package org.dcache.security.util;

import eu.emi.security.authn.x509.X509Credential;
import eu.emi.security.authn.x509.proxy.ProxyChainInfo;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.time.Instant;
import java.util.HashMap;
import java.util.Optional;
import java.util.stream.Stream;
import org.bouncycastle.asn1.x509.AttributeCertificate;
import org.italiangrid.voms.VOMSAttribute;
import org.italiangrid.voms.VOMSError;
import org.italiangrid.voms.asn1.VOMSACUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/dcache/security/util/X509Credentials.class */
public class X509Credentials {
    private static final Logger LOGGER = LoggerFactory.getLogger(X509Credentials.class);
    private static final AttributeCertificate[] EMPTY_ARRAY = new AttributeCertificate[0];

    private X509Credentials() {
    }

    public static Optional<Instant> calculateExpiry(X509Credential x509Credential) {
        Optional<Instant> map = Stream.of((Object[]) x509Credential.getCertificateChain()).map((v0) -> {
            return v0.getNotAfter();
        }).min((v0, v1) -> {
            return v0.compareTo(v1);
        }).map((v0) -> {
            return v0.toInstant();
        });
        HashMap hashMap = new HashMap();
        try {
            AttributeCertificate[][] attributeCertificateExtensions = new ProxyChainInfo(x509Credential.getCertificateChain()).getAttributeCertificateExtensions();
            int length = attributeCertificateExtensions.length;
            for (int i = 0; i < length; i++) {
                AttributeCertificate[] attributeCertificateArr = attributeCertificateExtensions[i];
                for (AttributeCertificate attributeCertificate : attributeCertificateArr == null ? EMPTY_ARRAY : attributeCertificateArr) {
                    try {
                        VOMSAttribute deserializeVOMSAttributes = VOMSACUtils.deserializeVOMSAttributes(attributeCertificate);
                        hashMap.merge(deserializeVOMSAttributes.getVO(), deserializeVOMSAttributes.getNotAfter().toInstant(), (instant, instant2) -> {
                            return instant.isAfter(instant2) ? instant : instant2;
                        });
                    } catch (VOMSError e) {
                        LOGGER.warn("Badly formatted VOMS AC: {}", e.toString());
                    }
                }
            }
        } catch (IOException | CertificateException e2) {
            LOGGER.warn("Unable to parse AC: {}", e2.toString());
        }
        Optional<Instant> findFirst = hashMap.values().stream().sorted().findFirst();
        if (!map.isPresent() || (findFirst.isPresent() && findFirst.get().isBefore(map.get()))) {
            map = findFirst;
        }
        return map;
    }
}
