package org.dcache.auth.util;

import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.StringTokenizer;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.x509.X509Name;
import org.dcache.gplazma.AuthenticationException;
import org.dcache.gplazma.util.Preconditions;
import org.globus.gsi.bc.BouncyCastleUtil;

/* loaded from: input_file:org/dcache/auth/util/X509Utils.class */
public class X509Utils {
    public static String getSubjectFromX509Chain(X509Certificate[] x509CertificateArr, boolean z) throws AuthenticationException {
        try {
            X509Certificate identityCertificate = BouncyCastleUtil.getIdentityCertificate(x509CertificateArr);
            Preconditions.checkAuthentication(identityCertificate != null, "no client certificate");
            return toGlobusString(BouncyCastleUtil.getTBSCertificateStructure(identityCertificate).getSubject().getDERObject(), z);
        } catch (IOException | CertificateException e) {
            throw new AuthenticationException(e.getMessage(), e);
        }
    }

    public static String getSubjectX509Issuer(X509Certificate[] x509CertificateArr, boolean z) throws AuthenticationException {
        X509Certificate identityCertificate;
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            return null;
        }
        try {
            if (z) {
                identityCertificate = x509CertificateArr[0];
            } else {
                identityCertificate = BouncyCastleUtil.getIdentityCertificate(x509CertificateArr);
                Preconditions.checkAuthentication(identityCertificate != null, "no client certificate");
            }
            return toGlobusDN(identityCertificate.getIssuerDN().toString(), z);
        } catch (CertificateEncodingException e) {
            throw new AuthenticationException("badly formatted certificate: " + e.getMessage(), e);
        } catch (CertificateException e2) {
            throw new AuthenticationException("problem with certificate: " + e2.getMessage(), e2);
        }
    }

    public static String toGlobusDN(String str, boolean z) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        StringBuilder sb = new StringBuilder();
        while (stringTokenizer.hasMoreTokens()) {
            String trim = stringTokenizer.nextToken().trim();
            if (z) {
                sb.insert(0, trim);
                sb.insert(0, "/");
            } else {
                sb.append("/");
                sb.append(trim);
            }
        }
        return sb.toString();
    }

    public static String toGlobusString(ASN1Sequence aSN1Sequence, boolean z) {
        if (aSN1Sequence == null) {
            return null;
        }
        Enumeration objects = aSN1Sequence.getObjects();
        StringBuilder sb = new StringBuilder();
        while (objects.hasMoreElements()) {
            Enumeration objects2 = ((ASN1Set) objects.nextElement()).getObjects();
            boolean z2 = false;
            while (objects2.hasMoreElements()) {
                ASN1Sequence aSN1Sequence2 = (ASN1Sequence) objects2.nextElement();
                String string = aSN1Sequence2.getObjectAt(1).getString();
                if (!"proxy".equalsIgnoreCase(string.trim())) {
                    DERObjectIdentifier objectAt = aSN1Sequence2.getObjectAt(0);
                    String str = (String) X509Name.DefaultSymbols.get(objectAt);
                    if (!objectAt.equals(X509Name.EmailAddress) || !z) {
                        if (!z2) {
                            sb.append('/');
                            z2 = true;
                        }
                        if (str == null) {
                            sb.append(objectAt.getId());
                        } else {
                            sb.append(str);
                        }
                        sb.append('=');
                        sb.append(string);
                        if (objects2.hasMoreElements()) {
                            sb.append('+');
                        }
                    }
                }
            }
        }
        return sb.toString();
    }
}
