package org.jruby.ext.openssl;

import com.google.gwt.i18n.client.BidiUtils;
import groovy.ui.text.GroovyFilter;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import org.apache.abdera.util.Constants;
import org.bouncycastle.asn1.ASN1Boolean;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.x509.GeneralName;
import org.jruby.Ruby;
import org.jruby.RubyArray;
import org.jruby.RubyClass;
import org.jruby.RubyHash;
import org.jruby.RubyModule;
import org.jruby.RubyObject;
import org.jruby.RubyString;
import org.jruby.anno.JRubyMethod;
import org.jruby.ext.openssl.impl.ASN1Registry;
import org.jruby.runtime.Arity;
import org.jruby.runtime.Block;
import org.jruby.runtime.ObjectAllocator;
import org.jruby.runtime.ThreadContext;
import org.jruby.runtime.Visibility;
import org.jruby.runtime.builtin.IRubyObject;
import org.jruby.util.ByteList;
import org.springframework.security.config.authentication.PasswordEncoderParser;
import org.springframework.util.ClassUtils;
import org.switchyard.ServiceSecurity;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-294.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.26.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/X509ExtensionFactory.class */
public class X509ExtensionFactory extends RubyObject {
    private static final long serialVersionUID = 3180447029639456500L;
    private static ObjectAllocator ALLOCATOR = new ObjectAllocator() { // from class: org.jruby.ext.openssl.X509ExtensionFactory.1
        @Override // org.jruby.runtime.ObjectAllocator
        public IRubyObject allocate(Ruby ruby, RubyClass rubyClass) {
            return new X509ExtensionFactory(ruby, rubyClass);
        }
    };
    private static final String DNS_ = "DNS:";
    private static final String DNS_Name_ = "DNS Name:";
    private static final String URI_ = "URI:";
    private static final String RID_ = "RID:";
    private static final String email_ = "email:";
    private static final String dirName_ = "dirName:";
    private static final String otherName_ = "otherName:";

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void createX509ExtensionFactory(Ruby ruby, RubyModule rubyModule) {
        rubyModule.defineClassUnder("ExtensionFactory", ruby.getObject(), ALLOCATOR).defineAnnotatedMethods(X509ExtensionFactory.class);
    }

    public X509ExtensionFactory(Ruby ruby, RubyClass rubyClass) {
        super(ruby, rubyClass);
    }

    @JRubyMethod(rest = true, visibility = Visibility.PRIVATE)
    public IRubyObject initialize(IRubyObject[] iRubyObjectArr, Block block) {
        Arity.checkArgumentCount(getRuntime(), iRubyObjectArr, 0, 4);
        if (iRubyObjectArr.length > 0 && !iRubyObjectArr[0].isNil()) {
            set_issuer_cert(iRubyObjectArr[0]);
        }
        if (iRubyObjectArr.length > 1 && !iRubyObjectArr[1].isNil()) {
            set_subject_cert(iRubyObjectArr[1]);
        }
        if (iRubyObjectArr.length > 2 && !iRubyObjectArr[2].isNil()) {
            set_subject_req(iRubyObjectArr[2]);
        }
        if (iRubyObjectArr.length > 3 && !iRubyObjectArr[3].isNil()) {
            set_crl(iRubyObjectArr[3]);
        }
        return this;
    }

    @JRubyMethod(name = {"issuer_certificate"})
    public IRubyObject issuer_cert() {
        return getInstanceVariable("@issuer_certificate");
    }

    @JRubyMethod(name = {"issuer_certificate="})
    public IRubyObject set_issuer_cert(IRubyObject iRubyObject) {
        setInstanceVariable("@issuer_certificate", iRubyObject);
        return iRubyObject;
    }

    @JRubyMethod(name = {"subject_certificate"})
    public IRubyObject subject_cert() {
        return getInstanceVariable("@subject_certificate");
    }

    @JRubyMethod(name = {"subject_certificate="})
    public IRubyObject set_subject_cert(IRubyObject iRubyObject) {
        setInstanceVariable("@subject_certificate", iRubyObject);
        return iRubyObject;
    }

    @JRubyMethod(name = {"subject_request"})
    public IRubyObject subject_req() {
        return getInstanceVariable("@subject_request");
    }

    @JRubyMethod(name = {"subject_request="})
    public IRubyObject set_subject_req(IRubyObject iRubyObject) {
        setInstanceVariable("@subject_request", iRubyObject);
        return iRubyObject;
    }

    @JRubyMethod(name = {"crl"})
    public IRubyObject crl() {
        return getInstanceVariable("@crl");
    }

    @JRubyMethod(name = {"crl="})
    public IRubyObject set_crl(IRubyObject iRubyObject) {
        setInstanceVariable("@crl", iRubyObject);
        return iRubyObject;
    }

    @JRubyMethod(name = {"config"})
    public IRubyObject config() {
        return getInstanceVariable("@config");
    }

    @JRubyMethod(name = {"config="})
    public IRubyObject set_config(IRubyObject iRubyObject) {
        setInstanceVariable("@config", iRubyObject);
        return iRubyObject;
    }

    @JRubyMethod(rest = true)
    public IRubyObject create_ext(ThreadContext threadContext, IRubyObject[] iRubyObjectArr) {
        Ruby ruby = threadContext.runtime;
        IRubyObject iRubyObject = (Arity.checkArgumentCount(ruby, iRubyObjectArr, 2, 3) != 3 || iRubyObjectArr[2].isNil()) ? ruby.getFalse() : iRubyObjectArr[2];
        String obj = iRubyObjectArr[0].toString();
        String obj2 = iRubyObjectArr[1].toString();
        try {
            ASN1ObjectIdentifier objectID = ASN1.getObjectID(ruby, obj);
            if (obj2.startsWith("critical,")) {
                iRubyObject = ruby.getTrue();
                obj2 = obj2.substring("critical,".length()).trim();
            }
            try {
                String id = objectID.getId();
                return X509Extension.newExtension(ruby, objectID, id.equals("2.5.29.14") ? new DEROctetString(parseSubjectKeyIdentifier(threadContext, obj, obj2)) : id.equals(ASN1Registry.OBJ_authority_key_identifier) ? parseAuthorityKeyIdentifier(threadContext, obj2) : id.equals(ASN1Registry.OBJ_subject_alt_name) ? parseSubjectAltName(obj2) : id.equals(ASN1Registry.OBJ_issuer_alt_name) ? parseIssuerAltName(threadContext, obj2) : id.equals(ASN1Registry.OBJ_basic_constraints) ? parseBasicConstrains(obj2) : id.equals(ASN1Registry.OBJ_key_usage) ? parseKeyUsage(obj, obj2) : id.equals(ASN1Registry.OBJ_netscape_cert_type) ? parseNsCertType(obj, obj2) : id.equals(ASN1Registry.OBJ_ext_key_usage) ? parseExtendedKeyUsage(obj2) : new DEROctetString(new DEROctetString(ByteList.plain(obj2)).getEncoded(ASN1Encoding.DER)), (iRubyObject.isNil() ? null : Boolean.valueOf(iRubyObject.isTrue())).booleanValue());
            } catch (IOException e) {
                throw X509Extension.newExtensionError(ruby, "Unable to create extension: " + e.getMessage());
            }
        } catch (IllegalArgumentException e2) {
            OpenSSL.debug(ruby, "ASN1.getObjectIdentifier() at ExtensionFactory.create_ext", e2);
            throw X509Extension.newExtensionError(ruby, "unknown OID `" + obj + "'");
        }
    }

    @JRubyMethod(rest = true)
    public IRubyObject create_extension(ThreadContext threadContext, IRubyObject[] iRubyObjectArr) {
        if (iRubyObjectArr.length > 1) {
            return create_ext(threadContext, iRubyObjectArr);
        }
        IRubyObject iRubyObject = iRubyObjectArr[0];
        if (iRubyObject instanceof RubyArray) {
            return create_ext_from_array(threadContext, iRubyObject);
        }
        if (iRubyObject instanceof RubyHash) {
            return create_ext_from_hash(threadContext, iRubyObject);
        }
        if (iRubyObject instanceof RubyString) {
            return create_ext_from_string(threadContext, iRubyObject);
        }
        throw threadContext.runtime.newArgumentError("unexpected argument: " + iRubyObject.inspect());
    }

    @JRubyMethod
    public IRubyObject create_ext_from_array(ThreadContext threadContext, IRubyObject iRubyObject) {
        RubyArray rubyArray = (RubyArray) iRubyObject;
        if (rubyArray.size() > 3) {
            throw X509Extension.newExtensionError(threadContext.runtime, "unexpected array form");
        }
        return create_ext(threadContext, rubyArray.toJavaArrayUnsafe());
    }

    @JRubyMethod
    public IRubyObject create_ext_from_hash(ThreadContext threadContext, IRubyObject iRubyObject) {
        RubyHash rubyHash = (RubyHash) iRubyObject;
        Ruby ruby = threadContext.runtime;
        return create_ext(threadContext, new IRubyObject[]{rubyHash.op_aref(threadContext, StringHelper.newStringFrozen(ruby, "oid")), rubyHash.op_aref(threadContext, StringHelper.newStringFrozen(ruby, "value")), rubyHash.op_aref(threadContext, StringHelper.newStringFrozen(ruby, "critical"))});
    }

    @JRubyMethod
    public IRubyObject create_ext_from_string(ThreadContext threadContext, IRubyObject iRubyObject) {
        RubyString rubyString = (RubyString) iRubyObject;
        Ruby ruby = threadContext.runtime;
        int longValue = (int) rubyString.index19(threadContext, StringHelper.newString(ruby, new byte[]{61})).convertToInteger("to_i").getLongValue();
        RubyString rubyString2 = (RubyString) rubyString.substr19(ruby, 0, longValue);
        rubyString2.strip_bang19(threadContext);
        RubyString rubyString3 = (RubyString) rubyString.substr19(ruby, longValue + 1, ((int) rubyString.length19().getLongValue()) - longValue);
        rubyString3.lstrip_bang19(threadContext);
        IRubyObject iRubyObject2 = threadContext.nil;
        if (rubyString3.start_with_p(threadContext, StringHelper.newString(ruby, X509Extension.critical__)).isTrue()) {
            iRubyObject2 = ruby.newBoolean(true);
            rubyString3.op_aset19(threadContext, ruby.newFixnum(0), ruby.newFixnum(X509Extension.critical__.length), RubyString.newEmptyString(ruby));
        }
        rubyString3.strip_bang19(threadContext);
        return create_ext(threadContext, new IRubyObject[]{rubyString2, rubyString3, iRubyObject2});
    }

    private DERBitString parseKeyUsage(String str, String str2) {
        byte[] bArr;
        try {
            String[] split = StringHelper.split(str2, ':');
            bArr = new byte[split.length];
            for (int i = 0; i < split.length; i++) {
                bArr[i] = (byte) Integer.parseInt(split[i], 16);
            }
        } catch (NumberFormatException e) {
            bArr = null;
        }
        if (bArr == null && str2.length() < 3) {
            bArr = ByteList.plain(str2);
        }
        if (bArr == null) {
            byte b = 0;
            byte b2 = 0;
            for (String str3 : StringHelper.split(str2, ',')) {
                String trim = str3.trim();
                if ("decipherOnly".equals(trim) || "Decipher Only".equals(trim)) {
                    b2 = (byte) (b2 | Byte.MIN_VALUE);
                } else if ("digitalSignature".equals(trim) || "Digital Signature".equals(trim)) {
                    b = (byte) (b | Byte.MIN_VALUE);
                } else if ("nonRepudiation".equals(trim) || "Non Repudiation".equals(trim)) {
                    b = (byte) (b | 64);
                } else if ("keyEncipherment".equals(trim) || "Key Encipherment".equals(trim)) {
                    b = (byte) (b | 32);
                } else if ("dataEncipherment".equals(trim) || "Data Encipherment".equals(trim)) {
                    b = (byte) (b | 16);
                } else if ("keyAgreement".equals(trim) || "Key Agreement".equals(trim)) {
                    b = (byte) (b | 8);
                } else if ("keyCertSign".equals(trim) || "Key Cert Sign".equals(trim)) {
                    b = (byte) (b | 4);
                } else if ("cRLSign".equals(trim)) {
                    b = (byte) (b | 2);
                } else {
                    if (!"encipherOnly".equals(trim) && !"Encipher Only".equals(trim)) {
                        throw X509Extension.newExtensionError(getRuntime(), str + " = " + str2 + ": unknown bit string argument");
                    }
                    b = (byte) (b | 1);
                }
            }
            bArr = b2 == 0 ? new byte[]{b} : new byte[]{b, b2};
        }
        int i2 = 0;
        int length = bArr.length - 1;
        while (true) {
            if (length <= -1) {
                break;
            }
            if (bArr[length] == 0) {
                i2 += 8;
                length--;
            } else {
                byte b3 = bArr[length];
                int i3 = 8;
                while (b3 != 0) {
                    b3 = (byte) (b3 << 1);
                    i3--;
                }
                i2 += i3;
            }
        }
        return new DERBitString(bArr, i2);
    }

    private DERBitString parseNsCertType(String str, String str2) {
        byte b;
        byte b2;
        int i;
        byte b3 = 0;
        if (str2.length() < 3) {
            b3 = ByteList.plain(str2)[0];
        } else {
            for (String str3 : StringHelper.split(str2, ',')) {
                String trim = str3.trim();
                if ("SSL Client".equals(trim) || "client".equals(trim)) {
                    b = b3;
                    b2 = Byte.MIN_VALUE;
                } else if ("SSL Server".equals(trim) || "server".equals(trim)) {
                    b = b3;
                    b2 = 64;
                } else if (ASN1Registry.LN_SMIME.equals(trim) || Constants.LN_EMAIL.equals(trim)) {
                    b = b3;
                    b2 = 32;
                } else if ("Object Signing".equals(trim) || "objsign".equals(trim)) {
                    b = b3;
                    b2 = 16;
                } else if ("Unused".equals(trim) || GroovyFilter.RESERVED_WORD.equals(trim)) {
                    b = b3;
                    b2 = 8;
                } else if ("SSL CA".equals(trim) || "sslCA".equals(trim)) {
                    b = b3;
                    b2 = 4;
                } else if ("S/MIME CA".equals(trim) || "emailCA".equals(trim)) {
                    b = b3;
                    b2 = 2;
                } else {
                    if (!"Object Signing CA".equals(trim) && !"objCA".equals(trim)) {
                        throw X509Extension.newExtensionError(getRuntime(), str + " = " + str2 + ": unknown bit string argument");
                    }
                    b = b3;
                    b2 = 1;
                }
                b3 = (byte) (b | b2);
            }
        }
        if (b3 == 0) {
            i = 0 + 8;
        } else {
            byte b4 = b3;
            int i2 = 8;
            while (b4 != 0) {
                b4 = (byte) (b4 << 1);
                i2--;
            }
            i = 0 + i2;
        }
        return new DERBitString(new byte[]{b3}, i);
    }

    private static DLSequence parseBasicConstrains(String str) {
        String[] split = StringHelper.split(str, ',');
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (int i = 0; i < split.length; i++) {
            String trim = split[i].trim();
            split[i] = trim;
            if (trim.length() > 3 && trim.substring(0, 3).equalsIgnoreCase("CA:")) {
                aSN1EncodableVector.add(ASN1Boolean.getInstance("true".equalsIgnoreCase(trim.substring(3).trim())));
            }
        }
        for (String str2 : split) {
            if (str2.length() > 8 && str2.substring(0, 8).equalsIgnoreCase("pathlen:")) {
                aSN1EncodableVector.add(new ASN1Integer(BigInteger.valueOf(Integer.parseInt(str2.substring(8).trim()))));
            }
        }
        return new DLSequence(aSN1EncodableVector);
    }

    private DLSequence parseAuthorityKeyIdentifier(ThreadContext threadContext, String str) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        if (str.startsWith("keyid:always")) {
            aSN1EncodableVector.add(new DEROctetString(derDigest(threadContext)));
        } else if (str.startsWith("keyid")) {
            aSN1EncodableVector.add(new DEROctetString(derDigest(threadContext)));
        }
        return new DLSequence(aSN1EncodableVector);
    }

    private byte[] derDigest(ThreadContext threadContext) {
        Ruby ruby = threadContext.runtime;
        IRubyObject callMethod = getInstanceVariable("@issuer_certificate").callMethod(threadContext, "public_key");
        return getSHA1Digest(ruby, (callMethod instanceof PKeyRSA ? callMethod.callMethod(threadContext, "to_der") : ASN1.decode(threadContext, ASN1._ASN1(ruby), callMethod.callMethod(threadContext, "to_der")).callMethod(threadContext, "value").callMethod(threadContext, ClassUtils.ARRAY_SUFFIX, ruby.newFixnum(1)).callMethod(threadContext, "value")).asString().getBytes());
    }

    private static byte[] getSHA1Digest(Ruby ruby, byte[] bArr) {
        try {
            return SecurityHelper.getMessageDigest("SHA-1").digest(bArr);
        } catch (GeneralSecurityException e) {
            throw X509Extension.newExtensionError(ruby, e.getMessage());
        }
    }

    private ASN1Encodable parseIssuerAltName(ThreadContext threadContext, String str) throws IOException {
        if (str.startsWith("issuer:copy")) {
            RubyArray rubyArray = (RubyArray) getInstanceVariable("@issuer_certificate").callMethod(threadContext, "extensions");
            for (int i = 0; i < rubyArray.size(); i++) {
                X509Extension x509Extension = (X509Extension) rubyArray.entry(i);
                if (ASN1Registry.OBJ_subject_alt_name.equals(x509Extension.getRealObjectID().getId())) {
                    return x509Extension.getRealValue();
                }
            }
        }
        throw new IOException("Malformed IssuerAltName: " + str);
    }

    private static ASN1Encodable parseSubjectAltName(String str) throws IOException {
        if (str.startsWith(DNS_)) {
            return new GeneralName(2, str.substring(DNS_.length()));
        }
        if (str.startsWith(DNS_Name_)) {
            return new GeneralName(2, str.substring(DNS_Name_.length()));
        }
        if (str.startsWith(URI_)) {
            return new GeneralName(6, str.substring(URI_.length()));
        }
        if (str.startsWith(RID_)) {
            return new GeneralName(8, str.substring(RID_.length()));
        }
        if (str.startsWith(email_)) {
            return new GeneralName(1, str.substring(email_.length()));
        }
        if (!str.startsWith("IP:") && !str.startsWith("IP Address:")) {
            if (str.startsWith(ServiceSecurity.DEFAULT_SECURITY_DOMAIN)) {
                return new GeneralName(0, str.substring(otherName_.length()));
            }
            if (str.startsWith(BidiUtils.DIR_PROPERTY_NAME)) {
                return new GeneralName(4, str.substring(dirName_.length()));
            }
            throw new IOException("could not parse SubjectAltName: " + str);
        }
        String[] split = str.substring(str.charAt(2) == ':' ? 3 : 11).split("\\.|::");
        byte[] bArr = new byte[split.length];
        for (int i = 0; i < split.length; i++) {
            bArr[i] = (byte) (Integer.parseInt(split[i]) & 255);
        }
        return new GeneralName(7, new DEROctetString(bArr));
    }

    private DEROctetString parseSubjectKeyIdentifier(ThreadContext threadContext, String str, String str2) {
        if (PasswordEncoderParser.ATT_HASH.equalsIgnoreCase(str2)) {
            return new DEROctetString(derDigest(threadContext));
        }
        if (str2.length() == 20 || !X509Extension.isHex(str2)) {
            return new DEROctetString(ByteList.plain(str2));
        }
        int length = str2.length();
        ByteList byteList = new ByteList((length / 2) + 1);
        int i = 0;
        while (i < length) {
            if (i + 1 >= length) {
                throw X509Extension.newExtensionError(threadContext.runtime, str + " = " + str2 + ": odd number of digits");
            }
            int upHex = X509Extension.upHex(str2.charAt(i));
            int upHex2 = X509Extension.upHex(str2.charAt(i + 1));
            if (upHex == -1 || upHex2 == -1) {
                throw X509Extension.newExtensionError(threadContext.runtime, str + " = " + str2 + ": illegal hex digit");
            }
            byteList.append(((upHex << 4) & 240) | (upHex2 & 15));
            while (i + 2 < length && str2.charAt(i + 2) == ':') {
                i++;
            }
            i += 2;
        }
        byte[] bArr = new byte[byteList.length()];
        System.arraycopy(byteList.getUnsafeBytes(), byteList.getBegin(), bArr, 0, bArr.length);
        return new DEROctetString(bArr);
    }

    private static DLSequence parseExtendedKeyUsage(String str) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (String str2 : str.split(", ?")) {
            aSN1EncodableVector.add(ASN1Registry.sym2oid(str2));
        }
        return new DLSequence(aSN1EncodableVector);
    }
}
