package com.puppetlabs.ssl_utils;

import java.io.EOFException;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.charset.Charset;
import java.security.PublicKey;
import java.security.cert.CRLException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.CRLNumber;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509ExtensionUtils;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;

/* loaded from: input_file:com/puppetlabs/ssl_utils/ExtensionsUtils.class */
public class ExtensionsUtils {
    public static final String CRL_NUMBER_OID = Extension.cRLNumber.toString();
    public static final String AUTHORITY_KEY_IDENTIFIER_OID = Extension.authorityKeyIdentifier.toString();
    public static final String SUBJECT_ALTERNATIVE_NAME_OID = Extension.subjectAlternativeName.toString();
    private static final Map<String, Integer> keyUsageFlags = new HashMap<String, Integer>() { // from class: com.puppetlabs.ssl_utils.ExtensionsUtils.1
        {
            put("digital_signature", 128);
            put("non_repudiation", 64);
            put("key_encipherment", 32);
            put("data_encipherment", 16);
            put("key_agreement", 8);
            put("key_cert_sign", 4);
            put("crl_sign", 2);
            put("encipher_only", 1);
            put("decipher_only", 32768);
        }
    };
    private static final Map<Integer, String> generalNameTags = new HashMap<Integer, String>() { // from class: com.puppetlabs.ssl_utils.ExtensionsUtils.2
        {
            put(0, "other_name");
            put(1, "rfc822_name");
            put(2, "dns_name");
            put(3, "x400_address");
            put(4, "directory_name");
            put(5, "edi_party_name");
            put(6, "uri");
            put(7, "ip");
            put(8, "registered_id");
        }
    };

    public static boolean isSubtreeOf(String str, String str2) {
        String[] split = str.split("\\.");
        String[] split2 = str2.split("\\.");
        if (split.length >= split2.length) {
            return false;
        }
        for (int i = 0; i < split.length; i++) {
            if (!split[i].equals(split2[i])) {
                return false;
            }
        }
        return true;
    }

    public static List<Map<String, Object>> getExtensionList(X509Certificate x509Certificate) throws IOException, CertificateEncodingException {
        Extensions extensionsFromCert = getExtensionsFromCert(x509Certificate);
        if (extensionsFromCert != null) {
            return getExtensionList(extensionsFromCert);
        }
        return null;
    }

    public static List<Map<String, Object>> getExtensionList(X509CRL x509crl) throws IOException, CRLException {
        Extensions extensionsFromCRL = getExtensionsFromCRL(x509crl);
        if (extensionsFromCRL != null) {
            return getExtensionList(extensionsFromCRL);
        }
        return null;
    }

    public static List<Map<String, Object>> getExtensionList(PKCS10CertificationRequest pKCS10CertificationRequest) throws IOException {
        Extensions extensionsFromCSR = getExtensionsFromCSR(pKCS10CertificationRequest);
        if (extensionsFromCSR != null) {
            return getExtensionList(extensionsFromCSR);
        }
        return null;
    }

    public static Map<String, Object> getExtension(X509Certificate x509Certificate, String str) throws IOException, CertificateEncodingException {
        Extensions extensionsFromCert = getExtensionsFromCert(x509Certificate);
        if (extensionsFromCert != null) {
            return makeExtensionMap(extensionsFromCert, new ASN1ObjectIdentifier(str));
        }
        return null;
    }

    public static Map<String, Object> getExtension(X509CRL x509crl, String str) throws IOException, CRLException {
        Extensions extensionsFromCRL = getExtensionsFromCRL(x509crl);
        if (extensionsFromCRL != null) {
            return makeExtensionMap(extensionsFromCRL, new ASN1ObjectIdentifier(str));
        }
        return null;
    }

    public static Map<String, Object> getExtension(PKCS10CertificationRequest pKCS10CertificationRequest, String str) throws IOException {
        Extensions extensionsFromCSR = getExtensionsFromCSR(pKCS10CertificationRequest);
        if (extensionsFromCSR != null) {
            return makeExtensionMap(extensionsFromCSR, new ASN1ObjectIdentifier(str));
        }
        return null;
    }

    public static Map<String, Object> getExtension(List<Map<String, Object>> list, String str) {
        for (Map<String, Object> map : list) {
            if (map.get("oid").equals(str)) {
                return map;
            }
        }
        return null;
    }

    public static Object getExtensionValue(X509Certificate x509Certificate, String str) throws IOException, CertificateEncodingException {
        return getExtensionValue(getExtension(x509Certificate, str));
    }

    public static Object getExtensionValue(X509CRL x509crl, String str) throws IOException, CRLException {
        return getExtensionValue(getExtension(x509crl, str));
    }

    public static Object getExtensionValue(PKCS10CertificationRequest pKCS10CertificationRequest, String str) throws IOException {
        return getExtensionValue(getExtension(pKCS10CertificationRequest, str));
    }

    public static Object getExtensionValue(List<Map<String, Object>> list, String str) {
        return getExtensionValue(getExtension(list, str));
    }

    public static Object getExtensionValue(Map<String, Object> map) {
        if (map != null) {
            return map.get("value");
        }
        return null;
    }

    private static List<Map<String, Object>> getExtensionList(Extensions extensions) throws IOException {
        ArrayList arrayList = new ArrayList();
        for (ASN1ObjectIdentifier aSN1ObjectIdentifier : extensions.getCriticalExtensionOIDs()) {
            arrayList.add(makeExtensionMap(extensions, aSN1ObjectIdentifier, true));
        }
        for (ASN1ObjectIdentifier aSN1ObjectIdentifier2 : extensions.getNonCriticalExtensionOIDs()) {
            arrayList.add(makeExtensionMap(extensions, aSN1ObjectIdentifier2, false));
        }
        return arrayList;
    }

    private static Map<String, Object> makeExtensionMap(Extensions extensions, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws IOException {
        return makeExtensionMap(extensions, aSN1ObjectIdentifier, Arrays.asList(extensions.getCriticalExtensionOIDs()).contains(aSN1ObjectIdentifier));
    }

    static Extensions getExtensionsFromCSR(PKCS10CertificationRequest pKCS10CertificationRequest) {
        for (Attribute attribute : pKCS10CertificationRequest.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
            ASN1Set attrValues = attribute.getAttrValues();
            if (attrValues != null) {
                Extensions objectAt = attrValues.getObjectAt(0);
                if (objectAt instanceof Extensions) {
                    return objectAt;
                }
                if (objectAt instanceof DERSequence) {
                    return Extensions.getInstance(objectAt);
                }
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Extensions getExtensionsObjFromMap(List<Map<String, Object>> list) throws IOException, OperatorCreationException {
        if (list == null || list.size() <= 0) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        Iterator<Map<String, Object>> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(parseExtensionObject(it.next()));
        }
        return new Extensions((Extension[]) arrayList.toArray(new Extension[arrayList.size()]));
    }

    static Extension parseExtensionObject(Map<String, Object> map) throws IOException, OperatorCreationException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = new ASN1ObjectIdentifier((String) map.get("oid"));
        Boolean bool = (Boolean) map.get("critical");
        if (aSN1ObjectIdentifier.equals(Extension.subjectAlternativeName) || aSN1ObjectIdentifier.equals(Extension.issuerAlternativeName)) {
            return new Extension(aSN1ObjectIdentifier, bool.booleanValue(), new DEROctetString(mapToGeneralNames((Map) map.get("value"))));
        }
        if (aSN1ObjectIdentifier.equals(MiscObjectIdentifiers.netscapeCertComment)) {
            return new Extension(aSN1ObjectIdentifier, bool.booleanValue(), new DEROctetString(new DERIA5String((String) map.get("value"))));
        }
        if (aSN1ObjectIdentifier.equals(Extension.keyUsage)) {
            return new Extension(aSN1ObjectIdentifier, bool.booleanValue(), new DEROctetString(setToKeyUsage((Set) map.get("value"))));
        }
        if (aSN1ObjectIdentifier.equals(Extension.extendedKeyUsage)) {
            return new Extension(aSN1ObjectIdentifier, bool.booleanValue(), new DEROctetString(listToExtendedKeyUsage((List) map.get("value"))));
        }
        if (aSN1ObjectIdentifier.equals(Extension.basicConstraints)) {
            return new Extension(aSN1ObjectIdentifier, bool.booleanValue(), new DEROctetString(mapToBasicConstraints((Map) map.get("value"))));
        }
        if (aSN1ObjectIdentifier.equals(Extension.subjectKeyIdentifier)) {
            return new Extension(aSN1ObjectIdentifier, bool.booleanValue(), new DEROctetString(publicKeyToSubjectKeyIdentifier((PublicKey) map.get("value"))));
        }
        if (aSN1ObjectIdentifier.equals(Extension.authorityKeyIdentifier)) {
            return new Extension(aSN1ObjectIdentifier, bool.booleanValue(), new DEROctetString(mapToAuthorityKeyIdentifier((Map) map.get("value"))));
        }
        if (aSN1ObjectIdentifier.equals(Extension.cRLNumber)) {
            return new Extension(aSN1ObjectIdentifier, false, new DEROctetString(new CRLNumber((BigInteger) map.get("value"))));
        }
        return new Extension(aSN1ObjectIdentifier, bool.booleanValue(), new DEROctetString(new DERUTF8String((String) map.get("value"))));
    }

    private static Extensions getExtensionsFromCert(X509Certificate x509Certificate) throws CertificateEncodingException, IOException {
        return new X509CertificateHolder(x509Certificate.getEncoded()).getExtensions();
    }

    private static Extensions getExtensionsFromCRL(X509CRL x509crl) throws CRLException, IOException {
        return new X509CRLHolder(x509crl.getEncoded()).getExtensions();
    }

    private static Map<String, Object> makeExtensionMap(Extensions extensions, ASN1ObjectIdentifier aSN1ObjectIdentifier, boolean z) throws IOException {
        Extension extension = extensions.getExtension(aSN1ObjectIdentifier);
        if (extension == null) {
            return null;
        }
        ASN1Object binaryToASN1Object = binaryToASN1Object(aSN1ObjectIdentifier, extension.getExtnValue().getOctets());
        HashMap hashMap = new HashMap();
        hashMap.put("oid", aSN1ObjectIdentifier.getId());
        hashMap.put("critical", Boolean.valueOf(z));
        hashMap.put("value", asn1ObjToObj(binaryToASN1Object));
        return hashMap;
    }

    private static ASN1Object binaryToASN1Object(ASN1ObjectIdentifier aSN1ObjectIdentifier, byte[] bArr) throws IOException {
        if (aSN1ObjectIdentifier.equals(Extension.subjectAlternativeName) || aSN1ObjectIdentifier.equals(Extension.issuerAlternativeName)) {
            return GeneralNames.getInstance(bArr);
        }
        if (aSN1ObjectIdentifier.equals(Extension.authorityKeyIdentifier)) {
            return AuthorityKeyIdentifier.getInstance(bArr);
        }
        if (aSN1ObjectIdentifier.equals(Extension.subjectKeyIdentifier)) {
            return SubjectKeyIdentifier.getInstance(bArr);
        }
        if (aSN1ObjectIdentifier.equals(Extension.basicConstraints)) {
            return BasicConstraints.getInstance(bArr);
        }
        if (aSN1ObjectIdentifier.equals(Extension.keyUsage)) {
            return KeyUsage.getInstance(ASN1Primitive.fromByteArray(bArr));
        }
        if (aSN1ObjectIdentifier.equals(Extension.extendedKeyUsage)) {
            return ExtendedKeyUsage.getInstance(bArr);
        }
        if (aSN1ObjectIdentifier.equals(MiscObjectIdentifiers.netscapeCertComment)) {
            try {
                return ASN1Primitive.fromByteArray(bArr);
            } catch (EOFException e) {
                return new DERIA5String(new String(bArr, Charset.forName("US-ASCII")));
            }
        }
        if (aSN1ObjectIdentifier.equals(Extension.cRLNumber)) {
            return CRLNumber.getInstance(bArr);
        }
        try {
            return DERUTF8String.getInstance(bArr);
        } catch (Exception e2) {
            return new DERUTF8String(new String(bArr, Charset.forName("US-ASCII")));
        }
    }

    private static Object asn1ObjToObj(ASN1Encodable aSN1Encodable) throws IOException {
        return aSN1Encodable instanceof GeneralNames ? generalNamesToMap((GeneralNames) aSN1Encodable) : aSN1Encodable instanceof ASN1ObjectIdentifier ? ((ASN1ObjectIdentifier) aSN1Encodable).getId() : aSN1Encodable instanceof AuthorityKeyIdentifier ? authorityKeyIdToMap((AuthorityKeyIdentifier) aSN1Encodable) : aSN1Encodable instanceof BasicConstraints ? basicConstraintsToMap((BasicConstraints) aSN1Encodable) : aSN1Encodable instanceof CRLNumber ? ((CRLNumber) aSN1Encodable).getCRLNumber() : aSN1Encodable instanceof SubjectKeyIdentifier ? ((SubjectKeyIdentifier) aSN1Encodable).getKeyIdentifier() : aSN1Encodable instanceof ExtendedKeyUsage ? extKeyUsageToList((ExtendedKeyUsage) aSN1Encodable) : aSN1Encodable instanceof KeyPurposeId ? ((KeyPurposeId) aSN1Encodable).getId() : aSN1Encodable instanceof KeyUsage ? keyUsageToSet((KeyUsage) aSN1Encodable) : aSN1Encodable instanceof DERBitString ? ((DERBitString) aSN1Encodable).getString() : aSN1Encodable instanceof ASN1TaggedObject ? asn1ObjToObj(((ASN1TaggedObject) aSN1Encodable).getObject()) : aSN1Encodable instanceof ASN1Sequence ? asn1SeqToList((ASN1Sequence) aSN1Encodable) : aSN1Encodable instanceof ASN1String ? ((ASN1String) aSN1Encodable).getString() : aSN1Encodable instanceof ASN1OctetString ? new String(((ASN1OctetString) aSN1Encodable).getOctets(), "UTF-8") : aSN1Encodable instanceof X500Name ? ((X500Name) aSN1Encodable).toString() : aSN1Encodable.toASN1Primitive().getEncoded();
    }

    private static Set<String> keyUsageToSet(KeyUsage keyUsage) {
        HashSet hashSet = new HashSet();
        for (String str : keyUsageFlags.keySet()) {
            if (keyUsage.hasUsages(keyUsageFlags.get(str).intValue())) {
                hashSet.add(str);
            }
        }
        return hashSet;
    }

    private static KeyUsage setToKeyUsage(Set<String> set) {
        int i = 0;
        for (String str : set) {
            Integer num = keyUsageFlags.get(str);
            if (num == null) {
                throw new IllegalArgumentException("The provided usage key does not exist: '" + str + "'");
            }
            i |= num.intValue();
        }
        return new KeyUsage(i);
    }

    private static ExtendedKeyUsage listToExtendedKeyUsage(List<String> list) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(KeyPurposeId.getInstance(new ASN1ObjectIdentifier(it.next())));
        }
        return new ExtendedKeyUsage((KeyPurposeId[]) arrayList.toArray(new KeyPurposeId[arrayList.size()]));
    }

    private static List<Object> extKeyUsageToList(ExtendedKeyUsage extendedKeyUsage) throws IOException {
        ArrayList arrayList = new ArrayList();
        for (ASN1Encodable aSN1Encodable : extendedKeyUsage.getUsages()) {
            arrayList.add(asn1ObjToObj(aSN1Encodable));
        }
        return arrayList;
    }

    private static Map<String, Object> basicConstraintsToMap(BasicConstraints basicConstraints) {
        HashMap hashMap = new HashMap();
        hashMap.put("is_ca", Boolean.valueOf(basicConstraints.isCA()));
        hashMap.put("path_len_constraint", basicConstraints.getPathLenConstraint());
        return hashMap;
    }

    private static BasicConstraints mapToBasicConstraints(Map<String, Object> map) {
        BasicConstraints basicConstraints;
        Boolean bool = (Boolean) map.get("is_ca");
        if (bool == null) {
            throw new IllegalArgumentException("The 'is_ca' key must be present in a basic constraint.");
        }
        Integer num = (Integer) map.get("path_len_constraint");
        if (num == null) {
            basicConstraints = new BasicConstraints(bool.booleanValue());
        } else {
            if (!bool.booleanValue()) {
                throw new IllegalArgumentException("The 'path_len_constraint' key is not supported for an 'is_ca' value of 'false'");
            }
            basicConstraints = new BasicConstraints(num.intValue());
        }
        return basicConstraints;
    }

    private static SubjectKeyIdentifier publicKeyToSubjectKeyIdentifier(PublicKey publicKey) throws OperatorCreationException {
        return new X509ExtensionUtils(new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1))).createSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
    }

    private static AuthorityKeyIdentifier mapToAuthorityKeyIdentifier(Map<String, Object> map) throws OperatorCreationException {
        AuthorityKeyIdentifier authorityKeyIdentifier = null;
        PublicKey publicKey = (PublicKey) map.get("public_key");
        if (publicKey != null) {
            authorityKeyIdentifier = new X509ExtensionUtils(new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1))).createAuthorityKeyIdentifier(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
        }
        BigInteger bigInteger = (BigInteger) map.get("serial_number");
        if (publicKey == null && bigInteger == null) {
            throw new IllegalArgumentException("Neither 'public_key' nor 'serial_number' provided for auth key identifier.  At least one of these must be provided.");
        }
        String str = (String) map.get("issuer_dn");
        if (str == null) {
            if (bigInteger != null) {
                throw new IllegalArgumentException("'issuer' not provided for auth key identifier but was expected since 'serial_number' was provided");
            }
        } else {
            if (bigInteger == null) {
                throw new IllegalArgumentException("'serial_number' not provided for auth key identifierbut was expected since 'issuer' was provided");
            }
            GeneralNames generalNames = new GeneralNames(new GeneralName(new X500Name(str)));
            authorityKeyIdentifier = authorityKeyIdentifier != null ? new AuthorityKeyIdentifier(authorityKeyIdentifier.getKeyIdentifier(), generalNames, bigInteger) : new AuthorityKeyIdentifier(generalNames, bigInteger);
        }
        return authorityKeyIdentifier;
    }

    private static Map<String, Object> authorityKeyIdToMap(AuthorityKeyIdentifier authorityKeyIdentifier) throws IOException {
        HashMap hashMap = new HashMap();
        hashMap.put("issuer", generalNamesToMap(authorityKeyIdentifier.getAuthorityCertIssuer()));
        hashMap.put("serial_number", authorityKeyIdentifier.getAuthorityCertSerialNumber());
        hashMap.put("key_identifier", authorityKeyIdentifier.getKeyIdentifier());
        return hashMap;
    }

    private static List<Object> asn1SeqToList(ASN1Sequence aSN1Sequence) throws IOException {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < aSN1Sequence.size(); i++) {
            arrayList.add(asn1ObjToObj(aSN1Sequence.getObjectAt(i)));
        }
        return arrayList;
    }

    private static Integer getGnTagFromName(String str) {
        for (int i = 0; i < generalNameTags.size(); i++) {
            if (generalNameTags.get(Integer.valueOf(i)).equalsIgnoreCase(str)) {
                return Integer.valueOf(i);
            }
        }
        return null;
    }

    public static String octetStringToIpString(ASN1OctetString aSN1OctetString) throws UnknownHostException {
        return InetAddress.getByAddress(aSN1OctetString.getOctets()).toString().split("/")[1];
    }

    private static Map<String, List<String>> generalNamesToMap(GeneralNames generalNames) throws IOException {
        String obj;
        if (generalNames == null) {
            return null;
        }
        HashMap hashMap = new HashMap();
        for (GeneralName generalName : generalNames.getNames()) {
            String str = generalNameTags.get(Integer.valueOf(generalName.getTagNo()));
            if (hashMap.get(str) == null) {
                hashMap.put(str, new ArrayList());
            }
            switch (generalName.getTagNo()) {
                case 7:
                    obj = octetStringToIpString(generalName.getName());
                    break;
                default:
                    obj = asn1ObjToObj(generalName.getName()).toString();
                    break;
            }
            ((List) hashMap.get(str)).add(obj);
        }
        return hashMap;
    }

    private static GeneralNames mapToGeneralNames(Map<String, List<String>> map) {
        ArrayList arrayList = new ArrayList();
        for (String str : map.keySet()) {
            Integer gnTagFromName = getGnTagFromName(str);
            if (gnTagFromName == null) {
                throw new IllegalArgumentException("Could not find a tag number for the type name '" + str + '\"');
            }
            Iterator<String> it = map.get(str).iterator();
            while (it.hasNext()) {
                arrayList.add(new GeneralName(gnTagFromName.intValue(), it.next()));
            }
        }
        return new GeneralNames((GeneralName[]) arrayList.toArray(new GeneralName[arrayList.size()]));
    }
}
