package org.xipki.qa.ca.extn;

import java.io.IOException;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.PolicyQualifierId;
import org.bouncycastle.asn1.x509.PolicyQualifierInfo;
import org.bouncycastle.asn1.x509.UserNotice;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.asn1.x509.qualified.BiometricData;
import org.bouncycastle.asn1.x509.qualified.TypeOfBiometricData;
import org.xipki.ca.api.BadCertTemplateException;
import org.xipki.ca.api.profile.Certprofile;
import org.xipki.ca.certprofile.xijson.AdmissionExtension;
import org.xipki.ca.certprofile.xijson.BiometricInfoOption;
import org.xipki.ca.certprofile.xijson.XijsonCertprofile;
import org.xipki.ca.certprofile.xijson.conf.AdditionalInformation;
import org.xipki.ca.certprofile.xijson.conf.CertificatePolicies;
import org.xipki.qa.ca.IssuerInfo;
import org.xipki.security.HashAlgo;
import org.xipki.security.ObjectIdentifiers;
import org.xipki.security.util.X509Util;
import org.xipki.util.CollectionUtil;
import org.xipki.util.CompareUtil;
import org.xipki.util.ConfPairs;
import org.xipki.util.Hex;
import org.xipki.util.LogUtil;
import org.xipki.util.StringUtil;
import org.xipki.util.TripleState;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/xipki/qa/ca/extn/A2gChecker.class */
public class A2gChecker extends ExtensionChecker {
    private static final byte[] DER_NULL = {5, 0};

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.xipki.qa.ca.extn.A2gChecker$1, reason: invalid class name */
    /* loaded from: input_file:org/xipki/qa/ca/extn/A2gChecker$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$xipki$ca$certprofile$xijson$conf$CertificatePolicies$PolicyQualfierType = new int[CertificatePolicies.PolicyQualfierType.values().length];

        static {
            try {
                $SwitchMap$org$xipki$ca$certprofile$xijson$conf$CertificatePolicies$PolicyQualfierType[CertificatePolicies.PolicyQualfierType.cpsUri.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$xipki$ca$certprofile$xijson$conf$CertificatePolicies$PolicyQualfierType[CertificatePolicies.PolicyQualfierType.userNotice.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public A2gChecker(ExtensionsChecker extensionsChecker) {
        super(extensionsChecker);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkExtnAdditionalInformation(StringBuilder sb, byte[] bArr, Extensions extensions, Certprofile.ExtensionControl extensionControl) {
        AdditionalInformation additionalInformation = this.caller.getAdditionalInformation();
        this.caller.checkDirectoryString(ObjectIdentifiers.Extn.id_extension_additionalInformation, additionalInformation.getType(), additionalInformation.getText(), sb, bArr, extensions, extensionControl);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkExtnAdmission(StringBuilder sb, byte[] bArr, Extensions extensions, X500Name x500Name, Certprofile.ExtensionControl extensionControl) {
        AdmissionExtension.AdmissionSyntaxOption admission = getCertprofile().extensions().getAdmission();
        ASN1ObjectIdentifier aSN1ObjectIdentifier = ObjectIdentifiers.Extn.id_extension_admission;
        if (admission == null) {
            this.caller.checkConstantExtnValue(aSN1ObjectIdentifier, sb, bArr, extensions, extensionControl);
            return;
        }
        LinkedList linkedList = null;
        if (x500Name != null && admission.isInputFromRequestRequired()) {
            RDN[] rDNs = x500Name.getRDNs(aSN1ObjectIdentifier);
            if (rDNs != null && rDNs.length == 0) {
                sb.append("no subject RDN Admission is contained in the request;");
                return;
            }
            linkedList = new LinkedList();
            for (RDN rdn : rDNs) {
                ConfPairs confPairs = new ConfPairs(X509Util.rdnValueToString(rdn.getFirst().getValue()));
                for (String str : confPairs.names()) {
                    if ("registrationNumber".equalsIgnoreCase(str)) {
                        linkedList.add(StringUtil.split(confPairs.value(str), " ,;:"));
                    }
                }
            }
        }
        try {
            byte[] encoded = admission.getExtensionValue(linkedList).getValue().toASN1Primitive().getEncoded();
            if (!Arrays.equals(encoded, bArr)) {
                CheckerUtil.addViolation(sb, "extension valus", CheckerUtil.hex(bArr), CheckerUtil.hex(encoded));
            }
        } catch (BadCertTemplateException e) {
            LogUtil.error(this.log, e);
            sb.append("BadCertTemplateException while computing the expected extension value;");
        } catch (IOException e2) {
            LogUtil.error(this.log, e2);
            sb.append("IOException while computing the expected extension value;");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkExtnAuthorityInfoAccess(StringBuilder sb, byte[] bArr, IssuerInfo issuerInfo) {
        Certprofile.AuthorityInfoAccessControl aiaControl = getCertprofile().getAiaControl();
        Set<String> caIssuerUrls = (aiaControl == null || aiaControl.isIncludesCaIssuers()) ? issuerInfo.getCaIssuerUrls() : Collections.emptySet();
        Set<String> ocspUrls = (aiaControl == null || aiaControl.isIncludesOcsp()) ? issuerInfo.getOcspUrls() : Collections.emptySet();
        if (CollectionUtil.isEmpty(caIssuerUrls) && CollectionUtil.isEmpty(ocspUrls)) {
            sb.append("AIA is present but expected is 'none'; ");
            return;
        }
        AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(bArr);
        CheckerUtil.checkAia(sb, authorityInformationAccess, X509ObjectIdentifiers.id_ad_caIssuers, caIssuerUrls);
        CheckerUtil.checkAia(sb, authorityInformationAccess, X509ObjectIdentifiers.id_ad_ocsp, ocspUrls);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkExtnAuthorityKeyId(StringBuilder sb, byte[] bArr, IssuerInfo issuerInfo) {
        AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(bArr);
        byte[] keyIdentifier = authorityKeyIdentifier.getKeyIdentifier();
        BigInteger authorityCertSerialNumber = authorityKeyIdentifier.getAuthorityCertSerialNumber();
        GeneralNames authorityCertIssuer = authorityKeyIdentifier.getAuthorityCertIssuer();
        if (!getCertprofile().useIssuerAndSerialInAki()) {
            if (keyIdentifier == null) {
                sb.append("keyIdentifier is 'absent', but expected 'present'; ");
            } else if (!Arrays.equals(issuerInfo.getSubjectKeyIdentifier(), keyIdentifier)) {
                CheckerUtil.addViolation(sb, "keyIdentifier", CheckerUtil.hex(keyIdentifier), CheckerUtil.hex(issuerInfo.getSubjectKeyIdentifier()));
            }
            if (authorityCertIssuer != null) {
                sb.append("authorityCertIssuer is 'present', but expected 'absent'; ");
            }
            if (authorityCertSerialNumber != null) {
                sb.append("authorityCertSerialNumber is 'present', but expected 'absent'; ");
                return;
            }
            return;
        }
        if (authorityCertIssuer == null) {
            sb.append("authorityCertIssuer is 'absent', but expected 'present'; ");
        } else {
            GeneralName[] names = authorityCertIssuer.getNames();
            X500Name x500Name = null;
            int length = names.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                GeneralName generalName = names[i];
                if (generalName.getTagNo() == 4) {
                    if (x500Name != null) {
                        sb.append("authorityCertIssuer contains at least two directoryName but expected one; ");
                        break;
                    }
                    x500Name = generalName.getName();
                }
                i++;
            }
            if (x500Name == null) {
                sb.append("authorityCertIssuer does not contain directoryName but expected one; ");
            } else {
                X500Name issuer = issuerInfo.getCert().getIssuer();
                if (!issuer.equals(x500Name)) {
                    CheckerUtil.addViolation(sb, "authorityCertIssuer", x500Name, issuer);
                }
            }
        }
        if (authorityCertSerialNumber == null) {
            sb.append("authorityCertSerialNumber is 'absent', but expected 'present'; ");
        } else {
            BigInteger serialNumber = issuerInfo.getCert().getSerialNumber();
            if (!serialNumber.equals(authorityCertSerialNumber)) {
                CheckerUtil.addViolation(sb, "authorityCertSerialNumber", authorityCertSerialNumber, serialNumber);
            }
        }
        if (keyIdentifier != null) {
            sb.append("keyIdentifier is 'present', but expected 'absent'; ");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkExtnBasicConstraints(StringBuilder sb, byte[] bArr) {
        XijsonCertprofile certprofile = getCertprofile();
        BasicConstraints basicConstraints = BasicConstraints.getInstance(bArr);
        Certprofile.CertLevel certLevel = certprofile.getCertLevel();
        boolean z = Certprofile.CertLevel.RootCA == certLevel || Certprofile.CertLevel.SubCA == certLevel;
        if (z != basicConstraints.isCA()) {
            CheckerUtil.addViolation(sb, "ca", Boolean.valueOf(basicConstraints.isCA()), Boolean.valueOf(z));
        }
        if (basicConstraints.isCA()) {
            BigInteger pathLenConstraint = basicConstraints.getPathLenConstraint();
            Integer pathLen = certprofile.extensions().getPathLen();
            if (pathLen == null) {
                if (pathLenConstraint != null) {
                    CheckerUtil.addViolation(sb, "pathLen", pathLenConstraint, "absent");
                }
            } else if (pathLenConstraint == null) {
                CheckerUtil.addViolation(sb, "pathLen", "null", pathLen);
            } else {
                if (BigInteger.valueOf(pathLen.intValue()).equals(pathLenConstraint)) {
                    return;
                }
                CheckerUtil.addViolation(sb, "pathLen", pathLenConstraint, pathLen);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkExtnBiometricInfo(StringBuilder sb, byte[] bArr, Extensions extensions) {
        HashAlgo hashAlgo;
        BiometricInfoOption biometricInfo = getCertprofile().extensions().getBiometricInfo();
        if (biometricInfo == null) {
            sb.append("extension is present but not expected; ");
            return;
        }
        ASN1Encodable extensionParsedValue = extensions != null ? extensions.getExtensionParsedValue(Extension.biometricInfo) : null;
        if (extensionParsedValue == null) {
            sb.append("extension is present but not expected; ");
            return;
        }
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(extensionParsedValue);
        int size = aSN1Sequence.size();
        ASN1Sequence aSN1Sequence2 = ASN1Sequence.getInstance(bArr);
        int size2 = aSN1Sequence2.size();
        if (size2 != size) {
            CheckerUtil.addViolation(sb, "number of biometricData", Integer.valueOf(size2), Integer.valueOf(size));
            return;
        }
        for (int i = 0; i < size; i++) {
            BiometricData biometricData = BiometricData.getInstance(aSN1Sequence2.getObjectAt(i));
            BiometricData biometricData2 = BiometricData.getInstance(aSN1Sequence.getObjectAt(i));
            TypeOfBiometricData typeOfBiometricData = biometricData.getTypeOfBiometricData();
            TypeOfBiometricData typeOfBiometricData2 = biometricData2.getTypeOfBiometricData();
            if (!typeOfBiometricData.equals(typeOfBiometricData2)) {
                CheckerUtil.addViolation(sb, "biometricData[" + i + "].typeOfBiometricData", typeOfBiometricData.isPredefined() ? Integer.toString(typeOfBiometricData.getPredefinedBiometricType()) : typeOfBiometricData.getBiometricDataOid().getId(), typeOfBiometricData2.isPredefined() ? Integer.toString(typeOfBiometricData2.getPredefinedBiometricType()) : typeOfBiometricData2.getBiometricDataOid().getId());
            }
            try {
                hashAlgo = HashAlgo.getInstance(biometricData2.getHashAlgorithm());
            } catch (NoSuchAlgorithmException e) {
                hashAlgo = null;
                sb.append("biometricData[").append(i).append("].biometricDataHash of the request has incorrect syntax; ");
            }
            if (hashAlgo != null && !hashAlgo.getAlgorithmIdentifier().equals(biometricData.getHashAlgorithm())) {
                try {
                    CheckerUtil.addViolation(sb, "biometricData[" + i + "].hashAlgorithm", Hex.encode(biometricData.getHashAlgorithm().getEncoded()), Hex.encode(hashAlgo.getAlgorithmIdentifier().getEncoded()));
                } catch (Exception e2) {
                    sb.append("biometricData[").append(i).append("].biometricDataHash: could not encode; ");
                }
            }
            byte[] octets = biometricData.getBiometricDataHash().getOctets();
            byte[] octets2 = biometricData2.getBiometricDataHash().getOctets();
            if (!Arrays.equals(octets, octets2)) {
                CheckerUtil.addViolation(sb, "biometricData[" + i + "].biometricDataHash", CheckerUtil.hex(octets), CheckerUtil.hex(octets2));
            }
            DERIA5String sourceDataUri = biometricData.getSourceDataUri();
            String string = sourceDataUri == null ? null : sourceDataUri.getString();
            String str = null;
            if (biometricInfo.getSourceDataUriOccurrence() != TripleState.forbidden) {
                DERIA5String sourceDataUri2 = biometricData2.getSourceDataUri();
                str = sourceDataUri2 == null ? null : sourceDataUri2.getString();
            }
            if (str == null) {
                if (string != null) {
                    CheckerUtil.addViolation(sb, "biometricData[" + i + "].sourceDataUri", "present", "absent");
                }
            } else if (string == null) {
                sb.append("biometricData[").append(i).append("].sourceDataUri is 'absent'");
                sb.append(" but expected 'present'; ");
            } else if (!string.equals(str)) {
                CheckerUtil.addViolation(sb, "biometricData[" + i + "].sourceDataUri", string, str);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkExtnCertificatePolicies(StringBuilder sb, byte[] bArr, Extensions extensions, Certprofile.ExtensionControl extensionControl) {
        if (this.caller.getCertificatePolicies() == null) {
            this.caller.checkConstantExtnValue(Extension.certificatePolicies, sb, bArr, extensions, extensionControl);
            return;
        }
        HashMap hashMap = new HashMap();
        for (CertificatePolicies.CertificatePolicyInformationType certificatePolicyInformationType : this.caller.getCertificatePolicies().getCertificatePolicyInformations()) {
            hashMap.put(certificatePolicyInformationType.getPolicyIdentifier().getOid(), certificatePolicyInformationType);
        }
        HashSet hashSet = new HashSet(hashMap.keySet());
        for (PolicyInformation policyInformation : org.bouncycastle.asn1.x509.CertificatePolicies.getInstance(bArr).getPolicyInformation()) {
            ASN1ObjectIdentifier policyIdentifier = policyInformation.getPolicyIdentifier();
            hashSet.remove(policyIdentifier.getId());
            CertificatePolicies.CertificatePolicyInformationType certificatePolicyInformationType2 = (CertificatePolicies.CertificatePolicyInformationType) hashMap.get(policyIdentifier.getId());
            if (certificatePolicyInformationType2 == null) {
                sb.append("certificate policy '").append(policyIdentifier).append("' is not expected; ");
            } else {
                List<CertificatePolicies.PolicyQualifier> policyQualifiers = certificatePolicyInformationType2.getPolicyQualifiers();
                if (CollectionUtil.isEmpty(policyQualifiers)) {
                    continue;
                } else {
                    ASN1Sequence policyQualifiers2 = policyInformation.getPolicyQualifiers();
                    LinkedList linkedList = new LinkedList();
                    LinkedList linkedList2 = new LinkedList();
                    int size = policyQualifiers2.size();
                    for (int i = 0; i < size; i++) {
                        PolicyQualifierInfo policyQualifierInfo = PolicyQualifierInfo.getInstance(policyQualifiers2.getObjectAt(i));
                        ASN1ObjectIdentifier policyQualifierId = policyQualifierInfo.getPolicyQualifierId();
                        ASN1Encodable qualifier = policyQualifierInfo.getQualifier();
                        if (PolicyQualifierId.id_qt_cps.equals(policyQualifierId)) {
                            linkedList.add(DERIA5String.getInstance(qualifier).getString());
                        } else if (PolicyQualifierId.id_qt_unotice.equals(policyQualifierId)) {
                            UserNotice userNotice = UserNotice.getInstance(qualifier);
                            if (userNotice.getExplicitText() != null) {
                                linkedList2.add(userNotice.getExplicitText().getString());
                            }
                        }
                    }
                    for (CertificatePolicies.PolicyQualifier policyQualifier : policyQualifiers) {
                        String value = policyQualifier.getValue();
                        switch (AnonymousClass1.$SwitchMap$org$xipki$ca$certprofile$xijson$conf$CertificatePolicies$PolicyQualfierType[policyQualifier.getType().ordinal()]) {
                            case 1:
                                if (linkedList.contains(value)) {
                                    break;
                                } else {
                                    sb.append("CPSUri '").append(value).append("' is absent but is required; ");
                                    break;
                                }
                            case 2:
                                if (linkedList2.contains(value)) {
                                    break;
                                } else {
                                    sb.append("userNotice '").append(value).append("' is absent but is required; ");
                                    break;
                                }
                            default:
                                throw new IllegalStateException("should not reach here");
                        }
                    }
                }
            }
        }
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            sb.append("certificate policy '").append((String) it.next()).append("' is absent but is required; ");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkExtnDeltaCrlDistributionPoints(StringBuilder sb, byte[] bArr, IssuerInfo issuerInfo) {
        checkExtnCrlDistributionPoints(true, sb, bArr, issuerInfo);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkExtnCrlDistributionPoints(StringBuilder sb, byte[] bArr, IssuerInfo issuerInfo) {
        checkExtnCrlDistributionPoints(false, sb, bArr, issuerInfo);
    }

    private void checkExtnCrlDistributionPoints(boolean z, StringBuilder sb, byte[] bArr, IssuerInfo issuerInfo) {
        DistributionPoint[] distributionPoints = CRLDistPoint.getInstance(bArr).getDistributionPoints();
        String str = z ? "deltaCRL" : "CRL";
        if (distributionPoints == null) {
            CheckerUtil.addViolation(sb, "size of DistributionPoints of " + str, 0, 1);
            return;
        }
        int length = distributionPoints.length;
        if (length != 1) {
            CheckerUtil.addViolation(sb, "size of DistributionPoints of " + str, Integer.valueOf(length), 1);
            return;
        }
        HashSet hashSet = new HashSet();
        for (DistributionPoint distributionPoint : distributionPoints) {
            int type = distributionPoint.getDistributionPoint().getType();
            if (type != 0) {
                CheckerUtil.addViolation(sb, "tag of DistributionPointName of CRLDistibutionPoints of " + str, Integer.valueOf(type), 0);
            } else {
                for (GeneralName generalName : GeneralNames.getInstance(distributionPoint.getDistributionPoint().getName()).getNames()) {
                    if (generalName.getTagNo() != 6) {
                        CheckerUtil.addViolation(sb, "tag of URL of " + str, Integer.valueOf(generalName.getTagNo()), 6);
                    } else {
                        hashSet.add(generalName.getName().getString());
                    }
                }
                Set<String> deltaCrlUrls = z ? issuerInfo.getDeltaCrlUrls() : issuerInfo.getCrlUrls();
                Set<String> strInBnotInA = CheckerUtil.strInBnotInA(deltaCrlUrls, hashSet);
                if (CollectionUtil.isNotEmpty(strInBnotInA)) {
                    sb.append("URLs of ").append(str).append(" ").append(strInBnotInA).append(" are present but not expected; ");
                }
                Set<String> strInBnotInA2 = CheckerUtil.strInBnotInA(hashSet, deltaCrlUrls);
                if (CollectionUtil.isNotEmpty(strInBnotInA2)) {
                    sb.append("URLs of ").append(str).append(" ").append(strInBnotInA2).append(" are absent but are required; ");
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public void checkExtnExtendedKeyUsage(StringBuilder sb, byte[] bArr, Extensions extensions, Certprofile.ExtensionControl extensionControl) {
        byte[] constantExtensionValue;
        Extension extension;
        HashSet hashSet = new HashSet();
        KeyPurposeId[] usages = ExtendedKeyUsage.getInstance(bArr).getUsages();
        if (usages != null) {
            for (KeyPurposeId keyPurposeId : usages) {
                hashSet.add(keyPurposeId.getId());
            }
        }
        Set hashSet2 = new HashSet();
        Set<Certprofile.ExtKeyUsageControl> extKeyusage = this.caller.getExtKeyusage(true);
        if (extKeyusage != null) {
            Iterator<Certprofile.ExtKeyUsageControl> it = extKeyusage.iterator();
            while (it.hasNext()) {
                hashSet2.add(it.next().getExtKeyUsage().getId());
            }
        }
        Set<Certprofile.ExtKeyUsageControl> extKeyusage2 = this.caller.getExtKeyusage(false);
        if (extensions != null && extensionControl.isRequest() && CollectionUtil.isNotEmpty(extKeyusage2) && (extension = extensions.getExtension(Extension.extendedKeyUsage)) != null) {
            ExtendedKeyUsage extendedKeyUsage = ExtendedKeyUsage.getInstance(extension.getParsedValue());
            for (Certprofile.ExtKeyUsageControl extKeyUsageControl : extKeyusage2) {
                if (extendedKeyUsage.hasKeyPurposeId(KeyPurposeId.getInstance(extKeyUsageControl.getExtKeyUsage()))) {
                    hashSet2.add(extKeyUsageControl.getExtKeyUsage().getId());
                }
            }
        }
        if (CollectionUtil.isEmpty(hashSet2) && (constantExtensionValue = this.caller.getConstantExtensionValue(Extension.extendedKeyUsage)) != null) {
            hashSet2 = CheckerUtil.getExtKeyUsage(constantExtensionValue);
        }
        Set<String> strInBnotInA = CheckerUtil.strInBnotInA(hashSet2, hashSet);
        if (CollectionUtil.isNotEmpty(strInBnotInA)) {
            sb.append("usages ").append(strInBnotInA).append(" are present but not expected; ");
        }
        Set<String> strInBnotInA2 = CheckerUtil.strInBnotInA(hashSet, hashSet2);
        if (CollectionUtil.isNotEmpty(strInBnotInA2)) {
            sb.append("usages ").append(strInBnotInA2).append(" are absent but are required; ");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkExtnGmt0015(StringBuilder sb, byte[] bArr, Extensions extensions, Certprofile.ExtensionControl extensionControl, ASN1ObjectIdentifier aSN1ObjectIdentifier, X500Name x500Name) throws IOException {
        if (ObjectIdentifiers.Extn.id_GMT_0015_ICRegistrationNumber.equals(aSN1ObjectIdentifier) || ObjectIdentifiers.Extn.id_GMT_0015_InsuranceNumber.equals(aSN1ObjectIdentifier) || ObjectIdentifiers.Extn.id_GMT_0015_OrganizationCode.equals(aSN1ObjectIdentifier) || ObjectIdentifiers.Extn.id_GMT_0015_TaxationNumber.equals(aSN1ObjectIdentifier)) {
            String str = null;
            Extension extension = extensions == null ? null : extensions.getExtension(aSN1ObjectIdentifier);
            if (extension != null) {
                str = extension.getParsedValue().getString();
            } else {
                RDN[] rDNs = x500Name.getRDNs(aSN1ObjectIdentifier);
                if (rDNs != null && rDNs.length > 0) {
                    str = X509Util.rdnValueToString(rDNs[0].getFirst().getValue());
                }
            }
            String str2 = null;
            try {
                str2 = DERPrintableString.getInstance(bArr).getString();
            } catch (Exception e) {
                sb.append("exension value is not of type PrintableString; ");
            }
            if (str2 == null || CompareUtil.equalsObject(str, str2)) {
                return;
            }
            CheckerUtil.addViolation(sb, "extension value", str2, str);
            return;
        }
        if (!ObjectIdentifiers.Extn.id_GMT_0015_IdentityCode.equals(aSN1ObjectIdentifier)) {
            throw new IllegalArgumentException("unknown extension type " + aSN1ObjectIdentifier.getId());
        }
        int i = -1;
        String str3 = null;
        Extension extension2 = extensions == null ? null : extensions.getExtension(aSN1ObjectIdentifier);
        if (extension2 != null) {
            ASN1TaggedObject parsedValue = extension2.getParsedValue();
            if (parsedValue instanceof ASN1TaggedObject) {
                ASN1TaggedObject aSN1TaggedObject = parsedValue;
                i = aSN1TaggedObject.getTagNo();
                if (aSN1TaggedObject.isExplicit()) {
                    str3 = aSN1TaggedObject.getObject().getString();
                } else if (i == 0 || i == 2) {
                    str3 = DERPrintableString.getInstance(aSN1TaggedObject, false).getString();
                } else if (i == 1) {
                    str3 = DERUTF8String.getInstance(aSN1TaggedObject, false).getString();
                }
            }
        } else {
            String str4 = null;
            RDN[] rDNs2 = x500Name.getRDNs(aSN1ObjectIdentifier);
            if (rDNs2 != null && rDNs2.length > 0) {
                str4 = X509Util.rdnValueToString(rDNs2[0].getFirst().getValue());
            }
            if (str4.length() > 3 && str4.charAt(0) == '[' && str4.charAt(2) == ']') {
                i = Integer.parseInt(str4.substring(1, 2));
                str3 = str4.substring(3);
            }
        }
        byte[] bArr2 = null;
        if (StringUtil.isNotBlank(str3)) {
            if (i == 0 || i == 2) {
                bArr2 = new DERTaggedObject(true, i, new DERPrintableString(str3)).getEncoded();
            } else if (i == 1) {
                bArr2 = new DERTaggedObject(true, i, new DERUTF8String(str3)).getEncoded();
            }
        }
        if (Arrays.equals(bArr2, bArr)) {
            return;
        }
        CheckerUtil.addViolation(sb, "extension value", CheckerUtil.hex(bArr), bArr2 == null ? "not present" : CheckerUtil.hex(bArr2));
    }
}
