package ru.CryptoPro.AdES.tools;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat;
import org.bouncycastle.asn1.ess.OtherCertID;
import org.bouncycastle.asn1.ocsp.CertID;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.OCSPResponse;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.CertificateList;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.IssuerSerial;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.CollectionStore;
import org.bouncycastle.util.Store;
import ru.CryptoPro.AdES.certificate.CertificateItem;
import ru.CryptoPro.AdES.exception.AdESException;
import ru.CryptoPro.AdES.external.signature.AdESSigner;
import ru.CryptoPro.JCP.JCP;
import ru.CryptoPro.JCP.Util.GetProperty;
import ru.CryptoPro.JCP.tools.AlgorithmUtility;
import ru.CryptoPro.JCP.tools.Array;
import ru.CryptoPro.JCP.tools.JCPKeyPair;
import ru.CryptoPro.JCP.tools.JCPLogger;

/* loaded from: classes4.dex */
public class AdESUtility {
    public static final CertificateFactory CERT_FACTORY;
    public static final int DIGITAL_SIGNATURE = 0;
    public static final String EXTENDED_KEY_USAGE = "2.5.29.37";
    public static final boolean FIX_NULL = true;
    public static final int KEY_ENCIPHERMENT = 2;
    public static final String KEY_USAGE = "2.5.29.15";
    public static final String id_kp_timeStamping = "1.3.6.1.5.5.7.3.8";
    private static final List<String> ACCEPTED_PROVIDER_LIST = Arrays.asList("JCP", "JCSP");
    public static final String PROPERTY_VALIDATE_TSP = "ru.CryptoPro.AdES.validate_tsp";
    public static final boolean VALIDATE_TSP = GetProperty.getBooleanProperty(PROPERTY_VALIDATE_TSP, true);
    public static final String PROPERTY_VALIDATE_OTHER_TSP = "ru.CryptoPro.AdES.validate_other_tsp";
    public static final boolean VALIDATE_OTHER_TSP = GetProperty.getBooleanProperty(PROPERTY_VALIDATE_OTHER_TSP, false);
    public static final String PROPERTY_REQUIRE_TSP_EVIDENCE = "ru.CryptoPro.AdES.require_tsp_evidence";
    public static final boolean REQUIRE_TSP_EVIDENCE = GetProperty.getBooleanProperty(PROPERTY_REQUIRE_TSP_EVIDENCE, false);
    public static final String PROPERTY_REQUIRE_ALG_CONFORMITY = "ru.CryptoPro.AdES.require_alg_conformity";
    public static final boolean REQUIRE_ALG_CONFORMITY = GetProperty.getBooleanProperty(PROPERTY_REQUIRE_ALG_CONFORMITY, true);

    static {
        try {
            CERT_FACTORY = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    public static byte[] calculateDigest(String str, String str2, byte[] bArr) throws AdESException {
        try {
            return MessageDigest.getInstance(str2, correctProviderByHashAlgorithm(str, str2)).digest(bArr);
        } catch (NoSuchAlgorithmException e) {
            throw new AdESException(e, AdESException.ecInternal);
        } catch (NoSuchProviderException e2) {
            throw new AdESException(e2, AdESException.ecInternal);
        }
    }

    public static String checkAndGetDigestAlgorithm(String str, String str2, Key key) {
        if (str != null) {
            return str;
        }
        if (isInternalImplemented(str2)) {
            return AlgorithmUtility.keyAlgToDigestOid(key.getAlgorithm());
        }
        return null;
    }

    public static String checkAndGetEncryptionAlgorithm(String str, String str2, PrivateKey privateKey) {
        if (str != null) {
            return str;
        }
        if (isInternalImplemented(str2)) {
            return AlgorithmUtility.keyAlgToKeyAlgorithmOid(privateKey.getAlgorithm());
        }
        return null;
    }

    public static void checkOidAndKeyAlgorithmCAdESConformity(String str, String str2, PrivateKey privateKey) throws AdESException {
        boolean z;
        JCPLogger.subEnter();
        if (!REQUIRE_ALG_CONFORMITY) {
            JCPLogger.subTrace("Check of algorithm conformity disabled.");
            JCPLogger.subExit();
            return;
        }
        if (str == null || str2 == null || privateKey == null) {
            throw new AdESException("Any OID or private key is null", AdESException.ecInternal);
        }
        String keyAlgToDigestOid = AlgorithmUtility.keyAlgToDigestOid(privateKey.getAlgorithm());
        if (keyAlgToDigestOid == null) {
            throw new AdESException("Digest algorithm list is empty", AdESException.ecAlgorithmMismatch);
        }
        if (!str.equals(keyAlgToDigestOid)) {
            throw new AdESException("Invalid digest OID: " + str + " (invalid private key algorithm or digest algorithm), expected digest OID: " + keyAlgToDigestOid, AdESException.ecAlgorithmMismatch);
        }
        List keyAlgToKeyAlgorithmOidAdES = AlgorithmUtility.keyAlgToKeyAlgorithmOidAdES(privateKey.getAlgorithm());
        if (keyAlgToKeyAlgorithmOidAdES.isEmpty()) {
            throw new AdESException("Key algorithm list is empty", AdESException.ecAlgorithmMismatch);
        }
        Iterator it2 = keyAlgToKeyAlgorithmOidAdES.iterator();
        while (true) {
            if (!it2.hasNext()) {
                z = false;
                break;
            } else if (((String) it2.next()).equals(str2)) {
                z = true;
                break;
            }
        }
        if (!z) {
            throw new AdESException("Invalid encryption oid " + str2 + " (invalid private key algorithm or encryption algorithm)", AdESException.ecAlgorithmMismatch);
        }
        JCPLogger.subExit();
    }

    public static void checkOidAndKeyAlgorithmXAdESConformity(String str, String str2, PrivateKey privateKey) throws AdESException {
        JCPLogger.subEnter();
        if (!REQUIRE_ALG_CONFORMITY) {
            JCPLogger.subTrace("Check of algorithm conformity disabled.");
            JCPLogger.subExit();
            return;
        }
        if (str == null || str2 == null || privateKey == null) {
            throw new AdESException("OID or private key is null", AdESException.ecAlgorithmMismatch);
        }
        String keyAlgToDigestOid = AlgorithmUtility.keyAlgToDigestOid(privateKey.getAlgorithm());
        if (keyAlgToDigestOid == null) {
            throw new AdESException("Digest algorithm list is empty", AdESException.ecAlgorithmMismatch);
        }
        if (!str.equals(keyAlgToDigestOid)) {
            throw new AdESException("Invalid digest OID: " + str + " (invalid private key algorithm or digest algorithm), expected digest OID: " + keyAlgToDigestOid, AdESException.ecAlgorithmMismatch);
        }
        String keyAlgToSignatureOid = AlgorithmUtility.keyAlgToSignatureOid(privateKey.getAlgorithm());
        if (keyAlgToSignatureOid == null) {
            throw new AdESException("Signature algorithm list is empty", AdESException.ecAlgorithmMismatch);
        }
        if (!keyAlgToSignatureOid.equals(str2)) {
            throw new AdESException("Invalid signature OID: " + str2 + " (invalid private key algorithm or signature algorithm), expected signature OID: " + keyAlgToSignatureOid, AdESException.ecAlgorithmMismatch);
        }
        JCPLogger.subExit();
    }

    public static boolean compareCertificateID(CertificateID certificateID, CertificateID certificateID2) {
        CertID aSN1Primitive = certificateID.toASN1Primitive();
        String id = aSN1Primitive.getHashAlgorithm().getAlgorithm().getId();
        ASN1Encodable parameters = aSN1Primitive.getHashAlgorithm().getParameters();
        byte[] issuerKeyHash = certificateID.getIssuerKeyHash();
        byte[] issuerNameHash = certificateID.getIssuerNameHash();
        BigInteger serialNumber = certificateID.getSerialNumber();
        CertID aSN1Primitive2 = certificateID2.toASN1Primitive();
        String id2 = aSN1Primitive2.getHashAlgorithm().getAlgorithm().getId();
        ASN1Encodable parameters2 = aSN1Primitive2.getHashAlgorithm().getParameters();
        byte[] issuerKeyHash2 = certificateID2.getIssuerKeyHash();
        byte[] issuerNameHash2 = certificateID2.getIssuerNameHash();
        BigInteger serialNumber2 = certificateID2.getSerialNumber();
        boolean equals = id.equals(id2);
        boolean equals2 = serialNumber.equals(serialNumber2);
        boolean z = parameters == null || parameters2 == null || parameters.equals(parameters2);
        boolean z2 = issuerKeyHash == null || issuerKeyHash2 == null || Array.compare(issuerKeyHash, issuerKeyHash2);
        boolean z3 = issuerNameHash == null || issuerNameHash2 == null || Array.compare(issuerNameHash, issuerNameHash2);
        if (equals && z && equals2) {
            return z2 || z3;
        }
        return false;
    }

    public static void compareSID2SigningCertificate(SignerId signerId, OtherCertID otherCertID) {
        JCPLogger.subEnter();
        X500Name issuer = signerId.getIssuer();
        BigInteger serialNumber = signerId.getSerialNumber();
        if (issuer == null || serialNumber == null) {
            JCPLogger.trace("ATTENTION! The SID of the signing certificate not found.");
        } else if (otherCertID.getIssuerSerial() != null) {
            try {
                if (!match(new X509Principal(issuer.getEncoded()), otherCertID.getIssuerSerial()) || !serialNumber.equals(otherCertID.getIssuerSerial().getSerial().getValue())) {
                    JCPLogger.trace("ATTENTION! The SID of the signing certificate doesn't equal the certificate ID in the signing-certificate(V2) attribute.");
                }
            } catch (IOException e) {
                JCPLogger.thrown(e);
            }
        }
        JCPLogger.subExit();
    }

    public static Set<X509Certificate> convertCertificateStoreToSet(CollectionStore collectionStore) throws AdESException {
        byte[] encoded;
        if (collectionStore == null) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet();
        try {
            for (Object obj : collectionStore.getMatches(null)) {
                if (obj instanceof X509CertificateHolder) {
                    encoded = ((X509CertificateHolder) obj).getEncoded();
                } else {
                    if (!(obj instanceof Certificate)) {
                        throw new AdESException("Invalid certificate type", AdESException.ecInternal);
                    }
                    encoded = ((Certificate) obj).getEncoded();
                }
                hashSet.add((X509Certificate) CERT_FACTORY.generateCertificate(new ByteArrayInputStream(encoded)));
            }
            return hashSet;
        } catch (IOException e) {
            throw new AdESException(e, AdESException.ecInternal);
        } catch (CertificateException e2) {
            throw new AdESException(e2, AdESException.ecInternal);
        }
    }

    public static Set convertValidationDataToSet(CollectionStore collectionStore, boolean z) throws AdESException {
        if (collectionStore == null) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet();
        try {
            for (Object obj : collectionStore.getMatches(null)) {
                if (obj instanceof X509CRLHolder) {
                    obj = (X509CRL) CERT_FACTORY.generateCRL(new ByteArrayInputStream(((X509CRLHolder) obj).getEncoded()));
                } else if (obj instanceof CertificateList) {
                    obj = (X509CRL) CERT_FACTORY.generateCRL(new ByteArrayInputStream(((CertificateList) obj).getEncoded()));
                } else if (z) {
                    continue;
                } else {
                    if (!(obj instanceof OCSPResponse)) {
                        throw new AdESException("Unknown validation data type", AdESException.ecInternal);
                    }
                    if (((OCSPResponse) obj).getResponseStatus().getValue().intValue() != 0) {
                        throw new AdESException("Unsuccessful OCSP response cannot be used", AdESException.ecInternal);
                    }
                }
                hashSet.add(obj);
            }
            return hashSet;
        } catch (IOException e) {
            throw new AdESException(e, AdESException.ecInternal);
        } catch (CRLException e2) {
            throw new AdESException(e2, AdESException.ecInternal);
        }
    }

    public static CertificateList convertX509CRL2CertificateList(X509CRL x509crl) throws CRLException, IOException {
        return CertificateList.getInstance((ASN1Sequence) new ASN1InputStream(x509crl.getEncoded()).readObject());
    }

    public static String correctProviderByHashAlgorithm(String str, String str2) {
        JCPLogger.subSubTraceFormat("Find a provider that implements the digest algorithm {0} ({1})", str2, str);
        if (!ifMapContains(AlgorithmUtility.MAP_REPLACING_DIGEST_ALGORITHMS, str2)) {
            JCPLogger.subSubTraceFormat("Valid provider (digest algorithm: {0}): {1} is found instead of {2}", str2, BouncyCastleProvider.PROVIDER_NAME, str);
            return BouncyCastleProvider.PROVIDER_NAME;
        }
        if (ACCEPTED_PROVIDER_LIST.contains(str)) {
            return str;
        }
        String str3 = AdESSigner.PROVIDER;
        JCPLogger.subSubTraceFormat("Valid provider (digest algorithm: {0}): {1} is found instead of {2}", str2, str3, str);
        return str3;
    }

    public static String correctProviderBySignatureOid(String str, String str2) {
        JCPLogger.subSubTraceFormat("Find a provider that implements the signature algorithm identifier {0} ({1})", str2, str);
        if (!ifMapContains(AlgorithmUtility.MAP_REPLACING_KEY_ALGORITHMS, str2) && !AlgorithmUtility.MAP_REPLACING_SIGNATURE_ALGORITHMS.contains(str2)) {
            JCPLogger.subSubTraceFormat("Valid provider (signature algorithm: {0}): {1} is found instead of {2}", str2, BouncyCastleProvider.PROVIDER_NAME, str);
            return BouncyCastleProvider.PROVIDER_NAME;
        }
        if (ACCEPTED_PROVIDER_LIST.contains(str)) {
            return str;
        }
        String str3 = AdESSigner.PROVIDER;
        JCPLogger.subSubTraceFormat("Valid provider (signature algorithm: {0}): {1} is found instead of {2}", str2, str3, str);
        return str3;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static Store extractCRLAndOtherRevocationInfo(Store store) throws AdESException {
        CertificateList certificateList;
        ArrayList arrayList = new ArrayList();
        if (store == null) {
            return new CollectionStore(arrayList);
        }
        Iterator it2 = store.getMatches(null).iterator();
        while (it2.hasNext()) {
            ASN1Primitive aSN1Primitive = ((ASN1Encodable) it2.next()).toASN1Primitive();
            if (aSN1Primitive instanceof ASN1Sequence) {
                certificateList = CertificateList.getInstance(aSN1Primitive);
            } else if (aSN1Primitive instanceof ASN1TaggedObject) {
                ASN1TaggedObject aSN1TaggedObject = ASN1TaggedObject.getInstance(aSN1Primitive);
                if (aSN1TaggedObject.getTagNo() != 1) {
                    throw new AdESException("Unknown other revocation type", AdESException.ecInternal);
                }
                OtherRevocationInfoFormat otherRevocationInfoFormat = OtherRevocationInfoFormat.getInstance(aSN1TaggedObject, false);
                ASN1ObjectIdentifier aSN1ObjectIdentifier = OCSPObjectIdentifiers.id_pkix_ocsp_response;
                if (otherRevocationInfoFormat.getInfoFormat() != null && !otherRevocationInfoFormat.getInfoFormat().equals(aSN1ObjectIdentifier)) {
                    throw new AdESException("Invalid other revocation type, only" + aSN1ObjectIdentifier + " is allowed", AdESException.ecInternal);
                }
                boolean z = otherRevocationInfoFormat.getInfo() instanceof OCSPResponse;
                certificateList = otherRevocationInfoFormat;
                if (!z) {
                    throw new AdESException("Invalid other revocation type, only OCSP response is allowed", AdESException.ecInternal);
                }
            } else {
                continue;
            }
            arrayList.add(certificateList);
        }
        return new CollectionStore(arrayList);
    }

    public static CertificateID fixCertificateID(CertificateID certificateID, String str) {
        return new CertificateID(new CertID(new AlgorithmIdentifier(new ASN1ObjectIdentifier(str)), new DEROctetString(certificateID.getIssuerNameHash()), new DEROctetString(certificateID.getIssuerKeyHash()), new ASN1Integer(certificateID.getSerialNumber())));
    }

    private static List<String> getAccessor(X509Certificate x509Certificate, String str) {
        ASN1Object extensionValue;
        JCPLogger.subSubTraceFormat("Searching for extension by id {0} in certificate: sn {1}, subject {2}, issuer {3}", str, x509Certificate.getSerialNumber().toString(16), x509Certificate.getSubjectDN(), x509Certificate.getIssuerDN());
        ArrayList arrayList = new ArrayList();
        try {
            extensionValue = getExtensionValue(x509Certificate, X509Extensions.AuthorityInfoAccess.getId());
        } catch (Exception e) {
            JCPLogger.thrown(e);
        }
        if (extensionValue == null) {
            return arrayList;
        }
        ASN1Sequence aSN1Sequence = (ASN1Sequence) extensionValue;
        for (int i = 0; i < aSN1Sequence.size(); i++) {
            ASN1Sequence aSN1Sequence2 = (ASN1Sequence) aSN1Sequence.getObjectAt(i);
            if (aSN1Sequence2.size() == 2 && (aSN1Sequence2.getObjectAt(0) instanceof ASN1ObjectIdentifier) && ((ASN1ObjectIdentifier) aSN1Sequence2.getObjectAt(0)).getId().equals(str)) {
                arrayList.add(getStringFromGeneralName((ASN1Object) aSN1Sequence2.getObjectAt(1)));
            }
        }
        JCPLogger.subSubTraceFormat("Found: {0} OCSP url(s).", Integer.valueOf(arrayList.size()));
        return arrayList;
    }

    public static byte[] getAuthorityKeyIdentifier(byte[] bArr) throws IOException {
        AuthorityKeyIdentifier authorityKeyIdentifierInternal = getAuthorityKeyIdentifierInternal(bArr);
        if (authorityKeyIdentifierInternal != null) {
            return authorityKeyIdentifierInternal.getKeyIdentifier();
        }
        return null;
    }

    private static AuthorityKeyIdentifier getAuthorityKeyIdentifierInternal(byte[] bArr) throws IOException {
        if (bArr == null) {
            return null;
        }
        return AuthorityKeyIdentifier.getInstance(new ASN1InputStream(new ByteArrayInputStream(((DEROctetString) new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject()).getOctets())).readObject());
    }

    public static BigInteger getCRLSerialNumber(X509CRL x509crl) {
        Set<String> nonCriticalExtensionOIDs = x509crl.getNonCriticalExtensionOIDs();
        String id = X509Extension.cRLNumber.getId();
        if (!nonCriticalExtensionOIDs.contains(id)) {
            return null;
        }
        try {
            ASN1Object extensionValue = getExtensionValue(x509crl, id);
            if (extensionValue != null) {
                return ((ASN1Integer) extensionValue).getValue();
            }
            return null;
        } catch (IOException e) {
            JCPLogger.ignoredException(e);
            return null;
        }
    }

    public static List<String> getCrlUrls(X509Certificate x509Certificate) {
        ASN1Object extensionValue;
        JCPLogger.subSubTraceFormat("Reading CRL DP from the certificate\n\tserial number: {0}\n\tsubject: {1}\n\tissuer: {2}", x509Certificate.getSerialNumber().toString(16), x509Certificate.getSubjectDN(), x509Certificate.getIssuerDN());
        ArrayList arrayList = new ArrayList();
        try {
            extensionValue = getExtensionValue(x509Certificate, X509Extensions.CRLDistributionPoints.getId());
        } catch (Exception e) {
            JCPLogger.thrown(e);
        }
        if (extensionValue == null) {
            return arrayList;
        }
        for (DistributionPoint distributionPoint : CRLDistPoint.getInstance(extensionValue).getDistributionPoints()) {
            DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
            if (distributionPoint2.getType() == 0) {
                for (GeneralName generalName : ((GeneralNames) distributionPoint2.getName()).getNames()) {
                    if (generalName.getTagNo() == 6) {
                        arrayList.add(DERIA5String.getInstance(generalName.getName()).getString());
                    }
                }
            }
        }
        JCPLogger.subSubTraceFormat("Found: {0} CRL url(s).", Integer.valueOf(arrayList.size()));
        return arrayList;
    }

    public static ASN1Object getExtensionValue(java.security.cert.X509Extension x509Extension, String str) throws IOException {
        byte[] extensionValue = x509Extension.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        return new ASN1InputStream(new ByteArrayInputStream(((ASN1OctetString) new ASN1InputStream(new ByteArrayInputStream(extensionValue)).readObject()).getOctets())).readObject();
    }

    public static List<String> getOcspUrls(X509Certificate x509Certificate) {
        return getAccessor(x509Certificate, "1.3.6.1.5.5.7.48.1");
    }

    private static String getStringFromGeneralName(ASN1Object aSN1Object) throws IOException {
        return new String(ASN1OctetString.getInstance((DERTaggedObject) aSN1Object, false).getOctets(), "ISO-8859-1");
    }

    public static byte[] getSubjectKeyIdentifier(byte[] bArr) throws IOException {
        if (bArr == null) {
            return null;
        }
        return SubjectKeyIdentifier.getInstance(new ASN1InputStream(new ByteArrayInputStream(ASN1OctetString.getInstance(new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject()).getOctets())).readObject()).getKeyIdentifier();
    }

    public static boolean hasExtension(X509Certificate x509Certificate, String str) {
        try {
            List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
            return extendedKeyUsage != null && extendedKeyUsage.contains(str);
        } catch (CertificateParsingException unused) {
            return false;
        }
    }

    public static boolean ifKeyUsageIsKeyEnciphermentInCertificate(X509Certificate x509Certificate) {
        boolean[] keyUsage;
        Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
        return criticalExtensionOIDs == null || criticalExtensionOIDs.isEmpty() || !criticalExtensionOIDs.contains(KEY_USAGE) || (keyUsage = x509Certificate.getKeyUsage()) == null || keyUsage.length <= 2 || keyUsage[2];
    }

    public static boolean ifKeyUsageIsSignatureInCertificate(X509Certificate x509Certificate) {
        boolean[] keyUsage;
        Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
        return criticalExtensionOIDs == null || criticalExtensionOIDs.isEmpty() || !criticalExtensionOIDs.contains(KEY_USAGE) || (keyUsage = x509Certificate.getKeyUsage()) == null || keyUsage[0];
    }

    private static boolean ifMapContains(Map<String, String> map, String str) {
        return map.containsKey(str) || map.containsValue(str);
    }

    public static boolean ifPrivateKeyAndMatchesCertificate(PrivateKey privateKey, X509Certificate x509Certificate, String str) throws AdESException {
        try {
            return new JCPKeyPair(x509Certificate.getPublicKey(), privateKey).match(str);
        } catch (Exception e) {
            throw new AdESException(e, AdESException.ecInternal);
        }
    }

    public static boolean isExtensionCritical(X509Certificate x509Certificate, String str) {
        Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
        return criticalExtensionOIDs != null && criticalExtensionOIDs.contains(str);
    }

    public static boolean isGost(X509Certificate x509Certificate) {
        String algorithm = x509Certificate.getPublicKey().getAlgorithm();
        return algorithm.equalsIgnoreCase(JCP.GOST_EL_DEGREE_NAME) || algorithm.equalsIgnoreCase(JCP.GOST_EL_2012_256_NAME) || algorithm.equalsIgnoreCase(JCP.GOST_EL_2012_512_NAME);
    }

    public static boolean isInternalImplemented(String str) {
        return str.equalsIgnoreCase("JCP") || str.equalsIgnoreCase("JCSP");
    }

    private static boolean isNoCheckCertificate(X509Certificate x509Certificate) {
        return x509Certificate.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck.getId()) != null;
    }

    public static boolean isSelfSigned(X509Certificate x509Certificate) {
        return isSelfSignedFast(x509Certificate);
    }

    private static boolean isSelfSignedFast(X509Certificate x509Certificate) {
        return isSelfSignedForCaCerts(x509Certificate) && isSelfSignedSignature(x509Certificate);
    }

    public static boolean isSelfSignedForCaCerts(X509Certificate x509Certificate) {
        return x509Certificate.getBasicConstraints() != -1 && x509Certificate.getSubjectX500Principal().equals(x509Certificate.getIssuerX500Principal());
    }

    public static boolean isSelfSignedSignature(X509Certificate x509Certificate) {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey(), correctProviderBySignatureOid(AdESSigner.PROVIDER, x509Certificate.getSigAlgOID()));
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    public static boolean match(X509Principal x509Principal, IssuerSerial issuerSerial) throws IOException {
        return new X509Principal(false, x509Principal.getName()).equals(new X509Principal(((ASN1Sequence) ((ASN1TaggedObject) ((ASN1Sequence) ((ASN1Sequence) issuerSerial.toASN1Primitive()).getObjectAt(0).toASN1Primitive()).getObjectAt(0).toASN1Primitive()).getObject()).getEncoded()));
    }

    public static boolean skipCertificateValidity(X509Certificate x509Certificate, CertificateItem.CertificateRole certificateRole) {
        return certificateRole == CertificateItem.CertificateRole.OCSPSigner ? isNoCheckCertificate(x509Certificate) : certificateRole == CertificateItem.CertificateRole.Unknown ? isNoCheckCertificate(x509Certificate) || isSelfSigned(x509Certificate) : isSelfSigned(x509Certificate);
    }

    public static boolean skipTSPCertificateValidity(X509Certificate x509Certificate, CertificateItem.CertificateRole certificateRole) {
        return (certificateRole == CertificateItem.CertificateRole.TSPSigner || certificateRole == CertificateItem.CertificateRole.Unknown) && !REQUIRE_TSP_EVIDENCE && hasExtension(x509Certificate, "1.3.6.1.5.5.7.3.8");
    }
}
