package eu.europa.esig.dss.validation.process.bbb.xcv.sub.checks;

import eu.europa.esig.dss.detailedreport.jaxb.XmlSubXCV;
import eu.europa.esig.dss.diagnostic.CertificateWrapper;
import eu.europa.esig.dss.diagnostic.jaxb.XmlGeneralName;
import eu.europa.esig.dss.diagnostic.jaxb.XmlGeneralSubtree;
import eu.europa.esig.dss.enumerations.GeneralNameType;
import eu.europa.esig.dss.enumerations.Indication;
import eu.europa.esig.dss.enumerations.SubIndication;
import eu.europa.esig.dss.i18n.I18nProvider;
import eu.europa.esig.dss.i18n.MessageTag;
import eu.europa.esig.dss.policy.jaxb.LevelConstraint;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.process.ChainItem;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/validation/process/bbb/xcv/sub/checks/CertificateNameConstraintsCheck.class */
public class CertificateNameConstraintsCheck extends ChainItem<XmlSubXCV> {
    private static final Logger LOG = LoggerFactory.getLogger(CertificateNameConstraintsCheck.class);
    private final CertificateWrapper certificate;

    public CertificateNameConstraintsCheck(I18nProvider i18nProvider, XmlSubXCV xmlSubXCV, CertificateWrapper certificateWrapper, LevelConstraint levelConstraint) {
        super(i18nProvider, xmlSubXCV, levelConstraint);
        this.certificate = certificateWrapper;
    }

    @Override // eu.europa.esig.dss.validation.process.ChainItem
    protected boolean process() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.certificate);
        arrayList.addAll(this.certificate.getCertificateChain());
        Set<Map<String, String>> set = null;
        Set<Map<String, String>> set2 = null;
        for (int size = arrayList.size() - 1; size > -1; size--) {
            CertificateWrapper certificateWrapper = (CertificateWrapper) arrayList.get(size);
            if (size == 0) {
                Map<String, String> dNMap = toDNMap(certificateWrapper.getCertificateDN());
                List<Map<String, String>> subjectAlternativeNamesDNList = getSubjectAlternativeNamesDNList(certificateWrapper.getSubjectAlternativeNames());
                if (set != null) {
                    if (!isWithinDNSubtrees(dNMap, set)) {
                        return false;
                    }
                    Iterator<Map<String, String>> it = subjectAlternativeNamesDNList.iterator();
                    while (it.hasNext()) {
                        if (!isWithinDNSubtrees(it.next(), set)) {
                            return false;
                        }
                    }
                }
                if (set2 != null) {
                    if (isWithinDNSubtrees(dNMap, set2)) {
                        return false;
                    }
                    Iterator<Map<String, String>> it2 = subjectAlternativeNamesDNList.iterator();
                    while (it2.hasNext()) {
                        if (isWithinDNSubtrees(it2.next(), set2)) {
                            return false;
                        }
                    }
                }
            }
            Set<Map<String, String>> generalSubtreeMapSet = toGeneralSubtreeMapSet(certificateWrapper.getPermittedSubtrees());
            Set<Map<String, String>> generalSubtreeMapSet2 = toGeneralSubtreeMapSet(certificateWrapper.getExcludedSubtrees());
            if (Utils.isCollectionNotEmpty(generalSubtreeMapSet)) {
                set = set != null ? intersect(set, generalSubtreeMapSet) : generalSubtreeMapSet;
            }
            if (Utils.isCollectionNotEmpty(generalSubtreeMapSet2)) {
                set2 = set2 != null ? union(set2, generalSubtreeMapSet2) : generalSubtreeMapSet2;
            }
        }
        return true;
    }

    private Map<String, String> toDNMap(String str) {
        if (Utils.isStringEmpty(str)) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        int indexOf = str.indexOf(44);
        int i = 0;
        while (indexOf >= 0) {
            if (indexOf > 0 && str.charAt(indexOf - 1) != '\\') {
                Map.Entry<String, String> rdn = getRDN(str.substring(i, indexOf));
                if (rdn != null) {
                    hashMap.put(rdn.getKey(), rdn.getValue());
                }
                i = indexOf + 1;
            }
            indexOf = str.indexOf(44, indexOf + 1);
        }
        Map.Entry<String, String> rdn2 = getRDN(str.substring(i));
        if (rdn2 != null) {
            hashMap.put(rdn2.getKey(), rdn2.getValue());
        }
        return hashMap;
    }

    private Map.Entry<String, String> getRDN(String str) {
        int indexOf = str.indexOf(61);
        if (indexOf >= 0 && str.length() >= indexOf + 1) {
            return new AbstractMap.SimpleEntry(str.substring(0, indexOf), str.substring(indexOf + 1));
        }
        if (!LOG.isDebugEnabled()) {
            return null;
        }
        LOG.debug("Unable to build an RDN for string '{}'! Not a DN.", str);
        return null;
    }

    private List<Map<String, String>> getSubjectAlternativeNamesDNList(List<XmlGeneralName> list) {
        ArrayList arrayList = new ArrayList();
        for (XmlGeneralName xmlGeneralName : list) {
            if (GeneralNameType.DIRECTORY_NAME.equals(xmlGeneralName.getType())) {
                arrayList.add(toDNMap(xmlGeneralName.getValue()));
            } else if (LOG.isDebugEnabled()) {
                LOG.debug("The GeneralName of type '{}' is skipped.", xmlGeneralName.getType());
            }
        }
        return arrayList;
    }

    private boolean isWithinDNSubtrees(Map<String, String> map, Set<Map<String, String>> set) {
        Iterator<Map<String, String>> it = set.iterator();
        while (it.hasNext()) {
            if (isWithinDNSubtree(map, it.next())) {
                return true;
            }
        }
        return false;
    }

    private Set<Map<String, String>> toGeneralSubtreeMapSet(List<XmlGeneralSubtree> list) {
        HashSet hashSet = new HashSet();
        for (XmlGeneralSubtree xmlGeneralSubtree : list) {
            if (GeneralNameType.DIRECTORY_NAME == xmlGeneralSubtree.getType()) {
                if (xmlGeneralSubtree.getMinimum() != null && xmlGeneralSubtree.getMinimum().intValue() != 0) {
                    LOG.warn("'Minimum' field of GeneralSubtree is not supported! The value is skipped.");
                }
                if (xmlGeneralSubtree.getMaximum() != null) {
                    LOG.warn("'Maximum' field of GeneralSubtree is not supported! The value is skipped.");
                }
                Map<String, String> dNMap = toDNMap(xmlGeneralSubtree.getValue());
                if (Utils.isMapNotEmpty(dNMap)) {
                    hashSet.add(dNMap);
                } else {
                    LOG.warn("Unable to build a DN map for general subtree with value '{}'", xmlGeneralSubtree.getValue());
                }
            } else if (LOG.isDebugEnabled()) {
                LOG.debug("The general name type '{}' is not supported and skipped!", xmlGeneralSubtree.getType().getLabel());
            }
        }
        return hashSet;
    }

    private Set<Map<String, String>> intersect(Set<Map<String, String>> set, Set<Map<String, String>> set2) {
        HashSet hashSet = new HashSet();
        for (Map<String, String> map : set2) {
            for (Map<String, String> map2 : set) {
                if (isWithinDNSubtree(map2, map)) {
                    hashSet.add(map);
                } else if (isWithinDNSubtree(map, map2)) {
                    hashSet.add(map2);
                }
            }
            if (set.contains(map)) {
                hashSet.add(map);
            }
        }
        return hashSet;
    }

    private boolean isWithinDNSubtree(Map<String, String> map, Map<String, String> map2) {
        if (map2.size() < 1 || map2.size() > map.size()) {
            return false;
        }
        for (Map.Entry<String, String> entry : map2.entrySet()) {
            String key = entry.getKey();
            String value = entry.getValue();
            if (!map.containsKey(key) || !value.equals(map.get(key))) {
                return false;
            }
        }
        return true;
    }

    private Set<Map<String, String>> union(Set<Map<String, String>> set, Set<Map<String, String>> set2) {
        HashSet hashSet = new HashSet();
        for (Map<String, String> map : set2) {
            for (Map<String, String> map2 : set) {
                if (isWithinDNSubtree(map2, map)) {
                    hashSet.add(map);
                } else if (isWithinDNSubtree(map, map2)) {
                    hashSet.add(map2);
                } else {
                    hashSet.add(map);
                    hashSet.add(map2);
                }
            }
            if (set.contains(map)) {
                hashSet.add(map);
            }
        }
        return hashSet;
    }

    @Override // eu.europa.esig.dss.validation.process.ChainItem
    protected MessageTag getMessageTag() {
        return MessageTag.BBB_XCV_DCSBSINC;
    }

    @Override // eu.europa.esig.dss.validation.process.ChainItem
    protected MessageTag getErrorMessageTag() {
        return MessageTag.BBB_XCV_DCSBSINC_ANS;
    }

    @Override // eu.europa.esig.dss.validation.process.ChainItem
    protected Indication getFailedIndicationForConclusion() {
        return Indication.INDETERMINATE;
    }

    @Override // eu.europa.esig.dss.validation.process.ChainItem
    protected SubIndication getFailedSubIndicationForConclusion() {
        return SubIndication.CERTIFICATE_CHAIN_GENERAL_FAILURE;
    }
}
