package no.difi.certvalidator;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.transform.stream.StreamSource;
import no.difi.certvalidator.api.CertificateBucket;
import no.difi.certvalidator.api.CertificateValidationException;
import no.difi.certvalidator.api.CrlCache;
import no.difi.certvalidator.api.CrlFetcher;
import no.difi.certvalidator.api.PrincipalNameProvider;
import no.difi.certvalidator.api.ValidatorRule;
import no.difi.certvalidator.jaxb.CRLType;
import no.difi.certvalidator.jaxb.CachedType;
import no.difi.certvalidator.jaxb.CertificateBucketType;
import no.difi.certvalidator.jaxb.CertificateReferenceType;
import no.difi.certvalidator.jaxb.CertificateStartsWithType;
import no.difi.certvalidator.jaxb.CertificateType;
import no.difi.certvalidator.jaxb.ChainType;
import no.difi.certvalidator.jaxb.ClassType;
import no.difi.certvalidator.jaxb.CriticalExtensionRecognizedType;
import no.difi.certvalidator.jaxb.CriticalExtensionRequiredType;
import no.difi.certvalidator.jaxb.DummyType;
import no.difi.certvalidator.jaxb.ExpirationType;
import no.difi.certvalidator.jaxb.HandleErrorType;
import no.difi.certvalidator.jaxb.JunctionEnum;
import no.difi.certvalidator.jaxb.JunctionType;
import no.difi.certvalidator.jaxb.KeyStoreType;
import no.difi.certvalidator.jaxb.KeyUsageEnum;
import no.difi.certvalidator.jaxb.KeyUsageType;
import no.difi.certvalidator.jaxb.OCSPType;
import no.difi.certvalidator.jaxb.PrincipleNameType;
import no.difi.certvalidator.jaxb.RuleReferenceType;
import no.difi.certvalidator.jaxb.SigningEnum;
import no.difi.certvalidator.jaxb.SigningType;
import no.difi.certvalidator.jaxb.TryType;
import no.difi.certvalidator.jaxb.ValidatorRecipe;
import no.difi.certvalidator.jaxb.ValidatorReferenceType;
import no.difi.certvalidator.jaxb.ValidatorType;
import no.difi.certvalidator.lang.ValidatorParsingException;
import no.difi.certvalidator.rule.CRLRule;
import no.difi.certvalidator.rule.ChainRule;
import no.difi.certvalidator.rule.CriticalExtensionRecognizedRule;
import no.difi.certvalidator.rule.CriticalExtensionRequiredRule;
import no.difi.certvalidator.rule.DummyRule;
import no.difi.certvalidator.rule.ExpirationRule;
import no.difi.certvalidator.rule.ExpirationSoonRule;
import no.difi.certvalidator.rule.HandleErrorRule;
import no.difi.certvalidator.rule.KeyUsageRule;
import no.difi.certvalidator.rule.OCSPRule;
import no.difi.certvalidator.rule.PrincipalNameRule;
import no.difi.certvalidator.rule.SigningRule;
import no.difi.certvalidator.structure.Junction;
import no.difi.certvalidator.util.CachedValidatorRule;
import no.difi.certvalidator.util.KeyStoreCertificateBucket;
import no.difi.certvalidator.util.KeyUsage;
import no.difi.certvalidator.util.SimpleCachingCrlFetcher;
import no.difi.certvalidator.util.SimpleCertificateBucket;
import no.difi.certvalidator.util.SimpleCrlCache;
import no.difi.certvalidator.util.SimplePrincipalNameProvider;

/* loaded from: input_file:WEB-INF/lib/commons-certvalidator-2.1.1.jar:no/difi/certvalidator/ValidatorLoaderParser.class */
class ValidatorLoaderParser {
    private static JAXBContext jaxbContext;

    ValidatorLoaderParser() {
    }

    public static ValidatorGroup parse(InputStream inputStream, Map<String, Object> map) throws ValidatorParsingException {
        try {
            ValidatorRecipe validatorRecipe = (ValidatorRecipe) jaxbContext.createUnmarshaller().unmarshal(new StreamSource(inputStream), ValidatorRecipe.class).getValue();
            loadKeyStores(validatorRecipe, map);
            loadBuckets(validatorRecipe, map);
            HashMap hashMap = new HashMap();
            for (ValidatorType validatorType : validatorRecipe.getValidator()) {
                ValidatorRule parse = parse(validatorType.getCachedOrChainOrClazz(), map, JunctionEnum.AND);
                if (validatorType.getTimeout() != null) {
                    parse = new CachedValidatorRule(parse, validatorType.getTimeout().longValue());
                }
                String name = validatorType.getName() == null ? "default" : validatorType.getName();
                hashMap.put(name, parse);
                map.put(String.format("#validator::%s", name), parse);
            }
            return new ValidatorGroup(hashMap, validatorRecipe.getName(), validatorRecipe.getVersion());
        } catch (JAXBException | CertificateValidationException e) {
            throw new ValidatorParsingException(e.getMessage(), e);
        }
    }

    private static void loadKeyStores(ValidatorRecipe validatorRecipe, Map<String, Object> map) throws CertificateValidationException {
        for (KeyStoreType keyStoreType : validatorRecipe.getKeyStore()) {
            Object[] objArr = new Object[1];
            objArr[0] = keyStoreType.getName() == null ? "default" : keyStoreType.getName();
            map.put(String.format("#keyStore::%s", objArr), new KeyStoreCertificateBucket(new ByteArrayInputStream(keyStoreType.getValue()), keyStoreType.getPassword()));
        }
    }

    private static void loadBuckets(ValidatorRecipe validatorRecipe, Map<String, Object> map) throws CertificateValidationException {
        for (CertificateBucketType certificateBucketType : validatorRecipe.getCertificateBucket()) {
            SimpleCertificateBucket simpleCertificateBucket = new SimpleCertificateBucket(new X509Certificate[0]);
            for (Object obj : certificateBucketType.getCertificateOrCertificateReferenceOrCertificateStartsWith()) {
                if (obj instanceof CertificateType) {
                    simpleCertificateBucket.add(Validator.getCertificate(((CertificateType) obj).getValue()));
                } else if (obj instanceof CertificateReferenceType) {
                    CertificateReferenceType certificateReferenceType = (CertificateReferenceType) obj;
                    Iterator<X509Certificate> it = getKeyStore(certificateReferenceType.getKeyStore(), map).toSimple(certificateReferenceType.getValue()).iterator();
                    while (it.hasNext()) {
                        simpleCertificateBucket.add(it.next());
                    }
                } else {
                    CertificateStartsWithType certificateStartsWithType = (CertificateStartsWithType) obj;
                    Iterator<X509Certificate> it2 = getKeyStore(certificateStartsWithType.getKeyStore(), map).startsWith(certificateStartsWithType.getValue()).iterator();
                    while (it2.hasNext()) {
                        simpleCertificateBucket.add(it2.next());
                    }
                }
            }
            map.put(String.format("#bucket::%s", certificateBucketType.getName()), simpleCertificateBucket);
        }
    }

    private static ValidatorRule parse(List<Object> list, Map<String, Object> map, JunctionEnum junctionEnum) throws CertificateValidationException {
        ArrayList arrayList = new ArrayList();
        Iterator<Object> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(parse(it.next(), map));
        }
        return junctionEnum == JunctionEnum.AND ? Junction.and((ValidatorRule[]) arrayList.toArray(new ValidatorRule[arrayList.size()])) : junctionEnum == JunctionEnum.OR ? Junction.or((ValidatorRule[]) arrayList.toArray(new ValidatorRule[arrayList.size()])) : Junction.xor((ValidatorRule[]) arrayList.toArray(new ValidatorRule[arrayList.size()]));
    }

    private static ValidatorRule parse(Object obj, Map<String, Object> map) throws CertificateValidationException {
        return obj instanceof CachedType ? parse((CachedType) obj, map) : obj instanceof ChainType ? parse((ChainType) obj, map) : obj instanceof ClassType ? parse((ClassType) obj) : obj instanceof CriticalExtensionRecognizedType ? parse((CriticalExtensionRecognizedType) obj) : obj instanceof CriticalExtensionRequiredType ? parse((CriticalExtensionRequiredType) obj) : obj instanceof CRLType ? parse((CRLType) obj, map) : obj instanceof DummyType ? parse((DummyType) obj) : obj instanceof ExpirationType ? parse((ExpirationType) obj) : obj instanceof JunctionType ? parse((JunctionType) obj, map) : obj instanceof KeyUsageType ? parse((KeyUsageType) obj) : obj instanceof OCSPType ? parse((OCSPType) obj, map) : obj instanceof HandleErrorType ? parse((HandleErrorType) obj, map) : obj instanceof PrincipleNameType ? parse((PrincipleNameType) obj, map) : obj instanceof RuleReferenceType ? parse((RuleReferenceType) obj, map) : obj instanceof SigningType ? parse((SigningType) obj) : obj instanceof TryType ? parse((TryType) obj, map) : parse((ValidatorReferenceType) obj, map);
    }

    private static ValidatorRule parse(CachedType cachedType, Map<String, Object> map) throws CertificateValidationException {
        return new CachedValidatorRule(parse(cachedType.getCachedOrChainOrClazz(), map, JunctionEnum.AND), cachedType.getTimeout());
    }

    private static ValidatorRule parse(ChainType chainType, Map<String, Object> map) {
        return new ChainRule(getBucket(chainType.getRootBucketReference().getValue(), map), getBucket(chainType.getIntermediateBucketReference().getValue(), map), (String[]) chainType.getPolicy().toArray(new String[chainType.getPolicy().size()]));
    }

    private static ValidatorRule parse(ClassType classType) throws CertificateValidationException {
        try {
            return (ValidatorRule) Class.forName(classType.getValue()).newInstance();
        } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
            throw new CertificateValidationException(String.format("Unable to load rule '%s'.", classType.getValue()), e);
        }
    }

    private static ValidatorRule parse(CriticalExtensionRecognizedType criticalExtensionRecognizedType) {
        return new CriticalExtensionRecognizedRule((String[]) criticalExtensionRecognizedType.getValue().toArray(new String[criticalExtensionRecognizedType.getValue().size()]));
    }

    private static ValidatorRule parse(CriticalExtensionRequiredType criticalExtensionRequiredType) {
        return new CriticalExtensionRequiredRule((String[]) criticalExtensionRequiredType.getValue().toArray(new String[criticalExtensionRequiredType.getValue().size()]));
    }

    private static ValidatorRule parse(CRLType cRLType, Map<String, Object> map) {
        if (!map.containsKey("crlFetcher") && !map.containsKey("crlCache")) {
            map.put("crlCache", new SimpleCrlCache());
        }
        if (!map.containsKey("crlFetcher")) {
            map.put("crlFetcher", new SimpleCachingCrlFetcher((CrlCache) map.get("crlCache")));
        }
        return new CRLRule((CrlFetcher) map.get("crlFetcher"));
    }

    private static ValidatorRule parse(DummyType dummyType) {
        return new DummyRule(dummyType.getValue());
    }

    private static ValidatorRule parse(ExpirationType expirationType) {
        return expirationType.getMillis() == null ? new ExpirationRule() : new ExpirationSoonRule(expirationType.getMillis().longValue());
    }

    private static ValidatorRule parse(HandleErrorType handleErrorType, Map<String, Object> map) throws CertificateValidationException {
        ArrayList arrayList = new ArrayList();
        Iterator<Object> it = handleErrorType.getCachedOrChainOrClazz().iterator();
        while (it.hasNext()) {
            arrayList.add(parse(it.next(), map));
        }
        return new HandleErrorRule(arrayList);
    }

    private static ValidatorRule parse(JunctionType junctionType, Map<String, Object> map) throws CertificateValidationException {
        return parse(junctionType.getCachedOrChainOrClazz(), map, junctionType.getType());
    }

    private static ValidatorRule parse(KeyUsageType keyUsageType) {
        List<KeyUsageEnum> identifier = keyUsageType.getIdentifier();
        KeyUsage[] keyUsageArr = new KeyUsage[identifier.size()];
        for (int i = 0; i < keyUsageArr.length; i++) {
            keyUsageArr[i] = KeyUsage.valueOf(identifier.get(i).name());
        }
        return new KeyUsageRule(keyUsageArr);
    }

    private static ValidatorRule parse(OCSPType oCSPType, Map<String, Object> map) {
        return new OCSPRule(getBucket(oCSPType.getIntermediateBucketReference().getValue(), map));
    }

    private static ValidatorRule parse(RuleReferenceType ruleReferenceType, Map<String, Object> map) throws CertificateValidationException {
        if (map.containsKey(ruleReferenceType.getValue())) {
            return (ValidatorRule) map.get(ruleReferenceType.getValue());
        }
        throw new CertificateValidationException(String.format("Rule for '%s' not found.", ruleReferenceType.getValue()));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v6, types: [no.difi.certvalidator.api.PrincipalNameProvider] */
    private static ValidatorRule parse(PrincipleNameType principleNameType, Map<String, Object> map) {
        return new PrincipalNameRule(principleNameType.getField(), principleNameType.getReference() != null ? (PrincipalNameProvider) map.get(principleNameType.getReference().getValue()) : new SimplePrincipalNameProvider(principleNameType.getValue()), principleNameType.getPrincipal() != null ? PrincipalNameRule.Principal.valueOf(principleNameType.getPrincipal().toString()) : PrincipalNameRule.Principal.SUBJECT);
    }

    private static ValidatorRule parse(SigningType signingType) {
        return signingType.getType().equals(SigningEnum.SELF_SIGNED) ? SigningRule.SelfSignedOnly() : SigningRule.PublicSignedOnly();
    }

    private static ValidatorRule parse(TryType tryType, Map<String, Object> map) throws CertificateValidationException {
        Iterator<Object> it = tryType.getCachedOrChainOrClazz().iterator();
        while (it.hasNext()) {
            try {
                return parse(it.next(), map);
            } catch (Exception e) {
            }
        }
        throw new CertificateValidationException("Unable to find valid rule in try.");
    }

    private static ValidatorRule parse(ValidatorReferenceType validatorReferenceType, Map<String, Object> map) throws CertificateValidationException {
        String format = String.format("#validator::%s", validatorReferenceType.getValue());
        if (map.containsKey(format)) {
            return (ValidatorRule) map.get(format);
        }
        throw new CertificateValidationException(String.format("Unable to find validator '%s'.", validatorReferenceType.getValue()));
    }

    private static KeyStoreCertificateBucket getKeyStore(String str, Map<String, Object> map) {
        Object[] objArr = new Object[1];
        objArr[0] = str == null ? "default" : str;
        return (KeyStoreCertificateBucket) map.get(String.format("#keyStore::%s", objArr));
    }

    private static CertificateBucket getBucket(String str, Map<String, Object> map) {
        return (CertificateBucket) map.get(String.format("#bucket::%s", str));
    }

    static {
        try {
            jaxbContext = JAXBContext.newInstance(new Class[]{ValidatorRecipe.class});
        } catch (JAXBException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }
}
