package org.keycloak.crypto.def;

import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Optional;
import java.util.function.Function;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.jboss.logging.Logger;
import org.keycloak.common.crypto.UserIdentityExtractor;
import org.keycloak.common.crypto.UserIdentityExtractorProvider;

/* loaded from: input_file:org/keycloak/crypto/def/BCUserIdentityExtractorProvider.class */
public class BCUserIdentityExtractorProvider extends UserIdentityExtractorProvider {
    private static final Logger logger = Logger.getLogger(BCUserIdentityExtractorProvider.class.getName());

    /* loaded from: input_file:org/keycloak/crypto/def/BCUserIdentityExtractorProvider$SubjectAltNameExtractorBCProvider.class */
    class SubjectAltNameExtractorBCProvider extends UserIdentityExtractorProvider.SubjectAltNameExtractor {
        private static final String UPN_OID = "1.3.6.1.4.1.311.20.2.3";
        private final int generalName;

        SubjectAltNameExtractorBCProvider(int i) {
            super(BCUserIdentityExtractorProvider.this);
            this.generalName = i;
        }

        /* JADX WARN: Code restructure failed: missing block: B:46:0x013c, code lost:
        
            continue;
         */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public java.lang.Object extractUserIdentity(java.security.cert.X509Certificate[] r7) {
            /*
                Method dump skipped, instructions count: 350
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: org.keycloak.crypto.def.BCUserIdentityExtractorProvider.SubjectAltNameExtractorBCProvider.extractUserIdentity(java.security.cert.X509Certificate[]):java.lang.Object");
        }

        private ASN1Encodable unwrap(ASN1Encodable aSN1Encodable) {
            while (aSN1Encodable instanceof ASN1TaggedObject) {
                aSN1Encodable = ASN1TaggedObject.getInstance(aSN1Encodable, 128).getBaseObject().toASN1Primitive();
            }
            return aSN1Encodable;
        }
    }

    /* loaded from: input_file:org/keycloak/crypto/def/BCUserIdentityExtractorProvider$X500NameRDNExtractorBCProvider.class */
    class X500NameRDNExtractorBCProvider extends UserIdentityExtractorProvider.X500NameRDNExtractor {
        private ASN1ObjectIdentifier x500NameStyle;
        Function<X509Certificate[], Principal> x500Name;

        public X500NameRDNExtractorBCProvider(String str, Function<X509Certificate[], Principal> function) {
            super(BCUserIdentityExtractorProvider.this);
            this.x500NameStyle = BCStyle.INSTANCE.attrNameToOID(str);
            this.x500Name = function;
        }

        public Object extractUserIdentity(X509Certificate[] x509CertificateArr) {
            RDN[] rDNs;
            if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                throw new IllegalArgumentException();
            }
            X500Name x500Name = new X500Name(this.x500Name.apply(x509CertificateArr).getName());
            if (x500Name == null || (rDNs = x500Name.getRDNs(this.x500NameStyle)) == null || rDNs.length <= 0) {
                return null;
            }
            RDN rdn = rDNs[0];
            if (!rdn.isMultiValued()) {
                return IETFUtils.valueToString(rdn.getFirst().getValue());
            }
            Optional findFirst = Arrays.stream(rdn.getTypesAndValues()).filter(attributeTypeAndValue -> {
                return attributeTypeAndValue.getType().getId().equals(this.x500NameStyle.getId());
            }).findFirst();
            if (findFirst.isPresent()) {
                return IETFUtils.valueToString(((AttributeTypeAndValue) findFirst.get()).getValue());
            }
            return null;
        }
    }

    public UserIdentityExtractor getX500NameExtractor(String str, Function<X509Certificate[], Principal> function) {
        return new X500NameRDNExtractorBCProvider(str, function);
    }

    public UserIdentityExtractorProvider.SubjectAltNameExtractor getSubjectAltNameExtractor(int i) {
        return new SubjectAltNameExtractorBCProvider(i);
    }
}
