package com.venafi.vcert.sdk.policy.converter.tpp;

import com.venafi.vcert.sdk.VCertException;
import com.venafi.vcert.sdk.features.SupportedECCKeys;
import com.venafi.vcert.sdk.features.SupportedKeyPairs;
import com.venafi.vcert.sdk.features.SupportedRSAKeySizes;
import com.venafi.vcert.sdk.policy.converter.IPolicySpecificationValidator;
import com.venafi.vcert.sdk.policy.domain.Defaults;
import com.venafi.vcert.sdk.policy.domain.DefaultsKeyPair;
import com.venafi.vcert.sdk.policy.domain.DefaultsSubject;
import com.venafi.vcert.sdk.policy.domain.KeyPair;
import com.venafi.vcert.sdk.policy.domain.Policy;
import com.venafi.vcert.sdk.policy.domain.PolicySpecification;
import com.venafi.vcert.sdk.policy.domain.PolicySpecificationConst;
import com.venafi.vcert.sdk.policy.domain.Subject;
import java.util.Arrays;

/* loaded from: input_file:WEB-INF/lib/vcert-java-0.9.3.jar:com/venafi/vcert/sdk/policy/converter/tpp/TPPPolicySpecificationValidator.class */
public class TPPPolicySpecificationValidator implements IPolicySpecificationValidator {
    public static final String ATTRIBUTE_HAS_MORE_THAN_ONE_VALUE_EXCEPTION_MESSAGE = "The specified policy attribute %s has more than one value";
    public static final String ATTRIBUTE_HAS_NOT_A_TWO_CHAR_STRING_VALUE_EXCEPTION_MESSAGE = "The specified policy attribute %s has not a two-char string value.";
    public static final String ATTRIBUTE_DOESNT_MATCH_WITH_ACCEPTED_VALUES_EXCEPTION_MESSAGE = "The specified value for policy attribute %s doesn't match with the supported ones";
    public static final String DEFAULT_ATTRIBUTE_DOESNT_MATCH_WITH_ACCEPTED_VALUES_EXCEPTION_MESSAGE = "The specified value for default attribute %s doesn't match with the supported ones";
    public static final String DEFAULT_ATTRIBUTE_DOESNT_MATCH_EXCEPTION_MESSAGE = "The specified value for default attribute %1$s doesn't match with the value of policy attribute %2$s";
    public static final TPPPolicySpecificationValidator INSTANCE = new TPPPolicySpecificationValidator();

    private TPPPolicySpecificationValidator() {
    }

    @Override // com.venafi.vcert.sdk.policy.converter.IPolicySpecificationValidator
    public void validate(PolicySpecification policySpecification) throws Exception {
        Policy policy = policySpecification.policy();
        Defaults defaults = policySpecification.defaults();
        if (policy != null) {
            validatePolicySubject(policy.subject());
            validateKeyPair(policy.keyPair());
        }
        if (defaults != null) {
            validateDefaultSubject(defaults.subject(), policy != null ? policy.subject() : null);
            validateDefaultKeyPair(defaults.keyPair(), policy != null ? policy.keyPair() : null);
        }
    }

    private void validatePolicySubject(Subject subject) throws VCertException {
        if (subject != null) {
            if (subject.orgs() != null && subject.orgs().length > 1) {
                throw new VCertException(String.format("The specified policy attribute %s has more than one value", PolicySpecificationConst.ATT_POLICY_SUBJECT_ORGS));
            }
            if (subject.localities() != null && subject.localities().length > 1) {
                throw new VCertException(String.format("The specified policy attribute %s has more than one value", PolicySpecificationConst.ATT_POLICY_SUBJECT_LOCALITIES));
            }
            if (subject.states() != null && subject.states().length > 1) {
                throw new VCertException(String.format("The specified policy attribute %s has more than one value", PolicySpecificationConst.ATT_POLICY_SUBJECT_STATES));
            }
            if (subject.countries() != null && subject.countries().length > 1) {
                throw new VCertException(String.format("The specified policy attribute %s has more than one value", PolicySpecificationConst.ATT_POLICY_SUBJECT_COUNTRIES));
            }
            if (subject.countries() != null && subject.countries().length == 1 && subject.countries()[0].length() != 2) {
                throw new VCertException(String.format(ATTRIBUTE_HAS_NOT_A_TWO_CHAR_STRING_VALUE_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_POLICY_SUBJECT_COUNTRIES));
            }
        }
    }

    private void validateKeyPair(KeyPair keyPair) throws VCertException {
        if (keyPair != null) {
            if (keyPair.keyTypes() != null) {
                int length = keyPair.keyTypes().length;
                if (length > 1) {
                    throw new VCertException(String.format("The specified policy attribute %s has more than one value", PolicySpecificationConst.ATT_POLICY_KEYPAIR_KEY_TYPES));
                }
                if (length == 1 && !SupportedKeyPairs.TPP.containsKeyTypes(keyPair.keyTypes())) {
                    throw new VCertException(String.format("The specified value for policy attribute %s doesn't match with the supported ones", PolicySpecificationConst.ATT_POLICY_KEYPAIR_KEY_TYPES));
                }
            }
            if (keyPair.rsaKeySizes() != null) {
                int length2 = keyPair.rsaKeySizes().length;
                if (length2 > 1) {
                    throw new VCertException(String.format("The specified policy attribute %s has more than one value", PolicySpecificationConst.ATT_POLICY_KEYPAIR_RSA_KEY_SIZES));
                }
                if (length2 == 1 && !SupportedRSAKeySizes.TPP.containsRsaKeySizes(keyPair.rsaKeySizes())) {
                    throw new VCertException(String.format("The specified value for policy attribute %s doesn't match with the supported ones", PolicySpecificationConst.ATT_POLICY_KEYPAIR_RSA_KEY_SIZES));
                }
            }
            if (keyPair.ellipticCurves() != null) {
                int length3 = keyPair.ellipticCurves().length;
                if (length3 > 1) {
                    throw new VCertException(String.format("The specified policy attribute %s has more than one value", PolicySpecificationConst.ATT_POLICY_KEYPAIR_ELLIPTIC_CURVES));
                }
                if (length3 == 1 && !SupportedECCKeys.TPP.containsEllipticCurves(keyPair.ellipticCurves())) {
                    throw new VCertException(String.format("The specified value for policy attribute %s doesn't match with the supported ones", PolicySpecificationConst.ATT_POLICY_KEYPAIR_ELLIPTIC_CURVES));
                }
            }
        }
    }

    private void validateDefaultSubject(DefaultsSubject defaultsSubject, Subject subject) throws VCertException {
        if (defaultsSubject != null) {
            if (subject != null) {
                if (subject.orgs() != null && subject.orgs().length == 1 && !subject.orgs()[0].equals("") && defaultsSubject.org() != null && !defaultsSubject.org().equals("") && !subject.orgs()[0].equals(defaultsSubject.org())) {
                    throw new VCertException(String.format("The specified value for default attribute %1$s doesn't match with the value of policy attribute %2$s", PolicySpecificationConst.ATT_DEFAULTS_SUBJECT_ORG, PolicySpecificationConst.ATT_POLICY_SUBJECT_ORGS));
                }
                if (subject.orgUnits() != null && defaultsSubject.orgUnits() != null && !Arrays.asList(subject.orgUnits()).containsAll(Arrays.asList(defaultsSubject.orgUnits()))) {
                    throw new VCertException(String.format("The specified value for default attribute %1$s doesn't match with the value of policy attribute %2$s", "orgUnits", "orgUnits"));
                }
                if (subject.localities() != null && subject.localities().length == 1 && !subject.localities()[0].equals("") && defaultsSubject.locality() != null && !defaultsSubject.locality().equals("") && !subject.localities()[0].equals(defaultsSubject.locality())) {
                    throw new VCertException(String.format("The specified value for default attribute %1$s doesn't match with the value of policy attribute %2$s", PolicySpecificationConst.ATT_DEFAULTS_SUBJECT_LOCALITY, PolicySpecificationConst.ATT_POLICY_SUBJECT_LOCALITIES));
                }
                if (subject.states() != null && subject.states().length == 1 && !subject.states()[0].equals("") && defaultsSubject.state() != null && !defaultsSubject.state().equals("") && !subject.states()[0].equals(defaultsSubject.state())) {
                    throw new VCertException(String.format("The specified value for default attribute %1$s doesn't match with the value of policy attribute %2$s", PolicySpecificationConst.ATT_DEFAULTS_SUBJECT_STATE, PolicySpecificationConst.ATT_POLICY_SUBJECT_STATES));
                }
                if (subject.countries() != null && subject.countries().length == 1 && !subject.countries()[0].equals("") && defaultsSubject.country() != null && !defaultsSubject.country().equals("") && !subject.countries()[0].equals(defaultsSubject.country())) {
                    throw new VCertException(String.format("The specified value for default attribute %1$s doesn't match with the value of policy attribute %2$s", PolicySpecificationConst.ATT_DEFAULTS_SUBJECT_COUNTRY, PolicySpecificationConst.ATT_POLICY_SUBJECT_COUNTRIES));
                }
            }
            if (defaultsSubject.country() != null && defaultsSubject.country().length() != 2) {
                throw new VCertException(String.format(ATTRIBUTE_HAS_NOT_A_TWO_CHAR_STRING_VALUE_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_DEFAULTS_SUBJECT_COUNTRY));
            }
        }
    }

    private void validateDefaultKeyPair(DefaultsKeyPair defaultsKeyPair, KeyPair keyPair) throws VCertException {
        String[] ellipticCurves;
        Integer[] rsaKeySizes;
        String[] keyTypes;
        if (defaultsKeyPair != null) {
            String keyType = defaultsKeyPair.keyType();
            if (keyType != null && !keyType.equals("")) {
                if (!SupportedKeyPairs.TPP.containsKeyType(keyType)) {
                    throw new VCertException(String.format("The specified value for default attribute %s doesn't match with the supported ones", PolicySpecificationConst.ATT_DEFAULTS_KEYPAIR_KEY_TYPE));
                }
                if (keyPair != null && (keyTypes = keyPair.keyTypes()) != null && keyTypes.length == 1 && !keyTypes[0].equals("") && !keyTypes[0].equals(keyType)) {
                    throw new VCertException(String.format("The specified value for default attribute %1$s doesn't match with the value of policy attribute %2$s", PolicySpecificationConst.ATT_DEFAULTS_KEYPAIR_KEY_TYPE, PolicySpecificationConst.ATT_POLICY_KEYPAIR_KEY_TYPES));
                }
            }
            Integer rsaKeySize = defaultsKeyPair.rsaKeySize();
            if (rsaKeySize != null) {
                if (!SupportedRSAKeySizes.TPP.containsRsaKeySize(rsaKeySize.intValue())) {
                    throw new VCertException(String.format("The specified value for default attribute %s doesn't match with the supported ones", PolicySpecificationConst.ATT_DEFAULTS_KEYPAIR_RSA_KEY_SIZE));
                }
                if (keyPair != null && (rsaKeySizes = keyPair.rsaKeySizes()) != null && rsaKeySizes.length == 1 && !rsaKeySizes[0].equals(rsaKeySize)) {
                    throw new VCertException(String.format("The specified value for default attribute %1$s doesn't match with the value of policy attribute %2$s", PolicySpecificationConst.ATT_DEFAULTS_KEYPAIR_RSA_KEY_SIZE, PolicySpecificationConst.ATT_POLICY_KEYPAIR_RSA_KEY_SIZES));
                }
            }
            String ellipticCurve = defaultsKeyPair.ellipticCurve();
            if (ellipticCurve != null && !ellipticCurve.equals("")) {
                if (!SupportedECCKeys.TPP.containsEllipticCurve(ellipticCurve)) {
                    throw new VCertException(String.format("The specified value for default attribute %s doesn't match with the supported ones", PolicySpecificationConst.ATT_DEFAULTS_KEYPAIR_ELLIPTIC_CURVE));
                }
                if (keyPair != null && (ellipticCurves = keyPair.ellipticCurves()) != null && ellipticCurves.length == 1 && !ellipticCurves[0].equals("") && !ellipticCurves[0].equals(ellipticCurve)) {
                    throw new VCertException(String.format("The specified value for default attribute %1$s doesn't match with the value of policy attribute %2$s", PolicySpecificationConst.ATT_DEFAULTS_KEYPAIR_ELLIPTIC_CURVE, PolicySpecificationConst.ATT_POLICY_KEYPAIR_ELLIPTIC_CURVES));
                }
            }
            if (keyPair != null && keyPair.serviceGenerated() != null && defaultsKeyPair.serviceGenerated() != null && !keyPair.serviceGenerated().equals(defaultsKeyPair.serviceGenerated())) {
                throw new VCertException(String.format("The specified value for default attribute %1$s doesn't match with the value of policy attribute %2$s", "serviceGenerated", "serviceGenerated"));
            }
        }
    }
}
