package org.snmp4j.transport.tls;

import java.security.Principal;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.snmp4j.log.LogAdapter;
import org.snmp4j.log.LogFactory;
import org.snmp4j.smi.Address;
import org.snmp4j.smi.OctetString;
import org.snmp4j.transport.tls.SecurityNameMapping;

/* loaded from: input_file:org/snmp4j/transport/tls/DefaultTlsTmSecurityCallback.class */
public class DefaultTlsTmSecurityCallback implements TlsTmSecurityCallback<X509Certificate> {
    private LogAdapter LOGGER = LogFactory.getLogger(DefaultTlsTmSecurityCallback.class);
    private Map<SecurityNameMapping, OctetString> securityNameMapping = new HashMap();
    private Map<Address, String> localCertMapping = new HashMap();
    private Set<String> acceptedSubjectDN = new HashSet();
    private Set<String> acceptedIssuerDN = new HashSet();

    @Override // org.snmp4j.transport.tls.TlsTmSecurityCallback
    public OctetString getSecurityName(X509Certificate[] x509CertificateArr) {
        for (Map.Entry<SecurityNameMapping, OctetString> entry : this.securityNameMapping.entrySet()) {
            OctetString fingerprint = entry.getKey().getFingerprint();
            for (X509Certificate x509Certificate : x509CertificateArr) {
                OctetString fingerprint2 = TLSTMUtil.getFingerprint(x509Certificate);
                if (fingerprint2 != null && fingerprint2.equals(fingerprint)) {
                    OctetString octetString = null;
                    try {
                        octetString = mapCertToTSN(x509Certificate, entry.getKey().getType(), entry.getKey().getData());
                    } catch (CertificateParsingException e) {
                        this.LOGGER.warn("Failed to parse client certificate: " + e.getMessage());
                    }
                    if (octetString != null && octetString.length() <= 32) {
                        return octetString;
                    }
                }
            }
        }
        return null;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:2:0x0008. Please report as an issue. */
    private OctetString mapCertToTSN(X509Certificate x509Certificate, SecurityNameMapping.CertMappingType certMappingType, OctetString octetString) throws CertificateParsingException {
        switch (certMappingType) {
            case Specified:
                return octetString;
            case SANAny:
            case SANRFC822Name:
                Object subjAltName = TLSTMUtil.getSubjAltName(x509Certificate.getSubjectAlternativeNames(), 1);
                if (subjAltName != null) {
                    String[] split = ((String) subjAltName).split("@");
                    return new OctetString(split[0] + "@" + split[1].toLowerCase());
                }
            case SANDNSName:
                Object subjAltName2 = TLSTMUtil.getSubjAltName(x509Certificate.getSubjectAlternativeNames(), 2);
                if (subjAltName2 != null) {
                    return new OctetString(((String) subjAltName2).toLowerCase());
                }
            case SANIpAddress:
                Object subjAltName3 = TLSTMUtil.getSubjAltName(x509Certificate.getSubjectAlternativeNames(), 7);
                if (subjAltName3 != null) {
                    String lowerCase = ((String) subjAltName3).toLowerCase();
                    if (lowerCase.indexOf(58) < 0) {
                        return new OctetString(lowerCase);
                    }
                    StringBuilder sb = new StringBuilder(16);
                    for (String str : lowerCase.split(":")) {
                        for (int length = 2 - str.length(); length > 0; length--) {
                            sb.append('0');
                        }
                        sb.append(str);
                    }
                    return new OctetString(sb.toString());
                }
            case CommonName:
                return new OctetString(x509Certificate.getSubjectX500Principal().getName());
            default:
                return null;
        }
    }

    @Override // org.snmp4j.transport.tls.TlsTmSecurityCallback
    public boolean isClientCertificateAccepted(X509Certificate x509Certificate) {
        return this.acceptedSubjectDN.contains(x509Certificate.getSubjectDN().getName());
    }

    @Override // org.snmp4j.transport.tls.TlsTmSecurityCallback
    public boolean isServerCertificateAccepted(X509Certificate[] x509CertificateArr) {
        if (this.acceptedSubjectDN.contains(x509CertificateArr[0].getSubjectDN().getName())) {
            return true;
        }
        for (X509Certificate x509Certificate : x509CertificateArr) {
            Principal issuerDN = x509Certificate.getIssuerDN();
            if (issuerDN != null && this.acceptedIssuerDN.contains(issuerDN.getName())) {
                return true;
            }
        }
        return false;
    }

    @Override // org.snmp4j.transport.tls.TlsTmSecurityCallback
    public boolean isAcceptedIssuer(X509Certificate x509Certificate) {
        Principal issuerDN = x509Certificate.getIssuerDN();
        return issuerDN != null && this.acceptedIssuerDN.contains(issuerDN.getName());
    }

    @Override // org.snmp4j.transport.tls.TlsTmSecurityCallback
    public String getLocalCertificateAlias(Address address) {
        String str = this.localCertMapping.get(address);
        return str == null ? this.localCertMapping.get(null) : str;
    }

    public void addSecurityNameMapping(OctetString octetString, SecurityNameMapping.CertMappingType certMappingType, OctetString octetString2, OctetString octetString3) {
        this.securityNameMapping.put(new SecurityNameMapping(octetString, octetString2, certMappingType, octetString3), octetString3);
    }

    public OctetString removeSecurityNameMapping(OctetString octetString, SecurityNameMapping.CertMappingType certMappingType, OctetString octetString2) {
        return this.securityNameMapping.remove(new SecurityNameMapping(octetString, octetString2, certMappingType, null));
    }

    public void addAcceptedIssuerDN(String str) {
        this.acceptedIssuerDN.add(str);
    }

    public boolean removeAcceptedIssuerDN(String str) {
        return this.acceptedIssuerDN.remove(str);
    }

    public void addAcceptedSubjectDN(String str) {
        this.acceptedSubjectDN.add(str);
    }

    public boolean removeAcceptedSubjectDN(String str) {
        return this.acceptedSubjectDN.remove(str);
    }

    public void addLocalCertMapping(Address address, String str) {
        this.localCertMapping.put(address, str);
    }

    public String removeLocalCertMapping(Address address) {
        return this.localCertMapping.remove(address);
    }
}
