package org.xipki.qa.ca.extn;

import java.io.IOException;
import java.math.BigInteger;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import java.util.Set;
import java.util.Vector;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.DirectoryString;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.Attribute;
import org.bouncycastle.asn1.x509.CertPolicyId;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.PrivateKeyUsagePeriod;
import org.bouncycastle.asn1.x509.SubjectDirectoryAttributes;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode;
import org.bouncycastle.asn1.x509.qualified.MonetaryValue;
import org.bouncycastle.asn1.x509.qualified.QCStatement;
import org.xipki.ca.api.BadCertTemplateException;
import org.xipki.ca.api.profile.Certprofile;
import org.xipki.ca.api.profile.CertprofileException;
import org.xipki.ca.api.profile.TextVadidator;
import org.xipki.ca.certprofile.xijson.SubjectDirectoryAttributesControl;
import org.xipki.ca.certprofile.xijson.XijsonCertprofile;
import org.xipki.ca.certprofile.xijson.conf.Describable;
import org.xipki.ca.certprofile.xijson.conf.PolicyConstraints;
import org.xipki.ca.certprofile.xijson.conf.PolicyMappings;
import org.xipki.ca.certprofile.xijson.conf.QcStatements;
import org.xipki.ca.certprofile.xijson.conf.Restriction;
import org.xipki.ca.certprofile.xijson.conf.TlsFeature;
import org.xipki.security.ObjectIdentifiers;
import org.xipki.security.ctlog.CtLog;
import org.xipki.security.util.X509Util;
import org.xipki.util.CollectionUtil;
import org.xipki.util.LogUtil;
import org.xipki.util.Validity;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/xipki/qa/ca/extn/O2tChecker.class */
public class O2tChecker extends ExtensionChecker {
    private static final byte[] DER_NULL = {5, 0};

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.xipki.qa.ca.extn.O2tChecker$1, reason: invalid class name */
    /* loaded from: input_file:org/xipki/qa/ca/extn/O2tChecker$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$xipki$ca$api$profile$Certprofile$GeneralNameTag = new int[Certprofile.GeneralNameTag.values().length];

        static {
            try {
                $SwitchMap$org$xipki$ca$api$profile$Certprofile$GeneralNameTag[Certprofile.GeneralNameTag.rfc822Name.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$profile$Certprofile$GeneralNameTag[Certprofile.GeneralNameTag.DNSName.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$profile$Certprofile$GeneralNameTag[Certprofile.GeneralNameTag.uniformResourceIdentifier.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$profile$Certprofile$GeneralNameTag[Certprofile.GeneralNameTag.IPAddress.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$profile$Certprofile$GeneralNameTag[Certprofile.GeneralNameTag.directoryName.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$xipki$ca$api$profile$Certprofile$GeneralNameTag[Certprofile.GeneralNameTag.registeredID.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public O2tChecker(ExtensionsChecker extensionsChecker) {
        super(extensionsChecker);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkExtnOcspNocheck(StringBuilder sb, byte[] bArr) {
        if (Arrays.equals(DER_NULL, bArr)) {
            return;
        }
        sb.append("value is not DER NULL; ");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkExtnPolicyConstraints(StringBuilder sb, byte[] bArr, Extensions extensions, Certprofile.ExtensionControl extensionControl) {
        PolicyConstraints policyConstraints = this.caller.getPolicyConstraints();
        if (policyConstraints == null) {
            this.caller.checkConstantExtnValue(Extension.policyConstraints, sb, bArr, extensions, extensionControl);
            return;
        }
        org.bouncycastle.asn1.x509.PolicyConstraints policyConstraints2 = org.bouncycastle.asn1.x509.PolicyConstraints.getInstance(bArr);
        Integer requireExplicitPolicy = policyConstraints.getRequireExplicitPolicy();
        BigInteger requireExplicitPolicyMapping = policyConstraints2.getRequireExplicitPolicyMapping();
        Integer valueOf = requireExplicitPolicyMapping == null ? null : Integer.valueOf(requireExplicitPolicyMapping.intValue());
        boolean z = true;
        if (requireExplicitPolicy == null) {
            if (valueOf != null) {
                z = false;
            }
        } else if (!requireExplicitPolicy.equals(valueOf)) {
            z = false;
        }
        if (!z) {
            CheckerUtil.addViolation(sb, "requireExplicitPolicy", valueOf, requireExplicitPolicy);
        }
        Integer inhibitPolicyMapping = policyConstraints.getInhibitPolicyMapping();
        BigInteger inhibitPolicyMapping2 = policyConstraints2.getInhibitPolicyMapping();
        Integer valueOf2 = inhibitPolicyMapping2 == null ? null : Integer.valueOf(inhibitPolicyMapping2.intValue());
        boolean z2 = true;
        if (inhibitPolicyMapping == null) {
            if (valueOf2 != null) {
                z2 = false;
            }
        } else if (!inhibitPolicyMapping.equals(valueOf2)) {
            z2 = false;
        }
        if (z2) {
            return;
        }
        CheckerUtil.addViolation(sb, "inhibitPolicyMapping", valueOf2, inhibitPolicyMapping);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkExtnPolicyMappings(StringBuilder sb, byte[] bArr, Extensions extensions, Certprofile.ExtensionControl extensionControl) {
        PolicyMappings policyMappings = this.caller.getPolicyMappings();
        if (policyMappings == null) {
            this.caller.checkConstantExtnValue(Extension.policyMappings, sb, bArr, extensions, extensionControl);
            return;
        }
        ASN1Sequence dERSequence = DERSequence.getInstance(bArr);
        HashMap hashMap = new HashMap();
        int size = dERSequence.size();
        for (int i = 0; i < size; i++) {
            ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(dERSequence.getObjectAt(i));
            hashMap.put(CertPolicyId.getInstance(aSN1Sequence.getObjectAt(0)).getId(), CertPolicyId.getInstance(aSN1Sequence.getObjectAt(1)).getId());
        }
        for (PolicyMappings.PolicyIdMappingType policyIdMappingType : policyMappings.getMappings()) {
            String oid = policyIdMappingType.getIssuerDomainPolicy().getOid();
            String oid2 = policyIdMappingType.getSubjectDomainPolicy().getOid();
            String str = (String) hashMap.remove(oid);
            if (str == null) {
                sb.append("issuerDomainPolicy '").append(oid).append("' is absent but is required; ");
            } else if (!str.equals(oid2)) {
                CheckerUtil.addViolation(sb, "subjectDomainPolicy for issuerDomainPolicy", str, oid2);
            }
        }
        if (CollectionUtil.isNotEmpty(hashMap)) {
            sb.append("issuerDomainPolicies '").append(hashMap.keySet()).append("' are present but not expected; ");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkExtnPrivateKeyUsagePeriod(StringBuilder sb, byte[] bArr, Date date, Date date2) {
        Date add;
        ASN1GeneralizedTime aSN1GeneralizedTime = new ASN1GeneralizedTime(date);
        Validity privateKeyUsagePeriod = getCertprofile().extensions().getPrivateKeyUsagePeriod();
        if (privateKeyUsagePeriod == null) {
            add = date2;
        } else {
            add = privateKeyUsagePeriod.add(date);
            if (add.after(date2)) {
                add = date2;
            }
        }
        ASN1GeneralizedTime aSN1GeneralizedTime2 = new ASN1GeneralizedTime(add);
        PrivateKeyUsagePeriod privateKeyUsagePeriod2 = PrivateKeyUsagePeriod.getInstance(bArr);
        ASN1GeneralizedTime notBefore = privateKeyUsagePeriod2.getNotBefore();
        if (notBefore == null) {
            sb.append("notBefore is absent but expected present; ");
        } else if (!notBefore.equals(aSN1GeneralizedTime)) {
            CheckerUtil.addViolation(sb, "notBefore", notBefore.getTimeString(), aSN1GeneralizedTime.getTimeString());
        }
        ASN1GeneralizedTime notAfter = privateKeyUsagePeriod2.getNotAfter();
        if (notAfter == null) {
            sb.append("notAfter is absent but expected present; ");
        } else {
            if (notAfter.equals(aSN1GeneralizedTime2)) {
                return;
            }
            CheckerUtil.addViolation(sb, "notAfter", notAfter.getTimeString(), aSN1GeneralizedTime2.getTimeString());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkExtnQcStatements(StringBuilder sb, byte[] bArr, Extensions extensions, Certprofile.ExtensionControl extensionControl) {
        int i;
        int i2;
        QcStatements qcStatements = this.caller.getQcStatements();
        if (qcStatements == null) {
            this.caller.checkConstantExtnValue(Extension.qCStatements, sb, bArr, extensions, extensionControl);
            return;
        }
        int size = qcStatements.getQcStatements().size();
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(bArr);
        int size2 = aSN1Sequence.size();
        if (size2 != size) {
            CheckerUtil.addViolation(sb, "number of statements", Integer.valueOf(size2), Integer.valueOf(size));
            return;
        }
        HashMap hashMap = new HashMap();
        Extension extension = extensions == null ? null : extensions.getExtension(Extension.qCStatements);
        if (extension != null) {
            ASN1Sequence aSN1Sequence2 = ASN1Sequence.getInstance(extension.getParsedValue());
            int size3 = aSN1Sequence2.size();
            for (int i3 = 0; i3 < size3; i3++) {
                QCStatement qCStatement = QCStatement.getInstance(aSN1Sequence2.getObjectAt(i3));
                if (ObjectIdentifiers.Extn.id_etsi_qcs_QcLimitValue.equals(qCStatement.getStatementId())) {
                    MonetaryValue monetaryValue = MonetaryValue.getInstance(qCStatement.getStatementInfo());
                    int intValue = monetaryValue.getAmount().intValue();
                    int intValue2 = monetaryValue.getExponent().intValue();
                    Iso4217CurrencyCode currency = monetaryValue.getCurrency();
                    hashMap.put(currency.isAlphabetic() ? currency.getAlphabetic().toUpperCase() : Integer.toString(currency.getNumeric()), new int[]{intValue, intValue2});
                }
            }
        }
        for (int i4 = 0; i4 < size; i4++) {
            QCStatement qCStatement2 = QCStatement.getInstance(aSN1Sequence.getObjectAt(i4));
            QcStatements.QcStatementType qcStatementType = (QcStatements.QcStatementType) qcStatements.getQcStatements().get(i4);
            if (!qCStatement2.getStatementId().getId().equals(qcStatementType.getStatementId().getOid())) {
                CheckerUtil.addViolation(sb, "statmentId[" + i4 + "]", qCStatement2.getStatementId().getId(), qcStatementType.getStatementId().getOid());
            } else if (qcStatementType.getStatementValue() == null) {
                if (qCStatement2.getStatementInfo() != null) {
                    CheckerUtil.addViolation(sb, "statmentInfo[" + i4 + "]", "present", "absent");
                }
            } else if (qCStatement2.getStatementInfo() == null) {
                CheckerUtil.addViolation(sb, "statmentInfo[" + i4 + "]", "absent", "present");
            } else {
                QcStatements.QcStatementValueType statementValue = qcStatementType.getStatementValue();
                try {
                    if (statementValue.getConstant() != null) {
                        byte[] value = statementValue.getConstant().getValue();
                        byte[] encoded = qCStatement2.getStatementInfo().toASN1Primitive().getEncoded();
                        if (!Arrays.equals(encoded, value)) {
                            CheckerUtil.addViolation(sb, "statementInfo[" + i4 + "]", CheckerUtil.hex(encoded), CheckerUtil.hex(value));
                        }
                    } else if (statementValue.getQcRetentionPeriod() != null) {
                        String aSN1Integer = ASN1Integer.getInstance(qCStatement2.getStatementInfo()).toString();
                        String num = statementValue.getQcRetentionPeriod().toString();
                        if (!aSN1Integer.equals(num)) {
                            CheckerUtil.addViolation(sb, "statementInfo[" + i4 + "]", aSN1Integer, num);
                        }
                    } else if (statementValue.getPdsLocations() != null) {
                        HashSet hashSet = new HashSet();
                        ASN1Sequence aSN1Sequence3 = ASN1Sequence.getInstance(qCStatement2.getStatementInfo());
                        int size4 = aSN1Sequence3.size();
                        for (int i5 = 0; i5 < size4; i5++) {
                            ASN1Sequence aSN1Sequence4 = ASN1Sequence.getInstance(aSN1Sequence3.getObjectAt(i5));
                            int size5 = aSN1Sequence4.size();
                            if (size5 != 2) {
                                throw new IllegalArgumentException("sequence size is " + size5 + " but expected 2");
                            }
                            hashSet.add("url=" + DERIA5String.getInstance(aSN1Sequence4.getObjectAt(0)).getString() + ",lang=" + DERPrintableString.getInstance(aSN1Sequence4.getObjectAt(1)).getString());
                        }
                        HashSet hashSet2 = new HashSet();
                        for (QcStatements.PdsLocationType pdsLocationType : statementValue.getPdsLocations()) {
                            hashSet2.add("url=" + pdsLocationType.getUrl() + ",lang=" + pdsLocationType.getLanguage());
                        }
                        Set<String> strInBnotInA = CheckerUtil.strInBnotInA(hashSet2, hashSet);
                        if (CollectionUtil.isNotEmpty(strInBnotInA)) {
                            sb.append("statementInfo[").append(i4).append("]: ").append(strInBnotInA).append(" are present but not expected; ");
                        }
                        Set<String> strInBnotInA2 = CheckerUtil.strInBnotInA(hashSet, hashSet2);
                        if (CollectionUtil.isNotEmpty(strInBnotInA2)) {
                            sb.append("statementInfo[").append(i4).append("]: ").append(strInBnotInA2).append(" are absent but are required; ");
                        }
                    } else {
                        if (statementValue.getQcEuLimitValue() == null) {
                            throw new IllegalStateException("statementInfo[" + i4 + "]should not reach here");
                        }
                        QcStatements.QcEuLimitValueType qcEuLimitValue = statementValue.getQcEuLimitValue();
                        String upperCase = qcEuLimitValue.getCurrency().toUpperCase();
                        int[] iArr = (int[]) hashMap.get(upperCase);
                        QcStatements.Range2Type amount = qcEuLimitValue.getAmount();
                        if (amount.getMin() == amount.getMax()) {
                            i = amount.getMin();
                        } else {
                            if (iArr == null) {
                                sb.append("found no QcEuLimit for currency '").append(upperCase).append("'; ");
                                return;
                            }
                            i = iArr[0];
                        }
                        String num2 = Integer.toString(i);
                        QcStatements.Range2Type exponent = qcEuLimitValue.getExponent();
                        if (exponent.getMin() == exponent.getMax()) {
                            i2 = exponent.getMin();
                        } else {
                            if (iArr == null) {
                                sb.append("found no QcEuLimit for currency '").append(upperCase).append("'; ");
                                return;
                            }
                            i2 = iArr[1];
                        }
                        String num3 = Integer.toString(i2);
                        MonetaryValue monetaryValue2 = MonetaryValue.getInstance(qCStatement2.getStatementInfo());
                        Iso4217CurrencyCode currency2 = monetaryValue2.getCurrency();
                        String alphabetic = currency2.isAlphabetic() ? currency2.getAlphabetic() : Integer.toString(currency2.getNumeric());
                        String bigInteger = monetaryValue2.getAmount().toString();
                        String bigInteger2 = monetaryValue2.getExponent().toString();
                        if (!alphabetic.equals(upperCase)) {
                            CheckerUtil.addViolation(sb, "statementInfo[" + i4 + "].qcEuLimit.currency", alphabetic, upperCase);
                        }
                        if (!bigInteger.equals(num2)) {
                            CheckerUtil.addViolation(sb, "statementInfo[" + i4 + "].qcEuLimit.amount", bigInteger, num2);
                        }
                        if (!bigInteger2.equals(num3)) {
                            CheckerUtil.addViolation(sb, "statementInfo[" + i4 + "].qcEuLimit.exponent", bigInteger2, num3);
                        }
                    }
                } catch (IOException e) {
                    sb.append("statementInfo[").append(i4).append("] has incorrect syntax; ");
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkExtnRestriction(StringBuilder sb, byte[] bArr, Extensions extensions, Certprofile.ExtensionControl extensionControl) {
        Restriction restriction = this.caller.getRestriction();
        this.caller.checkDirectoryString(ObjectIdentifiers.Extn.id_extension_restriction, restriction.getType(), restriction.getText(), sb, bArr, extensions, extensionControl);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkSmimeCapabilities(StringBuilder sb, byte[] bArr, Certprofile.ExtensionControl extensionControl) {
        byte[] value = this.caller.getSmimeCapabilities().getValue();
        if (Arrays.equals(value, bArr)) {
            return;
        }
        CheckerUtil.addViolation(sb, "extension valus", CheckerUtil.hex(bArr), value == null ? "not present" : CheckerUtil.hex(value));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkScts(StringBuilder sb, byte[] bArr, Certprofile.ExtensionControl extensionControl) {
        try {
            CtLog.SignedCertificateTimestampList signedCertificateTimestampList = CtLog.SignedCertificateTimestampList.getInstance(DEROctetString.getInstance(bArr).getOctets());
            int size = signedCertificateTimestampList.getSctList().size();
            for (int i = 0; i < size; i++) {
                signedCertificateTimestampList.getSctList().get(i).getDigitallySigned().getSignatureObject();
            }
        } catch (Exception e) {
            sb.append("invalid syntax: ").append(e.getMessage()).append("; ");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkExtnSubjectAltNames(StringBuilder sb, byte[] bArr, Extensions extensions, Certprofile.ExtensionControl extensionControl, X500Name x500Name) {
        XijsonCertprofile certprofile = getCertprofile();
        Set subjectAltNameModes = certprofile.getSubjectAltNameModes();
        try {
            GeneralName[] requestedSubjectAltNames = getRequestedSubjectAltNames(certprofile, x500Name, extensions);
            if (requestedSubjectAltNames == null) {
                sb.append("extension is present but not expected; ");
                return;
            }
            GeneralName[] names = GeneralNames.getInstance(bArr).getNames();
            GeneralName[] generalNameArr = new GeneralName[requestedSubjectAltNames.length];
            for (int i = 0; i < names.length; i++) {
                try {
                    generalNameArr[i] = CheckerUtil.createGeneralName(names[i], subjectAltNameModes);
                } catch (BadCertTemplateException e) {
                    sb.append("could not process ").append(i + 1).append("-th name: ").append(e.getMessage()).append("; ");
                    return;
                }
            }
            if (names.length != generalNameArr.length) {
                CheckerUtil.addViolation(sb, "size of GeneralNames", Integer.valueOf(names.length), Integer.valueOf(generalNameArr.length));
                return;
            }
            for (int i2 = 0; i2 < names.length; i2++) {
                if (!names[i2].equals(generalNameArr[i2])) {
                    sb.append(i2 + 1).append("-th name does not match the requested one; ");
                }
            }
        } catch (CertprofileException | BadCertTemplateException e2) {
            LogUtil.warn(this.log, e2, "error while derive grantedSubject from requestedSubject");
            sb.append("error while derive grantedSubject from requestedSubject");
        }
    }

    private GeneralName[] getRequestedSubjectAltNames(XijsonCertprofile xijsonCertprofile, X500Name x500Name, Extensions extensions) throws CertprofileException, BadCertTemplateException {
        ASN1Encodable extensionParsedValue = extensions == null ? null : extensions.getExtensionParsedValue(Extension.subjectAlternativeName);
        Map subjectToSubjectAltNameModes = xijsonCertprofile.extensions().getSubjectToSubjectAltNameModes();
        if (extensionParsedValue == null && subjectToSubjectAltNameModes == null) {
            return null;
        }
        GeneralNames generalNames = extensionParsedValue == null ? null : GeneralNames.getInstance(extensionParsedValue);
        if (xijsonCertprofile.getSubjectAltNameModes() == null && subjectToSubjectAltNameModes == null) {
            if (generalNames == null) {
                return null;
            }
            return generalNames.getNames();
        }
        LinkedList linkedList = new LinkedList();
        if (subjectToSubjectAltNameModes != null) {
            X500Name grantedSubject = xijsonCertprofile.getSubject(x500Name).getGrantedSubject();
            for (ASN1ObjectIdentifier aSN1ObjectIdentifier : subjectToSubjectAltNameModes.keySet()) {
                Certprofile.GeneralNameTag generalNameTag = (Certprofile.GeneralNameTag) subjectToSubjectAltNameModes.get(aSN1ObjectIdentifier);
                RDN[] rDNs = grantedSubject.getRDNs(aSN1ObjectIdentifier);
                if (rDNs == null || rDNs.length == 0) {
                    rDNs = x500Name.getRDNs(aSN1ObjectIdentifier);
                }
                if (rDNs != null && rDNs.length != 0) {
                    for (RDN rdn : rDNs) {
                        String rdnValueToString = X509Util.rdnValueToString(rdn.getFirst().getValue());
                        switch (AnonymousClass1.$SwitchMap$org$xipki$ca$api$profile$Certprofile$GeneralNameTag[generalNameTag.ordinal()]) {
                            case 1:
                                linkedList.add(new GeneralName(generalNameTag.getTag(), rdnValueToString.toLowerCase()));
                                break;
                            case 2:
                            case 3:
                            case 4:
                            case 5:
                            case 6:
                                linkedList.add(new GeneralName(generalNameTag.getTag(), rdnValueToString));
                                break;
                            default:
                                throw new IllegalStateException("should not reach here, unknown GeneralName tag " + generalNameTag);
                        }
                    }
                }
            }
        }
        if (generalNames != null) {
            for (GeneralName generalName : generalNames.getNames()) {
                linkedList.add(generalName);
            }
        }
        if (linkedList.isEmpty()) {
            return null;
        }
        return (GeneralName[]) linkedList.toArray(new GeneralName[0]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkExtnSubjectDirAttrs(StringBuilder sb, byte[] bArr, Extensions extensions, Certprofile.ExtensionControl extensionControl) {
        SubjectDirectoryAttributesControl subjectDirAttrsControl = getCertprofile().extensions().getSubjectDirAttrsControl();
        if (subjectDirAttrsControl == null) {
            sb.append("extension is present but not expected; ");
            return;
        }
        ASN1Encodable extensionParsedValue = extensions != null ? extensions.getExtensionParsedValue(Extension.subjectDirectoryAttributes) : null;
        if (extensionParsedValue == null) {
            sb.append("extension is present but not expected; ");
            return;
        }
        Vector attributes = SubjectDirectoryAttributes.getInstance(extensionParsedValue).getAttributes();
        ASN1GeneralizedTime aSN1GeneralizedTime = null;
        String str = null;
        String str2 = null;
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        HashMap hashMap = new HashMap();
        int size = attributes.size();
        for (int i = 0; i < size; i++) {
            Attribute attribute = Attribute.getInstance(attributes.get(i));
            ASN1ObjectIdentifier attrType = attribute.getAttrType();
            ASN1Encodable aSN1Encodable = attribute.getAttributeValues()[0];
            if (ObjectIdentifiers.DN.dateOfBirth.equals(attrType)) {
                aSN1GeneralizedTime = ASN1GeneralizedTime.getInstance(aSN1Encodable);
            } else if (ObjectIdentifiers.DN.placeOfBirth.equals(attrType)) {
                str = DirectoryString.getInstance(aSN1Encodable).getString();
            } else if (ObjectIdentifiers.DN.gender.equals(attrType)) {
                str2 = DERPrintableString.getInstance(aSN1Encodable).getString();
            } else if (ObjectIdentifiers.DN.countryOfCitizenship.equals(attrType)) {
                hashSet.add(DERPrintableString.getInstance(aSN1Encodable).getString());
            } else if (ObjectIdentifiers.DN.countryOfResidence.equals(attrType)) {
                hashSet2.add(DERPrintableString.getInstance(aSN1Encodable).getString());
            } else {
                Set set = (Set) hashMap.get(attrType);
                if (set == null) {
                    set = new HashSet();
                    hashMap.put(attrType, set);
                }
                set.add(aSN1Encodable);
            }
        }
        Vector attributes2 = SubjectDirectoryAttributes.getInstance(bArr).getAttributes();
        ASN1GeneralizedTime aSN1GeneralizedTime2 = null;
        String str3 = null;
        String str4 = null;
        HashSet hashSet3 = new HashSet();
        HashSet hashSet4 = new HashSet();
        HashMap hashMap2 = new HashMap();
        LinkedList linkedList = new LinkedList(subjectDirAttrsControl.getTypes());
        int size2 = attributes2.size();
        for (int i2 = 0; i2 < size2; i2++) {
            Attribute attribute2 = Attribute.getInstance(attributes2.get(i2));
            ASN1ObjectIdentifier attrType2 = attribute2.getAttrType();
            if (linkedList.contains(attrType2)) {
                ASN1Encodable[] attributeValues = attribute2.getAttributeValues();
                if (attributeValues.length != 1) {
                    sb.append("attribute of type ").append(attrType2.getId()).append(" does not single-value value: ").append(attributeValues.length).append("; ");
                } else {
                    ASN1Encodable aSN1Encodable2 = attributeValues[0];
                    if (ObjectIdentifiers.DN.dateOfBirth.equals(attrType2)) {
                        aSN1GeneralizedTime2 = ASN1GeneralizedTime.getInstance(aSN1Encodable2);
                    } else if (ObjectIdentifiers.DN.placeOfBirth.equals(attrType2)) {
                        str3 = DirectoryString.getInstance(aSN1Encodable2).getString();
                    } else if (ObjectIdentifiers.DN.gender.equals(attrType2)) {
                        str4 = DERPrintableString.getInstance(aSN1Encodable2).getString();
                    } else if (ObjectIdentifiers.DN.countryOfCitizenship.equals(attrType2)) {
                        hashSet3.add(DERPrintableString.getInstance(aSN1Encodable2).getString());
                    } else if (ObjectIdentifiers.DN.countryOfResidence.equals(attrType2)) {
                        hashSet4.add(DERPrintableString.getInstance(aSN1Encodable2).getString());
                    } else {
                        Set set2 = (Set) hashMap2.get(attrType2);
                        if (set2 == null) {
                            set2 = new HashSet();
                            hashMap2.put(attrType2, set2);
                        }
                        set2.add(aSN1Encodable2);
                    }
                }
            } else {
                sb.append("attribute of type " + attrType2.getId()).append(" is present but not expected; ");
            }
        }
        if (aSN1GeneralizedTime2 != null) {
            linkedList.remove(ObjectIdentifiers.DN.dateOfBirth);
        }
        if (str3 != null) {
            linkedList.remove(ObjectIdentifiers.DN.placeOfBirth);
        }
        if (str4 != null) {
            linkedList.remove(ObjectIdentifiers.DN.gender);
        }
        if (!hashSet3.isEmpty()) {
            linkedList.remove(ObjectIdentifiers.DN.countryOfCitizenship);
        }
        if (!hashSet4.isEmpty()) {
            linkedList.remove(ObjectIdentifiers.DN.countryOfResidence);
        }
        linkedList.removeAll(hashMap2.keySet());
        if (!linkedList.isEmpty()) {
            LinkedList linkedList2 = new LinkedList();
            Iterator it = linkedList.iterator();
            while (it.hasNext()) {
                linkedList2.add(((ASN1ObjectIdentifier) it.next()).getId());
            }
            sb.append("required attributes of types ").append(linkedList2).append(" are not present; ");
        }
        if (aSN1GeneralizedTime2 != null) {
            String timeString = aSN1GeneralizedTime2.getTimeString();
            if (!TextVadidator.DATE_OF_BIRTH.isValid(timeString)) {
                sb.append("invalid dateOfBirth: " + timeString + "; ");
            }
            String timeString2 = aSN1GeneralizedTime == null ? null : aSN1GeneralizedTime.getTimeString();
            if (!timeString.equalsIgnoreCase(timeString2)) {
                CheckerUtil.addViolation(sb, "dateOfBirth", timeString, timeString2);
            }
        }
        if (str4 != null) {
            if (!str4.equalsIgnoreCase("F") && !str4.equalsIgnoreCase("M")) {
                sb.append("invalid gender: ").append(str4).append("; ");
            }
            if (!str4.equalsIgnoreCase(str2)) {
                CheckerUtil.addViolation(sb, "gender", str4, str2);
            }
        }
        if (str3 != null && !str3.equals(str)) {
            CheckerUtil.addViolation(sb, "placeOfBirth", str3, str);
        }
        if (!hashSet3.isEmpty()) {
            Set<String> strInBnotInA = CheckerUtil.strInBnotInA(hashSet, hashSet3);
            if (CollectionUtil.isNotEmpty(strInBnotInA)) {
                sb.append("countryOfCitizenship ").append(strInBnotInA).append(" are present but not expected; ");
            }
            Set<String> strInBnotInA2 = CheckerUtil.strInBnotInA(hashSet3, hashSet);
            if (CollectionUtil.isNotEmpty(strInBnotInA2)) {
                sb.append("countryOfCitizenship ").append(strInBnotInA2).append(" are absent but are required; ");
            }
        }
        if (!hashSet4.isEmpty()) {
            Set<String> strInBnotInA3 = CheckerUtil.strInBnotInA(hashSet2, hashSet4);
            if (CollectionUtil.isNotEmpty(strInBnotInA3)) {
                sb.append("countryOfResidence ").append(strInBnotInA3).append(" are present but not expected; ");
            }
            Set<String> strInBnotInA4 = CheckerUtil.strInBnotInA(hashSet4, hashSet2);
            if (CollectionUtil.isNotEmpty(strInBnotInA4)) {
                sb.append("countryOfResidence ").append(strInBnotInA4).append(" are absent but are required; ");
            }
        }
        if (hashMap2.isEmpty()) {
            return;
        }
        for (ASN1ObjectIdentifier aSN1ObjectIdentifier : hashMap2.keySet()) {
            Set set3 = (Set) hashMap.get(aSN1ObjectIdentifier);
            if (set3 == null) {
                sb.append("attribute of type ").append(aSN1ObjectIdentifier.getId()).append(" is present but not requested; ");
            } else if (!((Set) hashMap2.get(aSN1ObjectIdentifier)).equals(set3)) {
                sb.append("attribute of type ").append(aSN1ObjectIdentifier.getId()).append(" differs from the requested one; ");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkExtnSubjectInfoAccess(StringBuilder sb, byte[] bArr, Extensions extensions, Certprofile.ExtensionControl extensionControl) {
        Map subjectInfoAccessModes = getCertprofile().getSubjectInfoAccessModes();
        if (subjectInfoAccessModes == null) {
            sb.append("extension is present but not expected; ");
            return;
        }
        ASN1Encodable extensionParsedValue = extensions != null ? extensions.getExtensionParsedValue(Extension.subjectInfoAccess) : null;
        if (extensionParsedValue == null) {
            sb.append("extension is present but not expected; ");
            return;
        }
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(extensionParsedValue);
        ASN1Sequence aSN1Sequence2 = ASN1Sequence.getInstance(bArr);
        int size = aSN1Sequence.size();
        if (aSN1Sequence2.size() != size) {
            CheckerUtil.addViolation(sb, "size of GeneralNames", Integer.valueOf(aSN1Sequence2.size()), Integer.valueOf(size));
            return;
        }
        for (int i = 0; i < size; i++) {
            AccessDescription accessDescription = AccessDescription.getInstance(aSN1Sequence.getObjectAt(i));
            ASN1ObjectIdentifier accessMethod = accessDescription.getAccessMethod();
            Set set = (Set) subjectInfoAccessModes.get(accessMethod);
            if (set == null) {
                sb.append("accessMethod in requestedExtension ").append(accessMethod.getId()).append(" is not allowed; ");
            } else {
                AccessDescription accessDescription2 = AccessDescription.getInstance(aSN1Sequence2.getObjectAt(i));
                ASN1ObjectIdentifier accessMethod2 = accessDescription2.getAccessMethod();
                if (accessMethod == null ? accessMethod2 == null : accessMethod.equals(accessMethod2)) {
                    try {
                        if (!accessDescription2.getAccessLocation().equals(CheckerUtil.createGeneralName(accessDescription.getAccessLocation(), set))) {
                            sb.append("accessLocation does not match the requested one; ");
                        }
                    } catch (BadCertTemplateException e) {
                        sb.append("invalid requestedExtension: ").append(e.getMessage()).append("; ");
                    }
                } else {
                    CheckerUtil.addViolation(sb, "accessMethod", accessMethod2 == null ? "null" : accessMethod2.getId(), accessMethod == null ? "null" : accessMethod.getId());
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkExtnSubjectKeyIdentifier(StringBuilder sb, byte[] bArr, SubjectPublicKeyInfo subjectPublicKeyInfo) {
        byte[] keyIdentifier = SubjectKeyIdentifier.getInstance(bArr).getKeyIdentifier();
        try {
            byte[] keyIdentifier2 = getCertprofile().getSubjectKeyIdentifier(subjectPublicKeyInfo).getKeyIdentifier();
            if (Arrays.equals(keyIdentifier2, keyIdentifier)) {
                return;
            }
            CheckerUtil.addViolation(sb, "SKI", CheckerUtil.hex(keyIdentifier), CheckerUtil.hex(keyIdentifier2));
        } catch (CertprofileException e) {
            sb.append("error computing expected SubjectKeyIdentifier");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkExtnTlsFeature(StringBuilder sb, byte[] bArr, Extensions extensions, Certprofile.ExtensionControl extensionControl) {
        TlsFeature tlsFeature = this.caller.getTlsFeature();
        if (tlsFeature == null) {
            this.caller.checkConstantExtnValue(ObjectIdentifiers.Extn.id_pe_tlsfeature, sb, bArr, extensions, extensionControl);
            return;
        }
        HashSet hashSet = new HashSet();
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(bArr);
        int size = aSN1Sequence.size();
        for (int i = 0; i < size; i++) {
            hashSet.add(ASN1Integer.getInstance(aSN1Sequence.getObjectAt(i)).getPositiveValue().toString());
        }
        HashSet hashSet2 = new HashSet();
        Iterator it = tlsFeature.getFeatures().iterator();
        while (it.hasNext()) {
            hashSet2.add(Integer.toString(((Describable.DescribableInt) it.next()).getValue()));
        }
        Set<String> strInBnotInA = CheckerUtil.strInBnotInA(hashSet2, hashSet);
        if (CollectionUtil.isNotEmpty(strInBnotInA)) {
            sb.append("features ").append(strInBnotInA).append(" are present but not expected; ");
        }
        Set<String> strInBnotInA2 = CheckerUtil.strInBnotInA(hashSet, hashSet2);
        if (CollectionUtil.isNotEmpty(strInBnotInA2)) {
            sb.append("features ").append(strInBnotInA2).append(" are absent but are required; ");
        }
    }
}
