package eu.europa.esig.dss.spi;

import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.enumerations.RoleOfPspOid;
import eu.europa.esig.dss.enumerations.SemanticsIdentifier;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.Digest;
import eu.europa.esig.dss.model.TimestampBinary;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.model.x509.X500PrincipalHelper;
import eu.europa.esig.dss.spi.x509.CertificateIdentifier;
import eu.europa.esig.dss.spi.x509.CertificatePolicy;
import eu.europa.esig.dss.spi.x509.CertificateRef;
import eu.europa.esig.dss.spi.x509.PSD2QcType;
import eu.europa.esig.dss.spi.x509.RoleOfPSP;
import eu.europa.esig.dss.utils.Utils;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import javax.naming.ldap.Rdn;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1OutputStream;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.DLSet;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.Attributes;
import org.bouncycastle.asn1.esf.RevocationValues;
import org.bouncycastle.asn1.ess.OtherCertID;
import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.IssuerSerial;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.PolicyQualifierId;
import org.bouncycastle.asn1.x509.PolicyQualifierInfo;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.asn1.x509.qualified.QCStatement;
import org.bouncycastle.asn1.x509.qualified.RFC3739QCObjectIdentifiers;
import org.bouncycastle.asn1.x509.qualified.SemanticsInformation;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.tsp.TSPException;
import org.bouncycastle.tsp.TimeStampToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/spi/DSSASN1Utils.class */
public final class DSSASN1Utils {
    private static final Logger LOG = LoggerFactory.getLogger(DSSASN1Utils.class);
    private static final String QC_TYPE_STATEMENT_OID = "0.4.0.1862.1.6";
    private static final String QC_LEGISLATION_OID = "0.4.0.1862.1.7";

    private DSSASN1Utils() {
    }

    public static <T extends ASN1Primitive> T toASN1Primitive(byte[] bArr) {
        try {
            return (T) ASN1Primitive.fromByteArray(bArr);
        } catch (IOException e) {
            throw new DSSException(e);
        }
    }

    private static boolean isDEROctetStringNull(DEROctetString dEROctetString) {
        return DERNull.INSTANCE.equals(toASN1Primitive(dEROctetString.getOctets()));
    }

    public static byte[] getDEREncoded(ASN1Encodable aSN1Encodable) {
        return getEncoded(aSN1Encodable, "DER");
    }

    public static byte[] getBEREncoded(ASN1Encodable aSN1Encodable) {
        return getEncoded(aSN1Encodable, "BER");
    }

    private static byte[] getEncoded(ASN1Encodable aSN1Encodable, String str) {
        try {
            return aSN1Encodable.toASN1Primitive().getEncoded(str);
        } catch (IOException e) {
            throw new DSSException("Unable to encode to " + str, e);
        }
    }

    public static byte[] getEncoded(BasicOCSPResp basicOCSPResp) {
        try {
            return getDEREncoded((ASN1Encodable) BasicOCSPResponse.getInstance(basicOCSPResp.getEncoded()));
        } catch (IOException e) {
            throw new DSSException(e);
        }
    }

    public static Date toDate(ASN1GeneralizedTime aSN1GeneralizedTime) {
        try {
            return aSN1GeneralizedTime.getDate();
        } catch (ParseException e) {
            throw new DSSException(e);
        }
    }

    public static String toString(ASN1OctetString aSN1OctetString) {
        return new String(aSN1OctetString.getOctets());
    }

    public static byte[] getEncoded(TimeStampToken timeStampToken) {
        return getEncoded(timeStampToken.toCMSSignedData());
    }

    public static byte[] getEncoded(CMSSignedData cMSSignedData) {
        try {
            return cMSSignedData.getEncoded();
        } catch (IOException e) {
            throw new DSSException("Unable to encode to DER", e);
        }
    }

    public static byte[] getDEREncoded(TimeStampToken timeStampToken) {
        return getDEREncoded(timeStampToken.toCMSSignedData());
    }

    public static byte[] getDEREncoded(CMSSignedData cMSSignedData) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                ASN1OutputStream create = ASN1OutputStream.create(byteArrayOutputStream, "DER");
                create.writeObject(cMSSignedData.toASN1Structure());
                create.close();
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                byteArrayOutputStream.close();
                return byteArray;
            } finally {
            }
        } catch (IOException e) {
            throw new DSSException("Unable to encode to DER", e);
        }
    }

    public static byte[] getDEREncoded(TimestampBinary timestampBinary) {
        return getDEREncoded(timestampBinary.getBytes());
    }

    public static byte[] getDEREncoded(byte[] bArr) {
        try {
            return getDEREncoded((ASN1Encodable) ASN1Primitive.fromByteArray(bArr));
        } catch (IOException e) {
            throw new DSSException("Unable to encode to DER", e);
        }
    }

    public static ASN1Sequence getAsn1SequenceFromDerOctetString(byte[] bArr) {
        return getASN1Sequence(getDEROctetStringContent(bArr));
    }

    private static byte[] getDEROctetStringContent(byte[] bArr) {
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(bArr);
            try {
                byte[] octets = aSN1InputStream.readObject().getOctets();
                aSN1InputStream.close();
                return octets;
            } finally {
            }
        } catch (IOException e) {
            throw new DSSException("Unable to retrieve the DEROctetString content", e);
        }
    }

    private static ASN1Sequence getASN1Sequence(byte[] bArr) {
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(bArr);
            try {
                ASN1Sequence readObject = aSN1InputStream.readObject();
                aSN1InputStream.close();
                return readObject;
            } finally {
            }
        } catch (IOException e) {
            throw new DSSException("Unable to retrieve the ASN1Sequence", e);
        }
    }

    /* JADX WARN: Type inference failed for: r1v3, types: [byte[], byte[][]] */
    public static byte[] getAsn1SignaturePolicyDigest(DigestAlgorithm digestAlgorithm, byte[] bArr) {
        ASN1Sequence aSN1Primitive = toASN1Primitive(bArr);
        return DSSUtils.digest(digestAlgorithm, (byte[][]) new byte[]{getDEREncoded((ASN1Encodable) AlgorithmIdentifier.getInstance(aSN1Primitive.getObjectAt(0))), getDEREncoded((ASN1Encodable) aSN1Primitive.getObjectAt(1))});
    }

    public static AlgorithmIdentifier getAlgorithmIdentifier(ASN1Sequence aSN1Sequence) {
        if (aSN1Sequence == null || aSN1Sequence.size() <= 3) {
            return null;
        }
        ASN1Sequence objectAt = aSN1Sequence.getObjectAt(0);
        if (objectAt instanceof ASN1Sequence) {
            return AlgorithmIdentifier.getInstance(objectAt);
        }
        if (objectAt instanceof ASN1ObjectIdentifier) {
            return new AlgorithmIdentifier(ASN1ObjectIdentifier.getInstance(objectAt));
        }
        return null;
    }

    public static AlgorithmIdentifier getAlgorithmIdentifier(DigestAlgorithm digestAlgorithm) {
        return new AlgorithmIdentifier(new ASN1ObjectIdentifier(digestAlgorithm.getOid()), DERNull.INSTANCE);
    }

    public static ASN1Sequence getCertificatesHashIndex(ASN1Sequence aSN1Sequence) {
        if (aSN1Sequence == null) {
            return null;
        }
        int i = 0;
        if (aSN1Sequence.size() > 3) {
            i = 0 + 1;
        }
        return aSN1Sequence.getObjectAt(i).toASN1Primitive();
    }

    public static ASN1Sequence getCRLHashIndex(ASN1Sequence aSN1Sequence) {
        if (aSN1Sequence == null) {
            return null;
        }
        int i = 1;
        if (aSN1Sequence.size() > 3) {
            i = 1 + 1;
        }
        return aSN1Sequence.getObjectAt(i).toASN1Primitive();
    }

    public static ASN1Sequence getUnsignedAttributesHashIndex(ASN1Sequence aSN1Sequence) {
        if (aSN1Sequence == null) {
            return null;
        }
        int i = 2;
        if (aSN1Sequence.size() > 3) {
            i = 2 + 1;
        }
        return aSN1Sequence.getObjectAt(i).toASN1Primitive();
    }

    public static List<DEROctetString> getDEROctetStrings(ASN1Sequence aSN1Sequence) {
        ArrayList arrayList = new ArrayList();
        if (aSN1Sequence != null) {
            arrayList.addAll(Collections.list(aSN1Sequence.getObjects()));
        }
        return arrayList;
    }

    public static boolean hasIdPkixOcspNoCheckExtension(CertificateToken certificateToken) {
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck.getId());
        if (extensionValue == null) {
            return false;
        }
        try {
            DEROctetString aSN1Primitive = toASN1Primitive(extensionValue);
            if (aSN1Primitive instanceof DEROctetString) {
                return isDEROctetStringNull(aSN1Primitive);
            }
            return false;
        } catch (Exception e) {
            LOG.debug("Exception when processing 'id_pkix_ocsp_no_check'", e);
            return false;
        }
    }

    public static List<CertificatePolicy> getCertificatePolicies(CertificateToken certificateToken) {
        ArrayList arrayList = new ArrayList();
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(Extension.certificatePolicies.getId());
        if (Utils.isArrayNotEmpty(extensionValue)) {
            try {
                ASN1Sequence asn1SequenceFromDerOctetString = getAsn1SequenceFromDerOctetString(extensionValue);
                for (int i = 0; i < asn1SequenceFromDerOctetString.size(); i++) {
                    CertificatePolicy certificatePolicy = new CertificatePolicy();
                    PolicyInformation policyInformation = PolicyInformation.getInstance(asn1SequenceFromDerOctetString.getObjectAt(i));
                    certificatePolicy.setOid(policyInformation.getPolicyIdentifier().getId());
                    ASN1Sequence policyQualifiers = policyInformation.getPolicyQualifiers();
                    if (policyQualifiers != null) {
                        for (int i2 = 0; i2 < policyQualifiers.size(); i2++) {
                            PolicyQualifierInfo policyQualifierInfo = PolicyQualifierInfo.getInstance(policyQualifiers.getObjectAt(i2));
                            if (PolicyQualifierId.id_qt_cps.equals(policyQualifierInfo.getPolicyQualifierId())) {
                                certificatePolicy.setCpsUrl(getString(policyQualifierInfo.getQualifier()));
                            }
                        }
                    }
                    arrayList.add(certificatePolicy);
                }
            } catch (Exception e) {
                LOG.warn("Unable to parse the certificatePolicies extension '{}' : {}", new Object[]{Utils.toBase64(extensionValue), e.getMessage(), e});
            }
        }
        return arrayList;
    }

    public static List<String> getQCStatementsIdList(CertificateToken certificateToken) {
        ArrayList arrayList = new ArrayList();
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(Extension.qCStatements.getId());
        if (Utils.isArrayNotEmpty(extensionValue)) {
            try {
                ASN1Sequence asn1SequenceFromDerOctetString = getAsn1SequenceFromDerOctetString(extensionValue);
                for (int i = 0; i < asn1SequenceFromDerOctetString.size(); i++) {
                    arrayList.add(QCStatement.getInstance(asn1SequenceFromDerOctetString.getObjectAt(i)).getStatementId().getId());
                }
            } catch (Exception e) {
                LOG.warn("Unable to parse the qCStatements extension '{}' : {}", new Object[]{Utils.toBase64(extensionValue), e.getMessage(), e});
            }
        }
        return arrayList;
    }

    public static List<String> getQCTypesIdList(CertificateToken certificateToken) {
        ArrayList arrayList = new ArrayList();
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(Extension.qCStatements.getId());
        if (Utils.isArrayNotEmpty(extensionValue)) {
            try {
                ASN1Sequence asn1SequenceFromDerOctetString = getAsn1SequenceFromDerOctetString(extensionValue);
                for (int i = 0; i < asn1SequenceFromDerOctetString.size(); i++) {
                    QCStatement qCStatement = QCStatement.getInstance(asn1SequenceFromDerOctetString.getObjectAt(i));
                    if (QC_TYPE_STATEMENT_OID.equals(qCStatement.getStatementId().getId())) {
                        ASN1Sequence statementInfo = qCStatement.getStatementInfo();
                        if (statementInfo instanceof ASN1Sequence) {
                            ASN1Sequence aSN1Sequence = statementInfo;
                            for (int i2 = 0; i2 < aSN1Sequence.size(); i2++) {
                                ASN1ObjectIdentifier objectAt = aSN1Sequence.getObjectAt(i2);
                                if (objectAt instanceof ASN1ObjectIdentifier) {
                                    arrayList.add(objectAt.getId());
                                } else {
                                    LOG.warn("ASN1Sequence in QcTypes does not contain ASN1ObjectIdentifer, but {}", objectAt.getClass().getName());
                                }
                            }
                        } else {
                            LOG.warn("QcTypes not an ASN1Sequence, but {}", statementInfo.getClass().getName());
                        }
                    }
                }
            } catch (Exception e) {
                LOG.warn("Unable to parse the qCStatements extension '{}' : {}", new Object[]{Utils.toBase64(extensionValue), e.getMessage(), e});
            }
        }
        return arrayList;
    }

    public static List<String> getQCLegislations(CertificateToken certificateToken) {
        ArrayList arrayList = new ArrayList();
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(Extension.qCStatements.getId());
        if (Utils.isArrayNotEmpty(extensionValue)) {
            try {
                ASN1Sequence asn1SequenceFromDerOctetString = getAsn1SequenceFromDerOctetString(extensionValue);
                for (int i = 0; i < asn1SequenceFromDerOctetString.size(); i++) {
                    QCStatement qCStatement = QCStatement.getInstance(asn1SequenceFromDerOctetString.getObjectAt(i));
                    if (QC_LEGISLATION_OID.equals(qCStatement.getStatementId().getId())) {
                        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(qCStatement.getStatementInfo());
                        for (int i2 = 0; i2 < aSN1Sequence.size(); i2++) {
                            arrayList.add(getString(aSN1Sequence.getObjectAt(i2)));
                        }
                    }
                }
            } catch (Exception e) {
                LOG.warn("Unable to parse the qCStatements extension '{}' : {}", new Object[]{Utils.toBase64(extensionValue), e.getMessage(), e});
            }
        }
        return arrayList;
    }

    public static byte[] getSki(CertificateToken certificateToken) {
        return getSki(certificateToken, false);
    }

    public static byte[] getSki(CertificateToken certificateToken, boolean z) {
        try {
            byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(Extension.subjectKeyIdentifier.getId());
            if (Utils.isArrayNotEmpty(extensionValue)) {
                return SubjectKeyIdentifier.getInstance(JcaX509ExtensionUtils.parseExtensionValue(extensionValue)).getKeyIdentifier();
            }
            if (z) {
                return computeSkiFromCert(certificateToken);
            }
            return null;
        } catch (IOException e) {
            throw new DSSException(e);
        }
    }

    public static byte[] getAuthorityKeyIdentifier(CertificateToken certificateToken) {
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(Extension.authorityKeyIdentifier.getId());
        if (!Utils.isArrayNotEmpty(extensionValue)) {
            return null;
        }
        try {
            return AuthorityKeyIdentifier.getInstance(JcaX509ExtensionUtils.parseExtensionValue(extensionValue)).getKeyIdentifier();
        } catch (IOException e) {
            throw new DSSException("Unable to parse the authorityKeyIdentifier extension", e);
        }
    }

    public static byte[] computeSkiFromCert(CertificateToken certificateToken) {
        return computeSkiFromCertPublicKey(certificateToken.getPublicKey());
    }

    public static byte[] computeSkiFromCertPublicKey(PublicKey publicKey) {
        try {
            return DSSUtils.digest(DigestAlgorithm.SHA1, ASN1Primitive.fromByteArray(publicKey.getEncoded()).getObjectAt(1).getOctets());
        } catch (IOException e) {
            throw new DSSException(e);
        }
    }

    public static boolean isSkiEqual(byte[] bArr, CertificateToken certificateToken) {
        return Arrays.equals(computeSkiFromCert(certificateToken), bArr);
    }

    public static List<String> getCAAccessLocations(CertificateToken certificateToken) {
        return getAccessLocations(certificateToken, X509ObjectIdentifiers.id_ad_caIssuers);
    }

    public static List<String> getOCSPAccessLocations(CertificateToken certificateToken) {
        return getAccessLocations(certificateToken, X509ObjectIdentifiers.id_ad_ocsp);
    }

    private static List<String> getAccessLocations(CertificateToken certificateToken, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        ASN1Sequence asn1SequenceFromDerOctetString;
        String parseGn;
        ArrayList arrayList = new ArrayList();
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(Extension.authorityInfoAccess.getId());
        if (null == extensionValue) {
            return arrayList;
        }
        try {
            asn1SequenceFromDerOctetString = getAsn1SequenceFromDerOctetString(extensionValue);
        } catch (Exception e) {
            LOG.error("Unable to parse authorityInfoAccess", e);
        }
        if (asn1SequenceFromDerOctetString == null || asn1SequenceFromDerOctetString.size() == 0) {
            LOG.warn("Empty ASN1Sequence for AuthorityInformationAccess");
            return arrayList;
        }
        for (AccessDescription accessDescription : AuthorityInformationAccess.getInstance(asn1SequenceFromDerOctetString).getAccessDescriptions()) {
            if (aSN1ObjectIdentifier.equals(accessDescription.getAccessMethod()) && (parseGn = parseGn(accessDescription.getAccessLocation())) != null) {
                arrayList.add(parseGn);
            }
        }
        return arrayList;
    }

    public static List<String> getCrlUrls(CertificateToken certificateToken) {
        ArrayList arrayList = new ArrayList();
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(Extension.cRLDistributionPoints.getId());
        if (extensionValue != null) {
            try {
                for (DistributionPoint distributionPoint : CRLDistPoint.getInstance(getAsn1SequenceFromDerOctetString(extensionValue)).getDistributionPoints()) {
                    DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
                    if (0 == distributionPoint2.getType()) {
                        for (GeneralName generalName : distributionPoint2.getName().getNames()) {
                            String parseGn = parseGn(generalName);
                            if (parseGn != null) {
                                arrayList.add(parseGn);
                            }
                        }
                    }
                }
            } catch (Exception e) {
                LOG.error("Unable to parse cRLDistributionPoints", e);
            }
        }
        return arrayList;
    }

    private static String parseGn(GeneralName generalName) {
        try {
            if (6 == generalName.getTagNo()) {
                return generalName.toASN1Primitive().getObject().getString();
            }
            return null;
        } catch (Exception e) {
            LOG.warn("Unable to parse GN '{}'", generalName, e);
            return null;
        }
    }

    public static boolean isOCSPSigning(CertificateToken certificateToken) {
        return isExtendedKeyUsagePresent(certificateToken, KeyPurposeId.id_kp_OCSPSigning.toOID());
    }

    public static boolean isExtendedKeyUsagePresent(CertificateToken certificateToken, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        try {
            List<String> extendedKeyUsage = certificateToken.getCertificate().getExtendedKeyUsage();
            if (extendedKeyUsage != null) {
                return extendedKeyUsage.contains(aSN1ObjectIdentifier.getId());
            }
            return false;
        } catch (CertificateParsingException e) {
            LOG.error("Unable to retrieve ExtendedKeyUsage from certificate", e);
            return false;
        }
    }

    public static X509CertificateHolder getX509CertificateHolder(CertificateToken certificateToken) {
        try {
            return new X509CertificateHolder(certificateToken.getEncoded());
        } catch (IOException e) {
            throw new DSSException(e);
        }
    }

    public static CertificateToken getCertificate(X509CertificateHolder x509CertificateHolder) {
        try {
            return new CertificateToken(new JcaX509CertificateConverter().setProvider(DSSSecurityProvider.getSecurityProviderName()).getCertificate(x509CertificateHolder));
        } catch (CertificateException e) {
            throw new DSSException(e);
        }
    }

    public static CertificateIdentifier toIssuerSerialInfo(SignerId signerId) {
        return toCertificateIdentifier(toX500Principal(signerId.getIssuer()), signerId.getSerialNumber(), signerId.getSubjectKeyIdentifier());
    }

    public static X500Principal toX500Principal(X500Name x500Name) {
        if (x500Name == null) {
            return null;
        }
        try {
            return new X500Principal(x500Name.getEncoded());
        } catch (IOException e) {
            throw new DSSException(String.format("Cannot extract X500Principal! Reason : %s", e.getMessage()), e);
        }
    }

    public static CertificateIdentifier toCertificateIdentifier(X500Principal x500Principal, BigInteger bigInteger, byte[] bArr) {
        CertificateIdentifier certificateIdentifier = new CertificateIdentifier();
        certificateIdentifier.setIssuerName(x500Principal);
        certificateIdentifier.setSerialNumber(bigInteger);
        certificateIdentifier.setSki(bArr);
        return certificateIdentifier;
    }

    public static IssuerSerial getIssuerSerial(CertificateToken certificateToken) {
        return new IssuerSerial(new GeneralNames(new GeneralName(getX509CertificateHolder(certificateToken).getIssuer())), certificateToken.getCertificate().getSerialNumber());
    }

    public static boolean x500PrincipalAreEquals(X500Principal x500Principal, X500Principal x500Principal2) {
        if (x500Principal == null || x500Principal2 == null) {
            return false;
        }
        if (x500Principal.equals(x500Principal2)) {
            return true;
        }
        return get(x500Principal).entrySet().containsAll(get(x500Principal2).entrySet());
    }

    public static Map<String, String> get(X500Principal x500Principal) {
        HashMap hashMap = new HashMap();
        for (DLSet dLSet : ASN1Sequence.getInstance(x500Principal.getEncoded()).toArray()) {
            for (int i = 0; i < dLSet.size(); i++) {
                DLSequence objectAt = dLSet.getObjectAt(i);
                if (objectAt.size() != 2) {
                    throw new DSSException("The DLSequence must contains exactly 2 elements.");
                }
                hashMap.put(getString(objectAt.getObjectAt(0)), getString(objectAt.getObjectAt(1)));
            }
        }
        return hashMap;
    }

    public static X500Principal getNormalizedX500Principal(X500Principal x500Principal) {
        return new X500Principal(getUtf8String(x500Principal));
    }

    public static String getUtf8String(X500Principal x500Principal) {
        DLSet[] array = ASN1Sequence.getInstance(x500Principal.getEncoded()).toArray();
        StringBuilder sb = new StringBuilder();
        for (int length = array.length - 1; length >= 0; length--) {
            DLSet dLSet = array[length];
            for (int i = 0; i < dLSet.size(); i++) {
                DLSequence objectAt = dLSet.getObjectAt(i);
                if (objectAt.size() != 2) {
                    throw new DSSException("The DLSequence must contains exactly 2 elements.");
                }
                ASN1Encodable objectAt2 = objectAt.getObjectAt(0);
                String escapeValue = Rdn.escapeValue(getString(objectAt.getObjectAt(1)));
                if (sb.length() != 0) {
                    sb.append(',');
                }
                sb.append(objectAt2).append('=').append(escapeValue);
            }
        }
        return sb.toString();
    }

    public static String getString(ASN1Encodable aSN1Encodable) {
        String obj;
        if (aSN1Encodable instanceof ASN1String) {
            obj = ((ASN1String) aSN1Encodable).getString();
        } else if (aSN1Encodable instanceof ASN1ObjectIdentifier) {
            obj = ((ASN1ObjectIdentifier) aSN1Encodable).getId();
        } else {
            LOG.error("!!!*******!!! This encoding is unknown: {}", aSN1Encodable.getClass().getSimpleName());
            obj = aSN1Encodable.toString();
            LOG.error("!!!*******!!! value: {}", obj);
        }
        return obj;
    }

    public static String extractAttributeFromX500Principal(ASN1ObjectIdentifier aSN1ObjectIdentifier, X500PrincipalHelper x500PrincipalHelper) {
        for (RDN rdn : X500Name.getInstance(x500PrincipalHelper.getEncoded()).getRDNs(aSN1ObjectIdentifier)) {
            if (rdn.isMultiValued()) {
                for (AttributeTypeAndValue attributeTypeAndValue : rdn.getTypesAndValues()) {
                    if (aSN1ObjectIdentifier.equals(attributeTypeAndValue.getType())) {
                        return attributeTypeAndValue.getValue().toString();
                    }
                }
            } else {
                AttributeTypeAndValue first = rdn.getFirst();
                if (aSN1ObjectIdentifier.equals(first.getType())) {
                    return first.getValue().toString();
                }
            }
        }
        return null;
    }

    public static String getSubjectCommonName(CertificateToken certificateToken) {
        return extractAttributeFromX500Principal(BCStyle.CN, certificateToken.getSubject());
    }

    public static String getHumanReadableName(CertificateToken certificateToken) {
        return firstNotNull(certificateToken, BCStyle.CN, BCStyle.GIVENNAME, BCStyle.SURNAME, BCStyle.NAME, BCStyle.PSEUDONYM, BCStyle.O, BCStyle.OU);
    }

    private static String firstNotNull(CertificateToken certificateToken, ASN1ObjectIdentifier... aSN1ObjectIdentifierArr) {
        for (ASN1ObjectIdentifier aSN1ObjectIdentifier : aSN1ObjectIdentifierArr) {
            String extractAttributeFromX500Principal = extractAttributeFromX500Principal(aSN1ObjectIdentifier, certificateToken.getSubject());
            if (extractAttributeFromX500Principal != null) {
                return extractAttributeFromX500Principal;
            }
        }
        return null;
    }

    public static SignerInformation getFirstSignerInformation(CMSSignedData cMSSignedData) {
        Collection signers = cMSSignedData.getSignerInfos().getSigners();
        if (signers.size() > 1) {
            LOG.warn("!!! The framework handles only one signer (SignerInformation) !!!");
        }
        return (SignerInformation) signers.iterator().next();
    }

    public static boolean isASN1SequenceTag(byte b) {
        return 48 == b;
    }

    public static Date getDate(ASN1Encodable aSN1Encodable) {
        try {
            return Time.getInstance(aSN1Encodable).getDate();
        } catch (Exception e) {
            LOG.warn("Unable to retrieve the date {}", aSN1Encodable, e);
            return null;
        }
    }

    public static boolean isEmpty(AttributeTable attributeTable) {
        return attributeTable == null || attributeTable.size() == 0;
    }

    public static AttributeTable emptyIfNull(AttributeTable attributeTable) {
        return attributeTable == null ? new AttributeTable(new Hashtable()) : attributeTable;
    }

    public static List<String> getExtendedKeyUsage(CertificateToken certificateToken) {
        try {
            return certificateToken.getCertificate().getExtendedKeyUsage();
        } catch (CertificateParsingException e) {
            LOG.warn("Unable to retrieve ExtendedKeyUsage : {}", e.getMessage());
            return Collections.emptyList();
        }
    }

    public static IssuerSerial getIssuerSerial(byte[] bArr) {
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(bArr);
            try {
                IssuerSerial issuerSerial = IssuerSerial.getInstance(aSN1InputStream.readObject());
                aSN1InputStream.close();
                return issuerSerial;
            } finally {
            }
        } catch (Exception e) {
            LOG.error("Unable to decode IssuerSerialV2 textContent '{}' : {}", new Object[]{Utils.toBase64(bArr), e.getMessage(), e});
            return null;
        }
    }

    public static CertificateIdentifier toCertificateIdentifier(IssuerSerial issuerSerial) {
        if (issuerSerial == null) {
            return null;
        }
        try {
            CertificateIdentifier certificateIdentifier = new CertificateIdentifier();
            GeneralNames issuer = issuerSerial.getIssuer();
            if (issuer != null) {
                GeneralName[] names = issuer.getNames();
                if (names.length == 1) {
                    certificateIdentifier.setIssuerName(new X500Principal(names[0].getName().toASN1Primitive().getEncoded("DER")));
                } else {
                    LOG.warn("More than one GeneralName");
                }
            }
            ASN1Integer serial = issuerSerial.getSerial();
            if (serial != null) {
                certificateIdentifier.setSerialNumber(serial.getValue());
            }
            return certificateIdentifier;
        } catch (Exception e) {
            LOG.error("Unable to read the IssuerSerial object", e);
            return null;
        }
    }

    public static ASN1Sequence getAtsHashIndex(AttributeTable attributeTable) {
        return getAtsHashIndexByVersion(attributeTable, getAtsHashIndexVersionIdentifier(attributeTable));
    }

    public static ASN1Sequence getAtsHashIndexByVersion(AttributeTable attributeTable, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        Attribute attribute;
        ASN1Set attrValues;
        if (attributeTable == null || aSN1ObjectIdentifier == null || (attribute = attributeTable.get(aSN1ObjectIdentifier)) == null || (attrValues = attribute.getAttrValues()) == null || attrValues.size() != 1) {
            return null;
        }
        return attrValues.getObjectAt(0).toASN1Primitive();
    }

    public static ASN1ObjectIdentifier getAtsHashIndexVersionIdentifier(AttributeTable attributeTable) {
        if (attributeTable == null) {
            return null;
        }
        for (Attribute attribute : attributeTable.toASN1Structure().getAttributes()) {
            ASN1ObjectIdentifier attrType = attribute.getAttrType();
            if (OID.id_aa_ATSHashIndex.equals(attrType) || OID.id_aa_ATSHashIndexV2.equals(attrType) || OID.id_aa_ATSHashIndexV3.equals(attrType)) {
                LOG.debug("Unsigned attribute of type [{}] found in the timestamp.", attrType);
                return attrType;
            }
        }
        LOG.warn("The timestamp unsignedAttributes does not contain ATSHashIndex!");
        return null;
    }

    /* JADX WARN: Type inference failed for: r1v7, types: [byte[], byte[][]] */
    public static List<byte[]> getOctetStringForAtsHashIndex(Attribute attribute, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        ArrayList arrayList = new ArrayList();
        if (OID.id_aa_ATSHashIndexV3.equals(aSN1ObjectIdentifier)) {
            byte[] dEREncoded = getDEREncoded((ASN1Encodable) attribute.getAttrType());
            for (ASN1Encodable aSN1Encodable : attribute.getAttrValues().toArray()) {
                arrayList.add(DSSUtils.concatenate(new byte[]{dEREncoded, getDEREncoded(aSN1Encodable)}));
            }
        } else {
            arrayList.add(getDEREncoded((ASN1Encodable) attribute));
        }
        return arrayList;
    }

    public static ASN1Encodable getAsn1Encodable(AttributeTable attributeTable, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        ASN1Set asn1AttributeSet = getAsn1AttributeSet(attributeTable, aSN1ObjectIdentifier);
        if (asn1AttributeSet == null || asn1AttributeSet.size() <= 0) {
            return null;
        }
        return asn1AttributeSet.getObjectAt(0);
    }

    public static ASN1Set getAsn1AttributeSet(AttributeTable attributeTable, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        Attribute attribute = attributeTable.get(aSN1ObjectIdentifier);
        if (attribute == null) {
            return null;
        }
        return attribute.getAttrValues();
    }

    public static Attribute[] getAsn1Attributes(AttributeTable attributeTable, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        ASN1EncodableVector all = attributeTable.getAll(aSN1ObjectIdentifier);
        if (all == null) {
            return null;
        }
        return new Attributes(all).getAttributes();
    }

    public static List<TimeStampToken> findArchiveTimeStampTokens(AttributeTable attributeTable) {
        TimeStampToken timeStampToken;
        ArrayList arrayList = new ArrayList();
        for (Attribute attribute : attributeTable.toASN1Structure().getAttributes()) {
            if (isArchiveTimeStampToken(attribute) && (timeStampToken = getTimeStampToken(attribute)) != null) {
                arrayList.add(timeStampToken);
            }
        }
        return arrayList;
    }

    public static boolean isArchiveTimeStampToken(Attribute attribute) {
        return isAttributeOfType(attribute, OID.id_aa_ets_archiveTimestampV2) || isAttributeOfType(attribute, OID.id_aa_ets_archiveTimestampV3);
    }

    public static boolean isAttributeOfType(Attribute attribute, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        if (attribute == null) {
            return false;
        }
        return aSN1ObjectIdentifier.equals(attribute.getAttrType());
    }

    public static TimeStampToken getTimeStampToken(Attribute attribute) {
        try {
            CMSSignedData cMSSignedData = getCMSSignedData(attribute);
            if (cMSSignedData != null) {
                return new TimeStampToken(cMSSignedData);
            }
            return null;
        } catch (IOException | CMSException | TSPException e) {
            LOG.warn("The given TimeStampToken cannot be created! Reason: [{}]", e.getMessage());
            return null;
        }
    }

    public static CMSSignedData getCMSSignedData(Attribute attribute) throws CMSException, IOException {
        ASN1Encodable asn1Encodable = getAsn1Encodable(attribute);
        if (!(asn1Encodable instanceof DEROctetString)) {
            return new CMSSignedData(asn1Encodable.toASN1Primitive().getEncoded());
        }
        LOG.warn("Illegal content for CMSSignedData (OID : {}) : OCTET STRING is not allowed !", attribute.getAttrType());
        return null;
    }

    public static ASN1Encodable getAsn1Encodable(Attribute attribute) {
        return attribute.getAttrValues().getObjectAt(0);
    }

    public static Date getTimeStampTokenGenerationTime(TimeStampToken timeStampToken) {
        if (timeStampToken != null) {
            return timeStampToken.getTimeStampInfo().getGenTime();
        }
        return null;
    }

    public static RevocationValues getRevocationValues(ASN1Encodable aSN1Encodable) {
        if (aSN1Encodable == null) {
            return null;
        }
        try {
            return RevocationValues.getInstance(aSN1Encodable);
        } catch (Exception e) {
            LOG.warn("Unable to parse RevocationValues", e);
            return null;
        }
    }

    public static CertificateRef getCertificateRef(OtherCertID otherCertID) {
        CertificateRef certificateRef = new CertificateRef();
        certificateRef.setCertDigest(new Digest(DigestAlgorithm.forOID(otherCertID.getAlgorithmHash().getAlgorithm().getId()), otherCertID.getCertHash()));
        certificateRef.setCertificateIdentifier(toCertificateIdentifier(otherCertID.getIssuerSerial()));
        return certificateRef;
    }

    public static PSD2QcType getPSD2QcStatement(CertificateToken certificateToken) {
        PSD2QcType pSD2QcType = null;
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(Extension.qCStatements.getId());
        if (Utils.isArrayNotEmpty(extensionValue)) {
            try {
                ASN1Sequence asn1SequenceFromDerOctetString = getAsn1SequenceFromDerOctetString(extensionValue);
                for (int i = 0; i < asn1SequenceFromDerOctetString.size(); i++) {
                    QCStatement qCStatement = QCStatement.getInstance(asn1SequenceFromDerOctetString.getObjectAt(i));
                    if (OID.psd2_qcStatement.equals(qCStatement.getStatementId())) {
                        pSD2QcType = new PSD2QcType();
                        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(qCStatement.getStatementInfo());
                        ASN1Sequence aSN1Sequence2 = ASN1Sequence.getInstance(aSN1Sequence.getObjectAt(0));
                        ArrayList arrayList = new ArrayList();
                        for (int i2 = 0; i2 < aSN1Sequence2.size(); i2++) {
                            ASN1Sequence aSN1Sequence3 = ASN1Sequence.getInstance(aSN1Sequence2.getObjectAt(i2));
                            RoleOfPSP roleOfPSP = new RoleOfPSP();
                            roleOfPSP.setPspOid(RoleOfPspOid.fromOid(aSN1Sequence3.getObjectAt(0).getId()));
                            roleOfPSP.setPspName(getString(aSN1Sequence3.getObjectAt(1)));
                            arrayList.add(roleOfPSP);
                        }
                        pSD2QcType.setRolesOfPSP(arrayList);
                        pSD2QcType.setNcaName(getString(aSN1Sequence.getObjectAt(1)));
                        pSD2QcType.setNcaId(getString(aSN1Sequence.getObjectAt(2)));
                    }
                }
            } catch (Exception e) {
                LOG.warn("Unable to read QCStatement", e);
            }
        }
        return pSD2QcType;
    }

    public static List<String> getSubjectAlternativeNames(CertificateToken certificateToken) {
        ArrayList arrayList = new ArrayList();
        try {
            Collection<List<?>> subjectAlternativeNames = certificateToken.getCertificate().getSubjectAlternativeNames();
            if (Utils.isCollectionNotEmpty(subjectAlternativeNames)) {
                for (List<?> list : subjectAlternativeNames) {
                    if (Utils.collectionSize(list) == 2) {
                        Object obj = list.get(1);
                        if (obj instanceof String) {
                            arrayList.add((String) obj);
                        } else {
                            LOG.trace("Ignored value : {}", obj);
                        }
                    }
                }
            }
        } catch (Exception e) {
            LOG.warn("Unable to extract SubjectAlternativeNames", e);
        }
        return arrayList;
    }

    public static SemanticsIdentifier getSemanticsIdentifier(CertificateToken certificateToken) {
        SemanticsInformation semanticsInformation;
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(Extension.qCStatements.getId());
        if (!Utils.isArrayNotEmpty(extensionValue)) {
            return null;
        }
        try {
            ASN1Sequence asn1SequenceFromDerOctetString = getAsn1SequenceFromDerOctetString(extensionValue);
            for (int i = 0; i < asn1SequenceFromDerOctetString.size(); i++) {
                QCStatement qCStatement = QCStatement.getInstance(asn1SequenceFromDerOctetString.getObjectAt(i));
                if (RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v2.equals(qCStatement.getStatementId()) && (semanticsInformation = SemanticsInformation.getInstance(qCStatement.getStatementInfo())) != null && semanticsInformation.getSemanticsIdentifier() != null) {
                    return SemanticsIdentifier.fromOid(semanticsInformation.getSemanticsIdentifier().getId());
                }
            }
            return null;
        } catch (Exception e) {
            LOG.warn("Unable to extract the SemanticsIdentifier", e);
            return null;
        }
    }

    static {
        Security.addProvider(DSSSecurityProvider.getSecurityProvider());
    }
}
