package org.jruby.ext.openssl;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import org.asciidoctor.Attributes;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERBoolean;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.fusesource.jansi.AnsiRenderer;
import org.jruby.Ruby;
import org.jruby.RubyArray;
import org.jruby.RubyClass;
import org.jruby.RubyModule;
import org.jruby.RubyNumeric;
import org.jruby.RubyObject;
import org.jruby.RubyString;
import org.jruby.anno.JRubyMethod;
import org.jruby.exceptions.RaiseException;
import org.jruby.ext.openssl.ASN1;
import org.jruby.ext.openssl.impl.ASN1Registry;
import org.jruby.runtime.Arity;
import org.jruby.runtime.Block;
import org.jruby.runtime.ObjectAllocator;
import org.jruby.runtime.ThreadContext;
import org.jruby.runtime.builtin.IRubyObject;
import org.jruby.util.ByteList;

/* loaded from: input_file:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/X509Extensions.class */
public class X509Extensions {

    /* loaded from: input_file:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/X509Extensions$Extension.class */
    public static class Extension extends RubyObject {
        private static final long serialVersionUID = -1160318458085651926L;
        public static ObjectAllocator ALLOCATOR = new ObjectAllocator() { // from class: org.jruby.ext.openssl.X509Extensions.Extension.1
            @Override // org.jruby.runtime.ObjectAllocator
            public IRubyObject allocate(Ruby ruby, RubyClass rubyClass) {
                return new Extension(ruby, rubyClass);
            }
        };
        private ASN1ObjectIdentifier oid;
        private Object value;
        private boolean critical;

        public Extension(Ruby ruby, RubyClass rubyClass) {
            super(ruby, rubyClass);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void setRealOid(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
            this.oid = aSN1ObjectIdentifier;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void setRealValue(Object obj) {
            this.value = obj;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void setRealCritical(boolean z) {
            this.critical = z;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ASN1ObjectIdentifier getRealOid() {
            return this.oid;
        }

        Object getRealValue() {
            return this.value;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public byte[] getRealValueBytes() throws IOException {
            return this.value instanceof RubyString ? ((RubyString) this.value).convertToString().getBytes() : this.value instanceof String ? ByteList.plain((String) this.value) : this.value instanceof DEROctetString ? ((DEROctetString) this.value).getOctets() : this.value instanceof ASN1Encodable ? ((ASN1Encodable) this.value).toASN1Primitive().getEncoded(ASN1Encoding.DER) : ((ASN1.ASN1Data) this.value).toASN1().toASN1Primitive().getEncoded(ASN1Encoding.DER);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean getRealCritical() {
            return this.critical;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ASN1ObjectIdentifier getObjectIdentifier(String str) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = ASN1.getOIDLookup(getRuntime()).get(str.toLowerCase());
            return null != aSN1ObjectIdentifier ? aSN1ObjectIdentifier : new ASN1ObjectIdentifier(str);
        }

        @JRubyMethod(name = {"initialize"}, rest = true)
        public IRubyObject _initialize(IRubyObject[] iRubyObjectArr) {
            byte[] bArr = null;
            if (iRubyObjectArr.length == 1) {
                try {
                    ASN1Sequence aSN1Sequence = (ASN1Sequence) new ASN1InputStream(OpenSSLImpl.to_der_if_possible(iRubyObjectArr[0]).convertToString().getBytes()).readObject();
                    setRealOid((ASN1ObjectIdentifier) aSN1Sequence.getObjectAt(0));
                    setRealCritical(((DERBoolean) aSN1Sequence.getObjectAt(1)).isTrue());
                    bArr = ((DEROctetString) aSN1Sequence.getObjectAt(2)).getOctets();
                } catch (IOException e) {
                    throw X509Extensions.newX509ExtError(getRuntime(), e.getMessage());
                }
            } else if (iRubyObjectArr.length > 1) {
                setRealOid(getObjectIdentifier(iRubyObjectArr[0].toString()));
                setRealValue(iRubyObjectArr[1]);
            }
            if (iRubyObjectArr.length > 2) {
                setRealCritical(iRubyObjectArr[2].isTrue());
            }
            if (iRubyObjectArr.length > 0 && bArr != null) {
                setRealValue(new String(ByteList.plain(bArr)));
            }
            return this;
        }

        @JRubyMethod(name = {"oid="})
        public IRubyObject set_oid(IRubyObject iRubyObject) {
            System.err.println("WARNING: calling ext#oid=");
            return getRuntime().getNil();
        }

        @JRubyMethod(name = {"value="})
        public IRubyObject set_value(IRubyObject iRubyObject) {
            System.err.println("WARNING: calling ext#value=");
            return getRuntime().getNil();
        }

        @JRubyMethod(name = {"critical="})
        public IRubyObject set_critical(IRubyObject iRubyObject) {
            System.err.println("WARNING: calling ext#critical=");
            return getRuntime().getNil();
        }

        @JRubyMethod
        public IRubyObject oid() {
            String str = ASN1.getSymLookup(getRuntime()).get(this.oid);
            if (null == str) {
                str = this.oid.toString();
            }
            return getRuntime().newString(str);
        }

        @JRubyMethod
        public IRubyObject value() {
            Ruby runtime = getRuntime();
            try {
            } catch (IOException e) {
                throw X509Extensions.newX509ExtError(runtime, e.getMessage());
            }
            if (getRealOid().equals(new ASN1ObjectIdentifier(ASN1Registry.OBJ_basic_constraints))) {
                ASN1Sequence aSN1Sequence = (ASN1Sequence) new ASN1InputStream(getRealValueBytes()).readObject();
                String str = Attributes.IMAGE_ICONS;
                String str2 = Attributes.IMAGE_ICONS;
                if (aSN1Sequence.size() > 0) {
                    str = "CA:" + (((DERBoolean) aSN1Sequence.getObjectAt(0)).isTrue() ? "TRUE" : "FALSE");
                }
                if (aSN1Sequence.size() > 1) {
                    str2 = ", pathlen:" + aSN1Sequence.getObjectAt(1).toString();
                }
                return runtime.newString(str + str2);
            }
            if (getRealOid().equals(new ASN1ObjectIdentifier(ASN1Registry.OBJ_key_usage))) {
                byte[] realValueBytes = getRealValueBytes();
                byte[] bArr = new byte[realValueBytes.length - 2];
                System.arraycopy(realValueBytes, 2, bArr, 0, bArr.length);
                byte b = bArr[0];
                byte b2 = bArr.length > 1 ? bArr[1] : (byte) 0;
                StringBuilder sb = new StringBuilder();
                String str3 = Attributes.IMAGE_ICONS;
                if ((b & Byte.MIN_VALUE) != 0) {
                    sb.append(str3).append("Decipher Only");
                    str3 = ", ";
                }
                if ((b2 & Byte.MIN_VALUE) != 0) {
                    sb.append(str3).append("Digital Signature");
                    str3 = ", ";
                }
                if ((b2 & 64) != 0) {
                    sb.append(str3).append("Non Repudiation");
                    str3 = ", ";
                }
                if ((b2 & 32) != 0) {
                    sb.append(str3).append("Key Encipherment");
                    str3 = ", ";
                }
                if ((b2 & 16) != 0) {
                    sb.append(str3).append("Data Encipherment");
                    str3 = ", ";
                }
                if ((b2 & 8) != 0) {
                    sb.append(str3).append("Key Agreement");
                    str3 = ", ";
                }
                if ((b2 & 4) != 0) {
                    sb.append(str3).append("Certificate Sign");
                    str3 = ", ";
                }
                if ((b2 & 2) != 0) {
                    sb.append(str3).append("CRL Sign");
                    str3 = ", ";
                }
                if ((b2 & 1) != 0) {
                    sb.append(str3).append("Encipher Only");
                }
                return runtime.newString(sb.toString());
            }
            if (getRealOid().equals(new ASN1ObjectIdentifier(ASN1Registry.OBJ_netscape_cert_type))) {
                byte b3 = getRealValueBytes()[0];
                StringBuilder sb2 = new StringBuilder();
                String str4 = Attributes.IMAGE_ICONS;
                if ((b3 & Byte.MIN_VALUE) != 0) {
                    sb2.append(str4).append("SSL Client");
                    str4 = ", ";
                }
                if ((b3 & 64) != 0) {
                    sb2.append(str4).append("SSL Servern");
                    str4 = ", ";
                }
                if ((b3 & 32) != 0) {
                    sb2.append(str4).append(ASN1Registry.LN_SMIME);
                    str4 = ", ";
                }
                if ((b3 & 16) != 0) {
                    sb2.append(str4).append("Object Signing");
                    str4 = ", ";
                }
                if ((b3 & 8) != 0) {
                    sb2.append(str4).append("Unused");
                    str4 = ", ";
                }
                if ((b3 & 4) != 0) {
                    sb2.append(str4).append("SSL CA");
                    str4 = ", ";
                }
                if ((b3 & 2) != 0) {
                    sb2.append(str4).append("S/MIME CA");
                    str4 = ", ";
                }
                if ((b3 & 1) != 0) {
                    sb2.append(str4).append("Object Signing CA");
                }
                return runtime.newString(sb2.toString());
            }
            if (getRealOid().equals(new ASN1ObjectIdentifier(ASN1Registry.OBJ_subject_key_identifier))) {
                byte[] realValueBytes2 = getRealValueBytes();
                byte[] bArr2 = new byte[realValueBytes2.length - 2];
                System.arraycopy(realValueBytes2, 2, bArr2, 0, bArr2.length);
                return runtime.newString(Utils.toHex(bArr2, ':'));
            }
            if (getRealOid().equals(new ASN1ObjectIdentifier(ASN1Registry.OBJ_authority_key_identifier))) {
                ASN1Sequence aSN1Sequence2 = (ASN1Sequence) new ASN1InputStream(getRealValueBytes()).readObject();
                StringBuilder sb3 = new StringBuilder();
                if (aSN1Sequence2.size() > 0) {
                    sb3.append("keyid:");
                    ASN1Primitive aSN1Primitive = aSN1Sequence2.getObjectAt(0).toASN1Primitive();
                    if (aSN1Primitive instanceof DEROctetString) {
                        sb3.append(Utils.toHex(((DEROctetString) aSN1Primitive).getOctets(), ':'));
                    } else {
                        sb3.append(Utils.toHex(aSN1Primitive.getEncoded(ASN1Encoding.DER), ':'));
                    }
                }
                return runtime.newString(sb3.toString());
            }
            if (getRealOid().equals(new ASN1ObjectIdentifier(ASN1Registry.OBJ_crl_reason))) {
                switch (RubyNumeric.fix2int(((IRubyObject) this.value).callMethod(runtime.getCurrentContext(), "value"))) {
                    case 0:
                        return runtime.newString("Unspecified");
                    case 1:
                        return runtime.newString("Key Compromise");
                    case 2:
                        return runtime.newString("CA Compromise");
                    case 3:
                        return runtime.newString("Affiliation Changed");
                    case 4:
                        return runtime.newString("Superseded");
                    case 5:
                        return runtime.newString("Cessation Of Operation");
                    case 6:
                        return runtime.newString("Certificate Hold");
                    case 7:
                    default:
                        return runtime.newString("Unspecified");
                    case 8:
                        return runtime.newString("Remove From CRL");
                    case 9:
                        return runtime.newString("Privilege Withdrawn");
                }
            }
            if (!getRealOid().equals(new ASN1ObjectIdentifier(ASN1Registry.OBJ_subject_alt_name))) {
                try {
                    return ASN1.decode(runtime.getClassFromPath("OpenSSL::ASN1"), RubyString.newString(runtime, getRealValueBytes())).callMethod(runtime.getCurrentContext(), "value").callMethod(runtime.getCurrentContext(), "to_s");
                } catch (Exception e2) {
                    return runtime.newString(getRealValue().toString());
                }
            }
            try {
                ASN1Primitive readObject = new ASN1InputStream(getRealValueBytes()).readObject();
                GeneralName[] names = readObject instanceof ASN1TaggedObject ? new GeneralName[]{GeneralName.getInstance(readObject)} : GeneralNames.getInstance(readObject).getNames();
                StringBuilder sb4 = new StringBuilder();
                String str5 = Attributes.IMAGE_ICONS;
                for (int i = 0; i < names.length; i++) {
                    sb4.append(str5);
                    if (names[i].getTagNo() == 2) {
                        sb4.append("DNS:");
                        sb4.append(((ASN1String) names[i].getName()).getString());
                    } else if (names[i].getTagNo() == 7) {
                        sb4.append("IP Address:");
                        byte[] octets = ((DEROctetString) names[i].getName()).getOctets();
                        String str6 = Attributes.IMAGE_ICONS;
                        for (byte b4 : octets) {
                            sb4.append(str6);
                            sb4.append(b4 & 255);
                            str6 = ".";
                        }
                    } else {
                        sb4.append(names[i].toString());
                    }
                    str5 = ", ";
                }
                return runtime.newString(sb4.toString());
            } catch (Exception e3) {
                return runtime.newString(getRealValue().toString());
            }
            throw X509Extensions.newX509ExtError(runtime, e.getMessage());
        }

        @JRubyMethod(name = {"critical?"})
        public IRubyObject critical_p() {
            return this.critical ? getRuntime().getTrue() : getRuntime().getFalse();
        }

        @JRubyMethod
        public IRubyObject to_der() {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            try {
                aSN1EncodableVector.add(getRealOid());
                aSN1EncodableVector.add(getRealCritical() ? DERBoolean.TRUE : DERBoolean.FALSE);
                aSN1EncodableVector.add(new DEROctetString(getRealValueBytes()));
                return RubyString.newString(getRuntime(), new DLSequence(aSN1EncodableVector).getEncoded(ASN1Encoding.DER));
            } catch (IOException e) {
                throw X509Extensions.newX509ExtError(getRuntime(), e.getMessage());
            }
        }
    }

    /* loaded from: input_file:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/X509Extensions$ExtensionFactory.class */
    public static class ExtensionFactory extends RubyObject {
        private static final long serialVersionUID = 3180447029639456500L;
        public static ObjectAllocator ALLOCATOR = new ObjectAllocator() { // from class: org.jruby.ext.openssl.X509Extensions.ExtensionFactory.1
            @Override // org.jruby.runtime.ObjectAllocator
            public IRubyObject allocate(Ruby ruby, RubyClass rubyClass) {
                return new ExtensionFactory(ruby, rubyClass);
            }
        };

        public ExtensionFactory(Ruby ruby, RubyClass rubyClass) {
            super(ruby, rubyClass);
        }

        @JRubyMethod(rest = true, frame = true)
        public IRubyObject initialize(IRubyObject[] iRubyObjectArr, Block block) {
            Arity.checkArgumentCount(getRuntime(), iRubyObjectArr, 0, 4);
            if (iRubyObjectArr.length > 0 && !iRubyObjectArr[0].isNil()) {
                set_issuer_cert(iRubyObjectArr[0]);
            }
            if (iRubyObjectArr.length > 1 && !iRubyObjectArr[1].isNil()) {
                set_subject_cert(iRubyObjectArr[1]);
            }
            if (iRubyObjectArr.length > 2 && !iRubyObjectArr[2].isNil()) {
                set_subject_req(iRubyObjectArr[2]);
            }
            if (iRubyObjectArr.length > 3 && !iRubyObjectArr[3].isNil()) {
                set_crl(iRubyObjectArr[3]);
            }
            return this;
        }

        @JRubyMethod(name = {"issuer_certificate="})
        public IRubyObject set_issuer_cert(IRubyObject iRubyObject) {
            setInstanceVariable("@issuer_certificate", iRubyObject);
            return iRubyObject;
        }

        @JRubyMethod(name = {"subject_certificate="})
        public IRubyObject set_subject_cert(IRubyObject iRubyObject) {
            setInstanceVariable("@subject_certificate", iRubyObject);
            return iRubyObject;
        }

        @JRubyMethod(name = {"subject_request="})
        public IRubyObject set_subject_req(IRubyObject iRubyObject) {
            setInstanceVariable("@subject_request", iRubyObject);
            return iRubyObject;
        }

        @JRubyMethod(name = {"crl="})
        public IRubyObject set_crl(IRubyObject iRubyObject) {
            setInstanceVariable("@crl", iRubyObject);
            return iRubyObject;
        }

        @JRubyMethod(name = {"config="})
        public IRubyObject set_config(IRubyObject iRubyObject) {
            setInstanceVariable("@config", iRubyObject);
            return iRubyObject;
        }

        private ASN1ObjectIdentifier getObjectIdentifier(String str) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = ASN1.getOIDLookup(getRuntime()).get(str.toLowerCase());
            return null != aSN1ObjectIdentifier ? aSN1ObjectIdentifier : new ASN1ObjectIdentifier(str);
        }

        private static boolean isHexDigit(char c) {
            return ('0' <= c && c <= '9') || ('A' <= c && c <= 'F') || ('a' <= c && c <= 'f');
        }

        private boolean isHexString(String str) {
            for (int i = 0; i < str.length(); i++) {
                if (!isHexDigit(str.charAt(i))) {
                    return false;
                }
            }
            return true;
        }

        @JRubyMethod(rest = true)
        public IRubyObject create_ext(IRubyObject[] iRubyObjectArr) {
            IRubyObject iRubyObject = getRuntime().getFalse();
            if (Arity.checkArgumentCount(getRuntime(), iRubyObjectArr, 2, 3) == 3 && !iRubyObjectArr[2].isNil()) {
                iRubyObject = iRubyObjectArr[2];
            }
            String obj = iRubyObjectArr[0].toString();
            String obj2 = iRubyObjectArr[1].toString();
            try {
                ASN1ObjectIdentifier objectIdentifier = getObjectIdentifier(obj);
                Extension extension = (Extension) Utils.newRubyInstance(getRuntime(), "OpenSSL::X509::Extension");
                if (obj2.startsWith("critical,")) {
                    iRubyObject = getRuntime().getTrue();
                    obj2 = obj2.substring(9).trim();
                }
                try {
                    Object str = objectIdentifier.equals(new ASN1ObjectIdentifier(ASN1Registry.OBJ_subject_key_identifier)) ? new String(ByteList.plain(parseSubjectKeyIdentifier(obj, obj2).getEncoded(ASN1Encoding.DER))) : objectIdentifier.equals(new ASN1ObjectIdentifier(ASN1Registry.OBJ_authority_key_identifier)) ? new String(ByteList.plain(parseAuthorityKeyIdentifier(obj2).getEncoded(ASN1Encoding.DER))) : objectIdentifier.equals(new ASN1ObjectIdentifier(ASN1Registry.OBJ_issuer_alt_name)) ? parseIssuerAltName(obj2) : objectIdentifier.equals(new ASN1ObjectIdentifier(ASN1Registry.OBJ_basic_constraints)) ? new String(ByteList.plain(parseBasicConstrains(obj2).getEncoded(ASN1Encoding.DER))) : objectIdentifier.equals(new ASN1ObjectIdentifier(ASN1Registry.OBJ_key_usage)) ? new String(ByteList.plain(parseKeyUsage(obj, obj2).getEncoded(ASN1Encoding.DER))) : objectIdentifier.equals(new ASN1ObjectIdentifier(ASN1Registry.OBJ_netscape_cert_type)) ? parseNsCertType(obj, obj2) : objectIdentifier.equals(new ASN1ObjectIdentifier(ASN1Registry.OBJ_subject_alt_name)) ? parseSubjectAltName(obj2) : objectIdentifier.equals(new ASN1ObjectIdentifier(ASN1Registry.OBJ_ext_key_usage)) ? parseExtendedKeyUsage(obj2) : new DEROctetString(new DEROctetString(ByteList.plain(obj2)).getEncoded(ASN1Encoding.DER));
                    extension.setRealOid(objectIdentifier);
                    extension.setRealValue(str);
                    extension.setRealCritical(iRubyObject.isTrue());
                    return extension;
                } catch (IOException e) {
                    throw X509Extensions.newX509ExtError(getRuntime(), "Unable to create extension: " + e.getMessage());
                }
            } catch (IllegalArgumentException e2) {
                throw X509Extensions.newX509ExtError(getRuntime(), "unknown OID `" + obj + "'");
            }
        }

        private DERBitString parseKeyUsage(String str, String str2) {
            byte[] bArr = null;
            try {
                String[] split = str2.split(":");
                if (split != null) {
                    bArr = new byte[split.length];
                    for (int i = 0; i < split.length; i++) {
                        bArr[i] = (byte) Integer.parseInt(split[i], 16);
                    }
                }
            } catch (Exception e) {
                bArr = null;
            }
            if (null == bArr && str2.length() < 3) {
                bArr = ByteList.plain(str2);
            }
            if (bArr == null) {
                byte b = 0;
                byte b2 = 0;
                String[] split2 = str2.split(AnsiRenderer.CODE_LIST_SEPARATOR);
                for (int i2 = 0; i2 < split2.length; i2++) {
                    split2[i2] = split2[i2].trim();
                }
                for (int i3 = 0; i3 < split2.length; i3++) {
                    if ("decipherOnly".equals(split2[i3].trim()) || "Decipher Only".equals(split2[i3].trim())) {
                        b2 = (byte) (b2 | Byte.MIN_VALUE);
                    } else if ("digitalSignature".equals(split2[i3].trim()) || "Digital Signature".equals(split2[i3].trim())) {
                        b = (byte) (b | Byte.MIN_VALUE);
                    } else if ("nonRepudiation".equals(split2[i3].trim()) || "Non Repudiation".equals(split2[i3].trim())) {
                        b = (byte) (b | 64);
                    } else if ("keyEncipherment".equals(split2[i3].trim()) || "Key Encipherment".equals(split2[i3].trim())) {
                        b = (byte) (b | 32);
                    } else if ("dataEncipherment".equals(split2[i3].trim()) || "Data Encipherment".equals(split2[i3].trim())) {
                        b = (byte) (b | 16);
                    } else if ("keyAgreement".equals(split2[i3].trim()) || "Key Agreement".equals(split2[i3].trim())) {
                        b = (byte) (b | 8);
                    } else if ("keyCertSign".equals(split2[i3].trim()) || "Key Cert Sign".equals(split2[i3].trim())) {
                        b = (byte) (b | 4);
                    } else if ("cRLSign".equals(split2[i3].trim())) {
                        b = (byte) (b | 2);
                    } else {
                        if (!"encipherOnly".equals(split2[i3].trim()) && !"Encipher Only".equals(split2[i3].trim())) {
                            throw X509Extensions.newX509ExtError(getRuntime(), str + " = " + str2 + ": unknown bit string argument");
                        }
                        b = (byte) (b | 1);
                    }
                }
                bArr = b2 != 0 ? new byte[]{b, b2} : new byte[]{b};
            }
            int i4 = 0;
            int length = bArr.length - 1;
            while (true) {
                if (length <= -1) {
                    break;
                }
                if (bArr[length] == 0) {
                    i4 += 8;
                    length--;
                } else {
                    byte b3 = bArr[length];
                    int i5 = 8;
                    while (b3 != 0) {
                        b3 = (byte) (b3 << 1);
                        i5--;
                    }
                    i4 += i5;
                }
            }
            return new DERBitString(bArr, i4);
        }

        private DERBitString parseNsCertType(String str, String str2) {
            byte b;
            byte b2;
            int i;
            byte b3 = 0;
            if (str2.length() < 3) {
                b3 = ByteList.plain(str2)[0];
            } else {
                String[] split = str2.split(AnsiRenderer.CODE_LIST_SEPARATOR);
                for (int i2 = 0; i2 < split.length; i2++) {
                    split[i2] = split[i2].trim();
                }
                for (int i3 = 0; i3 < split.length; i3++) {
                    if ("SSL Client".equals(split[i3]) || "client".equals(split[i3])) {
                        b = b3;
                        b2 = Byte.MIN_VALUE;
                    } else if ("SSL Server".equals(split[i3]) || "server".equals(split[i3])) {
                        b = b3;
                        b2 = 64;
                    } else if (ASN1Registry.LN_SMIME.equals(split[i3]) || "email".equals(split[i3])) {
                        b = b3;
                        b2 = 32;
                    } else if ("Object Signing".equals(split[i3]) || "objsign".equals(split[i3])) {
                        b = b3;
                        b2 = 16;
                    } else if ("Unused".equals(split[i3]) || "reserved".equals(split[i3])) {
                        b = b3;
                        b2 = 8;
                    } else if ("SSL CA".equals(split[i3]) || "sslCA".equals(split[i3])) {
                        b = b3;
                        b2 = 4;
                    } else if ("S/MIME CA".equals(split[i3]) || "emailCA".equals(split[i3])) {
                        b = b3;
                        b2 = 2;
                    } else {
                        if (!"Object Signing CA".equals(split[i3]) && !"objCA".equals(split[i3])) {
                            throw X509Extensions.newX509ExtError(getRuntime(), str + " = " + str2 + ": unknown bit string argument");
                        }
                        b = b3;
                        b2 = 1;
                    }
                    b3 = (byte) (b | b2);
                }
            }
            if (b3 == 0) {
                i = 0 + 8;
            } else {
                byte b4 = b3;
                int i4 = 8;
                while (b4 != 0) {
                    b4 = (byte) (b4 << 1);
                    i4--;
                }
                i = 0 + i4;
            }
            return new DERBitString(new byte[]{b3}, i);
        }

        private DLSequence parseBasicConstrains(String str) {
            String[] split = str.split(AnsiRenderer.CODE_LIST_SEPARATOR);
            for (int i = 0; i < split.length; i++) {
                split[i] = split[i].trim();
            }
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            for (int i2 = 0; i2 < split.length; i2++) {
                if (split[i2].length() > 3 && split[i2].substring(0, 3).equalsIgnoreCase("CA:")) {
                    aSN1EncodableVector.add(new DERBoolean("TRUE".equalsIgnoreCase(split[i2].substring(3).trim())));
                }
            }
            for (int i3 = 0; i3 < split.length; i3++) {
                if (split[i3].length() > 8 && split[i3].substring(0, 8).equalsIgnoreCase("pathlen:")) {
                    aSN1EncodableVector.add(new ASN1Integer(Integer.parseInt(split[i3].substring(8).trim())));
                }
            }
            return new DLSequence(aSN1EncodableVector);
        }

        private DLSequence parseAuthorityKeyIdentifier(String str) {
            ThreadContext currentContext = getRuntime().getCurrentContext();
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            if (str.startsWith("keyid:always")) {
                IRubyObject callMethod = getInstanceVariable("@issuer_certificate").callMethod(currentContext, "public_key");
                aSN1EncodableVector.add(new DEROctetString(X509Extensions.getSHA1Digest(getRuntime(), (callMethod instanceof PKeyRSA ? callMethod.callMethod(currentContext, "to_der") : ASN1.decode(getRuntime().getClassFromPath("OpenSSL::ASN1"), callMethod.callMethod(currentContext, "to_der")).callMethod(currentContext, "value").callMethod(currentContext, "[]", getRuntime().newFixnum(1)).callMethod(currentContext, "value")).convertToString().getBytes())));
            } else if (str.startsWith("keyid")) {
                IRubyObject callMethod2 = getInstanceVariable("@issuer_certificate").callMethod(currentContext, "public_key");
                aSN1EncodableVector.add(new DEROctetString(X509Extensions.getSHA1Digest(getRuntime(), (callMethod2 instanceof PKeyRSA ? callMethod2.callMethod(currentContext, "to_der") : ASN1.decode(getRuntime().getClassFromPath("OpenSSL::ASN1"), callMethod2.callMethod(currentContext, "to_der")).callMethod(currentContext, "value").callMethod(currentContext, "[]", getRuntime().newFixnum(1)).callMethod(currentContext, "value")).convertToString().getBytes())));
            }
            return new DLSequence(aSN1EncodableVector);
        }

        private Object parseIssuerAltName(String str) throws IOException {
            ThreadContext currentContext = getRuntime().getCurrentContext();
            if (str.startsWith("issuer:copy")) {
                for (IRubyObject iRubyObject : ((RubyArray) getInstanceVariable("@issuer_certificate").callMethod(currentContext, "extensions")).toJavaArray()) {
                    Extension extension = (Extension) iRubyObject;
                    if (extension.getRealOid().equals(new ASN1ObjectIdentifier(ASN1Registry.OBJ_subject_alt_name))) {
                        return extension.getRealValue();
                    }
                }
            }
            throw new IOException("Malformed IssuerAltName: " + str);
        }

        private String parseSubjectAltName(String str) throws IOException {
            if (str.startsWith("DNS:")) {
                return new String(ByteList.plain(new GeneralNames(new GeneralName(2, new DERIA5String(str.substring(4)))).getEncoded(ASN1Encoding.DER)));
            }
            if (str.startsWith("IP:")) {
                String[] split = str.substring(3).split("\\.");
                return new String(ByteList.plain(new GeneralNames(new GeneralName(7, new DEROctetString(new byte[]{(byte) (Integer.parseInt(split[0]) & 255), (byte) (Integer.parseInt(split[1]) & 255), (byte) (Integer.parseInt(split[2]) & 255), (byte) (Integer.parseInt(split[3]) & 255)}))).getEncoded(ASN1Encoding.DER)));
            }
            if (!str.startsWith("IP Address:")) {
                return str;
            }
            String[] split2 = str.substring(11).split("\\.");
            return new String(ByteList.plain(new GeneralNames(new GeneralName(7, new DEROctetString(new byte[]{(byte) (Integer.parseInt(split2[0]) & 255), (byte) (Integer.parseInt(split2[1]) & 255), (byte) (Integer.parseInt(split2[2]) & 255), (byte) (Integer.parseInt(split2[3]) & 255)}))).getEncoded(ASN1Encoding.DER)));
        }

        private DEROctetString parseSubjectKeyIdentifier(String str, String str2) {
            ThreadContext currentContext = getRuntime().getCurrentContext();
            if ("hash".equalsIgnoreCase(str2)) {
                IRubyObject callMethod = getInstanceVariable("@subject_certificate").callMethod(currentContext, "public_key");
                return new DEROctetString(X509Extensions.getSHA1Digest(getRuntime(), (callMethod instanceof PKeyRSA ? callMethod.callMethod(currentContext, "to_der") : ASN1.decode(getRuntime().getClassFromPath("OpenSSL::ASN1"), callMethod.callMethod(currentContext, "to_der")).callMethod(currentContext, "value").callMethod(currentContext, "[]", getRuntime().newFixnum(1)).callMethod(currentContext, "value")).convertToString().getBytes()));
            }
            if (str2.length() == 20 || !isHexString(str2)) {
                return new DEROctetString(ByteList.plain(str2));
            }
            StringBuilder sb = new StringBuilder();
            int i = 0;
            while (i < str2.length()) {
                if (i + 1 >= str2.length()) {
                    throw X509Extensions.newX509ExtError(getRuntime(), str + " = " + str2 + ": odd number of digits");
                }
                char charAt = str2.charAt(i);
                char charAt2 = str2.charAt(i + 1);
                if (!isHexDigit(charAt) || !isHexDigit(charAt2)) {
                    throw X509Extensions.newX509ExtError(getRuntime(), str + " = " + str2 + ": illegal hex digit");
                }
                sb.append(Character.toUpperCase(charAt)).append(Character.toUpperCase(charAt2));
                while (i + 2 < str2.length() && str2.charAt(i + 2) == ':') {
                    i++;
                }
                i += 2;
            }
            String sb2 = sb.toString();
            byte[] bArr = new byte[sb2.length() / 2];
            for (int i2 = 0; i2 < sb2.length(); i2 += 2) {
                bArr[i2 / 2] = (byte) Integer.parseInt(sb2.substring(i2, i2 + 2), 16);
            }
            return new DEROctetString(bArr);
        }

        private DLSequence parseExtendedKeyUsage(String str) {
            String[] split = str.split(", ?");
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            for (String str2 : split) {
                aSN1EncodableVector.add(ASN1Registry.sym2oid(str2));
            }
            return new DLSequence(aSN1EncodableVector);
        }
    }

    public static void createX509Ext(Ruby ruby, RubyModule rubyModule) {
        RubyClass defineClassUnder = rubyModule.defineClassUnder("ExtensionFactory", ruby.getObject(), ExtensionFactory.ALLOCATOR);
        RubyClass rubyClass = ruby.getModule("OpenSSL").getClass("OpenSSLError");
        rubyModule.defineClassUnder("ExtensionError", rubyClass, rubyClass.getAllocator());
        defineClassUnder.attr_reader(ruby.getCurrentContext(), new IRubyObject[]{ruby.newString("issuer_certificate"), ruby.newString("subject_certificate"), ruby.newString("subject_request"), ruby.newString("crl"), ruby.newString("config")});
        defineClassUnder.defineAnnotatedMethods(ExtensionFactory.class);
        rubyModule.defineClassUnder("Extension", ruby.getObject(), Extension.ALLOCATOR).defineAnnotatedMethods(Extension.class);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static byte[] getSHA1Digest(Ruby ruby, byte[] bArr) {
        try {
            return MessageDigest.getInstance("SHA-1").digest(bArr);
        } catch (GeneralSecurityException e) {
            throw newX509ExtError(ruby, e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static RaiseException newX509ExtError(Ruby ruby, String str) {
        return Utils.newError(ruby, "OpenSSL::X509::ExtensionError", str);
    }
}
