package org.keycloak.crypto.elytron;

import java.io.UnsupportedEncodingException;
import java.security.Principal;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.function.Function;
import org.jboss.logging.Logger;
import org.keycloak.common.crypto.UserIdentityExtractor;
import org.keycloak.common.crypto.UserIdentityExtractorProvider;
import org.wildfly.security.asn1.DERDecoder;
import org.wildfly.security.asn1.OidsUtil;
import org.wildfly.security.x500.principal.X500AttributePrincipalDecoder;

/* loaded from: input_file:org/keycloak/crypto/elytron/ElytronUserIdentityExtractorProvider.class */
public class ElytronUserIdentityExtractorProvider extends UserIdentityExtractorProvider {
    private Logger log = Logger.getLogger(getClass());

    /* loaded from: input_file:org/keycloak/crypto/elytron/ElytronUserIdentityExtractorProvider$SubjectAltNameExtractorEltronProvider.class */
    class SubjectAltNameExtractorEltronProvider extends UserIdentityExtractorProvider.SubjectAltNameExtractor {
        private static final String UPN_OID = "1.3.6.1.4.1.311.20.2.3";
        private final int generalName;

        SubjectAltNameExtractorEltronProvider(int i) {
            super(ElytronUserIdentityExtractorProvider.this);
            this.generalName = i;
        }

        /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
        public Object extractUserIdentity(X509Certificate[] x509CertificateArr) {
            Collection<List<?>> subjectAlternativeNames;
            if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                throw new IllegalArgumentException();
            }
            String str = null;
            ElytronUserIdentityExtractorProvider.this.log.debug("SubjPrinc " + String.valueOf(x509CertificateArr[0].getSubjectX500Principal()));
            try {
                subjectAlternativeNames = x509CertificateArr[0].getSubjectAlternativeNames();
            } catch (UnsupportedEncodingException | CertificateParsingException e) {
                ElytronUserIdentityExtractorProvider.this.log.error("Failed to parse Subject Name:", e);
            }
            if (subjectAlternativeNames == null) {
                return null;
            }
            ElytronUserIdentityExtractorProvider.this.log.info(Arrays.toString(subjectAlternativeNames.toArray()));
            for (List<?> list : subjectAlternativeNames) {
                if (list != null) {
                    Integer num = (Integer) list.get(0);
                    if (num.intValue() == this.generalName) {
                        Object obj = list.get(1);
                        switch (num.intValue()) {
                            case 0:
                                DERDecoder dERDecoder = new DERDecoder((byte[]) obj);
                                dERDecoder.startSequence();
                                boolean z = false;
                                while (dERDecoder.hasNextElement() && !z) {
                                    int peekType = dERDecoder.peekType();
                                    ElytronUserIdentityExtractorProvider.this.log.debug("ASN.1 Type: " + dERDecoder.peekType());
                                    switch (peekType) {
                                        case 4:
                                            str = dERDecoder.decodeOctetStringAsString();
                                            break;
                                        case 6:
                                            String decodeObjectIdentifier = dERDecoder.decodeObjectIdentifier();
                                            ElytronUserIdentityExtractorProvider.this.log.debug("OID: " + decodeObjectIdentifier);
                                            if (UPN_OID.equals(decodeObjectIdentifier)) {
                                                dERDecoder.decodeImplicit(160);
                                                byte[] drainElementValue = dERDecoder.drainElementValue();
                                                while (!Character.isLetterOrDigit(drainElementValue[0])) {
                                                    drainElementValue = Arrays.copyOfRange(drainElementValue, 1, drainElementValue.length);
                                                }
                                                str = new String(drainElementValue, "UTF-8");
                                                z = true;
                                                break;
                                            } else {
                                                break;
                                            }
                                        case 12:
                                            str = dERDecoder.decodeUtf8String();
                                            break;
                                        case 19:
                                            str = dERDecoder.decodePrintableString();
                                            break;
                                        case 28:
                                            str = dERDecoder.decodeUniversalString();
                                            break;
                                        case 48:
                                            dERDecoder.startSequence();
                                            break;
                                        case 160:
                                            dERDecoder.startExplicit(peekType);
                                            break;
                                    }
                                    dERDecoder.skipElement();
                                }
                            case 1:
                            case 2:
                            case 4:
                            case 6:
                                str = (String) obj;
                                break;
                        }
                    }
                }
            }
            ElytronUserIdentityExtractorProvider.this.log.debug("Subject Alt Name: " + str);
            return str;
        }
    }

    /* loaded from: input_file:org/keycloak/crypto/elytron/ElytronUserIdentityExtractorProvider$X500NameRDNExtractorElytronProvider.class */
    class X500NameRDNExtractorElytronProvider extends UserIdentityExtractorProvider.X500NameRDNExtractor {
        private String x500NameStyle;
        Function<X509Certificate[], Principal> x500Name;

        public X500NameRDNExtractorElytronProvider(String str, Function<X509Certificate[], Principal> function) {
            super(ElytronUserIdentityExtractorProvider.this);
            str = str.equals("EmailAddress") ? "E" : str;
            this.x500NameStyle = OidsUtil.attributeNameToOid(OidsUtil.Category.RDN, str);
            ElytronUserIdentityExtractorProvider.this.log.debug("Attribute Name: " + str + " X500NameStyle OID: " + this.x500NameStyle);
            this.x500Name = function;
        }

        public Object extractUserIdentity(X509Certificate[] x509CertificateArr) {
            if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                throw new IllegalArgumentException();
            }
            Principal apply = this.x500Name.apply(x509CertificateArr);
            ElytronUserIdentityExtractorProvider.this.log.debug("Principal Name " + apply.getName());
            return new X500AttributePrincipalDecoder(this.x500NameStyle).apply(apply);
        }
    }

    public UserIdentityExtractor getX500NameExtractor(String str, Function<X509Certificate[], Principal> function) {
        return new X500NameRDNExtractorElytronProvider(str, function);
    }

    public UserIdentityExtractorProvider.SubjectAltNameExtractor getSubjectAltNameExtractor(int i) {
        return new SubjectAltNameExtractorEltronProvider(i);
    }
}
