package org.xipki.ca.certprofile.xijson;

import java.io.IOException;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1StreamParser;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.smime.SMIMECapability;
import org.bouncycastle.asn1.x509.CertificatePolicies;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode;
import org.bouncycastle.asn1.x509.qualified.MonetaryValue;
import org.bouncycastle.asn1.x509.qualified.QCStatement;
import org.xipki.ca.api.profile.Certprofile;
import org.xipki.ca.api.profile.CertprofileException;
import org.xipki.ca.api.profile.ExtensionValue;
import org.xipki.ca.api.profile.SubjectKeyIdentifierControl;
import org.xipki.ca.certprofile.xijson.AdmissionExtension;
import org.xipki.ca.certprofile.xijson.conf.AdditionalInformation;
import org.xipki.ca.certprofile.xijson.conf.AdmissionSyntax;
import org.xipki.ca.certprofile.xijson.conf.AuthorityInfoAccess;
import org.xipki.ca.certprofile.xijson.conf.AuthorityKeyIdentifier;
import org.xipki.ca.certprofile.xijson.conf.BasicConstraints;
import org.xipki.ca.certprofile.xijson.conf.BiometricInfo;
import org.xipki.ca.certprofile.xijson.conf.CrlDistributionPoints;
import org.xipki.ca.certprofile.xijson.conf.Describable;
import org.xipki.ca.certprofile.xijson.conf.ExtendedKeyUsage;
import org.xipki.ca.certprofile.xijson.conf.ExtensionType;
import org.xipki.ca.certprofile.xijson.conf.GeneralNameType;
import org.xipki.ca.certprofile.xijson.conf.InhibitAnyPolicy;
import org.xipki.ca.certprofile.xijson.conf.KeyUsage;
import org.xipki.ca.certprofile.xijson.conf.NameConstraints;
import org.xipki.ca.certprofile.xijson.conf.PolicyConstraints;
import org.xipki.ca.certprofile.xijson.conf.PolicyMappings;
import org.xipki.ca.certprofile.xijson.conf.PrivateKeyUsagePeriod;
import org.xipki.ca.certprofile.xijson.conf.QcStatements;
import org.xipki.ca.certprofile.xijson.conf.Restriction;
import org.xipki.ca.certprofile.xijson.conf.SmimeCapabilities;
import org.xipki.ca.certprofile.xijson.conf.SubjectDirectoryAttributs;
import org.xipki.ca.certprofile.xijson.conf.SubjectInfoAccess;
import org.xipki.ca.certprofile.xijson.conf.SubjectToSubjectAltNameType;
import org.xipki.ca.certprofile.xijson.conf.TlsFeature;
import org.xipki.ca.certprofile.xijson.conf.ValidityModel;
import org.xipki.ca.certprofile.xijson.conf.X509ProfileType;
import org.xipki.security.ObjectIdentifiers;
import org.xipki.util.Args;
import org.xipki.util.CollectionUtil;
import org.xipki.util.StringUtil;
import org.xipki.util.Validity;

/* loaded from: input_file:WEB-INF/lib/certprofile-xijson-6.4.0.jar:org/xipki/ca/certprofile/xijson/XijsonExtensions.class */
public class XijsonExtensions {
    private ExtensionValue additionalInformation;
    private AdmissionExtension.AdmissionSyntaxOption admission;
    private Certprofile.AuthorityInfoAccessControl aiaControl;
    private Certprofile.CrlDistributionPointsControl crlDpControl;
    private Certprofile.CrlDistributionPointsControl freshestCrlControl;
    private Map<ASN1ObjectIdentifier, Certprofile.GeneralNameTag> subjectToSubjectAltNameModes;
    private Set<Certprofile.GeneralNameMode> subjectAltNameModes;
    private Map<ASN1ObjectIdentifier, Set<Certprofile.GeneralNameMode>> subjectInfoAccessModes;
    private BiometricInfoOption biometricInfo;
    private CertificatePolicies certificatePolicies;
    private final Map<ASN1ObjectIdentifier, ExtensionValue> constantExtensions;
    private Set<Certprofile.ExtKeyUsageControl> extendedKeyusages;
    private final Map<ASN1ObjectIdentifier, Certprofile.ExtensionControl> extensionControls;
    private boolean useIssuerAndSerialInAki;
    private SubjectKeyIdentifierControl subjectKeyIdentifier;
    private ExtensionValue inhibitAnyPolicy;
    private Set<Certprofile.KeyUsageControl> keyusages;
    private ExtensionValue nameConstraints;
    private Integer pathLen;
    private ExtensionValue policyConstraints;
    private ExtensionValue policyMappings;
    private Validity privateKeyUsagePeriod;
    private ExtensionValue qcStatments;
    private List<QcStatementOption> qcStatementsOption;
    private ExtensionValue restriction;
    private ExtensionValue smimeCapabilities;
    private ExtensionValue tlsFeature;
    private ExtensionValue validityModel;
    private SubjectDirectoryAttributesControl subjectDirAttrsControl;
    private ASN1ObjectIdentifier cccExtensionSchemaType;
    private ExtensionValue cccExtensionSchemaValue;

    /* JADX INFO: Access modifiers changed from: package-private */
    public XijsonExtensions(XijsonCertprofile xijsonCertprofile, X509ProfileType x509ProfileType, Certprofile.SubjectControl subjectControl) throws CertprofileException {
        Args.notNull(subjectControl, "subjectControl");
        Map<String, ExtensionType> buildExtensions = ((X509ProfileType) Args.notNull(x509ProfileType, "conf")).buildExtensions();
        this.extensionControls = x509ProfileType.buildExtensionControls();
        Set<ASN1ObjectIdentifier> hashSet = new HashSet<>(this.extensionControls.keySet());
        initSubjectToSubjectAltNames(x509ProfileType.getSubjectToSubjectAltNames());
        initAdditionalInformation(hashSet, buildExtensions);
        initAdmission(hashSet, buildExtensions);
        initAuthorityInfoAccess(hashSet, buildExtensions);
        initAuthorityKeyIdentifier(hashSet, buildExtensions);
        initSubjectKeyIdentifier(hashSet, buildExtensions);
        initBasicConstraints(hashSet, buildExtensions);
        initBiometricInfo(hashSet, buildExtensions);
        initCertificatePolicies(hashSet, buildExtensions);
        initCrlDistributionPoints(hashSet, buildExtensions);
        initExtendedKeyUsage(hashSet, buildExtensions);
        initFreshestCrl(hashSet, buildExtensions);
        initInhibitAnyPolicy(hashSet, buildExtensions);
        initKeyUsage(hashSet, buildExtensions);
        initNameConstraints(hashSet, buildExtensions);
        initPolicyConstraints(hashSet, buildExtensions);
        initPolicyMappings(hashSet, buildExtensions);
        initPrivateKeyUsagePeriod(hashSet, buildExtensions);
        initQcStatements(hashSet, buildExtensions);
        initRestriction(hashSet, buildExtensions);
        initSmimeCapabilities(hashSet, buildExtensions);
        initSubjectAlternativeName(hashSet, buildExtensions);
        initSubjectInfoAccess(hashSet, buildExtensions);
        initTlsFeature(hashSet, buildExtensions);
        initValidityModel(hashSet, buildExtensions);
        initSubjectDirAttrs(hashSet, buildExtensions);
        initGmt0015Extensions(hashSet);
        initCCCExtensionSchemas(hashSet, buildExtensions);
        this.constantExtensions = x509ProfileType.buildConstantExtesions();
        if (this.constantExtensions != null) {
            hashSet.removeAll(this.constantExtensions.keySet());
        }
        if (subjectControl.getControl(ObjectIdentifiers.DN.emailAddress) != null) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = ObjectIdentifiers.DN.emailAddress;
            if (this.subjectToSubjectAltNameModes == null || this.subjectToSubjectAltNameModes.get(aSN1ObjectIdentifier) == null) {
                throw new CertprofileException("subjectToSubjectAltNames for " + ObjectIdentifiers.oidToDisplayName(aSN1ObjectIdentifier) + " must be configured if subject RDN emailAddress is permitted");
            }
            Certprofile.GeneralNameTag generalNameTag = this.subjectToSubjectAltNameModes.get(aSN1ObjectIdentifier);
            if (generalNameTag != Certprofile.GeneralNameTag.rfc822Name) {
                throw new CertprofileException("For the RDN " + ObjectIdentifiers.DN.emailAddress.getId() + ", only target SubjectAltName type rfc822Name is permitted, but not " + generalNameTag);
            }
        }
        if (this.subjectToSubjectAltNameModes != null) {
            if (!this.extensionControls.containsKey(Extension.subjectAlternativeName)) {
                throw new CertprofileException("subjectToSubjectAltNames cannot be configured if extension subjectAltNames is not permitted");
            }
            if (this.subjectAltNameModes != null) {
                Iterator<Map.Entry<ASN1ObjectIdentifier, Certprofile.GeneralNameTag>> it = this.subjectToSubjectAltNameModes.entrySet().iterator();
                while (it.hasNext()) {
                    Certprofile.GeneralNameTag value = it.next().getValue();
                    boolean z = false;
                    Iterator<Certprofile.GeneralNameMode> it2 = this.subjectAltNameModes.iterator();
                    while (true) {
                        if (it2.hasNext()) {
                            if (it2.next().getTag() == value) {
                                z = true;
                                break;
                            }
                        } else {
                            break;
                        }
                    }
                    if (!z) {
                        throw new CertprofileException("target SubjectAltName type " + value + " is not allowed");
                    }
                }
            }
        }
        List asList = Arrays.asList(Extension.issuerAlternativeName, Extension.authorityInfoAccess, Extension.cRLDistributionPoints, Extension.freshestCRL, Extension.subjectKeyIdentifier, Extension.subjectInfoAccess, ObjectIdentifiers.Extn.id_extension_pkix_ocsp_nocheck, ObjectIdentifiers.Extn.id_SCTs);
        Objects.requireNonNull(hashSet);
        asList.forEach((v1) -> {
            r1.remove(v1);
        });
        for (ASN1ObjectIdentifier aSN1ObjectIdentifier2 : new HashSet(hashSet)) {
            if (xijsonCertprofile.initExtraExtension(getExtension(aSN1ObjectIdentifier2, buildExtensions))) {
                hashSet.remove(aSN1ObjectIdentifier2);
            }
        }
        if (!hashSet.isEmpty()) {
            throw new CertprofileException("Cannot process the extensions: " + hashSet);
        }
    }

    private void initSubjectToSubjectAltNames(List<SubjectToSubjectAltNameType> list) throws CertprofileException {
        if (CollectionUtil.isEmpty(list)) {
            return;
        }
        this.subjectToSubjectAltNameModes = new HashMap();
        for (SubjectToSubjectAltNameType subjectToSubjectAltNameType : list) {
            Certprofile.GeneralNameTag target = subjectToSubjectAltNameType.getTarget();
            switch (target) {
                case rfc822Name:
                case DNSName:
                case uniformResourceIdentifier:
                case IPAddress:
                case directoryName:
                case registeredID:
                    this.subjectToSubjectAltNameModes.put(new ASN1ObjectIdentifier(subjectToSubjectAltNameType.getSource().getOid()), target);
                default:
                    throw new CertprofileException("unsupported target tag " + target);
            }
        }
    }

    private void initAdditionalInformation(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = ObjectIdentifiers.Extn.id_extension_additionalInformation;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            AdditionalInformation additionalInformation = getExtension(aSN1ObjectIdentifier, map).getAdditionalInformation();
            if (additionalInformation != null) {
                this.additionalInformation = new ExtensionValue(critical(aSN1ObjectIdentifier), additionalInformation.getType().createDirectoryString(additionalInformation.getText()));
            }
        }
    }

    private void initAdmission(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = ObjectIdentifiers.Extn.id_extension_admission;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            ExtensionType extension = getExtension(aSN1ObjectIdentifier, map);
            AdmissionSyntax admissionSyntax = extension.getAdmissionSyntax();
            if (admissionSyntax != null) {
                this.admission = admissionSyntax.toXiAdmissionSyntax(critical(aSN1ObjectIdentifier));
                if (!extension.permittedInRequest() && this.admission.isInputFromRequestRequired()) {
                    throw new CertprofileException("Extension " + ObjectIdentifiers.getName(aSN1ObjectIdentifier) + " should be permitted in request");
                }
            }
        }
    }

    private void initAuthorityInfoAccess(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.authorityInfoAccess;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            AuthorityInfoAccess authorityInfoAccess = getExtension(aSN1ObjectIdentifier, map).getAuthorityInfoAccess();
            this.aiaControl = authorityInfoAccess == null ? new Certprofile.AuthorityInfoAccessControl(false, true, null, null) : new Certprofile.AuthorityInfoAccessControl(authorityInfoAccess.isIncludeCaIssuers(), authorityInfoAccess.isIncludeOcsp(), authorityInfoAccess.getCaIssuersProtocols(), authorityInfoAccess.getOcspProtocols());
        }
    }

    private void initAuthorityKeyIdentifier(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.authorityKeyIdentifier;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            AuthorityKeyIdentifier authorityKeyIdentifier = getExtension(aSN1ObjectIdentifier, map).getAuthorityKeyIdentifier();
            this.useIssuerAndSerialInAki = authorityKeyIdentifier != null && authorityKeyIdentifier.isUseIssuerAndSerial();
        }
    }

    private void initSubjectKeyIdentifier(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.subjectKeyIdentifier;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            this.subjectKeyIdentifier = getExtension(aSN1ObjectIdentifier, map).getSubjectKeyIdentifier();
        }
    }

    private void initBasicConstraints(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.basicConstraints;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            BasicConstraints basicConstraints = getExtension(aSN1ObjectIdentifier, map).getBasicConstraints();
            if (basicConstraints == null) {
                basicConstraints = getExtension(aSN1ObjectIdentifier, map).getBasicConstraints();
            }
            if (basicConstraints != null) {
                this.pathLen = Integer.valueOf(basicConstraints.getPathLen());
            }
        }
    }

    private void initBiometricInfo(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.biometricInfo;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            BiometricInfo biometricInfo = getExtension(aSN1ObjectIdentifier, map).getBiometricInfo();
            if (biometricInfo != null) {
                try {
                    this.biometricInfo = new BiometricInfoOption(biometricInfo);
                } catch (NoSuchAlgorithmException e) {
                    throw new CertprofileException("NoSuchAlgorithmException: " + e.getMessage());
                }
            }
        }
    }

    private void initCertificatePolicies(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.certificatePolicies;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            org.xipki.ca.certprofile.xijson.conf.CertificatePolicies certificatePolicies = getExtension(aSN1ObjectIdentifier, map).getCertificatePolicies();
            if (certificatePolicies != null) {
                this.certificatePolicies = certificatePolicies.toXiCertificatePolicies();
            }
        }
    }

    private void initCrlDistributionPoints(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.cRLDistributionPoints;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            CrlDistributionPoints crlDistributionPoints = getExtension(aSN1ObjectIdentifier, map).getCrlDistributionPoints();
            this.crlDpControl = new Certprofile.CrlDistributionPointsControl(crlDistributionPoints == null ? null : crlDistributionPoints.getProtocols());
        }
    }

    private void initExtendedKeyUsage(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.extendedKeyUsage;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            ExtendedKeyUsage extendedKeyUsage = getExtension(aSN1ObjectIdentifier, map).getExtendedKeyUsage();
            if (extendedKeyUsage != null) {
                this.extendedKeyusages = extendedKeyUsage.toXiExtKeyUsageOptions();
            }
        }
    }

    private void initFreshestCrl(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.freshestCRL;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            CrlDistributionPoints freshestCrl = getExtension(aSN1ObjectIdentifier, map).getFreshestCrl();
            this.freshestCrlControl = new Certprofile.CrlDistributionPointsControl(freshestCrl == null ? null : freshestCrl.getProtocols());
        }
    }

    private void initInhibitAnyPolicy(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.inhibitAnyPolicy;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            InhibitAnyPolicy inhibitAnyPolicy = getExtension(aSN1ObjectIdentifier, map).getInhibitAnyPolicy();
            if (inhibitAnyPolicy != null) {
                int skipCerts = inhibitAnyPolicy.getSkipCerts();
                if (skipCerts < 0) {
                    throw new CertprofileException("negative inhibitAnyPolicy.skipCerts is not allowed: " + skipCerts);
                }
                this.inhibitAnyPolicy = new ExtensionValue(critical(aSN1ObjectIdentifier), new ASN1Integer(BigInteger.valueOf(skipCerts)));
            }
        }
    }

    private void initKeyUsage(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.keyUsage;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            KeyUsage keyUsage = getExtension(aSN1ObjectIdentifier, map).getKeyUsage();
            if (keyUsage != null) {
                this.keyusages = keyUsage.toXiKeyUsageOptions();
            }
        }
    }

    private void initNameConstraints(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.nameConstraints;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            NameConstraints nameConstraints = getExtension(aSN1ObjectIdentifier, map).getNameConstraints();
            if (nameConstraints != null) {
                this.nameConstraints = new ExtensionValue(critical(aSN1ObjectIdentifier), nameConstraints.toXiNameConstraints());
            }
        }
    }

    private void initPrivateKeyUsagePeriod(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.privateKeyUsagePeriod;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            PrivateKeyUsagePeriod privateKeyUsagePeriod = getExtension(aSN1ObjectIdentifier, map).getPrivateKeyUsagePeriod();
            if (privateKeyUsagePeriod != null) {
                this.privateKeyUsagePeriod = Validity.getInstance(privateKeyUsagePeriod.getValidity());
            }
        }
    }

    private void initPolicyConstraints(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.policyConstraints;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            PolicyConstraints policyConstraints = getExtension(aSN1ObjectIdentifier, map).getPolicyConstraints();
            if (policyConstraints != null) {
                this.policyConstraints = new ExtensionValue(critical(aSN1ObjectIdentifier), policyConstraints.toXiPolicyConstraints());
            }
        }
    }

    private void initPolicyMappings(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.policyMappings;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            PolicyMappings policyMappings = getExtension(aSN1ObjectIdentifier, map).getPolicyMappings();
            if (policyMappings != null) {
                this.policyMappings = new ExtensionValue(critical(aSN1ObjectIdentifier), policyMappings.toXiPolicyMappings());
            }
        }
    }

    private void initQcStatements(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) throws CertprofileException {
        QcStatementOption qcStatementOption;
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.qCStatements;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            QcStatements qcStatements = getExtension(aSN1ObjectIdentifier, map).getQcStatements();
            if (qcStatements == null) {
                return;
            }
            List<QcStatements.QcStatementType> qcStatements2 = qcStatements.getQcStatements();
            this.qcStatementsOption = new ArrayList(qcStatements2.size());
            HashSet hashSet = new HashSet();
            boolean z = false;
            for (QcStatements.QcStatementType qcStatementType : qcStatements2) {
                ASN1ObjectIdentifier aSN1ObjectIdentifier2 = new ASN1ObjectIdentifier(qcStatementType.getStatementId().getOid());
                QcStatements.QcStatementValueType statementValue = qcStatementType.getStatementValue();
                if (statementValue == null) {
                    qcStatementOption = new QcStatementOption(new QCStatement(aSN1ObjectIdentifier2));
                } else if (statementValue.getQcRetentionPeriod() != null) {
                    qcStatementOption = new QcStatementOption(new QCStatement(aSN1ObjectIdentifier2, new ASN1Integer(statementValue.getQcRetentionPeriod().intValue())));
                } else if (statementValue.getConstant() != null) {
                    try {
                        qcStatementOption = new QcStatementOption(new QCStatement(aSN1ObjectIdentifier2, new ASN1StreamParser(statementValue.getConstant().getValue()).readObject()));
                    } catch (IOException e) {
                        throw new CertprofileException("can not parse the constant value of QcStatement");
                    }
                } else if (statementValue.getQcEuLimitValue() != null) {
                    QcStatements.QcEuLimitValueType qcEuLimitValue = statementValue.getQcEuLimitValue();
                    String upperCase = qcEuLimitValue.getCurrency().toUpperCase();
                    if (hashSet.contains(upperCase)) {
                        throw new CertprofileException("Duplicated definition of qcStatments with QCEuLimitValue for the currency " + upperCase);
                    }
                    Iso4217CurrencyCode iso4217CurrencyCode = StringUtil.isNumber(upperCase) ? new Iso4217CurrencyCode(Integer.parseInt(upperCase)) : new Iso4217CurrencyCode(upperCase);
                    QcStatements.Range2Type amount = qcEuLimitValue.getAmount();
                    QcStatements.Range2Type exponent = qcEuLimitValue.getExponent();
                    if (amount.getMin() == amount.getMax() && exponent.getMin() == exponent.getMax()) {
                        qcStatementOption = new QcStatementOption(new QCStatement(aSN1ObjectIdentifier2, new MonetaryValue(iso4217CurrencyCode, amount.getMin(), exponent.getMin())));
                    } else {
                        qcStatementOption = new QcStatementOption(aSN1ObjectIdentifier2, new MonetaryValueOption(iso4217CurrencyCode, amount, exponent));
                        z = true;
                    }
                    hashSet.add(upperCase);
                } else {
                    if (statementValue.getPdsLocations() == null) {
                        throw new CertprofileException("unknown value of qcStatment");
                    }
                    ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                    for (QcStatements.PdsLocationType pdsLocationType : statementValue.getPdsLocations()) {
                        String language = pdsLocationType.getLanguage();
                        if (language.length() != 2) {
                            throw new CertprofileException("invalid language '" + language + "'");
                        }
                        aSN1EncodableVector.add(new DERSequence(new ASN1Encodable[]{new DERIA5String(pdsLocationType.getUrl()), new DERPrintableString(language)}));
                    }
                    qcStatementOption = new QcStatementOption(new QCStatement(aSN1ObjectIdentifier2, new DERSequence(aSN1EncodableVector)));
                }
                this.qcStatementsOption.add(qcStatementOption);
            }
            if (z) {
                return;
            }
            ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
            for (QcStatementOption qcStatementOption2 : this.qcStatementsOption) {
                if (qcStatementOption2.getStatement() == null) {
                    throw new IllegalStateException("should not reach here");
                }
                aSN1EncodableVector2.add(qcStatementOption2.getStatement());
            }
            this.qcStatments = new ExtensionValue(critical(aSN1ObjectIdentifier), new DERSequence(aSN1EncodableVector2));
            this.qcStatementsOption = null;
        }
    }

    private void initRestriction(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = ObjectIdentifiers.Extn.id_extension_restriction;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            Restriction restriction = getExtension(aSN1ObjectIdentifier, map).getRestriction();
            if (restriction != null) {
                this.restriction = new ExtensionValue(critical(aSN1ObjectIdentifier), restriction.getType().createDirectoryString(restriction.getText()));
            }
        }
    }

    private void initSmimeCapabilities(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = ObjectIdentifiers.Extn.id_smimeCapabilities;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            SmimeCapabilities smimeCapabilities = getExtension(aSN1ObjectIdentifier, map).getSmimeCapabilities();
            if (smimeCapabilities == null) {
                return;
            }
            List<SmimeCapabilities.SmimeCapability> capabilities = smimeCapabilities.getCapabilities();
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            for (SmimeCapabilities.SmimeCapability smimeCapability : capabilities) {
                ASN1ObjectIdentifier aSN1ObjectIdentifier2 = new ASN1ObjectIdentifier(smimeCapability.getCapabilityId().getOid());
                ASN1Integer aSN1Integer = null;
                SmimeCapabilities.SmimeCapabilityParameter parameter = smimeCapability.getParameter();
                if (parameter != null) {
                    if (parameter.getInteger() != null) {
                        aSN1Integer = new ASN1Integer(parameter.getInteger());
                    } else if (parameter.getBinary() != null) {
                        aSN1Integer = readAsn1Encodable(parameter.getBinary().getValue());
                    }
                }
                aSN1EncodableVector.add(new SMIMECapability(aSN1ObjectIdentifier2, aSN1Integer));
            }
            this.smimeCapabilities = new ExtensionValue(critical(aSN1ObjectIdentifier), new DERSequence(aSN1EncodableVector));
        }
    }

    private void initSubjectAlternativeName(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.subjectAlternativeName;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            GeneralNameType subjectAltName = getExtension(aSN1ObjectIdentifier, map).getSubjectAltName();
            if (subjectAltName != null) {
                this.subjectAltNameModes = subjectAltName.toGeneralNameModes();
            }
        }
    }

    private void initSubjectInfoAccess(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.subjectInfoAccess;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            SubjectInfoAccess subjectInfoAccess = getExtension(aSN1ObjectIdentifier, map).getSubjectInfoAccess();
            if (subjectInfoAccess != null) {
                List<SubjectInfoAccess.Access> accesses = subjectInfoAccess.getAccesses();
                this.subjectInfoAccessModes = new HashMap();
                for (SubjectInfoAccess.Access access : accesses) {
                    this.subjectInfoAccessModes.put(new ASN1ObjectIdentifier(access.getAccessMethod().getOid()), access.getAccessLocation().toGeneralNameModes());
                }
            }
        }
    }

    private void initTlsFeature(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = ObjectIdentifiers.Extn.id_pe_tlsfeature;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            TlsFeature tlsFeature = getExtension(aSN1ObjectIdentifier, map).getTlsFeature();
            if (tlsFeature == null) {
                return;
            }
            ArrayList arrayList = new ArrayList(tlsFeature.getFeatures().size());
            Iterator<Describable.DescribableInt> it = tlsFeature.getFeatures().iterator();
            while (it.hasNext()) {
                int value = it.next().getValue();
                if (value < 0 || value > 65535) {
                    throw new CertprofileException("invalid TLS feature (extensionType) " + value);
                }
                arrayList.add(Integer.valueOf(value));
            }
            Collections.sort(arrayList);
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            Iterator it2 = arrayList.iterator();
            while (it2.hasNext()) {
                aSN1EncodableVector.add(new ASN1Integer(((Integer) it2.next()).intValue()));
            }
            this.tlsFeature = new ExtensionValue(critical(aSN1ObjectIdentifier), new DERSequence(aSN1EncodableVector));
        }
    }

    private void initValidityModel(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = ObjectIdentifiers.Extn.id_extension_validityModel;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            ValidityModel validityModel = getExtension(aSN1ObjectIdentifier, map).getValidityModel();
            if (validityModel != null) {
                this.validityModel = new ExtensionValue(critical(aSN1ObjectIdentifier), new DERSequence(new ASN1ObjectIdentifier(validityModel.getModelId().getOid())));
            }
        }
    }

    private void initSubjectDirAttrs(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.subjectDirectoryAttributes;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            SubjectDirectoryAttributs subjectDirectoryAttributs = getExtension(aSN1ObjectIdentifier, map).getSubjectDirectoryAttributs();
            if (subjectDirectoryAttributs != null) {
                this.subjectDirAttrsControl = new SubjectDirectoryAttributesControl(toOidList(subjectDirectoryAttributs.getTypes()));
            }
        }
    }

    private void initGmt0015Extensions(Set<ASN1ObjectIdentifier> set) {
        List asList = Arrays.asList(ObjectIdentifiers.Extn.id_GMT_0015_ICRegistrationNumber, ObjectIdentifiers.Extn.id_GMT_0015_IdentityCode, ObjectIdentifiers.Extn.id_GMT_0015_InsuranceNumber, ObjectIdentifiers.Extn.id_GMT_0015_OrganizationCode, ObjectIdentifiers.Extn.id_GMT_0015_TaxationNumber);
        Objects.requireNonNull(set);
        asList.forEach((v1) -> {
            r1.remove(v1);
        });
    }

    private void initCCCExtensionSchemas(Set<ASN1ObjectIdentifier> set, Map<String, ExtensionType> map) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = null;
        for (ASN1ObjectIdentifier aSN1ObjectIdentifier2 : set) {
            if (aSN1ObjectIdentifier2.on(ObjectIdentifiers.Extn.id_ccc_extn)) {
                if (aSN1ObjectIdentifier != null) {
                    throw new CertprofileException("Maximal one CCC Extension is allowed, but configured at least 2.");
                }
                aSN1ObjectIdentifier = aSN1ObjectIdentifier2;
            }
        }
        if (aSN1ObjectIdentifier == null) {
            return;
        }
        set.remove(aSN1ObjectIdentifier);
        ExtensionType extensionType = map.get(aSN1ObjectIdentifier.getId());
        if (!extensionType.critical()) {
            throw new CertprofileException("CCC Extension must be set to critical, but configured non-critical.");
        }
        if (Arrays.asList(ObjectIdentifiers.Extn.id_ccc_Vehicle_Cert_K, ObjectIdentifiers.Extn.id_ccc_External_CA_Cert_F, ObjectIdentifiers.Extn.id_ccc_VehicleOEM_Enc_Cert, ObjectIdentifiers.Extn.id_ccc_VehicleOEM_Sig_Cert, ObjectIdentifiers.Extn.id_ccc_Device_Enc_Cert, ObjectIdentifiers.Extn.id_ccc_Vehicle_Intermediate_Cert, ObjectIdentifiers.Extn.id_ccc_VehicleOEM_CA_Cert_J, ObjectIdentifiers.Extn.id_ccc_VehicleOEM_CA_Cert_M).contains(aSN1ObjectIdentifier)) {
            if (extensionType.getCccExtensionSchema() == null) {
                throw new CertprofileException("ccExtensionSchema is not set for " + aSN1ObjectIdentifier);
            }
            this.cccExtensionSchemaType = aSN1ObjectIdentifier;
            this.cccExtensionSchemaValue = new ExtensionValue(extensionType.critical(), new DERSequence(new ASN1Integer(r0.getVersion())));
        }
    }

    private static List<ASN1ObjectIdentifier> toOidList(List<Describable.DescribableOid> list) {
        if (CollectionUtil.isEmpty(list)) {
            return null;
        }
        LinkedList linkedList = new LinkedList();
        Iterator<Describable.DescribableOid> it = list.iterator();
        while (it.hasNext()) {
            linkedList.add(new ASN1ObjectIdentifier(it.next().getOid()));
        }
        return Collections.unmodifiableList(linkedList);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Removed duplicated region for block: B:37:0x00d9  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public org.bouncycastle.asn1.x509.GeneralNames createRequestedSubjectAltNames(org.bouncycastle.asn1.x500.X500Name r6, org.bouncycastle.asn1.x500.X500Name r7, java.util.Map<org.bouncycastle.asn1.ASN1ObjectIdentifier, org.bouncycastle.asn1.x509.Extension> r8) throws org.xipki.util.exception.BadCertTemplateException {
        /*
            Method dump skipped, instructions count: 462
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.xipki.ca.certprofile.xijson.XijsonExtensions.createRequestedSubjectAltNames(org.bouncycastle.asn1.x500.X500Name, org.bouncycastle.asn1.x500.X500Name, java.util.Map):org.bouncycastle.asn1.x509.GeneralNames");
    }

    public ExtensionValue getAdditionalInformation() {
        return this.additionalInformation;
    }

    public AdmissionExtension.AdmissionSyntaxOption getAdmission() {
        return this.admission;
    }

    public Certprofile.AuthorityInfoAccessControl getAiaControl() {
        return this.aiaControl;
    }

    public Certprofile.CrlDistributionPointsControl getCrlDpControl() {
        return this.crlDpControl;
    }

    public Certprofile.CrlDistributionPointsControl getFreshestCrlControl() {
        return this.freshestCrlControl;
    }

    public Map<ASN1ObjectIdentifier, Certprofile.GeneralNameTag> getSubjectToSubjectAltNameModes() {
        return this.subjectToSubjectAltNameModes;
    }

    public Set<Certprofile.GeneralNameMode> getSubjectAltNameModes() {
        return this.subjectAltNameModes;
    }

    public Map<ASN1ObjectIdentifier, Set<Certprofile.GeneralNameMode>> getSubjectInfoAccessModes() {
        return this.subjectInfoAccessModes;
    }

    public BiometricInfoOption getBiometricInfo() {
        return this.biometricInfo;
    }

    public CertificatePolicies getCertificatePolicies() {
        return this.certificatePolicies;
    }

    public Map<ASN1ObjectIdentifier, ExtensionValue> getConstantExtensions() {
        return this.constantExtensions;
    }

    public Set<Certprofile.ExtKeyUsageControl> getExtendedKeyusages() {
        return this.extendedKeyusages;
    }

    public Map<ASN1ObjectIdentifier, Certprofile.ExtensionControl> getExtensionControls() {
        return this.extensionControls;
    }

    public boolean isUseIssuerAndSerialInAki() {
        return this.useIssuerAndSerialInAki;
    }

    public SubjectKeyIdentifierControl getSubjectKeyIdentifier() {
        return this.subjectKeyIdentifier;
    }

    public ExtensionValue getInhibitAnyPolicy() {
        return this.inhibitAnyPolicy;
    }

    public Set<Certprofile.KeyUsageControl> getKeyusages() {
        return this.keyusages;
    }

    public ExtensionValue getNameConstraints() {
        return this.nameConstraints;
    }

    public Integer getPathLen() {
        return this.pathLen;
    }

    public ExtensionValue getPolicyConstraints() {
        return this.policyConstraints;
    }

    public ExtensionValue getPolicyMappings() {
        return this.policyMappings;
    }

    public Validity getPrivateKeyUsagePeriod() {
        return this.privateKeyUsagePeriod;
    }

    public ExtensionValue getQcStatments() {
        return this.qcStatments;
    }

    public List<QcStatementOption> getQcStatementsOption() {
        return this.qcStatementsOption;
    }

    public ExtensionValue getRestriction() {
        return this.restriction;
    }

    public ExtensionValue getSmimeCapabilities() {
        return this.smimeCapabilities;
    }

    public ExtensionValue getTlsFeature() {
        return this.tlsFeature;
    }

    public ExtensionValue getValidityModel() {
        return this.validityModel;
    }

    public SubjectDirectoryAttributesControl getSubjectDirAttrsControl() {
        return this.subjectDirAttrsControl;
    }

    public ASN1ObjectIdentifier getCccExtensionSchemaType() {
        return this.cccExtensionSchemaType;
    }

    public ExtensionValue getCccExtensionSchemaValue() {
        return this.cccExtensionSchemaValue;
    }

    private static ExtensionType getExtension(ASN1ObjectIdentifier aSN1ObjectIdentifier, Map<String, ExtensionType> map) {
        ExtensionType extensionType = map.get(aSN1ObjectIdentifier.getId());
        if (extensionType == null) {
            throw new IllegalStateException("should not reach here: undefined extension " + ObjectIdentifiers.oidToDisplayName(aSN1ObjectIdentifier));
        }
        return extensionType;
    }

    private static ASN1Encodable readAsn1Encodable(byte[] bArr) throws CertprofileException {
        try {
            return new ASN1StreamParser(bArr).readObject();
        } catch (IOException e) {
            throw new CertprofileException("could not parse the constant extension value", e);
        }
    }

    private boolean critical(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return this.extensionControls.get(aSN1ObjectIdentifier).isCritical();
    }
}
