package org.xipki.ca.server.mgmt.api;

import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.xipki.ca.api.CaUris;
import org.xipki.ca.api.NameId;
import org.xipki.ca.api.profile.CertValidity;
import org.xipki.security.CertRevocationInfo;
import org.xipki.security.HashAlgo;
import org.xipki.security.KeyUsage;
import org.xipki.security.exception.XiSecurityException;
import org.xipki.security.util.AlgorithmUtil;
import org.xipki.security.util.X509Util;
import org.xipki.util.CollectionUtil;
import org.xipki.util.CompareUtil;
import org.xipki.util.ConfPairs;
import org.xipki.util.ParamUtil;
import org.xipki.util.StringUtil;

/* loaded from: input_file:org/xipki/ca/server/mgmt/api/CaEntry.class */
public class CaEntry {
    private NameId ident;
    private CaStatus status;
    private CertValidity maxValidity;
    private String signerType;
    private String signerConf;
    private ScepControl scepControl;
    private CrlControl crlControl;
    private String crlSignerName;
    private CmpControl cmpControl;
    private String cmpResponderName;
    private String scepResponderName;
    private boolean duplicateKeyPermitted;
    private boolean duplicateSubjectPermitted;
    private ProtocolSupport protocolSupport;
    private boolean saveRequest;
    private ValidityMode validityMode = ValidityMode.STRICT;
    private int permission;
    private int expirationPeriod;
    private int keepExpiredCertInDays;
    private ConfPairs extraControl;
    private CaUris caUris;
    private X509Certificate cert;
    private int serialNoBitLen;
    private long nextCrlNumber;
    private int numCrls;
    private CertRevocationInfo revocationInfo;
    private String subject;
    private String hexSha1OfCert;

    public CaEntry(NameId nameId, int i, long j, String str, String str2, CaUris caUris, int i2, int i3) {
        this.ident = (NameId) ParamUtil.requireNonNull("ident", nameId);
        this.signerType = ParamUtil.requireNonBlankLower("signerType", str);
        this.expirationPeriod = ParamUtil.requireMin("expirationPeriod", i3, 0);
        this.signerConf = ParamUtil.requireNonBlank("signerConf", str2);
        this.numCrls = ParamUtil.requireMin("numCrls", i2, 1);
        this.serialNoBitLen = ParamUtil.requireRange("serialNoBitLen", i, 63, 159);
        this.nextCrlNumber = ParamUtil.requireMin("nextCrlNumber", j, 1L);
        this.caUris = caUris == null ? CaUris.EMPTY_INSTANCE : caUris;
    }

    public static List<String[]> splitCaSignerConfs(String str) throws XiSecurityException {
        ConfPairs confPairs = new ConfPairs(str);
        String value = confPairs.value("algo");
        if (value == null) {
            throw new XiSecurityException("no algo is defined in CA signerConf");
        }
        List split = StringUtil.split(value, CmpControl.ALGO_DELIMITER);
        if (CollectionUtil.isEmpty(split)) {
            throw new XiSecurityException("empty algo is defined in CA signerConf");
        }
        ArrayList arrayList = new ArrayList(split.size());
        Iterator it = split.iterator();
        while (it.hasNext()) {
            try {
                String canonicalizeSignatureAlgo = AlgorithmUtil.canonicalizeSignatureAlgo((String) it.next());
                confPairs.putPair("algo", canonicalizeSignatureAlgo);
                arrayList.add(new String[]{canonicalizeSignatureAlgo, confPairs.getEncoded()});
            } catch (NoSuchAlgorithmException e) {
                throw new XiSecurityException(e.getMessage(), e);
            }
        }
        return arrayList;
    }

    public NameId getIdent() {
        return this.ident;
    }

    public CertValidity getMaxValidity() {
        return this.maxValidity;
    }

    public void setMaxValidity(CertValidity certValidity) {
        this.maxValidity = certValidity;
    }

    public int getKeepExpiredCertInDays() {
        return this.keepExpiredCertInDays;
    }

    public void setKeepExpiredCertInDays(int i) {
        this.keepExpiredCertInDays = i;
    }

    public void setSignerConf(String str) {
        this.signerConf = ParamUtil.requireNonBlank("signerConf", str);
    }

    public String getSignerConf() {
        return this.signerConf;
    }

    public CaStatus getStatus() {
        return this.status;
    }

    public void setStatus(CaStatus caStatus) {
        this.status = caStatus;
    }

    public String getSignerType() {
        return this.signerType;
    }

    public void setCmpControl(CmpControl cmpControl) {
        this.cmpControl = cmpControl;
    }

    public CmpControl getCmpControl() {
        return this.cmpControl;
    }

    public void setCrlControl(CrlControl crlControl) {
        this.crlControl = crlControl;
    }

    public CrlControl getCrlControl() {
        return this.crlControl;
    }

    public void setScepControl(ScepControl scepControl) {
        this.scepControl = scepControl;
    }

    public ScepControl getScepControl() {
        return this.scepControl;
    }

    public String getCmpResponderName() {
        return this.cmpResponderName;
    }

    public void setCmpResponderName(String str) {
        this.cmpResponderName = str == null ? null : str.toLowerCase();
    }

    public String getScepResponderName() {
        return this.scepResponderName;
    }

    public void setScepResponderName(String str) {
        this.scepResponderName = str == null ? null : str.toLowerCase();
    }

    public String getCrlSignerName() {
        return this.crlSignerName;
    }

    public void setCrlSignerName(String str) {
        this.crlSignerName = str == null ? null : str.toLowerCase();
    }

    public boolean isDuplicateKeyPermitted() {
        return this.duplicateKeyPermitted;
    }

    public void setDuplicateKeyPermitted(boolean z) {
        this.duplicateKeyPermitted = z;
    }

    public boolean isDuplicateSubjectPermitted() {
        return this.duplicateSubjectPermitted;
    }

    public void setDuplicateSubjectPermitted(boolean z) {
        this.duplicateSubjectPermitted = z;
    }

    public ProtocolSupport getProtocoSupport() {
        return this.protocolSupport;
    }

    public void setProtocolSupport(ProtocolSupport protocolSupport) {
        this.protocolSupport = protocolSupport;
    }

    public boolean isSaveRequest() {
        return this.saveRequest;
    }

    public void setSaveRequest(boolean z) {
        this.saveRequest = z;
    }

    public ValidityMode getValidityMode() {
        return this.validityMode;
    }

    public void setValidityMode(ValidityMode validityMode) {
        this.validityMode = (ValidityMode) ParamUtil.requireNonNull("mode", validityMode);
    }

    public int getPermission() {
        return this.permission;
    }

    public void setPermission(int i) {
        this.permission = i;
    }

    public int getExpirationPeriod() {
        return this.expirationPeriod;
    }

    public ConfPairs getExtraControl() {
        return this.extraControl;
    }

    public void setExtraControl(ConfPairs confPairs) {
        this.extraControl = confPairs;
    }

    public String toString() {
        return toString(false);
    }

    public String toString(boolean z) {
        return toString(z, true);
    }

    public String toString(boolean z, boolean z2) {
        String encoded;
        if (this.extraControl == null) {
            encoded = CaManager.NULL;
        } else {
            encoded = this.extraControl.getEncoded();
            if (!z && encoded.length() > 100) {
                encoded = StringUtil.concat(encoded.substring(0, 97), new String[]{"..."});
            }
        }
        String concatObjectsCap = this.revocationInfo != null ? StringUtil.concatObjectsCap(30, "\n\treason: ", new Object[]{this.revocationInfo.getReason().getDescription(), "\n\trevoked at ", this.revocationInfo.getRevocationTime()}) : "";
        Object[] objArr = new Object[53];
        objArr[0] = this.ident.getId();
        objArr[1] = "\nname: ";
        objArr[2] = this.ident.getName();
        objArr[3] = "\nstatus: ";
        objArr[4] = this.status == null ? CaManager.NULL : this.status.getStatus();
        objArr[5] = "\nmax. validity: ";
        objArr[6] = this.maxValidity;
        objArr[7] = "\nexpiration period: ";
        objArr[8] = Integer.valueOf(this.expirationPeriod);
        objArr[9] = " days";
        objArr[10] = "\nsigner type: ";
        objArr[11] = this.signerType;
        objArr[12] = "\nsigner conf: ";
        objArr[13] = this.signerConf == null ? CaManager.NULL : InternUtil.signerConfToString(this.signerConf, z, z2);
        objArr[14] = "\nCMP control:\n";
        objArr[15] = this.cmpControl == null ? "  null" : this.cmpControl.toString(z);
        objArr[16] = "\nCRL control:\n";
        objArr[17] = this.crlControl == null ? "  null" : this.crlControl.toString(z);
        objArr[18] = "\nSCEP control: \n";
        objArr[19] = this.scepControl == null ? "  null" : this.scepControl.toString(z);
        objArr[20] = "\nCMP responder name: ";
        objArr[21] = this.cmpResponderName;
        objArr[22] = "\nSCEP responder name: ";
        objArr[23] = this.scepResponderName;
        objArr[24] = "\nCRL signer name: ";
        objArr[25] = this.crlSignerName;
        objArr[26] = "\nduplicate key: ";
        objArr[27] = Boolean.valueOf(this.duplicateKeyPermitted);
        objArr[28] = "\nduplicate subject: ";
        objArr[29] = Boolean.valueOf(this.duplicateSubjectPermitted);
        objArr[30] = "\n";
        objArr[31] = this.protocolSupport;
        objArr[32] = "\nsave request: ";
        objArr[33] = Boolean.valueOf(this.saveRequest);
        objArr[34] = "\nvalidity mMode: ";
        objArr[35] = this.validityMode;
        objArr[36] = "\npermission: ";
        objArr[37] = PermissionConstants.permissionToString(this.permission);
        objArr[38] = "\nkeep expired certs: ";
        objArr[39] = this.keepExpiredCertInDays < 0 ? "forever" : this.keepExpiredCertInDays + " days";
        objArr[40] = "\nextra control: ";
        objArr[41] = encoded;
        objArr[42] = "\nserial number bit length: ";
        objArr[43] = Integer.valueOf(this.serialNoBitLen);
        objArr[44] = "\nnext CRl number: ";
        objArr[45] = Long.valueOf(this.nextCrlNumber);
        objArr[46] = "\n";
        objArr[47] = this.caUris;
        objArr[48] = "\ncert: \n";
        objArr[49] = InternUtil.formatCert(this.cert, z);
        objArr[50] = "\nrevocation: ";
        objArr[51] = this.revocationInfo == null ? "not revoked" : "revoked";
        objArr[52] = concatObjectsCap;
        return StringUtil.concatObjectsCap(1500, "id: ", objArr);
    }

    protected static String urisToString(Collection<? extends Object> collection) {
        if (CollectionUtil.isEmpty(collection)) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        int size = collection.size();
        int i = 0;
        Iterator<? extends Object> it = collection.iterator();
        while (it.hasNext()) {
            sb.append(it.next());
            int i2 = i;
            i++;
            if (i2 < size - 1) {
                sb.append(" ");
            }
        }
        return sb.toString();
    }

    public boolean equals(Object obj) {
        if (obj instanceof CaEntry) {
            return equals((CaEntry) obj, false, false);
        }
        return false;
    }

    public boolean equals(CaEntry caEntry, boolean z, boolean z2) {
        return (z || this.nextCrlNumber == caEntry.nextCrlNumber) && this.ident.equals(caEntry.ident, z2) && this.signerType.equals(caEntry.signerType) && CompareUtil.equalsObject(this.status, caEntry.status) && CompareUtil.equalsObject(this.protocolSupport, caEntry.protocolSupport) && CompareUtil.equalsObject(this.maxValidity, caEntry.maxValidity) && CompareUtil.equalsObject(this.cmpControl, caEntry.cmpControl) && CompareUtil.equalsObject(this.crlControl, caEntry.crlControl) && CompareUtil.equalsObject(this.scepControl, caEntry.scepControl) && CompareUtil.equalsObject(this.cmpResponderName, caEntry.cmpResponderName) && CompareUtil.equalsObject(this.scepResponderName, caEntry.scepResponderName) && CompareUtil.equalsObject(this.crlSignerName, caEntry.crlSignerName) && this.duplicateKeyPermitted == caEntry.duplicateKeyPermitted && this.duplicateSubjectPermitted == caEntry.duplicateSubjectPermitted && this.saveRequest == caEntry.saveRequest && CompareUtil.equalsObject(this.validityMode, caEntry.validityMode) && this.permission == caEntry.permission && this.expirationPeriod == caEntry.expirationPeriod && this.keepExpiredCertInDays == caEntry.keepExpiredCertInDays && CompareUtil.equalsObject(this.extraControl, caEntry.extraControl) && CompareUtil.equalsObject(this.caUris, caEntry.caUris) && CompareUtil.equalsObject(this.cert, caEntry.cert) && this.serialNoBitLen == caEntry.serialNoBitLen && this.numCrls == caEntry.numCrls && CompareUtil.equalsObject(this.revocationInfo, caEntry.revocationInfo);
    }

    public int hashCode() {
        return this.ident.hashCode();
    }

    public void setCert(X509Certificate x509Certificate) throws CaMgmtException {
        if (x509Certificate == null) {
            this.cert = null;
            this.subject = null;
            this.hexSha1OfCert = null;
        } else {
            if (!X509Util.hasKeyusage(x509Certificate, KeyUsage.keyCertSign)) {
                throw new CaMgmtException("CA certificate does not have keyusage keyCertSign");
            }
            this.cert = x509Certificate;
            this.subject = X509Util.getRfc4519Name(x509Certificate.getSubjectX500Principal());
            try {
                this.hexSha1OfCert = HashAlgo.SHA1.hexHash(x509Certificate.getEncoded());
            } catch (CertificateEncodingException e) {
                throw new CaMgmtException("could not encoded certificate", e);
            }
        }
    }

    public int getSerialNoBitLen() {
        return this.serialNoBitLen;
    }

    public void setSerialNoBitLen(int i) {
        this.serialNoBitLen = ParamUtil.requireMin("serialNoBitLen", i, 63);
    }

    public long getNextCrlNumber() {
        return this.nextCrlNumber;
    }

    public void setNextCrlNumber(long j) {
        this.nextCrlNumber = j;
    }

    public CaUris getCaUris() {
        return this.caUris;
    }

    public X509Certificate getCert() {
        return this.cert;
    }

    public int getNumCrls() {
        return this.numCrls;
    }

    public CertRevocationInfo getRevocationInfo() {
        return this.revocationInfo;
    }

    public void setRevocationInfo(CertRevocationInfo certRevocationInfo) {
        this.revocationInfo = certRevocationInfo;
    }

    public Date getCrlBaseTime() {
        if (this.cert == null) {
            return null;
        }
        return this.cert.getNotBefore();
    }

    public String getSubject() {
        return this.subject;
    }

    public String getHexSha1OfCert() {
        return this.hexSha1OfCert;
    }
}
