package bluecrystal.service.service;

import bluecrystal.bcdeps.helper.DerEncoder;
import bluecrystal.bcdeps.helper.PkiOps;
import bluecrystal.domain.CertConstants;
import bluecrystal.domain.OperationStatus;
import bluecrystal.domain.StatusConst;
import bluecrystal.service.exception.EmptyCertPathException;
import bluecrystal.service.exception.NotAfterException;
import bluecrystal.service.exception.NotBeforeException;
import bluecrystal.service.exception.RevokedException;
import bluecrystal.service.exception.UndefStateException;
import bluecrystal.service.helper.UtilsLocal;
import bluecrystal.service.helper.UtilsRepo;
import bluecrystal.service.loader.LCRLoader;
import bluecrystal.service.loader.LCRLoaderImpl;
import bluecrystal.service.util.PrefsFactory;
import bluecrystal.service.validator.CrlValidatorImpl;
import bluecrystal.service.validator.OcspValidatorImpl;
import bluecrystal.service.validator.StatusValidator;
import bluecrystal.service.validator.StatusValidatorImpl;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.security.InvalidAlgorithmParameterException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:bluecrystal/service/service/CertificateService.class */
public class CertificateService {
    static final Logger logger = LoggerFactory.getLogger(CertificateService.class);
    private static LCRLoader lcrLoader = PrefsFactory.getLCRLoader();
    private static final String ICP_BRASIL_PF = "ICP-Brasil PF";
    private static final String ICP_BRASIL_PJ = "ICP-Brasil PJ";
    private static final String CERT_TYPE_FMT = "cert_type%d";
    private static final String CNPJ_OID = "2.16.76.1.3.3";
    private static final String ICP_BRASIL_PC_PREFIX_OID = "2.16.76.1.2";
    private static final String EKU_OCSP_SIGN_OID = "1.3.6.1.5.5.7.3.9";
    private static final String EKU_TIMESTAMP_OID = "1.3.6.1.5.5.7.3.8";
    private static final String EKU_IPSEC_USER_OID = "1.3.6.1.5.5.7.3.7";
    private static final String EKU_IPSEC_TUNNEL_OID = "1.3.6.1.5.5.7.3.6";
    private static final String EKU_IPSEC_END_OID = "1.3.6.1.5.5.7.3.5";
    private static final String EKU_EMAIL_PROT_OID = "1.3.6.1.5.5.7.3.4";
    private static final String EKU_CODE_SIGN_OID = "1.3.6.1.5.5.7.3.3";
    private static final String EKU_CLIENT_AUTH_OID = "1.3.6.1.5.5.7.3.2";
    private static final String EKU_SERVER_AUTH_OID = "1.3.6.1.5.5.7.3.1";
    private static final String UPN = "1.3.6.1.4.1.311.20.2.3";
    private static final String PROFESSIONAL_OID = "2.16.76.1.4.";
    private static final String OAB_OID = "2.16.76.1.4.2.1.1";
    private static final String PJ_PF_INSS_OID = "2.16.76.1.3.7";
    private static final String PERSON_NAME_OID = "2.16.76.1.3.2";
    private static final String PF_PF_INSS_OID = "2.16.76.1.3.6";
    private static final String ELEITOR_OID = "2.16.76.1.3.5";
    private static final String PJ_PF_ID = "2.16.76.1.3.4";
    private static final String PF_PF_ID = "2.16.76.1.3.1";
    private static final int BIRTH_DATE_INI = 0;
    private static final int BIRTH_DATE_LEN = 8;
    private static final int CPF_INI = 8;
    private static final int CPF_LEN = 19;
    private static final int PIS_INI = 19;
    private static final int PIS_LEN = 30;
    private static final int RG_INI = 30;
    private static final int RG_LEN = 45;
    private static final int RG_ORG_UF_INI = 45;
    private static final int RG_ORG_UF_LEN = 51;
    private static final int RG_UF_LEN = 2;
    private static final int ELEITOR_INI = 0;
    private static final int ELEITOR_LEN = 12;
    private static final int ZONA_INI = 12;
    private static final int ZONA_LEN = 3;
    private static final int SECAO_INI = 15;
    private static final int SECAO_LEN = 4;
    private static final int INSS_INI = 0;
    private static final int INSS_LEN = 12;
    private static final int SAN_OTHER_NAME = 0;
    private static final int SAN_EMAIL = 1;
    private static final String AKI_OID = "2.5.29.35";
    private static final String CERT_POLICIES = "2.5.29.32";
    private static final String CRL_DIST_POINT = "2.5.29.31";
    public static final String OCSP = "1.3.6.1.5.5.7.48.1";
    private static final String CA_ISSUERS = "1.3.6.1.5.5.7.48.2";
    private static final String AUTHORITY_INFO_ACCESS = "1.3.6.1.5.5.7.1.1";
    private static final String NON_REPUDIATION = "nonRepudiation";
    private static final String KEY_ENCIPHERMENT = "keyEncipherment";
    private static final String KEY_CERT_SIGN = "keyCertSign";
    private static final String KEY_AGREEMENT = "keyAgreement";
    private static final String ENCIPHER_ONLY = "encipherOnly";
    private static final String DECIPHER_ONLY = "decipherOnly";
    private static final String DATA_ENCIPHERMENT = "dataEncipherment";
    private static final String CRL_SIGN = "cRLSign";
    private static final String LIST_FORMAT = "%s,";
    private static final String DIGITAL_SIGNATURE = "digitalSignature";
    private List<X509Certificate> intermCa;
    private List<X509Certificate> trustAnchor;
    StatusValidator statusValidator;
    boolean enforceKu;
    int minKeyLen;
    Map<String, X509Certificate> mapInterm = null;
    Map<String, X509Certificate> mapAnchor = null;
    private String[] ignore = {"2.5.29.15", "2.5.29.37", "2.5.29.19", "2.5.29.17"};

    public CertificateService() {
        this.minKeyLen = 2048;
        OcspValidatorImpl ocspValidatorImpl = new OcspValidatorImpl();
        lcrLoader = new LCRLoaderImpl();
        this.statusValidator = new StatusValidatorImpl(new CrlValidatorImpl(lcrLoader), ocspValidatorImpl);
        this.statusValidator.setUseOcsp(PrefsFactory.getUseOCSP());
        Security.addProvider(new BouncyCastleProvider());
        this.enforceKu = false;
        this.minKeyLen = 2048;
    }

    public X509Certificate createFromB64(byte[] bArr) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    public List<X509Certificate> getIntermCaList() throws Exception {
        if (this.intermCa == null) {
            this.intermCa = UtilsRepo.listCertFromRepo("interm");
            this.mapInterm = buildMap(this.intermCa);
        }
        return this.intermCa;
    }

    public List<X509Certificate> getTrustAnchorList() throws Exception {
        if (this.trustAnchor == null) {
            this.trustAnchor = UtilsRepo.listCertFromRepo("root");
            this.mapAnchor = buildMap(this.trustAnchor);
        }
        return this.trustAnchor;
    }

    public OperationStatus isValidForSign(Date date, X509Certificate x509Certificate) throws Exception, IOException, CertificateException, CRLException, UndefStateException, RevokedException {
        return (!forSign(x509Certificate) || ((RSAKey) x509Certificate.getPublicKey()).getModulus().bitLength() < this.minKeyLen) ? new OperationStatus(StatusConst.UNSABLEKEY, null) : isValid(date, x509Certificate);
    }

    public Map<String, String> parseChainAsMap(List<X509Certificate> list) {
        HashMap hashMap = new HashMap();
        int i = 0;
        for (X509Certificate x509Certificate : list) {
            loggerTrace("CERT:" + x509Certificate.getSubjectDN().getName());
            try {
                hashMap.put(String.format(CertConstants.THUMBPRINT_SHA256_D, Integer.valueOf(i)), createThumbprintsha256(x509Certificate.getEncoded()));
                hashMap.put(String.format(CertConstants.SUBJECT_D, Integer.valueOf(i)), x509Certificate.getSubjectDN().getName());
                hashMap.put(String.format(CertConstants.ISSUER_D, Integer.valueOf(i)), x509Certificate.getIssuerDN().getName());
                hashMap.put(String.format(CertConstants.NOT_AFTER_D, Integer.valueOf(i)), String.valueOf(x509Certificate.getNotAfter().getTime()));
                hashMap.put(String.format(CertConstants.NOT_BEFORE_D, Integer.valueOf(i)), String.valueOf(x509Certificate.getNotBefore().getTime()));
                hashMap.put(String.format(CertConstants.VERSION_D, Integer.valueOf(i)), String.valueOf(x509Certificate.getVersion()));
                hashMap.put(String.format(CertConstants.CERT_SHA256_D, Integer.valueOf(i)), String.valueOf(calcCertSha256(x509Certificate)));
                hashMap.put(String.format(CertConstants.SERIAL_D, Integer.valueOf(i)), x509Certificate.getSerialNumber().toString());
                hashMap.put(String.format(CertConstants.KEY_LENGTH_D, Integer.valueOf(i)), String.valueOf(((RSAPublicKey) x509Certificate.getPublicKey()).getModulus().bitLength()));
                hashMap.put(String.format(CertConstants.BASIC_CONSTRAINT_D, Integer.valueOf(i)), String.valueOf(x509Certificate.getBasicConstraints()));
                String str = "standard";
                hashMap.put(String.format(CERT_TYPE_FMT, Integer.valueOf(i)), str);
                Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
                if (subjectAlternativeNames != null) {
                    for (List<?> list2 : subjectAlternativeNames) {
                        try {
                            Integer num = (Integer) list2.get(0);
                            Object obj = list2.get(1);
                            if (num.intValue() == 0) {
                                if (obj instanceof String) {
                                    logger.error("UNSUPORTED OTHERNAME SAN FORMAT");
                                } else {
                                    hashMap.putAll(createSanMap((byte[]) obj, i));
                                }
                            } else if (num.intValue() != 1) {
                                logger.error("UNSUPORTED SAN");
                            } else if (obj instanceof String) {
                                hashMap.put(String.format(CertConstants.SAN_EMAIL_D, Integer.valueOf(i)), (String) obj);
                            } else {
                                logger.error("UNSUPORTED EMAIL SAN FORMAT");
                            }
                        } catch (Exception e) {
                            logger.error("Erroe decoding SAN", e);
                        }
                    }
                }
                List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
                StringBuffer stringBuffer = new StringBuffer();
                if (extendedKeyUsage != null) {
                    Iterator<String> it = extendedKeyUsage.iterator();
                    while (it.hasNext()) {
                        stringBuffer.append(String.format(LIST_FORMAT, translateEKU(it.next())));
                    }
                    str = stringBuffer.substring(0, stringBuffer.length() - 2);
                    hashMap.put(String.format(CertConstants.EKU_D, Integer.valueOf(i)), str);
                }
                StringBuffer stringBuffer2 = new StringBuffer();
                boolean[] keyUsage = x509Certificate.getKeyUsage();
                if (keyUsage != null) {
                    stringBuffer2.append(keyUsage[6] ? String.format(LIST_FORMAT, CRL_SIGN) : "");
                    stringBuffer2.append(keyUsage[3] ? String.format(LIST_FORMAT, DATA_ENCIPHERMENT) : "");
                    stringBuffer2.append(keyUsage[8] ? String.format(LIST_FORMAT, DECIPHER_ONLY) : "");
                    stringBuffer2.append(keyUsage[0] ? String.format(LIST_FORMAT, DIGITAL_SIGNATURE) : "");
                    stringBuffer2.append(keyUsage[7] ? String.format(LIST_FORMAT, ENCIPHER_ONLY) : "");
                    stringBuffer2.append(keyUsage[4] ? String.format(LIST_FORMAT, KEY_AGREEMENT) : "");
                    stringBuffer2.append(keyUsage[5] ? String.format(LIST_FORMAT, KEY_CERT_SIGN) : "");
                    stringBuffer2.append(keyUsage[2] ? String.format(LIST_FORMAT, KEY_ENCIPHERMENT) : "");
                    stringBuffer2.append(keyUsage[1] ? String.format(LIST_FORMAT, NON_REPUDIATION) : "");
                    str = stringBuffer2.substring(0, stringBuffer2.length() - 1);
                }
                hashMap.put(String.format(CertConstants.KU_D, Integer.valueOf(i)), str);
                loggerTrace("** getCriticalExtensionOIDs");
                Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
                if (criticalExtensionOIDs != null) {
                    for (String str2 : criticalExtensionOIDs) {
                        loggerTrace(String.format("%s -> %s", str2, x509Certificate.getExtensionValue(str2)));
                        if (shouldIgnore(str2)) {
                            loggerTrace(String.format("IGNORE: %s", str2));
                        } else {
                            loggerTrace(" + no extension beeing processed.");
                        }
                    }
                }
                loggerTrace("** getNonCriticalExtensionOIDs");
                Set<String> nonCriticalExtensionOIDs = x509Certificate.getNonCriticalExtensionOIDs();
                if (nonCriticalExtensionOIDs != null) {
                    for (String str3 : nonCriticalExtensionOIDs) {
                        loggerTrace(String.format("%s -> %s", str3, new String(x509Certificate.getExtensionValue(str3))));
                        if (shouldIgnore(str3)) {
                            loggerTrace(String.format("IGNORE: %s", str3));
                        } else {
                            loggerTrace("+ no extension beeing processed.");
                            hashMap.putAll(processExtension(str3, x509Certificate.getExtensionValue(str3), i));
                        }
                    }
                }
            } catch (Exception e2) {
                logger.error("Error decoding X.509 field or exception", e2);
            }
            i++;
        }
        return hashMap;
    }

    private String createThumbprintsha256(byte[] bArr) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(bArr);
        return new String(Base64.encode(messageDigest.digest()));
    }

    private String calcCertSha256(X509Certificate x509Certificate) {
        String str = "";
        try {
            str = UtilsLocal.conv(new PkiOps().calcSha256(x509Certificate.getEncoded()));
        } catch (Exception e) {
            logger.error("Error calculating cert sha256 ", e);
        }
        return str;
    }

    private String translateEKU(String str) {
        String str2 = "";
        if (str.compareTo(EKU_OCSP_SIGN_OID) == 0) {
            str2 = "ekuOcspSign";
        } else if (str.compareTo(EKU_TIMESTAMP_OID) == 0) {
            str2 = "ekuTimeStamp";
        } else if (str.compareTo(EKU_IPSEC_USER_OID) == 0) {
            str2 = "ekuIpSecUser";
        } else if (str.compareTo(EKU_IPSEC_TUNNEL_OID) == 0) {
            str2 = "ekuIpSecTunnel";
        } else if (str.compareTo(EKU_IPSEC_END_OID) == 0) {
            str2 = "ekuIpSecEnd";
        } else if (str.compareTo(EKU_EMAIL_PROT_OID) == 0) {
            str2 = "ekuEmailProt";
        } else if (str.compareTo(EKU_CODE_SIGN_OID) == 0) {
            str2 = "ekuCodeSgin";
        } else if (str.compareTo(EKU_CLIENT_AUTH_OID) == 0) {
            str2 = "ekuClientAuth";
        } else if (str.compareTo(EKU_SERVER_AUTH_OID) == 0) {
            str2 = "ekuServerAuth";
        }
        return str2;
    }

    private Map<String, String> createSanMap(byte[] bArr, int i) {
        return DerEncoder.createSanMap(bArr, i);
    }

    private Map<String, String> processExtension(String str, byte[] bArr, int i) {
        HashMap hashMap = new HashMap();
        try {
            if (str.compareTo(AUTHORITY_INFO_ACCESS) == 0) {
                hashMap.putAll(convertAiaOid(getAIAComplete(bArr), i));
            } else if (str.compareTo(CRL_DIST_POINT) == 0) {
                List<String> crlDistributionPoints = getCrlDistributionPoints(bArr);
                StringBuffer stringBuffer = new StringBuffer();
                Iterator<String> it = crlDistributionPoints.iterator();
                while (it.hasNext()) {
                    stringBuffer.append(String.format(LIST_FORMAT, it.next()));
                }
                hashMap.put(String.format(CertConstants.CRL_DP, Integer.valueOf(i)), stringBuffer.substring(0, stringBuffer.length() - 1));
            } else if (str.compareTo(CERT_POLICIES) == 0) {
                hashMap.putAll(getCertPolicies(bArr, i));
            } else if (str.compareTo(AKI_OID) == 0) {
                hashMap.put(String.format(CertConstants.AKI_FMT, Integer.valueOf(i)), UtilsLocal.conv(getAKI(bArr, i)));
            }
        } catch (Exception e) {
            logger.error("Error processing extension " + str, e);
        }
        return hashMap;
    }

    private byte[] getAKI(byte[] bArr, int i) {
        return DerEncoder.getAKI(bArr, i);
    }

    private Map<String, String> convertAiaOid(Map<String, String> map, int i) {
        HashMap hashMap = new HashMap();
        for (String str : map.keySet()) {
            if (str.compareTo(OCSP) == 0) {
                hashMap.put(String.format(CertConstants.OCSP_STR, Integer.valueOf(i)), map.get(OCSP));
            } else if (str.compareTo(CA_ISSUERS) == 0) {
                hashMap.put(String.format(CertConstants.CA_ISSUERS_STR, Integer.valueOf(i)), map.get(CA_ISSUERS));
            }
        }
        return hashMap;
    }

    private boolean shouldIgnore(String str) {
        boolean z = false;
        String[] strArr = this.ignore;
        int length = strArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (strArr[i].compareTo(str) == 0) {
                z = true;
                break;
            }
            i++;
        }
        return z;
    }

    private boolean forSign(X509Certificate x509Certificate) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        return this.enforceKu ? keyUsage[0] && keyUsage[1] : keyUsage[0] || keyUsage[1];
    }

    public OperationStatus isValid(Date date, X509Certificate x509Certificate) throws Exception, IOException, CertificateException, CRLException, UndefStateException, RevokedException {
        return isValid(date, x509Certificate, true);
    }

    public OperationStatus isValid(Date date, X509Certificate x509Certificate, boolean z) throws Exception, IOException, CertificateException, CRLException, UndefStateException, RevokedException {
        OperationStatus operationStatus = new OperationStatus(1, null);
        logger.debug("Status inicial: 1");
        List<X509Certificate> buildPath = buildPath(x509Certificate);
        if (buildPath != null) {
            try {
                verificaCertPath(buildPath, date);
                if (z) {
                    operationStatus = this.statusValidator.verifyStatusEE(buildPath, date, getCrlDistributionPoints(x509Certificate));
                }
            } catch (Exception e) {
                operationStatus = new OperationStatus(StatusConst.UNTRUSTED, null, e);
            }
        } else {
            logger.error("** ERROR:certsOnPath == null " + new Date());
            operationStatus = new OperationStatus(StatusConst.UNTRUSTED, null, new EmptyCertPathException());
        }
        logger.debug("Status retornado: " + operationStatus);
        return operationStatus;
    }

    public List<X509Certificate> buildPath(X509Certificate x509Certificate) throws Exception {
        return buildPath(x509Certificate, getIntermCaList(), getTrustAnchorList());
    }

    public List<X509Certificate> decode(byte[] bArr) throws CertificateException, IOException, CRLException {
        ArrayList arrayList = new ArrayList();
        try {
            Iterator<byte[]> it = DerEncoder.extractCertList(bArr).iterator();
            while (it.hasNext()) {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(it.next());
                arrayList.addAll((List) CertificateFactory.getInstance("X.509").generateCertificates(byteArrayInputStream));
                byteArrayInputStream.close();
            }
        } catch (Exception e) {
            logger.error("Error decoding X.509 cert from bytes ", e);
        }
        return arrayList;
    }

    public X509Certificate decodeEE(byte[] bArr) throws CertificateException, IOException, CRLException {
        for (X509Certificate x509Certificate : decode(bArr)) {
            if (isEE(x509Certificate)) {
                return x509Certificate;
            }
        }
        return null;
    }

    private static boolean isEE(X509Certificate x509Certificate) {
        return x509Certificate.getBasicConstraints() == -1;
    }

    private static List<X509Certificate> buildPath(X509Certificate x509Certificate, Collection<X509Certificate> collection, Collection<X509Certificate> collection2) throws Exception {
        X509Certificate x509Certificate2;
        X509Certificate x509Certificate3;
        ArrayList arrayList = new ArrayList();
        loggerTrace("****** Signer Issuer");
        loggerTrace(x509Certificate.getIssuerDN().getName());
        loggerTrace("****** intermCa");
        Map<String, X509Certificate> buildMap = buildMap(collection);
        loggerTrace("****** rootCa");
        Map<String, X509Certificate> buildMap2 = buildMap(collection2);
        arrayList.add(x509Certificate);
        X509Certificate x509Certificate4 = x509Certificate;
        while (true) {
            x509Certificate2 = x509Certificate4;
            if (!buildMap.containsKey(x509Certificate2.getIssuerDN().getName())) {
                break;
            }
            arrayList.add(buildMap.get(x509Certificate2.getIssuerDN().getName()));
            x509Certificate4 = buildMap.get(x509Certificate2.getIssuerDN().getName());
        }
        if (buildMap2.containsKey(x509Certificate2.getIssuerDN().getName())) {
            arrayList.add(buildMap2.get(x509Certificate2.getIssuerDN().getName()));
        } else {
            Map<String, X509Certificate> buildMap3 = buildMap(buildPathUsingAIA(x509Certificate));
            X509Certificate x509Certificate5 = x509Certificate;
            while (true) {
                x509Certificate3 = x509Certificate5;
                if (!buildMap3.containsKey(x509Certificate3.getIssuerDN().getName())) {
                    break;
                }
                arrayList.add(buildMap3.get(x509Certificate3.getIssuerDN().getName()));
                x509Certificate5 = buildMap3.get(x509Certificate3.getIssuerDN().getName());
            }
            if (buildMap2.containsKey(x509Certificate3.getIssuerDN().getName())) {
                arrayList.add(buildMap2.get(x509Certificate3.getIssuerDN().getName()));
            }
        }
        return arrayList;
    }

    public static List<X509Certificate> buildPathUsingAIA(X509Certificate x509Certificate) throws Exception {
        ArrayList arrayList = new ArrayList();
        String aia = getAIA(x509Certificate);
        if (aia != null) {
            for (X509Certificate x509Certificate2 : loadCerts(new URL(aia))) {
                if (!isRoot(x509Certificate2)) {
                    arrayList.add(x509Certificate2);
                }
            }
        }
        return arrayList;
    }

    public static boolean isRoot(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().toString().compareTo(x509Certificate.getIssuerDN().toString()) == 0;
    }

    private static List<X509Certificate> loadCerts(URL url) throws Exception {
        InputStream openStream = url.openStream();
        ArrayList arrayList = new ArrayList();
        Iterator<? extends Certificate> it = CertificateFactory.getInstance("X509").generateCertificates(openStream).iterator();
        while (it.hasNext()) {
            arrayList.add((X509Certificate) it.next());
        }
        return arrayList;
    }

    private static Map<String, X509Certificate> buildMap(Collection<X509Certificate> collection) {
        HashMap hashMap = new HashMap();
        for (X509Certificate x509Certificate : collection) {
            loggerTrace(x509Certificate.getSubjectDN().getName());
            hashMap.put(x509Certificate.getSubjectDN().getName(), x509Certificate);
        }
        return hashMap;
    }

    private static void loggerTrace(String str) {
    }

    private void verificaCertPath(Collection<X509Certificate> collection, Date date) throws Exception {
        CertPath createCertPathToValidate = createCertPathToValidate(collection);
        PKIXParameters createPKIXParms = createPKIXParms(this.trustAnchor, date);
        for (Certificate certificate : createCertPathToValidate.getCertificates()) {
            if (certificate instanceof X509Certificate) {
                X509Certificate x509Certificate = (X509Certificate) certificate;
                if (date.before(x509Certificate.getNotBefore())) {
                    throw new NotBeforeException(x509Certificate, x509Certificate.getNotBefore());
                }
                if (date.after(x509Certificate.getNotAfter())) {
                    throw new NotAfterException(x509Certificate, x509Certificate.getNotAfter());
                }
            }
        }
        createPKIXParms.setRevocationEnabled(false);
        if (certPathReview(createCertPathToValidate, createPKIXParms) == null) {
            throw new RuntimeException("");
        }
    }

    private PKIXCertPathValidatorResult certPathReview(CertPath certPath, PKIXParameters pKIXParameters) throws NoSuchAlgorithmException, CertPathValidatorException, InvalidAlgorithmParameterException {
        return (PKIXCertPathValidatorResult) CertPathValidator.getInstance(CertPathValidator.getDefaultType()).validate(certPath, pKIXParameters);
    }

    private PKIXParameters createPKIXParms(Collection<X509Certificate> collection, Date date) throws InvalidAlgorithmParameterException {
        HashSet hashSet = new HashSet();
        Iterator<X509Certificate> it = collection.iterator();
        while (it.hasNext()) {
            hashSet.add(new TrustAnchor(it.next(), null));
        }
        PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
        pKIXParameters.setDate(date);
        return pKIXParameters;
    }

    private CertPath createCertPathToValidate(Collection<X509Certificate> collection) throws CertificateException {
        X509Certificate[] x509CertificateArr = new X509Certificate[collection.size()];
        Iterator<X509Certificate> it = collection.iterator();
        int i = 0;
        while (it.hasNext()) {
            x509CertificateArr[i] = it.next();
            i++;
        }
        return CertificateFactory.getInstance("X.509").generateCertPath(Arrays.asList(x509CertificateArr));
    }

    public static String getAIA(X509Certificate x509Certificate) throws UnsupportedEncodingException {
        String str = null;
        Map<String, String> aIAComplete = getAIAComplete(x509Certificate.getExtensionValue(AUTHORITY_INFO_ACCESS));
        if (aIAComplete != null) {
            str = aIAComplete.get(CA_ISSUERS);
        }
        return str;
    }

    public static Map<String, String> getAIAComplete(byte[] bArr) throws UnsupportedEncodingException {
        return DerEncoder.getAIAComplete(bArr);
    }

    public static List<String> getCrlDistributionPoints(X509Certificate x509Certificate) throws CertificateParsingException, IOException {
        return getCrlDistributionPoints(x509Certificate.getExtensionValue(CRL_DIST_POINT));
    }

    public static List<String> getCrlDistributionPoints(byte[] bArr) throws CertificateParsingException, IOException {
        return DerEncoder.getCrlDistributionPoints(bArr);
    }

    public static Map<String, String> getCertPolicies(byte[] bArr, int i) throws CertificateParsingException, IOException {
        return DerEncoder.getCertPolicies(bArr, i);
    }

    private static String getCertUsage(String str) {
        String str2 = "";
        if (str.startsWith("2.16.76.1.2.1")) {
            str2 = "ICP-Brasil A1";
        } else if (str.startsWith("2.16.76.1.2.2")) {
            str2 = "ICP-Brasil A2";
        } else if (str.startsWith("2.16.76.1.2.3")) {
            str2 = "ICP-Brasil A3";
        } else if (str.startsWith("2.16.76.1.2.4")) {
            str2 = "ICP-Brasil A4";
        } else if (str.startsWith("2.16.76.1.2.101")) {
            str2 = "ICP-Brasil S1";
        } else if (str.startsWith("2.16.76.1.2.102")) {
            str2 = "ICP-Brasil S2";
        } else if (str.startsWith("2.16.76.1.2.103")) {
            str2 = "ICP-Brasil S3";
        } else if (str.startsWith("2.16.76.1.2.104")) {
            str2 = "ICP-Brasil S4";
        }
        return str2;
    }
}
