package com.ibm.security.certclient.util;

import com.ibm.crypto.provider.PBMParameterSpec;
import com.ibm.misc.Debug;
import com.ibm.security.certclient.PkEeFactory;
import com.ibm.security.certclient.base.PkAttrs;
import com.ibm.security.certclient.base.PkCertConstants;
import com.ibm.security.certclient.base.PkConstants;
import com.ibm.security.certclient.base.PkException;
import com.ibm.security.certclient.base.PkIoException;
import com.ibm.security.certclient.base.PkNLSConstants;
import com.ibm.security.certclient.base.PkRejectionException;
import com.ibm.security.certclient.base.PkRevoConstants;
import com.ibm.security.cmp.InfoTypeAndValue;
import com.ibm.security.cmp.PKIHeader;
import com.ibm.security.cmp.PKIMessage;
import com.ibm.security.cmp.RevPassphraseInfoValue;
import com.ibm.security.crmf.EncryptedValue;
import com.ibm.security.pkcs10.CertificationRequest;
import com.ibm.security.pkcs10.CertificationRequestInfo;
import com.ibm.security.pkcs5.PKCS5;
import com.ibm.security.pkcs9.PKCS9;
import com.ibm.security.pkcsutil.PKCSAttribute;
import com.ibm.security.util.DerInputStream;
import com.ibm.security.util.DerValue;
import com.ibm.security.util.ObjectIdentifier;
import com.ibm.security.x509.AlgorithmId;
import com.ibm.security.x509.BasicConstraintsExtension;
import com.ibm.security.x509.CertAttrSet;
import com.ibm.security.x509.CertificateExtensions;
import com.ibm.security.x509.DNSName;
import com.ibm.security.x509.ExtKeyUsageExtension;
import com.ibm.security.x509.Extension;
import com.ibm.security.x509.GeneralName;
import com.ibm.security.x509.GeneralNames;
import com.ibm.security.x509.IPAddressName;
import com.ibm.security.x509.KeyIdentifier;
import com.ibm.security.x509.KeyUsageExtension;
import com.ibm.security.x509.PKIXExtensions;
import com.ibm.security.x509.RFC822Name;
import com.ibm.security.x509.SubjectAlternativeNameExtension;
import com.ibm.security.x509.SubjectKeyIdentifierExtension;
import com.ibm.security.x509.URIName;
import com.ibm.security.x509.X500Name;
import com.ibm.security.x509.X509CertImpl;
import com.ibm.security.x509.X509Key;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidParameterSpecException;
import java.util.Date;
import java.util.Enumeration;
import java.util.GregorianCalendar;
import java.util.Vector;

/* loaded from: input_file:efixes/PK36146_Linux_i386/components/prereq.jdk/update.jar:/java/jre/lib/ext/ibmkeycert.jar:com/ibm/security/certclient/util/JPKI.class */
public class JPKI implements PkConstants {
    private static Debug debug = Debug.getInstance("keycertmanage");
    private static final Object className = "com.ibm.security.certclient.JPKI";
    private static BigInteger BIG_ONE = BigInteger.valueOf(1);
    private static final ObjectIdentifier EXT_OID = getOID();
    private static int APPROVEDAPPLIED = 3;

    private static final ObjectIdentifier getOID() {
        try {
            return new ObjectIdentifier("1.3.6.1.4.1.311.2.1.14");
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public PkAttrs initialCertRequest(String[] strArr, String[] strArr2, String[] strArr3, PublicKey publicKey, PrivateKey privateKey) throws Exception {
        return initialCertRequest(strArr, strArr2, strArr3, null, publicKey, privateKey);
    }

    public PkAttrs initialCertRequest(String[] strArr, String[] strArr2, String[] strArr3, String[] strArr4, PublicKey publicKey, PrivateKey privateKey) throws Exception {
        if (strArr == null || strArr.length < 7) {
            throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_ARRAY_SIZE_WRONG);
        }
        if (debug != null) {
            for (String str : strArr) {
                debug.text(1L, className, "initialCertRequest", "Processing {0}", str);
            }
        }
        for (int i = 0; i < strArr.length; i++) {
            if (strArr[i] == null && i != 3 && i != 4) {
                throw new PkRejectionException(new StringBuffer().append("").append(i).append(" ").append(PkNLSConstants.INVALID_PARMS_VALUE_CANNOT_BE_NULL).toString());
            }
        }
        if (publicKey == null) {
            throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_VALUE_CANNOT_BE_NULL);
        }
        if (strArr3 != null) {
            for (String str2 : strArr3) {
                if (debug != null) {
                    debug.text(1L, className, "initialCertRequest", "Processing {0}", str2);
                }
            }
        }
        if (strArr4 != null && debug != null) {
            for (String str3 : strArr4) {
                debug.text(1L, className, "initialCertRequest", "Processing {0}", str3);
            }
        }
        boolean z = publicKey instanceof RSAPublicKey;
        X509Key x509Key = (X509Key) publicKey;
        String normalize = new PkNormalize().normalize(strArr[1]);
        String stringBuffer = new StringBuffer().append(strArr[0]).append(", ").append(normalize).toString();
        if (new Integer(strArr[2]).intValue() != 3) {
            throw new PkRejectionException(PkNLSConstants.X509_CERT_VERSION_MUST_BE3);
        }
        Integer num = PkCertConstants.CERT_VERSION_3;
        PkAttrs pkAttrs = new PkAttrs();
        if (strArr3 != null && strArr3.length > 0) {
            KeyUsageExtension keyUsageExt = setKeyUsageExt(strArr3);
            if (keyUsageWrong(z, keyUsageExt)) {
                if (!z && debug != null) {
                    debug.text(1L, className, "initialCertRequest", "Key usage for DSA should be digitalSignature or nonRepudiation");
                }
                throw new PkRejectionException(PkNLSConstants.CERT_BAD_KEY_USAGE);
            }
            ExtKeyUsageExtension extKeyUsageExtension = strArr4 != null ? setextKeyUsageExt(strArr4) : null;
            pkAttrs.add("x509.info.extensions.KeyUsage", 3, keyUsageExt);
            if (extKeyUsageExtension != null) {
                pkAttrs.add("x509.info.extensions.ExtKeyUsage", 3, extKeyUsageExtension);
            }
        }
        pkAttrs.add("x509.info.version", 3, num);
        pkAttrs.add(PkCertConstants.CERT_CMP_VERSION, 1, BIG_ONE);
        if (z) {
            pkAttrs.add("x509.info.algorithmID", 3, new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid));
            pkAttrs.add(PkCertConstants.CERT_ALGORITHM_NAME, 2, "SHA1withRSA");
        } else {
            pkAttrs.add("x509.info.algorithmID", 3, AlgorithmId.get("SHA1withDSA"));
            pkAttrs.add(PkCertConstants.CERT_ALGORITHM_NAME, 2, "SHA1withDSA");
        }
        pkAttrs.add(PkCertConstants.CERT_PROVIDER, 2, PkEeFactory.getProvider());
        Date date = new Date(new Long(strArr[5]).longValue());
        pkAttrs.add(PkCertConstants.CERT_NOT_BEFORE, 3, date);
        Date date2 = new Date();
        date2.setTime(date.getTime());
        date2.setTime(new Long(strArr[6]).longValue() + date2.getTime());
        if (debug != null) {
            debug.text(1L, className, "initialCertRequest", "notAfter {0}", date2);
        }
        pkAttrs.add(PkCertConstants.CERT_NOT_AFTER, 3, date2);
        pkAttrs.add("x509.info.subject", 3, new X500Name(stringBuffer));
        pkAttrs.add("x509.info.key", 3, x509Key);
        if (strArr[3] != null) {
            pkAttrs.add(PkCertConstants.CERT_SENDER_KID, 2, new KeyIdentifier(strArr[3].getBytes()));
        }
        if (strArr[4] != null) {
            pkAttrs.add(PkCertConstants.CERT_INIT_PWD, 2, strArr[4]);
        }
        pkAttrs.add(PkCertConstants.CERT_RECIPIENT_DN, 2, new GeneralName(new X500Name(normalize)));
        SubjectAlternativeNameExtension createSubjectAltName = createSubjectAltName(strArr2);
        if (createSubjectAltName != null) {
            pkAttrs.add("x509.info.extensions.SubjectAlternativeName", 3, createSubjectAltName);
        }
        if (debug != null) {
            debug.text(1L, className, "initialCertRequest", "process complete attrs {0}", pkAttrs);
        }
        return pkAttrs;
    }

    public PkAttrs initialCertRequest(byte[] bArr, String[] strArr) throws Exception {
        if (bArr == null) {
            throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_VALUE_CANNOT_BE_NULL);
        }
        try {
            return initialCertRequest(new CertificationRequest(new DerValue(new PkBase64InputStream(new ByteArrayInputStream(bArr))).toByteArray()), strArr);
        } catch (IOException e) {
            throw e;
        }
    }

    private PkAttrs initialCertRequest(CertificationRequest certificationRequest, String[] strArr) throws Exception {
        if (certificationRequest == null) {
            throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_VALUE_CANNOT_BE_NULL);
        }
        try {
            certificationRequest.verify();
            if (strArr == null || strArr.length < 6) {
                throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_ARRAY_SIZE_WRONG);
            }
            if (debug != null) {
                for (String str : strArr) {
                    debug.text(1L, className, "initialCertRequest", "Processing {0}", str);
                }
            }
            for (String str2 : strArr) {
                if (str2 == null) {
                    throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_VALUE_CANNOT_BE_NULL);
                }
            }
            String normalize = new PkNormalize().normalize(strArr[0]);
            PkAttrs attrs = getAttrs(certificationRequest);
            if (new Integer(strArr[1]).intValue() != 3) {
                throw new PkRejectionException(PkNLSConstants.X509_CERT_VERSION_MUST_BE3);
            }
            attrs.add("x509.info.version", 3, PkCertConstants.CERT_VERSION_3);
            attrs.add(PkCertConstants.CERT_SENDER_KID, 2, new KeyIdentifier(strArr[2].getBytes()));
            attrs.add(PkCertConstants.CERT_INIT_PWD, 2, strArr[3]);
            attrs.add(PkCertConstants.CERT_RECIPIENT_DN, 2, new GeneralName(new X500Name(normalize)));
            attrs.add(PkCertConstants.CERT_PROVIDER, 2, PkEeFactory.getProvider());
            attrs.add(PkCertConstants.CERT_CMP_VERSION, 1, BIG_ONE);
            return attrs;
        } catch (IOException e) {
            throw e;
        }
    }

    public PkAttrs confRequest(String[] strArr) {
        InfoTypeAndValue[] createRevoPassphrase;
        if (debug != null) {
            debug.text(1L, className, "confRequest", "Processing {0}", (Object[]) strArr);
        }
        PkAttrs pkAttrs = new PkAttrs();
        pkAttrs.add("x509.info.version", 2, PkCertConstants.CERT_VERSION_3);
        pkAttrs.add(PkCertConstants.KEY_STORE_INIT_CERT_ALIAS, 2, strArr[0]);
        pkAttrs.add(PkCertConstants.KEY_STORE_INIT_ENTRY_PWD, 2, strArr[1].toCharArray());
        pkAttrs.add(PkCertConstants.CERT_INIT_PWD, 2, strArr[2]);
        pkAttrs.add(PkCertConstants.CERT_SENDER_KID, 2, new KeyIdentifier(strArr[3].getBytes()));
        if (strArr.length >= 5 && strArr[4] != null && !strArr[4].equalsIgnoreCase("") && (createRevoPassphrase = createRevoPassphrase(strArr[4])) != null) {
            pkAttrs.add(PkCertConstants.CERT_REVOCATION_PASSPHRASE, 2, createRevoPassphrase);
        }
        if (debug != null) {
            debug.text(1L, className, "confRequest", "Process Complete {0}", pkAttrs);
        }
        return pkAttrs;
    }

    public PkAttrs confRequest(Object[] objArr, Object[] objArr2) throws Exception {
        String str;
        if (debug != null) {
            debug.text(1L, className, "confRequest", "Processing {0}", objArr);
        }
        if (objArr == null || objArr.length < 3) {
            throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_ARRAY_SIZE_WRONG);
        }
        if (objArr[0] == null) {
            throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_VALUE_CANNOT_BE_NULL);
        }
        PkAttrs pkAttrs = new PkAttrs();
        pkAttrs.add("TMP_MSG_HDR", 2, objArr[0]);
        pkAttrs.add("x509.info.version", 2, PkCertConstants.CERT_VERSION_3);
        if (objArr[1] != null) {
            pkAttrs.add(PkCertConstants.CERT_INIT_PWD, 2, (String) objArr[1]);
        }
        if (objArr[2] != null) {
            pkAttrs.add(PkCertConstants.CERT_SENDER_KID, 2, new KeyIdentifier(((String) objArr[2]).getBytes()));
        }
        if (objArr.length >= 4 && (str = (String) objArr[3]) != null && !str.equalsIgnoreCase("")) {
            if (str.toCharArray().length < 12) {
                throw new PkRejectionException(PkNLSConstants.REVO_PWD_TO_SHORT);
            }
            InfoTypeAndValue[] createRevoPassphrase = createRevoPassphrase(str);
            if (createRevoPassphrase != null) {
                pkAttrs.add(PkCertConstants.CERT_REVOCATION_PASSPHRASE, 2, createRevoPassphrase);
            }
        }
        if (objArr2 != null) {
            if (objArr2.length < 2) {
                throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_ARRAY_SIZE_WRONG);
            }
            for (Object obj : objArr2) {
                if (obj == null) {
                    throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_VALUE_CANNOT_BE_NULL);
                }
            }
            pkAttrs.add(PkCertConstants.CERT_MESSAGE_PROTECTION_KEY, 2, objArr2[0]);
            pkAttrs.add(PkCertConstants.CERT_SENDER_KID, 2, (KeyIdentifier) ((SubjectKeyIdentifierExtension) ((X509CertImpl) objArr2[1]).get("x509.info.extensions.SubjectKeyIdentifier")).get("key_id"));
            if (((PrivateKey) objArr2[0]).getAlgorithm().equalsIgnoreCase("RSA")) {
                pkAttrs.add("x509.info.algorithmID", 3, new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid));
                pkAttrs.add(PkCertConstants.CERT_ALGORITHM_NAME, 2, "SHA1withRSA");
            } else {
                pkAttrs.add("x509.info.algorithmID", 3, AlgorithmId.get("SHA1withDSA"));
                pkAttrs.add(PkCertConstants.CERT_ALGORITHM_NAME, 2, "SHA1withDSA");
            }
            pkAttrs.add(PkCertConstants.CERT_PROVIDER, 2, PkEeFactory.getProvider());
        }
        if (debug != null) {
            debug.text(1L, className, "confRequest", "Process Complete {0}", pkAttrs);
        }
        return pkAttrs;
    }

    public PkAttrs secnRequest(String[] strArr, String[] strArr2, String[] strArr3, PublicKey publicKey, PrivateKey privateKey, Object[] objArr) throws Exception {
        return secnRequest(strArr, strArr2, strArr3, null, publicKey, privateKey, objArr);
    }

    public PkAttrs secnRequest(String[] strArr, String[] strArr2, String[] strArr3, String[] strArr4, PublicKey publicKey, PrivateKey privateKey, Object[] objArr) throws Exception {
        String str;
        AlgorithmId algorithmId;
        Object obj;
        if (strArr == null || strArr.length < 5) {
            throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_ARRAY_SIZE_WRONG);
        }
        for (String str2 : strArr) {
            if (str2 == null) {
                throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_VALUE_CANNOT_BE_NULL);
            }
        }
        if (publicKey == null) {
            throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_VALUE_CANNOT_BE_NULL);
        }
        if (strArr4 != null && debug != null) {
            for (String str3 : strArr4) {
                debug.text(1L, className, "secnCertRequest", "Processing {0}", str3);
            }
        }
        if (objArr == null || objArr.length < 2) {
            throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_ARRAY_SIZE_WRONG);
        }
        for (Object obj2 : objArr) {
            if (obj2 == null) {
                throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_VALUE_CANNOT_BE_NULL);
            }
        }
        if (debug != null) {
            debug.text(1L, className, "secnRequest", "Processing {0}", (Object[]) strArr);
            debug.text(1L, className, "secnRequest", "Processing {0}", (Object[]) strArr3);
        }
        boolean z = publicKey instanceof RSAPublicKey;
        String normalize = new PkNormalize().normalize(strArr[1]);
        String stringBuffer = new StringBuffer().append(strArr[0]).append(", ").append(normalize).toString();
        if (new Integer(strArr[2]).intValue() != 3) {
            throw new PkRejectionException(PkNLSConstants.X509_CERT_VERSION_MUST_BE3);
        }
        Integer num = PkCertConstants.CERT_VERSION_3;
        KeyUsageExtension keyUsageExtension = null;
        if (strArr3 != null) {
            keyUsageExtension = setKeyUsageExt(strArr3);
            if (keyUsageWrong(z, keyUsageExtension)) {
                if (!z && debug != null) {
                    debug.text(1L, className, "secnCertRequest", "Key usage for DSA should be digitalSignature or nonRepudiation");
                }
                throw new PkRejectionException(PkNLSConstants.CERT_BAD_KEY_USAGE);
            }
        }
        ExtKeyUsageExtension extKeyUsageExtension = strArr4 != null ? setextKeyUsageExt(strArr4) : null;
        PkAttrs pkAttrs = new PkAttrs();
        if (extKeyUsageExtension != null) {
            pkAttrs.add("x509.info.extensions.ExtKeyUsage", 3, extKeyUsageExtension);
        }
        if (keyUsageExtension != null) {
            pkAttrs.add("x509.info.extensions.KeyUsage", 3, keyUsageExtension);
        }
        pkAttrs.add("x509.info.version", 3, PkCertConstants.CERT_VERSION_3);
        pkAttrs.add(PkCertConstants.CERT_CMP_VERSION, 1, BIG_ONE);
        boolean z2 = objArr[0] instanceof RSAPrivateKey;
        if (z2 != z && debug != null) {
            debug.text(1L, className, "secnRequest", "privatekey type mismatch {0}", new Boolean(z2));
        }
        if (z) {
            pkAttrs.add("x509.info.algorithmID", 3, new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid));
            pkAttrs.add(PkCertConstants.CERT_ALGORITHM_NAME, 2, "SHA1withRSA");
        } else {
            pkAttrs.add("x509.info.algorithmID", 3, AlgorithmId.get("SHA1withDSA"));
            pkAttrs.add(PkCertConstants.CERT_ALGORITHM_NAME, 2, "SHA1withDSA");
        }
        if (objArr.length > 2) {
            str = (String) objArr[2];
            if (str == null) {
                str = PKCS5.MESSAGE_DIGEST_SHA1;
            }
        } else {
            str = PKCS5.MESSAGE_DIGEST_SHA1;
        }
        if (z2) {
            if (str.equalsIgnoreCase(PKCS5.MESSAGE_DIGEST_SHA1)) {
                obj = "SHA1withRSA";
                algorithmId = new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid);
            } else if (str.equalsIgnoreCase(PKCS5.MESSAGE_DIGEST_MD5)) {
                obj = "MD5withRSA";
                algorithmId = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
            } else if (str.equalsIgnoreCase(PKCS5.MESSAGE_DIGEST_MD2)) {
                obj = "MD2withRSA";
                algorithmId = new AlgorithmId(AlgorithmId.md2WithRSAEncryption_oid);
            } else {
                algorithmId = new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid);
                obj = "SHA1withRSA";
            }
            pkAttrs.add(PkCertConstants.CERT_MESSAGE_PROTECTION_ALGORITHM_ID, 2, algorithmId);
            pkAttrs.add(PkCertConstants.CERT_MESSAGE_PROTECTION_ALGORITHM_NAME, 2, obj);
        } else {
            pkAttrs.add(PkCertConstants.CERT_MESSAGE_PROTECTION_ALGORITHM_ID, 2, AlgorithmId.get("SHA1withDSA"));
            pkAttrs.add(PkCertConstants.CERT_MESSAGE_PROTECTION_ALGORITHM_NAME, 2, "SHA1withDSA");
        }
        pkAttrs.add(PkCertConstants.CERT_PROVIDER, 2, PkEeFactory.getProvider());
        Date date = new Date(new Long(strArr[3]).longValue());
        pkAttrs.add(PkCertConstants.CERT_NOT_BEFORE, 3, date);
        Date date2 = new Date();
        date2.setTime(date.getTime());
        date2.setTime(new Long(strArr[4]).longValue() + date2.getTime());
        pkAttrs.add(PkCertConstants.CERT_NOT_AFTER, 3, date2);
        if (debug != null) {
            debug.text(1L, className, "secnRequest", "notAfter {0}", date2);
        }
        pkAttrs.add(PkCertConstants.CERT_RECIPIENT_DN, 2, new GeneralName(new X500Name(normalize)));
        pkAttrs.add("x509.info.key", 3, publicKey);
        pkAttrs.add(PkCertConstants.CERT_MESSAGE_PROTECTION_KEY, 2, objArr[0]);
        pkAttrs.add(PkCertConstants.CERT_PRIVATE_KEY, 2, privateKey);
        pkAttrs.add("CERT_X509", 2, objArr[1]);
        X509CertImpl x509CertImpl = (X509CertImpl) objArr[1];
        pkAttrs.add(PkCertConstants.CERT_SENDER_KID, 2, (KeyIdentifier) ((SubjectKeyIdentifierExtension) x509CertImpl.get("x509.info.extensions.SubjectKeyIdentifier")).get("key_id"));
        String normalize2 = new PkNormalize().normalize(x509CertImpl.getSubjectDN().toString());
        String normalize3 = new PkNormalize().normalize(stringBuffer);
        if (!normalize2.equalsIgnoreCase(normalize3)) {
            if (debug != null) {
                debug.text(1L, className, "secnRequest", "subject mismatch.old subject {0} ", normalize2);
                debug.text(1L, className, "secnRequest", "subject mismatch.new subject {0} ", normalize3);
            }
            throw new PkRejectionException(PkNLSConstants.SUBJECT_MISMATCH_WITH_INIT_REQ);
        }
        pkAttrs.add("x509.info.subject", 3, new X500Name(stringBuffer));
        SubjectAlternativeNameExtension createSubjectAltName = createSubjectAltName(strArr2);
        if (createSubjectAltName != null) {
            pkAttrs.add("x509.info.extensions.SubjectAlternativeName", 3, createSubjectAltName);
        }
        if (debug != null) {
            debug.text(1L, className, "secnRequest", "process complete attrs {0}", pkAttrs);
        }
        return pkAttrs;
    }

    private PkAttrs xCertRequest(String[] strArr, X509Certificate x509Certificate) throws Exception {
        if (strArr == null || strArr.length < 5) {
            throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_ARRAY_SIZE_WRONG);
        }
        if (debug != null) {
            for (String str : strArr) {
                debug.text(1L, className, "xCertRequest", "Processing {0}", str);
            }
        }
        for (int i = 0; i < strArr.length; i++) {
            if (strArr[i] == null && i != 3) {
                throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_VALUE_CANNOT_BE_NULL);
            }
        }
        if (x509Certificate == null) {
            throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_VALUE_CANNOT_BE_NULL);
        }
        if (debug != null) {
            debug.text(1L, className, "xCertRequest", "Processing {0}", (Object[]) strArr);
        }
        PkCertUtils.screenCert(x509Certificate, true);
        PublicKey publicKey = x509Certificate.getPublicKey();
        X509Key x509Key = (X509Key) (publicKey instanceof RSAPublicKey ? KeyFactory.getInstance("RSA", PkEeFactory.getProvider()) : KeyFactory.getInstance("DSA", PkEeFactory.getProvider())).translateKey(publicKey);
        PkAttrs pkAttrs = new PkAttrs();
        pkAttrs.add("x509.info.version", 3, PkCertConstants.CERT_VERSION_3);
        pkAttrs.add(PkCertConstants.CERT_CMP_VERSION, 1, BIG_ONE);
        pkAttrs.add("x509.info.subject", 3, new X500Name(x509Certificate.getSubjectDN().getName()));
        pkAttrs.add(PkCertConstants.CERT_PROVIDER, 2, PkEeFactory.getProvider());
        pkAttrs.add(PkCertConstants.CERT_NOT_BEFORE, 3, new Date());
        Date time = new GregorianCalendar().getTime();
        time.getTime();
        if (strArr[3] == null) {
            if (debug != null) {
                debug.text(1L, className, "xCertRequest", "no supplied validity");
            }
            time = null;
        } else {
            time.setTime(new Long(strArr[3]).longValue() + time.getTime());
        }
        if (debug != null && time != null) {
            debug.text(1L, className, "xCertRequest", "notAfter {0}", time);
        }
        pkAttrs.add(PkCertConstants.CERT_NOT_AFTER, 3, time);
        pkAttrs.add("x509.info.key", 3, x509Key);
        pkAttrs.add("x509.info.extensions.KeyUsage", 3, new KeyUsageExtension(x509Certificate.getKeyUsage()));
        pkAttrs.add("x509.info.extensions.BasicConstraints", 3, new BasicConstraintsExtension(true, 1));
        pkAttrs.add(PkCertConstants.CERT_SENDER_KID, 2, new KeyIdentifier(strArr[1].getBytes()));
        pkAttrs.add(PkCertConstants.CERT_INIT_PWD, 2, strArr[2]);
        pkAttrs.add(PkCertConstants.CERT_RECIPIENT_DN, 2, new GeneralName(new X500Name(new PkNormalize().normalize(strArr[0]))));
        pkAttrs.add(PkCertConstants.CERT_OUTFILENAME, 2, strArr[4]);
        if (debug != null) {
            debug.text(1L, className, "xCertRequest", "process complete attrs {0}", pkAttrs);
        }
        return pkAttrs;
    }

    public PkAttrs confRequestForCr(String[] strArr, Object[] objArr) throws Exception {
        PkAttrs pkAttrs = new PkAttrs();
        if (debug != null) {
            debug.text(1L, className, "confRequestForCr", "Processing {0}", (Object[]) strArr);
            debug.text(1L, className, "confRequestForCr", "Processing {0}", objArr);
        }
        pkAttrs.add("x509.info.version", 2, PkCertConstants.CERT_VERSION_3);
        pkAttrs.add(PkCertConstants.KEY_STORE_INIT_CERT_ALIAS, 2, strArr[0]);
        pkAttrs.add(PkCertConstants.KEY_STORE_INIT_ENTRY_PWD, 2, strArr[1].toCharArray());
        pkAttrs.add(PkCertConstants.KEY_STORE_CERT_ALIAS, 2, strArr[2]);
        pkAttrs.add(PkCertConstants.KEY_STORE_ENTRY_PWD, 2, strArr[3].toCharArray());
        if (((PrivateKey) objArr[0]).getAlgorithm().equalsIgnoreCase("RSA")) {
            pkAttrs.add("x509.info.algorithmID", 3, new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid));
            pkAttrs.add(PkCertConstants.CERT_ALGORITHM_NAME, 2, "SHA1withRSA");
        } else {
            pkAttrs.add("x509.info.algorithmID", 3, AlgorithmId.get("SHA1withDSA"));
            pkAttrs.add(PkCertConstants.CERT_ALGORITHM_NAME, 2, "SHA1withDSA");
        }
        pkAttrs.add(PkCertConstants.CERT_PROVIDER, 2, PkEeFactory.getProvider());
        pkAttrs.add(PkCertConstants.CERT_MESSAGE_PROTECTION_KEY, 2, objArr[0]);
        pkAttrs.add(PkCertConstants.CERT_SENDER_KID, 2, new KeyIdentifier("123456".getBytes()));
        if (debug != null) {
            debug.text(1L, className, "confRequestForCr", "Process Complete {0}", pkAttrs);
        }
        return pkAttrs;
    }

    public PkAttrs revoRequest(Object[] objArr) throws Exception {
        InfoTypeAndValue[] createRevoPassphrase;
        if (debug != null) {
            debug.text(1L, className, "revoRequest", "Processing {0}", objArr);
        }
        if (objArr == null || objArr.length < 3) {
            throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_ARRAY_SIZE_WRONG);
        }
        for (int i = 0; i < objArr.length; i++) {
            if (objArr[i] == null && i != 2 && i != 3) {
                throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_VALUE_CANNOT_BE_NULL);
            }
        }
        if (objArr.length == 3 && objArr[2] == null) {
            throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_VALUE_CANNOT_BE_NULL);
        }
        if (objArr.length == 4 && objArr[2] == null && objArr[3] == null) {
            throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_VALUE_CANNOT_BE_NULL);
        }
        PkAttrs pkAttrs = new PkAttrs();
        X509CertImpl x509CertImpl = (X509CertImpl) objArr[0];
        x509CertImpl.getSerialNumber();
        String name = x509CertImpl.getIssuerDN().getName();
        KeyIdentifier keyIdentifier = (KeyIdentifier) ((SubjectKeyIdentifierExtension) x509CertImpl.get("x509.info.extensions.SubjectKeyIdentifier")).get("key_id");
        String str = x509CertImpl.getPublicKey() instanceof RSAPublicKey ? "RSA" : "DSA";
        pkAttrs.add("x509.info.serialNumber", 3, x509CertImpl.getSerialNumber());
        pkAttrs.add("x509.info.subject", 3, x509CertImpl.getSubjectDN());
        pkAttrs.add(PkCertConstants.CERT_RECIPIENT_DN, 2, new GeneralName(new X500Name(new String(name))));
        pkAttrs.add("CERT_X509", 2, objArr[0]);
        pkAttrs.add(PkCertConstants.CERT_SENDER_KID, 2, keyIdentifier);
        pkAttrs.add(PkRevoConstants.REVO_BAD_SINCE_DATE, 2, new Date());
        if (objArr[1] != null) {
            int intValue = ((Integer) objArr[1]).intValue();
            if ((0 > intValue || intValue >= 7) && intValue != 8) {
                throw new PkRejectionException(PkNLSConstants.INCORRECT_REASON);
            }
            pkAttrs.add(PkRevoConstants.REVO_REASON, 2, objArr[1]);
        }
        pkAttrs.add(PkCertConstants.CERT_PRIVATE_KEY, 2, objArr[2]);
        pkAttrs.add(PkCertConstants.CERT_CMP_VERSION, 1, BIG_ONE);
        if (str.equalsIgnoreCase("RSA")) {
            pkAttrs.add(PkCertConstants.CERT_ALGORITHM_NAME, 2, "SHA1withRSA");
        } else {
            pkAttrs.add(PkCertConstants.CERT_ALGORITHM_NAME, 2, "SHA1withDSA");
        }
        pkAttrs.add(PkCertConstants.CERT_PROVIDER, 2, PkEeFactory.getProvider());
        if (objArr.length >= 4 && objArr[3] != null && !((String) objArr[3]).equalsIgnoreCase("") && (createRevoPassphrase = createRevoPassphrase((String) objArr[3])) != null) {
            pkAttrs.add(PkCertConstants.CERT_REVOCATION_PASSPHRASE, 2, createRevoPassphrase);
        }
        if (debug != null) {
            debug.text(1L, className, "revoRequest", "Process Complete {0}", pkAttrs);
        }
        return pkAttrs;
    }

    public PkAttrs revoRequest(BigInteger bigInteger, Object[] objArr) throws Exception {
        InfoTypeAndValue[] createRevoPassphrase;
        if (debug != null) {
            debug.text(1L, className, "newrevoRequest", "certSerialNumber {0}", bigInteger);
            debug.text(1L, className, "newrevoRequest", "Processing {0}", objArr);
        }
        if (objArr == null || objArr.length < 2) {
            throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_ARRAY_SIZE_WRONG);
        }
        for (int i = 0; i < objArr.length; i++) {
            if (objArr[i] == null && i != 1 && i != 2) {
                throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_VALUE_CANNOT_BE_NULL);
            }
        }
        if (objArr.length == 2 && objArr[1] == null) {
            throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_VALUE_CANNOT_BE_NULL);
        }
        if (objArr.length == 3 && objArr[1] == null && objArr[2] == null) {
            throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_VALUE_CANNOT_BE_NULL);
        }
        PkAttrs pkAttrs = new PkAttrs();
        pkAttrs.add("x509.info.serialNumber", 3, bigInteger);
        pkAttrs.add("x509.info.subject", 3, new X500Name("CN=DSubject"));
        pkAttrs.add(PkCertConstants.CERT_RECIPIENT_DN, 2, new GeneralName(new X500Name("O=DIssuer")));
        pkAttrs.add(PkRevoConstants.REVO_BAD_SINCE_DATE, 2, new Date());
        if (objArr[0] != null) {
            int intValue = ((Integer) objArr[0]).intValue();
            if ((0 > intValue || intValue >= 7) && intValue != 8) {
                throw new PkRejectionException(PkNLSConstants.INCORRECT_REASON);
            }
            pkAttrs.add(PkRevoConstants.REVO_REASON, 2, objArr[0]);
        }
        if (objArr[1] != null) {
            if (((PrivateKey) objArr[1]) instanceof RSAPrivateKey) {
                pkAttrs.add(PkCertConstants.CERT_ALGORITHM_NAME, 2, "SHA1withRSA");
            } else {
                pkAttrs.add(PkCertConstants.CERT_ALGORITHM_NAME, 2, "SHA1withDSA");
            }
        }
        pkAttrs.add(PkCertConstants.CERT_PRIVATE_KEY, 2, objArr[1]);
        pkAttrs.add(PkCertConstants.CERT_CMP_VERSION, 1, BIG_ONE);
        pkAttrs.add(PkCertConstants.CERT_PROVIDER, 2, PkEeFactory.getProvider());
        if (objArr.length >= 3 && objArr[2] != null && !((String) objArr[2]).equalsIgnoreCase("") && (createRevoPassphrase = createRevoPassphrase((String) objArr[2])) != null) {
            pkAttrs.add(PkCertConstants.CERT_REVOCATION_PASSPHRASE, 2, createRevoPassphrase);
        }
        if (debug != null) {
            debug.text(1L, className, "revoRequest", "Process Complete {0}", pkAttrs);
        }
        return pkAttrs;
    }

    public PkAttrs revoRequest(PublicKey publicKey, Object[] objArr) throws Exception {
        InfoTypeAndValue[] createRevoPassphrase;
        if (debug != null) {
            debug.text(1L, className, "newrevoRequest", "publicKey {0}", publicKey);
            debug.text(1L, className, "newrevoRequest", "Processing {0}", objArr);
        }
        if (objArr == null || objArr.length < 2) {
            throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_ARRAY_SIZE_WRONG);
        }
        for (int i = 0; i < objArr.length; i++) {
            if (objArr[i] == null && i != 1 && i != 2) {
                throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_VALUE_CANNOT_BE_NULL);
            }
        }
        if (objArr.length == 2 && objArr[1] == null) {
            throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_VALUE_CANNOT_BE_NULL);
        }
        if (objArr.length == 3 && objArr[1] == null && objArr[2] == null) {
            throw new PkRejectionException(PkNLSConstants.INVALID_PARMS_VALUE_CANNOT_BE_NULL);
        }
        PkAttrs pkAttrs = new PkAttrs();
        pkAttrs.add("x509.info.subject", 3, new X500Name("CN=DSubject"));
        pkAttrs.add(PkCertConstants.CERT_RECIPIENT_DN, 2, new GeneralName(new X500Name("O=DIssuer")));
        pkAttrs.add(PkCertConstants.CERT_REVO_PUBLIC_KEY, 3, publicKey);
        pkAttrs.add(PkRevoConstants.REVO_BAD_SINCE_DATE, 2, new Date());
        if (objArr[0] != null) {
            int intValue = ((Integer) objArr[0]).intValue();
            if ((0 > intValue || intValue >= 7) && intValue != 8) {
                throw new PkRejectionException(PkNLSConstants.INCORRECT_REASON);
            }
            pkAttrs.add(PkRevoConstants.REVO_REASON, 2, objArr[0]);
        }
        if (objArr[1] != null) {
            if (((PrivateKey) objArr[1]) instanceof RSAPrivateKey) {
                pkAttrs.add(PkCertConstants.CERT_ALGORITHM_NAME, 2, "SHA1withRSA");
            } else {
                pkAttrs.add(PkCertConstants.CERT_ALGORITHM_NAME, 2, "SHA1withDSA");
            }
        }
        pkAttrs.add(PkCertConstants.CERT_PRIVATE_KEY, 2, objArr[1]);
        pkAttrs.add(PkCertConstants.CERT_CMP_VERSION, 1, BIG_ONE);
        pkAttrs.add(PkCertConstants.CERT_PROVIDER, 2, PkEeFactory.getProvider());
        if (objArr.length >= 3 && objArr[2] != null && !((String) objArr[2]).equalsIgnoreCase("") && (createRevoPassphrase = createRevoPassphrase((String) objArr[2])) != null) {
            pkAttrs.add(PkCertConstants.CERT_REVOCATION_PASSPHRASE, 2, createRevoPassphrase);
        }
        if (debug != null) {
            debug.text(1L, className, "revoRequest", "Process Complete {0}", pkAttrs);
        }
        return pkAttrs;
    }

    private boolean keyUsageWrong(boolean z, KeyUsageExtension keyUsageExtension) throws Exception {
        boolean[] bits = keyUsageExtension.getBits();
        boolean z2 = false;
        if (z) {
            for (boolean z3 : bits) {
                if (debug != null) {
                    debug.text(1L, className, "keyUsageWrong", "ba ={0}", new Boolean(z3));
                }
            }
            if (bits.length > 5) {
                int length = bits.length >= 7 ? 7 : bits.length;
                for (int i = 5; i < length; i++) {
                    z2 = z2 || bits[i];
                }
            }
        } else {
            for (boolean z4 : bits) {
                if (debug != null) {
                    debug.text(1L, className, "keyUsageWrong", "ba ={0}", new Boolean(z4));
                }
            }
            if (bits.length > 2) {
                for (int i2 = 2; i2 < bits.length; i2++) {
                    z2 = z2 || bits[i2];
                }
            }
        }
        return z2;
    }

    private PKIMessage getConfMessage(PKIHeader pKIHeader, KeyIdentifier keyIdentifier, String str) throws Exception {
        GeneralName recipient = pKIHeader.getRecipient();
        GeneralName sender = pKIHeader.getSender();
        byte[] recipNonce = pKIHeader.getRecipNonce();
        byte[] senderNonce = pKIHeader.getSenderNonce();
        byte[] transactionID = pKIHeader.getTransactionID();
        PBMParameterSpec pBMParameterSpec = new PBMParameterSpec("this is a salt".getBytes(), new AlgorithmId(AlgorithmId.SHA_oid), 1001, new AlgorithmId(AlgorithmId.HmacSHA1_oid));
        try {
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("PasswordBasedMac", PkEeFactory.getProvider());
            try {
                algorithmParameters.init(pBMParameterSpec);
                try {
                    try {
                        return new PKIMessage(new PKIHeader(BIG_ONE, recipient, sender, new Date(), new AlgorithmId(AlgorithmId.PasswordBasedMac_oid, algorithmParameters.getEncoded()), keyIdentifier, null, transactionID, recipNonce, senderNonce, null, null), 19, null, null, null).protect(str.getBytes());
                    } catch (Exception e) {
                        if (e instanceof PkException) {
                            throw ((PkException) e);
                        }
                        throw new PkException(e);
                    }
                } catch (Exception e2) {
                    if (debug != null) {
                        debug.text(1L, className, "getConfMessage", "ERROR : {0} ", e2.toString());
                    }
                    throw e2;
                }
            } catch (InvalidParameterSpecException e3) {
                if (debug != null) {
                    debug.text(1L, className, "getConfMessage", "ERROR : {0} ", e3.toString());
                }
                throw e3;
            }
        } catch (NoSuchAlgorithmException e4) {
            if (debug != null) {
                debug.text(1L, className, "getConfMessage", "ERROR : {0} ", e4.toString());
            }
            throw e4;
        } catch (NoSuchProviderException e5) {
            if (debug != null) {
                debug.text(1L, className, "getConfMessage", "ERROR : {0} ", e5.toString());
            }
            throw e5;
        }
    }

    private InfoTypeAndValue[] createRevoPassphrase(String str) {
        InfoTypeAndValue[] infoTypeAndValueArr;
        try {
            infoTypeAndValueArr = new InfoTypeAndValue[]{new InfoTypeAndValue(new RevPassphraseInfoValue(new EncryptedValue(null, null, null, null, null, str.getBytes())))};
        } catch (IOException e) {
            infoTypeAndValueArr = null;
        }
        return infoTypeAndValueArr;
    }

    private byte[] getIPAddress(String str) {
        String[] split = PkString.split(str, ".");
        return new byte[]{new Integer(split[0]).byteValue(), new Integer(split[1]).byteValue(), new Integer(split[2]).byteValue(), new Integer(split[3]).byteValue()};
    }

    private SubjectAlternativeNameExtension createSubjectAltName(String[] strArr) throws Exception {
        SubjectAlternativeNameExtension subjectAlternativeNameExtension = null;
        if (strArr != null) {
            GeneralNames generalNames = new GeneralNames();
            boolean z = false;
            int length = strArr.length;
            if (strArr[0] != null) {
                generalNames.addElement(new RFC822Name(strArr[0]));
                z = true;
            }
            if (length > 1 && strArr[1] != null) {
                generalNames.addElement(new DNSName(strArr[1]));
                z = true;
            }
            if (length > 2 && strArr[2] != null) {
                generalNames.addElement(new URIName(strArr[2]));
                z = true;
            }
            if (length > 3 && strArr[3] != null) {
                generalNames.addElement(new IPAddressName(getIPAddress(strArr[3])));
                z = true;
            }
            if (z) {
                subjectAlternativeNameExtension = new SubjectAlternativeNameExtension(generalNames);
            }
        }
        return subjectAlternativeNameExtension;
    }

    private KeyUsageExtension setKeyUsageExt(String[] strArr) throws IOException, PkRejectionException {
        KeyUsageExtension keyUsageExtension = new KeyUsageExtension();
        for (int i = 0; i < strArr.length && strArr[i] != null; i++) {
            if (strArr[i].equalsIgnoreCase(KeyUsageExtension.DIGITAL_SIGNATURE)) {
                keyUsageExtension.set(KeyUsageExtension.DIGITAL_SIGNATURE, Boolean.TRUE);
            } else if (strArr[i].equalsIgnoreCase(KeyUsageExtension.DATA_ENCIPHERMENT)) {
                keyUsageExtension.set(KeyUsageExtension.DATA_ENCIPHERMENT, Boolean.TRUE);
            } else if (strArr[i].equalsIgnoreCase(KeyUsageExtension.ENCIPHER_ONLY)) {
                keyUsageExtension.set(KeyUsageExtension.ENCIPHER_ONLY, Boolean.TRUE);
            } else if (strArr[i].equalsIgnoreCase(KeyUsageExtension.DECIPHER_ONLY)) {
                keyUsageExtension.set(KeyUsageExtension.DECIPHER_ONLY, Boolean.TRUE);
            } else if (strArr[i].equalsIgnoreCase(KeyUsageExtension.NON_REPUDIATION)) {
                keyUsageExtension.set(KeyUsageExtension.NON_REPUDIATION, Boolean.TRUE);
            } else if (strArr[i].equalsIgnoreCase(KeyUsageExtension.KEY_ENCIPHERMENT)) {
                keyUsageExtension.set(KeyUsageExtension.KEY_ENCIPHERMENT, Boolean.TRUE);
            } else {
                if (!strArr[i].equalsIgnoreCase(KeyUsageExtension.KEY_AGREEMENT)) {
                    if (debug != null) {
                        debug.text(1L, className, "setKeyUsageExt", "Key usage {0} is not valid", strArr[i]);
                    }
                    throw new PkRejectionException(PkNLSConstants.CERT_BAD_KEY_USAGE);
                }
                keyUsageExtension.set(KeyUsageExtension.KEY_AGREEMENT, Boolean.TRUE);
            }
        }
        return keyUsageExtension;
    }

    private ExtKeyUsageExtension setextKeyUsageExt(String[] strArr) throws IOException, PkRejectionException {
        Vector vector = new Vector();
        for (int i = 0; i < strArr.length && strArr[i] != null; i++) {
            if (strArr[i].equalsIgnoreCase("ServerAuth_Id")) {
                vector.add(i, PKIXExtensions.ServerAuth_Id);
            } else if (strArr[i].equalsIgnoreCase("ClientAuth_Id")) {
                vector.add(i, PKIXExtensions.ClientAuth_Id);
            } else if (strArr[i].equalsIgnoreCase("CodeSigning_Id")) {
                vector.add(i, PKIXExtensions.CodeSigning_Id);
            } else if (strArr[i].equalsIgnoreCase("EmailProtection_Id")) {
                vector.add(i, PKIXExtensions.EmailProtection_Id);
            } else if (strArr[i].equalsIgnoreCase("IPSecEndSystem_Id")) {
                vector.add(i, PKIXExtensions.IPSecEndSystem_Id);
            } else if (strArr[i].equalsIgnoreCase("IPSecTunnel_Id")) {
                vector.add(i, PKIXExtensions.IPSecTunnel_Id);
            } else if (strArr[i].equalsIgnoreCase("IPSecUser_Id")) {
                vector.add(i, PKIXExtensions.IPSecUser_Id);
            } else {
                if (!strArr[i].equalsIgnoreCase("TimeStamping_Id")) {
                    if (debug != null) {
                        debug.text(1L, className, "extsetKeyUsageExt", "Key usage {0} is not valid", strArr[i]);
                    }
                    throw new PkRejectionException(PkNLSConstants.CERT_BAD_KEY_USAGE);
                }
                vector.add(i, PKIXExtensions.TimeStamping_Id);
            }
        }
        return vector.size() > 0 ? new ExtKeyUsageExtension(vector) : null;
    }

    private PkAttrs getAttrs(CertificationRequest certificationRequest) throws IOException {
        CertificationRequestInfo certRequestInfo = certificationRequest.getCertRequestInfo();
        PkAttrs pkAttrs = new PkAttrs();
        pkAttrs.add("x509.info.subject", APPROVEDAPPLIED, certRequestInfo.getSubjectName());
        try {
            pkAttrs.add("x509.info.key", APPROVEDAPPLIED, certRequestInfo.getSubjectPublicKeyInfo());
            PKCSAttribute[] attributes = certRequestInfo.getAttributes().getAttributes();
            for (int i = 0; i < attributes.length; i++) {
                ObjectIdentifier attributeId = attributes[i].getAttributeId();
                String name = PKCS9.getName(attributeId);
                if (name != null) {
                    pkAttrs.add(name, 1, attributes[i].getAttributeValue());
                } else if (attributeId.equals(EXT_OID)) {
                    Enumeration elements = new CertificateExtensions(new DerInputStream(new DerInputStream((byte[]) attributes[i].getAttributeValue()).getSet(1)[0].toByteArray())).getElements();
                    while (elements.hasMoreElements()) {
                        Object nextElement = elements.nextElement();
                        pkAttrs.add(!(nextElement instanceof CertAttrSet) ? ((Extension) nextElement).getExtensionId().toString() : new StringBuffer().append(PkCertConstants.CERT_EXT).append(((CertAttrSet) nextElement).getName()).toString(), 1, nextElement);
                    }
                }
            }
            return pkAttrs;
        } catch (InvalidKeyException e) {
            throw new PkIoException(e);
        }
    }
}
