package org.xipki.security.util;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.StringReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.NoSuchProviderException;
import java.security.cert.CRLException;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import org.apache.logging.log4j.core.lookup.StructuredDataLookup;
import org.apache.logging.log4j.core.util.Constants;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.DERUniversalString;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.DirectoryString;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.DSAParameter;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.security.BadInputException;
import org.xipki.security.EdECConstants;
import org.xipki.security.FpIdCalculator;
import org.xipki.security.ObjectIdentifiers;
import org.xipki.security.X509Cert;
import org.xipki.security.XiSecurityException;
import org.xipki.util.Args;
import org.xipki.util.Base64;
import org.xipki.util.CollectionUtil;
import org.xipki.util.CompareUtil;
import org.xipki.util.ConfPairs;
import org.xipki.util.FileOrBinary;
import org.xipki.util.Hex;
import org.xipki.util.IoUtil;
import org.xipki.util.LogUtil;
import org.xipki.util.PemEncoder;
import org.xipki.util.PermissionConstants;
import org.xipki.util.StringUtil;
import org.xipki.util.exception.InvalidConfException;

/* loaded from: input_file:WEB-INF/lib/security-6.3.0.jar:org/xipki/security/util/X509Util.class */
public class X509Util {
    private static final String BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----";
    private static final String END_CERTIFICATE = "-----END CERTIFICATE-----";
    private static CertificateFactory certFact;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) X509Util.class);
    private static final byte[] BEGIN_PEM = StringUtil.toUtf8Bytes("-----BEGIN");
    private static final byte[] END_PEM = StringUtil.toUtf8Bytes("-----END");
    private static final byte[] PEM_SEP = StringUtil.toUtf8Bytes("-----");
    private static final byte[] PEM_PREFIX = StringUtil.toUtf8Bytes("-----BEGIN");
    private static final Object certFactLock = new Object();

    private X509Util() {
    }

    public static String getCommonName(X500Name x500Name) {
        Args.notNull(x500Name, "name");
        RDN[] rDNs = x500Name.getRDNs(ObjectIdentifiers.DN.CN);
        if (rDNs == null || rDNs.length <= 0) {
            return null;
        }
        RDN rdn = rDNs[0];
        AttributeTypeAndValue attributeTypeAndValue = null;
        if (rdn.isMultiValued()) {
            AttributeTypeAndValue[] typesAndValues = rdn.getTypesAndValues();
            int length = typesAndValues.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                AttributeTypeAndValue attributeTypeAndValue2 = typesAndValues[i];
                if (attributeTypeAndValue2.getType().equals(ObjectIdentifiers.DN.CN)) {
                    attributeTypeAndValue = attributeTypeAndValue2;
                    break;
                }
                i++;
            }
        } else {
            attributeTypeAndValue = rdn.getFirst();
        }
        if (attributeTypeAndValue == null) {
            return null;
        }
        return rdnValueToString(attributeTypeAndValue.getValue());
    }

    public static X500Name reverse(X500Name x500Name) {
        RDN[] rDNs = ((X500Name) Args.notNull(x500Name, "name")).getRDNs();
        int length = rDNs.length;
        RDN[] rdnArr = new RDN[length];
        for (int i = 0; i < length; i++) {
            rdnArr[i] = rDNs[(length - 1) - i];
        }
        return new X500Name(rdnArr);
    }

    public static X509Cert parseCert(File file) throws IOException, CertificateException {
        Args.notNull(file, "file");
        InputStream newInputStream = Files.newInputStream(IoUtil.expandFilepath(file).toPath(), new OpenOption[0]);
        try {
            X509Cert parseCert = parseCert(newInputStream);
            if (newInputStream != null) {
                newInputStream.close();
            }
            return parseCert;
        } catch (Throwable th) {
            if (newInputStream != null) {
                try {
                    newInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public static List<X509Cert> parseCerts(byte[] bArr) throws IOException, CertificateException {
        return parseCerts(new ByteArrayInputStream(bArr));
    }

    public static List<X509Cert> parseCerts(InputStream inputStream) throws IOException, CertificateException {
        LinkedList linkedList = new LinkedList();
        PemReader pemReader = new PemReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8));
        while (true) {
            try {
                PemObject readPemObject = pemReader.readPemObject();
                if (readPemObject == null) {
                    pemReader.close();
                    return linkedList;
                }
                if ("CERTIFICATE".equals(readPemObject.getType())) {
                    linkedList.add(parseCert(readPemObject.getContent()));
                }
            } catch (Throwable th) {
                try {
                    pemReader.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
    }

    public static X509Cert parseCert(InputStream inputStream) throws IOException, CertificateException {
        return parseCert(IoUtil.read((InputStream) Args.notNull(inputStream, "certStream")));
    }

    public static X509Cert parseCert(byte[] bArr) throws CertificateEncodingException {
        Args.notNull(bArr, "bytes");
        byte[] bArr2 = null;
        if (CompareUtil.areEqual(bArr, 0, PEM_PREFIX, 0, PEM_PREFIX.length)) {
            try {
                PemReader pemReader = new PemReader(new InputStreamReader(new ByteArrayInputStream(bArr), StandardCharsets.UTF_8));
                while (true) {
                    try {
                        PemObject readPemObject = pemReader.readPemObject();
                        if (readPemObject == null) {
                            break;
                        }
                        if (readPemObject.getType().equalsIgnoreCase("CERTIFICATE")) {
                            bArr2 = readPemObject.getContent();
                            break;
                        }
                    } finally {
                    }
                }
                if (bArr2 == null) {
                    throw new CertificateEncodingException("found no certificate");
                }
                pemReader.close();
            } catch (IOException e) {
                throw new CertificateEncodingException("error while parsing bytes");
            }
        } else {
            bArr2 = bArr;
        }
        try {
            byte[] derEncoded = toDerEncoded(bArr2);
            return new X509Cert(new X509CertificateHolder(derEncoded), derEncoded);
        } catch (IOException e2) {
            throw new CertificateEncodingException("error decoding certificate: " + e2.getMessage(), e2);
        }
    }

    public static CertificationRequest parseCsr(File file) throws IOException {
        InputStream newInputStream = Files.newInputStream(IoUtil.expandFilepath((File) Args.notNull(file, "file")).toPath(), new OpenOption[0]);
        try {
            CertificationRequest parseCsr = parseCsr(newInputStream);
            if (newInputStream != null) {
                newInputStream.close();
            }
            return parseCsr;
        } catch (Throwable th) {
            if (newInputStream != null) {
                try {
                    newInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static CertificationRequest parseCsr(InputStream inputStream) throws IOException {
        return parseCsr(IoUtil.read((InputStream) Args.notNull(inputStream, "csrStream")));
    }

    public static CertificationRequest parseCsr(byte[] bArr) {
        return CertificationRequest.getInstance(toDerEncoded((byte[]) Args.notNull(bArr, "csrBytes")));
    }

    public static byte[] toDerEncoded(byte[] bArr) {
        int length = bArr.length;
        if (length <= 23 || !CompareUtil.areEqual(bArr, 0, BEGIN_PEM, 0, BEGIN_PEM.length)) {
            return Base64.containsOnlyBase64Chars(bArr, 0, 10) ? Base64.decode(bArr) : bArr;
        }
        int i = -1;
        int i2 = -1;
        int length2 = BEGIN_PEM.length + 1;
        while (true) {
            if (length2 >= length) {
                break;
            }
            if (CompareUtil.areEqual(bArr, length2, PEM_SEP, 0, PEM_SEP.length)) {
                i = length2 + PEM_SEP.length;
                break;
            }
            length2++;
        }
        if (bArr[i] == 10) {
            i++;
        }
        int length3 = (length - END_PEM.length) - 6;
        while (true) {
            if (length3 <= 0) {
                break;
            }
            if (CompareUtil.areEqual(bArr, length3, END_PEM, 0, END_PEM.length)) {
                i2 = length3 - 1;
                break;
            }
            length3--;
        }
        if (bArr[i2 - 1] == 13) {
            i2--;
        }
        byte[] bArr2 = new byte[(i2 - i) + 1];
        System.arraycopy(bArr, i, bArr2, 0, bArr2.length);
        return Base64.decode(bArr2);
    }

    private static CertificateFactory getCertFactory() throws CertificateException {
        CertificateFactory certificateFactory;
        synchronized (certFactLock) {
            if (certFact == null) {
                try {
                    certFact = CertificateFactory.getInstance("X.509", "BC");
                } catch (NoSuchProviderException e) {
                    throw new CertificateException("NoSuchProviderException: " + e.getMessage());
                }
            }
            certificateFactory = certFact;
        }
        return certificateFactory;
    }

    public static String toPemCert(X509Cert x509Cert) {
        return StringUtil.toUtf8String(PemEncoder.encode(((X509Cert) Args.notNull(x509Cert, "cert")).getEncoded(), PemEncoder.PemLabel.CERTIFICATE));
    }

    public static X509Certificate parseX509Certificate(InputStream inputStream) throws CertificateException {
        return (X509Certificate) getCertFactory().generateCertificate((InputStream) Args.notNull(inputStream, "crlStream"));
    }

    public static X509CRLHolder parseCrl(File file) throws IOException, CRLException {
        return parseCrl(Files.readAllBytes(IoUtil.expandFilepath((File) Args.notNull(file, "file")).toPath()));
    }

    public static X509CRLHolder parseCrl(byte[] bArr) throws CRLException {
        try {
            return new X509CRLHolder(toDerEncoded((byte[]) Args.notNull(bArr, "encodedCrl")));
        } catch (IOException e) {
            throw new CRLException("the given one is not a valid X.509 CRL");
        }
    }

    public static String x500NameText(X500Name x500Name) {
        return BCStyle.INSTANCE.toString((X500Name) Args.notNull(x500Name, "name"));
    }

    public static long fpCanonicalizedName(X500Name x500Name) {
        return FpIdCalculator.hash(StringUtil.toUtf8Bytes(canonicalizeName((X500Name) Args.notNull(x500Name, "name"))));
    }

    @Deprecated
    public static String canonicalizName(X500Name x500Name) {
        return canonicalizeName(x500Name);
    }

    public static String canonicalizeName(X500Name x500Name) {
        ASN1ObjectIdentifier[] attributeTypes = ((X500Name) Args.notNull(x500Name, "name")).getAttributeTypes();
        int length = attributeTypes.length;
        ArrayList arrayList = new ArrayList(length);
        for (ASN1ObjectIdentifier aSN1ObjectIdentifier : attributeTypes) {
            arrayList.add(aSN1ObjectIdentifier.getId());
        }
        Collections.sort(arrayList);
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < length; i++) {
            String str = (String) arrayList.get(i);
            if (i > 0) {
                sb.append(",");
            }
            sb.append(str).append("=");
            RDN[] rDNs = x500Name.getRDNs(new ASN1ObjectIdentifier(str));
            ArrayList arrayList2 = new ArrayList(1);
            for (RDN rdn : rDNs) {
                if (rdn.isMultiValued()) {
                    for (AttributeTypeAndValue attributeTypeAndValue : rdn.getTypesAndValues()) {
                        if (str.equals(attributeTypeAndValue.getType().getId())) {
                            arrayList2.add(IETFUtils.valueToString(attributeTypeAndValue.getValue()).toLowerCase());
                        }
                    }
                } else {
                    arrayList2.add(IETFUtils.valueToString(rdn.getFirst().getValue()).toLowerCase());
                }
            }
            sb.append((String) arrayList2.get(0));
            int size = arrayList2.size();
            if (size > 1) {
                for (int i2 = 1; i2 < size; i2++) {
                    sb.append(";").append((String) arrayList2.get(i2));
                }
            }
        }
        return sb.toString();
    }

    public static String rdnValueToString(ASN1Encodable aSN1Encodable) {
        Args.notNull(aSN1Encodable, "value");
        if ((aSN1Encodable instanceof ASN1String) && !(aSN1Encodable instanceof DERUniversalString)) {
            return ((ASN1String) aSN1Encodable).getString();
        }
        try {
            return "#" + Hex.encode(aSN1Encodable.toASN1Primitive().getEncoded("DER"));
        } catch (IOException e) {
            throw new IllegalArgumentException("other value has no encoded form");
        }
    }

    public static KeyUsage createKeyUsage(Set<org.xipki.security.KeyUsage> set) {
        if (CollectionUtil.isEmpty(set)) {
            return null;
        }
        int i = 0;
        Iterator<org.xipki.security.KeyUsage> it = set.iterator();
        while (it.hasNext()) {
            i |= it.next().getBcUsage();
        }
        return new KeyUsage(i);
    }

    public static ExtendedKeyUsage createExtendedUsage(Collection<ASN1ObjectIdentifier> collection) {
        if (CollectionUtil.isEmpty((Collection<?>) collection)) {
            return null;
        }
        ArrayList arrayList = new ArrayList(collection);
        Collections.sort(arrayList, (aSN1ObjectIdentifier, aSN1ObjectIdentifier2) -> {
            return aSN1ObjectIdentifier.getId().compareTo(aSN1ObjectIdentifier2.getId());
        });
        List<ASN1ObjectIdentifier> removeDuplication = removeDuplication(arrayList);
        KeyPurposeId[] keyPurposeIdArr = new KeyPurposeId[removeDuplication.size()];
        int i = 0;
        Iterator<ASN1ObjectIdentifier> it = removeDuplication.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            keyPurposeIdArr[i2] = KeyPurposeId.getInstance(it.next());
        }
        return new ExtendedKeyUsage(keyPurposeIdArr);
    }

    private static List<ASN1ObjectIdentifier> removeDuplication(List<ASN1ObjectIdentifier> list) {
        ArrayList arrayList = new ArrayList(list.size());
        for (ASN1ObjectIdentifier aSN1ObjectIdentifier : list) {
            if (!arrayList.contains(aSN1ObjectIdentifier)) {
                arrayList.add(aSN1ObjectIdentifier);
            }
        }
        return arrayList;
    }

    public static byte[] getCoreExtValue(Extensions extensions, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        Extension extension;
        if (extensions == null || (extension = extensions.getExtension((ASN1ObjectIdentifier) Args.notNull(aSN1ObjectIdentifier, "extnType"))) == null) {
            return null;
        }
        return extension.getExtnValue().getOctets();
    }

    public static X509Cert[] buildCertPath(X509Cert x509Cert, Collection<X509Cert> collection) throws CertPathBuilderException {
        return buildCertPath(x509Cert, collection, true);
    }

    public static X509Cert[] buildCertPath(X509Cert x509Cert, Collection<X509Cert> collection, boolean z) throws CertPathBuilderException {
        return buildCertPath(x509Cert, collection, null, z);
    }

    public static X509Cert[] buildCertPath(X509Cert x509Cert, Collection<X509Cert> collection, Collection<X509Cert> collection2, boolean z) {
        X509Cert caCertOf;
        Args.notNull(x509Cert, "cert");
        if (collection2 == null) {
            collection2 = Collections.emptySet();
        }
        if (!collection2.isEmpty()) {
            HashSet hashSet = collection == null ? new HashSet() : new HashSet(collection);
            hashSet.addAll(collection2);
            collection = hashSet;
        }
        LinkedList linkedList = new LinkedList();
        linkedList.add(x509Cert);
        if (collection != null) {
            try {
                if (!x509Cert.isSelfSigned()) {
                    do {
                        caCertOf = getCaCertOf((X509Cert) linkedList.get(linkedList.size() - 1), collection);
                        if (caCertOf != null) {
                            linkedList.add(caCertOf);
                            if (caCertOf.isSelfSigned()) {
                                break;
                            }
                        } else {
                            break;
                        }
                    } while (!collection2.contains(caCertOf));
                }
            } catch (CertificateEncodingException e) {
                LOG.warn("CertificateEncodingException: {}", e.getMessage());
            }
        }
        if (!collection2.isEmpty() && !collection2.contains(linkedList.get(linkedList.size() - 1))) {
            return null;
        }
        if (linkedList.size() == 1) {
            if (z) {
                return (X509Cert[]) linkedList.toArray(new X509Cert[0]);
            }
            return null;
        }
        if (!z) {
            linkedList.remove(0);
        }
        return (X509Cert[]) linkedList.toArray(new X509Cert[0]);
    }

    /* JADX WARN: Type inference failed for: r0v4, types: [byte[], byte[][]] */
    public static String encodeCertificates(X509Cert[] x509CertArr) throws CertificateException, IOException {
        if (CollectionUtil.isEmpty(x509CertArr)) {
            return null;
        }
        ?? r0 = new byte[x509CertArr.length];
        for (int i = 0; i < x509CertArr.length; i++) {
            r0[i] = x509CertArr[i].getEncoded();
        }
        return encodeCertificates((byte[][]) r0);
    }

    public static String encodeCertificates(byte[][] bArr) {
        if (CollectionUtil.isEmpty(bArr)) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < bArr.length; i++) {
            if (i != 0) {
                sb.append("\r\n");
            }
            sb.append(StringUtil.toUtf8String(PemEncoder.encode(bArr[i], PemEncoder.PemLabel.CERTIFICATE)));
        }
        return sb.toString();
    }

    public static List<X509Cert> listCertificates(String str) throws CertificateException, IOException {
        LinkedList linkedList = new LinkedList();
        BufferedReader bufferedReader = new BufferedReader(new StringReader(str));
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    bufferedReader.close();
                    return linkedList;
                }
                if (BEGIN_CERTIFICATE.equals(readLine)) {
                    byteArrayOutputStream.reset();
                } else if (END_CERTIFICATE.equals(readLine)) {
                    linkedList.add(parseCert(byteArrayOutputStream.toByteArray()));
                    byteArrayOutputStream.reset();
                } else {
                    byteArrayOutputStream.write(StringUtil.toUtf8Bytes(readLine));
                }
            }
        } catch (Throwable th) {
            try {
                bufferedReader.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static X509Cert getCaCertOf(X509Cert x509Cert, Collection<X509Cert> collection) throws CertificateEncodingException {
        Args.notNull(x509Cert, "cert");
        if (x509Cert.isSelfSigned()) {
            return null;
        }
        for (X509Cert x509Cert2 : collection) {
            if (issues(x509Cert2, x509Cert)) {
                try {
                    x509Cert.verify(x509Cert2.getPublicKey());
                    return x509Cert2;
                } catch (Exception e) {
                    LOG.warn("could not verify certificate: {}", e.getMessage());
                }
            }
        }
        return null;
    }

    public static boolean issues(X509Cert x509Cert, X509Cert x509Cert2) throws CertificateEncodingException {
        Args.notNull(x509Cert, "issuerCert");
        Args.notNull(x509Cert2, "cert");
        int basicConstraints = x509Cert.getBasicConstraints();
        if (basicConstraints == -1) {
            return false;
        }
        if (basicConstraints != Integer.MAX_VALUE && basicConstraints <= x509Cert2.getBasicConstraints()) {
            return false;
        }
        boolean equals = x509Cert.getSubject().equals(x509Cert2.getIssuer());
        if (equals) {
            byte[] subjectKeyId = x509Cert.getSubjectKeyId();
            byte[] authorityKeyId = x509Cert2.getAuthorityKeyId();
            if (subjectKeyId != null && authorityKeyId != null) {
                equals = Arrays.equals(subjectKeyId, authorityKeyId);
            }
        }
        if (equals) {
            long epochMilli = x509Cert.getNotBefore().toEpochMilli();
            long epochMilli2 = x509Cert.getNotAfter().toEpochMilli();
            long epochMilli3 = x509Cert2.getNotBefore().toEpochMilli();
            equals = epochMilli3 <= epochMilli2 && epochMilli3 >= epochMilli;
        }
        return equals;
    }

    public static SubjectPublicKeyInfo toRfc3279Style(SubjectPublicKeyInfo subjectPublicKeyInfo) throws InvalidKeySpecException {
        Args.notNull(subjectPublicKeyInfo, "publicKeyInfo");
        ASN1ObjectIdentifier algorithm = subjectPublicKeyInfo.getAlgorithm().getAlgorithm();
        ASN1Encodable parameters = subjectPublicKeyInfo.getAlgorithm().getParameters();
        if (PKCSObjectIdentifiers.rsaEncryption.equals(algorithm)) {
            return DERNull.INSTANCE.equals(parameters) ? subjectPublicKeyInfo : new SubjectPublicKeyInfo(new AlgorithmIdentifier(algorithm, DERNull.INSTANCE), subjectPublicKeyInfo.getPublicKeyData().getBytes());
        }
        if (X9ObjectIdentifiers.id_dsa.equals(algorithm)) {
            if (parameters == null) {
                return subjectPublicKeyInfo;
            }
            if (DERNull.INSTANCE.equals(parameters)) {
                return new SubjectPublicKeyInfo(new AlgorithmIdentifier(algorithm), subjectPublicKeyInfo.getPublicKeyData().getBytes());
            }
            try {
                DSAParameter.getInstance(parameters);
                return subjectPublicKeyInfo;
            } catch (IllegalArgumentException e) {
                throw new InvalidKeySpecException("keyParameters is not null and Dss-Parms");
            }
        }
        if (!X9ObjectIdentifiers.id_ecPublicKey.equals(algorithm)) {
            if (EdECConstants.isEdwardsOrMontgomeryCurve(algorithm) && parameters != null) {
                return new SubjectPublicKeyInfo(new AlgorithmIdentifier(algorithm), subjectPublicKeyInfo.getPublicKeyData().getBytes());
            }
            return subjectPublicKeyInfo;
        }
        if (parameters == null) {
            throw new InvalidKeySpecException("keyParameters is not an OBJECT IDENTIFIER");
        }
        try {
            ASN1ObjectIdentifier.getInstance(parameters);
            return subjectPublicKeyInfo;
        } catch (IllegalArgumentException e2) {
            throw new InvalidKeySpecException("keyParameters is not an OBJECT IDENTIFIER");
        }
    }

    public static String cutText(String str, int i) {
        return ((String) Args.notNull(str, "text")).length() <= i ? str : StringUtil.concat(str.substring(0, i - 13), "...skipped...");
    }

    public static String cutX500Name(X500Name x500Name, int i) {
        return cutText(x500NameText(x500Name), i);
    }

    public static Extension createExtnSubjectAltName(List<String> list, boolean z) throws BadInputException {
        GeneralNames createGeneralNames = createGeneralNames(list);
        if (createGeneralNames == null) {
            return null;
        }
        try {
            return new Extension(Extension.subjectAlternativeName, z, createGeneralNames.getEncoded());
        } catch (IOException e) {
            throw new IllegalStateException(e.getMessage(), e);
        }
    }

    public static Extension createExtnSubjectInfoAccess(List<String> list, boolean z) throws BadInputException {
        if (CollectionUtil.isEmpty(list)) {
            return null;
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            aSN1EncodableVector.add(createAccessDescription(it.next()));
        }
        try {
            return new Extension(Extension.subjectInfoAccess, z, new DERSequence(aSN1EncodableVector).getEncoded());
        } catch (IOException e) {
            throw new IllegalStateException(e.getMessage(), e);
        }
    }

    private static AccessDescription createAccessDescription(String str) throws BadInputException {
        Args.notNull(str, "accessMethodAndLocation");
        try {
            ConfPairs confPairs = new ConfPairs(str);
            Set<String> names = confPairs.names();
            if (names == null || names.size() != 1) {
                throw new BadInputException("invalid accessMethodAndLocation " + str);
            }
            String next = names.iterator().next();
            return new AccessDescription(new ASN1ObjectIdentifier(next), createGeneralName(confPairs.value(next)));
        } catch (IllegalArgumentException e) {
            throw new BadInputException("invalid accessMethodAndLocation " + str);
        }
    }

    private static GeneralNames createGeneralNames(List<String> list) throws BadInputException {
        if (CollectionUtil.isEmpty(list)) {
            return null;
        }
        int size = list.size();
        GeneralName[] generalNameArr = new GeneralName[size];
        for (int i = 0; i < size; i++) {
            generalNameArr[i] = createGeneralName(list.get(i));
        }
        return new GeneralNames(generalNameArr);
    }

    private static GeneralName createGeneralName(String str) throws BadInputException {
        int i;
        int indexOf;
        Args.notBlank(str, "taggedValue");
        String str2 = null;
        String str3 = null;
        if (str.charAt(0) == '[' && (indexOf = str.indexOf(93, 1)) > 1 && indexOf < str.length() - 1) {
            str2 = str.substring(1, indexOf).toLowerCase();
            str3 = str.substring(indexOf + 1);
        }
        try {
            if ("0".equals(str2) || "othername".equals(str2)) {
                i = 0;
            } else if ("1".equals(str2) || "email".equals(str2) || "rfc822".equals(str2)) {
                i = 1;
            } else if ("2".equals(str2) || "dns".equals(str2) || "dnsname".equals(str2)) {
                i = 2;
            } else if ("4".equals(str2) || "dirname".equals(str2)) {
                i = 4;
            } else if ("5".equals(str2) || "edi".equals(str2)) {
                i = 5;
            } else if ("6".equals(str2) || "uri".equals(str2)) {
                i = 6;
            } else if ("7".equals(str2) || "ip".equals(str2) || "ipaddress".equals(str2)) {
                i = 7;
            } else {
                if (!"8".equals(str2) && !"rid".equals(str2) && !"registeredid".equals(str2)) {
                    throw new BadInputException("unknown tag " + str2);
                }
                i = 8;
            }
            switch (i) {
                case 0:
                    int indexOf2 = str3.indexOf("=");
                    if (indexOf2 == -1 || indexOf2 == 0 || indexOf2 == str3.length() - 1) {
                        throw new BadInputException("invalid otherName " + str3);
                    }
                    ASN1ObjectIdentifier aSN1ObjectIdentifier = new ASN1ObjectIdentifier(str3.substring(0, indexOf2));
                    String substring = str3.substring(indexOf2 + 1);
                    ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                    aSN1EncodableVector.add(aSN1ObjectIdentifier);
                    aSN1EncodableVector.add(new DERTaggedObject(true, 0, StringUtil.startsWithIgnoreCase(substring, "printablestring:") ? new DERPrintableString(substring.substring("printablestring:".length())) : StringUtil.startsWithIgnoreCase(substring, "utf8string:") ? new DERUTF8String(substring.substring("utf8string:".length())) : new DERUTF8String(substring)));
                    return new GeneralName(i, new DERSequence(aSN1EncodableVector));
                case 1:
                case 2:
                case 6:
                case 7:
                case PermissionConstants.REMOVE_CERT /* 8 */:
                    return new GeneralName(i, str3);
                case 3:
                default:
                    throw new IllegalStateException("unsupported tag " + i);
                case PermissionConstants.UNSUSPEND_CERT /* 4 */:
                    return new GeneralName(i, reverse(new X500Name(str3)));
                case 5:
                    int indexOf3 = str3.indexOf("=");
                    if (indexOf3 == -1 || indexOf3 == str3.length() - 1) {
                        throw new BadInputException("invalid ediPartyName " + str3);
                    }
                    String substring2 = indexOf3 == 0 ? null : str3.substring(0, indexOf3);
                    String substring3 = str3.substring(indexOf3 + 1);
                    ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                    if (substring2 != null) {
                        aSN1EncodableVector2.add(new DERTaggedObject(false, 0, new DirectoryString(substring2)));
                    }
                    aSN1EncodableVector2.add(new DERTaggedObject(false, 1, new DirectoryString(substring3)));
                    return new GeneralName(i, new DERSequence(aSN1EncodableVector2));
            }
        } catch (NumberFormatException e) {
            throw new BadInputException("invalid tag '" + str2 + "'");
        }
    }

    public static String formatCert(X509Cert x509Cert, boolean z) {
        if (x509Cert == null) {
            return "  null";
        }
        StringBuilder sb = new StringBuilder(z ? Constants.MILLIS_IN_SECONDS : 100);
        sb.append("  issuer:       ").append(x500NameText(x509Cert.getIssuer())).append('\n');
        sb.append("  serialNumber: ").append(LogUtil.formatCsn(x509Cert.getSerialNumber())).append('\n');
        sb.append("  subject:      ").append(x500NameText(x509Cert.getSubject())).append('\n');
        sb.append("  notBefore:    ").append(x509Cert.getNotBefore()).append("\n");
        sb.append("  notAfter:     ").append(x509Cert.getNotAfter());
        if (z) {
            sb.append("\n  encoded:      ").append(Base64.encodeToString(x509Cert.getEncoded()));
        }
        return sb.toString();
    }

    public static Extensions getExtensions(CertificationRequestInfo certificationRequestInfo) {
        Args.notNull(certificationRequestInfo, "csr");
        ASN1Set attributes = certificationRequestInfo.getAttributes();
        for (int i = 0; i < attributes.size(); i++) {
            Attribute attribute = Attribute.getInstance(attributes.getObjectAt(i));
            if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attribute.getAttrType())) {
                return Extensions.getInstance(attribute.getAttributeValues()[0]);
            }
        }
        return null;
    }

    public static String getChallengePassword(CertificationRequestInfo certificationRequestInfo) {
        Attribute attribute = getAttribute(certificationRequestInfo, PKCSObjectIdentifiers.pkcs_9_at_challengePassword);
        if (attribute == null) {
            return null;
        }
        return attribute.getAttributeValues()[0].getString();
    }

    public static Attribute getAttribute(CertificationRequestInfo certificationRequestInfo, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        Args.notNull(aSN1ObjectIdentifier, StructuredDataLookup.TYPE_KEY);
        ASN1Set attributes = ((CertificationRequestInfo) Args.notNull(certificationRequestInfo, "csr")).getAttributes();
        for (int i = 0; i < attributes.size(); i++) {
            Attribute attribute = Attribute.getInstance(attributes.getObjectAt(i));
            if (aSN1ObjectIdentifier.equals(attribute.getAttrType())) {
                return attribute;
            }
        }
        return null;
    }

    public static List<X509Cert> parseCerts(List<FileOrBinary> list) throws InvalidConfException {
        String str;
        if (CollectionUtil.isEmpty(list)) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(list.size());
        for (FileOrBinary fileOrBinary : list) {
            try {
                arrayList.add(parseCert(fileOrBinary.readContent()));
            } catch (IOException | CertificateException e) {
                str = "could not parse the certificate";
                throw new InvalidConfException(fileOrBinary.getFile() != null ? str + " " + fileOrBinary.getFile() : "could not parse the certificate", e);
            }
        }
        return arrayList;
    }

    public static void assertCsrAndCertMatch(CertificationRequest certificationRequest, Certificate certificate, boolean z) throws XiSecurityException {
        CertificationRequestInfo certificationRequestInfo = certificationRequest.getCertificationRequestInfo();
        try {
            if (!Arrays.equals(certificationRequestInfo.getSubject().getEncoded(), certificate.getSubject().getEncoded())) {
                throw new XiSecurityException("CSR and certificate do not have the same subject");
            }
            if (!Arrays.equals(certificationRequestInfo.getSubjectPublicKeyInfo().getEncoded(), certificate.getSubjectPublicKeyInfo().getEncoded())) {
                throw new XiSecurityException("CSR and certificate do not have the same SubjectPublicKeyInfo");
            }
            if (z) {
                Extension extension = certificate.getTBSCertificate().getExtensions().getExtension(Extension.basicConstraints);
                BasicConstraints basicConstraints = extension == null ? null : BasicConstraints.getInstance(extension.getParsedValue());
                if (basicConstraints == null || !basicConstraints.isCA()) {
                    throw new XiSecurityException("targetCert is not a CA certificate");
                }
            }
        } catch (IOException | RuntimeException e) {
            throw new XiSecurityException("error while encoding Subject or SubjectPublicKeyInfo");
        }
    }
}
