package com.guardtime.ksi.trust;

import com.guardtime.ksi.exceptions.KSIException;
import java.security.cert.CertSelector;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;

/* loaded from: input_file:com/guardtime/ksi/trust/X509CertificateSubjectRdnSelector.class */
public class X509CertificateSubjectRdnSelector implements CertSelector {
    private RDN[] rdnArray;

    public X509CertificateSubjectRdnSelector(String str) throws KSIException {
        if (str == null || str.length() == 0) {
            throw new KSIException("Invalid input parameter. RDN string must be present");
        }
        this.rdnArray = BCStyle.INSTANCE.fromString(str);
        ensureSingleRdnValues(this.rdnArray);
    }

    public X509CertificateSubjectRdnSelector(RDN[] rdnArr) throws KSIException {
        if (rdnArr == null || rdnArr.length == 0) {
            throw new KSIException("Invalid input parameter.At least one RDN must be present");
        }
        ensureSingleRdnValues(rdnArr);
        this.rdnArray = rdnArr;
    }

    @Override // java.security.cert.CertSelector
    public boolean match(Certificate certificate) {
        if (!(certificate instanceof X509Certificate)) {
            return false;
        }
        if (this.rdnArray == null) {
            return true;
        }
        try {
            X500Name x500SubjectName = getX500SubjectName((X509Certificate) certificate);
            boolean z = true;
            for (RDN rdn : this.rdnArray) {
                z = z && contains(x500SubjectName, rdn.getFirst());
            }
            return z;
        } catch (CertificateEncodingException e) {
            return false;
        }
    }

    X500Name getX500SubjectName(X509Certificate x509Certificate) throws CertificateEncodingException {
        return new JcaX509CertificateHolder(x509Certificate).getSubject();
    }

    private boolean contains(X500Name x500Name, AttributeTypeAndValue attributeTypeAndValue) {
        return checkArrayOfRdn(x500Name.getRDNs(attributeTypeAndValue.getType()), attributeTypeAndValue);
    }

    private boolean checkArrayOfRdn(RDN[] rdnArr, AttributeTypeAndValue attributeTypeAndValue) {
        boolean z = true;
        int length = rdnArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (!checkRdn(rdnArr[i], attributeTypeAndValue)) {
                z = false;
                break;
            }
            i++;
        }
        return z;
    }

    private boolean checkRdn(RDN rdn, AttributeTypeAndValue attributeTypeAndValue) {
        String valueToString = IETFUtils.valueToString(attributeTypeAndValue.getValue());
        boolean z = false;
        AttributeTypeAndValue[] typesAndValues = rdn.getTypesAndValues();
        int length = typesAndValues.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            AttributeTypeAndValue attributeTypeAndValue2 = typesAndValues[i];
            if (attributeTypeAndValue2.getType().equals(attributeTypeAndValue.getType())) {
                if (!IETFUtils.valueToString(attributeTypeAndValue2.getValue()).equals(valueToString)) {
                    z = false;
                    break;
                }
                z = true;
            }
            i++;
        }
        return z;
    }

    @Override // java.security.cert.CertSelector
    public Object clone() {
        try {
            return new X509CertificateSubjectRdnSelector(this.rdnArray);
        } catch (KSIException e) {
            throw new Error("X509CertificateSubjectRdnSelector cloning failed", e);
        }
    }

    private void ensureSingleRdnValues(RDN[] rdnArr) throws KSIException {
        for (RDN rdn : rdnArr) {
            if (rdn.isMultiValued()) {
                throw new KSIException("Multi-valued certificate constraints aren't supported");
            }
        }
    }
}
