package com.datastax.dse.byos.shade.com.cryptsoft.kmip;

import com.datastax.dse.byos.shade.com.cryptsoft.codec.Hex;
import com.datastax.dse.byos.shade.com.cryptsoft.codec.TLV;
import com.datastax.dse.byos.shade.com.cryptsoft.kmip.enm.CertificateType;
import com.datastax.dse.byos.shade.com.cryptsoft.kmip.enm.CryptographicUsageMask;
import com.datastax.dse.byos.shade.com.cryptsoft.kmip.enm.ObjectType;
import com.datastax.dse.byos.shade.com.cryptsoft.kmip.enm.Tag;
import com.datastax.dse.byos.shade.com.cryptsoft.kmip.enm.Type;
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

/* loaded from: input_file:com/datastax/dse/byos/shade/com/cryptsoft/kmip/Certificate.class */
public class Certificate extends TTLV implements ManagedObject {
    public static final int DEFAULT_CRYPTOGRAPHIC_USAGE_MASK = ((CryptographicUsageMask.Sign.value() | CryptographicUsageMask.Verify.value()) | CryptographicUsageMask.Encrypt.value()) | CryptographicUsageMask.Decrypt.value();
    private X509Certificate a;

    public Certificate(CertificateType certificateType, byte[] bArr) {
        super(Tag.Certificate, certificateType.ttlv(), TTLV.byteString(Tag.CertificateValue, bArr));
    }

    public Certificate(TTLV ttlv) {
        super(Tag.Certificate, ttlv.split());
        ttlv.validate("Certificate", Tag.Certificate, Type.Structure, 2, 2);
        ttlv.get(0).validate("CertificateType", Tag.CertificateType, Type.Enumeration, 0, 0);
        ttlv.get(1).validate("CertificateValue", Tag.CertificateValue, Type.ByteString, 0, 0);
    }

    @Override // com.datastax.dse.byos.shade.com.cryptsoft.kmip.ManagedObject
    public ObjectType objectType() {
        return ObjectType.Certificate;
    }

    @Override // com.datastax.dse.byos.shade.com.cryptsoft.kmip.ManagedObject
    public TTLV ttlv() {
        return this;
    }

    public CertificateType getCertificateType() {
        return (CertificateType) get(0).getValueEnumeration();
    }

    public byte[] getCertificateValue() {
        return get(1).getValue();
    }

    public X509Certificate getX509Certificate() {
        if (this.a == null) {
            get(0).validate("CertificateType", CertificateType.X_509);
            try {
                this.a = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(get(1).getValue()));
            } catch (CertificateException e) {
                throw new KmipException("Error parsing X509 Certificate from: " + Hex.b2s(get(1).getValue()), e);
            }
        }
        return this.a;
    }

    public static Certificate fromX509(byte[] bArr) {
        return new Certificate(CertificateType.X_509, bArr);
    }

    public static Certificate x509(byte[] bArr) {
        return fromX509(bArr);
    }

    public static int cryptographicUsageMaskFromKeyUsage(X509Certificate x509Certificate) {
        int i = DEFAULT_CRYPTOGRAPHIC_USAGE_MASK;
        int i2 = 0;
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.15");
        if (extensionValue == null || extensionValue.length < 5 || extensionValue[0] != 4 || extensionValue[2] != 3) {
            return i;
        }
        try {
            byte[] value = new TLV(extensionValue).get(0).getValue();
            int i3 = ((value.length > 1 ? value[1] & 255 : 0) << 8) | (value.length > 2 ? value[2] & 255 : 0);
            if (((i3 >> 15) & 1) == 1) {
                i2 = 0 | CryptographicUsageMask.Sign.value() | CryptographicUsageMask.Verify.value();
            }
            if (((i3 >> 14) & 1) == 1) {
                i2 |= CryptographicUsageMask.ContentCommitment.value();
            }
            if (((i3 >> 13) & 1) == 1) {
                i2 |= CryptographicUsageMask.WrapKey.value() | CryptographicUsageMask.UnwrapKey.value();
            }
            if (((i3 >> 12) & 1) == 1) {
                i2 |= CryptographicUsageMask.Encrypt.value() | CryptographicUsageMask.Decrypt.value();
            }
            if (((i3 >> 11) & 1) == 1) {
                i2 |= CryptographicUsageMask.KeyAgreement.value();
            }
            if (((i3 >> 10) & 1) == 1) {
                i2 |= CryptographicUsageMask.CertificateSign.value();
            }
            if (((i3 >> 9) & 1) == 1) {
                i2 |= CryptographicUsageMask.CRLSign.value();
            }
            if (((i3 >> 8) & 1) == 1) {
                i2 |= CryptographicUsageMask.Encrypt.value();
            }
            if (((i3 >> 7) & 1) == 1) {
                i2 |= CryptographicUsageMask.Decrypt.value();
            }
            return i2;
        } catch (Exception unused) {
            return i;
        }
    }
}
