package com.venafi.vcert.sdk.policy.converter.cloud;

import com.venafi.vcert.sdk.VCertException;
import com.venafi.vcert.sdk.features.SupportedKeyPairs;
import com.venafi.vcert.sdk.features.SupportedRSAKeySizes;
import com.venafi.vcert.sdk.policy.converter.IPolicySpecificationValidator;
import com.venafi.vcert.sdk.policy.domain.Defaults;
import com.venafi.vcert.sdk.policy.domain.DefaultsKeyPair;
import com.venafi.vcert.sdk.policy.domain.DefaultsSubject;
import com.venafi.vcert.sdk.policy.domain.KeyPair;
import com.venafi.vcert.sdk.policy.domain.Policy;
import com.venafi.vcert.sdk.policy.domain.PolicySpecification;
import com.venafi.vcert.sdk.policy.domain.PolicySpecificationConst;
import com.venafi.vcert.sdk.policy.domain.Subject;
import com.venafi.vcert.sdk.policy.domain.SubjectAltNames;
import java.util.Arrays;
import java.util.Objects;
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:WEB-INF/lib/vcert-java-0.9.3.jar:com/venafi/vcert/sdk/policy/converter/cloud/CloudPolicySpecificationValidator.class */
public class CloudPolicySpecificationValidator implements IPolicySpecificationValidator {
    public static final String CERTIFICATE_AUTHORITY_EXCEPTION_MESSAGE = "Certificate Authority is invalid, please provide a valid value with this structure: ca_type\\ca_account_key\\vendor_product_name";
    public static final String MAX_VALID_DAYS_EXCEPTION_MESSAGE = "The Max Valid days value should be an positive integer or zero( it will be converted to the default which is 365)";
    public static final String ATTRIBUTE_HAS_MORE_THAN_ONE_VALUE_EXCEPTION_MESSAGE = "The specified policy attribute %s has more than one value";
    public static final String ATTRIBUTE_HAS_MORE_THAN_ONE_VALUE_CONTAINING_ALLOW_ALL_STRING_EXCEPTION_MESSAGE = "The specified policy attribute %s contains the \".*\" but contains another values.";
    public static final String ATTRIBUTE_HAS_NOT_A_TWO_CHAR_STRING_VALUE_EXCEPTION_MESSAGE = "The specified policy attribute %s has a value which is not a two-char string value.";
    public static final String ATTRIBUTE_DOESNT_MATCH_WITH_ACCEPTED_VALUES_EXCEPTION_MESSAGE = "The specified value for policy attribute %s doesn't match with the supported ones";
    public static final String DEFAULT_ATTRIBUTE_DOESNT_MATCH_WITH_ACCEPTED_VALUES_EXCEPTION_MESSAGE = "The specified value for default attribute %s doesn't match with the supported ones";
    public static final String DEFAULT_ATTRIBUTE_DOESNT_MATCH_EXCEPTION_MESSAGE = "The specified value for default attribute %1$s doesn't match with the value of policy attribute %2$s";
    public static final String SUBJECT_ALT_NAME_ATTRIBUTE_DOESNT_SUPPORTED_EXCEPTION_MESSAGE = "The specified attribute %1$s can't be true due only DNS is supported.";
    public static final CloudPolicySpecificationValidator INSTANCE = new CloudPolicySpecificationValidator();

    private CloudPolicySpecificationValidator() {
    }

    @Override // com.venafi.vcert.sdk.policy.converter.IPolicySpecificationValidator
    public void validate(PolicySpecification policySpecification) throws Exception {
        Policy policy = policySpecification.policy();
        Defaults defaults = policySpecification.defaults();
        if (policy != null) {
            validateMaxValidDays(policy);
            validateCertificateAuthority(policy);
            validatePolicySubject(policy.subject());
            validateKeyPair(policy.keyPair());
            validateSubjectAltNames(policy.subjectAltNames());
        }
        if (defaults != null) {
            validateDefaultSubject(defaults.subject(), policy != null ? policy.subject() : null);
            validateDefaultKeyPair(defaults.keyPair(), policy != null ? policy.keyPair() : null);
        }
    }

    private void validateCertificateAuthority(Policy policy) throws VCertException {
        if (policy.certificateAuthority() != null && StringUtils.split(policy.certificateAuthority(), "\\").length < 3) {
            throw new VCertException(CERTIFICATE_AUTHORITY_EXCEPTION_MESSAGE);
        }
    }

    private void validateMaxValidDays(Policy policy) throws VCertException {
        if (policy.maxValidDays() != null && policy.maxValidDays().intValue() < 0) {
            throw new VCertException(MAX_VALID_DAYS_EXCEPTION_MESSAGE);
        }
    }

    private void validatePolicySubject(Subject subject) throws VCertException {
        if (subject != null) {
            if (subject.orgs() != null && subject.orgs().length > 1) {
                Stream stream = Arrays.stream(subject.orgs());
                String str = PolicySpecificationConst.ALLOW_ALL;
                if (stream.anyMatch((v1) -> {
                    return r1.equals(v1);
                })) {
                    throw new VCertException(String.format(ATTRIBUTE_HAS_MORE_THAN_ONE_VALUE_CONTAINING_ALLOW_ALL_STRING_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_POLICY_SUBJECT_ORGS));
                }
            }
            if (subject.orgUnits() != null && subject.orgUnits().length > 1) {
                Stream stream2 = Arrays.stream(subject.orgUnits());
                String str2 = PolicySpecificationConst.ALLOW_ALL;
                if (stream2.anyMatch((v1) -> {
                    return r1.equals(v1);
                })) {
                    throw new VCertException(String.format(ATTRIBUTE_HAS_MORE_THAN_ONE_VALUE_CONTAINING_ALLOW_ALL_STRING_EXCEPTION_MESSAGE, "orgUnits"));
                }
            }
            if (subject.localities() != null && subject.localities().length > 1) {
                Stream stream3 = Arrays.stream(subject.localities());
                String str3 = PolicySpecificationConst.ALLOW_ALL;
                if (stream3.anyMatch((v1) -> {
                    return r1.equals(v1);
                })) {
                    throw new VCertException(String.format(ATTRIBUTE_HAS_MORE_THAN_ONE_VALUE_CONTAINING_ALLOW_ALL_STRING_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_POLICY_SUBJECT_LOCALITIES));
                }
            }
            if (subject.states() != null && subject.states().length > 1) {
                Stream stream4 = Arrays.stream(subject.states());
                String str4 = PolicySpecificationConst.ALLOW_ALL;
                if (stream4.anyMatch((v1) -> {
                    return r1.equals(v1);
                })) {
                    throw new VCertException(String.format(ATTRIBUTE_HAS_MORE_THAN_ONE_VALUE_CONTAINING_ALLOW_ALL_STRING_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_POLICY_SUBJECT_STATES));
                }
            }
            if (subject.countries() != null && subject.countries().length > 1) {
                Stream stream5 = Arrays.stream(subject.countries());
                String str5 = PolicySpecificationConst.ALLOW_ALL;
                if (stream5.anyMatch((v1) -> {
                    return r1.equals(v1);
                })) {
                    throw new VCertException(String.format(ATTRIBUTE_HAS_MORE_THAN_ONE_VALUE_CONTAINING_ALLOW_ALL_STRING_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_POLICY_SUBJECT_COUNTRIES));
                }
            }
            if (subject.countries() == null || subject.countries().length <= 0) {
                return;
            }
            for (String str6 : subject.countries()) {
                if (str6.length() != 2) {
                    throw new VCertException(String.format(ATTRIBUTE_HAS_NOT_A_TWO_CHAR_STRING_VALUE_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_POLICY_SUBJECT_COUNTRIES));
                }
            }
        }
    }

    private void validateKeyPair(KeyPair keyPair) throws VCertException {
        if (keyPair != null) {
            if (keyPair.keyTypes() != null && keyPair.keyTypes().length > 0 && !SupportedKeyPairs.VAAS.containsKeyTypes(keyPair.keyTypes())) {
                throw new VCertException(String.format("The specified value for policy attribute %s doesn't match with the supported ones", PolicySpecificationConst.ATT_POLICY_KEYPAIR_KEY_TYPES));
            }
            if (keyPair.rsaKeySizes() != null && !SupportedRSAKeySizes.VAAS.containsRsaKeySizes(keyPair.rsaKeySizes())) {
                throw new VCertException(String.format("The specified value for policy attribute %s doesn't match with the supported ones", PolicySpecificationConst.ATT_POLICY_KEYPAIR_RSA_KEY_SIZES));
            }
        }
    }

    private void validateSubjectAltNames(SubjectAltNames subjectAltNames) throws VCertException {
        if (subjectAltNames.ipAllowed() != null && subjectAltNames.ipAllowed().booleanValue()) {
            throw new VCertException(String.format(SUBJECT_ALT_NAME_ATTRIBUTE_DOESNT_SUPPORTED_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_POLICY_SUBJECT_ALT_NAMES_IP_ALLOWED));
        }
        if (subjectAltNames.emailAllowed() != null && subjectAltNames.emailAllowed().booleanValue()) {
            throw new VCertException(String.format(SUBJECT_ALT_NAME_ATTRIBUTE_DOESNT_SUPPORTED_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_POLICY_SUBJECT_ALT_NAMES_EMAIL_ALLOWED));
        }
        if (subjectAltNames.uriAllowed() != null && subjectAltNames.uriAllowed().booleanValue()) {
            throw new VCertException(String.format(SUBJECT_ALT_NAME_ATTRIBUTE_DOESNT_SUPPORTED_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_POLICY_SUBJECT_ALT_NAMES_URI_ALLOWED));
        }
        if (subjectAltNames.upnAllowed() != null && subjectAltNames.upnAllowed().booleanValue()) {
            throw new VCertException(String.format(SUBJECT_ALT_NAME_ATTRIBUTE_DOESNT_SUPPORTED_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_POLICY_SUBJECT_ALT_NAMES_UPN_ALLOWED));
        }
    }

    private void validateDefaultSubject(DefaultsSubject defaultsSubject, Subject subject) throws VCertException {
        if (defaultsSubject != null) {
            if (subject != null) {
                if (subject.orgs() != null && defaultsSubject.org() != null && !defaultsSubject.org().equals("")) {
                    Stream stream = Arrays.stream(subject.orgs());
                    String str = PolicySpecificationConst.ALLOW_ALL;
                    if (!stream.anyMatch((v1) -> {
                        return r1.equals(v1);
                    })) {
                        Stream stream2 = Arrays.stream(subject.orgs());
                        String org2 = defaultsSubject.org();
                        Objects.requireNonNull(org2);
                        if (!stream2.anyMatch((v1) -> {
                            return r1.equals(v1);
                        })) {
                            throw new VCertException(String.format("The specified value for default attribute %1$s doesn't match with the value of policy attribute %2$s", PolicySpecificationConst.ATT_DEFAULTS_SUBJECT_ORG, PolicySpecificationConst.ATT_POLICY_SUBJECT_ORGS));
                        }
                    }
                }
                if (subject.orgUnits() != null && defaultsSubject.orgUnits() != null) {
                    Stream stream3 = Arrays.stream(subject.orgUnits());
                    String str2 = PolicySpecificationConst.ALLOW_ALL;
                    if (!stream3.anyMatch((v1) -> {
                        return r1.equals(v1);
                    }) && !Arrays.asList(subject.orgUnits()).containsAll(Arrays.asList(defaultsSubject.orgUnits()))) {
                        throw new VCertException(String.format("The specified value for default attribute %1$s doesn't match with the value of policy attribute %2$s", "orgUnits", "orgUnits"));
                    }
                }
                if (subject.localities() != null && defaultsSubject.locality() != null && !defaultsSubject.locality().equals("")) {
                    Stream stream4 = Arrays.stream(subject.localities());
                    String str3 = PolicySpecificationConst.ALLOW_ALL;
                    if (!stream4.anyMatch((v1) -> {
                        return r1.equals(v1);
                    })) {
                        Stream stream5 = Arrays.stream(subject.localities());
                        String locality = defaultsSubject.locality();
                        Objects.requireNonNull(locality);
                        if (!stream5.anyMatch((v1) -> {
                            return r1.equals(v1);
                        })) {
                            throw new VCertException(String.format("The specified value for default attribute %1$s doesn't match with the value of policy attribute %2$s", PolicySpecificationConst.ATT_DEFAULTS_SUBJECT_LOCALITY, PolicySpecificationConst.ATT_POLICY_SUBJECT_LOCALITIES));
                        }
                    }
                }
                if (subject.states() != null && defaultsSubject.state() != null && !defaultsSubject.state().equals("")) {
                    Stream stream6 = Arrays.stream(subject.states());
                    String str4 = PolicySpecificationConst.ALLOW_ALL;
                    if (!stream6.anyMatch((v1) -> {
                        return r1.equals(v1);
                    })) {
                        Stream stream7 = Arrays.stream(subject.states());
                        String state = defaultsSubject.state();
                        Objects.requireNonNull(state);
                        if (!stream7.anyMatch((v1) -> {
                            return r1.equals(v1);
                        })) {
                            throw new VCertException(String.format("The specified value for default attribute %1$s doesn't match with the value of policy attribute %2$s", PolicySpecificationConst.ATT_DEFAULTS_SUBJECT_STATE, PolicySpecificationConst.ATT_POLICY_SUBJECT_STATES));
                        }
                    }
                }
                if (subject.countries() != null && defaultsSubject.country() != null && !defaultsSubject.country().equals("")) {
                    Stream stream8 = Arrays.stream(subject.countries());
                    String str5 = PolicySpecificationConst.ALLOW_ALL;
                    if (!stream8.anyMatch((v1) -> {
                        return r1.equals(v1);
                    })) {
                        Stream stream9 = Arrays.stream(subject.countries());
                        String country = defaultsSubject.country();
                        Objects.requireNonNull(country);
                        if (!stream9.anyMatch((v1) -> {
                            return r1.equals(v1);
                        })) {
                            throw new VCertException(String.format("The specified value for default attribute %1$s doesn't match with the value of policy attribute %2$s", PolicySpecificationConst.ATT_DEFAULTS_SUBJECT_COUNTRY, PolicySpecificationConst.ATT_POLICY_SUBJECT_COUNTRIES));
                        }
                    }
                }
            }
            if (defaultsSubject.country() != null && defaultsSubject.country().length() != 2) {
                throw new VCertException(String.format(ATTRIBUTE_HAS_NOT_A_TWO_CHAR_STRING_VALUE_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_DEFAULTS_SUBJECT_COUNTRY));
            }
        }
    }

    private void validateDefaultKeyPair(DefaultsKeyPair defaultsKeyPair, KeyPair keyPair) throws VCertException {
        String[] keyTypes;
        if (defaultsKeyPair != null) {
            String keyType = defaultsKeyPair.keyType();
            if (keyType != null && !keyType.equals("")) {
                if (!SupportedKeyPairs.VAAS.containsKeyType(keyType)) {
                    throw new VCertException(String.format("The specified value for default attribute %s doesn't match with the supported ones", PolicySpecificationConst.ATT_DEFAULTS_KEYPAIR_KEY_TYPE));
                }
                if (keyPair != null && (keyTypes = keyPair.keyTypes()) != null && keyTypes.length == 1 && !keyTypes[0].equals("") && !keyTypes[0].equals(keyType)) {
                    throw new VCertException(String.format("The specified value for default attribute %1$s doesn't match with the value of policy attribute %2$s", PolicySpecificationConst.ATT_DEFAULTS_KEYPAIR_KEY_TYPE, PolicySpecificationConst.ATT_POLICY_KEYPAIR_KEY_TYPES));
                }
            }
            Integer rsaKeySize = defaultsKeyPair.rsaKeySize();
            if (rsaKeySize != null) {
                if (!SupportedRSAKeySizes.VAAS.containsRsaKeySize(rsaKeySize.intValue())) {
                    throw new VCertException(String.format("The specified value for default attribute %s doesn't match with the supported ones", PolicySpecificationConst.ATT_DEFAULTS_KEYPAIR_RSA_KEY_SIZE));
                }
                if (keyPair != null) {
                    Stream stream = Arrays.stream(keyPair.rsaKeySizes());
                    Objects.requireNonNull(rsaKeySize);
                    if (!stream.anyMatch((v1) -> {
                        return r1.equals(v1);
                    })) {
                        throw new VCertException(String.format("The specified value for default attribute %1$s doesn't match with the value of policy attribute %2$s", PolicySpecificationConst.ATT_DEFAULTS_KEYPAIR_RSA_KEY_SIZE, PolicySpecificationConst.ATT_POLICY_KEYPAIR_RSA_KEY_SIZES));
                    }
                }
            }
        }
    }
}
