(Extension.basicConstraints, true, new BasicConstraints(true).getEncoded()) : new Extension(Extension.basicConstraints, true, new BasicConstraints(num.intValue()).getEncoded());
    }

    public static Extension genCRLDistributionPointsExtension(String str) throws IOException {
        return new Extension(Extension.cRLDistributionPoints, false, new CRLDistPoint(new DistributionPoint[]{new DistributionPoint(genDistributionPointName(str), new ReasonFlags(3), null)}).getEncoded());
    }

    public static Extension genFreshestCRL(String str) throws IOException {
        return new Extension(Extension.freshestCRL, false, new CRLDistPoint(new DistributionPoint[]{new DistributionPoint(genDistributionPointName(str), null, null)}).getEncoded());
    }

    public static List<Extension> getCertificateExtensions(X509Certificate x509Certificate) throws CertificateEncodingException, IOException {
        ArrayList arrayList = new ArrayList();
        X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(x509Certificate.getEncoded());
        Iterator it = x509CertificateHolder.getExtensionOIDs().iterator();
        while (it.hasNext()) {
            arrayList.add(x509CertificateHolder.getExtension((ASN1ObjectIdentifier) it.next()));
        }
        return arrayList;
    }

    public static Extension genSubjectDirectoryAttributesExtension(String str, boolean z) throws IOException {
        Vector vector = new Vector();
        if (str != null) {
            vector.add(makeAttribute(BCStyle.T, str));
        }
        vector.add(makeAttribute(BCStyle.COUNTRY_OF_CITIZENSHIP, "CN"));
        return new Extension(Extension.subjectDirectoryAttributes, z, new SubjectDirectoryAttributes(vector).getEncoded());
    }

    public static Attribute makeAttribute(ASN1ObjectIdentifier aSN1ObjectIdentifier, String str) {
        return new Attribute(aSN1ObjectIdentifier, new DERSet(new DEROctetString(str.getBytes())));
    }

    public static void parseAttribute(Attribute attribute, ASN1ObjectIdentifier aSN1ObjectIdentifier, String str, StringBuilder sb) {
        if (aSN1ObjectIdentifier.equals(attribute.getAttrType())) {
            sb.append(str).append("=").append(new String(DEROctetString.getInstance(attribute.getAttrValues().getObjectAt(0)).getOctets())).append(",");
        }
    }

    public static String parseSubjectDirectoryAttributesExtensions(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        sb.append("[");
        Iterator it = SubjectDirectoryAttributes.getInstance(bArr).getAttributes().iterator();
        while (it.hasNext()) {
            Attribute attribute = (Attribute) it.next();
            parseAttribute(attribute, BCStyle.T, HTMLLayout.TITLE_OPTION, sb);
            parseAttribute(attribute, BCStyle.COUNTRY_OF_CITIZENSHIP, "CountryOfCitizenship", sb);
        }
        sb.deleteCharAt(sb.length() - 1);
        sb.append("]");
        return sb.toString();
    }

    public static Extension genSubjectAlternativeName(boolean z, Map<Integer, String> map) throws IOException {
        ArrayList arrayList = new ArrayList();
        for (Integer num : map.keySet()) {
            arrayList.add(new GeneralName(num.intValue(), map.get(num)));
        }
        return new Extension(Extension.subjectAlternativeName, z, new GeneralNames((GeneralName[]) arrayList.toArray(new GeneralName[map.size()])).getEncoded());
    }

    public static Extension genNameConstraints(boolean z, Map<Integer, String> map, Map<Integer, String> map2) throws IOException {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (Integer num : map.keySet()) {
            arrayList.add(new GeneralSubtree(new GeneralName(num.intValue(), map.get(num)), new BigInteger(String.valueOf(0)), null));
        }
        for (Integer num2 : map2.keySet()) {
            arrayList2.add(new GeneralSubtree(new GeneralName(num2.intValue(), map2.get(num2)), new BigInteger(String.valueOf(0)), null));
        }
        return new Extension(Extension.nameConstraints, z, new NameConstraints((GeneralSubtree[]) arrayList.toArray(new GeneralSubtree[arrayList.size()]), (GeneralSubtree[]) arrayList2.toArray(new GeneralSubtree[arrayList2.size()])).getEncoded());
    }

    public static Extension genPolicyConstraints(boolean z, String str, String str2) throws IOException {
        return new Extension(Extension.policyConstraints, z, new PolicyConstraints(new BigInteger(str), new BigInteger(str2)).getEncoded());
    }

    public static Extension genARLExtension(String str) throws IOException {
        return new Extension(Extension.issuingDistributionPoint, true, new IssuingDistributionPoint(genDistributionPointName(str), false, true, new ReasonFlags(32), false, false).getEncoded());
    }

    public static Extension genDRLExtension(int i) throws IOException {
        return new Extension(Extension.deltaCRLIndicator, true, new CRLNumber(BigInteger.valueOf(i)).getEncoded());
    }

    public static DistributionPointName genDistributionPointName(String str) {
        return new DistributionPointName(0, new GeneralNames(new GeneralName(6, new DEROctetString(str.getBytes()))));
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
