package com.hivemq.security.ssl;

import com.google.common.base.Preconditions;
import com.hivemq.extension.sdk.api.annotations.NotNull;
import com.hivemq.extension.sdk.api.annotations.Nullable;
import com.hivemq.security.auth.SslClientCertificate;
import com.hivemq.security.exception.PropertyNotFoundException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;

/* loaded from: input_file:com/hivemq/security/ssl/SslClientCertificateImpl.class */
public class SslClientCertificateImpl implements SslClientCertificate {
    private final Certificate[] certificates;

    public SslClientCertificateImpl(@NotNull Certificate[] certificateArr) {
        Preconditions.checkNotNull(certificateArr, "Certificates must not be null");
        this.certificates = certificateArr;
    }

    @Override // com.hivemq.security.auth.SslClientCertificate
    public Certificate certificate() {
        return this.certificates[0];
    }

    @Override // com.hivemq.security.auth.SslClientCertificate
    public Certificate[] certificateChain() {
        return this.certificates;
    }

    @Override // com.hivemq.security.auth.SslClientCertificate
    public String commonName() {
        return certificateProperty(BCStyle.CN);
    }

    @Override // com.hivemq.security.auth.SslClientCertificate
    public String organization() {
        return certificateProperty(BCStyle.O);
    }

    @Override // com.hivemq.security.auth.SslClientCertificate
    public String organizationalUnit() {
        return certificateProperty(BCStyle.OU);
    }

    @Override // com.hivemq.security.auth.SslClientCertificate
    public String title() {
        return certificateProperty(BCStyle.T);
    }

    @Override // com.hivemq.security.auth.SslClientCertificate
    public String serial() {
        return certificateProperty(BCStyle.SN);
    }

    @Override // com.hivemq.security.auth.SslClientCertificate
    public String country() {
        return certificateProperty(BCStyle.C);
    }

    @Override // com.hivemq.security.auth.SslClientCertificate
    public String locality() {
        return certificateProperty(BCStyle.L);
    }

    @Override // com.hivemq.security.auth.SslClientCertificate
    public String state() {
        return certificateProperty(BCStyle.ST);
    }

    private String certificateProperty(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        try {
            X509Certificate x509Certificate = (X509Certificate) certificate();
            String subjectProperty = subjectProperty(aSN1ObjectIdentifier, x509Certificate);
            if (subjectProperty != null) {
                return subjectProperty;
            }
            if (aSN1ObjectIdentifier.equals(BCStyle.SN)) {
                return x509Certificate.getSerialNumber().toString();
            }
            Extension extension = new JcaX509CertificateHolder(x509Certificate).getExtension(aSN1ObjectIdentifier);
            if (extension == null) {
                return null;
            }
            return extension.getParsedValue().toString();
        } catch (Exception e) {
            throw new PropertyNotFoundException("Not able to get property from certificate", e);
        }
    }

    @Nullable
    private String subjectProperty(ASN1ObjectIdentifier aSN1ObjectIdentifier, X509Certificate x509Certificate) throws CertificateEncodingException {
        RDN[] rDNs = new JcaX509CertificateHolder(x509Certificate).getSubject().getRDNs(aSN1ObjectIdentifier);
        if (rDNs.length < 1) {
            return null;
        }
        return IETFUtils.valueToString(rDNs[0].getFirst().getValue());
    }
}
