package org.xipki.ca.certprofile.xml;

import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import javax.xml.validation.SchemaFactory;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1StreamParser;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.isismtt.x509.NamingAuthority;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.DirectoryString;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.CertPolicyId;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralSubtree;
import org.bouncycastle.asn1.x509.NameConstraints;
import org.bouncycastle.asn1.x509.NoticeReference;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.PolicyMappings;
import org.bouncycastle.asn1.x509.PolicyQualifierInfo;
import org.bouncycastle.asn1.x509.UserNotice;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.ca.api.profile.CertprofileException;
import org.xipki.ca.api.profile.ExtKeyUsageControl;
import org.xipki.ca.api.profile.ExtensionControl;
import org.xipki.ca.api.profile.ExtensionValue;
import org.xipki.ca.api.profile.GeneralNameMode;
import org.xipki.ca.api.profile.GeneralNameTag;
import org.xipki.ca.api.profile.KeyParametersOption;
import org.xipki.ca.api.profile.KeyUsageControl;
import org.xipki.ca.api.profile.Range;
import org.xipki.ca.api.profile.StringType;
import org.xipki.ca.certprofile.xml.commonpki.AdmissionSyntaxOption;
import org.xipki.ca.certprofile.xml.commonpki.AdmissionsOption;
import org.xipki.ca.certprofile.xml.commonpki.ProfessionInfoOption;
import org.xipki.ca.certprofile.xml.commonpki.RegistrationNumberOption;
import org.xipki.ca.certprofile.xml.jaxb.AdmissionSyntax;
import org.xipki.ca.certprofile.xml.jaxb.AdmissionsType;
import org.xipki.ca.certprofile.xml.jaxb.AlgorithmType;
import org.xipki.ca.certprofile.xml.jaxb.CertificatePolicies;
import org.xipki.ca.certprofile.xml.jaxb.CertificatePolicyInformationType;
import org.xipki.ca.certprofile.xml.jaxb.ConstantExtValue;
import org.xipki.ca.certprofile.xml.jaxb.DhParameters;
import org.xipki.ca.certprofile.xml.jaxb.DsaParameters;
import org.xipki.ca.certprofile.xml.jaxb.EcParameters;
import org.xipki.ca.certprofile.xml.jaxb.ExtendedKeyUsage;
import org.xipki.ca.certprofile.xml.jaxb.ExtensionType;
import org.xipki.ca.certprofile.xml.jaxb.ExtensionsType;
import org.xipki.ca.certprofile.xml.jaxb.GeneralNameType;
import org.xipki.ca.certprofile.xml.jaxb.GeneralSubtreeBaseType;
import org.xipki.ca.certprofile.xml.jaxb.GeneralSubtreesType;
import org.xipki.ca.certprofile.xml.jaxb.GostParameters;
import org.xipki.ca.certprofile.xml.jaxb.KeyUsage;
import org.xipki.ca.certprofile.xml.jaxb.NamingAuthorityType;
import org.xipki.ca.certprofile.xml.jaxb.ObjectFactory;
import org.xipki.ca.certprofile.xml.jaxb.OidWithDescType;
import org.xipki.ca.certprofile.xml.jaxb.PolicyConstraints;
import org.xipki.ca.certprofile.xml.jaxb.PolicyIdMappingType;
import org.xipki.ca.certprofile.xml.jaxb.ProfessionInfoType;
import org.xipki.ca.certprofile.xml.jaxb.RangeType;
import org.xipki.ca.certprofile.xml.jaxb.RangesType;
import org.xipki.ca.certprofile.xml.jaxb.RsaParameters;
import org.xipki.ca.certprofile.xml.jaxb.RsapssParameters;
import org.xipki.ca.certprofile.xml.jaxb.UsageType;
import org.xipki.ca.certprofile.xml.jaxb.X509ProfileType;
import org.xipki.security.util.X509Util;
import org.xipki.util.CollectionUtil;
import org.xipki.util.ParamUtil;
import org.xipki.util.StringUtil;
import org.xipki.util.XmlUtil;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/xipki/ca/certprofile/xml/XmlCertprofileUtil.class */
public class XmlCertprofileUtil {
    private static final Logger LOG = LoggerFactory.getLogger(XmlCertprofileUtil.class);
    private static final Object JAXB_LOCK = new Object();
    private static Unmarshaller jaxbUnmarshaller;

    private XmlCertprofileUtil() {
    }

    public static X509ProfileType parse(InputStream inputStream) throws CertprofileException {
        X509ProfileType x509ProfileType;
        ParamUtil.requireNonNull("xmlConfStream", inputStream);
        synchronized (JAXB_LOCK) {
            try {
                if (jaxbUnmarshaller == null) {
                    jaxbUnmarshaller = JAXBContext.newInstance(new Class[]{ObjectFactory.class}).createUnmarshaller();
                    jaxbUnmarshaller.setSchema(SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema").newSchema(XmlCertprofileUtil.class.getResource("/xsd/certprofile.xsd")));
                }
                JAXBElement jAXBElement = (JAXBElement) jaxbUnmarshaller.unmarshal(inputStream);
                try {
                    inputStream.close();
                } catch (IOException e) {
                    LOG.warn("could not close xmlConfStream: {}", e.getMessage());
                }
                if (!(jAXBElement.getValue() instanceof X509ProfileType)) {
                    throw new CertprofileException("invalid root element type");
                }
                x509ProfileType = (X509ProfileType) jAXBElement.getValue();
            } catch (JAXBException e2) {
                throw new CertprofileException("parse profile failed, message: " + XmlUtil.getMessage(e2), e2);
            } catch (SAXException e3) {
                throw new CertprofileException("parse profile failed, message: " + e3.getMessage(), e3);
            }
        }
        return x509ProfileType;
    }

    public static List<CertificatePolicyInformation> buildCertificatePolicies(CertificatePolicies certificatePolicies) {
        List<CertificatePolicyInformationType> certificatePolicyInformation = certificatePolicies.getCertificatePolicyInformation();
        ArrayList arrayList = new ArrayList(certificatePolicyInformation.size());
        for (CertificatePolicyInformationType certificatePolicyInformationType : certificatePolicyInformation) {
            ArrayList arrayList2 = null;
            CertificatePolicyInformationType.PolicyQualifiers policyQualifiers = certificatePolicyInformationType.getPolicyQualifiers();
            if (policyQualifiers != null) {
                List<JAXBElement<String>> cpsUriOrUserNotice = policyQualifiers.getCpsUriOrUserNotice();
                arrayList2 = new ArrayList(cpsUriOrUserNotice.size());
                for (JAXBElement<String> jAXBElement : cpsUriOrUserNotice) {
                    String str = (String) jAXBElement.getValue();
                    arrayList2.add("cpsUri".equals(jAXBElement.getName().getLocalPart()) ? CertificatePolicyQualifier.getInstanceForCpsUri(str) : CertificatePolicyQualifier.getInstanceForUserNotice(str));
                }
            }
            arrayList.add(new CertificatePolicyInformation(certificatePolicyInformationType.getPolicyIdentifier().getValue(), arrayList2));
        }
        return arrayList;
    }

    public static PolicyMappings buildPolicyMappings(org.xipki.ca.certprofile.xml.jaxb.PolicyMappings policyMappings) {
        ParamUtil.requireNonNull("type", policyMappings);
        List<PolicyIdMappingType> mapping = policyMappings.getMapping();
        int size = mapping.size();
        CertPolicyId[] certPolicyIdArr = new CertPolicyId[size];
        CertPolicyId[] certPolicyIdArr2 = new CertPolicyId[size];
        for (int i = 0; i < size; i++) {
            PolicyIdMappingType policyIdMappingType = mapping.get(i);
            certPolicyIdArr[i] = CertPolicyId.getInstance(new ASN1ObjectIdentifier(policyIdMappingType.getIssuerDomainPolicy().getValue()));
            certPolicyIdArr2[i] = CertPolicyId.getInstance(new ASN1ObjectIdentifier(policyIdMappingType.getSubjectDomainPolicy().getValue()));
        }
        return new PolicyMappings(certPolicyIdArr, certPolicyIdArr2);
    }

    public static NameConstraints buildNameConstrains(org.xipki.ca.certprofile.xml.jaxb.NameConstraints nameConstraints) throws CertprofileException {
        ParamUtil.requireNonNull("type", nameConstraints);
        GeneralSubtree[] buildGeneralSubtrees = buildGeneralSubtrees(nameConstraints.getPermittedSubtrees());
        GeneralSubtree[] buildGeneralSubtrees2 = buildGeneralSubtrees(nameConstraints.getExcludedSubtrees());
        if (buildGeneralSubtrees == null && buildGeneralSubtrees2 == null) {
            return null;
        }
        return new NameConstraints(buildGeneralSubtrees, buildGeneralSubtrees2);
    }

    private static GeneralSubtree[] buildGeneralSubtrees(GeneralSubtreesType generalSubtreesType) throws CertprofileException {
        if (generalSubtreesType == null || CollectionUtil.isEmpty(generalSubtreesType.getBase())) {
            return null;
        }
        List<GeneralSubtreeBaseType> base = generalSubtreesType.getBase();
        int size = base.size();
        GeneralSubtree[] generalSubtreeArr = new GeneralSubtree[size];
        for (int i = 0; i < size; i++) {
            generalSubtreeArr[i] = buildGeneralSubtree(base.get(i));
        }
        return generalSubtreeArr;
    }

    private static GeneralSubtree buildGeneralSubtree(GeneralSubtreeBaseType generalSubtreeBaseType) throws CertprofileException {
        GeneralName generalName;
        ParamUtil.requireNonNull("type", generalSubtreeBaseType);
        if (generalSubtreeBaseType.getDirectoryName() != null) {
            generalName = new GeneralName(X509Util.reverse(new X500Name(generalSubtreeBaseType.getDirectoryName())));
        } else if (generalSubtreeBaseType.getDnsName() != null) {
            generalName = new GeneralName(2, generalSubtreeBaseType.getDnsName());
        } else if (generalSubtreeBaseType.getIpAddress() != null) {
            generalName = new GeneralName(7, generalSubtreeBaseType.getIpAddress());
        } else if (generalSubtreeBaseType.getRfc822Name() != null) {
            generalName = new GeneralName(1, generalSubtreeBaseType.getRfc822Name());
        } else {
            if (generalSubtreeBaseType.getUri() == null) {
                throw new RuntimeException("should not reach here, unknown child of GeneralSubtreeBaseType");
            }
            generalName = new GeneralName(6, generalSubtreeBaseType.getUri());
        }
        Integer minimum = generalSubtreeBaseType.getMinimum();
        if (minimum != null && minimum.intValue() < 0) {
            throw new CertprofileException("negative minimum is not allowed: " + minimum);
        }
        BigInteger valueOf = minimum == null ? null : BigInteger.valueOf(minimum.intValue());
        Integer maximum = generalSubtreeBaseType.getMaximum();
        if (maximum == null || maximum.intValue() >= 0) {
            return new GeneralSubtree(generalName, valueOf, maximum == null ? null : BigInteger.valueOf(maximum.intValue()));
        }
        throw new CertprofileException("negative maximum is not allowed: " + maximum);
    }

    public static ASN1Sequence buildPolicyConstrains(PolicyConstraints policyConstraints) throws CertprofileException {
        ParamUtil.requireNonNull("type", policyConstraints);
        Integer requireExplicitPolicy = policyConstraints.getRequireExplicitPolicy();
        if (requireExplicitPolicy != null && requireExplicitPolicy.intValue() < 0) {
            throw new CertprofileException("negative requireExplicitPolicy is not allowed: " + requireExplicitPolicy);
        }
        Integer inhibitPolicyMapping = policyConstraints.getInhibitPolicyMapping();
        if (inhibitPolicyMapping != null && inhibitPolicyMapping.intValue() < 0) {
            throw new CertprofileException("negative inhibitPolicyMapping is not allowed: " + inhibitPolicyMapping);
        }
        if (requireExplicitPolicy == null && inhibitPolicyMapping == null) {
            return null;
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        if (requireExplicitPolicy != null) {
            aSN1EncodableVector.add(new DERTaggedObject(false, 0, new ASN1Integer(BigInteger.valueOf(requireExplicitPolicy.intValue()))));
        }
        if (inhibitPolicyMapping != null) {
            aSN1EncodableVector.add(new DERTaggedObject(false, 1, new ASN1Integer(BigInteger.valueOf(inhibitPolicyMapping.intValue()))));
        }
        return new DERSequence(aSN1EncodableVector);
    }

    public static Set<GeneralNameMode> buildGeneralNameMode(GeneralNameType generalNameType) throws CertprofileException {
        ParamUtil.requireNonNull("name", generalNameType);
        HashSet hashSet = new HashSet();
        if (generalNameType.getOtherName() != null) {
            List<OidWithDescType> type = generalNameType.getOtherName().getType();
            HashSet hashSet2 = new HashSet();
            Iterator<OidWithDescType> it = type.iterator();
            while (it.hasNext()) {
                hashSet2.add(new ASN1ObjectIdentifier(it.next().getValue()));
            }
            hashSet.add(new GeneralNameMode(GeneralNameTag.otherName, hashSet2));
        }
        if (generalNameType.getRfc822Name() != null) {
            hashSet.add(new GeneralNameMode(GeneralNameTag.rfc822Name));
        }
        if (generalNameType.getDnsName() != null) {
            hashSet.add(new GeneralNameMode(GeneralNameTag.dNSName));
        }
        if (generalNameType.getDirectoryName() != null) {
            hashSet.add(new GeneralNameMode(GeneralNameTag.directoryName));
        }
        if (generalNameType.getEdiPartyName() != null) {
            hashSet.add(new GeneralNameMode(GeneralNameTag.ediPartyName));
        }
        if (generalNameType.getUri() != null) {
            hashSet.add(new GeneralNameMode(GeneralNameTag.uniformResourceIdentifier));
        }
        if (generalNameType.getIpAddress() != null) {
            hashSet.add(new GeneralNameMode(GeneralNameTag.iPAddress));
        }
        if (generalNameType.getRegisteredId() != null) {
            hashSet.add(new GeneralNameMode(GeneralNameTag.registeredID));
        }
        if (hashSet.isEmpty()) {
            throw new CertprofileException("GeneralNameType must not be empty");
        }
        return hashSet;
    }

    private static Set<Range> buildParametersMap(RangesType rangesType) {
        if (rangesType == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        for (RangeType rangeType : rangesType.getRange()) {
            if (rangeType.getMin() != null || rangeType.getMax() != null) {
                hashSet.add(new Range(rangeType.getMin(), rangeType.getMax()));
            }
        }
        return hashSet;
    }

    public static Map<ASN1ObjectIdentifier, KeyParametersOption> buildKeyAlgorithms(X509ProfileType.KeyAlgorithms keyAlgorithms) throws CertprofileException {
        ParamUtil.requireNonNull("keyAlgos", keyAlgorithms);
        HashMap hashMap = new HashMap();
        for (AlgorithmType algorithmType : keyAlgorithms.getAlgorithm()) {
            List<OidWithDescType> algorithm = algorithmType.getAlgorithm();
            ArrayList arrayList = new ArrayList(algorithm.size());
            Iterator<OidWithDescType> it = algorithm.iterator();
            while (it.hasNext()) {
                ASN1ObjectIdentifier aSN1ObjectIdentifier = new ASN1ObjectIdentifier(it.next().getValue());
                if (hashMap.containsKey(aSN1ObjectIdentifier)) {
                    throw new CertprofileException("duplicate definition of keyAlgorithm " + aSN1ObjectIdentifier.getId());
                }
                arrayList.add(aSN1ObjectIdentifier);
            }
            KeyParametersOption convertKeyParametersOption = convertKeyParametersOption(algorithmType);
            Iterator it2 = arrayList.iterator();
            while (it2.hasNext()) {
                hashMap.put((ASN1ObjectIdentifier) it2.next(), convertKeyParametersOption);
            }
        }
        return CollectionUtil.unmodifiableMap(hashMap);
    }

    public static Map<ASN1ObjectIdentifier, ExtensionControl> buildExtensionControls(ExtensionsType extensionsType) throws CertprofileException {
        ParamUtil.requireNonNull("extensionsType", extensionsType);
        HashMap hashMap = new HashMap();
        for (ExtensionType extensionType : extensionsType.getExtension()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = new ASN1ObjectIdentifier(extensionType.getType().getValue());
            if (hashMap.containsKey(aSN1ObjectIdentifier)) {
                throw new CertprofileException("duplicated definition of extension " + aSN1ObjectIdentifier.getId());
            }
            hashMap.put(aSN1ObjectIdentifier, new ExtensionControl(extensionType.isCritical(), extensionType.isRequired(), extensionType.isPermittedInRequest()));
        }
        return Collections.unmodifiableMap(hashMap);
    }

    public static List<ASN1ObjectIdentifier> toOidList(List<OidWithDescType> list) {
        if (CollectionUtil.isEmpty(list)) {
            return null;
        }
        LinkedList linkedList = new LinkedList();
        Iterator<OidWithDescType> it = list.iterator();
        while (it.hasNext()) {
            linkedList.add(new ASN1ObjectIdentifier(it.next().getValue()));
        }
        return Collections.unmodifiableList(linkedList);
    }

    public static Set<KeyUsageControl> buildKeyUsageOptions(KeyUsage keyUsage) {
        ParamUtil.requireNonNull("extConf", keyUsage);
        List<UsageType> usage = keyUsage.getUsage();
        HashSet hashSet = new HashSet();
        for (UsageType usageType : usage) {
            boolean isRequired = usageType.isRequired();
            switch (usageType.getValue()) {
                case CRL_SIGN:
                    hashSet.add(new KeyUsageControl(org.xipki.security.KeyUsage.cRLSign, isRequired));
                    break;
                case DATA_ENCIPHERMENT:
                    hashSet.add(new KeyUsageControl(org.xipki.security.KeyUsage.dataEncipherment, isRequired));
                    break;
                case CONTENT_COMMITMENT:
                    hashSet.add(new KeyUsageControl(org.xipki.security.KeyUsage.contentCommitment, isRequired));
                    break;
                case DECIPHER_ONLY:
                    hashSet.add(new KeyUsageControl(org.xipki.security.KeyUsage.decipherOnly, isRequired));
                    break;
                case ENCIPHER_ONLY:
                    hashSet.add(new KeyUsageControl(org.xipki.security.KeyUsage.encipherOnly, isRequired));
                    break;
                case DIGITAL_SIGNATURE:
                    hashSet.add(new KeyUsageControl(org.xipki.security.KeyUsage.digitalSignature, isRequired));
                    break;
                case KEY_AGREEMENT:
                    hashSet.add(new KeyUsageControl(org.xipki.security.KeyUsage.keyAgreement, isRequired));
                    break;
                case KEY_CERT_SIGN:
                    hashSet.add(new KeyUsageControl(org.xipki.security.KeyUsage.keyCertSign, isRequired));
                    break;
                case KEY_ENCIPHERMENT:
                    hashSet.add(new KeyUsageControl(org.xipki.security.KeyUsage.keyEncipherment, isRequired));
                    break;
                default:
                    throw new RuntimeException("should not reach here, unknown GeneralSubtreeBaseType " + usageType.getValue());
            }
        }
        return Collections.unmodifiableSet(hashSet);
    }

    public static Set<ExtKeyUsageControl> buildExtKeyUsageOptions(ExtendedKeyUsage extendedKeyUsage) {
        ParamUtil.requireNonNull("extConf", extendedKeyUsage);
        List<ExtendedKeyUsage.Usage> usage = extendedKeyUsage.getUsage();
        HashSet hashSet = new HashSet();
        for (ExtendedKeyUsage.Usage usage2 : usage) {
            hashSet.add(new ExtKeyUsageControl(new ASN1ObjectIdentifier(usage2.getValue()), usage2.isRequired()));
        }
        return Collections.unmodifiableSet(hashSet);
    }

    public static Map<ASN1ObjectIdentifier, ExtensionValue> buildConstantExtesions(ExtensionsType extensionsType) throws CertprofileException {
        if (extensionsType == null) {
            return null;
        }
        HashMap hashMap = new HashMap();
        for (ExtensionType extensionType : extensionsType.getExtension()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = new ASN1ObjectIdentifier(extensionType.getType().getValue());
            if (!Extension.subjectAlternativeName.equals(aSN1ObjectIdentifier) && !Extension.subjectInfoAccess.equals(aSN1ObjectIdentifier) && !Extension.biometricInfo.equals(aSN1ObjectIdentifier) && extensionType.getValue() != null && (extensionType.getValue().getAny() instanceof ConstantExtValue)) {
                try {
                    hashMap.put(aSN1ObjectIdentifier, new ExtensionValue(extensionType.isCritical(), new ASN1StreamParser(((ConstantExtValue) extensionType.getValue().getAny()).getValue()).readObject()));
                } catch (IOException e) {
                    throw new CertprofileException("could not parse the constant extension value", e);
                }
            }
        }
        if (CollectionUtil.isEmpty(hashMap)) {
            return null;
        }
        return Collections.unmodifiableMap(hashMap);
    }

    public static Set<ASN1ObjectIdentifier> toOidSet(List<OidWithDescType> list) {
        if (CollectionUtil.isEmpty(list)) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Iterator<OidWithDescType> it = list.iterator();
        while (it.hasNext()) {
            hashSet.add(new ASN1ObjectIdentifier(it.next().getValue()));
        }
        return Collections.unmodifiableSet(hashSet);
    }

    public static AdmissionSyntaxOption buildAdmissionSyntax(boolean z, AdmissionSyntax admissionSyntax) throws CertprofileException {
        LinkedList linkedList = new LinkedList();
        for (AdmissionsType admissionsType : admissionSyntax.getContentsOfAdmissions()) {
            LinkedList linkedList2 = new LinkedList();
            for (ProfessionInfoType professionInfoType : admissionsType.getProfessionInfo()) {
                NamingAuthority buildNamingAuthority = professionInfoType.getNamingAuthority() != null ? buildNamingAuthority(professionInfoType.getNamingAuthority()) : null;
                List<OidWithDescType> professionOid = professionInfoType.getProfessionOid();
                LinkedList linkedList3 = null;
                if (CollectionUtil.isNonEmpty(professionOid)) {
                    linkedList3 = new LinkedList();
                    Iterator<OidWithDescType> it = professionOid.iterator();
                    while (it.hasNext()) {
                        linkedList3.add(new ASN1ObjectIdentifier(it.next().getValue()));
                    }
                }
                ProfessionInfoType.RegistrationNumber registrationNumber = professionInfoType.getRegistrationNumber();
                linkedList2.add(new ProfessionInfoOption(buildNamingAuthority, professionInfoType.getProfessionItem(), linkedList3, registrationNumber == null ? null : new RegistrationNumberOption(registrationNumber.getRegex(), registrationNumber.getConstant()), professionInfoType.getAddProfessionInfo()));
            }
            GeneralName generalName = admissionsType.getNamingAuthority() != null ? GeneralName.getInstance(asn1PrimitivefromByteArray(admissionsType.getAdmissionAuthority())) : null;
            NamingAuthority namingAuthority = null;
            if (admissionsType.getNamingAuthority() != null) {
                namingAuthority = buildNamingAuthority(admissionsType.getNamingAuthority());
            }
            linkedList.add(new AdmissionsOption(generalName, namingAuthority, linkedList2));
        }
        return new AdmissionSyntaxOption(z, admissionSyntax.getAdmissionAuthority() != null ? GeneralName.getInstance(admissionSyntax.getAdmissionAuthority()) : null, linkedList);
    }

    private static ASN1Primitive asn1PrimitivefromByteArray(byte[] bArr) throws CertprofileException {
        try {
            return ASN1Primitive.fromByteArray(bArr);
        } catch (IOException e) {
            throw new CertprofileException(e.getMessage(), e);
        }
    }

    private static KeyParametersOption convertKeyParametersOption(AlgorithmType algorithmType) throws CertprofileException {
        ParamUtil.requireNonNull("type", algorithmType);
        if (algorithmType.getParameters() == null || algorithmType.getParameters().getAny() == null) {
            return KeyParametersOption.ALLOW_ALL;
        }
        Object any = algorithmType.getParameters().getAny();
        if (any instanceof EcParameters) {
            EcParameters ecParameters = (EcParameters) any;
            KeyParametersOption.ECParamatersOption eCParamatersOption = new KeyParametersOption.ECParamatersOption();
            if (ecParameters.getCurves() != null) {
                eCParamatersOption.setCurveOids(toOidSet(ecParameters.getCurves().getCurve()));
            }
            if (ecParameters.getPointEncodings() != null) {
                eCParamatersOption.setPointEncodings(new HashSet(ecParameters.getPointEncodings().getPointEncoding()));
            }
            return eCParamatersOption;
        }
        if (any instanceof RsaParameters) {
            RsaParameters rsaParameters = (RsaParameters) any;
            KeyParametersOption.RSAParametersOption rSAParametersOption = new KeyParametersOption.RSAParametersOption();
            rSAParametersOption.setModulusLengths(buildParametersMap(rsaParameters.getModulusLength()));
            return rSAParametersOption;
        }
        if (any instanceof RsapssParameters) {
            RsapssParameters rsapssParameters = (RsapssParameters) any;
            KeyParametersOption.RSAPSSParametersOption rSAPSSParametersOption = new KeyParametersOption.RSAPSSParametersOption();
            rSAPSSParametersOption.setModulusLengths(buildParametersMap(rsapssParameters.getModulusLength()));
            return rSAPSSParametersOption;
        }
        if (any instanceof DsaParameters) {
            DsaParameters dsaParameters = (DsaParameters) any;
            KeyParametersOption.DSAParametersOption dSAParametersOption = new KeyParametersOption.DSAParametersOption();
            dSAParametersOption.setPlengths(buildParametersMap(dsaParameters.getPLength()));
            dSAParametersOption.setQlengths(buildParametersMap(dsaParameters.getQLength()));
            return dSAParametersOption;
        }
        if (any instanceof DhParameters) {
            DhParameters dhParameters = (DhParameters) any;
            KeyParametersOption.DHParametersOption dHParametersOption = new KeyParametersOption.DHParametersOption();
            dHParametersOption.setPlengths(buildParametersMap(dhParameters.getPLength()));
            dHParametersOption.setQlengths(buildParametersMap(dhParameters.getQLength()));
            return dHParametersOption;
        }
        if (!(any instanceof GostParameters)) {
            throw new CertprofileException("unknown public key parameters type " + any.getClass().getName());
        }
        GostParameters gostParameters = (GostParameters) any;
        KeyParametersOption.GostParametersOption gostParametersOption = new KeyParametersOption.GostParametersOption();
        gostParametersOption.setPublicKeyParamSets(toOidSet(gostParameters.getPublicKeyParamSet()));
        gostParametersOption.setDigestParamSets(toOidSet(gostParameters.getDigestParamSet()));
        gostParametersOption.setEncryptionParamSets(toOidSet(gostParameters.getEncryptionParamSet()));
        return gostParametersOption;
    }

    public static final DirectoryStringType convertDirectoryStringType(org.xipki.ca.certprofile.xml.jaxb.DirectoryStringType directoryStringType) {
        if (directoryStringType == null) {
            return null;
        }
        switch (directoryStringType) {
            case BMP_STRING:
                return DirectoryStringType.bmpString;
            case PRINTABLE_STRING:
                return DirectoryStringType.printableString;
            case TELETEX_STRING:
                return DirectoryStringType.teletexString;
            case UTF_8_STRING:
                return DirectoryStringType.utf8String;
            default:
                throw new RuntimeException("should not reach here, undefined DirectoryStringType " + directoryStringType);
        }
    }

    public static final StringType convertStringType(org.xipki.ca.certprofile.xml.jaxb.StringType stringType) {
        if (stringType == null) {
            return null;
        }
        switch (stringType) {
            case BMP_STRING:
                return StringType.bmpString;
            case PRINTABLE_STRING:
                return StringType.printableString;
            case TELETEX_STRING:
                return StringType.teletexString;
            case UTF_8_STRING:
                return StringType.utf8String;
            case IA_5_STRING:
                return StringType.ia5String;
            default:
                throw new RuntimeException("should not reach here, undefined StringType " + stringType);
        }
    }

    public static org.bouncycastle.asn1.x509.CertificatePolicies createCertificatePolicies(List<CertificatePolicyInformation> list) throws CertprofileException {
        ParamUtil.requireNonEmpty("policyInfos", list);
        PolicyInformation[] policyInformationArr = new PolicyInformation[list.size()];
        int i = 0;
        for (CertificatePolicyInformation certificatePolicyInformation : list) {
            String certPolicyId = certificatePolicyInformation.getCertPolicyId();
            List<CertificatePolicyQualifier> qualifiers = certificatePolicyInformation.getQualifiers();
            ASN1Sequence createPolicyQualifiers = CollectionUtil.isNonEmpty(qualifiers) ? createPolicyQualifiers(qualifiers) : null;
            ASN1ObjectIdentifier aSN1ObjectIdentifier = new ASN1ObjectIdentifier(certPolicyId);
            int i2 = i;
            i++;
            policyInformationArr[i2] = createPolicyQualifiers == null ? new PolicyInformation(aSN1ObjectIdentifier) : new PolicyInformation(aSN1ObjectIdentifier, createPolicyQualifiers);
        }
        return new org.bouncycastle.asn1.x509.CertificatePolicies(policyInformationArr);
    }

    private static ASN1Sequence createPolicyQualifiers(List<CertificatePolicyQualifier> list) {
        PolicyQualifierInfo policyQualifierInfo;
        ParamUtil.requireNonNull("qualifiers", list);
        ArrayList arrayList = new ArrayList(list.size());
        for (CertificatePolicyQualifier certificatePolicyQualifier : list) {
            if (certificatePolicyQualifier.getCpsUri() != null) {
                policyQualifierInfo = new PolicyQualifierInfo(certificatePolicyQualifier.getCpsUri());
            } else if (certificatePolicyQualifier.getUserNotice() != null) {
                policyQualifierInfo = new PolicyQualifierInfo(PKCSObjectIdentifiers.id_spq_ets_unotice, new UserNotice((NoticeReference) null, certificatePolicyQualifier.getUserNotice()));
            } else {
                policyQualifierInfo = null;
            }
            if (policyQualifierInfo != null) {
                arrayList.add(policyQualifierInfo);
            }
        }
        return new DERSequence((ASN1Encodable[]) arrayList.toArray(new PolicyQualifierInfo[0]));
    }

    private static NamingAuthority buildNamingAuthority(NamingAuthorityType namingAuthorityType) {
        return new NamingAuthority(namingAuthorityType.getOid() == null ? null : new ASN1ObjectIdentifier(namingAuthorityType.getOid().getValue()), StringUtil.isBlank(namingAuthorityType.getUrl()) ? null : namingAuthorityType.getUrl(), StringUtil.isBlank(namingAuthorityType.getText()) ? null : new DirectoryString(namingAuthorityType.getText()));
    }
}
