package org.cesecore.authentication.tokens;

import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.util.Set;
import java.util.regex.Pattern;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.cesecore.authorization.user.AccessMatchType;
import org.cesecore.authorization.user.AccessUserAspect;
import org.cesecore.authorization.user.matchvalues.AccessMatchValue;
import org.cesecore.authorization.user.matchvalues.AccessMatchValueReverseLookupRegistry;
import org.cesecore.authorization.user.matchvalues.X500PrincipalAccessMatchValue;
import org.cesecore.certificates.util.DNFieldExtractor;
import org.cesecore.util.CertTools;

/* loaded from: input_file:org/cesecore/authentication/tokens/X509CertificateAuthenticationToken.class */
public class X509CertificateAuthenticationToken extends LocalJvmOnlyAuthenticationToken {
    public static final String TOKEN_TYPE = "CertificateAuthenticationToken";
    private static final long serialVersionUID = 1097165653913865515L;
    private final X509Certificate certificate;
    private final int adminCaId;
    private final DNFieldExtractor dnExtractor;
    private final DNFieldExtractor anExtractor;
    private static final Logger log = Logger.getLogger(X509CertificateAuthenticationToken.class);
    private static final Pattern serialPattern = Pattern.compile("\\bSERIALNUMBER=", 2);

    /* renamed from: org.cesecore.authentication.tokens.X509CertificateAuthenticationToken$1, reason: invalid class name */
    /* loaded from: input_file:org/cesecore/authentication/tokens/X509CertificateAuthenticationToken$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$cesecore$authorization$user$matchvalues$X500PrincipalAccessMatchValue = new int[X500PrincipalAccessMatchValue.values().length];

        static {
            try {
                $SwitchMap$org$cesecore$authorization$user$matchvalues$X500PrincipalAccessMatchValue[X500PrincipalAccessMatchValue.WITH_COUNTRY.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$cesecore$authorization$user$matchvalues$X500PrincipalAccessMatchValue[X500PrincipalAccessMatchValue.WITH_DOMAINCOMPONENT.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$cesecore$authorization$user$matchvalues$X500PrincipalAccessMatchValue[X500PrincipalAccessMatchValue.WITH_STATEORPROVINCE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$cesecore$authorization$user$matchvalues$X500PrincipalAccessMatchValue[X500PrincipalAccessMatchValue.WITH_LOCALITY.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$cesecore$authorization$user$matchvalues$X500PrincipalAccessMatchValue[X500PrincipalAccessMatchValue.WITH_ORGANIZATION.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$cesecore$authorization$user$matchvalues$X500PrincipalAccessMatchValue[X500PrincipalAccessMatchValue.WITH_ORGANIZATIONALUNIT.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$cesecore$authorization$user$matchvalues$X500PrincipalAccessMatchValue[X500PrincipalAccessMatchValue.WITH_TITLE.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$cesecore$authorization$user$matchvalues$X500PrincipalAccessMatchValue[X500PrincipalAccessMatchValue.WITH_DNSERIALNUMBER.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$cesecore$authorization$user$matchvalues$X500PrincipalAccessMatchValue[X500PrincipalAccessMatchValue.WITH_COMMONNAME.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$cesecore$authorization$user$matchvalues$X500PrincipalAccessMatchValue[X500PrincipalAccessMatchValue.WITH_UID.ordinal()] = 10;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$cesecore$authorization$user$matchvalues$X500PrincipalAccessMatchValue[X500PrincipalAccessMatchValue.WITH_DNEMAILADDRESS.ordinal()] = 11;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$org$cesecore$authorization$user$matchvalues$X500PrincipalAccessMatchValue[X500PrincipalAccessMatchValue.WITH_RFC822NAME.ordinal()] = 12;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$org$cesecore$authorization$user$matchvalues$X500PrincipalAccessMatchValue[X500PrincipalAccessMatchValue.WITH_UPN.ordinal()] = 13;
            } catch (NoSuchFieldError e13) {
            }
            $SwitchMap$org$cesecore$authorization$user$AccessMatchType = new int[AccessMatchType.values().length];
            try {
                $SwitchMap$org$cesecore$authorization$user$AccessMatchType[AccessMatchType.TYPE_EQUALCASE.ordinal()] = 1;
            } catch (NoSuchFieldError e14) {
            }
            try {
                $SwitchMap$org$cesecore$authorization$user$AccessMatchType[AccessMatchType.TYPE_EQUALCASEINS.ordinal()] = 2;
            } catch (NoSuchFieldError e15) {
            }
            try {
                $SwitchMap$org$cesecore$authorization$user$AccessMatchType[AccessMatchType.TYPE_NOT_EQUALCASE.ordinal()] = 3;
            } catch (NoSuchFieldError e16) {
            }
            try {
                $SwitchMap$org$cesecore$authorization$user$AccessMatchType[AccessMatchType.TYPE_NOT_EQUALCASEINS.ordinal()] = 4;
            } catch (NoSuchFieldError e17) {
            }
        }
    }

    public X509CertificateAuthenticationToken(Set<X500Principal> set, Set<X509Certificate> set2) {
        super(set, set2);
        X509Certificate[] x509CertificateArr = (X509Certificate[]) getCredentials().toArray(new X509Certificate[0]);
        if (x509CertificateArr.length != 1) {
            throw new InvalidAuthenticationTokenException("X509CertificateAuthenticationToken was containing " + x509CertificateArr.length + " credentials instead of 1.");
        }
        this.certificate = x509CertificateArr[0];
        String str = CertTools.getSubjectDN(this.certificate).toString();
        this.adminCaId = CertTools.getIssuerDN(this.certificate).hashCode();
        String replaceAll = serialPattern.matcher(str).replaceAll("SN=");
        String subjectAlternativeName = CertTools.getSubjectAlternativeName(this.certificate);
        this.dnExtractor = new DNFieldExtractor(replaceAll, 0);
        this.anExtractor = new DNFieldExtractor(subjectAlternativeName, 1);
    }

    @Override // org.cesecore.authentication.tokens.AuthenticationToken
    public boolean matches(AccessUserAspect accessUserAspect) {
        if (!super.isCreatedInThisJvm()) {
            return false;
        }
        boolean z = false;
        if (StringUtils.equals(TOKEN_TYPE, accessUserAspect.getTokenType())) {
            if (accessUserAspect.getCaId().intValue() == this.adminCaId) {
                DNFieldExtractor dNFieldExtractor = this.dnExtractor;
                X500PrincipalAccessMatchValue x500PrincipalAccessMatchValue = (X500PrincipalAccessMatchValue) getMatchValueFromDatabaseValue(Integer.valueOf(accessUserAspect.getMatchWith()));
                if (x500PrincipalAccessMatchValue == X500PrincipalAccessMatchValue.WITH_SERIALNUMBER) {
                    try {
                        BigInteger bigInteger = new BigInteger(accessUserAspect.getMatchValue(), 16);
                        switch (accessUserAspect.getMatchTypeAsType()) {
                            case TYPE_EQUALCASE:
                            case TYPE_EQUALCASEINS:
                                z = bigInteger.equals(this.certificate.getSerialNumber());
                                break;
                            case TYPE_NOT_EQUALCASE:
                            case TYPE_NOT_EQUALCASEINS:
                                z = !bigInteger.equals(this.certificate.getSerialNumber());
                                break;
                        }
                    } catch (NumberFormatException e) {
                        log.info("Invalid matchValue for accessUser when expecting a hex serialNumber: " + accessUserAspect.getMatchValue());
                    }
                } else if (x500PrincipalAccessMatchValue == X500PrincipalAccessMatchValue.WITH_FULLDN) {
                    String matchValue = accessUserAspect.getMatchValue();
                    switch (accessUserAspect.getMatchTypeAsType()) {
                        case TYPE_EQUALCASE:
                            matchValue.equals(CertTools.getSubjectDN(this.certificate));
                        case TYPE_EQUALCASEINS:
                            z = matchValue.equalsIgnoreCase(CertTools.getSubjectDN(this.certificate));
                            break;
                        case TYPE_NOT_EQUALCASE:
                            boolean z2 = !matchValue.equals(CertTools.getSubjectDN(this.certificate));
                        case TYPE_NOT_EQUALCASEINS:
                            z = !matchValue.equalsIgnoreCase(CertTools.getSubjectDN(this.certificate));
                            break;
                    }
                } else {
                    int i = 2;
                    switch (AnonymousClass1.$SwitchMap$org$cesecore$authorization$user$matchvalues$X500PrincipalAccessMatchValue[x500PrincipalAccessMatchValue.ordinal()]) {
                        case 1:
                            i = 13;
                            break;
                        case 2:
                            i = 12;
                            break;
                        case 3:
                            i = 11;
                            break;
                        case 4:
                            i = 10;
                            break;
                        case 5:
                            i = 9;
                            break;
                        case 6:
                            i = 8;
                            break;
                        case 7:
                            i = 7;
                            break;
                        case 8:
                            i = 3;
                            break;
                        case 9:
                            i = 2;
                            break;
                        case 10:
                            i = 1;
                            break;
                        case 11:
                            i = 0;
                            break;
                        case DNFieldExtractor.DC /* 12 */:
                            i = 17;
                            dNFieldExtractor = this.anExtractor;
                            break;
                        case DNFieldExtractor.C /* 13 */:
                            i = 25;
                            dNFieldExtractor = this.anExtractor;
                            break;
                    }
                    int numberOfFields = dNFieldExtractor.getNumberOfFields(i);
                    String[] strArr = new String[numberOfFields];
                    for (int i2 = 0; i2 < numberOfFields; i2++) {
                        strArr[i2] = dNFieldExtractor.getField(i, i2);
                    }
                    if (strArr != null) {
                        switch (accessUserAspect.getMatchTypeAsType()) {
                            case TYPE_EQUALCASE:
                                for (int i3 = 0; i3 < numberOfFields; i3++) {
                                    z = strArr[i3].equals(accessUserAspect.getMatchValue());
                                    if (z) {
                                        break;
                                    }
                                }
                                break;
                            case TYPE_EQUALCASEINS:
                                for (int i4 = 0; i4 < numberOfFields; i4++) {
                                    z = strArr[i4].equalsIgnoreCase(accessUserAspect.getMatchValue());
                                    if (z) {
                                        break;
                                    }
                                }
                                break;
                            case TYPE_NOT_EQUALCASE:
                                for (int i5 = 0; i5 < numberOfFields; i5++) {
                                    z = !strArr[i5].equals(accessUserAspect.getMatchValue());
                                    if (z) {
                                        break;
                                    }
                                }
                                break;
                            case TYPE_NOT_EQUALCASEINS:
                                for (int i6 = 0; i6 < numberOfFields; i6++) {
                                    z = !strArr[i6].equalsIgnoreCase(accessUserAspect.getMatchValue());
                                    if (z) {
                                        break;
                                    }
                                }
                                break;
                        }
                    }
                }
            } else if (log.isTraceEnabled()) {
                log.trace("Caid does not match. Required=" + this.adminCaId + ", actual was " + accessUserAspect.getCaId());
            }
        } else if (log.isTraceEnabled()) {
            log.trace("Token type does not match. Required=CertificateAuthenticationToken, actual was " + accessUserAspect.getTokenType());
        }
        return z;
    }

    @Override // org.cesecore.authentication.tokens.AuthenticationToken
    public String toString() {
        return CertTools.getSubjectDN(this.certificate);
    }

    @Override // org.cesecore.authentication.tokens.AuthenticationToken
    public int hashCode() {
        return (4711 * 1) + (this.certificate == null ? 0 : this.certificate.hashCode());
    }

    @Override // org.cesecore.authentication.tokens.AuthenticationToken
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        X509CertificateAuthenticationToken x509CertificateAuthenticationToken = (X509CertificateAuthenticationToken) obj;
        return this.certificate == null ? x509CertificateAuthenticationToken.certificate == null : this.certificate.equals(x509CertificateAuthenticationToken.certificate);
    }

    public X509Certificate getCertificate() {
        return this.certificate;
    }

    @Override // org.cesecore.authentication.tokens.AuthenticationToken
    public boolean matchTokenType(String str) {
        return str.equals(TOKEN_TYPE);
    }

    @Override // org.cesecore.authentication.tokens.AuthenticationToken
    public AccessMatchValue getMatchValueFromDatabaseValue(Integer num) {
        return AccessMatchValueReverseLookupRegistry.INSTANCE.performReverseLookup(TOKEN_TYPE, num.intValue());
    }

    @Override // org.cesecore.authentication.tokens.AuthenticationToken
    public AccessMatchValue getDefaultMatchValue() {
        return X500PrincipalAccessMatchValue.NONE;
    }
}
