package org.xipki.ca.certprofile.xml;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TimeZone;
import java.util.Vector;
import java.util.regex.Pattern;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1StreamParser;
import org.bouncycastle.asn1.DERGeneralizedTime;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.isismtt.x509.Admissions;
import org.bouncycastle.asn1.isismtt.x509.ProfessionInfo;
import org.bouncycastle.asn1.smime.SMIMECapability;
import org.bouncycastle.asn1.x500.DirectoryString;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Attribute;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.SubjectDirectoryAttributes;
import org.bouncycastle.asn1.x509.qualified.BiometricData;
import org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode;
import org.bouncycastle.asn1.x509.qualified.MonetaryValue;
import org.bouncycastle.asn1.x509.qualified.QCStatement;
import org.bouncycastle.asn1.x509.qualified.TypeOfBiometricData;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.ca.api.BadCertTemplateException;
import org.xipki.ca.api.PublicCaInfo;
import org.xipki.ca.api.profile.AuthorityInfoAccessControl;
import org.xipki.ca.api.profile.BaseCertprofile;
import org.xipki.ca.api.profile.CertLevel;
import org.xipki.ca.api.profile.CertValidity;
import org.xipki.ca.api.profile.CertprofileException;
import org.xipki.ca.api.profile.ExtKeyUsageControl;
import org.xipki.ca.api.profile.ExtensionControl;
import org.xipki.ca.api.profile.ExtensionValue;
import org.xipki.ca.api.profile.ExtensionValues;
import org.xipki.ca.api.profile.GeneralNameMode;
import org.xipki.ca.api.profile.GeneralNameTag;
import org.xipki.ca.api.profile.KeyParametersOption;
import org.xipki.ca.api.profile.KeyUsageControl;
import org.xipki.ca.api.profile.KeypairGenControl;
import org.xipki.ca.api.profile.Range;
import org.xipki.ca.api.profile.RdnControl;
import org.xipki.ca.api.profile.SubjectControl;
import org.xipki.ca.api.profile.SubjectDnSpec;
import org.xipki.ca.api.profile.X509CertVersion;
import org.xipki.ca.certprofile.xml.commonpki.AdmissionSyntaxOption;
import org.xipki.ca.certprofile.xml.jaxb.AdditionalInformation;
import org.xipki.ca.certprofile.xml.jaxb.AdmissionSyntax;
import org.xipki.ca.certprofile.xml.jaxb.AuthorityInfoAccess;
import org.xipki.ca.certprofile.xml.jaxb.AuthorityKeyIdentifier;
import org.xipki.ca.certprofile.xml.jaxb.AuthorizationTemplate;
import org.xipki.ca.certprofile.xml.jaxb.BasicConstraints;
import org.xipki.ca.certprofile.xml.jaxb.BiometricInfo;
import org.xipki.ca.certprofile.xml.jaxb.CertificatePolicies;
import org.xipki.ca.certprofile.xml.jaxb.ConstantExtValue;
import org.xipki.ca.certprofile.xml.jaxb.ExtendedKeyUsage;
import org.xipki.ca.certprofile.xml.jaxb.ExtensionType;
import org.xipki.ca.certprofile.xml.jaxb.ExtensionsType;
import org.xipki.ca.certprofile.xml.jaxb.InhibitAnyPolicy;
import org.xipki.ca.certprofile.xml.jaxb.IntWithDescType;
import org.xipki.ca.certprofile.xml.jaxb.KeyUsage;
import org.xipki.ca.certprofile.xml.jaxb.KeypairGenerationType;
import org.xipki.ca.certprofile.xml.jaxb.NameConstraints;
import org.xipki.ca.certprofile.xml.jaxb.PdsLocationType;
import org.xipki.ca.certprofile.xml.jaxb.PolicyConstraints;
import org.xipki.ca.certprofile.xml.jaxb.PolicyMappings;
import org.xipki.ca.certprofile.xml.jaxb.PrivateKeyUsagePeriod;
import org.xipki.ca.certprofile.xml.jaxb.QcEuLimitValueType;
import org.xipki.ca.certprofile.xml.jaxb.QcStatementType;
import org.xipki.ca.certprofile.xml.jaxb.QcStatementValueType;
import org.xipki.ca.certprofile.xml.jaxb.QcStatements;
import org.xipki.ca.certprofile.xml.jaxb.Range2Type;
import org.xipki.ca.certprofile.xml.jaxb.RdnType;
import org.xipki.ca.certprofile.xml.jaxb.Restriction;
import org.xipki.ca.certprofile.xml.jaxb.SmimeCapabilities;
import org.xipki.ca.certprofile.xml.jaxb.SmimeCapability;
import org.xipki.ca.certprofile.xml.jaxb.SubjectAltName;
import org.xipki.ca.certprofile.xml.jaxb.SubjectDirectoryAttributs;
import org.xipki.ca.certprofile.xml.jaxb.SubjectInfoAccess;
import org.xipki.ca.certprofile.xml.jaxb.SubjectToSubjectAltNameType;
import org.xipki.ca.certprofile.xml.jaxb.SubjectToSubjectAltNamesType;
import org.xipki.ca.certprofile.xml.jaxb.TlsFeature;
import org.xipki.ca.certprofile.xml.jaxb.TripleState;
import org.xipki.ca.certprofile.xml.jaxb.ValidityModel;
import org.xipki.ca.certprofile.xml.jaxb.X509ProfileType;
import org.xipki.security.ObjectIdentifiers;
import org.xipki.security.util.AlgorithmUtil;
import org.xipki.util.CollectionUtil;
import org.xipki.util.LogUtil;
import org.xipki.util.ParamUtil;
import org.xipki.util.StringUtil;

/* loaded from: input_file:org/xipki/ca/certprofile/xml/XmlCertprofile.class */
public class XmlCertprofile extends BaseCertprofile {
    private static final Logger LOG = LoggerFactory.getLogger(XmlCertprofile.class);
    private ExtensionValue additionalInformation;
    private AdmissionSyntaxOption admission;
    private AuthorityInfoAccessControl aiaControl;
    private Map<ASN1ObjectIdentifier, GeneralNameTag> subjectToSubjectAltNameModes;
    private Set<GeneralNameMode> subjectAltNameModes;
    private Map<ASN1ObjectIdentifier, Set<GeneralNameMode>> subjectInfoAccessModes;
    private ExtensionValue authorizationTemplate;
    private BiometricInfoOption biometricInfo;
    private CertLevel certLevel;
    private KeypairGenControl keypairGenControl;
    private ExtensionValue certificatePolicies;
    private Map<ASN1ObjectIdentifier, ExtensionValue> constantExtensions;
    private Set<ExtKeyUsageControl> extendedKeyusages;
    private Map<ASN1ObjectIdentifier, ExtensionControl> extensionControls;
    private boolean includeIssuerAndSerialInAki;
    private boolean incSerialNoIfSubjectExists;
    private ExtensionValue inhibitAnyPolicy;
    private Map<ASN1ObjectIdentifier, KeyParametersOption> keyAlgorithms;
    private Set<KeyUsageControl> keyusages;
    private Integer maxSize;
    private ExtensionValue nameConstraints;
    private Integer pathLen;
    private ExtensionValue policyConstraints;
    private ExtensionValue policyMappings;
    private CertValidity privateKeyUsagePeriod;
    private ExtensionValue qcStatments;
    private List<QcStatementOption> qcStatementsOption;
    private boolean raOnly;
    private ExtensionValue restriction;
    private boolean serialNumberInReqPermitted;
    private NotBeforeOption notBeforeOption;
    private List<String> signatureAlgorithms;
    private ExtensionValue smimeCapabilities;
    private SubjectControl subjectControl;
    private ExtensionValue tlsFeature;
    private CertValidity validity;
    private X509CertVersion version;
    private ExtensionValue validityModel;
    private SubjectDirectoryAttributesControl subjectDirAttrsControl;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.xipki.ca.certprofile.xml.XmlCertprofile$1, reason: invalid class name */
    /* loaded from: input_file:org/xipki/ca/certprofile/xml/XmlCertprofile$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$xipki$ca$api$profile$GeneralNameTag = new int[GeneralNameTag.values().length];

        static {
            try {
                $SwitchMap$org$xipki$ca$api$profile$GeneralNameTag[GeneralNameTag.rfc822Name.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$profile$GeneralNameTag[GeneralNameTag.dNSName.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$profile$GeneralNameTag[GeneralNameTag.uniformResourceIdentifier.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$profile$GeneralNameTag[GeneralNameTag.iPAddress.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$profile$GeneralNameTag[GeneralNameTag.directoryName.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$profile$GeneralNameTag[GeneralNameTag.registeredID.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            $SwitchMap$org$xipki$ca$certprofile$xml$jaxb$TripleState = new int[TripleState.values().length];
            try {
                $SwitchMap$org$xipki$ca$certprofile$xml$jaxb$TripleState[TripleState.FORBIDDEN.ordinal()] = 1;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$xipki$ca$certprofile$xml$jaxb$TripleState[TripleState.REQUIRED.ordinal()] = 2;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$xipki$ca$certprofile$xml$jaxb$TripleState[TripleState.OPTIONAL.ordinal()] = 3;
            } catch (NoSuchFieldError e9) {
            }
        }
    }

    private void reset() {
        this.additionalInformation = null;
        this.admission = null;
        this.aiaControl = null;
        this.subjectToSubjectAltNameModes = null;
        this.subjectAltNameModes = null;
        this.subjectInfoAccessModes = null;
        this.authorizationTemplate = null;
        this.biometricInfo = null;
        this.certLevel = null;
        this.keypairGenControl = null;
        this.certificatePolicies = null;
        this.constantExtensions = null;
        this.extendedKeyusages = null;
        this.extensionControls = null;
        this.includeIssuerAndSerialInAki = false;
        this.incSerialNoIfSubjectExists = false;
        this.inhibitAnyPolicy = null;
        this.keyAlgorithms = null;
        this.keyusages = null;
        this.maxSize = null;
        this.nameConstraints = null;
        this.pathLen = null;
        this.policyConstraints = null;
        this.policyMappings = null;
        this.privateKeyUsagePeriod = null;
        this.qcStatments = null;
        this.qcStatementsOption = null;
        this.raOnly = false;
        this.restriction = null;
        this.serialNumberInReqPermitted = true;
        this.signatureAlgorithms = null;
        this.notBeforeOption = null;
        this.smimeCapabilities = null;
        this.subjectControl = null;
        this.tlsFeature = null;
        this.validity = null;
        this.validityModel = null;
        this.version = null;
        this.subjectDirAttrsControl = null;
        extraReset();
    }

    protected void extraReset() {
    }

    public void initialize(String str) throws CertprofileException {
        byte[] bytes;
        ParamUtil.requireNonBlank("data", str);
        reset();
        try {
            try {
                bytes = str.getBytes("UTF-8");
            } catch (UnsupportedEncodingException e) {
                bytes = str.getBytes();
            }
            initialize0(XmlCertprofileUtil.parse(new ByteArrayInputStream(bytes)));
        } catch (RuntimeException e2) {
            LogUtil.error(LOG, e2);
            throw new CertprofileException("caught RuntimeException while initializing certprofile: " + e2.getMessage());
        }
    }

    public void initialize(X509ProfileType x509ProfileType) throws CertprofileException {
        ParamUtil.requireNonNull("conf", x509ProfileType);
        reset();
        try {
            initialize0(x509ProfileType);
        } catch (RuntimeException e) {
            LogUtil.error(LOG, e);
            throw new CertprofileException("caught RuntimeException while initializing certprofile: " + e.getMessage());
        }
    }

    private void initialize0(X509ProfileType x509ProfileType) throws CertprofileException {
        long j;
        if (x509ProfileType.getVersion() != null) {
            String version = x509ProfileType.getVersion();
            this.version = X509CertVersion.forName(version);
            if (this.version == null) {
                throw new CertprofileException(String.format("invalid version '%s'", version));
            }
        } else {
            this.version = X509CertVersion.v3;
        }
        if (x509ProfileType.getSignatureAlgorithms() != null) {
            List<String> algorithm = x509ProfileType.getSignatureAlgorithms().getAlgorithm();
            ArrayList arrayList = new ArrayList(algorithm.size());
            Iterator<String> it = algorithm.iterator();
            while (it.hasNext()) {
                try {
                    arrayList.add(AlgorithmUtil.canonicalizeSignatureAlgo(it.next()));
                } catch (NoSuchAlgorithmException e) {
                    throw new CertprofileException(e.getMessage(), e);
                }
            }
            this.signatureAlgorithms = Collections.unmodifiableList(arrayList);
        }
        this.raOnly = x509ProfileType.isRaOnly();
        this.maxSize = x509ProfileType.getMaxSize();
        this.validity = CertValidity.getInstance(x509ProfileType.getValidity());
        String certLevel = x509ProfileType.getCertLevel();
        if ("RootCA".equalsIgnoreCase(certLevel)) {
            this.certLevel = CertLevel.RootCA;
        } else if ("SubCA".equalsIgnoreCase(certLevel)) {
            this.certLevel = CertLevel.SubCA;
        } else {
            if (!"EndEntity".equalsIgnoreCase(certLevel)) {
                throw new CertprofileException("invalid CertLevel '" + certLevel + "'");
            }
            this.certLevel = CertLevel.EndEntity;
        }
        KeypairGenerationType keypairGeneration = x509ProfileType.getKeypairGeneration();
        if (keypairGeneration == null || keypairGeneration.getForbidden() != null) {
            this.keypairGenControl = KeypairGenControl.ForbiddenKeypairGenControl.INSTANCE;
        } else if (keypairGeneration.getInheritCA() != null) {
            this.keypairGenControl = KeypairGenControl.InheritCAKeypairGenControl.INSTANCE;
        } else if (keypairGeneration.getRsa() != null) {
            KeypairGenerationType.Rsa rsa = keypairGeneration.getRsa();
            BigInteger bigInteger = null;
            if (rsa.getPublicExponent() != null) {
                String publicExponent = rsa.getPublicExponent();
                bigInteger = StringUtil.startsWithIgnoreCase(publicExponent, "0x") ? new BigInteger(publicExponent.substring(2), 16) : new BigInteger(publicExponent);
            }
            this.keypairGenControl = new KeypairGenControl.RSAKeypairGenControl(rsa.getKeysize(), bigInteger, rsa.getAlgorithm() == null ? null : new ASN1ObjectIdentifier(rsa.getAlgorithm().getValue()));
        } else if (keypairGeneration.getEc() != null) {
            KeypairGenerationType.Ec ec = keypairGeneration.getEc();
            this.keypairGenControl = new KeypairGenControl.ECKeypairGenControl(new ASN1ObjectIdentifier(ec.getCurve().getValue()), ec.getAlgorithm() == null ? null : new ASN1ObjectIdentifier(ec.getAlgorithm().getValue()));
        } else {
            if (keypairGeneration.getDsa() == null) {
                throw new CertprofileException("unknown KeypairGeneration type " + keypairGeneration);
            }
            KeypairGenerationType.Dsa dsa = keypairGeneration.getDsa();
            this.keypairGenControl = new KeypairGenControl.DSAKeypairGenControl(dsa.getPLength(), dsa.getQLength() == null ? 0 : dsa.getQLength().intValue(), dsa.getAlgorithm() == null ? null : new ASN1ObjectIdentifier(dsa.getAlgorithm().getValue()));
        }
        String trim = x509ProfileType.getNotBeforeTime().toLowerCase().trim();
        Long l = null;
        TimeZone timeZone = null;
        if (trim.startsWith("midnight")) {
            int indexOf = trim.indexOf(58);
            String upperCase = indexOf == -1 ? "GMT+0" : trim.substring(indexOf + 1).toUpperCase();
            if (!Arrays.asList("GMT+0", "GMT+1", "GMT+2", "GMT+3", "GMT+4", "GMT+5", "GMT+6", "GMT+7", "GMT+8", "GMT+09", "GMT+10", "GMT+11", "GMT+12", "GMT-0", "GMT-1", "GMT-2", "GMT-3", "GMT-4", "GMT-5", "GMT-6", "GMT-7", "GMT-8", "GMT-09", "GMT-10", "GMT-11", "GMT-12").contains(upperCase)) {
                throw new CertprofileException("invalid time zone id " + upperCase);
            }
            timeZone = TimeZone.getTimeZone(upperCase);
        } else if ("current".equalsIgnoreCase(trim)) {
            l = 0L;
        } else {
            if (trim.length() <= 2) {
                throw new CertprofileException("invalid notBefore '" + trim + "'");
            }
            char charAt = trim.charAt(0);
            char charAt2 = trim.charAt(trim.length() - 1);
            if (charAt != '+' && charAt != '-') {
                throw new CertprofileException("invalid notBefore '" + trim + "'");
            }
            long parseLong = Long.parseLong(trim.substring(1, trim.length() - 1));
            switch (charAt2) {
                case 'd':
                    j = parseLong * 86400;
                    break;
                case 'h':
                    j = parseLong * 3600;
                    break;
                case 'm':
                    j = parseLong * 60;
                    break;
                case 's':
                    j = parseLong;
                    break;
                default:
                    throw new CertprofileException("invalid notBefore " + trim);
            }
            l = Long.valueOf(charAt == '+' ? j : (-1) * j);
        }
        if (l != null) {
            this.notBeforeOption = NotBeforeOption.getOffsetOption(l.longValue());
        } else {
            this.notBeforeOption = NotBeforeOption.getMidNightOption(timeZone);
        }
        this.serialNumberInReqPermitted = x509ProfileType.isSerialNumberInReq();
        X509ProfileType.KeyAlgorithms keyAlgorithms = x509ProfileType.getKeyAlgorithms();
        if (keyAlgorithms != null) {
            this.keyAlgorithms = XmlCertprofileUtil.buildKeyAlgorithms(keyAlgorithms);
        }
        X509ProfileType.Subject subject = x509ProfileType.getSubject();
        LinkedList linkedList = new LinkedList();
        for (RdnType rdnType : subject.getRdn()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = new ASN1ObjectIdentifier(rdnType.getType().getValue());
            Range range = (rdnType.getMinLen() == null && rdnType.getMaxLen() == null) ? null : new Range(rdnType.getMinLen(), rdnType.getMaxLen());
            RdnControl rdnControl = new RdnControl(aSN1ObjectIdentifier, rdnType.getMinOccurs(), rdnType.getMaxOccurs());
            linkedList.add(rdnControl);
            rdnControl.setStringType(XmlCertprofileUtil.convertStringType(rdnType.getStringType()));
            rdnControl.setStringLengthRange(range);
            if (rdnType.getRegex() != null) {
                rdnControl.setPattern(Pattern.compile(rdnType.getRegex()));
            }
            rdnControl.setPrefix(rdnType.getPrefix());
            rdnControl.setSuffix(rdnType.getSuffix());
            rdnControl.setGroup(rdnType.getGroup());
            SubjectDnSpec.fixRdnControl(rdnControl);
        }
        this.subjectControl = new SubjectControl(linkedList, subject.isKeepRdnOrder());
        this.incSerialNoIfSubjectExists = subject.isIncSerialNumber();
        ExtensionsType extensions = x509ProfileType.getExtensions();
        this.extensionControls = XmlCertprofileUtil.buildExtensionControls(extensions);
        HashSet hashSet = new HashSet(this.extensionControls.keySet());
        initSubjectToSubjectAltNames(extensions);
        initAdditionalInformation(hashSet, extensions);
        initAdmission(hashSet, extensions);
        initAuthorityInfoAccess(hashSet, extensions);
        initAuthorityKeyIdentifier(hashSet, extensions);
        initAuthorizationTemplate(hashSet, extensions);
        initBasicConstraints(hashSet, extensions);
        initBiometricInfo(hashSet, extensions);
        initCertificatePolicies(hashSet, extensions);
        initExtendedKeyUsage(hashSet, extensions);
        initInhibitAnyPolicy(hashSet, extensions);
        initKeyUsage(hashSet, extensions);
        initNameConstraints(hashSet, extensions);
        initPolicyConstraints(hashSet, extensions);
        initPolicyMappings(hashSet, extensions);
        initPrivateKeyUsagePeriod(hashSet, extensions);
        initQcStatements(hashSet, extensions);
        initRestriction(hashSet, extensions);
        initSmimeCapabilities(hashSet, extensions);
        initSubjectAlternativeName(hashSet, extensions);
        initSubjectInfoAccess(hashSet, extensions);
        initTlsFeature(hashSet, extensions);
        initValidityModel(hashSet, extensions);
        initSubjectDirAttrs(hashSet, extensions);
        this.constantExtensions = XmlCertprofileUtil.buildConstantExtesions(extensions);
        if (this.constantExtensions != null) {
            hashSet.removeAll(this.constantExtensions.keySet());
        }
        if (this.subjectToSubjectAltNameModes != null) {
            if (!this.extensionControls.containsKey(Extension.subjectAlternativeName)) {
                throw new CertprofileException("subjectToSubjectAltNames cannot be configured if extension subjectAltNames is not permitted");
            }
            if (this.subjectAltNameModes != null) {
                Iterator<ASN1ObjectIdentifier> it2 = this.subjectToSubjectAltNameModes.keySet().iterator();
                while (it2.hasNext()) {
                    GeneralNameTag generalNameTag = this.subjectToSubjectAltNameModes.get(it2.next());
                    boolean z = false;
                    Iterator<GeneralNameMode> it3 = this.subjectAltNameModes.iterator();
                    while (true) {
                        if (it3.hasNext()) {
                            if (it3.next().getTag() == generalNameTag) {
                                z = true;
                            }
                        }
                    }
                    if (!z) {
                        throw new CertprofileException("target SubjectAltName type " + generalNameTag + " is not allowed");
                    }
                }
            }
        }
        hashSet.remove(Extension.issuerAlternativeName);
        hashSet.remove(Extension.authorityInfoAccess);
        hashSet.remove(Extension.cRLDistributionPoints);
        hashSet.remove(Extension.freshestCRL);
        hashSet.remove(Extension.subjectKeyIdentifier);
        hashSet.remove(Extension.subjectInfoAccess);
        hashSet.remove(ObjectIdentifiers.id_extension_pkix_ocsp_nocheck);
        for (ASN1ObjectIdentifier aSN1ObjectIdentifier2 : new HashSet(hashSet)) {
            if (initExtraExtension(aSN1ObjectIdentifier2, this.extensionControls.get(aSN1ObjectIdentifier2), getExtensionValue(aSN1ObjectIdentifier2, extensions, Object.class))) {
                hashSet.remove(aSN1ObjectIdentifier2);
            }
        }
        if (!hashSet.isEmpty()) {
            throw new CertprofileException("Cannot process the extensions: " + hashSet);
        }
    }

    protected boolean initExtraExtension(ASN1ObjectIdentifier aSN1ObjectIdentifier, ExtensionControl extensionControl, Object obj) throws CertprofileException {
        return false;
    }

    private void initSubjectToSubjectAltNames(ExtensionsType extensionsType) throws CertprofileException {
        GeneralNameTag generalNameTag;
        SubjectToSubjectAltNamesType subjectToSubjectAltNames = extensionsType.getSubjectToSubjectAltNames();
        if (subjectToSubjectAltNames == null) {
            return;
        }
        this.subjectToSubjectAltNameModes = new HashMap();
        for (SubjectToSubjectAltNameType subjectToSubjectAltNameType : subjectToSubjectAltNames.getSubjectToSubjectAltName()) {
            SubjectToSubjectAltNameType.Target target = subjectToSubjectAltNameType.getTarget();
            if (target.getDirectoryName() != null) {
                generalNameTag = GeneralNameTag.directoryName;
            } else if (target.getDnsName() != null) {
                generalNameTag = GeneralNameTag.dNSName;
            } else if (target.getIpAddress() != null) {
                generalNameTag = GeneralNameTag.iPAddress;
            } else if (target.getRfc822Name() != null) {
                generalNameTag = GeneralNameTag.rfc822Name;
            } else if (target.getUniformResourceIdentifier() != null) {
                generalNameTag = GeneralNameTag.uniformResourceIdentifier;
            } else {
                if (target.getRegisteredID() == null) {
                    throw new RuntimeException("should not reach here, unknown SubjectToSubjectAltName target");
                }
                generalNameTag = GeneralNameTag.registeredID;
            }
            this.subjectToSubjectAltNameModes.put(new ASN1ObjectIdentifier(subjectToSubjectAltNameType.getSource().getValue()), generalNameTag);
        }
    }

    private void initAdditionalInformation(Set<ASN1ObjectIdentifier> set, ExtensionsType extensionsType) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = ObjectIdentifiers.id_extension_additionalInformation;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            AdditionalInformation additionalInformation = (AdditionalInformation) getExtensionValue(aSN1ObjectIdentifier, extensionsType, AdditionalInformation.class);
            if (additionalInformation == null) {
                return;
            }
            this.additionalInformation = new ExtensionValue(this.extensionControls.get(aSN1ObjectIdentifier).isCritical(), XmlCertprofileUtil.convertDirectoryStringType(additionalInformation.getType()).createDirectoryString(additionalInformation.getText()));
        }
    }

    private void initAdmission(Set<ASN1ObjectIdentifier> set, ExtensionsType extensionsType) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = ObjectIdentifiers.id_extension_admission;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            AdmissionSyntax admissionSyntax = (AdmissionSyntax) getExtensionValue(aSN1ObjectIdentifier, extensionsType, AdmissionSyntax.class);
            if (admissionSyntax == null) {
                return;
            }
            this.admission = XmlCertprofileUtil.buildAdmissionSyntax(this.extensionControls.get(aSN1ObjectIdentifier).isCritical(), admissionSyntax);
        }
    }

    private void initAuthorityInfoAccess(Set<ASN1ObjectIdentifier> set, ExtensionsType extensionsType) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.authorityInfoAccess;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            AuthorityInfoAccess authorityInfoAccess = (AuthorityInfoAccess) getExtensionValue(aSN1ObjectIdentifier, extensionsType, AuthorityInfoAccess.class);
            if (authorityInfoAccess == null) {
                return;
            }
            this.aiaControl = new AuthorityInfoAccessControl(authorityInfoAccess.isIncludeCaIssuers(), authorityInfoAccess.isIncludeOcsp());
        }
    }

    private void initAuthorityKeyIdentifier(Set<ASN1ObjectIdentifier> set, ExtensionsType extensionsType) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.authorityKeyIdentifier;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            AuthorityKeyIdentifier authorityKeyIdentifier = (AuthorityKeyIdentifier) getExtensionValue(aSN1ObjectIdentifier, extensionsType, AuthorityKeyIdentifier.class);
            if (authorityKeyIdentifier == null) {
                return;
            }
            this.includeIssuerAndSerialInAki = authorityKeyIdentifier.isIncludeIssuerAndSerial();
        }
    }

    private void initAuthorizationTemplate(Set<ASN1ObjectIdentifier> set, ExtensionsType extensionsType) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = ObjectIdentifiers.id_xipki_ext_authorizationTemplate;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            AuthorizationTemplate authorizationTemplate = (AuthorizationTemplate) getExtensionValue(aSN1ObjectIdentifier, extensionsType, AuthorizationTemplate.class);
            if (authorizationTemplate == null) {
                return;
            }
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(new ASN1ObjectIdentifier(authorizationTemplate.getType().getValue()));
            aSN1EncodableVector.add(new DEROctetString(authorizationTemplate.getAccessRights().getValue()));
            this.authorizationTemplate = new ExtensionValue(this.extensionControls.get(aSN1ObjectIdentifier).isCritical(), new DERSequence(aSN1EncodableVector));
        }
    }

    private void initBasicConstraints(Set<ASN1ObjectIdentifier> set, ExtensionsType extensionsType) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.basicConstraints;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            BasicConstraints basicConstraints = (BasicConstraints) getExtensionValue(aSN1ObjectIdentifier, extensionsType, BasicConstraints.class);
            if (basicConstraints == null) {
                return;
            }
            this.pathLen = Integer.valueOf(basicConstraints.getPathLen());
        }
    }

    private void initBiometricInfo(Set<ASN1ObjectIdentifier> set, ExtensionsType extensionsType) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.biometricInfo;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            BiometricInfo biometricInfo = (BiometricInfo) getExtensionValue(aSN1ObjectIdentifier, extensionsType, BiometricInfo.class);
            if (biometricInfo == null) {
                return;
            }
            try {
                this.biometricInfo = new BiometricInfoOption(biometricInfo);
            } catch (NoSuchAlgorithmException e) {
                throw new CertprofileException("NoSuchAlgorithmException: " + e.getMessage());
            }
        }
    }

    private void initCertificatePolicies(Set<ASN1ObjectIdentifier> set, ExtensionsType extensionsType) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.certificatePolicies;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            CertificatePolicies certificatePolicies = (CertificatePolicies) getExtensionValue(aSN1ObjectIdentifier, extensionsType, CertificatePolicies.class);
            if (certificatePolicies == null) {
                return;
            }
            this.certificatePolicies = new ExtensionValue(this.extensionControls.get(aSN1ObjectIdentifier).isCritical(), XmlCertprofileUtil.createCertificatePolicies(XmlCertprofileUtil.buildCertificatePolicies(certificatePolicies)));
        }
    }

    private void initExtendedKeyUsage(Set<ASN1ObjectIdentifier> set, ExtensionsType extensionsType) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.extendedKeyUsage;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            ExtendedKeyUsage extendedKeyUsage = (ExtendedKeyUsage) getExtensionValue(aSN1ObjectIdentifier, extensionsType, ExtendedKeyUsage.class);
            if (extendedKeyUsage == null) {
                return;
            }
            this.extendedKeyusages = XmlCertprofileUtil.buildExtKeyUsageOptions(extendedKeyUsage);
        }
    }

    private void initInhibitAnyPolicy(Set<ASN1ObjectIdentifier> set, ExtensionsType extensionsType) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.inhibitAnyPolicy;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            InhibitAnyPolicy inhibitAnyPolicy = (InhibitAnyPolicy) getExtensionValue(aSN1ObjectIdentifier, extensionsType, InhibitAnyPolicy.class);
            if (inhibitAnyPolicy == null) {
                return;
            }
            int skipCerts = inhibitAnyPolicy.getSkipCerts();
            if (skipCerts < 0) {
                throw new CertprofileException("negative inhibitAnyPolicy.skipCerts is not allowed: " + skipCerts);
            }
            this.inhibitAnyPolicy = new ExtensionValue(this.extensionControls.get(aSN1ObjectIdentifier).isCritical(), new ASN1Integer(BigInteger.valueOf(skipCerts)));
        }
    }

    private void initKeyUsage(Set<ASN1ObjectIdentifier> set, ExtensionsType extensionsType) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.keyUsage;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            KeyUsage keyUsage = (KeyUsage) getExtensionValue(aSN1ObjectIdentifier, extensionsType, KeyUsage.class);
            if (keyUsage == null) {
                return;
            }
            this.keyusages = XmlCertprofileUtil.buildKeyUsageOptions(keyUsage);
        }
    }

    private void initNameConstraints(Set<ASN1ObjectIdentifier> set, ExtensionsType extensionsType) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.nameConstraints;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            NameConstraints nameConstraints = (NameConstraints) getExtensionValue(aSN1ObjectIdentifier, extensionsType, NameConstraints.class);
            if (nameConstraints == null) {
                return;
            }
            this.nameConstraints = new ExtensionValue(this.extensionControls.get(aSN1ObjectIdentifier).isCritical(), XmlCertprofileUtil.buildNameConstrains(nameConstraints));
        }
    }

    private void initPrivateKeyUsagePeriod(Set<ASN1ObjectIdentifier> set, ExtensionsType extensionsType) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.privateKeyUsagePeriod;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            PrivateKeyUsagePeriod privateKeyUsagePeriod = (PrivateKeyUsagePeriod) getExtensionValue(aSN1ObjectIdentifier, extensionsType, PrivateKeyUsagePeriod.class);
            if (privateKeyUsagePeriod == null) {
                return;
            }
            this.privateKeyUsagePeriod = CertValidity.getInstance(privateKeyUsagePeriod.getValidity());
        }
    }

    private void initPolicyConstraints(Set<ASN1ObjectIdentifier> set, ExtensionsType extensionsType) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.policyConstraints;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            PolicyConstraints policyConstraints = (PolicyConstraints) getExtensionValue(aSN1ObjectIdentifier, extensionsType, PolicyConstraints.class);
            if (policyConstraints == null) {
                return;
            }
            this.policyConstraints = new ExtensionValue(this.extensionControls.get(aSN1ObjectIdentifier).isCritical(), XmlCertprofileUtil.buildPolicyConstrains(policyConstraints));
        }
    }

    private void initPolicyMappings(Set<ASN1ObjectIdentifier> set, ExtensionsType extensionsType) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.policyMappings;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            PolicyMappings policyMappings = (PolicyMappings) getExtensionValue(aSN1ObjectIdentifier, extensionsType, PolicyMappings.class);
            if (policyMappings == null) {
                return;
            }
            this.policyMappings = new ExtensionValue(this.extensionControls.get(aSN1ObjectIdentifier).isCritical(), XmlCertprofileUtil.buildPolicyMappings(policyMappings));
        }
    }

    private void initQcStatements(Set<ASN1ObjectIdentifier> set, ExtensionsType extensionsType) throws CertprofileException {
        QcStatementOption qcStatementOption;
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.qCStatements;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            QcStatements qcStatements = (QcStatements) getExtensionValue(aSN1ObjectIdentifier, extensionsType, QcStatements.class);
            if (qcStatements == null) {
                return;
            }
            List<QcStatementType> qcStatement = qcStatements.getQcStatement();
            this.qcStatementsOption = new ArrayList(qcStatement.size());
            HashSet hashSet = new HashSet();
            boolean z = false;
            for (QcStatementType qcStatementType : qcStatement) {
                ASN1ObjectIdentifier aSN1ObjectIdentifier2 = new ASN1ObjectIdentifier(qcStatementType.getStatementId().getValue());
                QcStatementValueType statementValue = qcStatementType.getStatementValue();
                if (statementValue == null) {
                    qcStatementOption = new QcStatementOption(new QCStatement(aSN1ObjectIdentifier2));
                } else if (statementValue.getQcRetentionPeriod() != null) {
                    qcStatementOption = new QcStatementOption(new QCStatement(aSN1ObjectIdentifier2, new ASN1Integer(statementValue.getQcRetentionPeriod().intValue())));
                } else if (statementValue.getConstant() != null) {
                    try {
                        qcStatementOption = new QcStatementOption(new QCStatement(aSN1ObjectIdentifier2, new ASN1StreamParser(statementValue.getConstant().getValue()).readObject()));
                    } catch (IOException e) {
                        throw new CertprofileException("can not parse the constant value of QcStatement");
                    }
                } else if (statementValue.getQcEuLimitValue() != null) {
                    QcEuLimitValueType qcEuLimitValue = statementValue.getQcEuLimitValue();
                    String upperCase = qcEuLimitValue.getCurrency().toUpperCase();
                    if (hashSet.contains(upperCase)) {
                        throw new CertprofileException("Duplicated definition of qcStatments with QCEuLimitValue for the currency " + upperCase);
                    }
                    Iso4217CurrencyCode iso4217CurrencyCode = StringUtil.isNumber(upperCase) ? new Iso4217CurrencyCode(Integer.parseInt(upperCase)) : new Iso4217CurrencyCode(upperCase);
                    Range2Type amount = qcEuLimitValue.getAmount();
                    Range2Type exponent = qcEuLimitValue.getExponent();
                    if (amount.getMin() == amount.getMax() && exponent.getMin() == exponent.getMax()) {
                        qcStatementOption = new QcStatementOption(new QCStatement(aSN1ObjectIdentifier2, new MonetaryValue(iso4217CurrencyCode, amount.getMin(), exponent.getMin())));
                    } else {
                        qcStatementOption = new QcStatementOption(aSN1ObjectIdentifier2, new MonetaryValueOption(iso4217CurrencyCode, amount, exponent));
                        z = true;
                    }
                    hashSet.add(upperCase);
                } else {
                    if (statementValue.getPdsLocations() == null) {
                        throw new RuntimeException("unknown value of qcStatment");
                    }
                    ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                    for (PdsLocationType pdsLocationType : statementValue.getPdsLocations().getPdsLocation()) {
                        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                        aSN1EncodableVector2.add(new DERIA5String(pdsLocationType.getUrl()));
                        String language = pdsLocationType.getLanguage();
                        if (language.length() != 2) {
                            throw new RuntimeException("invalid language '" + language + "'");
                        }
                        aSN1EncodableVector2.add(new DERPrintableString(language));
                        aSN1EncodableVector.add(new DERSequence(aSN1EncodableVector2));
                    }
                    qcStatementOption = new QcStatementOption(new QCStatement(aSN1ObjectIdentifier2, new DERSequence(aSN1EncodableVector)));
                }
                this.qcStatementsOption.add(qcStatementOption);
            }
            if (z) {
                return;
            }
            ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
            for (QcStatementOption qcStatementOption2 : this.qcStatementsOption) {
                if (qcStatementOption2.getStatement() == null) {
                    throw new RuntimeException("should not reach here");
                }
                aSN1EncodableVector3.add(qcStatementOption2.getStatement());
            }
            this.qcStatments = new ExtensionValue(this.extensionControls.get(aSN1ObjectIdentifier).isCritical(), new DERSequence(aSN1EncodableVector3));
            this.qcStatementsOption = null;
        }
    }

    private void initRestriction(Set<ASN1ObjectIdentifier> set, ExtensionsType extensionsType) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = ObjectIdentifiers.id_extension_restriction;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            Restriction restriction = (Restriction) getExtensionValue(aSN1ObjectIdentifier, extensionsType, Restriction.class);
            if (restriction == null) {
                return;
            }
            this.restriction = new ExtensionValue(this.extensionControls.get(aSN1ObjectIdentifier).isCritical(), XmlCertprofileUtil.convertDirectoryStringType(restriction.getType()).createDirectoryString(restriction.getText()));
        }
    }

    private void initSmimeCapabilities(Set<ASN1ObjectIdentifier> set, ExtensionsType extensionsType) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = ObjectIdentifiers.id_smimeCapabilities;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            SmimeCapabilities smimeCapabilities = (SmimeCapabilities) getExtensionValue(aSN1ObjectIdentifier, extensionsType, SmimeCapabilities.class);
            if (smimeCapabilities == null) {
                return;
            }
            List<SmimeCapability> smimeCapability = smimeCapabilities.getSmimeCapability();
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            for (SmimeCapability smimeCapability2 : smimeCapability) {
                ASN1ObjectIdentifier aSN1ObjectIdentifier2 = new ASN1ObjectIdentifier(smimeCapability2.getCapabilityId().getValue());
                ASN1Integer aSN1Integer = null;
                SmimeCapability.Parameters parameters = smimeCapability2.getParameters();
                if (parameters != null) {
                    if (parameters.getInteger() != null) {
                        aSN1Integer = new ASN1Integer(parameters.getInteger());
                    } else if (parameters.getBase64Binary() != null) {
                        aSN1Integer = readAsn1Encodable(parameters.getBase64Binary().getValue());
                    }
                }
                aSN1EncodableVector.add(new SMIMECapability(aSN1ObjectIdentifier2, aSN1Integer));
            }
            this.smimeCapabilities = new ExtensionValue(this.extensionControls.get(aSN1ObjectIdentifier).isCritical(), new DERSequence(aSN1EncodableVector));
        }
    }

    private void initSubjectAlternativeName(Set<ASN1ObjectIdentifier> set, ExtensionsType extensionsType) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.subjectAlternativeName;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            SubjectAltName subjectAltName = (SubjectAltName) getExtensionValue(aSN1ObjectIdentifier, extensionsType, SubjectAltName.class);
            if (subjectAltName == null) {
                return;
            }
            this.subjectAltNameModes = XmlCertprofileUtil.buildGeneralNameMode(subjectAltName);
        }
    }

    private void initSubjectInfoAccess(Set<ASN1ObjectIdentifier> set, ExtensionsType extensionsType) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.subjectInfoAccess;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            SubjectInfoAccess subjectInfoAccess = (SubjectInfoAccess) getExtensionValue(aSN1ObjectIdentifier, extensionsType, SubjectInfoAccess.class);
            if (subjectInfoAccess == null) {
                return;
            }
            List<SubjectInfoAccess.Access> access = subjectInfoAccess.getAccess();
            this.subjectInfoAccessModes = new HashMap();
            for (SubjectInfoAccess.Access access2 : access) {
                this.subjectInfoAccessModes.put(new ASN1ObjectIdentifier(access2.getAccessMethod().getValue()), XmlCertprofileUtil.buildGeneralNameMode(access2.getAccessLocation()));
            }
        }
    }

    private void initTlsFeature(Set<ASN1ObjectIdentifier> set, ExtensionsType extensionsType) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = ObjectIdentifiers.id_pe_tlsfeature;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            TlsFeature tlsFeature = (TlsFeature) getExtensionValue(aSN1ObjectIdentifier, extensionsType, TlsFeature.class);
            if (tlsFeature == null) {
                return;
            }
            ArrayList arrayList = new ArrayList(tlsFeature.getFeature().size());
            Iterator<IntWithDescType> it = tlsFeature.getFeature().iterator();
            while (it.hasNext()) {
                int value = it.next().getValue();
                if (value < 0 || value > 65535) {
                    throw new CertprofileException("invalid TLS feature (extensionType) " + value);
                }
                arrayList.add(Integer.valueOf(value));
            }
            Collections.sort(arrayList);
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            Iterator it2 = arrayList.iterator();
            while (it2.hasNext()) {
                aSN1EncodableVector.add(new ASN1Integer(((Integer) it2.next()).intValue()));
            }
            this.tlsFeature = new ExtensionValue(this.extensionControls.get(aSN1ObjectIdentifier).isCritical(), new DERSequence(aSN1EncodableVector));
        }
    }

    private void initValidityModel(Set<ASN1ObjectIdentifier> set, ExtensionsType extensionsType) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = ObjectIdentifiers.id_extension_validityModel;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            ValidityModel validityModel = (ValidityModel) getExtensionValue(aSN1ObjectIdentifier, extensionsType, ValidityModel.class);
            if (validityModel == null) {
                return;
            }
            this.validityModel = new ExtensionValue(this.extensionControls.get(aSN1ObjectIdentifier).isCritical(), new DERSequence(new ASN1ObjectIdentifier(validityModel.getModelId().getValue())));
        }
    }

    private void initSubjectDirAttrs(Set<ASN1ObjectIdentifier> set, ExtensionsType extensionsType) throws CertprofileException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.subjectDirectoryAttributes;
        if (this.extensionControls.containsKey(aSN1ObjectIdentifier)) {
            set.remove(aSN1ObjectIdentifier);
            SubjectDirectoryAttributs subjectDirectoryAttributs = (SubjectDirectoryAttributs) getExtensionValue(aSN1ObjectIdentifier, extensionsType, SubjectDirectoryAttributs.class);
            if (subjectDirectoryAttributs == null) {
                return;
            }
            this.subjectDirAttrsControl = new SubjectDirectoryAttributesControl(XmlCertprofileUtil.toOidList(subjectDirectoryAttributs.getType()));
        }
    }

    public CertValidity getValidity() {
        return this.validity;
    }

    public ExtensionValues getExtensions(Map<ASN1ObjectIdentifier, ExtensionControl> map, X500Name x500Name, X500Name x500Name2, Extensions extensions, Date date, Date date2, PublicCaInfo publicCaInfo) throws CertprofileException, BadCertTemplateException {
        ExtensionValue extensionValue;
        Date add;
        GeneralNames createRequestedSubjectAltNames;
        ExtensionValues extensionValues = new ExtensionValues();
        if (CollectionUtil.isEmpty(map)) {
            return extensionValues;
        }
        ParamUtil.requireNonNull("requestedSubject", x500Name);
        ParamUtil.requireNonNull("notBefore", date);
        ParamUtil.requireNonNull("notAfter", date2);
        HashSet hashSet = new HashSet(map.keySet());
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.certificatePolicies;
        if (this.certificatePolicies != null && hashSet.remove(aSN1ObjectIdentifier)) {
            extensionValues.addExtension(aSN1ObjectIdentifier, this.certificatePolicies);
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier2 = Extension.policyMappings;
        if (this.policyMappings != null && hashSet.remove(aSN1ObjectIdentifier2)) {
            extensionValues.addExtension(aSN1ObjectIdentifier2, this.policyMappings);
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier3 = Extension.subjectAlternativeName;
        if (hashSet.contains(aSN1ObjectIdentifier3) && (createRequestedSubjectAltNames = createRequestedSubjectAltNames(x500Name, x500Name2, extensions)) != null) {
            extensionValues.addExtension(aSN1ObjectIdentifier3, new ExtensionValue(this.extensionControls.get(aSN1ObjectIdentifier3).isCritical(), createRequestedSubjectAltNames));
            hashSet.remove(aSN1ObjectIdentifier3);
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier4 = Extension.subjectDirectoryAttributes;
        if (hashSet.contains(aSN1ObjectIdentifier4) && this.subjectDirAttrsControl != null) {
            Extension extension = extensions == null ? null : extensions.getExtension(aSN1ObjectIdentifier4);
            if (extension == null) {
                throw new BadCertTemplateException("no SubjectDirecotryAttributes extension is contained in the request");
            }
            ASN1GeneralizedTime aSN1GeneralizedTime = null;
            String str = null;
            String str2 = null;
            LinkedList<String> linkedList = new LinkedList();
            LinkedList<String> linkedList2 = new LinkedList();
            HashMap hashMap = new HashMap();
            Vector attributes = SubjectDirectoryAttributes.getInstance(extension.getParsedValue()).getAttributes();
            int size = attributes.size();
            for (int i = 0; i < size; i++) {
                Attribute attribute = (Attribute) attributes.get(i);
                ASN1ObjectIdentifier attrType = attribute.getAttrType();
                ASN1Encodable aSN1Encodable = attribute.getAttributeValues()[0];
                if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(attrType)) {
                    aSN1GeneralizedTime = ASN1GeneralizedTime.getInstance(aSN1Encodable);
                } else if (ObjectIdentifiers.DN_PLACE_OF_BIRTH.equals(attrType)) {
                    str = DirectoryString.getInstance(aSN1Encodable).getString();
                } else if (ObjectIdentifiers.DN_GENDER.equals(attrType)) {
                    str2 = DERPrintableString.getInstance(aSN1Encodable).getString();
                } else if (ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP.equals(attrType)) {
                    linkedList.add(DERPrintableString.getInstance(aSN1Encodable).getString());
                } else if (ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE.equals(attrType)) {
                    linkedList2.add(DERPrintableString.getInstance(aSN1Encodable).getString());
                } else {
                    List list = (List) hashMap.get(attrType);
                    if (list == null) {
                        list = new LinkedList();
                        hashMap.put(attrType, list);
                    }
                    list.add(aSN1Encodable);
                }
            }
            Vector vector = new Vector();
            for (ASN1ObjectIdentifier aSN1ObjectIdentifier5 : this.subjectDirAttrsControl.getTypes()) {
                if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(aSN1ObjectIdentifier5)) {
                    if (aSN1GeneralizedTime == null) {
                        throw new BadCertTemplateException("could not process type " + aSN1ObjectIdentifier5.getId() + " in extension SubjectDirectoryAttributes");
                    }
                    String timeString = aSN1GeneralizedTime.getTimeString();
                    if (!SubjectDnSpec.PATTERN_DATE_OF_BIRTH.matcher(timeString).matches()) {
                        throw new BadCertTemplateException("invalid dateOfBirth " + timeString);
                    }
                    vector.add(new Attribute(aSN1ObjectIdentifier5, new DERSet(aSN1GeneralizedTime)));
                } else if (ObjectIdentifiers.DN_PLACE_OF_BIRTH.equals(aSN1ObjectIdentifier5)) {
                    if (str == null) {
                        throw new BadCertTemplateException("could not process type " + aSN1ObjectIdentifier5.getId() + " in extension SubjectDirectoryAttributes");
                    }
                    vector.add(new Attribute(aSN1ObjectIdentifier5, new DERSet(new DERUTF8String(str))));
                } else {
                    if (ObjectIdentifiers.DN_GENDER.equals(aSN1ObjectIdentifier5)) {
                        if (str2 != null && !str2.isEmpty()) {
                            char charAt = str2.charAt(0);
                            if (str2.length() != 1 || (charAt != 'f' && charAt != 'F' && charAt != 'm' && charAt != 'M')) {
                                throw new BadCertTemplateException("invalid gender " + str2);
                            }
                            vector.add(new Attribute(aSN1ObjectIdentifier5, new DERSet(new DERPrintableString(str2))));
                        }
                        throw new BadCertTemplateException("could not process type " + aSN1ObjectIdentifier5.getId() + " in extension SubjectDirectoryAttributes");
                    }
                    if (ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP.equals(aSN1ObjectIdentifier5)) {
                        if (linkedList.isEmpty()) {
                            throw new BadCertTemplateException("could not process type " + aSN1ObjectIdentifier5.getId() + " in extension SubjectDirectoryAttributes");
                        }
                        for (String str3 : linkedList) {
                            if (!SubjectDnSpec.isValidCountryAreaCode(str3)) {
                                throw new BadCertTemplateException("invalid countryOfCitizenship code " + str3);
                            }
                            vector.add(new Attribute(aSN1ObjectIdentifier5, new DERSet(new DERPrintableString(str3))));
                        }
                    } else if (ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE.equals(aSN1ObjectIdentifier5)) {
                        if (linkedList2.isEmpty()) {
                            throw new BadCertTemplateException("could not process type " + aSN1ObjectIdentifier5.getId() + " in extension SubjectDirectoryAttributes");
                        }
                        for (String str4 : linkedList2) {
                            if (!SubjectDnSpec.isValidCountryAreaCode(str4)) {
                                throw new BadCertTemplateException("invalid countryOfResidence code " + str4);
                            }
                            vector.add(new Attribute(aSN1ObjectIdentifier5, new DERSet(new DERPrintableString(str4))));
                        }
                    } else {
                        if (!hashMap.containsKey(aSN1ObjectIdentifier5)) {
                            throw new BadCertTemplateException("could not process type " + aSN1ObjectIdentifier5.getId() + " in extension SubjectDirectoryAttributes");
                        }
                        Iterator it = ((List) hashMap.get(aSN1ObjectIdentifier5)).iterator();
                        while (it.hasNext()) {
                            vector.add(new Attribute(aSN1ObjectIdentifier5, new DERSet((ASN1Encodable) it.next())));
                        }
                    }
                }
            }
            extensionValues.addExtension(aSN1ObjectIdentifier4, new ExtensionValue(this.extensionControls.get(aSN1ObjectIdentifier4).isCritical(), new SubjectDirectoryAttributes(vector)));
            hashSet.remove(aSN1ObjectIdentifier4);
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier6 = Extension.nameConstraints;
        if (this.nameConstraints != null && hashSet.remove(aSN1ObjectIdentifier6)) {
            extensionValues.addExtension(aSN1ObjectIdentifier6, this.nameConstraints);
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier7 = Extension.policyConstraints;
        if (this.policyConstraints != null && hashSet.remove(aSN1ObjectIdentifier7)) {
            extensionValues.addExtension(aSN1ObjectIdentifier7, this.policyConstraints);
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier8 = Extension.inhibitAnyPolicy;
        if (this.inhibitAnyPolicy != null && hashSet.remove(aSN1ObjectIdentifier8)) {
            extensionValues.addExtension(aSN1ObjectIdentifier8, this.inhibitAnyPolicy);
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier9 = ObjectIdentifiers.id_extension_admission;
        if (hashSet.contains(aSN1ObjectIdentifier9) && this.admission != null) {
            if (this.admission.isInputFromRequestRequired()) {
                Extension extension2 = extensions == null ? null : extensions.getExtension(aSN1ObjectIdentifier9);
                if (extension2 == null) {
                    throw new BadCertTemplateException("No Admission extension is contained in the request");
                }
                Admissions[] contentsOfAdmissions = org.bouncycastle.asn1.isismtt.x509.AdmissionSyntax.getInstance(extension2.getParsedValue()).getContentsOfAdmissions();
                ArrayList arrayList = new ArrayList(contentsOfAdmissions.length);
                for (Admissions admissions : contentsOfAdmissions) {
                    ProfessionInfo[] professionInfos = admissions.getProfessionInfos();
                    ArrayList arrayList2 = new ArrayList(professionInfos.length);
                    arrayList.add(arrayList2);
                    for (ProfessionInfo professionInfo : professionInfos) {
                        arrayList2.add(professionInfo.getRegistrationNumber());
                    }
                }
                extensionValues.addExtension(aSN1ObjectIdentifier9, this.admission.getExtensionValue(arrayList));
                hashSet.remove(aSN1ObjectIdentifier9);
            } else {
                extensionValues.addExtension(aSN1ObjectIdentifier9, this.admission.getExtensionValue(null));
                hashSet.remove(aSN1ObjectIdentifier9);
            }
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier10 = ObjectIdentifiers.id_extension_restriction;
        if (this.restriction != null && hashSet.remove(aSN1ObjectIdentifier10)) {
            extensionValues.addExtension(aSN1ObjectIdentifier10, this.restriction);
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier11 = ObjectIdentifiers.id_extension_additionalInformation;
        if (this.additionalInformation != null && hashSet.remove(aSN1ObjectIdentifier11)) {
            extensionValues.addExtension(aSN1ObjectIdentifier11, this.additionalInformation);
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier12 = ObjectIdentifiers.id_extension_validityModel;
        if (this.validityModel != null && hashSet.remove(aSN1ObjectIdentifier12)) {
            extensionValues.addExtension(aSN1ObjectIdentifier12, this.validityModel);
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier13 = Extension.privateKeyUsagePeriod;
        if (hashSet.contains(aSN1ObjectIdentifier13)) {
            if (this.privateKeyUsagePeriod == null) {
                add = date2;
            } else {
                add = this.privateKeyUsagePeriod.add(date);
                if (add.after(date2)) {
                    add = date2;
                }
            }
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(new DERTaggedObject(false, 0, new DERGeneralizedTime(date)));
            aSN1EncodableVector.add(new DERTaggedObject(false, 1, new DERGeneralizedTime(add)));
            extensionValues.addExtension(aSN1ObjectIdentifier13, new ExtensionValue(this.extensionControls.get(aSN1ObjectIdentifier13).isCritical(), new DERSequence(aSN1EncodableVector)));
            hashSet.remove(aSN1ObjectIdentifier13);
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier14 = Extension.qCStatements;
        if (hashSet.contains(aSN1ObjectIdentifier14) && (this.qcStatments != null || this.qcStatementsOption != null)) {
            if (this.qcStatments != null) {
                extensionValues.addExtension(aSN1ObjectIdentifier14, this.qcStatments);
                hashSet.remove(aSN1ObjectIdentifier14);
            } else {
                if (extensions == null || this.qcStatementsOption == null) {
                    throw new RuntimeException("should not reach here");
                }
                Extension extension3 = extensions.getExtension(aSN1ObjectIdentifier14);
                if (extension3 == null) {
                    throw new BadCertTemplateException("No QCStatement extension is contained in the request");
                }
                ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(extension3.getParsedValue());
                HashMap hashMap2 = new HashMap();
                int size2 = aSN1Sequence.size();
                for (int i2 = 0; i2 < size2; i2++) {
                    QCStatement qCStatement = QCStatement.getInstance(aSN1Sequence.getObjectAt(i2));
                    if (ObjectIdentifiers.id_etsi_qcs_QcLimitValue.equals(qCStatement.getStatementId())) {
                        MonetaryValue monetaryValue = MonetaryValue.getInstance(qCStatement.getStatementInfo());
                        int intValue = monetaryValue.getAmount().intValue();
                        int intValue2 = monetaryValue.getExponent().intValue();
                        Iso4217CurrencyCode currency = monetaryValue.getCurrency();
                        hashMap2.put(currency.isAlphabetic() ? currency.getAlphabetic().toUpperCase() : Integer.toString(currency.getNumeric()), new int[]{intValue, intValue2});
                    }
                }
                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                for (QcStatementOption qcStatementOption : this.qcStatementsOption) {
                    if (qcStatementOption.getStatement() != null) {
                        aSN1EncodableVector2.add(qcStatementOption.getStatement());
                    } else {
                        MonetaryValueOption monetaryValueOption = qcStatementOption.getMonetaryValueOption();
                        String currencyString = monetaryValueOption.getCurrencyString();
                        int[] iArr = (int[]) hashMap2.get(currencyString);
                        if (iArr == null) {
                            throw new BadCertTemplateException("no EuLimitValue is specified for currency '" + currencyString + "'");
                        }
                        int i3 = iArr[0];
                        Range2Type amountRange = monetaryValueOption.getAmountRange();
                        if (i3 < amountRange.getMin() || i3 > amountRange.getMax()) {
                            throw new BadCertTemplateException("amount for currency '" + currencyString + "' is not within [" + amountRange.getMin() + ", " + amountRange.getMax() + "]");
                        }
                        int i4 = iArr[1];
                        Range2Type exponentRange = monetaryValueOption.getExponentRange();
                        if (i4 < exponentRange.getMin() || i4 > exponentRange.getMax()) {
                            throw new BadCertTemplateException("exponent for currency '" + currencyString + "' is not within [" + exponentRange.getMin() + ", " + exponentRange.getMax() + "]");
                        }
                        aSN1EncodableVector2.add(new QCStatement(qcStatementOption.getStatementId(), new MonetaryValue(monetaryValueOption.getCurrency(), i3, i4)));
                    }
                }
                extensionValues.addExtension(aSN1ObjectIdentifier14, new ExtensionValue(this.extensionControls.get(aSN1ObjectIdentifier14).isCritical(), new DERSequence(aSN1EncodableVector2)));
                hashSet.remove(aSN1ObjectIdentifier14);
            }
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier15 = Extension.biometricInfo;
        if (hashSet.contains(aSN1ObjectIdentifier15) && this.biometricInfo != null) {
            Extension extension4 = extensions == null ? null : extensions.getExtension(aSN1ObjectIdentifier15);
            if (extension4 == null) {
                throw new BadCertTemplateException("no biometricInfo extension is contained in the request");
            }
            ASN1Sequence aSN1Sequence2 = ASN1Sequence.getInstance(extension4.getParsedValue());
            int size3 = aSN1Sequence2.size();
            if (size3 < 1) {
                throw new BadCertTemplateException("biometricInfo extension in request contains empty sequence");
            }
            ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
            for (int i5 = 0; i5 < size3; i5++) {
                BiometricData biometricData = BiometricData.getInstance(aSN1Sequence2.getObjectAt(i5));
                TypeOfBiometricData typeOfBiometricData = biometricData.getTypeOfBiometricData();
                if (!this.biometricInfo.isTypePermitted(typeOfBiometricData)) {
                    throw new BadCertTemplateException("biometricInfo[" + i5 + "].typeOfBiometricData is not permitted");
                }
                ASN1ObjectIdentifier algorithm = biometricData.getHashAlgorithm().getAlgorithm();
                if (!this.biometricInfo.isHashAlgorithmPermitted(algorithm)) {
                    throw new BadCertTemplateException("biometricInfo[" + i5 + "].hashAlgorithm is not permitted");
                }
                try {
                    int hashOutputSizeInOctets = AlgorithmUtil.getHashOutputSizeInOctets(algorithm);
                    byte[] octets = biometricData.getBiometricDataHash().getOctets();
                    if (octets.length != hashOutputSizeInOctets) {
                        throw new BadCertTemplateException("biometricInfo[" + i5 + "].biometricDataHash has incorrect length");
                    }
                    DERIA5String sourceDataUri = biometricData.getSourceDataUri();
                    switch (this.biometricInfo.getSourceDataUriOccurrence()) {
                        case FORBIDDEN:
                            sourceDataUri = null;
                            break;
                        case REQUIRED:
                            if (sourceDataUri == null) {
                                throw new BadCertTemplateException("biometricInfo[" + i5 + "].sourceDataUri is not specified in request but is required");
                            }
                            break;
                        case OPTIONAL:
                            break;
                        default:
                            throw new BadCertTemplateException("could not reach here, unknown tripleState");
                    }
                    aSN1EncodableVector3.add(new BiometricData(typeOfBiometricData, new AlgorithmIdentifier(algorithm, DERNull.INSTANCE), new DEROctetString(octets), sourceDataUri));
                } catch (NoSuchAlgorithmException e) {
                    throw new CertprofileException("should not happen, unknown hash algorithm " + algorithm);
                }
            }
            extensionValues.addExtension(aSN1ObjectIdentifier15, new ExtensionValue(this.extensionControls.get(aSN1ObjectIdentifier15).isCritical(), new DERSequence(aSN1EncodableVector3)));
            hashSet.remove(aSN1ObjectIdentifier15);
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier16 = ObjectIdentifiers.id_pe_tlsfeature;
        if (this.tlsFeature != null && hashSet.remove(aSN1ObjectIdentifier16)) {
            extensionValues.addExtension(aSN1ObjectIdentifier16, this.tlsFeature);
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier17 = ObjectIdentifiers.id_xipki_ext_authorizationTemplate;
        if (this.authorizationTemplate != null && hashSet.remove(aSN1ObjectIdentifier17)) {
            extensionValues.addExtension(aSN1ObjectIdentifier17, this.authorizationTemplate);
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier18 = ObjectIdentifiers.id_smimeCapabilities;
        if (this.smimeCapabilities != null && hashSet.remove(aSN1ObjectIdentifier18)) {
            extensionValues.addExtension(aSN1ObjectIdentifier18, this.smimeCapabilities);
        }
        if (this.constantExtensions != null) {
            for (ASN1ObjectIdentifier aSN1ObjectIdentifier19 : this.constantExtensions.keySet()) {
                if (hashSet.remove(aSN1ObjectIdentifier19) && (extensionValue = this.constantExtensions.get(aSN1ObjectIdentifier19)) != null) {
                    extensionValues.addExtension(aSN1ObjectIdentifier19, extensionValue);
                }
            }
        }
        ExtensionValues extraExtensions = getExtraExtensions(map, x500Name, x500Name2, extensions, date, date2, publicCaInfo);
        if (extraExtensions != null) {
            for (ASN1ObjectIdentifier aSN1ObjectIdentifier20 : extraExtensions.getExtensionTypes()) {
                extensionValues.addExtension(aSN1ObjectIdentifier20, extraExtensions.getExtensionValue(aSN1ObjectIdentifier20));
            }
        }
        return extensionValues;
    }

    protected ExtensionValues getExtraExtensions(Map<ASN1ObjectIdentifier, ExtensionControl> map, X500Name x500Name, X500Name x500Name2, Extensions extensions, Date date, Date date2, PublicCaInfo publicCaInfo) throws CertprofileException, BadCertTemplateException {
        return null;
    }

    /* JADX WARN: Removed duplicated region for block: B:33:0x00b6  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private org.bouncycastle.asn1.x509.GeneralNames createRequestedSubjectAltNames(org.bouncycastle.asn1.x500.X500Name r7, org.bouncycastle.asn1.x500.X500Name r8, org.bouncycastle.asn1.x509.Extensions r9) throws org.xipki.ca.api.BadCertTemplateException {
        /*
            Method dump skipped, instructions count: 396
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.xipki.ca.certprofile.xml.XmlCertprofile.createRequestedSubjectAltNames(org.bouncycastle.asn1.x500.X500Name, org.bouncycastle.asn1.x500.X500Name, org.bouncycastle.asn1.x509.Extensions):org.bouncycastle.asn1.x509.GeneralNames");
    }

    public Set<KeyUsageControl> getKeyUsage() {
        return this.keyusages;
    }

    public Set<ExtKeyUsageControl> getExtendedKeyUsages() {
        return this.extendedKeyusages;
    }

    public CertLevel getCertLevel() {
        return this.certLevel;
    }

    public KeypairGenControl getKeypairGenControl() {
        return this.keypairGenControl;
    }

    public Integer getPathLenBasicConstraint() {
        return this.pathLen;
    }

    public AuthorityInfoAccessControl getAiaControl() {
        return this.aiaControl;
    }

    public Map<ASN1ObjectIdentifier, ExtensionControl> getExtensionControls() {
        return this.extensionControls;
    }

    public boolean isOnlyForRa() {
        return this.raOnly;
    }

    public int getMaxCertSize() {
        return this.maxSize == null ? super.getMaxCertSize() : this.maxSize.intValue();
    }

    public boolean includesIssuerAndSerialInAki() {
        return this.includeIssuerAndSerialInAki;
    }

    public SubjectControl getSubjectControl() {
        return this.subjectControl;
    }

    public NotBeforeOption getNotBeforeOption() {
        return this.notBeforeOption;
    }

    public Date getNotBefore(Date date) {
        return this.notBeforeOption.getNotBefore(date);
    }

    public boolean isSerialNumberInReqPermitted() {
        return this.serialNumberInReqPermitted;
    }

    public Map<ASN1ObjectIdentifier, KeyParametersOption> getKeyAlgorithms() {
        return this.keyAlgorithms;
    }

    public Map<ASN1ObjectIdentifier, Set<GeneralNameMode>> getSubjectInfoAccessModes() {
        return this.subjectInfoAccessModes;
    }

    public X509CertVersion getVersion() {
        return this.version;
    }

    public List<String> getSignatureAlgorithms() {
        return this.signatureAlgorithms;
    }

    public boolean incSerialNumberIfSubjectExists() {
        return this.incSerialNoIfSubjectExists;
    }

    public ExtensionValue getAdditionalInformation() {
        return this.additionalInformation;
    }

    public AdmissionSyntaxOption getAdmission() {
        return this.admission;
    }

    public Map<ASN1ObjectIdentifier, GeneralNameTag> getSubjectToSubjectAltNameModes() {
        return this.subjectToSubjectAltNameModes;
    }

    public Set<GeneralNameMode> getSubjectAltNameModes() {
        return this.subjectAltNameModes;
    }

    public ExtensionValue getAuthorizationTemplate() {
        return this.authorizationTemplate;
    }

    public BiometricInfoOption getBiometricInfo() {
        return this.biometricInfo;
    }

    public ExtensionValue getCertificatePolicies() {
        return this.certificatePolicies;
    }

    public Map<ASN1ObjectIdentifier, ExtensionValue> getConstantExtensions() {
        return this.constantExtensions;
    }

    public Set<ExtKeyUsageControl> getExtendedKeyusages() {
        return this.extendedKeyusages;
    }

    public boolean isIncludeIssuerAndSerialInAki() {
        return this.includeIssuerAndSerialInAki;
    }

    public boolean isIncSerialNoIfSubjectExists() {
        return this.incSerialNoIfSubjectExists;
    }

    public ExtensionValue getInhibitAnyPolicy() {
        return this.inhibitAnyPolicy;
    }

    public Set<KeyUsageControl> getKeyusages() {
        return this.keyusages;
    }

    public Integer getMaxSize() {
        return this.maxSize;
    }

    public ExtensionValue getNameConstraints() {
        return this.nameConstraints;
    }

    public Integer getPathLen() {
        return this.pathLen;
    }

    public ExtensionValue getPolicyConstraints() {
        return this.policyConstraints;
    }

    public ExtensionValue getPolicyMappings() {
        return this.policyMappings;
    }

    public CertValidity getPrivateKeyUsagePeriod() {
        return this.privateKeyUsagePeriod;
    }

    public ExtensionValue getQcStatments() {
        return this.qcStatments;
    }

    public List<QcStatementOption> getQcStatementsOption() {
        return this.qcStatementsOption;
    }

    public boolean isRaOnly() {
        return this.raOnly;
    }

    public ExtensionValue getRestriction() {
        return this.restriction;
    }

    public ExtensionValue getSmimeCapabilities() {
        return this.smimeCapabilities;
    }

    public ExtensionValue getTlsFeature() {
        return this.tlsFeature;
    }

    public ExtensionValue getValidityModel() {
        return this.validityModel;
    }

    public SubjectDirectoryAttributesControl getSubjectDirAttrsControl() {
        return this.subjectDirAttrsControl;
    }

    private static Object getExtensionValue(ASN1ObjectIdentifier aSN1ObjectIdentifier, ExtensionsType extensionsType, Class<?> cls) throws CertprofileException {
        for (ExtensionType extensionType : extensionsType.getExtension()) {
            if (extensionType.getType().getValue().equals(aSN1ObjectIdentifier.getId())) {
                if (extensionType.getValue() == null || extensionType.getValue().getAny() == null) {
                    return null;
                }
                Object any = extensionType.getValue().getAny();
                if (cls.isAssignableFrom(any.getClass())) {
                    return any;
                }
                if (ConstantExtValue.class.isAssignableFrom(any.getClass())) {
                    return null;
                }
                throw new CertprofileException("the extension configuration for " + ObjectIdentifiers.oidToDisplayName(aSN1ObjectIdentifier) + " is not of the expected type " + cls.getName() + ", but " + any.getClass().getName());
            }
        }
        throw new RuntimeException("should not reach here: undefined extension " + ObjectIdentifiers.oidToDisplayName(aSN1ObjectIdentifier));
    }

    private static ASN1Encodable readAsn1Encodable(byte[] bArr) throws CertprofileException {
        try {
            return new ASN1StreamParser(bArr).readObject();
        } catch (IOException e) {
            throw new CertprofileException("could not parse the constant extension value", e);
        }
    }
}
