package no.difi.certvalidator.rule;

import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import no.difi.certvalidator.api.CertificateValidationException;
import no.difi.certvalidator.api.FailedValidationException;
import no.difi.certvalidator.api.PrincipalNameProvider;
import no.difi.certvalidator.api.Property;
import no.difi.certvalidator.api.Report;
import no.difi.certvalidator.util.SimpleProperty;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;

/* loaded from: input_file:WEB-INF/lib/commons-certvalidator-2.2.0.jar:no/difi/certvalidator/rule/PrincipalNameRule.class */
public class PrincipalNameRule extends AbstractRule {
    public static final Property<String> NAME = SimpleProperty.create();
    protected String field;
    protected PrincipalNameProvider<String> provider;
    protected Principal principal;

    /* loaded from: input_file:WEB-INF/lib/commons-certvalidator-2.2.0.jar:no/difi/certvalidator/rule/PrincipalNameRule$Principal.class */
    public enum Principal {
        SUBJECT,
        ISSUER
    }

    public PrincipalNameRule(PrincipalNameProvider<String> principalNameProvider) {
        this(null, principalNameProvider, Principal.SUBJECT);
    }

    public PrincipalNameRule(PrincipalNameProvider<String> principalNameProvider, Principal principal) {
        this(null, principalNameProvider, principal);
    }

    public PrincipalNameRule(String str, PrincipalNameProvider<String> principalNameProvider) {
        this(str, principalNameProvider, Principal.SUBJECT);
    }

    public PrincipalNameRule(String str, PrincipalNameProvider<String> principalNameProvider, Principal principal) {
        this.field = str;
        this.provider = principalNameProvider;
        this.principal = principal;
    }

    @Override // no.difi.certvalidator.rule.AbstractRule, no.difi.certvalidator.api.ValidatorRule
    public Report validate(X509Certificate x509Certificate, Report report) throws CertificateValidationException {
        try {
            for (String str : extract(this.principal.equals(Principal.SUBJECT) ? getSubject(x509Certificate) : getIssuer(x509Certificate), this.field)) {
                if (this.provider.validate(str)) {
                    report.set(NAME, str);
                    return report;
                }
            }
            throw new FailedValidationException(String.format("Validation of subject principal(%s) failed.", this.field));
        } catch (CertificateEncodingException e) {
            throw new FailedValidationException("Unable to fetch principal.", e);
        }
    }

    protected static X500Name getIssuer(X509Certificate x509Certificate) throws CertificateEncodingException {
        return new JcaX509CertificateHolder(x509Certificate).getIssuer();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X500Name getSubject(X509Certificate x509Certificate) throws CertificateEncodingException {
        return new JcaX509CertificateHolder(x509Certificate).getSubject();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static List<String> extract(X500Name x500Name, String str) {
        if (str == null) {
            return Arrays.asList(x500Name.toString());
        }
        RFC4519Style.INSTANCE.attrNameToOID(str);
        ArrayList arrayList = new ArrayList();
        for (RDN rdn : x500Name.getRDNs(RFC4519Style.INSTANCE.attrNameToOID(str))) {
            for (AttributeTypeAndValue attributeTypeAndValue : rdn.getTypesAndValues()) {
                arrayList.add(attributeTypeAndValue.getValue().toString());
            }
        }
        return arrayList;
    }
}
