package org.jruby.ext.openssl;

import groovy.ui.text.GroovyFilter;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import org.apache.abdera.util.Constants;
import org.bouncycastle.asn1.ASN1Boolean;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERBoolean;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.dozer.util.DozerConstants;
import org.eclipse.emf.ecore.xmi.impl.EMOFExtendedMetaData;
import org.jruby.Ruby;
import org.jruby.RubyArray;
import org.jruby.RubyClass;
import org.jruby.RubyModule;
import org.jruby.RubyNumeric;
import org.jruby.RubyObject;
import org.jruby.RubyString;
import org.jruby.anno.JRubyMethod;
import org.jruby.exceptions.RaiseException;
import org.jruby.ext.openssl.ASN1;
import org.jruby.ext.openssl.impl.ASN1Registry;
import org.jruby.runtime.Arity;
import org.jruby.runtime.Block;
import org.jruby.runtime.ObjectAllocator;
import org.jruby.runtime.ThreadContext;
import org.jruby.runtime.Visibility;
import org.jruby.runtime.builtin.IRubyObject;
import org.jruby.util.ByteList;
import org.springframework.security.config.authentication.PasswordEncoderParser;
import org.springframework.util.ClassUtils;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-013.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.18.redhat-001.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/X509Extensions.class */
public class X509Extensions {
    private static final char[] HEX = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};

    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-013.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.18.redhat-001.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/X509Extensions$Extension.class */
    public static class Extension extends RubyObject {
        private static final long serialVersionUID = -1160318458085651926L;
        private ASN1ObjectIdentifier oid;
        private Object value;
        private Boolean critical;
        static ObjectAllocator ALLOCATOR = new ObjectAllocator() { // from class: org.jruby.ext.openssl.X509Extensions.Extension.1
            @Override // org.jruby.runtime.ObjectAllocator
            public IRubyObject allocate(Ruby ruby, RubyClass rubyClass) {
                return new Extension(ruby, rubyClass);
            }
        };
        private static final byte[] CA_ = {67, 65, 58};
        private static final byte[] TRUE = {84, 82, 85, 69};
        private static final byte[] FALSE = {70, 65, 76, 83, 69};
        private static final byte[] _ = new byte[0];
        private static final byte[] SEP = {44, 32};
        private static final byte[] Decipher_Only = {68, 101, 99, 105, 112, 104, 101, 114, 32, 79, 110, 108, 121};
        private static final byte[] Digital_Signature = {68, 105, 103, 105, 116, 97, 108, 32, 83, 105, 103, 110, 97, 116, 117, 114, 101};
        private static final byte[] Non_Repudiation = {78, 111, 110, 32, 82, 101, 112, 117, 100, 105, 97, 116, 105, 111, 110};
        private static final byte[] Key_Encipherment = {75, 101, 121, 32, 69, 110, 99, 105, 112, 104, 101, 114, 109, 101, 110, 116};
        private static final byte[] Data_Encipherment = {68, 97, 116, 97, 32, 69, 110, 99, 105, 112, 104, 101, 114, 109, 101, 110, 116};
        private static final byte[] Key_Agreement = {75, 101, 121, 32, 65, 103, 114, 101, 101, 109, 101, 110, 116};
        private static final byte[] Certificate_Sign = {67, 101, 114, 116, 105, 102, 105, 99, 97, 116, 101, 32, 83, 105, 103, 110};
        private static final byte[] CRL_Sign = {67, 82, 76, 32, 83, 105, 103, 110};
        private static final byte[] Encipher_Only = {69, 110, 99, 105, 112, 104, 101, 114, 32, 79, 110, 108, 121};
        private static final byte[] SSL_Client = {83, 83, 76, 32, 67, 108, 105, 101, 110, 116};
        private static final byte[] SSL_Server = {83, 83, 76, 32, 83, 101, 114, 118, 101, 114};
        private static final byte[] SSL_CA = {83, 83, 76, 32, 67, 65};
        private static final byte[] SMIME = {83, 47, 77, 73, 77, 69};
        private static final byte[] SMIME_CA = {83, 47, 77, 73, 77, 69, 32, 67, 65};
        private static final byte[] Object_Signing = {79, 98, 106, 101, 99, 116, 32, 83, 105, 103, 110, 105, 110, 103};
        private static final byte[] Object_Signing_CA = {79, 98, 106, 101, 99, 116, 32, 83, 105, 103, 110, 105, 110, 103, 32, 67, 65};
        private static final byte[] Unused = {85, 110, 117, 115, 101, 100};
        private static final byte[] Unspecified = {85, 110, 115, 112, 101, 99, 105, 102, 105, 101, 100};
        private static final byte[] keyid_ = {107, 101, 121, 105, 100, 58};

        public Extension(Ruby ruby, RubyClass rubyClass) {
            super(ruby, rubyClass);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ASN1ObjectIdentifier getRealOid() {
            return this.oid;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void setRealOid(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
            this.oid = aSN1ObjectIdentifier;
        }

        Object getRealValue() {
            return this.value;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void setRealValue(Object obj) {
            this.value = obj;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public byte[] getRealValueBytes() throws IOException {
            return this.value instanceof RubyString ? ((RubyString) this.value).getBytes() : this.value instanceof String ? ByteList.plain((String) this.value) : this.value instanceof DEROctetString ? ((DEROctetString) this.value).getOctets() : this.value instanceof ASN1Encodable ? ((ASN1Encodable) this.value).toASN1Primitive().getEncoded(ASN1Encoding.DER) : ((ASN1.ASN1Data) this.value).toASN1(getRuntime().getCurrentContext()).toASN1Primitive().getEncoded(ASN1Encoding.DER);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean isRealCritical() {
            return this.critical == null ? Boolean.FALSE.booleanValue() : this.critical.booleanValue();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void setRealCritical(boolean z) {
            this.critical = Boolean.valueOf(z);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void setRealCritical(Boolean bool) {
            this.critical = bool;
        }

        @JRubyMethod(name = {"initialize"}, rest = true, visibility = Visibility.PRIVATE)
        public IRubyObject _initialize(ThreadContext threadContext, IRubyObject[] iRubyObjectArr) {
            byte[] bArr = null;
            if (iRubyObjectArr.length == 1) {
                try {
                    ASN1Sequence aSN1Sequence = (ASN1Sequence) new ASN1InputStream(OpenSSLImpl.to_der_if_possible(threadContext, iRubyObjectArr[0]).asString().getBytes()).readObject();
                    setRealOid((ASN1ObjectIdentifier) aSN1Sequence.getObjectAt(0));
                    setRealCritical(((DERBoolean) aSN1Sequence.getObjectAt(1)).isTrue());
                    bArr = ((DEROctetString) aSN1Sequence.getObjectAt(2)).getOctets();
                } catch (IOException e) {
                    throw X509Extensions.newExtensionError(threadContext.runtime, e.getMessage());
                }
            } else if (iRubyObjectArr.length > 1) {
                setRealOid(ASN1.getObjectIdentifier(threadContext.runtime, iRubyObjectArr[0].toString()));
                setRealValue(iRubyObjectArr[1]);
            }
            if (iRubyObjectArr.length > 2) {
                setRealCritical(iRubyObjectArr[2].isTrue());
            }
            if (iRubyObjectArr.length > 0 && bArr != null) {
                setRealValue(new String(ByteList.plain(bArr)));
            }
            return this;
        }

        @JRubyMethod
        public IRubyObject oid(ThreadContext threadContext) {
            String oid2Sym = ASN1.oid2Sym(threadContext.runtime, this.oid);
            if (oid2Sym == null) {
                oid2Sym = this.oid.toString();
            }
            return threadContext.runtime.newString(oid2Sym);
        }

        @JRubyMethod(name = {"oid="})
        public IRubyObject set_oid(ThreadContext threadContext, IRubyObject iRubyObject) {
            if (!(iRubyObject instanceof RubyString)) {
                throw threadContext.runtime.newTypeError(iRubyObject, threadContext.runtime.getString());
            }
            setRealOid(ASN1.getObjectIdentifier(threadContext.runtime, iRubyObject.toString()));
            return iRubyObject;
        }

        @JRubyMethod
        public IRubyObject value(ThreadContext threadContext) {
            String id;
            Ruby ruby = threadContext.runtime;
            try {
                id = getRealOid().getId();
            } catch (IOException e) {
                throw X509Extensions.newExtensionError(ruby, e.getMessage());
            }
            if (id.equals(ASN1Registry.OBJ_basic_constraints)) {
                ASN1Sequence aSN1Sequence = (ASN1Sequence) new ASN1InputStream(getRealValueBytes()).readObject();
                ByteList byteList = new ByteList(32);
                if (aSN1Sequence.size() > 0) {
                    byteList.append(CA_);
                    byteList.append(((DERBoolean) aSN1Sequence.getObjectAt(0)).isTrue() ? TRUE : FALSE);
                }
                if (aSN1Sequence.size() > 1) {
                    byteList.append(", pathlen:".getBytes());
                    byteList.append(aSN1Sequence.getObjectAt(1).toString().getBytes());
                }
                return ruby.newString(byteList);
            }
            if (id.equals(ASN1Registry.OBJ_key_usage)) {
                byte[] realValueBytes = getRealValueBytes();
                byte b = realValueBytes[2];
                byte b2 = realValueBytes.length > 3 ? realValueBytes[3] : (byte) 0;
                ByteList byteList2 = new ByteList(64);
                byte[] bArr = _;
                if ((b & Byte.MIN_VALUE) != 0) {
                    byteList2.append(bArr);
                    byteList2.append(Decipher_Only);
                    bArr = SEP;
                }
                if ((b2 & Byte.MIN_VALUE) != 0) {
                    byteList2.append(bArr);
                    byteList2.append(Digital_Signature);
                    bArr = SEP;
                }
                if ((b2 & 64) != 0) {
                    byteList2.append(bArr);
                    byteList2.append(Non_Repudiation);
                    bArr = SEP;
                }
                if ((b2 & 32) != 0) {
                    byteList2.append(bArr);
                    byteList2.append(Key_Encipherment);
                    bArr = SEP;
                }
                if ((b2 & 16) != 0) {
                    byteList2.append(bArr);
                    byteList2.append(Data_Encipherment);
                    bArr = SEP;
                }
                if ((b2 & 8) != 0) {
                    byteList2.append(bArr);
                    byteList2.append(Key_Agreement);
                    bArr = SEP;
                }
                if ((b2 & 4) != 0) {
                    byteList2.append(bArr);
                    byteList2.append(Certificate_Sign);
                    bArr = SEP;
                }
                if ((b2 & 2) != 0) {
                    byteList2.append(bArr);
                    byteList2.append(CRL_Sign);
                    bArr = SEP;
                }
                if ((b2 & 1) != 0) {
                    byteList2.append(bArr);
                    byteList2.append(Encipher_Only);
                }
                return ruby.newString(byteList2);
            }
            if (id.equals(ASN1Registry.OBJ_netscape_cert_type)) {
                byte b3 = getRealValueBytes()[0];
                ByteList byteList3 = new ByteList(64);
                byte[] bArr2 = _;
                if ((b3 & Byte.MIN_VALUE) != 0) {
                    byteList3.append(bArr2);
                    byteList3.append(SSL_Client);
                    bArr2 = SEP;
                }
                if ((b3 & 64) != 0) {
                    byteList3.append(bArr2);
                    byteList3.append(SSL_Server);
                    bArr2 = SEP;
                }
                if ((b3 & 32) != 0) {
                    byteList3.append(bArr2);
                    byteList3.append(SMIME);
                    bArr2 = SEP;
                }
                if ((b3 & 16) != 0) {
                    byteList3.append(bArr2);
                    byteList3.append(Object_Signing);
                    bArr2 = SEP;
                }
                if ((b3 & 8) != 0) {
                    byteList3.append(bArr2);
                    byteList3.append(Unused);
                    bArr2 = SEP;
                }
                if ((b3 & 4) != 0) {
                    byteList3.append(bArr2);
                    byteList3.append(SSL_CA);
                    bArr2 = SEP;
                }
                if ((b3 & 2) != 0) {
                    byteList3.append(bArr2);
                    byteList3.append(SMIME_CA);
                    bArr2 = SEP;
                }
                if ((b3 & 1) != 0) {
                    byteList3.append(bArr2);
                    byteList3.append(Object_Signing_CA);
                }
                return ruby.newString(byteList3);
            }
            if (id.equals("2.5.29.14")) {
                return ruby.newString(X509Extensions.hexBytes(getRealValueBytes(), 2));
            }
            if (id.equals(ASN1Registry.OBJ_authority_key_identifier)) {
                ASN1Sequence aSN1Sequence2 = (ASN1Sequence) new ASN1InputStream(getRealValueBytes()).readObject();
                if (aSN1Sequence2.size() == 0) {
                    return ruby.newString();
                }
                ByteList byteList4 = new ByteList(32);
                byteList4.append(keyid_);
                ASN1Primitive aSN1Primitive = aSN1Sequence2.getObjectAt(0).toASN1Primitive();
                return ruby.newString(X509Extensions.hexBytes(aSN1Primitive instanceof DEROctetString ? ((DEROctetString) aSN1Primitive).getOctets() : aSN1Primitive.getEncoded(ASN1Encoding.DER), byteList4));
            }
            if (id.equals(ASN1Registry.OBJ_crl_reason)) {
                switch (RubyNumeric.fix2int(((IRubyObject) this.value).callMethod(threadContext, "value"))) {
                    case 0:
                        return ruby.newString(new ByteList(Unspecified));
                    case 1:
                        return ruby.newString("Key Compromise");
                    case 2:
                        return ruby.newString("CA Compromise");
                    case 3:
                        return ruby.newString("Affiliation Changed");
                    case 4:
                        return ruby.newString("Superseded");
                    case 5:
                        return ruby.newString("Cessation Of Operation");
                    case 6:
                        return ruby.newString("Certificate Hold");
                    case 7:
                    default:
                        return ruby.newString(new ByteList(Unspecified));
                    case 8:
                        return ruby.newString("Remove From CRL");
                    case 9:
                        return ruby.newString("Privilege Withdrawn");
                }
            }
            if (!id.equals(ASN1Registry.OBJ_subject_alt_name)) {
                try {
                    return ASN1.decodeImpl(threadContext, RubyString.newString(ruby, getRealValueBytes())).callMethod(threadContext, "value").asString();
                } catch (IOException e2) {
                    if (OpenSSLReal.isDebug(ruby)) {
                        e2.printStackTrace(ruby.getOut());
                    }
                    return ruby.newString(getRealValue().toString());
                } catch (IllegalArgumentException e3) {
                    return ruby.newString(getRealValue().toString());
                }
            }
            try {
                ASN1Primitive readObject = new ASN1InputStream(getRealValueBytes()).readObject();
                GeneralName[] names = readObject instanceof ASN1TaggedObject ? new GeneralName[]{GeneralName.getInstance(readObject)} : GeneralNames.getInstance(readObject).getNames();
                StringBuilder sb = new StringBuilder(48);
                String str = "";
                for (GeneralName generalName : names) {
                    sb.append(str);
                    if (generalName.getTagNo() == 2) {
                        sb.append("DNS:");
                        sb.append(((ASN1String) generalName.getName()).getString());
                    } else if (generalName.getTagNo() == 7) {
                        sb.append("IP Address:");
                        String str2 = "";
                        for (byte b4 : ((DEROctetString) generalName.getName()).getOctets()) {
                            sb.append(str2).append(b4 & 255);
                            str2 = ".";
                        }
                    } else {
                        sb.append(generalName.toString());
                    }
                    str = ", ";
                }
                return ruby.newString(sb.toString());
            } catch (RuntimeException e4) {
                OpenSSLReal.debugStackTrace(ruby, e4);
                return ruby.newString(getRealValue().toString());
            }
            throw X509Extensions.newExtensionError(ruby, e.getMessage());
        }

        @JRubyMethod(name = {"value="})
        public IRubyObject set_value(ThreadContext threadContext, IRubyObject iRubyObject) {
            if (!(iRubyObject instanceof RubyString)) {
                throw threadContext.runtime.newTypeError(iRubyObject, threadContext.runtime.getString());
            }
            setRealValue(iRubyObject);
            return iRubyObject;
        }

        @JRubyMethod(name = {"critical?"})
        public IRubyObject critical_p() {
            return getRuntime().newBoolean(isRealCritical());
        }

        @JRubyMethod(name = {"critical="})
        public IRubyObject set_critical(ThreadContext threadContext, IRubyObject iRubyObject) {
            setRealCritical(iRubyObject.isTrue());
            return iRubyObject;
        }

        @JRubyMethod
        public IRubyObject to_der() {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            try {
                aSN1EncodableVector.add(getRealOid());
                if (this.critical != null && this.critical.booleanValue()) {
                    aSN1EncodableVector.add(DERBoolean.TRUE);
                }
                aSN1EncodableVector.add(new DEROctetString(getRealValueBytes()));
                return RubyString.newString(getRuntime(), new DLSequence(aSN1EncodableVector).getEncoded(ASN1Encoding.DER));
            } catch (IOException e) {
                throw X509Extensions.newExtensionError(getRuntime(), e.getMessage());
            }
        }
    }

    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-013.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.18.redhat-001.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/X509Extensions$ExtensionFactory.class */
    public static class ExtensionFactory extends RubyObject {
        private static final long serialVersionUID = 3180447029639456500L;
        static ObjectAllocator ALLOCATOR = new ObjectAllocator() { // from class: org.jruby.ext.openssl.X509Extensions.ExtensionFactory.1
            @Override // org.jruby.runtime.ObjectAllocator
            public IRubyObject allocate(Ruby ruby, RubyClass rubyClass) {
                return new ExtensionFactory(ruby, rubyClass);
            }
        };

        public ExtensionFactory(Ruby ruby, RubyClass rubyClass) {
            super(ruby, rubyClass);
        }

        @JRubyMethod(rest = true, visibility = Visibility.PRIVATE)
        public IRubyObject initialize(IRubyObject[] iRubyObjectArr, Block block) {
            Arity.checkArgumentCount(getRuntime(), iRubyObjectArr, 0, 4);
            if (iRubyObjectArr.length > 0 && !iRubyObjectArr[0].isNil()) {
                set_issuer_cert(iRubyObjectArr[0]);
            }
            if (iRubyObjectArr.length > 1 && !iRubyObjectArr[1].isNil()) {
                set_subject_cert(iRubyObjectArr[1]);
            }
            if (iRubyObjectArr.length > 2 && !iRubyObjectArr[2].isNil()) {
                set_subject_req(iRubyObjectArr[2]);
            }
            if (iRubyObjectArr.length > 3 && !iRubyObjectArr[3].isNil()) {
                set_crl(iRubyObjectArr[3]);
            }
            return this;
        }

        @JRubyMethod(name = {"issuer_certificate"})
        public IRubyObject issuer_cert() {
            return getInstanceVariable("@issuer_certificate");
        }

        @JRubyMethod(name = {"issuer_certificate="})
        public IRubyObject set_issuer_cert(IRubyObject iRubyObject) {
            setInstanceVariable("@issuer_certificate", iRubyObject);
            return iRubyObject;
        }

        @JRubyMethod(name = {"subject_certificate"})
        public IRubyObject subject_cert() {
            return getInstanceVariable("@subject_certificate");
        }

        @JRubyMethod(name = {"subject_certificate="})
        public IRubyObject set_subject_cert(IRubyObject iRubyObject) {
            setInstanceVariable("@subject_certificate", iRubyObject);
            return iRubyObject;
        }

        @JRubyMethod(name = {"subject_request"})
        public IRubyObject subject_req() {
            return getInstanceVariable("@subject_request");
        }

        @JRubyMethod(name = {"subject_request="})
        public IRubyObject set_subject_req(IRubyObject iRubyObject) {
            setInstanceVariable("@subject_request", iRubyObject);
            return iRubyObject;
        }

        @JRubyMethod(name = {"crl"})
        public IRubyObject crl() {
            return getInstanceVariable("@crl");
        }

        @JRubyMethod(name = {"crl="})
        public IRubyObject set_crl(IRubyObject iRubyObject) {
            setInstanceVariable("@crl", iRubyObject);
            return iRubyObject;
        }

        @JRubyMethod(name = {"config"})
        public IRubyObject config() {
            return getInstanceVariable("@config");
        }

        @JRubyMethod(name = {"config="})
        public IRubyObject set_config(IRubyObject iRubyObject) {
            setInstanceVariable("@config", iRubyObject);
            return iRubyObject;
        }

        @JRubyMethod(rest = true)
        public IRubyObject create_ext(ThreadContext threadContext, IRubyObject[] iRubyObjectArr) {
            Ruby ruby = threadContext.runtime;
            IRubyObject iRubyObject = (Arity.checkArgumentCount(ruby, iRubyObjectArr, 2, 3) != 3 || iRubyObjectArr[2].isNil()) ? ruby.getFalse() : iRubyObjectArr[2];
            String obj = iRubyObjectArr[0].toString();
            String obj2 = iRubyObjectArr[1].toString();
            try {
                ASN1ObjectIdentifier objectIdentifier = ASN1.getObjectIdentifier(ruby, obj);
                if (obj2.startsWith("critical,")) {
                    iRubyObject = ruby.getTrue();
                    obj2 = obj2.substring(9).trim();
                }
                try {
                    String id = objectIdentifier.getId();
                    Object str = id.equals("2.5.29.14") ? new String(ByteList.plain(parseSubjectKeyIdentifier(threadContext, obj, obj2).getEncoded(ASN1Encoding.DER))) : id.equals(ASN1Registry.OBJ_authority_key_identifier) ? new String(ByteList.plain(parseAuthorityKeyIdentifier(threadContext, obj2).getEncoded(ASN1Encoding.DER))) : id.equals(ASN1Registry.OBJ_issuer_alt_name) ? parseIssuerAltName(threadContext, obj2) : id.equals(ASN1Registry.OBJ_basic_constraints) ? new String(ByteList.plain(parseBasicConstrains(obj2).getEncoded(ASN1Encoding.DER))) : id.equals(ASN1Registry.OBJ_key_usage) ? new String(ByteList.plain(parseKeyUsage(obj, obj2).getEncoded(ASN1Encoding.DER))) : id.equals(ASN1Registry.OBJ_netscape_cert_type) ? parseNsCertType(obj, obj2) : id.equals(ASN1Registry.OBJ_subject_alt_name) ? parseSubjectAltName(obj2) : id.equals(ASN1Registry.OBJ_ext_key_usage) ? parseExtendedKeyUsage(obj2) : new DEROctetString(new DEROctetString(ByteList.plain(obj2)).getEncoded(ASN1Encoding.DER));
                    Extension extension = (Extension) X509._X509(ruby).getClass(EMOFExtendedMetaData.EXTENSION).callMethod(threadContext, "new");
                    extension.setRealOid(objectIdentifier);
                    extension.setRealValue(str);
                    extension.setRealCritical(iRubyObject.isNil() ? null : Boolean.valueOf(iRubyObject.isTrue()));
                    return extension;
                } catch (IOException e) {
                    throw X509Extensions.newExtensionError(ruby, "Unable to create extension: " + e.getMessage());
                }
            } catch (IllegalArgumentException e2) {
                OpenSSLReal.debug(ruby, "ASN1.getObjectIdentifier() at ExtensionFactory.create_ext", e2);
                throw X509Extensions.newExtensionError(ruby, "unknown OID `" + obj + "'");
            }
        }

        private DERBitString parseKeyUsage(String str, String str2) {
            byte[] bArr;
            try {
                String[] split = str2.split(":");
                bArr = new byte[split.length];
                for (int i = 0; i < split.length; i++) {
                    bArr[i] = (byte) Integer.parseInt(split[i], 16);
                }
            } catch (NumberFormatException e) {
                bArr = null;
            }
            if (bArr == null && str2.length() < 3) {
                bArr = ByteList.plain(str2);
            }
            if (bArr == null) {
                byte b = 0;
                byte b2 = 0;
                for (String str3 : str2.split(",")) {
                    String trim = str3.trim();
                    if ("decipherOnly".equals(trim) || "Decipher Only".equals(trim)) {
                        b2 = (byte) (b2 | Byte.MIN_VALUE);
                    } else if ("digitalSignature".equals(trim) || "Digital Signature".equals(trim)) {
                        b = (byte) (b | Byte.MIN_VALUE);
                    } else if ("nonRepudiation".equals(trim) || "Non Repudiation".equals(trim)) {
                        b = (byte) (b | 64);
                    } else if ("keyEncipherment".equals(trim) || "Key Encipherment".equals(trim)) {
                        b = (byte) (b | 32);
                    } else if ("dataEncipherment".equals(trim) || "Data Encipherment".equals(trim)) {
                        b = (byte) (b | 16);
                    } else if ("keyAgreement".equals(trim) || "Key Agreement".equals(trim)) {
                        b = (byte) (b | 8);
                    } else if ("keyCertSign".equals(trim) || "Key Cert Sign".equals(trim)) {
                        b = (byte) (b | 4);
                    } else if ("cRLSign".equals(trim)) {
                        b = (byte) (b | 2);
                    } else {
                        if (!"encipherOnly".equals(trim) && !"Encipher Only".equals(trim)) {
                            throw X509Extensions.newExtensionError(getRuntime(), str + " = " + str2 + ": unknown bit string argument");
                        }
                        b = (byte) (b | 1);
                    }
                }
                bArr = b2 == 0 ? new byte[]{b} : new byte[]{b, b2};
            }
            int i2 = 0;
            int length = bArr.length - 1;
            while (true) {
                if (length <= -1) {
                    break;
                }
                if (bArr[length] == 0) {
                    i2 += 8;
                    length--;
                } else {
                    byte b3 = bArr[length];
                    int i3 = 8;
                    while (b3 != 0) {
                        b3 = (byte) (b3 << 1);
                        i3--;
                    }
                    i2 += i3;
                }
            }
            return new DERBitString(bArr, i2);
        }

        private DERBitString parseNsCertType(String str, String str2) {
            byte b;
            byte b2;
            int i;
            byte b3 = 0;
            if (str2.length() < 3) {
                b3 = ByteList.plain(str2)[0];
            } else {
                for (String str3 : str2.split(",")) {
                    String trim = str3.trim();
                    if ("SSL Client".equals(trim) || "client".equals(trim)) {
                        b = b3;
                        b2 = Byte.MIN_VALUE;
                    } else if ("SSL Server".equals(trim) || "server".equals(trim)) {
                        b = b3;
                        b2 = 64;
                    } else if (ASN1Registry.LN_SMIME.equals(trim) || Constants.LN_EMAIL.equals(trim)) {
                        b = b3;
                        b2 = 32;
                    } else if ("Object Signing".equals(trim) || "objsign".equals(trim)) {
                        b = b3;
                        b2 = 16;
                    } else if ("Unused".equals(trim) || GroovyFilter.RESERVED_WORD.equals(trim)) {
                        b = b3;
                        b2 = 8;
                    } else if ("SSL CA".equals(trim) || "sslCA".equals(trim)) {
                        b = b3;
                        b2 = 4;
                    } else if ("S/MIME CA".equals(trim) || "emailCA".equals(trim)) {
                        b = b3;
                        b2 = 2;
                    } else {
                        if (!"Object Signing CA".equals(trim) && !"objCA".equals(trim)) {
                            throw X509Extensions.newExtensionError(getRuntime(), str + " = " + str2 + ": unknown bit string argument");
                        }
                        b = b3;
                        b2 = 1;
                    }
                    b3 = (byte) (b | b2);
                }
            }
            if (b3 == 0) {
                i = 0 + 8;
            } else {
                byte b4 = b3;
                int i2 = 8;
                while (b4 != 0) {
                    b4 = (byte) (b4 << 1);
                    i2--;
                }
                i = 0 + i2;
            }
            return new DERBitString(new byte[]{b3}, i);
        }

        private static DLSequence parseBasicConstrains(String str) {
            String[] split = str.split(",");
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            for (int i = 0; i < split.length; i++) {
                String trim = split[i].trim();
                split[i] = trim;
                if (trim.length() > 3 && trim.substring(0, 3).equalsIgnoreCase("CA:")) {
                    aSN1EncodableVector.add(ASN1Boolean.getInstance("true".equalsIgnoreCase(trim.substring(3).trim())));
                }
            }
            for (String str2 : split) {
                if (str2.length() > 8 && str2.substring(0, 8).equalsIgnoreCase("pathlen:")) {
                    aSN1EncodableVector.add(new ASN1Integer(BigInteger.valueOf(Integer.parseInt(str2.substring(8).trim()))));
                }
            }
            return new DLSequence(aSN1EncodableVector);
        }

        private DLSequence parseAuthorityKeyIdentifier(ThreadContext threadContext, String str) {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            if (str.startsWith("keyid:always")) {
                aSN1EncodableVector.add(new DEROctetString(derDigest(threadContext)));
            } else if (str.startsWith("keyid")) {
                aSN1EncodableVector.add(new DEROctetString(derDigest(threadContext)));
            }
            return new DLSequence(aSN1EncodableVector);
        }

        private byte[] derDigest(ThreadContext threadContext) {
            Ruby ruby = threadContext.runtime;
            IRubyObject callMethod = getInstanceVariable("@issuer_certificate").callMethod(threadContext, "public_key");
            return X509Extensions.getSHA1Digest(ruby, (callMethod instanceof PKeyRSA ? callMethod.callMethod(threadContext, "to_der") : ASN1.decode(threadContext, ASN1._ASN1(ruby), callMethod.callMethod(threadContext, "to_der")).callMethod(threadContext, "value").callMethod(threadContext, ClassUtils.ARRAY_SUFFIX, ruby.newFixnum(1)).callMethod(threadContext, "value")).asString().getBytes());
        }

        private Object parseIssuerAltName(ThreadContext threadContext, String str) throws IOException {
            if (str.startsWith("issuer:copy")) {
                RubyArray rubyArray = (RubyArray) getInstanceVariable("@issuer_certificate").callMethod(threadContext, "extensions");
                for (int i = 0; i < rubyArray.size(); i++) {
                    Extension extension = (Extension) rubyArray.entry(i);
                    if (extension.getRealOid().equals(new ASN1ObjectIdentifier(ASN1Registry.OBJ_subject_alt_name))) {
                        return extension.getRealValue();
                    }
                }
            }
            throw new IOException("Malformed IssuerAltName: " + str);
        }

        private String parseSubjectAltName(String str) throws IOException {
            if (str.startsWith("DNS:")) {
                return derEncoded(new GeneralName(2, new DERIA5String(str.substring(4))));
            }
            if (!str.startsWith("IP:") && !str.startsWith("IP Address:")) {
                return str;
            }
            String[] split = str.substring(str.charAt(2) == ':' ? 3 : 11).split(DozerConstants.DEEP_FIELD_DELIMITER_REGEXP);
            return derEncoded(new GeneralName(7, new DEROctetString(new byte[]{(byte) (Integer.parseInt(split[0]) & 255), (byte) (Integer.parseInt(split[1]) & 255), (byte) (Integer.parseInt(split[2]) & 255), (byte) (Integer.parseInt(split[3]) & 255)})));
        }

        private static String derEncoded(GeneralName generalName) throws IOException {
            return new String(ByteList.plain(new GeneralNames(generalName).getEncoded(ASN1Encoding.DER)));
        }

        private DEROctetString parseSubjectKeyIdentifier(ThreadContext threadContext, String str, String str2) {
            if (PasswordEncoderParser.ATT_HASH.equalsIgnoreCase(str2)) {
                return new DEROctetString(derDigest(threadContext));
            }
            if (str2.length() == 20 || !X509Extensions.isHex(str2)) {
                return new DEROctetString(ByteList.plain(str2));
            }
            int length = str2.length();
            ByteList byteList = new ByteList((length / 2) + 1);
            int i = 0;
            while (i < length) {
                if (i + 1 >= length) {
                    throw X509Extensions.newExtensionError(threadContext.runtime, str + " = " + str2 + ": odd number of digits");
                }
                int upHex = X509Extensions.upHex(str2.charAt(i));
                int upHex2 = X509Extensions.upHex(str2.charAt(i + 1));
                if (upHex == -1 || upHex2 == -1) {
                    throw X509Extensions.newExtensionError(threadContext.runtime, str + " = " + str2 + ": illegal hex digit");
                }
                byteList.append(((upHex << 4) & 240) | (upHex2 & 15));
                while (i + 2 < length && str2.charAt(i + 2) == ':') {
                    i++;
                }
                i += 2;
            }
            byte[] bArr = new byte[byteList.length()];
            System.arraycopy(byteList.getUnsafeBytes(), byteList.getBegin(), bArr, 0, bArr.length);
            return new DEROctetString(bArr);
        }

        private static DLSequence parseExtendedKeyUsage(String str) {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            for (String str2 : str.split(", ?")) {
                aSN1EncodableVector.add(ASN1Registry.sym2oid(str2));
            }
            return new DLSequence(aSN1EncodableVector);
        }
    }

    public static void createX509Ext(Ruby ruby, RubyModule rubyModule) {
        rubyModule.defineClassUnder("ExtensionFactory", ruby.getObject(), ExtensionFactory.ALLOCATOR).defineAnnotatedMethods(ExtensionFactory.class);
        RubyClass rubyClass = ruby.getModule("OpenSSL").getClass("OpenSSLError");
        rubyModule.defineClassUnder("ExtensionError", rubyClass, rubyClass.getAllocator());
        rubyModule.defineClassUnder(EMOFExtendedMetaData.EXTENSION, ruby.getObject(), Extension.ALLOCATOR).defineAnnotatedMethods(Extension.class);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static byte[] getSHA1Digest(Ruby ruby, byte[] bArr) {
        try {
            return SecurityHelper.getMessageDigest("SHA-1").digest(bArr);
        } catch (GeneralSecurityException e) {
            throw newExtensionError(ruby, e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static RaiseException newExtensionError(Ruby ruby, String str) {
        return Utils.newError(ruby, X509._X509(ruby).getClass("ExtensionError"), str);
    }

    private static boolean isHex(char c) {
        return ('0' <= c && c <= '9') || ('A' <= c && c <= 'F') || ('a' <= c && c <= 'f');
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isHex(String str) {
        for (int i = 0; i < str.length(); i++) {
            if (!isHex(str.charAt(i))) {
                return false;
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static int upHex(char c) {
        switch (c) {
            case '0':
                return 48;
            case '1':
                return 49;
            case '2':
                return 50;
            case '3':
                return 51;
            case '4':
                return 52;
            case '5':
                return 53;
            case '6':
                return 54;
            case '7':
                return 55;
            case '8':
                return 56;
            case '9':
                return 57;
            case ':':
            case ';':
            case '<':
            case '=':
            case '>':
            case '?':
            case '@':
            case 'G':
            case 'H':
            case 'I':
            case 'J':
            case 'K':
            case 'L':
            case 'M':
            case 'N':
            case 'O':
            case 'P':
            case 'Q':
            case 'R':
            case 'S':
            case 'T':
            case 'U':
            case 'V':
            case 'W':
            case 'X':
            case 'Y':
            case 'Z':
            case '[':
            case '\\':
            case ']':
            case '^':
            case '_':
            case '`':
            default:
                return -1;
            case 'A':
            case 'a':
                return 65;
            case 'B':
            case 'b':
                return 66;
            case 'C':
            case 'c':
                return 67;
            case 'D':
            case 'd':
                return 68;
            case 'E':
            case 'e':
                return 69;
            case 'F':
            case 'f':
                return 70;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ByteList hexBytes(byte[] bArr, int i) {
        int length = bArr.length - i;
        return hexBytes(bArr, i, length, new ByteList(length * 3));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ByteList hexBytes(byte[] bArr, ByteList byteList) {
        return hexBytes(bArr, 0, bArr.length, byteList);
    }

    private static ByteList hexBytes(byte[] bArr, int i, int i2, ByteList byteList) {
        boolean z = false;
        byteList.ensure((i2 * 3) - 1);
        for (int i3 = i; i3 < i + i2; i3++) {
            if (z) {
                byteList.append(58);
            }
            byte b = bArr[i3];
            byteList.append(HEX[(b >> 4) & 15]);
            byteList.append(HEX[b & 15]);
            z = true;
        }
        return byteList;
    }
}
