package eu.emi.security.authn.x509.helpers.pkipath.bc;

import eu.emi.security.authn.x509.ValidationErrorCode;
import eu.emi.security.authn.x509.helpers.pkipath.SimpleValidationErrorException;
import java.math.BigInteger;
import java.security.cert.CertificateParsingException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.jcajce.PKIXCRLStore;
import org.bouncycastle.jcajce.PKIXCRLStoreSelector;
import org.bouncycastle.jcajce.PKIXExtendedBuilderParameters;
import org.bouncycastle.jcajce.PKIXExtendedParameters;
import org.bouncycastle.jce.provider.AnnotatedException;
import org.bouncycastle.x509.X509AttributeCertificate;

/* loaded from: input_file:eu/emi/security/authn/x509/helpers/pkipath/bc/CertPathValidatorUtilitiesCanl.class */
public class CertPathValidatorUtilitiesCanl extends CertPathValidatorUtilities {
    public static TrustAnchor findTrustAnchorPublic(X509Certificate x509Certificate, Set<?> set, String str) throws AnnotatedException {
        return CertPathValidatorUtilities.findTrustAnchor(x509Certificate, set, str);
    }

    public static Collection<?> findIssuerCerts(X509Certificate x509Certificate, PKIXExtendedBuilderParameters pKIXExtendedBuilderParameters) throws AnnotatedException {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(pKIXExtendedBuilderParameters.getBaseParameters().getCertificateStores());
        try {
            arrayList.addAll(CertPathValidatorUtilities.getAdditionalStoresFromAltNames(x509Certificate.getExtensionValue(Extension.issuerAlternativeName.getId()), pKIXExtendedBuilderParameters.getBaseParameters().getNamedCertificateStoreMap()));
        } catch (CertificateParsingException e) {
        }
        return CertPathValidatorUtilities.findIssuerCerts(x509Certificate, pKIXExtendedBuilderParameters.getBaseParameters().getCertStores(), arrayList);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set<?> getCompleteCRLs2(DistributionPoint distributionPoint, X509Certificate x509Certificate, Date date, PKIXExtendedParameters pKIXExtendedParameters) throws SimpleValidationErrorException {
        try {
            return getCompleteCRLs(distributionPoint, x509Certificate, date, pKIXExtendedParameters);
        } catch (AnnotatedException e) {
            if (!e.getMessage().startsWith("No CRLs found for issuer")) {
                throw new SimpleValidationErrorException(ValidationErrorCode.crlExtractionError, e.getCause().getMessage(), e.getCause(), e.getCause().getClass().getName());
            }
            if (x509Certificate.getNotAfter().after(date)) {
                throw new SimpleValidationErrorException(ValidationErrorCode.noValidCrlFound, e);
            }
            throw new SimpleValidationErrorException(ValidationErrorCode.noCrlForExpiredCert, e);
        }
    }

    protected static Set getCompleteCRLs(DistributionPoint distributionPoint, Object obj, Date date, PKIXExtendedParameters pKIXExtendedParameters) throws AnnotatedException {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(PrincipalUtils.getEncodedIssuerPrincipal(obj));
            CertPathValidatorUtilities.getCRLIssuersFromDistributionPoint(distributionPoint, hashSet, x509CRLSelector);
            if (obj instanceof X509Certificate) {
                x509CRLSelector.setCertificateChecking((X509Certificate) obj);
            }
            Set findCRLs = CRL_UTIL.findCRLs(new PKIXCRLStoreSelector.Builder(x509CRLSelector).setCompleteCRLEnabled(true).build(), new Date(0L), pKIXExtendedParameters.getCertStores(), pKIXExtendedParameters.getCRLStores());
            checkCRLsNotEmpty(findCRLs, obj);
            return findCRLs;
        } catch (AnnotatedException e) {
            throw new AnnotatedException("Could not get issuer information from distribution point.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set<X509CRL> getDeltaCRLs2(Date date, PKIXExtendedParameters pKIXExtendedParameters, X509CRL x509crl) throws SimpleValidationErrorException {
        try {
            return getDeltaCRLs(date, x509crl, pKIXExtendedParameters.getCertStores(), pKIXExtendedParameters.getCRLStores());
        } catch (AnnotatedException e) {
            throw new SimpleValidationErrorException(ValidationErrorCode.crlDeltaProblem, e.getMessage(), e.getCause(), e.getCause().getClass().getName());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static ASN1Primitive getExtensionValue(X509Extension x509Extension, String str) throws AnnotatedException {
        return CertPathValidatorUtilities.getExtensionValue(x509Extension, str);
    }

    protected static List<PKIXCRLStore> getAdditionalStoresFromCRLDistributionPoint(CRLDistPoint cRLDistPoint, PKIXExtendedBuilderParameters pKIXExtendedBuilderParameters) throws AnnotatedException {
        return CertPathValidatorUtilities.getAdditionalStoresFromCRLDistributionPoint(cRLDistPoint, pKIXExtendedBuilderParameters.getBaseParameters().getNamedCRLStoreMap());
    }

    public static BigInteger getSerialNumber(Object obj) {
        return obj instanceof X509Certificate ? ((X509Certificate) obj).getSerialNumber() : ((X509AttributeCertificate) obj).getSerialNumber();
    }
}
