package org.jruby.ext.openssl.x509store;

import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.codec.language.bm.Languages;
import org.jruby.ext.openssl.impl.ASN1Registry;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-283-10.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.26.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/x509store/Purpose.class */
public class Purpose {
    private static final String XKU_EMAIL_PROTECT = "1.3.6.1.5.5.7.3.4";
    private static final String XKU_SSL_CLIENT = "1.3.6.1.5.5.7.3.2";
    public int purpose;
    public int trust;
    public int flags;
    CheckPurposeFunction checkPurpose;
    public String name;
    public String sname;
    public Object userData;
    private static final String[] XKU_SSL_SERVER = {ASN1Registry.OBJ_server_auth, ASN1Registry.OBJ_ns_sgc, ASN1Registry.OBJ_ms_sgc};
    private static final List<Purpose> xptable = new ArrayList();
    static final CheckPurposeFunction checkPurposeSSLClient = new CheckPurposeFunction() { // from class: org.jruby.ext.openssl.x509store.Purpose.1
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.jruby.ext.openssl.x509store.Function3
        public int call(Purpose purpose, X509AuxCertificate x509AuxCertificate, Integer num) throws CertificateException {
            if (Purpose.xkuReject(x509AuxCertificate, "1.3.6.1.5.5.7.3.2")) {
                return 0;
            }
            return num.intValue() != 0 ? Purpose.checkSSLCA(x509AuxCertificate) : ((x509AuxCertificate.getKeyUsage() == null || x509AuxCertificate.getKeyUsage()[0]) && !Purpose.nsReject(x509AuxCertificate, 128)) ? 1 : 0;
        }
    };
    static final CheckPurposeFunction checkPurposeSSLServer = new CheckPurposeFunction() { // from class: org.jruby.ext.openssl.x509store.Purpose.2
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.jruby.ext.openssl.x509store.Function3
        public int call(Purpose purpose, X509AuxCertificate x509AuxCertificate, Integer num) throws CertificateException {
            if (Purpose.xkuReject(x509AuxCertificate, Purpose.XKU_SSL_SERVER)) {
                return 0;
            }
            if (num.intValue() != 0) {
                return Purpose.checkSSLCA(x509AuxCertificate);
            }
            if (Purpose.nsReject(x509AuxCertificate, 64)) {
                return 0;
            }
            return (x509AuxCertificate.getKeyUsage() == null || x509AuxCertificate.getKeyUsage()[0] || x509AuxCertificate.getKeyUsage()[2]) ? 1 : 0;
        }
    };
    static final CheckPurposeFunction checkPurposeNSSSLServer = new CheckPurposeFunction() { // from class: org.jruby.ext.openssl.x509store.Purpose.3
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.jruby.ext.openssl.x509store.Function3
        public int call(Purpose purpose, X509AuxCertificate x509AuxCertificate, Integer num) throws CertificateException {
            int call = Purpose.checkPurposeSSLServer.call(purpose, x509AuxCertificate, num);
            return (call == 0 || num.intValue() != 0) ? call : (x509AuxCertificate.getKeyUsage() == null || x509AuxCertificate.getKeyUsage()[2]) ? 1 : 0;
        }
    };
    static final CheckPurposeFunction checkPurposeSMIMESign = new CheckPurposeFunction() { // from class: org.jruby.ext.openssl.x509store.Purpose.4
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.jruby.ext.openssl.x509store.Function3
        public int call(Purpose purpose, X509AuxCertificate x509AuxCertificate, Integer num) throws CertificateException {
            int purposeSMIME = Purpose.purposeSMIME(x509AuxCertificate, num.intValue());
            if (purposeSMIME == 0 || num.intValue() != 0) {
                return purposeSMIME;
            }
            if (x509AuxCertificate.getKeyUsage() == null || (x509AuxCertificate.getKeyUsage()[0] && x509AuxCertificate.getKeyUsage()[1])) {
                return purposeSMIME;
            }
            return 0;
        }
    };
    static final CheckPurposeFunction checkPurposeSMIMEEncrypt = new CheckPurposeFunction() { // from class: org.jruby.ext.openssl.x509store.Purpose.5
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.jruby.ext.openssl.x509store.Function3
        public int call(Purpose purpose, X509AuxCertificate x509AuxCertificate, Integer num) throws CertificateException {
            int purposeSMIME = Purpose.purposeSMIME(x509AuxCertificate, num.intValue());
            if (purposeSMIME == 0 || num.intValue() != 0) {
                return purposeSMIME;
            }
            if (x509AuxCertificate.getKeyUsage() == null || x509AuxCertificate.getKeyUsage()[2]) {
                return purposeSMIME;
            }
            return 0;
        }
    };
    static final CheckPurposeFunction checkPurposeCRLSign = new CheckPurposeFunction() { // from class: org.jruby.ext.openssl.x509store.Purpose.6
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.jruby.ext.openssl.x509store.Function3
        public int call(Purpose purpose, X509AuxCertificate x509AuxCertificate, Integer num) throws CertificateException {
            if (num.intValue() == 0) {
                return (x509AuxCertificate.getKeyUsage() == null || x509AuxCertificate.getKeyUsage()[6]) ? 1 : 0;
            }
            int checkCA = Purpose.checkCA(x509AuxCertificate);
            if (checkCA != 2) {
                return checkCA;
            }
            return 0;
        }
    };
    static final CheckPurposeFunction noCheck = new CheckPurposeFunction() { // from class: org.jruby.ext.openssl.x509store.Purpose.7
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.jruby.ext.openssl.x509store.Function3
        public int call(Purpose purpose, X509AuxCertificate x509AuxCertificate, Integer num) throws CertificateException {
            return 1;
        }
    };
    static final CheckPurposeFunction oscpHelper = new CheckPurposeFunction() { // from class: org.jruby.ext.openssl.x509store.Purpose.8
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.jruby.ext.openssl.x509store.Function3
        public int call(Purpose purpose, X509AuxCertificate x509AuxCertificate, Integer num) throws CertificateException {
            if (num.intValue() != 0) {
                return Purpose.checkCA(x509AuxCertificate);
            }
            return 1;
        }
    };
    private static final Purpose[] xstandard = {new Purpose(1, 2, 0, checkPurposeSSLClient, "SSL client", "sslclient", null), new Purpose(2, 3, 0, checkPurposeSSLServer, "SSL server", "sslserver", null), new Purpose(3, 3, 0, checkPurposeNSSSLServer, "Netscape SSL server", "nssslserver", null), new Purpose(4, 4, 0, checkPurposeSMIMESign, "S/MIME signing", "smimesign", null), new Purpose(5, 4, 0, checkPurposeSMIMEEncrypt, "S/MIME encryption", "smimeencrypt", null), new Purpose(6, 1, 0, checkPurposeCRLSign, "CRL signing", "crlsign", null), new Purpose(7, -1, 0, noCheck, "Any Purpose", Languages.ANY, null), new Purpose(8, 1, 0, oscpHelper, "OCSP helper", "ocsphelper", null)};

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-283-10.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.26.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/x509store/Purpose$CheckPurposeFunction.class */
    public interface CheckPurposeFunction extends Function3<Purpose, X509AuxCertificate, Integer> {
        int call(Purpose purpose, X509AuxCertificate x509AuxCertificate, Integer num) throws CertificateException;
    }

    private Purpose() {
    }

    Purpose(int i, int i2, int i3, CheckPurposeFunction checkPurposeFunction, String str, String str2, Object obj) {
        this.purpose = i;
        this.trust = i2;
        this.flags = i3;
        this.checkPurpose = checkPurposeFunction;
        this.name = str;
        this.sname = str2;
        this.userData = obj;
    }

    public static int checkPurpose(X509AuxCertificate x509AuxCertificate, int i, int i2) throws CertificateException {
        if (i == -1) {
            return 1;
        }
        int byID = getByID(i);
        if (byID == -1) {
            return -1;
        }
        Purpose first = getFirst(byID);
        return first.checkPurpose.call(first, x509AuxCertificate, Integer.valueOf(i2));
    }

    public static int set(int[] iArr, int i) {
        if (getByID(i) == -1) {
            X509Error.addError(146);
            return 0;
        }
        iArr[0] = i;
        return 1;
    }

    public static int getCount() {
        return xptable.size() + xstandard.length;
    }

    public static Purpose getFirst(int i) {
        if (i < 0) {
            return null;
        }
        return i < xstandard.length ? xstandard[i] : xptable.get(i - xstandard.length);
    }

    public static int getBySName(String str) {
        for (int i = 0; i < getCount(); i++) {
            if (getFirst(i).sname.equals(str)) {
                return i;
            }
        }
        return -1;
    }

    public static int getByID(int i) {
        if (i >= 1 && i <= 8) {
            return i - 1;
        }
        Iterator<Purpose> it = xptable.iterator();
        while (it.hasNext()) {
            if (it.next().purpose == i) {
                return 0 + xstandard.length;
            }
        }
        return -1;
    }

    public static int add(int i, int i2, int i3, CheckPurposeFunction checkPurposeFunction, String str, String str2, Object obj) {
        Purpose first;
        int i4 = (i3 & (-2)) | 2;
        int byID = getByID(i);
        if (byID == -1) {
            first = new Purpose();
            first.flags = 1;
        } else {
            first = getFirst(byID);
        }
        first.name = str;
        first.sname = str2;
        first.flags &= 1;
        first.flags |= i4;
        first.purpose = i;
        first.trust = i2;
        first.checkPurpose = checkPurposeFunction;
        first.userData = obj;
        if (byID != -1) {
            return 1;
        }
        xptable.add(first);
        return 1;
    }

    public static void cleanup() {
        xptable.clear();
    }

    public int getID() {
        return this.purpose;
    }

    public String getName() {
        return this.name;
    }

    public String getSName() {
        return this.sname;
    }

    public int getTrust() {
        return this.trust;
    }

    public static int checkCA(X509AuxCertificate x509AuxCertificate) throws CertificateException {
        if (x509AuxCertificate.getKeyUsage() != null && !x509AuxCertificate.getKeyUsage()[5]) {
            return 0;
        }
        if (x509AuxCertificate.getExtensionValue(ASN1Registry.OBJ_basic_constraints) != null) {
            return x509AuxCertificate.getBasicConstraints() != -1 ? 1 : 0;
        }
        if (x509AuxCertificate.getVersion() == 1 && x509AuxCertificate.getIssuerX500Principal().equals(x509AuxCertificate.getSubjectX500Principal())) {
            return 3;
        }
        if (x509AuxCertificate.getKeyUsage() != null) {
            return 4;
        }
        Integer nsCertType = x509AuxCertificate.getNsCertType();
        return (nsCertType == null || (nsCertType.intValue() & 7) == 0) ? 0 : 5;
    }

    public static int checkSSLCA(X509AuxCertificate x509AuxCertificate) throws CertificateException {
        int checkCA = checkCA(x509AuxCertificate);
        if (checkCA == 0) {
            return 0;
        }
        Integer nsCertType = x509AuxCertificate.getNsCertType();
        boolean z = (nsCertType == null || (nsCertType.intValue() & 4) == 0) ? false : true;
        if (checkCA != 5 || z) {
            return checkCA;
        }
        return 0;
    }

    public static boolean xkuReject(X509AuxCertificate x509AuxCertificate, String str) throws CertificateException {
        List<String> extendedKeyUsage = x509AuxCertificate.getExtendedKeyUsage();
        return (extendedKeyUsage == null || extendedKeyUsage.contains(str)) ? false : true;
    }

    public static boolean xkuReject(X509AuxCertificate x509AuxCertificate, String[] strArr) throws CertificateException {
        List<String> extendedKeyUsage = x509AuxCertificate.getExtendedKeyUsage();
        if (extendedKeyUsage == null) {
            return false;
        }
        for (String str : strArr) {
            if (extendedKeyUsage.contains(str)) {
                return false;
            }
        }
        return true;
    }

    public static boolean nsReject(X509AuxCertificate x509AuxCertificate, int i) throws CertificateException {
        Integer nsCertType = x509AuxCertificate.getNsCertType();
        return nsCertType != null && (nsCertType.intValue() & i) == 0;
    }

    public static int purposeSMIME(X509AuxCertificate x509AuxCertificate, int i) throws CertificateException {
        if (xkuReject(x509AuxCertificate, "1.3.6.1.5.5.7.3.4")) {
            return 0;
        }
        if (i == 0) {
            Integer nsCertType = x509AuxCertificate.getNsCertType();
            if (nsCertType == null || (nsCertType.intValue() & 32) != 0) {
                return 1;
            }
            return (nsCertType.intValue() & 128) != 0 ? 2 : 0;
        }
        int checkCA = checkCA(x509AuxCertificate);
        if (checkCA == 0) {
            return 0;
        }
        Integer nsCertType2 = x509AuxCertificate.getNsCertType();
        boolean z = (nsCertType2 == null || (nsCertType2.intValue() & 2) == 0) ? false : true;
        if (checkCA != 5 || z) {
            return checkCA;
        }
        return 0;
    }
}
