package de.adorsys.psd2.validator.common;

import de.adorsys.psd2.validator.certificate.CertificateErrorMsgCode;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.Optional;
import no.difi.certvalidator.api.CertificateValidationException;
import org.apache.commons.collections4.iterators.FilterIterator;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.qualified.QCStatement;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/psd2-validator-2.0.1.jar:de/adorsys/psd2/validator/common/PSD2QCStatement.class */
public class PSD2QCStatement {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) PSD2QCStatement.class);
    private static final ASN1ObjectIdentifier idEtsiPsd2QcStatement = new ASN1ObjectIdentifier("0.4.0.19495.2");

    private PSD2QCStatement() {
    }

    public static QCStatement psd2QCStatement() {
        return new QCStatement(idEtsiPsd2QcStatement);
    }

    public static PSD2QCType psd2QCType(X509Certificate x509Certificate) throws CertificateValidationException {
        byte[] extensionValue = x509Certificate.getExtensionValue(Extension.qCStatements.getId());
        if (extensionValue != null) {
            return PSD2QCType.getInstance(readQCStatement(extensionValue).getStatementInfo());
        }
        log.debug("QCStatement not found in psd2 certificate. Missing extension with value {}", Extension.qCStatements.getId());
        throw new CertificateValidationException(CertificateErrorMsgCode.CERTIFICATE_INVALID.toString());
    }

    private static QCStatement readQCStatement(byte[] bArr) throws CertificateValidationException {
        try {
            ASN1Sequence aSN1Sequence = (ASN1Sequence) new ASN1InputStream(((DEROctetString) new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject()).getOctets()).readObject();
            if (aSN1Sequence.size() > 0) {
                return aSN1Sequence.getObjectAt(0).toASN1Primitive() instanceof ASN1ObjectIdentifier ? getSingleQcStatement(aSN1Sequence) : getEtsiPsd2QcStatement(aSN1Sequence).orElseThrow(() -> {
                    return new CertificateValidationException(CertificateErrorMsgCode.CERTIFICATE_INVALID.toString());
                });
            }
            log.debug("No ETSI PSD2 QcStatement in psd2 certificate");
            throw new CertificateValidationException(CertificateErrorMsgCode.CERTIFICATE_INVALID.toString());
        } catch (IOException e) {
            log.debug("Error reading qcstatement " + e);
            throw new CertificateValidationException(CertificateErrorMsgCode.CERTIFICATE_INVALID.toString());
        }
    }

    private static Optional<QCStatement> getEtsiPsd2QcStatement(ASN1Sequence aSN1Sequence) {
        FilterIterator filterIterator = new FilterIterator(aSN1Sequence.iterator(), aSN1Encodable -> {
            return QCStatement.getInstance(aSN1Encodable).getStatementId().getId().equals(idEtsiPsd2QcStatement.getId());
        });
        if (filterIterator.hasNext()) {
            return Optional.of(QCStatement.getInstance(filterIterator.next()));
        }
        log.debug("No ETSI PSD2 QcStatement in psd2 certificate");
        return Optional.empty();
    }

    private static QCStatement getSingleQcStatement(ASN1Sequence aSN1Sequence) throws CertificateValidationException {
        QCStatement qCStatement = QCStatement.getInstance(aSN1Sequence);
        if (idEtsiPsd2QcStatement.getId().equals(qCStatement.getStatementId().getId())) {
            return qCStatement;
        }
        log.debug("Wrong statement type in psd2 certificate. expected is {} but found {}", idEtsiPsd2QcStatement.getId(), qCStatement.getStatementId().getId());
        throw new CertificateValidationException(CertificateErrorMsgCode.CERTIFICATE_INVALID.toString());
    }
}
