package org.esteid.sk;

import java.io.IOException;
import java.io.InputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.CertificatePolicies;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;

/* loaded from: input_file:org/esteid/sk/SKCertificate.class */
public class SKCertificate {
    final X509CertificateHolder c;
    static HashMap<String, String> oids = new HashMap<>();

    public static SKCertificate from(X509Certificate x509Certificate) {
        return new SKCertificate(CertificateHelpers.crt2holder(x509Certificate));
    }

    public static SKCertificate fromPEM(String str) {
        try {
            return from(CertificateHelpers.pem2crt(str));
        } catch (CertificateException e) {
            throw new RuntimeException("Could not parse certificate PEM: " + e.getMessage(), e);
        }
    }

    public static SKCertificate fromPEM(InputStream inputStream) {
        try {
            return from(CertificateHelpers.pem2crt(inputStream));
        } catch (CertificateException e) {
            throw new RuntimeException("Could not parse certificate PEM: " + e.getMessage(), e);
        }
    }

    public static SKCertificate from(byte[] bArr) {
        try {
            return new SKCertificate(new X509CertificateHolder(bArr));
        } catch (IOException e) {
            throw new RuntimeException("Could not parse certificate bytes: " + e.getMessage(), e);
        }
    }

    public SKCertificate(X509CertificateHolder x509CertificateHolder) {
        this.c = x509CertificateHolder;
    }

    public byte[] getBytes() {
        try {
            return this.c.getEncoded();
        } catch (IOException e) {
            throw new RuntimeException("Could not encode certificate: " + e.getMessage(), e);
        }
    }

    public X509Certificate toJava() {
        try {
            return new JcaX509CertificateConverter().getCertificate(this.c);
        } catch (CertificateException e) {
            throw new IllegalStateException("Can not convert certificate: " + e.getMessage(), e);
        }
    }

    public String toPEM() {
        return CertificateHelpers.bytes2pem(getBytes());
    }

    public byte[] sha256() {
        try {
            return MessageDigest.getInstance("SHA-256").digest(getBytes());
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("No SHA-256!", e);
        }
    }

    Optional<String> getSingle(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        RDN[] rDNs = this.c.getSubject().getRDNs(aSN1ObjectIdentifier);
        if (rDNs.length == 0) {
            return Optional.empty();
        }
        if (rDNs.length != 1) {
            throw new IllegalStateException("Expect single " + aSN1ObjectIdentifier + ": " + this.c.getSubject());
        }
        return Optional.of(rDNs[0].getFirst().getValue().toString());
    }

    public String getCN() {
        return getSingle(BCStyle.CN).orElseThrow(() -> {
            return new IllegalStateException("No CN: " + this.c.getSubject());
        });
    }

    public Optional<String> getO() {
        return getSingle(BCStyle.O);
    }

    public Optional<String> getOU() {
        return getSingle(BCStyle.OU);
    }

    public String getPersonalCode() {
        return (String) getSingle(BCStyle.SERIALNUMBER).map(str -> {
            return str.startsWith("PNOEE-") ? str.substring(6) : str;
        }).orElseThrow(() -> {
            return new IllegalStateException("No serialNumber in certificate: " + this.c.getSubject());
        });
    }

    public Set<String> getPolicies() {
        return (Set) Arrays.asList(CertificatePolicies.fromExtensions(this.c.getExtensions()).getPolicyInformation()).stream().map(policyInformation -> {
            return policyInformation.getPolicyIdentifier().toString();
        }).collect(Collectors.toSet());
    }

    public boolean hasPolicyOrPrefix(String str) {
        return getPolicies().stream().filter(str2 -> {
            return str2.startsWith(str);
        }).count() > 0;
    }

    public String cardType() {
        Optional<Map.Entry<String, String>> findFirst = oids.entrySet().stream().filter(entry -> {
            return hasPolicyOrPrefix((String) entry.getKey());
        }).findFirst();
        if (findFirst.isPresent()) {
            return findFirst.get().getValue();
        }
        if (hasPolicyOrPrefix("1.3.6.1.4.1.10015.1.1")) {
            return "ID card";
        }
        if (hasPolicyOrPrefix("1.3.6.1.4.1.10015.1.2")) {
            return getO().equals(Optional.of("ESTEID (DIGI-ID E-RESIDENT)")) ? "e-resident ID" : "Digi ID";
        }
        if (hasPolicyOrPrefix("1.3.6.1.4.1.10015.1.3")) {
            return "Mobile ID";
        }
        System.err.println("Unknown SK certificate card type: " + getPolicies() + ", " + this.c.getSubject());
        return null;
    }

    public boolean isMobileID() {
        return hasPolicyOrPrefix("1.3.6.1.4.1.10015.1.3") || getO().equals(Optional.of("ESTEID (MOBIIL-ID)"));
    }

    public boolean isSigningCertificate() {
        return getPolicies().contains("0.4.0.194112.1.2") || getOU().equals(Optional.of("digital signature"));
    }

    public boolean isAuthenticationCertificate() {
        return getPolicies().contains("0.4.0.2042.1.2") || getOU().equals(Optional.of("authentication"));
    }

    public boolean isCardAuthenticationCertificate() {
        return isAuthenticationCertificate() && !isMobileID();
    }

    public String describe() {
        Object[] objArr = new Object[3];
        objArr[0] = getCN();
        objArr[1] = cardType();
        objArr[2] = isSigningCertificate() ? "sign" : "auth";
        return String.format("%s %s (%s)", objArr);
    }

    static {
        oids.put("1.3.6.1.4.1.51361.1.1.1", "ID card");
        oids.put("1.3.6.1.4.1.51361.1.1.2", "EU citizen ID card");
        oids.put("1.3.6.1.4.1.51361.1.1.3", "Digi ID");
        oids.put("1.3.6.1.4.1.51361.1.1.4", "e-resident ID");
        oids.put("1.3.6.1.4.1.51361.1.1.5", "Resident ID");
        oids.put("1.3.6.1.4.1.51361.1.1.6", "Resident ID");
        oids.put("1.3.6.1.4.1.51455.1.1.1", "Diplomatic ID");
    }
}
