package eu.europa.esig.dss;

import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.x509.CertificateToken;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.ASN1UTCTime;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.DLSet;
import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.IssuerSerial;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.asn1.x509.qualified.QCStatement;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.x509.extension.X509ExtensionUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/DSSASN1Utils.class */
public final class DSSASN1Utils {
    private static final Logger LOG = LoggerFactory.getLogger(DSSASN1Utils.class);
    private static final String QC_TYPE_STATEMENT_OID = "0.4.0.1862.1.6";

    private DSSASN1Utils() {
    }

    public static <T extends ASN1Primitive> T toASN1Primitive(byte[] bArr) throws DSSException {
        try {
            return (T) ASN1Primitive.fromByteArray(bArr);
        } catch (IOException e) {
            throw new DSSException(e);
        }
    }

    private static boolean isDEROctetStringNull(DEROctetString dEROctetString) {
        return DERNull.INSTANCE.equals(toASN1Primitive(dEROctetString.getOctets()));
    }

    public static byte[] getDEREncoded(ASN1Encodable aSN1Encodable) {
        try {
            return aSN1Encodable.toASN1Primitive().getEncoded("DER");
        } catch (IOException e) {
            throw new DSSException(e);
        }
    }

    public static byte[] getEncoded(BasicOCSPResp basicOCSPResp) {
        try {
            return getDEREncoded(BasicOCSPResponse.getInstance(basicOCSPResp.getEncoded()));
        } catch (IOException e) {
            throw new DSSException(e);
        }
    }

    public static Date toDate(ASN1UTCTime aSN1UTCTime) throws DSSException {
        try {
            return aSN1UTCTime.getDate();
        } catch (ParseException e) {
            throw new DSSException(e);
        }
    }

    public static Date toDate(ASN1GeneralizedTime aSN1GeneralizedTime) throws DSSException {
        try {
            return aSN1GeneralizedTime.getDate();
        } catch (ParseException e) {
            throw new DSSException(e);
        }
    }

    public static String toString(ASN1OctetString aSN1OctetString) {
        return new String(aSN1OctetString.getOctets());
    }

    public static byte[] getEncoded(TimeStampToken timeStampToken) throws DSSException {
        try {
            return timeStampToken.getEncoded();
        } catch (IOException e) {
            throw new DSSException(e);
        }
    }

    public static ASN1Sequence getAsn1SequenceFromDerOctetString(byte[] bArr) throws DSSException {
        ASN1InputStream aSN1InputStream = null;
        try {
            try {
                ASN1InputStream aSN1InputStream2 = new ASN1InputStream(bArr);
                byte[] octets = aSN1InputStream2.readObject().getOctets();
                aSN1InputStream2.close();
                aSN1InputStream = new ASN1InputStream(octets);
                ASN1Sequence readObject = aSN1InputStream.readObject();
                Utils.closeQuietly(aSN1InputStream);
                return readObject;
            } catch (IOException e) {
                throw new DSSException("Error when computing certificate's extensions.", e);
            }
        } catch (Throwable th) {
            Utils.closeQuietly(aSN1InputStream);
            throw th;
        }
    }

    /* JADX WARN: Type inference failed for: r1v3, types: [byte[], byte[][]] */
    public static byte[] getAsn1SignaturePolicyDigest(DigestAlgorithm digestAlgorithm, byte[] bArr) {
        ASN1Sequence aSN1Primitive = toASN1Primitive(bArr);
        return DSSUtils.digest(digestAlgorithm, (byte[][]) new byte[]{getDEREncoded(AlgorithmIdentifier.getInstance(aSN1Primitive.getObjectAt(0))), getDEREncoded(aSN1Primitive.getObjectAt(1))});
    }

    public static String getCanonicalizedName(GeneralNames generalNames) {
        GeneralName[] names = generalNames.getNames();
        TreeMap treeMap = new TreeMap();
        for (GeneralName generalName : names) {
            String valueOf = String.valueOf(generalName.getName());
            LOG.debug("ldapString to canonicalize: {} ", valueOf);
            try {
                for (Rdn rdn : new LdapName(valueOf).getRdns()) {
                    treeMap.put(rdn.getType().toLowerCase(), String.valueOf(rdn.getValue()).toLowerCase());
                }
            } catch (InvalidNameException e) {
                throw new DSSException(e);
            }
        }
        StringBuilder sb = new StringBuilder();
        for (Map.Entry entry : treeMap.entrySet()) {
            sb.append((String) entry.getKey()).append('=').append((String) entry.getValue()).append('|');
        }
        String sb2 = sb.toString();
        LOG.debug("canonicalizedName: {} ", sb2);
        return sb2;
    }

    public static AlgorithmIdentifier getAlgorithmIdentifier(SignatureAlgorithm signatureAlgorithm) {
        return new AlgorithmIdentifier(new ASN1ObjectIdentifier(signatureAlgorithm.getJCEId()), DERNull.INSTANCE);
    }

    public static AlgorithmIdentifier getAlgorithmIdentifier(DigestAlgorithm digestAlgorithm) {
        return new AlgorithmIdentifier(new ASN1ObjectIdentifier(digestAlgorithm.getOid()), DERNull.INSTANCE);
    }

    public static boolean hasIdPkixOcspNoCheckExtension(CertificateToken certificateToken) {
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck.getId());
        if (extensionValue == null) {
            return false;
        }
        try {
            DEROctetString aSN1Primitive = toASN1Primitive(extensionValue);
            if (aSN1Primitive instanceof DEROctetString) {
                return isDEROctetStringNull(aSN1Primitive);
            }
            return false;
        } catch (Exception e) {
            LOG.debug("Exception when processing 'id_pkix_ocsp_no_check'", e);
            return false;
        }
    }

    public static List<String> getPolicyIdentifiers(CertificateToken certificateToken) {
        ArrayList arrayList = new ArrayList();
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(Extension.certificatePolicies.getId());
        if (extensionValue != null) {
            ASN1Sequence asn1SequenceFromDerOctetString = getAsn1SequenceFromDerOctetString(extensionValue);
            for (int i = 0; i < asn1SequenceFromDerOctetString.size(); i++) {
                arrayList.add(PolicyInformation.getInstance(asn1SequenceFromDerOctetString.getObjectAt(i)).getPolicyIdentifier().getId());
            }
        }
        return arrayList;
    }

    public static List<String> getQCStatementsIdList(CertificateToken certificateToken) {
        ArrayList arrayList = new ArrayList();
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(Extension.qCStatements.getId());
        if (extensionValue != null) {
            ASN1Sequence asn1SequenceFromDerOctetString = getAsn1SequenceFromDerOctetString(extensionValue);
            for (int i = 0; i < asn1SequenceFromDerOctetString.size(); i++) {
                arrayList.add(QCStatement.getInstance(asn1SequenceFromDerOctetString.getObjectAt(i)).getStatementId().getId());
            }
        }
        return arrayList;
    }

    public static List<String> getQCTypesIdList(CertificateToken certificateToken) {
        ArrayList arrayList = new ArrayList();
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(Extension.qCStatements.getId());
        if (extensionValue != null) {
            ASN1Sequence asn1SequenceFromDerOctetString = getAsn1SequenceFromDerOctetString(extensionValue);
            for (int i = 0; i < asn1SequenceFromDerOctetString.size(); i++) {
                QCStatement qCStatement = QCStatement.getInstance(asn1SequenceFromDerOctetString.getObjectAt(i));
                if (QC_TYPE_STATEMENT_OID.equals(qCStatement.getStatementId().getId())) {
                    ASN1Sequence statementInfo = qCStatement.getStatementInfo();
                    if (!(statementInfo instanceof ASN1Sequence)) {
                        throw new IllegalStateException("QcTypes not an ASN1Sequence, but " + statementInfo.getClass().getName());
                    }
                    ASN1Sequence aSN1Sequence = statementInfo;
                    for (int i2 = 0; i2 < aSN1Sequence.size(); i2++) {
                        ASN1ObjectIdentifier objectAt = aSN1Sequence.getObjectAt(i2);
                        if (!(objectAt instanceof ASN1ObjectIdentifier)) {
                            throw new IllegalStateException("ASN1Sequence in QcTypes does not contain ASN1ObjectIdentifer, but " + objectAt.getClass().getName());
                        }
                        arrayList.add(objectAt.getId());
                    }
                }
            }
        }
        return arrayList;
    }

    public static byte[] getSki(CertificateToken certificateToken) throws DSSException {
        return getSki(certificateToken, false);
    }

    public static byte[] getSki(CertificateToken certificateToken, boolean z) throws DSSException {
        try {
            byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(Extension.subjectKeyIdentifier.getId());
            if (Utils.isArrayNotEmpty(extensionValue)) {
                return SubjectKeyIdentifier.getInstance(X509ExtensionUtil.fromExtensionValue(extensionValue)).getKeyIdentifier();
            }
            if (!z) {
                return null;
            }
            return DSSUtils.digest(DigestAlgorithm.SHA1, DERSequence.fromByteArray(certificateToken.getPublicKey().getEncoded()).getObjectAt(1).getOctets());
        } catch (Exception e) {
            throw new DSSException(e);
        }
    }

    public static List<String> getCAAccessLocations(CertificateToken certificateToken) {
        return getAccessLocations(certificateToken, X509ObjectIdentifiers.id_ad_caIssuers);
    }

    public static List<String> getOCSPAccessLocations(CertificateToken certificateToken) {
        return getAccessLocations(certificateToken, X509ObjectIdentifiers.id_ad_ocsp);
    }

    private static List<String> getAccessLocations(CertificateToken certificateToken, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        String parseGn;
        ArrayList arrayList = new ArrayList();
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(Extension.authorityInfoAccess.getId());
        if (null == extensionValue) {
            return arrayList;
        }
        try {
            for (AccessDescription accessDescription : AuthorityInformationAccess.getInstance(getAsn1SequenceFromDerOctetString(extensionValue)).getAccessDescriptions()) {
                if (aSN1ObjectIdentifier.equals(accessDescription.getAccessMethod()) && (parseGn = parseGn(accessDescription.getAccessLocation())) != null) {
                    arrayList.add(parseGn);
                }
            }
        } catch (Exception e) {
            LOG.error("Unable to parse authorityInfoAccess", e);
        }
        return arrayList;
    }

    public static List<String> getCrlUrls(CertificateToken certificateToken) {
        ArrayList arrayList = new ArrayList();
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(Extension.cRLDistributionPoints.getId());
        if (null == extensionValue) {
            return arrayList;
        }
        try {
            for (DistributionPoint distributionPoint : CRLDistPoint.getInstance(getAsn1SequenceFromDerOctetString(extensionValue)).getDistributionPoints()) {
                DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
                if (0 == distributionPoint2.getType()) {
                    for (GeneralName generalName : distributionPoint2.getName().getNames()) {
                        String parseGn = parseGn(generalName);
                        if (parseGn != null) {
                            arrayList.add(parseGn);
                        }
                    }
                }
            }
        } catch (Exception e) {
            LOG.error("Unable to parse cRLDistributionPoints", e);
        }
        return arrayList;
    }

    private static String parseGn(GeneralName generalName) {
        try {
            if (6 == generalName.getTagNo()) {
                return generalName.toASN1Primitive().getObject().getString();
            }
            return null;
        } catch (Exception e) {
            LOG.warn("Unable to parse GN " + generalName, e);
            return null;
        }
    }

    public static boolean isOCSPSigning(CertificateToken certificateToken) {
        try {
            List<String> extendedKeyUsage = certificateToken.getCertificate().getExtendedKeyUsage();
            if (extendedKeyUsage != null) {
                return extendedKeyUsage.contains(OID.id_kp_OCSPSigning.getId());
            }
            return false;
        } catch (CertificateParsingException e) {
            LOG.warn(e.getMessage());
            return false;
        }
    }

    public static X509CertificateHolder getX509CertificateHolder(CertificateToken certificateToken) {
        try {
            return new X509CertificateHolder(certificateToken.getEncoded());
        } catch (IOException e) {
            throw new DSSException(e);
        }
    }

    public static CertificateToken getCertificate(X509CertificateHolder x509CertificateHolder) {
        try {
            return new CertificateToken(new JcaX509CertificateConverter().setProvider("BC").getCertificate(x509CertificateHolder));
        } catch (CertificateException e) {
            throw new DSSException(e);
        }
    }

    public static IssuerSerial getIssuerSerial(CertificateToken certificateToken) {
        return new IssuerSerial(new GeneralNames(new GeneralName(getX509CertificateHolder(certificateToken).getIssuer())), certificateToken.getCertificate().getSerialNumber());
    }

    public static Map<String, String> get(X500Principal x500Principal) {
        HashMap hashMap = new HashMap();
        for (DLSet dLSet : ASN1Sequence.getInstance(x500Principal.getEncoded()).toArray()) {
            for (int i = 0; i < dLSet.size(); i++) {
                DLSequence objectAt = dLSet.getObjectAt(i);
                if (objectAt.size() != 2) {
                    throw new DSSException("The DLSequence must contains exactly 2 elements.");
                }
                hashMap.put(getString(objectAt.getObjectAt(0)), getString(objectAt.getObjectAt(1)));
            }
        }
        return hashMap;
    }

    public static String getUtf8String(X500Principal x500Principal) {
        DLSet[] array = ASN1Sequence.getInstance(x500Principal.getEncoded()).toArray();
        StringBuilder sb = new StringBuilder();
        for (int length = array.length - 1; length >= 0; length--) {
            DLSet dLSet = array[length];
            for (int i = 0; i < dLSet.size(); i++) {
                DLSequence objectAt = dLSet.getObjectAt(i);
                if (objectAt.size() != 2) {
                    throw new DSSException("The DLSequence must contains exactly 2 elements.");
                }
                ASN1Encodable objectAt2 = objectAt.getObjectAt(0);
                String replace = getString(objectAt.getObjectAt(1)).replace("\"", "\\\"").replace("#", "\\#").replace("+", "\\+").replace(",", "\\,").replace(";", "\\;").replace("<", "\\<").replace("=", "\\=").replace(">", "\\>");
                if (sb.length() != 0) {
                    sb.append(',');
                }
                sb.append(objectAt2).append('=').append(replace);
            }
        }
        return sb.toString();
    }

    private static String getString(ASN1Encodable aSN1Encodable) {
        String obj;
        if (aSN1Encodable instanceof ASN1String) {
            obj = ((ASN1String) aSN1Encodable).getString();
        } else if (aSN1Encodable instanceof ASN1ObjectIdentifier) {
            obj = ((ASN1ObjectIdentifier) aSN1Encodable).getId();
        } else {
            LOG.error("!!!*******!!! This encoding is unknown: " + aSN1Encodable.getClass().getSimpleName());
            obj = aSN1Encodable.toString();
            LOG.error("!!!*******!!! value: " + obj);
        }
        return obj;
    }

    public static String extractAttributeFromX500Principal(ASN1ObjectIdentifier aSN1ObjectIdentifier, X500Principal x500Principal) {
        for (RDN rdn : X500Name.getInstance(x500Principal.getEncoded()).getRDNs(aSN1ObjectIdentifier)) {
            if (rdn.isMultiValued()) {
                for (AttributeTypeAndValue attributeTypeAndValue : rdn.getTypesAndValues()) {
                    if (aSN1ObjectIdentifier.equals(attributeTypeAndValue.getType())) {
                        return attributeTypeAndValue.getValue().toString();
                    }
                }
            } else {
                AttributeTypeAndValue first = rdn.getFirst();
                if (aSN1ObjectIdentifier.equals(first.getType())) {
                    return first.getValue().toString();
                }
            }
        }
        return null;
    }

    public static String getSubjectCommonName(CertificateToken certificateToken) {
        return extractAttributeFromX500Principal(BCStyle.CN, certificateToken.getSubjectX500Principal());
    }

    public static String getHumanReadableName(CertificateToken certificateToken) {
        return firstNotNull(certificateToken, BCStyle.CN, BCStyle.GIVENNAME, BCStyle.SURNAME, BCStyle.NAME, BCStyle.PSEUDONYM);
    }

    private static String firstNotNull(CertificateToken certificateToken, ASN1ObjectIdentifier... aSN1ObjectIdentifierArr) {
        for (ASN1ObjectIdentifier aSN1ObjectIdentifier : aSN1ObjectIdentifierArr) {
            String extractAttributeFromX500Principal = extractAttributeFromX500Principal(aSN1ObjectIdentifier, certificateToken.getSubjectX500Principal());
            if (extractAttributeFromX500Principal != null) {
                return extractAttributeFromX500Principal;
            }
        }
        return null;
    }
}
