package eu.europa.esig.dss.spi;

import eu.europa.esig.dss.enumerations.CertificateExtensionEnum;
import eu.europa.esig.dss.enumerations.GeneralNameType;
import eu.europa.esig.dss.enumerations.KeyUsageBit;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.model.x509.X500PrincipalHelper;
import eu.europa.esig.dss.model.x509.extension.AuthorityInformationAccess;
import eu.europa.esig.dss.model.x509.extension.AuthorityKeyIdentifier;
import eu.europa.esig.dss.model.x509.extension.BasicConstraints;
import eu.europa.esig.dss.model.x509.extension.CRLDistributionPoints;
import eu.europa.esig.dss.model.x509.extension.CertificateExtension;
import eu.europa.esig.dss.model.x509.extension.CertificateExtensions;
import eu.europa.esig.dss.model.x509.extension.CertificatePolicies;
import eu.europa.esig.dss.model.x509.extension.CertificatePolicy;
import eu.europa.esig.dss.model.x509.extension.ExtendedKeyUsages;
import eu.europa.esig.dss.model.x509.extension.GeneralName;
import eu.europa.esig.dss.model.x509.extension.GeneralSubtree;
import eu.europa.esig.dss.model.x509.extension.InhibitAnyPolicy;
import eu.europa.esig.dss.model.x509.extension.KeyUsage;
import eu.europa.esig.dss.model.x509.extension.NameConstraints;
import eu.europa.esig.dss.model.x509.extension.OCSPNoCheck;
import eu.europa.esig.dss.model.x509.extension.PolicyConstraints;
import eu.europa.esig.dss.model.x509.extension.QcStatements;
import eu.europa.esig.dss.model.x509.extension.SubjectAlternativeNames;
import eu.europa.esig.dss.model.x509.extension.SubjectKeyIdentifier;
import eu.europa.esig.dss.model.x509.extension.ValidityAssuredShortTerm;
import eu.europa.esig.dss.utils.Utils;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateParsingException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.IssuerSerial;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.PolicyQualifierId;
import org.bouncycastle.asn1.x509.PolicyQualifierInfo;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/dss-spi-6.1.jar:eu/europa/esig/dss/spi/CertificateExtensionsUtils.class */
public class CertificateExtensionsUtils {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CertificateExtensionsUtils.class);

    private CertificateExtensionsUtils() {
    }

    public static CertificateExtensions getCertificateExtensions(CertificateToken certificateToken) {
        CertificateExtensions certificateExtensions = new CertificateExtensions();
        setCertificateExtensions(certificateExtensions, certificateToken, certificateToken.getCertificate().getCriticalExtensionOIDs());
        setCertificateExtensions(certificateExtensions, certificateToken, certificateToken.getCertificate().getNonCriticalExtensionOIDs());
        return certificateExtensions;
    }

    private static void setCertificateExtensions(CertificateExtensions certificateExtensions, CertificateToken certificateToken, Collection<String> collection) {
        if (Utils.isCollectionNotEmpty(collection)) {
            for (String str : collection) {
                if (isSubjectAlternativeNames(str)) {
                    certificateExtensions.setSubjectAlternativeNames(getSubjectAlternativeNames(certificateToken));
                } else if (isAuthorityKeyIdentifier(str)) {
                    certificateExtensions.setAuthorityKeyIdentifier(getAuthorityKeyIdentifier(certificateToken));
                } else if (isSubjectKeyIdentifier(str)) {
                    certificateExtensions.setSubjectKeyIdentifier(getSubjectKeyIdentifier(certificateToken));
                } else if (isAuthorityInformationAccess(str)) {
                    certificateExtensions.setAuthorityInformationAccess(getAuthorityInformationAccess(certificateToken));
                } else if (isCRLDistributionPoints(str)) {
                    certificateExtensions.setCRLDistributionPoints(getCRLDistributionPoints(certificateToken));
                } else if (isBasicConstraints(str)) {
                    certificateExtensions.setBasicConstraints(getBasicConstraints(certificateToken));
                } else if (isNameConstraints(str)) {
                    certificateExtensions.setNameConstraints(getNameConstraints(certificateToken));
                } else if (isPolicyConstraints(str)) {
                    certificateExtensions.setPolicyConstraints(getPolicyConstraints(certificateToken));
                } else if (isInhibitAnyPolicy(str)) {
                    certificateExtensions.setInhibitAnyPolicy(getInhibitAnyPolicy(certificateToken));
                } else if (isKeyUsage(str)) {
                    certificateExtensions.setKeyUsage(getKeyUsage(certificateToken));
                } else if (isExtendedKeyUsage(str)) {
                    certificateExtensions.setExtendedKeyUsage(getExtendedKeyUsage(certificateToken));
                } else if (isCertificatePolicies(str)) {
                    certificateExtensions.setCertificatePolicies(getCertificatePolicies(certificateToken));
                } else if (isOcspNoCheck(str)) {
                    certificateExtensions.setOcspNoCheck(getOcspNoCheck(certificateToken));
                } else if (isValidityAssuredShortTerm(str)) {
                    certificateExtensions.setValidityAssuredShortTerm(getValAssuredSTCerts(certificateToken));
                } else if (isQcStatements(str)) {
                    certificateExtensions.setQcStatements(getQcStatements(certificateToken));
                } else {
                    certificateExtensions.addOtherExtension(getOtherCertificateExtension(certificateToken, str));
                }
            }
        }
    }

    public static boolean isSubjectAlternativeNames(String str) {
        return CertificateExtensionEnum.SUBJECT_ALTERNATIVE_NAME.getOid().equals(str);
    }

    public static boolean isAuthorityKeyIdentifier(String str) {
        return CertificateExtensionEnum.AUTHORITY_KEY_IDENTIFIER.getOid().equals(str);
    }

    public static boolean isSubjectKeyIdentifier(String str) {
        return CertificateExtensionEnum.SUBJECT_KEY_IDENTIFIER.getOid().equals(str);
    }

    public static boolean isAuthorityInformationAccess(String str) {
        return CertificateExtensionEnum.AUTHORITY_INFORMATION_ACCESS.getOid().equals(str);
    }

    public static boolean isCRLDistributionPoints(String str) {
        return CertificateExtensionEnum.CRL_DISTRIBUTION_POINTS.getOid().equals(str);
    }

    public static boolean isBasicConstraints(String str) {
        return CertificateExtensionEnum.BASIC_CONSTRAINTS.getOid().equals(str);
    }

    public static boolean isNameConstraints(String str) {
        return CertificateExtensionEnum.NAME_CONSTRAINTS.getOid().equals(str);
    }

    public static boolean isPolicyConstraints(String str) {
        return CertificateExtensionEnum.POLICY_CONSTRAINTS.getOid().equals(str);
    }

    public static boolean isKeyUsage(String str) {
        return CertificateExtensionEnum.KEY_USAGE.getOid().equals(str);
    }

    public static boolean isExtendedKeyUsage(String str) {
        return CertificateExtensionEnum.EXTENDED_KEY_USAGE.getOid().equals(str);
    }

    public static boolean isInhibitAnyPolicy(String str) {
        return CertificateExtensionEnum.INHIBIT_ANY_POLICY.getOid().equals(str);
    }

    public static boolean isCertificatePolicies(String str) {
        return CertificateExtensionEnum.CERTIFICATE_POLICIES.getOid().equals(str);
    }

    public static boolean isOcspNoCheck(String str) {
        return CertificateExtensionEnum.OCSP_NOCHECK.getOid().equals(str);
    }

    public static boolean isValidityAssuredShortTerm(String str) {
        return CertificateExtensionEnum.VALIDITY_ASSURED_SHORT_TERM.getOid().equals(str);
    }

    public static boolean isQcStatements(String str) {
        return CertificateExtensionEnum.QC_STATEMENTS.getOid().equals(str);
    }

    public static SubjectAlternativeNames getSubjectAlternativeNames(CertificateToken certificateToken) {
        try {
            SubjectAlternativeNames subjectAlternativeNames = new SubjectAlternativeNames();
            subjectAlternativeNames.setOctets(certificateToken.getCertificate().getExtensionValue(subjectAlternativeNames.getOid()));
            ArrayList arrayList = new ArrayList();
            Collection<List<?>> subjectAlternativeNames2 = certificateToken.getCertificate().getSubjectAlternativeNames();
            if (Utils.isCollectionNotEmpty(subjectAlternativeNames2)) {
                Iterator<List<?>> it = subjectAlternativeNames2.iterator();
                while (it.hasNext()) {
                    GeneralName generalName = getGeneralName(it.next());
                    if (generalName != null) {
                        arrayList.add(generalName);
                    }
                }
            }
            subjectAlternativeNames.setGeneralNames(arrayList);
            subjectAlternativeNames.checkCritical(certificateToken);
            return subjectAlternativeNames;
        } catch (Exception e) {
            LOG.warn("Unable to extract SubjectAlternativeNames", (Throwable) e);
            return null;
        }
    }

    private static GeneralName getGeneralName(List<?> list) {
        if (Utils.collectionSize(list) != 2) {
            LOG.warn("Unable to load the alternative name. Reason : Invalid sequence length!");
            return null;
        }
        try {
            if (!(list.get(0) instanceof Integer)) {
                LOG.warn("Unable to load the alternative name. Reason : Invalid encoding!");
                return null;
            }
            GeneralName generalName = new GeneralName();
            GeneralNameType fromIndex = GeneralNameType.fromIndex(((Integer) list.get(0)).intValue());
            generalName.setGeneralNameType(fromIndex);
            Object obj = list.get(1);
            if (obj instanceof String) {
                String str = (String) obj;
                if (GeneralNameType.DIRECTORY_NAME.equals(fromIndex)) {
                    str = toRFC2253RDN(str);
                }
                generalName.setValue(str);
            } else {
                if (!(obj instanceof byte[])) {
                    LOG.warn("Unable to load the alternative name. Reason : Unsupported value type!");
                    return null;
                }
                generalName.setValue(toHexEncoded((byte[]) obj));
            }
            return generalName;
        } catch (Exception e) {
            LOG.warn("Unable to load the alternative name. Reason : {}", e.getMessage(), e);
            return null;
        }
    }

    private static String toRFC2253RDN(String str) {
        try {
            return new X500PrincipalHelper(new X500Principal(DSSASN1Utils.getDEREncoded(new X500Name(RFC4519Style.INSTANCE.fromString(str))))).getRFC2253();
        } catch (Exception e) {
            LOG.warn("Unable to build RDN! Reason: {}", e.getMessage(), e);
            return str;
        }
    }

    public static AuthorityInformationAccess getAuthorityInformationAccess(CertificateToken certificateToken) {
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(CertificateExtensionEnum.AUTHORITY_INFORMATION_ACCESS.getOid());
        if (Utils.isArrayEmpty(extensionValue)) {
            return null;
        }
        try {
            ASN1Sequence asn1SequenceFromDerOctetString = DSSASN1Utils.getAsn1SequenceFromDerOctetString(extensionValue);
            if (asn1SequenceFromDerOctetString == null || asn1SequenceFromDerOctetString.size() == 0) {
                LOG.warn("Empty ASN1Sequence for AuthorityInformationAccess");
                return null;
            }
            AuthorityInformationAccess authorityInformationAccess = new AuthorityInformationAccess();
            authorityInformationAccess.setOctets(extensionValue);
            AccessDescription[] accessDescriptions = org.bouncycastle.asn1.x509.AuthorityInformationAccess.getInstance(asn1SequenceFromDerOctetString).getAccessDescriptions();
            authorityInformationAccess.setCaIssuers(getAccessUrls(accessDescriptions, X509ObjectIdentifiers.id_ad_caIssuers));
            authorityInformationAccess.setOcsp(getAccessUrls(accessDescriptions, X509ObjectIdentifiers.id_ad_ocsp));
            authorityInformationAccess.checkCritical(certificateToken);
            return authorityInformationAccess;
        } catch (Exception e) {
            LOG.warn("Unable to parse authorityInfoAccess", (Throwable) e);
            return null;
        }
    }

    private static List<String> getAccessUrls(AccessDescription[] accessDescriptionArr, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        String parseGn;
        ArrayList arrayList = new ArrayList();
        for (AccessDescription accessDescription : accessDescriptionArr) {
            if (aSN1ObjectIdentifier.equals((ASN1Primitive) accessDescription.getAccessMethod()) && (parseGn = parseGn(accessDescription.getAccessLocation())) != null) {
                arrayList.add(parseGn);
            }
        }
        return arrayList;
    }

    public static List<String> getCAIssuersAccessUrls(CertificateToken certificateToken) {
        AuthorityInformationAccess authorityInformationAccess = getAuthorityInformationAccess(certificateToken);
        return authorityInformationAccess != null ? authorityInformationAccess.getCaIssuers() : Collections.emptyList();
    }

    public static List<String> getOCSPAccessUrls(CertificateToken certificateToken) {
        AuthorityInformationAccess authorityInformationAccess = getAuthorityInformationAccess(certificateToken);
        return authorityInformationAccess != null ? authorityInformationAccess.getOcsp() : Collections.emptyList();
    }

    public static AuthorityKeyIdentifier getAuthorityKeyIdentifier(CertificateToken certificateToken) {
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(CertificateExtensionEnum.AUTHORITY_KEY_IDENTIFIER.getOid());
        if (Utils.isArrayEmpty(extensionValue)) {
            return null;
        }
        try {
            AuthorityKeyIdentifier authorityKeyIdentifier = new AuthorityKeyIdentifier();
            authorityKeyIdentifier.setOctets(extensionValue);
            org.bouncycastle.asn1.x509.AuthorityKeyIdentifier authorityKeyIdentifier2 = org.bouncycastle.asn1.x509.AuthorityKeyIdentifier.getInstance(JcaX509ExtensionUtils.parseExtensionValue(extensionValue));
            authorityKeyIdentifier.setKeyIdentifier(authorityKeyIdentifier2.getKeyIdentifier());
            if (authorityKeyIdentifier2.getAuthorityCertIssuer() != null && authorityKeyIdentifier2.getAuthorityCertSerialNumber() != null) {
                authorityKeyIdentifier.setAuthorityCertIssuerSerial(DSSASN1Utils.getDEREncoded(new IssuerSerial(authorityKeyIdentifier2.getAuthorityCertIssuer(), authorityKeyIdentifier2.getAuthorityCertSerialNumber())));
            }
            authorityKeyIdentifier.checkCritical(certificateToken);
            return authorityKeyIdentifier;
        } catch (IOException e) {
            throw new DSSException(String.format("Unable to retrieve authority key identifier of a certificate. Reason : %s", e.getMessage()), e);
        }
    }

    public static SubjectKeyIdentifier getSubjectKeyIdentifier(CertificateToken certificateToken) {
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(CertificateExtensionEnum.SUBJECT_KEY_IDENTIFIER.getOid());
        if (Utils.isArrayEmpty(extensionValue)) {
            return null;
        }
        try {
            SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifier();
            subjectKeyIdentifier.setOctets(extensionValue);
            subjectKeyIdentifier.setSki(org.bouncycastle.asn1.x509.SubjectKeyIdentifier.getInstance(JcaX509ExtensionUtils.parseExtensionValue(extensionValue)).getKeyIdentifier());
            subjectKeyIdentifier.checkCritical(certificateToken);
            return subjectKeyIdentifier;
        } catch (IOException e) {
            throw new DSSException(String.format("Unable to retrieve subject key identifier of a certificate. Reason : %s", e.getMessage()), e);
        }
    }

    public static CRLDistributionPoints getCRLDistributionPoints(CertificateToken certificateToken) {
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(CertificateExtensionEnum.CRL_DISTRIBUTION_POINTS.getOid());
        if (extensionValue == null) {
            return null;
        }
        try {
            CRLDistributionPoints cRLDistributionPoints = new CRLDistributionPoints();
            cRLDistributionPoints.setOctets(extensionValue);
            ArrayList arrayList = new ArrayList();
            for (DistributionPoint distributionPoint : CRLDistPoint.getInstance(DSSASN1Utils.getAsn1SequenceFromDerOctetString(extensionValue)).getDistributionPoints()) {
                DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
                if (0 == distributionPoint2.getType()) {
                    for (org.bouncycastle.asn1.x509.GeneralName generalName : ((GeneralNames) distributionPoint2.getName()).getNames()) {
                        String parseGn = parseGn(generalName);
                        if (parseGn != null) {
                            arrayList.add(parseGn);
                        }
                    }
                }
            }
            cRLDistributionPoints.setCrlUrls(arrayList);
            cRLDistributionPoints.checkCritical(certificateToken);
            return cRLDistributionPoints;
        } catch (Exception e) {
            LOG.warn("Unable to parse cRLDistributionPoints", (Throwable) e);
            return null;
        }
    }

    private static String parseGn(org.bouncycastle.asn1.x509.GeneralName generalName) {
        try {
            if (6 == generalName.getTagNo()) {
                return ((ASN1String) ((DERTaggedObject) generalName.toASN1Primitive()).getBaseObject()).getString();
            }
            return null;
        } catch (Exception e) {
            LOG.warn("Unable to parse GN '{}'", generalName, e);
            return null;
        }
    }

    public static List<String> getCRLAccessUrls(CertificateToken certificateToken) {
        CRLDistributionPoints cRLDistributionPoints = getCRLDistributionPoints(certificateToken);
        return cRLDistributionPoints != null ? cRLDistributionPoints.getCrlUrls() : Collections.emptyList();
    }

    public static BasicConstraints getBasicConstraints(CertificateToken certificateToken) {
        BasicConstraints basicConstraints = new BasicConstraints();
        basicConstraints.setOctets(certificateToken.getCertificate().getExtensionValue(basicConstraints.getOid()));
        int basicConstraints2 = certificateToken.getCertificate().getBasicConstraints();
        basicConstraints.setCa(basicConstraints2 != -1);
        basicConstraints.setPathLenConstraint(basicConstraints2);
        basicConstraints.checkCritical(certificateToken);
        return basicConstraints;
    }

    public static NameConstraints getNameConstraints(CertificateToken certificateToken) {
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(CertificateExtensionEnum.NAME_CONSTRAINTS.getOid());
        if (!Utils.isArrayNotEmpty(extensionValue)) {
            return null;
        }
        try {
            org.bouncycastle.asn1.x509.NameConstraints nameConstraints = org.bouncycastle.asn1.x509.NameConstraints.getInstance(DSSASN1Utils.getAsn1SequenceFromDerOctetString(extensionValue));
            NameConstraints nameConstraints2 = new NameConstraints();
            nameConstraints2.setOctets(extensionValue);
            nameConstraints2.setPermittedSubtrees(getGeneralSubtrees(nameConstraints.getPermittedSubtrees()));
            nameConstraints2.setExcludedSubtrees(getGeneralSubtrees(nameConstraints.getExcludedSubtrees()));
            nameConstraints2.checkCritical(certificateToken);
            return nameConstraints2;
        } catch (Exception e) {
            LOG.warn("Unable to parse the nameConstraints extension '{}' : {}", Utils.toBase64(extensionValue), e.getMessage(), e);
            return null;
        }
    }

    private static List<GeneralSubtree> getGeneralSubtrees(org.bouncycastle.asn1.x509.GeneralSubtree[] generalSubtreeArr) {
        if (Utils.isArrayEmpty(generalSubtreeArr)) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        for (org.bouncycastle.asn1.x509.GeneralSubtree generalSubtree : generalSubtreeArr) {
            GeneralSubtree generalSubtree2 = new GeneralSubtree();
            org.bouncycastle.asn1.x509.GeneralName base = generalSubtree.getBase();
            GeneralNameType fromIndex = GeneralNameType.fromIndex(base.getTagNo());
            if (fromIndex == null) {
                LOG.warn("Unsupported GeneralName type of index '{}'!", Integer.valueOf(base.getTagNo()));
            } else {
                generalSubtree2.setGeneralNameType(fromIndex);
                generalSubtree2.setMinimum(generalSubtree.getMinimum());
                generalSubtree2.setMaximum(generalSubtree.getMaximum());
                generalSubtree2.setValue(getStringValue(fromIndex, base.getName()));
                arrayList.add(generalSubtree2);
            }
        }
        return arrayList;
    }

    private static String getStringValue(GeneralNameType generalNameType, ASN1Encodable aSN1Encodable) {
        try {
            switch (generalNameType) {
                case OTHER_NAME:
                case EDI_PARTY_NAME:
                case X400_ADDRESS:
                    return toHexEncoded(aSN1Encodable);
                case RFC822_NAME:
                case DNS_NAME:
                case UNIFORM_RESOURCE_IDENTIFIER:
                    if (aSN1Encodable instanceof ASN1String) {
                        return ((ASN1String) aSN1Encodable).getString();
                    }
                    LOG.warn("String value is expected for a General Name of type '{}'. Hex-encoded value is returned.", generalNameType);
                    return toHexEncoded(aSN1Encodable);
                case DIRECTORY_NAME:
                    return new X500PrincipalHelper(new X500Principal(DSSASN1Utils.getDEREncoded(aSN1Encodable))).getRFC2253();
                case IP_ADDRESS:
                    return toHexEncoded(ASN1OctetString.getInstance(aSN1Encodable).getOctets());
                case REGISTERED_ID:
                    return ASN1ObjectIdentifier.getInstance(aSN1Encodable).getId();
                default:
                    LOG.warn("Unsupported General Name of type '{}'. Hex-encoded value is returned.", generalNameType);
                    return toHexEncoded(aSN1Encodable);
            }
        } catch (Exception e) {
            LOG.warn("An error occurred on extraction of General Name of Type '{}' : {}. Hex-encoded value is returned.", generalNameType, e.getMessage());
            return toHexEncoded(aSN1Encodable);
        }
    }

    private static String toHexEncoded(ASN1Encodable aSN1Encodable) {
        return toHexEncoded(DSSASN1Utils.getDEREncoded(aSN1Encodable));
    }

    private static String toHexEncoded(byte[] bArr) {
        return "#" + Utils.toHex(bArr);
    }

    public static PolicyConstraints getPolicyConstraints(CertificateToken certificateToken) {
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(CertificateExtensionEnum.POLICY_CONSTRAINTS.getOid());
        if (!Utils.isArrayNotEmpty(extensionValue)) {
            return null;
        }
        PolicyConstraints policyConstraints = new PolicyConstraints();
        policyConstraints.setOctets(extensionValue);
        try {
            org.bouncycastle.asn1.x509.PolicyConstraints policyConstraints2 = org.bouncycastle.asn1.x509.PolicyConstraints.getInstance(DSSASN1Utils.getAsn1SequenceFromDerOctetString(extensionValue));
            BigInteger inhibitPolicyMapping = policyConstraints2.getInhibitPolicyMapping();
            if (inhibitPolicyMapping != null) {
                policyConstraints.setInhibitPolicyMapping(inhibitPolicyMapping.intValue());
            }
            BigInteger requireExplicitPolicyMapping = policyConstraints2.getRequireExplicitPolicyMapping();
            if (requireExplicitPolicyMapping != null) {
                policyConstraints.setRequireExplicitPolicy(requireExplicitPolicyMapping.intValue());
            }
            policyConstraints.checkCritical(certificateToken);
            return policyConstraints;
        } catch (Exception e) {
            LOG.warn("Unable to parse the policyConstraints extension '{}' : {}", Utils.toBase64(extensionValue), e.getMessage(), e);
            return null;
        }
    }

    public static InhibitAnyPolicy getInhibitAnyPolicy(CertificateToken certificateToken) {
        BigInteger value;
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(CertificateExtensionEnum.INHIBIT_ANY_POLICY.getOid());
        if (!Utils.isArrayNotEmpty(extensionValue)) {
            return null;
        }
        InhibitAnyPolicy inhibitAnyPolicy = new InhibitAnyPolicy();
        inhibitAnyPolicy.setOctets(extensionValue);
        try {
            ASN1Integer asn1IntegerFromDerOctetString = DSSASN1Utils.getAsn1IntegerFromDerOctetString(extensionValue);
            if (asn1IntegerFromDerOctetString == null || (value = asn1IntegerFromDerOctetString.getValue()) == null) {
                return null;
            }
            inhibitAnyPolicy.setValue(value.intValue());
            inhibitAnyPolicy.checkCritical(certificateToken);
            return inhibitAnyPolicy;
        } catch (Exception e) {
            LOG.warn("Unable to parse the inhibitAnyPolicy extension '{}' : {}", Utils.toBase64(extensionValue), e.getMessage(), e);
            return null;
        }
    }

    public static KeyUsage getKeyUsage(CertificateToken certificateToken) {
        boolean[] keyUsage = certificateToken.getCertificate().getKeyUsage();
        if (keyUsage == null) {
            return null;
        }
        KeyUsage keyUsage2 = new KeyUsage();
        keyUsage2.setOctets(certificateToken.getCertificate().getExtensionValue(keyUsage2.getOid()));
        ArrayList arrayList = new ArrayList();
        for (KeyUsageBit keyUsageBit : KeyUsageBit.values()) {
            if (keyUsage[keyUsageBit.getIndex()]) {
                arrayList.add(keyUsageBit);
            }
        }
        keyUsage2.setKeyUsageBits(arrayList);
        keyUsage2.checkCritical(certificateToken);
        return keyUsage2;
    }

    public static ExtendedKeyUsages getExtendedKeyUsage(CertificateToken certificateToken) {
        try {
            ExtendedKeyUsages extendedKeyUsages = new ExtendedKeyUsages();
            extendedKeyUsages.setOctets(certificateToken.getCertificate().getExtensionValue(extendedKeyUsages.getOid()));
            extendedKeyUsages.setOids(certificateToken.getCertificate().getExtendedKeyUsage());
            extendedKeyUsages.checkCritical(certificateToken);
            return extendedKeyUsages;
        } catch (CertificateParsingException e) {
            LOG.warn("Unable to retrieve ExtendedKeyUsage : {}", e.getMessage());
            return null;
        }
    }

    public static CertificatePolicies getCertificatePolicies(CertificateToken certificateToken) {
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(CertificateExtensionEnum.CERTIFICATE_POLICIES.getOid());
        if (!Utils.isArrayNotEmpty(extensionValue)) {
            return null;
        }
        CertificatePolicies certificatePolicies = new CertificatePolicies();
        certificatePolicies.setOctets(extensionValue);
        ArrayList arrayList = new ArrayList();
        try {
            ASN1Sequence asn1SequenceFromDerOctetString = DSSASN1Utils.getAsn1SequenceFromDerOctetString(extensionValue);
            for (int i = 0; i < asn1SequenceFromDerOctetString.size(); i++) {
                arrayList.add(getCertificatePolicy(asn1SequenceFromDerOctetString.getObjectAt(i)));
            }
            certificatePolicies.setPolicyList(arrayList);
            certificatePolicies.checkCritical(certificateToken);
            return certificatePolicies;
        } catch (Exception e) {
            LOG.warn("Unable to parse the certificatePolicies extension '{}' : {}", Utils.toBase64(extensionValue), e.getMessage(), e);
            return null;
        }
    }

    private static CertificatePolicy getCertificatePolicy(ASN1Encodable aSN1Encodable) {
        CertificatePolicy certificatePolicy = new CertificatePolicy();
        PolicyInformation policyInformation = PolicyInformation.getInstance(aSN1Encodable);
        certificatePolicy.setOid(policyInformation.getPolicyIdentifier().getId());
        ASN1Sequence policyQualifiers = policyInformation.getPolicyQualifiers();
        if (policyQualifiers != null) {
            for (int i = 0; i < policyQualifiers.size(); i++) {
                PolicyQualifierInfo policyQualifierInfo = PolicyQualifierInfo.getInstance(policyQualifiers.getObjectAt(i));
                if (PolicyQualifierId.id_qt_cps.equals((ASN1Primitive) policyQualifierInfo.getPolicyQualifierId())) {
                    certificatePolicy.setCpsUrl(DSSASN1Utils.getString(policyQualifierInfo.getQualifier()));
                }
            }
        }
        return certificatePolicy;
    }

    public static OCSPNoCheck getOcspNoCheck(CertificateToken certificateToken) {
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck.getId());
        if (extensionValue == null) {
            return null;
        }
        OCSPNoCheck oCSPNoCheck = new OCSPNoCheck();
        oCSPNoCheck.setOctets(extensionValue);
        oCSPNoCheck.setOcspNoCheck(isNullIdentifiedValuePresent(extensionValue));
        oCSPNoCheck.checkCritical(certificateToken);
        return oCSPNoCheck;
    }

    public static boolean hasOcspNoCheckExtension(CertificateToken certificateToken) {
        OCSPNoCheck ocspNoCheck = getOcspNoCheck(certificateToken);
        return ocspNoCheck != null && ocspNoCheck.isOcspNoCheck();
    }

    public static ValidityAssuredShortTerm getValAssuredSTCerts(CertificateToken certificateToken) {
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(OID.id_etsi_ext_valassured_ST_certs.getId());
        if (extensionValue == null) {
            return null;
        }
        ValidityAssuredShortTerm validityAssuredShortTerm = new ValidityAssuredShortTerm();
        validityAssuredShortTerm.setOctets(extensionValue);
        validityAssuredShortTerm.setValAssuredSTCerts(isNullIdentifiedValuePresent(extensionValue));
        validityAssuredShortTerm.checkCritical(certificateToken);
        return validityAssuredShortTerm;
    }

    private static boolean isNullIdentifiedValuePresent(byte[] bArr) {
        try {
            ASN1Primitive aSN1Primitive = DSSASN1Utils.toASN1Primitive(bArr);
            if (aSN1Primitive instanceof DEROctetString) {
                return DSSASN1Utils.isDEROctetStringNull((DEROctetString) aSN1Primitive);
            }
            return false;
        } catch (Exception e) {
            LOG.debug("Exception when processing 'id_pkix_ocsp_no_check'", (Throwable) e);
            return false;
        }
    }

    public static boolean hasValAssuredShortTermCertsExtension(CertificateToken certificateToken) {
        ValidityAssuredShortTerm valAssuredSTCerts = getValAssuredSTCerts(certificateToken);
        return valAssuredSTCerts != null && valAssuredSTCerts.isValAssuredSTCerts();
    }

    public static QcStatements getQcStatements(CertificateToken certificateToken) {
        QcStatements qcStatements = QcStatementUtils.getQcStatements(certificateToken);
        if (qcStatements != null) {
            qcStatements.checkCritical(certificateToken);
        }
        return qcStatements;
    }

    private static CertificateExtension getOtherCertificateExtension(CertificateToken certificateToken, String str) {
        CertificateExtensionEnum forOid = CertificateExtensionEnum.forOid(str);
        CertificateExtension certificateExtension = forOid != null ? new CertificateExtension(forOid) : new CertificateExtension(str);
        certificateExtension.setOctets(certificateToken.getCertificate().getExtensionValue(str));
        certificateExtension.checkCritical(certificateToken);
        if (forOid == null) {
            if (certificateExtension.isCritical()) {
                LOG.warn("Unknown critical CertificateExtension with OID : '{}'", str);
            } else if (LOG.isDebugEnabled()) {
                LOG.debug("Unknown non-critical CertificateExtension with OID : '{}'", str);
            }
        }
        return certificateExtension;
    }
}
