package com.xdja.pki.ra.core.util.cert;

import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralSubtree;
import org.bouncycastle.asn1.x509.NameConstraints;
import org.bouncycastle.jce.provider.PKIXNameConstraintValidator;
import org.bouncycastle.jce.provider.PKIXNameConstraintValidatorException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/ra-core-2.0.1-SNAPSHOT.jar:com/xdja/pki/ra/core/util/cert/CertExtendUtil.class */
public class CertExtendUtil {
    private static Logger logger = LoggerFactory.getLogger((Class<?>) CertExtendUtil.class);

    public static void checkNameConstraints(NameConstraints nameConstraints, GeneralName generalName) throws PKIXNameConstraintValidatorException {
        logger.debug("待检测名称类型：{}，待检测名字：{}", Integer.valueOf(generalName.getTagNo()), generalName.getName().toString());
        if (nameConstraints != null) {
            PKIXNameConstraintValidator pKIXNameConstraintValidator = new PKIXNameConstraintValidator();
            GeneralSubtree[] permittedSubtrees = nameConstraints.getPermittedSubtrees();
            GeneralSubtree[] excludedSubtrees = nameConstraints.getExcludedSubtrees();
            if (permittedSubtrees != null) {
                pKIXNameConstraintValidator.intersectPermittedSubtree(permittedSubtrees);
            }
            if (excludedSubtrees != null) {
                for (GeneralSubtree generalSubtree : excludedSubtrees) {
                    pKIXNameConstraintValidator.addExcludedSubtree(generalSubtree);
                }
            }
            logger.debug(">>>>>>>>checkNameConstraints当前名称限制定义：{}", pKIXNameConstraintValidator.toString());
            try {
                pKIXNameConstraintValidator.checkPermitted(generalName);
                pKIXNameConstraintValidator.checkExcluded(generalName);
            } catch (PKIXNameConstraintValidatorException e) {
                throw new PKIXNameConstraintValidatorException(e.getMessage());
            }
        }
    }
}
