package by.avest.certstore;

import by.avest.crypto.x509.AttrCertIssuer;
import by.avest.crypto.x509.GeneralNames;
import by.avest.crypto.x509.Holder;
import by.avest.crypto.x509.IssuerSerial;
import by.avest.crypto.x509.ObjectDigestInfo;
import by.avest.crypto.x509.X509AttributeCertificate;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.AuthorityKeyIdentifierExtension;
import sun.security.x509.KeyIdentifier;
import sun.security.x509.PKIXExtensions;

/* loaded from: input_file:by/avest/certstore/X509AttrCertSelector.class */
public class X509AttrCertSelector implements AttrCertSelector {
    private X509AttributeCertificate attributeCertificate;
    private X509Certificate holderCertificate;
    private BigInteger serialNumber;
    private Holder holder;
    private AttrCertIssuer issuer;
    private Date attributeCertificateValid;
    private byte[] authorityKeyId;
    private Set<ObjectIdentifier> hasAttributes;
    private boolean disallowHolderEntityNameEmptyX500Name = false;

    @Override // by.avest.certstore.AttrCertSelector
    public boolean match(X509AttributeCertificate x509AttributeCertificate) {
        if (Util.isDebug()) {
            Util.log("X509AttrCertSelector.match(SN: " + x509AttributeCertificate.getSerialNumber().getNumber().toString(16) + "\n  Issuer: " + x509AttributeCertificate.getIssuer() + "\n  Holder: " + x509AttributeCertificate.getHolder() + ")");
        }
        if (this.attributeCertificate != null && !this.attributeCertificate.equals(x509AttributeCertificate)) {
            if (!Util.isDebug()) {
                return false;
            }
            Util.log("X509AttrCertSelector.match: attr certs don't match");
            return false;
        }
        if (this.serialNumber != null && !this.serialNumber.equals(x509AttributeCertificate.getSerialNumber().getNumber())) {
            if (!Util.isDebug()) {
                return false;
            }
            Util.log("X509AttrCertSelector.match: serial numbers don't match");
            return false;
        }
        if (this.issuer != null && !this.issuer.equals(x509AttributeCertificate.getIssuer())) {
            if (!Util.isDebug()) {
                return false;
            }
            Util.log("X509AttrCertSelector.match: issuers don't match");
            return false;
        }
        if (this.attributeCertificateValid != null) {
            try {
                x509AttributeCertificate.checkValidity(this.attributeCertificateValid);
            } catch (CertificateException e) {
                if (!Util.isDebug()) {
                    return false;
                }
                Util.log("X509AttrCertSelector.match: attribute certificate not within validity period");
                return false;
            }
        }
        boolean z = matchAuthorityKeyId(x509AttributeCertificate) && matchHolderCertificate(x509AttributeCertificate) && matchHasAttributes(x509AttributeCertificate) && matchHolder(x509AttributeCertificate);
        if (z && Util.isDebug()) {
            Util.log("X509AttrCertSelector.match returning: true");
        }
        return z;
    }

    private boolean matchHolder(X509AttributeCertificate x509AttributeCertificate) {
        if (this.holder == null || this.holder.equals(x509AttributeCertificate.getHolder())) {
            return true;
        }
        if (this.disallowHolderEntityNameEmptyX500Name) {
            if (!Util.isDebug()) {
                return false;
            }
            Util.log("X509AttrCertSelector.match: holders don't match (disallowHolderEntityNameEmptyX500Name=true)");
            return false;
        }
        if (this.holder.getEntityName() != null) {
            if (!Util.isDebug()) {
                return false;
            }
            Util.log("X509AttrCertSelector.match: holders don't match (disallowHolderEntityNameEmptyX500Name=false, given entityName isn't empty)");
            return false;
        }
        Holder createV2 = Holder.createV2(this.holder.getBaseCertificateId(), Holder.ENTITY_NAME_X500NAME_EMPTY, this.holder.getObjectDigestInfo());
        if (createV2.equals(x509AttributeCertificate.getHolder())) {
            return true;
        }
        if (!Util.isDebug()) {
            return false;
        }
        Util.log("X509AttrCertSelector.match: holders don't match (disallowHolderEntityNameEmptyX500Name=false, given entityName is empty and fixedHolder=" + createV2 + ")");
        return false;
    }

    private boolean matchHasAttributes(X509AttributeCertificate x509AttributeCertificate) {
        if (this.hasAttributes == null) {
            return true;
        }
        for (ObjectIdentifier objectIdentifier : this.hasAttributes) {
            try {
            } catch (IOException e) {
                if (Util.isDebug()) {
                    e.printStackTrace();
                }
            }
            if (x509AttributeCertificate.getAttibute(objectIdentifier.toString()) == null) {
                if (!Util.isDebug()) {
                    return false;
                }
                Util.log("X509AttrCertSelector.match: has no attribute " + objectIdentifier);
                return false;
            }
            continue;
        }
        return true;
    }

    private boolean matchHolderCertificate(X509AttributeCertificate x509AttributeCertificate) {
        if (this.holderCertificate == null) {
            return true;
        }
        Holder holder = x509AttributeCertificate.getHolder();
        IssuerSerial baseCertificateId = holder.getBaseCertificateId();
        if (baseCertificateId != null) {
            boolean z = baseCertificateId.getSerial().getNumber().equals(this.holderCertificate.getSerialNumber()) && Util.nameMatches(this.holderCertificate.getIssuerDN(), baseCertificateId.getIssuer());
            if (!z && Util.isDebug()) {
                Util.log("X509AttrCertSelector.match: holder base certificate id don't match");
            }
            return z;
        }
        GeneralNames entityName = holder.getEntityName();
        if (entityName != null) {
            boolean nameMatches = Util.nameMatches(this.holderCertificate.getSubjectDN(), entityName);
            if (!nameMatches && Util.isDebug()) {
                Util.log("X509AttrCertSelector.match: holder entity name don't match");
            }
            return nameMatches;
        }
        ObjectDigestInfo objectDigestInfo = holder.getObjectDigestInfo();
        if (objectDigestInfo == null) {
            return true;
        }
        boolean digestMatches = Util.digestMatches(this.holderCertificate, objectDigestInfo);
        if (!digestMatches && Util.isDebug()) {
            Util.log("X509AttrCertSelector.match: holder object digest info don't match");
        }
        return digestMatches;
    }

    private boolean matchAuthorityKeyId(X509AttributeCertificate x509AttributeCertificate) {
        if (this.authorityKeyId == null) {
            return true;
        }
        try {
            AuthorityKeyIdentifierExtension extension = x509AttributeCertificate.getExtension(PKIXExtensions.AuthorityKey_Id);
            if (extension == null) {
                if (!Util.isDebug()) {
                    return false;
                }
                Util.log("X509AttrCertSelector.match: no authority key Id extension");
                return false;
            }
            KeyIdentifier keyIdentifier = (KeyIdentifier) (extension instanceof AuthorityKeyIdentifierExtension ? extension : new AuthorityKeyIdentifierExtension(Boolean.valueOf(extension.isCritical()), extension.getExtensionValue())).get("key_id");
            if (keyIdentifier != null && Arrays.equals(this.authorityKeyId, keyIdentifier.getIdentifier())) {
                return true;
            }
            if (!Util.isDebug()) {
                return false;
            }
            Util.log("X509AttrCertSelector.match: authority key Ids don't match");
            return false;
        } catch (IOException e) {
            if (!Util.isDebug()) {
                return false;
            }
            Util.log("X509AttrCertSelector.match: exception in authority key Id check");
            return false;
        }
    }

    @Override // by.avest.certstore.AttrCertSelector
    public Object clone() {
        try {
            return super.clone();
        } catch (CloneNotSupportedException e) {
            throw new InternalError(e.toString());
        }
    }

    public final X509AttributeCertificate getAttributeCertificate() {
        return this.attributeCertificate;
    }

    public final void setAttributeCertificate(X509AttributeCertificate x509AttributeCertificate) {
        this.attributeCertificate = x509AttributeCertificate;
    }

    public final X509Certificate getHolderCertificate() {
        return this.holderCertificate;
    }

    public final void setHolderCertificate(X509Certificate x509Certificate) {
        this.holderCertificate = x509Certificate;
    }

    public final BigInteger getSerialNumber() {
        return this.serialNumber;
    }

    public final void setSerialNumber(BigInteger bigInteger) {
        this.serialNumber = bigInteger;
    }

    public final Holder getHolder() {
        return this.holder;
    }

    public final void setHolder(Holder holder) {
        this.holder = holder;
    }

    public final AttrCertIssuer getIssuer() {
        return this.issuer;
    }

    public final void setIssuer(AttrCertIssuer attrCertIssuer) {
        this.issuer = attrCertIssuer;
    }

    public final Date getAttributeCertificateValid() {
        return this.attributeCertificateValid;
    }

    public final void setAttributeCertificateValid(Date date) {
        this.attributeCertificateValid = date;
    }

    public final byte[] getAuthorityKeyId() {
        return this.authorityKeyId;
    }

    public final void setAuthorityKeyId(byte[] bArr) {
        this.authorityKeyId = bArr;
    }

    public final void addAttribute(ObjectIdentifier objectIdentifier) {
        if (this.hasAttributes == null) {
            this.hasAttributes = new HashSet();
        }
        this.hasAttributes.add(objectIdentifier);
    }

    public final boolean isDisallowHolderEntityNameEmptyX500Name() {
        return this.disallowHolderEntityNameEmptyX500Name;
    }

    public final void setDisallowHolderEntityNameEmptyX500Name(boolean z) {
        this.disallowHolderEntityNameEmptyX500Name = z;
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append("X509AttrCertSelector [\n");
        if (this.attributeCertificate != null) {
            sb.append("  Attribute Certificate: ");
            sb.append(this.attributeCertificate);
            sb.append("\n");
        }
        if (this.holderCertificate != null) {
            sb.append("  Holder Certificate: ");
            sb.append(this.holderCertificate);
            sb.append("\n");
        }
        if (this.serialNumber != null) {
            sb.append("  Serial Number: ");
            sb.append(this.serialNumber);
            sb.append("\n");
        }
        if (this.holder != null) {
            sb.append("  Holder: ");
            sb.append(this.holder);
            sb.append("\n");
        }
        if (this.issuer != null) {
            sb.append("  Issuer: ");
            sb.append(this.issuer);
            sb.append("\n");
        }
        if (this.attributeCertificateValid != null) {
            sb.append("  Attribute Certificate Valid: ");
            sb.append(this.attributeCertificateValid);
            sb.append("\n");
        }
        if (this.authorityKeyId != null) {
            sb.append("  Authority Key Id: ");
            sb.append(Util.array2hex(this.authorityKeyId));
            sb.append("\n");
        }
        if (this.hasAttributes != null) {
            sb.append("  Has Attributes: ");
            sb.append(this.hasAttributes);
            sb.append("\n");
        }
        sb.append("]");
        return sb.toString();
    }
}
