package ee.sk.mid;

import ee.sk.mid.exception.MidInternalErrorException;
import ee.sk.mid.rest.MidSessionStatusPoller;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:ee/sk/mid/MidAuthenticationResponseValidator.class */
public class MidAuthenticationResponseValidator {
    private static final Logger logger = LoggerFactory.getLogger(MidAuthenticationResponseValidator.class);

    public MidAuthenticationResult validate(MidAuthentication midAuthentication) {
        validateAuthentication(midAuthentication);
        MidAuthenticationResult midAuthenticationResult = new MidAuthenticationResult();
        midAuthenticationResult.setAuthenticationIdentity(constructAuthenticationIdentity(midAuthentication.getCertificate()));
        if (!isResultOk(midAuthentication)) {
            midAuthenticationResult.setValid(false);
            midAuthenticationResult.addError(MidAuthenticationError.INVALID_RESULT);
        }
        if (!isSignatureValid(midAuthentication)) {
            midAuthenticationResult.setValid(false);
            midAuthenticationResult.addError(MidAuthenticationError.SIGNATURE_VERIFICATION_FAILURE);
        }
        if (!isCertificateValid(midAuthentication.getCertificate())) {
            midAuthenticationResult.setValid(false);
            midAuthenticationResult.addError(MidAuthenticationError.CERTIFICATE_EXPIRED);
        }
        return midAuthenticationResult;
    }

    private void validateAuthentication(MidAuthentication midAuthentication) {
        if (midAuthentication.getCertificate() == null) {
            logger.error("Certificate is not present in the authentication response");
            throw new MidInternalErrorException("Certificate is not present in the authentication response");
        }
        if (midAuthentication.getSignatureValueInBase64().isEmpty()) {
            logger.error("Signature is not present in the authentication response");
            throw new MidInternalErrorException("Signature is not present in the authentication response");
        }
        if (midAuthentication.getHashType() == null) {
            logger.error("Hash type is not present in the authentication response");
            throw new MidInternalErrorException("Hash type is not present in the authentication response");
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:7:0x0050. Please report as an issue. */
    MidAuthenticationIdentity constructAuthenticationIdentity(X509Certificate x509Certificate) {
        MidAuthenticationIdentity midAuthenticationIdentity = new MidAuthenticationIdentity();
        try {
            for (Rdn rdn : new LdapName(x509Certificate.getSubjectDN().getName()).getRdns()) {
                String upperCase = rdn.getType().toUpperCase();
                boolean z = -1;
                switch (upperCase.hashCode()) {
                    case -1135010629:
                        if (upperCase.equals("SURNAME")) {
                            z = true;
                            break;
                        }
                        break;
                    case -977765827:
                        if (upperCase.equals("SERIALNUMBER")) {
                            z = 2;
                            break;
                        }
                        break;
                    case -38372504:
                        if (upperCase.equals("GIVENNAME")) {
                            z = false;
                            break;
                        }
                        break;
                    case 67:
                        if (upperCase.equals("C")) {
                            z = 3;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        midAuthenticationIdentity.setGivenName(rdn.getValue().toString());
                        break;
                    case true:
                        midAuthenticationIdentity.setSurName(rdn.getValue().toString());
                        break;
                    case true:
                        midAuthenticationIdentity.setIdentityCode(getIdentityNumber(rdn.getValue().toString()));
                        break;
                    case MidSessionStatusPoller.DEFAULT_POLLING_SLEEP_TIMEOUT_SECONDS /* 3 */:
                        midAuthenticationIdentity.setCountry(rdn.getValue().toString());
                        break;
                }
            }
            return midAuthenticationIdentity;
        } catch (InvalidNameException e) {
            logger.error("Error getting authentication identity from the certificate", e);
            throw new MidInternalErrorException("Error getting authentication identity from the certificate", e);
        }
    }

    private String getIdentityNumber(String str) {
        return str.replaceAll("^PNO[A-Z][A-Z]-", "");
    }

    private boolean isResultOk(MidAuthentication midAuthentication) {
        return "OK".equalsIgnoreCase(midAuthentication.getResult());
    }

    private boolean isSignatureValid(MidAuthentication midAuthentication) {
        PublicKey publicKey = midAuthentication.getCertificate().getPublicKey();
        String algorithm = publicKey.getAlgorithm();
        boolean z = -1;
        switch (algorithm.hashCode()) {
            case 2206:
                if (algorithm.equals("EC")) {
                    z = true;
                    break;
                }
                break;
            case 81440:
                if (algorithm.equals("RSA")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return MidSignatureVerifier.verifyWithRSA(publicKey, midAuthentication);
            case true:
                return MidSignatureVerifier.verifyWithECDSA(publicKey, midAuthentication);
            default:
                throw new IllegalArgumentException("Unsupported algorithm " + publicKey.getAlgorithm());
        }
    }

    private boolean isCertificateValid(X509Certificate x509Certificate) {
        return !x509Certificate.getNotAfter().before(new Date());
    }
}
