package eu.emi.security.authn.x509.helpers.pkipath.bc;

import eu.emi.security.authn.x509.ValidationErrorCode;
import eu.emi.security.authn.x509.helpers.pkipath.SimpleValidationErrorException;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateParsingException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.CRLNumber;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.provider.AnnotatedException;
import org.bouncycastle.x509.ExtendedPKIXBuilderParameters;
import org.bouncycastle.x509.ExtendedPKIXParameters;
import org.bouncycastle.x509.X509AttributeCertificate;
import org.bouncycastle.x509.X509CRLStoreSelector;

/* loaded from: input_file:eu/emi/security/authn/x509/helpers/pkipath/bc/CertPathValidatorUtilities.class */
public class CertPathValidatorUtilities extends org.bouncycastle.jce.provider.CertPathValidatorUtilities {
    public static TrustAnchor findTrustAnchor2(X509Certificate x509Certificate, Set<?> set, String str) throws AnnotatedException {
        return org.bouncycastle.jce.provider.CertPathValidatorUtilities.findTrustAnchor(x509Certificate, set, str);
    }

    public static void addAdditionalStoresFromAltNames(X509Certificate x509Certificate, ExtendedPKIXParameters extendedPKIXParameters) throws CertificateParsingException {
        org.bouncycastle.jce.provider.CertPathValidatorUtilities.addAdditionalStoresFromAltNames(x509Certificate, extendedPKIXParameters);
    }

    public static Collection<?> findIssuerCerts(X509Certificate x509Certificate, ExtendedPKIXBuilderParameters extendedPKIXBuilderParameters) throws AnnotatedException {
        return org.bouncycastle.jce.provider.CertPathValidatorUtilities.findIssuerCerts(x509Certificate, extendedPKIXBuilderParameters);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set<?> getCompleteCRLs2(DistributionPoint distributionPoint, X509Certificate x509Certificate, Date date, ExtendedPKIXParameters extendedPKIXParameters) throws SimpleValidationErrorException {
        try {
            return org.bouncycastle.jce.provider.CertPathValidatorUtilities.getCompleteCRLs(distributionPoint, x509Certificate, date, extendedPKIXParameters);
        } catch (AnnotatedException e) {
            if (!e.getMessage().startsWith("No CRLs found for issuer")) {
                throw new SimpleValidationErrorException(ValidationErrorCode.crlExtractionError, e.getCause().getMessage(), e.getCause(), e.getCause().getClass().getName());
            }
            if (x509Certificate.getNotAfter().after(date)) {
                throw new SimpleValidationErrorException(ValidationErrorCode.noValidCrlFound, e);
            }
            throw new SimpleValidationErrorException(ValidationErrorCode.noCrlForExpiredCert, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set<X509CRL> getDeltaCRLs2(Date date, ExtendedPKIXParameters extendedPKIXParameters, X509CRL x509crl) throws SimpleValidationErrorException {
        X509CRLStoreSelector x509CRLStoreSelector = new X509CRLStoreSelector();
        try {
            x509CRLStoreSelector.addIssuerName(getIssuerPrincipal(x509crl).getEncoded());
            try {
                DERObject extensionValue = getExtensionValue(x509crl, CRL_NUMBER);
                BigInteger positiveValue = extensionValue != null ? CRLNumber.getInstance(extensionValue).getPositiveValue() : null;
                try {
                    byte[] extensionValue2 = x509crl.getExtensionValue(ISSUING_DISTRIBUTION_POINT);
                    x509CRLStoreSelector.setMinCRLNumber(positiveValue == null ? null : positiveValue.add(BigInteger.valueOf(1L)));
                    x509CRLStoreSelector.setIssuingDistributionPoint(extensionValue2);
                    x509CRLStoreSelector.setIssuingDistributionPointEnabled(true);
                    x509CRLStoreSelector.setMaxBaseCRLNumber(positiveValue);
                    try {
                        Set<X509CRL> findCRLs = CRL_UTIL.findCRLs(x509CRLStoreSelector, extendedPKIXParameters, date);
                        HashSet hashSet = new HashSet();
                        for (X509CRL x509crl2 : findCRLs) {
                            if (isDeltaCRL(x509crl2)) {
                                hashSet.add(x509crl2);
                            }
                        }
                        return hashSet;
                    } catch (AnnotatedException e) {
                        ValidationErrorCode validationErrorCode = ValidationErrorCode.crlExtractionError;
                        Object[] objArr = new Object[3];
                        objArr[0] = (e.getCause() == null || e.getCause().getCause() == null) ? e : e.getCause().getCause();
                        objArr[1] = e;
                        objArr[2] = e.getMessage();
                        throw new SimpleValidationErrorException(validationErrorCode, objArr);
                    }
                } catch (Exception e2) {
                    throw new SimpleValidationErrorException(ValidationErrorCode.crlIssuerException, e2);
                }
            } catch (Exception e3) {
                throw new SimpleValidationErrorException(ValidationErrorCode.crlNbrExtError, e3);
            }
        } catch (IOException e4) {
            throw new SimpleValidationErrorException(ValidationErrorCode.crlIssuerException, e4);
        }
    }

    private static boolean isDeltaCRL(X509CRL x509crl) {
        Set<String> criticalExtensionOIDs = x509crl.getCriticalExtensionOIDs();
        return criticalExtensionOIDs != null && criticalExtensionOIDs.contains(X509Extensions.DeltaCRLIndicator.getId());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static DERObject getExtensionValue(X509Extension x509Extension, String str) throws AnnotatedException {
        return org.bouncycastle.jce.provider.CertPathValidatorUtilities.getExtensionValue(x509Extension, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void addAdditionalStoresFromCRLDistributionPoint(CRLDistPoint cRLDistPoint, ExtendedPKIXParameters extendedPKIXParameters) throws AnnotatedException {
        org.bouncycastle.jce.provider.CertPathValidatorUtilities.addAdditionalStoresFromCRLDistributionPoint(cRLDistPoint, extendedPKIXParameters);
    }

    public static BigInteger getSerialNumber(Object obj) {
        return obj instanceof X509Certificate ? ((X509Certificate) obj).getSerialNumber() : ((X509AttributeCertificate) obj).getSerialNumber();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X500Principal getEncodedIssuerPrincipal(Object obj) {
        return org.bouncycastle.jce.provider.CertPathValidatorUtilities.getEncodedIssuerPrincipal(obj);
    }
}
