package org.cesecore.util;

import com.novell.ldap.LDAPDN;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintStream;
import java.math.BigInteger;
import java.net.URL;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.commons.lang.CharUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.math.NumberUtils;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERGeneralString;
import org.bouncycastle.asn1.DERGeneralizedTime;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.X500NameStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.GeneralSubtree;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.NameConstraints;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.PrivateKeyUsagePeriod;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.jce.X509KeyUsage;
import org.bouncycastle.jce.provider.PKIXNameConstraintValidator;
import org.bouncycastle.jce.provider.PKIXNameConstraintValidatorException;
import org.bouncycastle.operator.BufferingContentSigner;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.encoders.Hex;
import org.cesecore.certificates.ca.IllegalNameException;
import org.cesecore.certificates.ca.internal.CertificateValidity;
import org.cesecore.certificates.util.AlgorithmConstants;
import org.cesecore.certificates.util.DnComponents;
import org.cesecore.config.OcspConfiguration;
import org.cesecore.internal.InternalResources;
import org.ejbca.cvc.CardVerifiableCertificate;
import org.ejbca.cvc.CertificateParser;
import org.ejbca.cvc.HolderReferenceField;
import org.ejbca.cvc.exception.ConstructionException;
import org.ejbca.cvc.exception.ParseException;

/* loaded from: input_file:org/cesecore/util/CertTools.class */
public abstract class CertTools {
    private static final Logger log = Logger.getLogger(CertTools.class);
    private static final InternalResources intres = InternalResources.getInstance();
    public static final String EMAIL = "rfc822name";
    public static final String EMAIL1 = "email";
    public static final String EMAIL2 = "EmailAddress";
    public static final String EMAIL3 = "E";
    public static final String DNS = "dNSName";
    public static final String URI = "uniformResourceIdentifier";
    public static final String URI1 = "uri";
    public static final String URI2 = "uniformResourceId";
    public static final String IPADDR = "iPAddress";
    public static final String DIRECTORYNAME = "directoryName";
    public static final String KRB5PRINCIPAL = "krb5principal";
    public static final String KRB5PRINCIPAL_OBJECTID = "1.3.6.1.5.2.2";
    public static final String UPN = "upn";
    public static final String UPN_OBJECTID = "1.3.6.1.4.1.311.20.2.3";
    public static final String PERMANENTIDENTIFIER = "permanentIdentifier";
    public static final String PERMANENTIDENTIFIER_OBJECTID = "1.3.6.1.5.5.7.8.3";
    public static final String PERMANENTIDENTIFIER_SEP = "/";
    public static final String GUID = "guid";
    public static final String GUID_OBJECTID = "1.3.6.1.4.1.311.25.1";
    public static final String EFS_OBJECTID = "1.3.6.1.4.1.311.10.3.4";
    public static final String EFSR_OBJECTID = "1.3.6.1.4.1.311.10.3.4.1";
    public static final String MS_DOCUMENT_SIGNING_OBJECTID = "1.3.6.1.4.1.311.10.3.12";
    public static final String id_pkix = "1.3.6.1.5.5.7";
    public static final String id_kp = "1.3.6.1.5.5.7.3";
    public static final String id_pda = "1.3.6.1.5.5.7.9";
    public static final String id_pda_dateOfBirth = "1.3.6.1.5.5.7.9.1";
    public static final String id_pda_placeOfBirth = "1.3.6.1.5.5.7.9.2";
    public static final String id_pda_gender = "1.3.6.1.5.5.7.9.3";
    public static final String id_pda_countryOfCitizenship = "1.3.6.1.5.5.7.9.4";
    public static final String id_pda_countryOfResidence = "1.3.6.1.5.5.7.9.5";
    public static final String OID_MSTEMPLATE = "1.3.6.1.4.1.311.20.2";
    public static final String Intel_amt = "2.16.840.1.113741.1.2.3";
    private static final String[] EMAILIDS;
    public static final String BEGIN_CERTIFICATE_REQUEST = "-----BEGIN CERTIFICATE REQUEST-----";
    public static final String END_CERTIFICATE_REQUEST = "-----END CERTIFICATE REQUEST-----";
    public static final String BEGIN_KEYTOOL_CERTIFICATE_REQUEST = "-----BEGIN NEW CERTIFICATE REQUEST-----";
    public static final String END_KEYTOOL_CERTIFICATE_REQUEST = "-----END NEW CERTIFICATE REQUEST-----";
    public static final String BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----";
    public static final String END_CERTIFICATE = "-----END CERTIFICATE-----";
    public static final String BEGIN_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----";
    public static final String END_PUBLIC_KEY = "-----END PUBLIC KEY-----";
    public static final String BEGIN_X509_CRL_KEY = "-----BEGIN X509 CRL-----";
    public static final String END_X509_CRL_KEY = "-----END X509 CRL-----";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/cesecore/util/CertTools$BasicX509NameTokenizer.class */
    public static class BasicX509NameTokenizer {
        private final String oid;
        private int index = -1;
        private StringBuilder buf = new StringBuilder();

        public BasicX509NameTokenizer(String str) {
            this.oid = str;
        }

        public boolean hasMoreTokens() {
            return this.index != this.oid.length();
        }

        public String nextToken() {
            if (this.index == this.oid.length()) {
                return null;
            }
            int i = this.index + 1;
            boolean z = false;
            boolean z2 = false;
            this.buf.setLength(0);
            while (i != this.oid.length()) {
                char charAt = this.oid.charAt(i);
                if (charAt != '\"') {
                    if (!z2 && !z) {
                        if (charAt != '\\') {
                            if (charAt == ',' && !z2) {
                                break;
                            }
                            this.buf.append(charAt);
                        } else {
                            this.buf.append(charAt);
                            z2 = true;
                        }
                    } else {
                        this.buf.append(charAt);
                        z2 = false;
                    }
                } else {
                    if (z2) {
                        this.buf.append(charAt);
                    } else {
                        this.buf.append(charAt);
                        z = !z;
                    }
                    z2 = false;
                }
                i++;
            }
            this.index = i;
            return this.buf.toString().trim();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/cesecore/util/CertTools$X509NameTokenizer.class */
    public static class X509NameTokenizer {
        private String value;
        private int index;
        private char separator;
        private StringBuffer buf;

        public X509NameTokenizer(String str) {
            this(str, ',');
        }

        public X509NameTokenizer(String str, char c) {
            this.buf = new StringBuffer();
            this.value = str;
            this.index = -1;
            this.separator = c;
        }

        public boolean hasMoreTokens() {
            return this.index != this.value.length();
        }

        public String nextToken() {
            if (this.index == this.value.length()) {
                return null;
            }
            int i = this.index + 1;
            boolean z = false;
            boolean z2 = false;
            this.buf.setLength(0);
            while (i != this.value.length()) {
                char charAt = this.value.charAt(i);
                if (charAt == '\"') {
                    if (z2) {
                        if (charAt == '#' && this.buf.charAt(this.buf.length() - 1) == '=') {
                            this.buf.append('\\');
                        } else if (charAt == '+' && this.separator != '+') {
                            this.buf.append('\\');
                        }
                        this.buf.append(charAt);
                    } else {
                        z = !z;
                    }
                    z2 = false;
                } else if (z2 || z) {
                    if (charAt == '#' && this.buf.charAt(this.buf.length() - 1) == '=') {
                        this.buf.append('\\');
                    } else if (charAt == '+' && this.separator != '+') {
                        this.buf.append('\\');
                    }
                    this.buf.append(charAt);
                    z2 = false;
                } else if (charAt == '\\') {
                    z2 = true;
                } else {
                    if (charAt == this.separator) {
                        break;
                    }
                    this.buf.append(charAt);
                }
                i++;
            }
            this.index = i;
            return this.buf.toString().trim();
        }

        String getRemainingString() {
            return this.index + 1 < this.value.length() ? this.value.substring(this.index + 1) : "";
        }
    }

    public static X500Name stringToBcX500Name(String str) {
        return stringToBcX500Name(str, CeSecoreNameStyle.INSTANCE, true);
    }

    public static X500Name stringToBcX500Name(String str, boolean z) {
        return stringToBcX500Name(str, CeSecoreNameStyle.INSTANCE, z);
    }

    public static X500Name stringToBcX500Name(String str, X500NameStyle x500NameStyle, boolean z) {
        if (log.isTraceEnabled()) {
            log.trace(">stringToBcX500Name: " + str);
        }
        if (str == null) {
            return null;
        }
        if (str.length() > 2 && str.charAt(0) == '\"' && str.charAt(str.length() - 1) == '\"') {
            str = str.substring(1, str.length() - 1);
        }
        X500NameBuilder x500NameBuilder = new X500NameBuilder(x500NameStyle);
        boolean z2 = false;
        boolean z3 = false;
        int i = -1;
        String str2 = null;
        int i2 = 0;
        while (i2 < str.length()) {
            char charAt = str.charAt(i2);
            if (!z3 && charAt == '\"') {
                z2 = !z2;
            }
            if (i == -1 && !z2 && !z3 && charAt == '=' && 1 <= i2) {
                int i3 = i2;
                while (i3 > 0 && str.charAt(i3 - 1) == ' ') {
                    i3--;
                }
                int i4 = i3 - 1;
                while (i4 > 0 && ", +".indexOf(str.charAt(i4 - 1)) == -1) {
                    i4--;
                }
                str2 = str.substring(i4, i3);
                i = i2 + 1;
            }
            if (i != -1 && ((!z2 && !z3 && (charAt == ',' || charAt == '+')) || i2 == str.length() - 1)) {
                int length = i2 == str.length() - 1 ? str.length() - 1 : i2 - 1;
                while (length > i && str.charAt(length) == ' ') {
                    length--;
                }
                while (length > i && str.charAt(i) == ' ') {
                    i++;
                }
                if (i < str.length() && str.charAt(i) == '\"' && str.charAt(length) == '\"') {
                    i++;
                    length--;
                }
                String sb = unescapeValue(new StringBuilder(str.substring(i, length + 1))).toString();
                try {
                    ASN1ObjectIdentifier oid = DnComponents.getOid(str2);
                    if (oid == null) {
                        oid = new ASN1ObjectIdentifier(str2);
                    }
                    x500NameBuilder.addRDN(oid, sb);
                } catch (IllegalArgumentException e) {
                    log.warn("Unknown DN component ignored and silently dropped: " + str2);
                }
                i = -1;
                str2 = null;
            }
            if (z3) {
                z3 = false;
            } else if (!z2 && charAt == '\\') {
                z3 = true;
            }
            i2++;
        }
        X500Name build = x500NameBuilder.build();
        X500Name orderedX500Name = getOrderedX500Name(build, z, x500NameStyle);
        if (log.isTraceEnabled()) {
            log.trace(">stringToBcX500Name: x500Name=" + build.toString() + " orderedX500Name=" + orderedX500Name.toString());
        }
        return orderedX500Name;
    }

    private static StringBuilder unescapeValue(StringBuilder sb) {
        boolean z = false;
        int i = 0;
        while (i < sb.length()) {
            if (z || sb.charAt(i) != '\\') {
                z = false;
                i++;
            } else {
                z = true;
                sb.deleteCharAt(i);
            }
        }
        return sb;
    }

    public static String getUnescapedPlus(String str) {
        StringBuilder sb = new StringBuilder(str);
        int length = sb.length();
        for (int i = 0; i < length; i++) {
            if (sb.charAt(i) == '\\' && i + 1 != length && sb.charAt(i + 1) == '+') {
                sb.deleteCharAt(i);
                length--;
            }
        }
        return sb.toString();
    }

    private static String handleUnescapedPlus(String str) {
        if (str == null) {
            return str;
        }
        StringBuilder sb = new StringBuilder(str);
        int i = 0;
        int length = sb.length();
        while (i < length) {
            if (sb.charAt(i) == '+') {
                log.warn("DN \"" + str + "\" contains an unescaped '+'-character that will be automatically escaped. RFC 2253 reservs this for multi-valued RelativeDistinguishedNames. Encourage clients to use '\\+' instead, since future behaviour might change.");
                sb.insert(i, '\\');
                i++;
            } else if (sb.charAt(i) == '\\') {
                i++;
            }
            i++;
        }
        return sb.toString();
    }

    public static String stringToBCDNString(String str) {
        String handleUnescapedPlus = handleUnescapedPlus(str);
        if (isDNReversed(handleUnescapedPlus)) {
            handleUnescapedPlus = reverseDN(handleUnescapedPlus);
        }
        String str2 = null;
        X500Name stringToBcX500Name = stringToBcX500Name(handleUnescapedPlus);
        if (stringToBcX500Name != null) {
            str2 = stringToBcX500Name.toString();
        }
        if (str2 != null && str2.length() > 250) {
            log.info("Warning! DN is more than 250 characters long. Some databases have only 250 characters in the database for SubjectDN. Clipping may occur! DN (" + str2.length() + " chars): " + str2);
        }
        return str2;
    }

    public static ArrayList<String> getEmailFromDN(String str) {
        if (log.isTraceEnabled()) {
            log.trace(">getEmailFromDN(" + str + ")");
        }
        ArrayList<String> arrayList = new ArrayList<>();
        for (int i = 0; i < EMAILIDS.length; i++) {
            List<String> partsFromDN = getPartsFromDN(str, EMAILIDS[i]);
            if (!partsFromDN.isEmpty()) {
                arrayList.addAll(partsFromDN);
            }
        }
        if (log.isTraceEnabled()) {
            log.trace("<getEmailFromDN(" + str + "): " + arrayList.size());
        }
        return arrayList;
    }

    public static String getEMailAddress(Certificate certificate) {
        log.debug("Searching for EMail Address in SubjectAltName");
        if (certificate == null || !(certificate instanceof X509Certificate)) {
            return null;
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        try {
            if (x509Certificate.getSubjectAlternativeNames() != null) {
                for (List<?> list : x509Certificate.getSubjectAlternativeNames()) {
                    if (((Integer) list.get(0)).intValue() == 1) {
                        return (String) list.get(1);
                    }
                }
            }
        } catch (CertificateParsingException e) {
            log.error("Error parsing certificate: ", e);
        }
        log.debug("Searching for EMail Address in Subject DN");
        ArrayList<String> emailFromDN = getEmailFromDN(x509Certificate.getSubjectDN().getName());
        if (emailFromDN.isEmpty()) {
            return null;
        }
        return emailFromDN.get(0);
    }

    public static String reverseDN(String str) {
        if (log.isTraceEnabled()) {
            log.trace(">reverseDN: dn: " + str);
        }
        String str2 = null;
        if (str != null) {
            BasicX509NameTokenizer basicX509NameTokenizer = new BasicX509NameTokenizer(str);
            StringBuilder sb = new StringBuilder();
            boolean z = true;
            while (basicX509NameTokenizer.hasMoreTokens()) {
                String nextToken = basicX509NameTokenizer.nextToken();
                if (z) {
                    z = false;
                } else {
                    sb.insert(0, ",");
                }
                sb.insert(0, nextToken);
            }
            if (sb.length() > 0) {
                str2 = sb.toString();
            }
        }
        if (log.isTraceEnabled()) {
            log.trace("<reverseDN: resulting dn: " + str2);
        }
        return str2;
    }

    public static boolean isDNReversed(String str) {
        boolean z = false;
        if (str != null) {
            String str2 = null;
            X509NameTokenizer x509NameTokenizer = new X509NameTokenizer(str);
            String trim = x509NameTokenizer.hasMoreTokens() ? x509NameTokenizer.nextToken().trim() : null;
            while (x509NameTokenizer.hasMoreTokens()) {
                str2 = x509NameTokenizer.nextToken().trim();
            }
            String[] dnObjects = DnComponents.getDnObjects(true);
            if (trim != null && str2 != null) {
                String substring = trim.substring(0, trim.indexOf(61));
                String substring2 = str2.substring(0, str2.indexOf(61));
                int i = 0;
                int i2 = 0;
                for (int i3 = 0; i3 < dnObjects.length; i3++) {
                    if (substring.equalsIgnoreCase(dnObjects[i3])) {
                        i = i3;
                    }
                    if (substring2.equalsIgnoreCase(dnObjects[i3])) {
                        i2 = i3;
                    }
                }
                if (i2 < i) {
                    z = true;
                }
            }
        }
        return z;
    }

    public static String getPartFromDN(String str, String str2) {
        String str3 = null;
        List<String> partsFromDNInternal = getPartsFromDNInternal(str, str2, true);
        if (!partsFromDNInternal.isEmpty()) {
            str3 = partsFromDNInternal.get(0);
        }
        return str3;
    }

    public static List<String> getPartsFromDN(String str, String str2) {
        return getPartsFromDNInternal(str, str2, false);
    }

    public static List<String> getPartsFromDNInternal(String str, String str2, boolean z) {
        if (log.isTraceEnabled()) {
            log.trace(">getPartsFromDNInternal: dn:'" + str + "', dnpart=" + str2 + ", onlyReturnFirstMatch=" + z);
        }
        ArrayList arrayList = new ArrayList();
        if (str != null && str2 != null) {
            String lowerCase = str2.toLowerCase();
            int length = str2.length();
            boolean z2 = false;
            boolean z3 = false;
            int i = -1;
            int i2 = 0;
            while (i2 < str.length()) {
                char charAt = str.charAt(i2);
                if (!z3 && charAt == '\"') {
                    z2 = !z2;
                }
                if (!z2 && !z3 && charAt == '=' && length <= i2 && ((i2 - length) - 1 < 0 || !Character.isLetter(str.charAt((i2 - length) - 1)))) {
                    boolean z4 = true;
                    int i3 = 0;
                    while (true) {
                        if (i3 >= length) {
                            break;
                        }
                        if (Character.toLowerCase(str.charAt((i2 - length) + i3)) != lowerCase.charAt(i3)) {
                            z4 = false;
                            break;
                        }
                        i3++;
                    }
                    if (z4) {
                        i = i2 + 1;
                    }
                }
                if (i != -1 && ((!z2 && !z3 && (charAt == ',' || charAt == '+')) || i2 == str.length() - 1)) {
                    int length2 = i2 == str.length() - 1 ? str.length() - 1 : i2 - 1;
                    while (length2 > i && str.charAt(length2) == ' ') {
                        length2--;
                    }
                    while (length2 > i && str.charAt(i) == ' ') {
                        i++;
                    }
                    if (str.charAt(i) == '\"' && str.charAt(length2) == '\"') {
                        i++;
                        length2--;
                    }
                    arrayList.add(str.substring(i, length2 + 1));
                    if (z) {
                        break;
                    }
                    i = -1;
                }
                if (z3) {
                    z3 = false;
                } else if (!z2 && charAt == '\\') {
                    z3 = true;
                }
                i2++;
            }
        }
        if (log.isTraceEnabled()) {
            log.trace("<getPartsFromDNInternal: resulting DN part=" + arrayList.toString());
        }
        return arrayList;
    }

    public static ArrayList<String> getCustomOids(String str) {
        if (log.isTraceEnabled()) {
            log.trace(">getCustomOids: dn:'" + str);
        }
        ArrayList<String> arrayList = new ArrayList<>();
        if (str != null) {
            X509NameTokenizer x509NameTokenizer = new X509NameTokenizer(str);
            while (x509NameTokenizer.hasMoreTokens()) {
                String trim = x509NameTokenizer.nextToken().trim();
                try {
                    int indexOf = trim.indexOf(61);
                    if (indexOf > 2 && trim.charAt(1) == '.') {
                        String substring = trim.substring(0, indexOf);
                        if (!arrayList.contains(substring)) {
                            new ASN1ObjectIdentifier(substring);
                            arrayList.add(substring);
                        }
                    }
                } catch (IllegalArgumentException e) {
                }
            }
        }
        if (log.isTraceEnabled()) {
            log.trace("<getCustomOids: resulting DN part=" + arrayList.toString());
        }
        return arrayList;
    }

    public static String getSubjectDN(Certificate certificate) {
        return getDN(certificate, 1);
    }

    public static String getIssuerDN(Certificate certificate) {
        return getDN(certificate, 2);
    }

    /* JADX WARN: String concatenation convert failed
    jadx.core.utils.exceptions.JadxRuntimeException: Can't remove SSA var: r10v4 java.lang.String, still in use, count: 3, list:
      (r10v4 java.lang.String) from 0x00fc: PHI (r10v5 java.lang.String) = (r10v4 java.lang.String), (r10v11 java.lang.String) binds: [B:17:0x00bd, B:21:0x00de] A[DONT_GENERATE, DONT_INLINE]
      (r10v4 java.lang.String) from 0x00c2: INVOKE (r10v4 java.lang.String) STATIC call: org.apache.commons.lang.StringUtils.isNotEmpty(java.lang.String):boolean A[Catch: NoSuchFieldException -> 0x0149, WRAPPED]
      (r10v4 java.lang.String) from STR_CONCAT (r10v4 java.lang.String), (", ") A[Catch: NoSuchFieldException -> 0x0149, MD:():java.lang.String (c), SYNTHETIC, WRAPPED]
    	at jadx.core.utils.InsnRemover.removeSsaVar(InsnRemover.java:151)
    	at jadx.core.utils.InsnRemover.unbindResult(InsnRemover.java:116)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:80)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.dex.visitors.SimplifyVisitor.removeStringBuilderInsns(SimplifyVisitor.java:495)
    	at jadx.core.dex.visitors.SimplifyVisitor.convertStringBuilderChain(SimplifyVisitor.java:422)
    	at jadx.core.dex.visitors.SimplifyVisitor.convertInvoke(SimplifyVisitor.java:314)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyInsn(SimplifyVisitor.java:145)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyBlock(SimplifyVisitor.java:86)
    	at jadx.core.dex.visitors.SimplifyVisitor.visit(SimplifyVisitor.java:71)
     */
    private static String getDN(Certificate certificate, int i) {
        String str;
        String str2 = null;
        if (certificate == null) {
            return null;
        }
        if (certificate instanceof X509Certificate) {
            try {
                X509Certificate x509Certificate = (X509Certificate) getCertificateFactory().generateCertificate(new ByteArrayInputStream(certificate.getEncoded()));
                str2 = stringToBCDNString(i == 1 ? x509Certificate.getSubjectDN().toString() : x509Certificate.getIssuerDN().toString());
            } catch (CertificateException e) {
                log.info("Could not get DN from X509Certificate. " + e.getMessage());
                log.debug("", e);
                return null;
            }
        } else if (StringUtils.equals(certificate.getType(), "CVC")) {
            CardVerifiableCertificate cardVerifiableCertificate = (CardVerifiableCertificate) certificate;
            try {
                HolderReferenceField holderReference = i == 1 ? cardVerifiableCertificate.getCVCertificate().getCertificateBody().getHolderReference() : cardVerifiableCertificate.getCVCertificate().getCertificateBody().getAuthorityReference();
                if (holderReference != null) {
                    if (holderReference.getMnemonic() != null) {
                        str = new StringBuilder().append(StringUtils.isNotEmpty(str) ? str + ", " : "").append("CN=").append(holderReference.getMnemonic()).toString();
                    }
                    if (holderReference.getCountry() != null) {
                        if (StringUtils.isNotEmpty(str)) {
                            str = str + ", ";
                        }
                        str = str + "C=" + holderReference.getCountry();
                    }
                    str2 = stringToBCDNString(str);
                }
            } catch (NoSuchFieldException e2) {
                log.error("NoSuchFieldException: ", e2);
                return null;
            }
        }
        return str2;
    }

    public static BigInteger getSerialNumber(Certificate certificate) {
        BigInteger valueOf;
        if (certificate == null) {
            throw new IllegalArgumentException("Null input");
        }
        if (certificate instanceof X509Certificate) {
            valueOf = ((X509Certificate) certificate).getSerialNumber();
        } else {
            if (!StringUtils.equals(certificate.getType(), "CVC")) {
                throw new IllegalArgumentException("getSerialNumber: Certificate of type " + certificate.getType() + " is not implemented");
            }
            try {
                valueOf = getSerialNumberFromString(((CardVerifiableCertificate) certificate).getCVCertificate().getCertificateBody().getHolderReference().getSequence());
            } catch (NoSuchFieldException e) {
                log.error("getSerialNumber: NoSuchFieldException: ", e);
                valueOf = BigInteger.valueOf(0L);
            }
        }
        return valueOf;
    }

    public static BigInteger getSerialNumberFromString(String str) {
        BigInteger valueOf;
        if (str == null) {
            throw new IllegalArgumentException("getSerialNumberFromString: cert is null");
        }
        if (str.length() != 5) {
            valueOf = new BigInteger(str, 16);
        } else {
            try {
                if (NumberUtils.isNumber(str)) {
                    valueOf = NumberUtils.createBigInteger(str);
                } else {
                    log.info("getSerialNumber: Sequence is not a numeric string, trying to extract numerical sequence part.");
                    StringBuilder sb = new StringBuilder();
                    for (int i = 0; i < str.length(); i++) {
                        char charAt = str.charAt(i);
                        if (CharUtils.isAsciiNumeric(charAt)) {
                            sb.append(charAt);
                        }
                    }
                    if (sb.length() > 0) {
                        valueOf = NumberUtils.createBigInteger(sb.toString());
                    } else {
                        log.info("getSerialNumber: can not extract numeric sequence part, trying alfanumeric value (radix 36).");
                        if (str.matches("[0-9A-Z]{1,5}")) {
                            valueOf = BigInteger.valueOf(Integer.parseInt(str, 36));
                        } else {
                            log.info("getSerialNumber: Sequence does not contain any numeric parts, returning 0.");
                            valueOf = BigInteger.valueOf(0L);
                        }
                    }
                }
            } catch (NumberFormatException e) {
                log.debug("getSerialNumber: NumberFormatException for sequence: " + str);
                valueOf = BigInteger.valueOf(0L);
            }
        }
        return valueOf;
    }

    public static String getSerialNumberAsString(Certificate certificate) {
        String str;
        if (certificate == null) {
            throw new IllegalArgumentException("getSerialNumber: cert is null");
        }
        if (certificate instanceof X509Certificate) {
            str = ((X509Certificate) certificate).getSerialNumber().toString(16).toUpperCase();
        } else {
            if (!StringUtils.equals(certificate.getType(), "CVC")) {
                throw new IllegalArgumentException("getSerialNumber: Certificate of type " + certificate.getType() + " is not implemented");
            }
            try {
                str = ((CardVerifiableCertificate) certificate).getCVCertificate().getCertificateBody().getHolderReference().getSequence();
            } catch (NoSuchFieldException e) {
                log.error("getSerialNumber: NoSuchFieldException: ", e);
                str = "N/A";
            }
        }
        return str;
    }

    public static byte[] getSignature(Certificate certificate) {
        byte[] bArr = null;
        if (certificate == null) {
            bArr = new byte[0];
        } else if (certificate instanceof X509Certificate) {
            bArr = ((X509Certificate) certificate).getSignature();
        } else if (StringUtils.equals(certificate.getType(), "CVC")) {
            try {
                bArr = ((CardVerifiableCertificate) certificate).getCVCertificate().getSignature();
            } catch (NoSuchFieldException e) {
                log.error("NoSuchFieldException: ", e);
                return null;
            }
        }
        return bArr;
    }

    public static String getIssuerDN(X509CRL x509crl) {
        try {
            return stringToBCDNString(((X509CRL) getCertificateFactory().generateCRL(new ByteArrayInputStream(x509crl.getEncoded()))).getIssuerDN().toString());
        } catch (CRLException e) {
            log.error("CRLException: ", e);
            return null;
        }
    }

    public static Date getNotBefore(Certificate certificate) {
        Date date = null;
        if (certificate == null) {
            throw new IllegalArgumentException("getNotBefore: cert is null");
        }
        if (certificate instanceof X509Certificate) {
            date = ((X509Certificate) certificate).getNotBefore();
        } else if (StringUtils.equals(certificate.getType(), "CVC")) {
            try {
                date = ((CardVerifiableCertificate) certificate).getCVCertificate().getCertificateBody().getValidFrom();
            } catch (NoSuchFieldException e) {
                log.debug("NoSuchFieldException: " + e.getMessage());
                return null;
            }
        }
        return date;
    }

    public static Date getNotAfter(Certificate certificate) {
        Date date = null;
        if (certificate == null) {
            throw new IllegalArgumentException("getNotAfter: cert is null");
        }
        if (certificate instanceof X509Certificate) {
            date = ((X509Certificate) certificate).getNotAfter();
        } else if (StringUtils.equals(certificate.getType(), "CVC")) {
            try {
                date = ((CardVerifiableCertificate) certificate).getCVCertificate().getCertificateBody().getValidTo();
            } catch (NoSuchFieldException e) {
                if (!log.isDebugEnabled()) {
                    return null;
                }
                log.debug("NoSuchFieldException: " + e.getMessage());
                return null;
            }
        }
        return date;
    }

    public static CertificateFactory getCertificateFactory(String str) {
        String str2 = str == null ? "BC" : str;
        if ("BC".equals(str2)) {
            CryptoProviderTools.installBCProviderIfNotAvailable();
        }
        try {
            return CertificateFactory.getInstance("X.509", str2);
        } catch (NoSuchProviderException e) {
            log.error("NoSuchProvider: ", e);
            return null;
        } catch (CertificateException e2) {
            log.error("CertificateException: ", e2);
            return null;
        }
    }

    public static CertificateFactory getCertificateFactory() {
        return getCertificateFactory("BC");
    }

    public static List<Certificate> getCertsFromPEM(String str) throws FileNotFoundException, CertificateParsingException {
        if (log.isTraceEnabled()) {
            log.trace(">getCertfromPEM: certFile=" + str);
        }
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(str);
            List<Certificate> certsFromPEM = getCertsFromPEM(fileInputStream);
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e) {
                    throw new IllegalStateException("Could not clode input stream", e);
                }
            }
            if (log.isTraceEnabled()) {
                log.trace("<getCertfromPEM: certFile=" + str);
            }
            return certsFromPEM;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e2) {
                    throw new IllegalStateException("Could not clode input stream", e2);
                }
            }
            throw th;
        }
    }

    public static List<Certificate> getCertsFromPEM(InputStream inputStream) throws CertificateParsingException {
        String readLine;
        String readLine2;
        if (log.isTraceEnabled()) {
            log.trace(">getCertfromPEM");
        }
        ArrayList arrayList = new ArrayList();
        BufferedReader bufferedReader = null;
        ByteArrayOutputStream byteArrayOutputStream = null;
        PrintStream printStream = null;
        try {
            try {
                BufferedReader bufferedReader2 = new BufferedReader(new InputStreamReader(inputStream));
                while (true) {
                    if (!bufferedReader2.ready()) {
                        break;
                    }
                    byteArrayOutputStream = new ByteArrayOutputStream();
                    printStream = new PrintStream(byteArrayOutputStream);
                    do {
                        readLine = bufferedReader2.readLine();
                        if (readLine == null || readLine.equals(BEGIN_CERTIFICATE)) {
                            break;
                        }
                    } while (!readLine.equals("-----BEGIN TRUSTED CERTIFICATE-----"));
                    if (readLine != null) {
                        while (true) {
                            readLine2 = bufferedReader2.readLine();
                            if (readLine2 == null || readLine2.equals(END_CERTIFICATE) || readLine2.equals("-----END TRUSTED CERTIFICATE-----")) {
                                break;
                            }
                            printStream.print(readLine2);
                        }
                        if (readLine2 == null) {
                            throw new IllegalArgumentException("Error in " + inputStream.toString() + ", missing " + END_CERTIFICATE + " boundary");
                        }
                        printStream.close();
                        byte[] decode = Base64.decode(byteArrayOutputStream.toByteArray());
                        byteArrayOutputStream.close();
                        arrayList.add(getCertfromByteArray(decode));
                    } else if (arrayList.isEmpty()) {
                        throw new CertificateParsingException("Error in " + inputStream.toString() + ", missing " + BEGIN_CERTIFICATE + " boundary");
                    }
                }
                if (bufferedReader2 != null) {
                    bufferedReader2.close();
                }
                if (printStream != null) {
                    printStream.close();
                }
                if (byteArrayOutputStream != null) {
                    byteArrayOutputStream.close();
                }
                if (log.isTraceEnabled()) {
                    log.trace("<getcertfromPEM:" + arrayList.size());
                }
                return arrayList;
            } catch (Throwable th) {
                if (0 != 0) {
                    bufferedReader.close();
                }
                if (0 != 0) {
                    printStream.close();
                }
                if (0 != 0) {
                    byteArrayOutputStream.close();
                }
                throw th;
            }
        } catch (IOException e) {
            throw new IllegalStateException("Exception caught when attempting to read stream, see underlying IOException", e);
        }
    }

    public static Collection<Certificate> getCertCollectionFromArray(Certificate[] certificateArr, String str) throws CertificateException, NoSuchProviderException {
        if (log.isTraceEnabled()) {
            log.trace(">getCertCollectionFromArray: " + str);
        }
        ArrayList arrayList = new ArrayList();
        String str2 = str;
        if (str2 == null) {
            str2 = "BC";
        }
        for (Certificate certificate : certificateArr) {
            arrayList.add(getCertfromByteArray(certificate.getEncoded(), str2));
        }
        if (log.isTraceEnabled()) {
            log.trace("<getCertCollectionFromArray: " + arrayList.size());
        }
        return arrayList;
    }

    @Deprecated
    public static byte[] getPEMFromCerts(Collection<Certificate> collection) throws CertificateException {
        return getPemFromCertificateChain(collection);
    }

    public static byte[] getPemFromCertificateChain(Collection<Certificate> collection) throws CertificateEncodingException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PrintStream printStream = new PrintStream(byteArrayOutputStream);
        for (Certificate certificate : collection) {
            printStream.println("Subject: " + getSubjectDN(certificate));
            printStream.println("Issuer: " + getIssuerDN(certificate));
            writeAsPemEncoded(printStream, certificate.getEncoded(), BEGIN_CERTIFICATE, END_CERTIFICATE);
        }
        printStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    public static byte[] getPEMFromCrl(byte[] bArr) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PrintStream printStream = new PrintStream(byteArrayOutputStream);
        writeAsPemEncoded(printStream, bArr, BEGIN_X509_CRL_KEY, END_X509_CRL_KEY);
        printStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    public static byte[] getPEMFromPublicKey(byte[] bArr) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PrintStream printStream = new PrintStream(byteArrayOutputStream);
        writeAsPemEncoded(printStream, bArr, BEGIN_PUBLIC_KEY, END_PUBLIC_KEY);
        printStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    public static byte[] getPEMFromCertificateRequest(byte[] bArr) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PrintStream printStream = new PrintStream(byteArrayOutputStream);
        writeAsPemEncoded(printStream, bArr, BEGIN_CERTIFICATE_REQUEST, END_CERTIFICATE_REQUEST);
        printStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    private static void writeAsPemEncoded(PrintStream printStream, byte[] bArr, String str, String str2) {
        printStream.println(str);
        printStream.println(new String(Base64.encode(bArr)));
        printStream.println(str2);
    }

    public static Certificate getCertfromByteArray(byte[] bArr, String str) throws CertificateParsingException {
        Certificate certificate = null;
        String str2 = str;
        if (str == null) {
            str2 = "BC";
        }
        try {
            certificate = getCertificateFactory(str2).generateCertificate(new ByteArrayInputStream(bArr));
        } catch (CertificateException e) {
            log.debug("CertificateException trying to read X509Certificate.", e);
        }
        if (certificate == null) {
            try {
                certificate = new CardVerifiableCertificate(CertificateParser.parseCertificate(bArr));
            } catch (ParseException e2) {
                log.debug("ParseException trying to read CVCCertificate.", e2);
            } catch (ConstructionException e3) {
                log.debug("ConstructionException trying to read CVCCertificate.", e3);
            }
        }
        if (certificate == null) {
            throw new CertificateParsingException("No certificate could be parsed from byte array. See debug logs for details.");
        }
        return certificate;
    }

    public static Certificate getCertfromByteArray(byte[] bArr) throws CertificateParsingException {
        return getCertfromByteArray(bArr, "BC");
    }

    public static X509CRL getCRLfromByteArray(byte[] bArr) throws CRLException {
        log.trace(">getCRLfromByteArray");
        X509CRL x509crl = (X509CRL) getCertificateFactory().generateCRL(new ByteArrayInputStream(bArr));
        log.trace("<getCRLfromByteArray");
        return x509crl;
    }

    public static boolean isSelfSigned(Certificate certificate) {
        if (log.isTraceEnabled()) {
            log.trace(">isSelfSigned: cert: " + getIssuerDN(certificate) + "\n" + getSubjectDN(certificate));
        }
        boolean equals = getSubjectDN(certificate).equals(getIssuerDN(certificate));
        if (log.isTraceEnabled()) {
            log.trace("<isSelfSigned:" + equals);
        }
        return equals;
    }

    public static boolean isCertificateValid(X509Certificate x509Certificate) {
        try {
            x509Certificate.checkValidity();
            long warningBeforeExpirationTime = OcspConfiguration.getWarningBeforeExpirationTime();
            if (warningBeforeExpirationTime < 1) {
                return true;
            }
            try {
                x509Certificate.checkValidity(new Date(new Date().getTime() + warningBeforeExpirationTime));
            } catch (CertificateExpiredException e) {
                log.warn(intres.getLocalizedMessage("ocsp.warncertwillexpire", x509Certificate.getSerialNumber(), x509Certificate.getIssuerDN(), x509Certificate.getNotAfter()));
            } catch (CertificateNotYetValidException e2) {
                throw new Error("This should never happen.", e2);
            }
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("Time for \"certificate will soon expire\" not yet reached. You will be warned after: " + new Date(x509Certificate.getNotAfter().getTime() - warningBeforeExpirationTime));
            return true;
        } catch (CertificateExpiredException e3) {
            log.error(intres.getLocalizedMessage("ocsp.errorcerthasexpired", x509Certificate.getSerialNumber(), x509Certificate.getIssuerDN()));
            return false;
        } catch (CertificateNotYetValidException e4) {
            log.error(intres.getLocalizedMessage("ocsp.errornotyetvalid", x509Certificate.getSerialNumber(), x509Certificate.getIssuerDN()));
            return false;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:22:0x0063, code lost:
    
        if (r0.isDV() != false) goto L18;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static boolean isCA(java.security.cert.Certificate r4) {
        /*
            org.apache.log4j.Logger r0 = org.cesecore.util.CertTools.log
            boolean r0 = r0.isTraceEnabled()
            if (r0 == 0) goto L12
            org.apache.log4j.Logger r0 = org.cesecore.util.CertTools.log
            java.lang.String r1 = ">isCA"
            r0.trace(r1)
        L12:
            r0 = 0
            r5 = r0
            r0 = r4
            boolean r0 = r0 instanceof java.security.cert.X509Certificate
            if (r0 == 0) goto L2d
            r0 = r4
            java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0
            r6 = r0
            r0 = r6
            int r0 = r0.getBasicConstraints()
            r1 = -1
            if (r0 <= r1) goto L2a
            r0 = 1
            r5 = r0
        L2a:
            goto L75
        L2d:
            r0 = r4
            java.lang.String r0 = r0.getType()
            java.lang.String r1 = "CVC"
            boolean r0 = org.apache.commons.lang.StringUtils.equals(r0, r1)
            if (r0 == 0) goto L75
            r0 = r4
            org.ejbca.cvc.CardVerifiableCertificate r0 = (org.ejbca.cvc.CardVerifiableCertificate) r0
            r6 = r0
            r0 = r6
            org.ejbca.cvc.CVCertificate r0 = r0.getCVCertificate()     // Catch: java.lang.NoSuchFieldException -> L6b
            org.ejbca.cvc.CVCertificateBody r0 = r0.getCertificateBody()     // Catch: java.lang.NoSuchFieldException -> L6b
            org.ejbca.cvc.CVCAuthorizationTemplate r0 = r0.getAuthorizationTemplate()     // Catch: java.lang.NoSuchFieldException -> L6b
            r7 = r0
            r0 = r7
            org.ejbca.cvc.AuthorizationField r0 = r0.getAuthorizationField()     // Catch: java.lang.NoSuchFieldException -> L6b
            org.ejbca.cvc.AuthorizationRole r0 = r0.getAuthRole()     // Catch: java.lang.NoSuchFieldException -> L6b
            r8 = r0
            r0 = r8
            boolean r0 = r0.isCVCA()     // Catch: java.lang.NoSuchFieldException -> L6b
            if (r0 != 0) goto L66
            r0 = r8
            boolean r0 = r0.isDV()     // Catch: java.lang.NoSuchFieldException -> L6b
            if (r0 == 0) goto L68
        L66:
            r0 = 1
            r5 = r0
        L68:
            goto L75
        L6b:
            r7 = move-exception
            org.apache.log4j.Logger r0 = org.cesecore.util.CertTools.log
            java.lang.String r1 = "NoSuchFieldException: "
            r2 = r7
            r0.error(r1, r2)
        L75:
            org.apache.log4j.Logger r0 = org.cesecore.util.CertTools.log
            boolean r0 = r0.isTraceEnabled()
            if (r0 == 0) goto L98
            org.apache.log4j.Logger r0 = org.cesecore.util.CertTools.log
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r2 = r1
            r2.<init>()
            java.lang.String r2 = "<isCA:"
            java.lang.StringBuilder r1 = r1.append(r2)
            r2 = r5
            java.lang.StringBuilder r1 = r1.append(r2)
            java.lang.String r1 = r1.toString()
            r0.trace(r1)
        L98:
            r0 = r5
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.cesecore.util.CertTools.isCA(java.security.cert.Certificate):boolean");
    }

    public static boolean isOCSPCert(X509Certificate x509Certificate) {
        try {
            List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
            return extendedKeyUsage != null && extendedKeyUsage.contains(KeyPurposeId.id_kp_OCSPSigning.getId());
        } catch (CertificateParsingException e) {
            return false;
        }
    }

    public static X509Certificate genSelfCert(String str, long j, String str2, PrivateKey privateKey, PublicKey publicKey, String str3, boolean z) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, IllegalStateException, NoSuchProviderException, OperatorCreationException, CertificateException, IOException {
        return genSelfCert(str, j, str2, privateKey, publicKey, str3, z, "BC");
    }

    public static X509Certificate genSelfCert(String str, long j, String str2, PrivateKey privateKey, PublicKey publicKey, String str3, boolean z, String str4, boolean z2) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, IllegalStateException, NoSuchProviderException, OperatorCreationException, CertificateException, IOException {
        return genSelfCertForPurpose(str, j, str2, privateKey, publicKey, str3, z, z ? 6 : 0, null, null, str4, z2);
    }

    public static X509Certificate genSelfCert(String str, long j, String str2, PrivateKey privateKey, PublicKey publicKey, String str3, boolean z, String str4) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, IllegalStateException, NoSuchProviderException, OperatorCreationException, CertificateException, IOException {
        return genSelfCert(str, j, str2, privateKey, publicKey, str3, z, str4, true);
    }

    public static X509Certificate genSelfCertForPurpose(String str, long j, String str2, PrivateKey privateKey, PublicKey publicKey, String str3, boolean z, int i, boolean z2) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, IllegalStateException, NoSuchProviderException, OperatorCreationException, CertificateException, IOException {
        return genSelfCertForPurpose(str, j, str2, privateKey, publicKey, str3, z, i, null, null, "BC", z2);
    }

    public static X509Certificate genSelfCertForPurpose(String str, long j, String str2, PrivateKey privateKey, PublicKey publicKey, String str3, boolean z, int i, Date date, Date date2, String str4) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, IllegalStateException, NoSuchProviderException, IOException, OperatorCreationException, CertificateException {
        return genSelfCertForPurpose(str, j, str2, privateKey, publicKey, str3, z, i, date, date2, str4, true);
    }

    public static X509Certificate genSelfCertForPurpose(String str, long j, String str2, PrivateKey privateKey, PublicKey publicKey, String str3, boolean z, int i, Date date, Date date2, String str4, boolean z2) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, IllegalStateException, NoSuchProviderException, IOException, OperatorCreationException, CertificateException {
        return genSelfCertForPurpose(str, j, str2, privateKey, publicKey, str3, z, i, date, date2, str4, z2, null);
    }

    public static X509Certificate genSelfCertForPurpose(String str, long j, String str2, PrivateKey privateKey, PublicKey publicKey, String str3, boolean z, int i, Date date, Date date2, String str4, boolean z2, List<Extension> list) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, IllegalStateException, NoSuchProviderException, IOException, OperatorCreationException, CertificateException {
        PublicKey publicKey2;
        Date date3 = new Date();
        date3.setTime(date3.getTime() - CertificateValidity.SETBACKTIME);
        Date date4 = new Date();
        date4.setTime(date4.getTime() + (j * SimpleTime.MILLISECONDS_PER_DAY));
        if (publicKey instanceof RSAPublicKey) {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
            try {
                publicKey2 = KeyFactory.getInstance(AlgorithmConstants.KEYALGORITHM_RSA).generatePublic(new RSAPublicKeySpec(rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent()));
            } catch (InvalidKeySpecException e) {
                log.error("Error creating RSAPublicKey from spec: ", e);
                publicKey2 = publicKey;
            }
        } else if (publicKey instanceof ECPublicKey) {
            ECPublicKey eCPublicKey = (ECPublicKey) publicKey;
            try {
                ECPublicKeySpec eCPublicKeySpec = new ECPublicKeySpec(eCPublicKey.getW(), eCPublicKey.getParams());
                String algorithm = eCPublicKey.getAlgorithm();
                publicKey2 = algorithm.equals(AlgorithmConstants.KEYALGORITHM_ECGOST3410) ? KeyFactory.getInstance(AlgorithmConstants.KEYALGORITHM_ECGOST3410).generatePublic(eCPublicKeySpec) : algorithm.equals(AlgorithmConstants.KEYALGORITHM_DSTU4145) ? KeyFactory.getInstance(AlgorithmConstants.KEYALGORITHM_DSTU4145).generatePublic(eCPublicKeySpec) : KeyFactory.getInstance(AlgorithmConstants.KEYALGORITHM_EC).generatePublic(eCPublicKeySpec);
            } catch (NullPointerException e2) {
                log.debug("NullPointerException, probably it is implicitlyCA generated keys: " + e2.getMessage());
                publicKey2 = publicKey;
            } catch (InvalidKeySpecException e3) {
                log.error("Error creating ECPublicKey from spec: ", e3);
                publicKey2 = publicKey;
            }
        } else {
            log.debug("Not converting key of class. " + publicKey.getClass().getName());
            publicKey2 = publicKey;
        }
        byte[] bArr = new byte[8];
        SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
        secureRandom.setSeed(new Date().getTime());
        secureRandom.nextBytes(bArr);
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(stringToBcX500Name(str, z2), new BigInteger(bArr).abs(), date3, date4, stringToBcX500Name(str, z2), new SubjectPublicKeyInfo(ASN1Primitive.fromByteArray(publicKey2.getEncoded())));
        x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(z));
        if (z || i != 0) {
            x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, new X509KeyUsage(i));
        }
        if (date != null || date2 != null) {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            if (date != null) {
                aSN1EncodableVector.add(new DERTaggedObject(false, 0, new DERGeneralizedTime(date)));
            }
            if (date2 != null) {
                aSN1EncodableVector.add(new DERTaggedObject(false, 1, new DERGeneralizedTime(date2)));
            }
            x509v3CertificateBuilder.addExtension(Extension.privateKeyUsagePeriod, false, new DERSequence(aSN1EncodableVector));
        }
        if (z) {
            try {
                ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(publicKey2.getEncoded()));
                ASN1InputStream aSN1InputStream2 = new ASN1InputStream(new ByteArrayInputStream(publicKey2.getEncoded()));
                try {
                    SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifier(new SubjectPublicKeyInfo(aSN1InputStream.readObject()));
                    AuthorityKeyIdentifier authorityKeyIdentifier = new AuthorityKeyIdentifier(new SubjectPublicKeyInfo(aSN1InputStream2.readObject()));
                    x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, subjectKeyIdentifier);
                    x509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, authorityKeyIdentifier);
                    aSN1InputStream.close();
                    aSN1InputStream2.close();
                } catch (Throwable th) {
                    aSN1InputStream.close();
                    aSN1InputStream2.close();
                    throw th;
                }
            } catch (IOException e4) {
            }
        }
        if (str2 != null) {
            x509v3CertificateBuilder.addExtension(Extension.certificatePolicies, false, new DERSequence(new PolicyInformation(new ASN1ObjectIdentifier(str2))));
        }
        if (list != null) {
            for (Extension extension : list) {
                x509v3CertificateBuilder.addExtension(extension.getExtnId(), extension.isCritical(), extension.getParsedValue());
            }
        }
        return (X509Certificate) getCertfromByteArray(x509v3CertificateBuilder.build(new BufferingContentSigner(new JcaContentSignerBuilder(str3).setProvider(str4).build(privateKey), 20480)).getEncoded());
    }

    public static byte[] getAuthorityKeyId(Certificate certificate) {
        byte[] extensionValue;
        if (certificate == null || !(certificate instanceof X509Certificate) || (extensionValue = ((X509Certificate) certificate).getExtensionValue("2.5.29.35")) == null) {
            return null;
        }
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(extensionValue));
            try {
                aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(aSN1InputStream.readObject().getOctets()));
                try {
                    byte[] keyIdentifier = AuthorityKeyIdentifier.getInstance(aSN1InputStream.readObject()).getKeyIdentifier();
                    aSN1InputStream.close();
                    return keyIdentifier;
                } finally {
                }
            } finally {
                aSN1InputStream.close();
            }
        } catch (IOException e) {
            throw new IllegalStateException("Could not parse authority key identifier from certificate.", e);
        }
    }

    public static byte[] getSubjectKeyId(Certificate certificate) {
        byte[] extensionValue;
        if (certificate == null || !(certificate instanceof X509Certificate) || (extensionValue = ((X509Certificate) certificate).getExtensionValue("2.5.29.14")) == null) {
            return null;
        }
        ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(extensionValue));
        try {
            try {
                aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(ASN1OctetString.getInstance(aSN1InputStream.readObject()).getOctets()));
                try {
                    byte[] keyIdentifier = SubjectKeyIdentifier.getInstance(aSN1InputStream.readObject()).getKeyIdentifier();
                    aSN1InputStream.close();
                    return keyIdentifier;
                } finally {
                }
            } finally {
                aSN1InputStream.close();
            }
        } catch (IOException e) {
            throw new IllegalStateException("Could not parse subject key ID from certificate.", e);
        }
    }

    public static String getCertificatePolicyId(Certificate certificate, int i) throws IOException {
        String str = null;
        if (certificate instanceof X509Certificate) {
            byte[] extensionValue = ((X509Certificate) certificate).getExtensionValue(Extension.certificatePolicies.getId());
            if (extensionValue == null) {
                return null;
            }
            ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(extensionValue));
            try {
                aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(aSN1InputStream.readObject().getOctets()));
                try {
                    ASN1Sequence readObject = aSN1InputStream.readObject();
                    if (readObject.size() < i + 1) {
                        aSN1InputStream.close();
                        return null;
                    }
                    str = PolicyInformation.getInstance(readObject.getObjectAt(i)).getPolicyIdentifier().getId();
                    aSN1InputStream.close();
                    aSN1InputStream.close();
                } finally {
                    aSN1InputStream.close();
                }
            } catch (Throwable th) {
                aSN1InputStream.close();
                throw th;
            }
        }
        return str;
    }

    public static String getUPNAltName(Certificate certificate) throws IOException, CertificateParsingException {
        Collection<List<?>> subjectAlternativeNames;
        String str = null;
        if ((certificate instanceof X509Certificate) && (subjectAlternativeNames = ((X509Certificate) certificate).getSubjectAlternativeNames()) != null) {
            Iterator<List<?>> it = subjectAlternativeNames.iterator();
            while (it.hasNext()) {
                str = getUPNStringFromSequence(getAltnameSequence(it.next()));
                if (str != null) {
                    break;
                }
            }
        }
        return str;
    }

    private static String getUPNStringFromSequence(ASN1Sequence aSN1Sequence) {
        if (aSN1Sequence == null || !ASN1ObjectIdentifier.getInstance(aSN1Sequence.getObjectAt(0)).getId().equals(UPN_OBJECTID)) {
            return null;
        }
        ASN1Primitive object = aSN1Sequence.getObjectAt(1).getObject();
        if (object instanceof ASN1TaggedObject) {
            object = ASN1TaggedObject.getInstance(object).getObject();
        }
        return DERUTF8String.getInstance(object).getString();
    }

    public static String getPermanentIdentifierAltName(Certificate certificate) throws IOException, CertificateParsingException {
        Collection<List<?>> subjectAlternativeNames;
        String str = null;
        if ((certificate instanceof X509Certificate) && (subjectAlternativeNames = ((X509Certificate) certificate).getSubjectAlternativeNames()) != null) {
            Iterator<List<?>> it = subjectAlternativeNames.iterator();
            while (it.hasNext()) {
                str = getPermanentIdentifierStringFromSequence(getAltnameSequence(it.next()));
                if (str != null) {
                    break;
                }
            }
        }
        return str;
    }

    static String getPermanentIdentifierStringFromSequence(ASN1Sequence aSN1Sequence) {
        if (aSN1Sequence == null || !ASN1ObjectIdentifier.getInstance(aSN1Sequence.getObjectAt(0)).getId().equals(PERMANENTIDENTIFIER_OBJECTID)) {
            return null;
        }
        String str = null;
        String str2 = null;
        ASN1Primitive object = aSN1Sequence.getObjectAt(1).getObject();
        if (object instanceof ASN1TaggedObject) {
            object = ASN1TaggedObject.getInstance(object).getObject();
        }
        Enumeration objects = ASN1Sequence.getInstance(object).getObjects();
        if (objects.hasMoreElements()) {
            Object nextElement = objects.nextElement();
            if (nextElement instanceof DERUTF8String) {
                str = ((DERUTF8String) nextElement).getString();
                if (objects.hasMoreElements()) {
                    nextElement = objects.nextElement();
                }
            }
            if (nextElement instanceof ASN1ObjectIdentifier) {
                str2 = ((ASN1ObjectIdentifier) nextElement).getId();
            }
        }
        StringBuilder sb = new StringBuilder();
        if (str != null) {
            sb.append(escapePermanentIdentifierValue(str));
        }
        sb.append(PERMANENTIDENTIFIER_SEP);
        if (str2 != null) {
            sb.append(str2);
        }
        return sb.toString();
    }

    private static String escapePermanentIdentifierValue(String str) {
        return str.replace(PERMANENTIDENTIFIER_SEP, "\\/");
    }

    private static String unescapePermanentIdentifierValue(String str) {
        return str.replace("\\permanentIdentifier", PERMANENTIDENTIFIER);
    }

    static String[] getPermanentIdentifierValues(String str) {
        String[] strArr = new String[2];
        int lastIndexOf = str.lastIndexOf(PERMANENTIDENTIFIER_SEP);
        if (lastIndexOf == -1) {
            if (!str.isEmpty()) {
                strArr[0] = unescapePermanentIdentifierValue(str);
            }
        } else if (lastIndexOf == 0) {
            if (str.length() > 1) {
                strArr[1] = str.substring(1);
            }
        } else if (str.charAt(lastIndexOf - PERMANENTIDENTIFIER_SEP.length()) != '\\') {
            strArr[0] = unescapePermanentIdentifierValue(str.substring(0, lastIndexOf));
            if (str.length() > lastIndexOf + PERMANENTIDENTIFIER_SEP.length()) {
                strArr[1] = str.substring(lastIndexOf + 1);
            }
        }
        return strArr;
    }

    private static String getGUIDStringFromSequence(ASN1Sequence aSN1Sequence) {
        String str = null;
        if (aSN1Sequence != null && ASN1ObjectIdentifier.getInstance(aSN1Sequence.getObjectAt(0)).getId().equals(GUID_OBJECTID)) {
            ASN1Primitive object = aSN1Sequence.getObjectAt(1).getObject();
            if (object instanceof ASN1TaggedObject) {
                object = ASN1TaggedObject.getInstance(object).getObject();
            }
            str = new String(Hex.encode(ASN1OctetString.getInstance(object).getOctets()));
        }
        return str;
    }

    protected static String getKrb5PrincipalNameFromSequence(ASN1Sequence aSN1Sequence) {
        String str = null;
        if (aSN1Sequence != null && ASN1ObjectIdentifier.getInstance(aSN1Sequence.getObjectAt(0)).getId().equals(KRB5PRINCIPAL_OBJECTID)) {
            ASN1Primitive object = aSN1Sequence.getObjectAt(1).getObject();
            if (object instanceof ASN1TaggedObject) {
                object = ASN1TaggedObject.getInstance(object).getObject();
            }
            ASN1Sequence aSN1Sequence2 = ASN1Sequence.getInstance(object);
            String string = DERGeneralString.getInstance(aSN1Sequence2.getObjectAt(0).getObject()).getString();
            Enumeration objects = ASN1Sequence.getInstance(ASN1Sequence.getInstance(aSN1Sequence2.getObjectAt(1).getObject()).getObjectAt(1).getObject()).getObjects();
            while (objects.hasMoreElements()) {
                DERGeneralString dERGeneralString = DERGeneralString.getInstance((ASN1Primitive) objects.nextElement());
                str = str != null ? str + PERMANENTIDENTIFIER_SEP + dERGeneralString.getString() : dERGeneralString.getString();
            }
            str = str + "@" + string;
        }
        return str;
    }

    public static String getGuidAltName(Certificate certificate) throws IOException, CertificateParsingException {
        Collection<List<?>> subjectAlternativeNames;
        String gUIDStringFromSequence;
        if (!(certificate instanceof X509Certificate) || (subjectAlternativeNames = ((X509Certificate) certificate).getSubjectAlternativeNames()) == null) {
            return null;
        }
        Iterator<List<?>> it = subjectAlternativeNames.iterator();
        while (it.hasNext()) {
            ASN1Sequence altnameSequence = getAltnameSequence(it.next());
            if (altnameSequence != null && (gUIDStringFromSequence = getGUIDStringFromSequence(altnameSequence)) != null) {
                return gUIDStringFromSequence;
            }
        }
        return null;
    }

    private static ASN1Sequence getAltnameSequence(List<?> list) {
        if (((Integer) list.get(0)).intValue() == 0) {
            return getAltnameSequence((byte[]) list.get(1));
        }
        return null;
    }

    private static ASN1Sequence getAltnameSequence(byte[] bArr) {
        try {
            ASN1Primitive readObject = new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject();
            if (readObject instanceof ASN1TaggedObject) {
                readObject = ((ASN1TaggedObject) readObject).getObject();
            }
            return ASN1Sequence.getInstance(readObject);
        } catch (IOException e) {
            throw new RuntimeException("Could not read ASN1InputStream", e);
        }
    }

    public static String getAltNameStringFromExtension(Extension extension) {
        String str = null;
        ASN1Encodable parsedValue = extension.getParsedValue();
        if (parsedValue != null) {
            try {
                for (GeneralName generalName : GeneralNames.getInstance(parsedValue).getNames()) {
                    String generalNameString = getGeneralNameString(generalName.getTagNo(), generalName.getName());
                    if (generalNameString != null) {
                        str = str == null ? generalNameString : str + ", " + generalNameString;
                    }
                }
            } catch (IOException e) {
                log.error("IOException parsing altNames: ", e);
                return null;
            }
        }
        return str;
    }

    public static String getSubjectAlternativeName(Certificate certificate) {
        if (log.isTraceEnabled()) {
            log.trace(">getSubjectAlternativeName");
        }
        String str = "";
        if (certificate instanceof X509Certificate) {
            try {
                Collection<List<?>> subjectAlternativeNames = ((X509Certificate) certificate).getSubjectAlternativeNames();
                if (subjectAlternativeNames == null) {
                    return null;
                }
                String str2 = "";
                for (List<?> list : subjectAlternativeNames) {
                    Integer num = (Integer) list.get(0);
                    Object obj = list.get(1);
                    if (!StringUtils.isEmpty(str)) {
                        str2 = ", ";
                    }
                    switch (num.intValue()) {
                        case 0:
                            ASN1Sequence altnameSequence = getAltnameSequence(list);
                            String uPNStringFromSequence = getUPNStringFromSequence(altnameSequence);
                            if (uPNStringFromSequence != null) {
                                str = str + str2 + UPN + "=" + uPNStringFromSequence;
                                break;
                            } else {
                                String permanentIdentifierStringFromSequence = getPermanentIdentifierStringFromSequence(altnameSequence);
                                if (permanentIdentifierStringFromSequence != null) {
                                    str = str + str2 + PERMANENTIDENTIFIER + "=" + permanentIdentifierStringFromSequence;
                                    break;
                                } else {
                                    String krb5PrincipalNameFromSequence = getKrb5PrincipalNameFromSequence(altnameSequence);
                                    if (krb5PrincipalNameFromSequence != null) {
                                        str = str + str2 + KRB5PRINCIPAL + "=" + krb5PrincipalNameFromSequence;
                                        break;
                                    } else {
                                        String gUIDStringFromSequence = getGUIDStringFromSequence(altnameSequence);
                                        if (gUIDStringFromSequence != null) {
                                            str = str + str2 + GUID + "=" + gUIDStringFromSequence;
                                            break;
                                        } else {
                                            break;
                                        }
                                    }
                                }
                            }
                        case 1:
                            str = str + str2 + EMAIL + "=" + ((String) obj);
                            break;
                        case 2:
                            str = str + str2 + DNS + "=" + ((String) obj);
                            break;
                        case 4:
                            str = str + str2 + DIRECTORYNAME + "=" + ((String) obj);
                            break;
                        case 6:
                            str = str + str2 + URI + "=" + ((String) obj);
                            break;
                        case 7:
                            str = str + str2 + IPADDR + "=" + ((String) obj);
                            break;
                    }
                }
                if (log.isTraceEnabled()) {
                    log.trace("<getSubjectAlternativeName: " + str);
                }
                if (StringUtils.isEmpty(str)) {
                    return null;
                }
            } catch (CertificateParsingException e) {
                throw new RuntimeException("Could not parse certificate", e);
            }
        }
        return str;
    }

    public static GeneralNames getGeneralNamesFromAltName(String str) {
        if (log.isTraceEnabled()) {
            log.trace(">getGeneralNamesFromAltName: " + str);
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        Iterator<String> it = getEmailFromDN(str).iterator();
        while (it.hasNext()) {
            aSN1EncodableVector.add(new GeneralName(1, it.next()));
        }
        Iterator<String> it2 = getPartsFromDN(str, DNS).iterator();
        while (it2.hasNext()) {
            aSN1EncodableVector.add(new GeneralName(2, new DERIA5String(it2.next())));
        }
        String directoryStringFromAltName = getDirectoryStringFromAltName(str);
        if (directoryStringFromAltName != null) {
            aSN1EncodableVector.add(new GeneralName(4, new X500Name(LDAPDN.unescapeRDN(directoryStringFromAltName))));
        }
        Iterator<String> it3 = getPartsFromDN(str, URI).iterator();
        while (it3.hasNext()) {
            aSN1EncodableVector.add(new GeneralName(6, new DERIA5String(it3.next())));
        }
        Iterator<String> it4 = getPartsFromDN(str, URI1).iterator();
        while (it4.hasNext()) {
            aSN1EncodableVector.add(new GeneralName(6, new DERIA5String(it4.next())));
        }
        Iterator<String> it5 = getPartsFromDN(str, URI2).iterator();
        while (it5.hasNext()) {
            aSN1EncodableVector.add(new GeneralName(6, new DERIA5String(it5.next())));
        }
        for (String str2 : getPartsFromDN(str, IPADDR)) {
            byte[] ipStringToOctets = StringTools.ipStringToOctets(str2);
            if (ipStringToOctets.length > 0) {
                aSN1EncodableVector.add(new GeneralName(7, new DEROctetString(ipStringToOctets)));
            } else {
                log.error("Cannot parse/encode ip address, ignoring: " + str2);
            }
        }
        for (String str3 : getPartsFromDN(str, UPN)) {
            ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
            aSN1EncodableVector2.add(new ASN1ObjectIdentifier(UPN_OBJECTID));
            aSN1EncodableVector2.add(new DERTaggedObject(true, 0, new DERUTF8String(str3)));
            aSN1EncodableVector.add(GeneralName.getInstance(new DERTaggedObject(false, 0, new DERSequence(aSN1EncodableVector2))));
        }
        Iterator<String> it6 = getPartsFromDN(str, PERMANENTIDENTIFIER).iterator();
        while (it6.hasNext()) {
            String[] permanentIdentifierValues = getPermanentIdentifierValues(it6.next());
            ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
            aSN1EncodableVector3.add(new ASN1ObjectIdentifier(PERMANENTIDENTIFIER_OBJECTID));
            ASN1EncodableVector aSN1EncodableVector4 = new ASN1EncodableVector();
            if (permanentIdentifierValues[0] != null) {
                aSN1EncodableVector4.add(new DERUTF8String(permanentIdentifierValues[0]));
            }
            if (permanentIdentifierValues[1] != null) {
                aSN1EncodableVector4.add(new ASN1ObjectIdentifier(permanentIdentifierValues[1]));
            }
            aSN1EncodableVector3.add(new DERTaggedObject(true, 0, new DERSequence(aSN1EncodableVector4)));
            aSN1EncodableVector.add(new DERTaggedObject(false, 0, new DERSequence(aSN1EncodableVector3)));
        }
        for (String str4 : getPartsFromDN(str, GUID)) {
            ASN1EncodableVector aSN1EncodableVector5 = new ASN1EncodableVector();
            byte[] decode = Hex.decode(str4);
            if (decode != null) {
                aSN1EncodableVector5.add(new ASN1ObjectIdentifier(GUID_OBJECTID));
                aSN1EncodableVector5.add(new DERTaggedObject(true, 0, new DEROctetString(decode)));
                aSN1EncodableVector.add(new DERTaggedObject(false, 0, new DERSequence(aSN1EncodableVector5)));
            } else {
                log.error("Cannot decode hexadecimal guid, ignoring: " + str4);
            }
        }
        for (String str5 : getPartsFromDN(str, KRB5PRINCIPAL)) {
            if (log.isDebugEnabled()) {
                log.debug("principalString: " + str5);
            }
            int lastIndexOf = str5.lastIndexOf(64);
            String substring = lastIndexOf > 0 ? str5.substring(lastIndexOf + 1) : "";
            if (log.isDebugEnabled()) {
                log.debug("realm: " + substring);
            }
            ArrayList arrayList = new ArrayList();
            int i = 0;
            int i2 = 0;
            while (true) {
                int i3 = i2;
                if (i >= lastIndexOf) {
                    break;
                }
                i = str5.indexOf(47, i3);
                if (i == -1) {
                    i = lastIndexOf;
                }
                String substring2 = str5.substring(i3, i);
                if (log.isDebugEnabled()) {
                    log.debug("adding principal name: " + substring2);
                }
                arrayList.add(substring2);
                i2 = i + 1;
            }
            ASN1EncodableVector aSN1EncodableVector6 = new ASN1EncodableVector();
            aSN1EncodableVector6.add(new ASN1ObjectIdentifier(KRB5PRINCIPAL_OBJECTID));
            ASN1EncodableVector aSN1EncodableVector7 = new ASN1EncodableVector();
            aSN1EncodableVector7.add(new DERTaggedObject(true, 0, new DERGeneralString(substring)));
            ASN1EncodableVector aSN1EncodableVector8 = new ASN1EncodableVector();
            aSN1EncodableVector8.add(new DERTaggedObject(true, 0, new DERInteger(0L)));
            Iterator it7 = arrayList.iterator();
            ASN1EncodableVector aSN1EncodableVector9 = new ASN1EncodableVector();
            while (it7.hasNext()) {
                aSN1EncodableVector9.add(new DERGeneralString((String) it7.next()));
            }
            aSN1EncodableVector8.add(new DERTaggedObject(true, 1, new DERSequence(aSN1EncodableVector9)));
            aSN1EncodableVector7.add(new DERTaggedObject(true, 1, new DERSequence(aSN1EncodableVector8)));
            aSN1EncodableVector6.add(new DERTaggedObject(true, 0, new DERSequence(aSN1EncodableVector7)));
            aSN1EncodableVector.add(new DERTaggedObject(false, 0, new DERSequence(aSN1EncodableVector6)));
        }
        Iterator<String> it8 = getCustomOids(str).iterator();
        while (it8.hasNext()) {
            String next = it8.next();
            for (String str6 : getPartsFromDN(str, next)) {
                ASN1EncodableVector aSN1EncodableVector10 = new ASN1EncodableVector();
                aSN1EncodableVector10.add(new ASN1ObjectIdentifier(next));
                aSN1EncodableVector10.add(new DERTaggedObject(true, 0, new DERUTF8String(str6)));
                aSN1EncodableVector.add(new DERTaggedObject(false, 0, new DERSequence(aSN1EncodableVector10)));
            }
        }
        if (aSN1EncodableVector.size() > 0) {
            return GeneralNames.getInstance(new DERSequence(aSN1EncodableVector));
        }
        return null;
    }

    public static String getGeneralNameString(int i, ASN1Encodable aSN1Encodable) throws IOException {
        String str = null;
        switch (i) {
            case 0:
                ASN1Sequence altnameSequence = getAltnameSequence(aSN1Encodable.toASN1Primitive().getEncoded());
                String uPNStringFromSequence = getUPNStringFromSequence(altnameSequence);
                if (uPNStringFromSequence == null) {
                    String permanentIdentifierStringFromSequence = getPermanentIdentifierStringFromSequence(altnameSequence);
                    if (permanentIdentifierStringFromSequence == null) {
                        String krb5PrincipalNameFromSequence = getKrb5PrincipalNameFromSequence(altnameSequence);
                        if (krb5PrincipalNameFromSequence != null) {
                            str = "krb5principal=" + krb5PrincipalNameFromSequence;
                            break;
                        }
                    } else {
                        str = "permanentIdentifier=" + permanentIdentifierStringFromSequence;
                        break;
                    }
                } else {
                    str = "upn=" + uPNStringFromSequence;
                    break;
                }
                break;
            case 1:
                str = "rfc822name=" + DERIA5String.getInstance(aSN1Encodable).getString();
                break;
            case 2:
                str = "dNSName=" + DERIA5String.getInstance(aSN1Encodable).getString();
                break;
            case 6:
                str = "uniformResourceIdentifier=" + DERIA5String.getInstance(aSN1Encodable).getString();
                break;
            case 7:
                str = "iPAddress=" + StringTools.ipOctetsToString(ASN1OctetString.getInstance(aSN1Encodable).getOctets());
                break;
        }
        return str;
    }

    public static boolean verify(Certificate certificate, Collection<Certificate> collection) throws Exception {
        try {
            ArrayList arrayList = new ArrayList();
            arrayList.add(certificate);
            CertPath generateCertPath = CertificateFactory.getInstance("X.509", "BC").generateCertPath(arrayList);
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Collections.singleton(new TrustAnchor(((X509Certificate[]) collection.toArray(new X509Certificate[0]))[0], null)));
            pKIXParameters.setRevocationEnabled(false);
            PKIXCertPathValidatorResult pKIXCertPathValidatorResult = (PKIXCertPathValidatorResult) CertPathValidator.getInstance("PKIX", "BC").validate(generateCertPath, pKIXParameters);
            if (log.isDebugEnabled()) {
                log.debug("Certificate verify result: " + pKIXCertPathValidatorResult.toString());
            }
            return true;
        } catch (CertPathValidatorException e) {
            throw new Exception("Invalid certificate or certificate not issued by specified CA: " + e.getMessage());
        } catch (Exception e2) {
            throw new Exception("Error checking certificate chain: " + e2.getMessage());
        }
    }

    public static void checkValidity(Certificate certificate, Date date) throws CertificateExpiredException, CertificateNotYetValidException {
        if (certificate != null) {
            if (certificate instanceof X509Certificate) {
                ((X509Certificate) certificate).checkValidity(date);
                return;
            }
            if (StringUtils.equals(certificate.getType(), "CVC")) {
                CardVerifiableCertificate cardVerifiableCertificate = (CardVerifiableCertificate) certificate;
                try {
                    Date validFrom = cardVerifiableCertificate.getCVCertificate().getCertificateBody().getValidFrom();
                    Date validTo = cardVerifiableCertificate.getCVCertificate().getCertificateBody().getValidTo();
                    if (validFrom.after(date)) {
                        String str = "Certificate startDate '" + validFrom + "' is after check date '" + date + "'";
                        if (log.isTraceEnabled()) {
                            log.trace(str);
                        }
                        throw new CertificateNotYetValidException(str);
                    }
                    if (validTo.before(date)) {
                        String str2 = "Certificate endDate '" + validTo + "' is before check date '" + date + "'";
                        if (log.isTraceEnabled()) {
                            log.trace(str2);
                        }
                        throw new CertificateExpiredException(str2);
                    }
                } catch (NoSuchFieldException e) {
                    log.error("NoSuchFieldException: ", e);
                }
            }
        }
    }

    public static URL getCrlDistributionPoint(Certificate certificate) throws CertificateParsingException {
        String stringFromGeneralNames;
        if (!(certificate instanceof X509Certificate)) {
            return null;
        }
        try {
            ASN1Sequence extensionValue = getExtensionValue((X509Certificate) certificate, Extension.cRLDistributionPoints.getId());
            if (extensionValue == null) {
                return null;
            }
            ASN1Sequence aSN1Sequence = extensionValue;
            for (int i = 0; i < aSN1Sequence.size(); i++) {
                ASN1Sequence objectAt = aSN1Sequence.getObjectAt(i);
                for (int i2 = 0; i2 < objectAt.size(); i2++) {
                    ASN1TaggedObject objectAt2 = objectAt.getObjectAt(i2);
                    if (objectAt2.getTagNo() == 0 && (stringFromGeneralNames = getStringFromGeneralNames(objectAt2.getObject())) != null) {
                        return new URL(stringFromGeneralNames);
                    }
                }
            }
            return null;
        } catch (Exception e) {
            log.error("Error parsing CrlDistributionPoint", e);
            throw new CertificateParsingException(e.toString());
        }
    }

    public static Collection<String> getAuthorityInformationAccess(CRL crl) {
        ASN1Primitive extensionValue;
        AccessDescription[] accessDescriptions;
        ArrayList arrayList = new ArrayList();
        if ((crl instanceof X509CRL) && (extensionValue = getExtensionValue((X509CRL) crl, Extension.authorityInfoAccess.getId())) != null && (accessDescriptions = AuthorityInformationAccess.getInstance(extensionValue).getAccessDescriptions()) != null && accessDescriptions.length > 0) {
            for (AccessDescription accessDescription : accessDescriptions) {
                if (accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.id_ad_caIssuers)) {
                    GeneralName accessLocation = accessDescription.getAccessLocation();
                    if (accessLocation.getTagNo() == 6) {
                        ASN1Primitive aSN1Primitive = accessLocation.toASN1Primitive();
                        if (aSN1Primitive instanceof ASN1TaggedObject) {
                            aSN1Primitive = ASN1TaggedObject.getInstance(aSN1Primitive).getObject();
                        }
                        arrayList.add(DERIA5String.getInstance(aSN1Primitive).getString());
                    }
                }
            }
        }
        return arrayList;
    }

    /* JADX WARN: Code restructure failed: missing block: B:21:0x0067, code lost:
    
        r12 = r0.toASN1Primitive();
     */
    /* JADX WARN: Code restructure failed: missing block: B:22:0x0073, code lost:
    
        if ((r12 instanceof org.bouncycastle.asn1.ASN1TaggedObject) == false) goto L23;
     */
    /* JADX WARN: Code restructure failed: missing block: B:23:0x0076, code lost:
    
        r12 = org.bouncycastle.asn1.ASN1TaggedObject.getInstance(r12).getObject();
     */
    /* JADX WARN: Code restructure failed: missing block: B:24:0x0080, code lost:
    
        r5 = org.bouncycastle.asn1.DERIA5String.getInstance(r12).getString();
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.lang.String getAuthorityInformationAccessOcspUrl(java.security.cert.Certificate r4) throws java.security.cert.CertificateParsingException {
        /*
            r0 = 0
            r5 = r0
            r0 = r4
            boolean r0 = r0 instanceof java.security.cert.X509Certificate
            if (r0 == 0) goto Lb0
            r0 = r4
            java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0
            r6 = r0
            r0 = r6
            org.bouncycastle.asn1.ASN1ObjectIdentifier r1 = org.bouncycastle.asn1.x509.Extension.authorityInfoAccess     // Catch: java.lang.Exception -> L99
            java.lang.String r1 = r1.getId()     // Catch: java.lang.Exception -> L99
            org.bouncycastle.asn1.ASN1Primitive r0 = getExtensionValue(r0, r1)     // Catch: java.lang.Exception -> L99
            r7 = r0
            r0 = r7
            if (r0 != 0) goto L1f
            r0 = 0
            return r0
        L1f:
            r0 = r7
            org.bouncycastle.asn1.x509.AuthorityInformationAccess r0 = org.bouncycastle.asn1.x509.AuthorityInformationAccess.getInstance(r0)     // Catch: java.lang.Exception -> L99
            r8 = r0
            r0 = r8
            org.bouncycastle.asn1.x509.AccessDescription[] r0 = r0.getAccessDescriptions()     // Catch: java.lang.Exception -> L99
            r9 = r0
            r0 = r9
            if (r0 == 0) goto L96
            r0 = r9
            int r0 = r0.length     // Catch: java.lang.Exception -> L99
            if (r0 <= 0) goto L96
            r0 = 0
            r10 = r0
        L3a:
            r0 = r10
            r1 = r9
            int r1 = r1.length     // Catch: java.lang.Exception -> L99
            if (r0 >= r1) goto L96
            r0 = r9
            r1 = r10
            r0 = r0[r1]     // Catch: java.lang.Exception -> L99
            org.bouncycastle.asn1.ASN1ObjectIdentifier r0 = r0.getAccessMethod()     // Catch: java.lang.Exception -> L99
            org.bouncycastle.asn1.ASN1ObjectIdentifier r1 = org.bouncycastle.asn1.x509.X509ObjectIdentifiers.ocspAccessMethod     // Catch: java.lang.Exception -> L99
            boolean r0 = r0.equals(r1)     // Catch: java.lang.Exception -> L99
            if (r0 == 0) goto L90
            r0 = r9
            r1 = r10
            r0 = r0[r1]     // Catch: java.lang.Exception -> L99
            org.bouncycastle.asn1.x509.GeneralName r0 = r0.getAccessLocation()     // Catch: java.lang.Exception -> L99
            r11 = r0
            r0 = r11
            int r0 = r0.getTagNo()     // Catch: java.lang.Exception -> L99
            r1 = 6
            if (r0 != r1) goto L90
            r0 = r11
            org.bouncycastle.asn1.ASN1Primitive r0 = r0.toASN1Primitive()     // Catch: java.lang.Exception -> L99
            r12 = r0
            r0 = r12
            boolean r0 = r0 instanceof org.bouncycastle.asn1.ASN1TaggedObject     // Catch: java.lang.Exception -> L99
            if (r0 == 0) goto L80
            r0 = r12
            org.bouncycastle.asn1.ASN1TaggedObject r0 = org.bouncycastle.asn1.ASN1TaggedObject.getInstance(r0)     // Catch: java.lang.Exception -> L99
            org.bouncycastle.asn1.ASN1Primitive r0 = r0.getObject()     // Catch: java.lang.Exception -> L99
            r12 = r0
        L80:
            r0 = r12
            org.bouncycastle.asn1.DERIA5String r0 = org.bouncycastle.asn1.DERIA5String.getInstance(r0)     // Catch: java.lang.Exception -> L99
            r13 = r0
            r0 = r13
            java.lang.String r0 = r0.getString()     // Catch: java.lang.Exception -> L99
            r5 = r0
            goto L96
        L90:
            int r10 = r10 + 1
            goto L3a
        L96:
            goto Lb0
        L99:
            r7 = move-exception
            org.apache.log4j.Logger r0 = org.cesecore.util.CertTools.log
            java.lang.String r1 = "Error parsing AuthorityInformationAccess"
            r2 = r7
            r0.error(r1, r2)
            java.security.cert.CertificateParsingException r0 = new java.security.cert.CertificateParsingException
            r1 = r0
            r2 = r7
            java.lang.String r2 = r2.toString()
            r1.<init>(r2)
            throw r0
        Lb0:
            r0 = r5
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.cesecore.util.CertTools.getAuthorityInformationAccessOcspUrl(java.security.cert.Certificate):java.lang.String");
    }

    public static PrivateKeyUsagePeriod getPrivateKeyUsagePeriod(X509Certificate x509Certificate) {
        PrivateKeyUsagePeriod privateKeyUsagePeriod = null;
        byte[] extensionValue = x509Certificate.getExtensionValue(Extension.privateKeyUsagePeriod.getId());
        if (extensionValue != null && extensionValue.length > 0) {
            if (log.isTraceEnabled()) {
                log.trace("Found a PrivateKeyUsagePeriod in the certificate with subject: " + x509Certificate.getSubjectDN().toString());
            }
            ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(extensionValue));
            try {
                try {
                    aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(aSN1InputStream.readObject().getOctets()));
                    try {
                        privateKeyUsagePeriod = PrivateKeyUsagePeriod.getInstance(aSN1InputStream.readObject());
                        aSN1InputStream.close();
                        aSN1InputStream.close();
                    } finally {
                    }
                } finally {
                }
            } catch (IOException e) {
                throw new IllegalStateException("Unknown IOException caught when trying to parse certificate.", e);
            }
        }
        return privateKeyUsagePeriod;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static ASN1Primitive getExtensionValue(X509Certificate x509Certificate, String str) {
        if (x509Certificate == null) {
            return null;
        }
        return getDerObjectFromByteArray(x509Certificate.getExtensionValue(str));
    }

    protected static ASN1Primitive getExtensionValue(X509CRL x509crl, String str) {
        if (x509crl == null || str == null) {
            return null;
        }
        return getDerObjectFromByteArray(x509crl.getExtensionValue(str));
    }

    private static ASN1Primitive getDerObjectFromByteArray(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        try {
            return new ASN1InputStream(new ByteArrayInputStream(new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject().getOctets())).readObject();
        } catch (IOException e) {
            throw new RuntimeException("Caught an unexected IOException", e);
        }
    }

    private static String getStringFromGeneralNames(ASN1Primitive aSN1Primitive) {
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance((ASN1TaggedObject) aSN1Primitive, false);
        if (aSN1Sequence.size() == 0) {
            return null;
        }
        DERTaggedObject objectAt = aSN1Sequence.getObjectAt(0);
        if (objectAt.getTagNo() != 6) {
            return null;
        }
        return new String(ASN1OctetString.getInstance(objectAt, false).getOctets());
    }

    public static String getFingerprintAsString(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            return new String(Hex.encode(generateSHA1Fingerprint(certificate.getEncoded())));
        } catch (CertificateEncodingException e) {
            log.error("Error encoding certificate.", e);
            return null;
        }
    }

    public static String getFingerprintAsString(X509CRL x509crl) {
        try {
            return new String(Hex.encode(generateSHA1Fingerprint(x509crl.getEncoded())));
        } catch (CRLException e) {
            log.error("Error encoding CRL.", e);
            return null;
        }
    }

    public static String getFingerprintAsString(byte[] bArr) {
        return new String(Hex.encode(generateSHA1Fingerprint(bArr)));
    }

    public static byte[] generateSHA1Fingerprint(byte[] bArr) {
        try {
            return MessageDigest.getInstance("SHA1").digest(bArr);
        } catch (NoSuchAlgorithmException e) {
            log.error("SHA1 algorithm not supported", e);
            return null;
        }
    }

    public static byte[] generateSHA256Fingerprint(byte[] bArr) {
        try {
            return MessageDigest.getInstance("SHA-256").digest(bArr);
        } catch (NoSuchAlgorithmException e) {
            log.error("SHA-256 algorithm not supported", e);
            return null;
        }
    }

    public static byte[] generateMD5Fingerprint(byte[] bArr) {
        try {
            return MessageDigest.getInstance("MD5").digest(bArr);
        } catch (NoSuchAlgorithmException e) {
            log.error("MD5 algorithm not supported", e);
            return null;
        }
    }

    public static int sunKeyUsageToBC(boolean[] zArr) {
        if (zArr == null) {
            return -1;
        }
        int i = 0;
        if (zArr[0]) {
            i = 0 | 128;
        }
        if (zArr[1]) {
            i |= 64;
        }
        if (zArr[2]) {
            i |= 32;
        }
        if (zArr[3]) {
            i |= 16;
        }
        if (zArr[4]) {
            i |= 8;
        }
        if (zArr[5]) {
            i |= 4;
        }
        if (zArr[6]) {
            i |= 2;
        }
        if (zArr[7]) {
            i |= 1;
        }
        if (zArr[8]) {
            i |= 32768;
        }
        return i;
    }

    public static int bitStringToRevokedCertInfo(DERBitString dERBitString) {
        int i = 0;
        if (dERBitString == null) {
            return 0;
        }
        int intValue = dERBitString.intValue();
        if (log.isDebugEnabled()) {
            log.debug("Int value of bitString revocation reason: " + intValue);
        }
        if ((intValue & 32768) != 0) {
            i = 10;
        }
        if ((intValue & 16) != 0) {
            i = 3;
        }
        if ((intValue & 32) != 0) {
            i = 2;
        }
        if ((intValue & 2) != 0) {
            i = 6;
        }
        if ((intValue & 4) != 0) {
            i = 5;
        }
        if ((intValue & 64) != 0) {
            i = 1;
        }
        if ((intValue & 1) != 0) {
            i = 9;
        }
        if ((intValue & 8) != 0) {
            i = 4;
        }
        if ((intValue & 128) != 0) {
            i = 0;
        }
        return i;
    }

    public static String insertCNPostfix(String str, String str2, X500NameStyle x500NameStyle) {
        if (log.isTraceEnabled()) {
            log.trace(">insertCNPostfix: dn=" + str + ", cnpostfix=" + str2);
        }
        if (str == null) {
            return null;
        }
        RDN[] rDNsFromString = IETFUtils.rDNsFromString(str, x500NameStyle);
        X500NameBuilder x500NameBuilder = new X500NameBuilder(x500NameStyle);
        boolean z = false;
        for (RDN rdn : rDNsFromString) {
            for (AttributeTypeAndValue attributeTypeAndValue : rdn.getTypesAndValues()) {
                if (attributeTypeAndValue.getType() != null) {
                    String str3 = CeSecoreNameStyle.DefaultSymbols.get(attributeTypeAndValue.getType());
                    if (z || !"CN".equals(str3)) {
                        x500NameBuilder.addRDN(attributeTypeAndValue);
                    } else {
                        x500NameBuilder.addRDN(attributeTypeAndValue.getType(), IETFUtils.valueToString(attributeTypeAndValue.getValue()) + str2);
                        z = true;
                    }
                }
            }
        }
        String x500Name = x500NameBuilder.build().toString();
        if (log.isTraceEnabled()) {
            log.trace("<reverseDN: " + x500Name);
        }
        return x500Name;
    }

    public static List<String> getX500NameComponents(String str) {
        ArrayList arrayList = new ArrayList();
        X509NameTokenizer x509NameTokenizer = new X509NameTokenizer(str);
        while (x509NameTokenizer.hasMoreTokens()) {
            arrayList.add(x509NameTokenizer.nextToken());
        }
        return arrayList;
    }

    public static String getParentDN(String str) {
        X509NameTokenizer x509NameTokenizer = new X509NameTokenizer(str);
        x509NameTokenizer.nextToken();
        return x509NameTokenizer.getRemainingString();
    }

    public static List<ASN1ObjectIdentifier> getX509FieldOrder(boolean z) {
        ArrayList arrayList = new ArrayList();
        for (String str : DnComponents.getDnObjects(z)) {
            arrayList.add(DnComponents.getOid(str));
        }
        return arrayList;
    }

    private static X500Name getOrderedX500Name(X500Name x500Name, boolean z, X500NameStyle x500NameStyle) {
        boolean z2 = !isDNReversed(x500Name.toString());
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ASN1ObjectIdentifier[] attributeTypes = x500Name.getAttributeTypes();
        List<ASN1ObjectIdentifier> x509FieldOrder = getX509FieldOrder(z2);
        HashSet hashSet = new HashSet(attributeTypes.length + x509FieldOrder.size());
        for (ASN1ObjectIdentifier aSN1ObjectIdentifier : x509FieldOrder) {
            if (!hashSet.contains(aSN1ObjectIdentifier)) {
                hashSet.add(aSN1ObjectIdentifier);
                for (RDN rdn : x500Name.getRDNs(aSN1ObjectIdentifier)) {
                    arrayList.add(aSN1ObjectIdentifier);
                    arrayList2.add(rdn.getFirst().getValue());
                }
            }
        }
        for (ASN1ObjectIdentifier aSN1ObjectIdentifier2 : attributeTypes) {
            if (!hashSet.contains(aSN1ObjectIdentifier2)) {
                hashSet.add(aSN1ObjectIdentifier2);
                for (RDN rdn2 : x500Name.getRDNs(aSN1ObjectIdentifier2)) {
                    arrayList.add(aSN1ObjectIdentifier2);
                    arrayList2.add(rdn2.getFirst().getValue());
                    if (log.isDebugEnabled()) {
                        log.debug("added --> " + aSN1ObjectIdentifier2 + " val: " + rdn2);
                    }
                }
            }
        }
        if (z != z2) {
            if (log.isDebugEnabled()) {
                log.debug("Reversing order of DN, ldaporder=" + z + ", isLdapOrder=" + z2);
            }
            Collections.reverse(arrayList);
            Collections.reverse(arrayList2);
        }
        X500NameBuilder x500NameBuilder = new X500NameBuilder(x500NameStyle);
        for (int i = 0; i < arrayList.size(); i++) {
            x500NameBuilder.addRDN((ASN1ObjectIdentifier) arrayList.get(i), (ASN1Encodable) arrayList2.get(i));
        }
        return x500NameBuilder.build();
    }

    private static String getDirectoryStringFromAltName(String str) {
        String partFromDN = getPartFromDN(str, DIRECTORYNAME);
        if ("".equals(partFromDN)) {
            return null;
        }
        return partFromDN;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static List<Certificate> createCertChain(Collection<?> collection) throws CertPathValidatorException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, CertificateException {
        ArrayList arrayList = new ArrayList();
        Collection<Certificate> orderCertificateChain = orderCertificateChain(collection);
        X509Certificate x509Certificate = null;
        ArrayList arrayList2 = new ArrayList();
        for (Certificate certificate : orderCertificateChain) {
            if (isSelfSigned(certificate)) {
                x509Certificate = certificate;
            } else {
                arrayList2.add(certificate);
            }
        }
        if (arrayList2.isEmpty()) {
            arrayList.add(x509Certificate);
        } else {
            Certificate certificate2 = (Certificate) arrayList2.get(0);
            if (!certificate2.getType().equals("CVC")) {
                HashSet hashSet = new HashSet();
                hashSet.add(new TrustAnchor(x509Certificate, null));
                PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
                pKIXParameters.setRevocationEnabled(false);
                pKIXParameters.setDate(new Date());
                CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType(), "BC");
                CertPath generateCertPath = getCertificateFactory().generateCertPath(arrayList2);
                PKIXCertPathValidatorResult pKIXCertPathValidatorResult = (PKIXCertPathValidatorResult) certPathValidator.validate(generateCertPath, pKIXParameters);
                arrayList.addAll(generateCertPath.getCertificates());
                arrayList.add(pKIXCertPathValidatorResult.getTrustAnchor().getTrustedCert());
            } else {
                if (arrayList2.size() != 1) {
                    throw new CertPathValidatorException("CVC certificate chain can not be of length longer than two.");
                }
                arrayList.add(certificate2);
                arrayList.add(x509Certificate);
            }
        }
        return arrayList;
    }

    private static Collection<Certificate> orderCertificateChain(Collection<?> collection) throws CertPathValidatorException {
        Certificate certfromByteArray;
        ArrayList arrayList = new ArrayList();
        Certificate certificate = null;
        HashMap hashMap = new HashMap();
        for (Object obj : collection) {
            try {
                certfromByteArray = (Certificate) obj;
            } catch (ClassCastException e) {
                try {
                    certfromByteArray = getCertfromByteArray((byte[]) obj);
                } catch (CertificateParsingException e2) {
                    throw new CertPathValidatorException(e2);
                }
            }
            if (isSelfSigned(certfromByteArray)) {
                certificate = certfromByteArray;
            } else {
                log.debug("Adding to cacertmap with index '" + getIssuerDN(certfromByteArray) + "'");
                hashMap.put(getIssuerDN(certfromByteArray), certfromByteArray);
            }
        }
        if (certificate == null) {
            throw new CertPathValidatorException("No root CA certificate found in certificatelist");
        }
        arrayList.add(0, certificate);
        Certificate certificate2 = certificate;
        int i = 0;
        while (collection.size() != arrayList.size() && i <= collection.size()) {
            log.debug("Looking in cacertmap for '" + getSubjectDN(certificate2) + "'");
            Certificate certificate3 = (Certificate) hashMap.get(getSubjectDN(certificate2));
            if (certificate3 == null) {
                throw new CertPathValidatorException("Error building certificate path");
            }
            arrayList.add(0, certificate3);
            certificate2 = certificate3;
            i++;
        }
        if (i > collection.size()) {
            throw new CertPathValidatorException("Error building certificate path");
        }
        return arrayList;
    }

    public static boolean compareCertificateChains(Certificate[] certificateArr, Certificate[] certificateArr2) {
        if (certificateArr == null || certificateArr2 == null || certificateArr.length != certificateArr2.length) {
            return false;
        }
        for (int i = 0; i < certificateArr.length; i++) {
            if (certificateArr[i] == null || !certificateArr[i].equals(certificateArr2[i])) {
                return false;
            }
        }
        return true;
    }

    public static String dumpCertificateAsString(Certificate certificate) {
        String message;
        if (certificate instanceof X509Certificate) {
            try {
                message = getCertfromByteArray(certificate.getEncoded()).toString();
            } catch (CertificateException e) {
                message = e.getMessage();
            }
        } else {
            if (!StringUtils.equals(certificate.getType(), "CVC")) {
                throw new IllegalArgumentException("dumpCertificateAsString: Certificate of type " + certificate.getType() + " is not implemented");
            }
            message = ((CardVerifiableCertificate) certificate).getCVCertificate().getAsText("");
        }
        return message;
    }

    public static PKCS10CertificationRequest genPKCS10CertificationRequest(String str, X500Name x500Name, PublicKey publicKey, ASN1Set aSN1Set, PrivateKey privateKey, String str2) throws OperatorCreationException {
        try {
            CertificationRequestInfo certificationRequestInfo = new CertificationRequestInfo(x500Name, new SubjectPublicKeyInfo(ASN1Primitive.fromByteArray(publicKey.getEncoded())), aSN1Set);
            if (str2 == null) {
                str2 = "BC";
            }
            BufferingContentSigner bufferingContentSigner = new BufferingContentSigner(new JcaContentSignerBuilder(str).setProvider(str2).build(privateKey), 20480);
            bufferingContentSigner.getOutputStream().write(certificationRequestInfo.getEncoded("DER"));
            bufferingContentSigner.getOutputStream().flush();
            return new PKCS10CertificationRequest(new CertificationRequest(certificationRequestInfo, bufferingContentSigner.getAlgorithmIdentifier(), new DERBitString(bufferingContentSigner.getSignature())));
        } catch (IOException e) {
            throw new IllegalStateException("Unexpected IOException was caught.", e);
        }
    }

    public static ContentVerifierProvider genContentVerifierProvider(PublicKey publicKey) throws OperatorCreationException {
        return new JcaContentVerifierProviderBuilder().build(publicKey);
    }

    public static final JcaX509CertificateHolder[] convertCertificateChainToCertificateHolderChain(X509Certificate[] x509CertificateArr) throws CertificateEncodingException {
        JcaX509CertificateHolder[] jcaX509CertificateHolderArr = new JcaX509CertificateHolder[x509CertificateArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            jcaX509CertificateHolderArr[i] = new JcaX509CertificateHolder(x509CertificateArr[i]);
        }
        return jcaX509CertificateHolderArr;
    }

    public static void checkNameConstraints(X509Certificate x509Certificate, X500Name x500Name, GeneralNames generalNames) throws IllegalNameException {
        byte[] extensionValue = x509Certificate.getExtensionValue(Extension.nameConstraints.getId());
        ASN1Sequence dERSequence = extensionValue != null ? DERSequence.getInstance((extensionValue != null ? DEROctetString.getInstance(extensionValue) : null).getOctets()) : null;
        NameConstraints nameConstraints = dERSequence != null ? NameConstraints.getInstance(dERSequence) : null;
        if (nameConstraints != null) {
            if (x500Name == null || !X500Name.getInstance(x509Certificate.getSubjectX500Principal().getEncoded()).equals(x500Name)) {
                PKIXNameConstraintValidator pKIXNameConstraintValidator = new PKIXNameConstraintValidator();
                GeneralSubtree[] permittedSubtrees = nameConstraints.getPermittedSubtrees();
                GeneralSubtree[] excludedSubtrees = nameConstraints.getExcludedSubtrees();
                if (permittedSubtrees != null) {
                    pKIXNameConstraintValidator.intersectPermittedSubtree(permittedSubtrees);
                }
                if (excludedSubtrees != null) {
                    for (GeneralSubtree generalSubtree : excludedSubtrees) {
                        pKIXNameConstraintValidator.addExcludedSubtree(generalSubtree);
                    }
                }
                if (x500Name != null) {
                    GeneralName generalName = new GeneralName(x500Name);
                    try {
                        pKIXNameConstraintValidator.checkPermitted(generalName);
                        pKIXNameConstraintValidator.checkExcluded(generalName);
                    } catch (PKIXNameConstraintValidatorException e) {
                        if (!(!isDNReversed(x500Name.toString()))) {
                            throw new IllegalNameException(intres.getLocalizedMessage("nameconstraints.forbiddensubjectdn", x500Name), e);
                        }
                        throw new IllegalNameException(intres.getLocalizedMessage("nameconstraints.x500dnorderrequired", new Object[0]));
                    }
                }
                if (generalNames != null) {
                    for (GeneralName generalName2 : generalNames.getNames()) {
                        try {
                            pKIXNameConstraintValidator.checkPermitted(generalName2);
                            pKIXNameConstraintValidator.checkExcluded(generalName2);
                        } catch (PKIXNameConstraintValidatorException e2) {
                            throw new IllegalNameException(intres.getLocalizedMessage("nameconstraints.forbiddensubjectaltname", generalName2), e2);
                        }
                    }
                }
            }
        }
    }

    static {
        DnComponents.getDnObjects(true);
        EMAILIDS = new String[]{EMAIL, EMAIL1, EMAIL2, EMAIL3};
    }
}
