package org.apache.poi.poifs.crypt.dsig;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.xml.crypto.URIDereferencer;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.poi.EncryptedDocumentException;
import org.apache.poi.hpsf.ClassID;
import org.apache.poi.openxml4j.opc.OPCPackage;
import org.apache.poi.poifs.crypt.HashAlgorithm;
import org.apache.poi.poifs.crypt.dsig.facets.KeyInfoSignatureFacet;
import org.apache.poi.poifs.crypt.dsig.facets.OOXMLSignatureFacet;
import org.apache.poi.poifs.crypt.dsig.facets.Office2010SignatureFacet;
import org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet;
import org.apache.poi.poifs.crypt.dsig.facets.XAdESSignatureFacet;
import org.apache.poi.poifs.crypt.dsig.services.RevocationDataService;
import org.apache.poi.poifs.crypt.dsig.services.SignaturePolicyService;
import org.apache.poi.poifs.crypt.dsig.services.TSPTimeStampService;
import org.apache.poi.poifs.crypt.dsig.services.TimeStampHttpClient;
import org.apache.poi.poifs.crypt.dsig.services.TimeStampService;
import org.apache.poi.poifs.crypt.dsig.services.TimeStampServiceValidator;
import org.apache.poi.poifs.crypt.dsig.services.TimeStampSimpleHttpClient;
import org.apache.poi.util.Internal;
import org.apache.poi.util.LocaleUtil;
import org.apache.poi.util.Removal;

/* loaded from: input_file:ingrid-iplug-blp-7.3.0/lib/poi-ooxml-5.2.2.jar:org/apache/poi/poifs/crypt/dsig/SignatureConfig.class */
public class SignatureConfig {
    public static final String SIGNATURE_TIME_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'";
    private static final String DigestMethod_SHA224 = "http://www.w3.org/2001/04/xmldsig-more#sha224";
    private static final String DigestMethod_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#sha384";
    private static final String XMLSEC_SANTUARIO = "org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI";
    private static final String XMLSEC_JDK = "org.jcp.xml.dsig.internal.dom.XMLDSigRI";
    private PrivateKey key;
    private List<X509Certificate> signingCertificateChain;
    private SignaturePolicyService signaturePolicyService;
    private boolean includeIssuerSerial;
    private boolean includeKeyValue;
    private String tspUrl;
    private boolean tspOldProtocol;
    private HashAlgorithm tspDigestAlgo;
    private String tspUser;
    private String tspPass;
    private TimeStampServiceValidator tspValidator;
    private String proxyUrl;
    private RevocationDataService revocationDataService;
    private HashAlgorithm xadesDigestAlgo;
    private String xadesRole;
    private ClassID signatureImageSetupId;
    private byte[] signatureImage;
    private byte[] signatureImageValid;
    private byte[] signatureImageInvalid;
    private static final Logger LOG = LogManager.getLogger((Class<?>) SignatureConfig.class);
    private static final List<Supplier<SignatureFacet>> DEFAULT_FACETS = Arrays.asList(OOXMLSignatureFacet::new, KeyInfoSignatureFacet::new, XAdESSignatureFacet::new, Office2010SignatureFacet::new);
    private final ThreadLocal<OPCPackage> opcPackage = new ThreadLocal<>();
    private final ThreadLocal<XMLSignatureFactory> signatureFactory = new ThreadLocal<>();
    private final ThreadLocal<KeyInfoFactory> keyInfoFactory = new ThreadLocal<>();
    private final ThreadLocal<Provider> provider = new ThreadLocal<>();
    private List<SignatureFacet> signatureFacets = new ArrayList();
    private HashAlgorithm digestAlgo = HashAlgorithm.sha256;
    private Date executionTime = new Date();
    private URIDereferencer uriDereferencer = new OOXMLURIDereferencer();
    private String canonicalizationMethod = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
    private boolean includeEntireCertificateChain = true;
    private TimeStampService tspService = new TSPTimeStampService();
    private TimeStampHttpClient tspHttpClient = new TimeStampSimpleHttpClient();
    private String tspRequestPolicy = "1.3.6.1.4.1.13762.3";
    private String userAgent = "POI XmlSign Service TSP Client";
    private String xadesSignatureId = "idSignedProperties";
    private boolean xadesSignaturePolicyImplied = true;
    private String xadesCanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";
    private boolean xadesIssuerNameNoReverseOrder = true;
    private String packageSignatureId = "idPackageSignature";
    private String signatureDescription = "Office OpenXML Document";
    private SignatureMarshalListener signatureMarshalListener = new SignatureMarshalDefaultListener();
    private final Map<String, String> namespacePrefixes = new HashMap();
    private boolean updateConfigOnValidate = false;
    private boolean allowMultipleSignatures = false;
    private boolean secureValidation = true;
    private String commitmentType = "Created and approved this document";
    private boolean allowCRLDownload = false;
    private final List<CRLEntry> crlEntries = new ArrayList();
    private final KeyStore keyStore = emptyKeyStore();

    /* loaded from: input_file:ingrid-iplug-blp-7.3.0/lib/poi-ooxml-5.2.2.jar:org/apache/poi/poifs/crypt/dsig/SignatureConfig$CRLEntry.class */
    public static class CRLEntry {
        private final String crlURL;
        private final String certCN;
        private final byte[] crlBytes;

        public CRLEntry(String str, String str2, byte[] bArr) {
            this.crlURL = str;
            this.certCN = str2;
            this.crlBytes = bArr;
        }

        public String getCrlURL() {
            return this.crlURL;
        }

        public String getCertCN() {
            return this.certCN;
        }

        public byte[] getCrlBytes() {
            return this.crlBytes;
        }
    }

    public SignatureConfig() {
        this.namespacePrefixes.put("http://schemas.openxmlformats.org/package/2006/digital-signature", "mdssi");
        this.namespacePrefixes.put(SignatureFacet.XADES_132_NS, "xd");
    }

    public void addSignatureFacet(SignatureFacet signatureFacet) {
        this.signatureFacets.add(signatureFacet);
    }

    public List<SignatureFacet> getSignatureFacets() {
        return this.signatureFacets.isEmpty() ? (List) DEFAULT_FACETS.stream().map((v0) -> {
            return v0.get();
        }).collect(Collectors.toList()) : this.signatureFacets;
    }

    public void setSignatureFacets(List<SignatureFacet> list) {
        this.signatureFacets = list;
    }

    public HashAlgorithm getDigestAlgo() {
        return this.digestAlgo;
    }

    public void setDigestAlgo(HashAlgorithm hashAlgorithm) {
        this.digestAlgo = hashAlgorithm;
    }

    @Removal(version = "5.0.0")
    @Deprecated
    public OPCPackage getOpcPackage() {
        return this.opcPackage.get();
    }

    @Removal(version = "5.0.0")
    @Deprecated
    public void setOpcPackage(OPCPackage oPCPackage) {
        this.opcPackage.set(oPCPackage);
    }

    public PrivateKey getKey() {
        return this.key;
    }

    public void setKey(PrivateKey privateKey) {
        this.key = privateKey;
    }

    public List<X509Certificate> getSigningCertificateChain() {
        return this.signingCertificateChain;
    }

    public void setSigningCertificateChain(List<X509Certificate> list) {
        this.signingCertificateChain = list;
    }

    public Date getExecutionTime() {
        return this.executionTime;
    }

    public void setExecutionTime(Date date) {
        this.executionTime = date;
    }

    public String formatExecutionTime() {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(SIGNATURE_TIME_FORMAT, Locale.ROOT);
        simpleDateFormat.setTimeZone(LocaleUtil.TIMEZONE_UTC);
        return simpleDateFormat.format(getExecutionTime());
    }

    public void setExecutionTime(String str) {
        if (str == null || "".equals(str)) {
            return;
        }
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(SIGNATURE_TIME_FORMAT, Locale.ROOT);
        simpleDateFormat.setTimeZone(LocaleUtil.TIMEZONE_UTC);
        try {
            this.executionTime = simpleDateFormat.parse(str);
        } catch (ParseException e) {
            LOG.atWarn().log("Illegal execution time: {}. Must be formatted as yyyy-MM-dd'T'HH:mm:ss'Z'", str);
        }
    }

    public SignaturePolicyService getSignaturePolicyService() {
        return this.signaturePolicyService;
    }

    public void setSignaturePolicyService(SignaturePolicyService signaturePolicyService) {
        this.signaturePolicyService = signaturePolicyService;
    }

    @Removal(version = "5.0.0")
    @Deprecated
    public URIDereferencer getUriDereferencer() {
        return this.uriDereferencer;
    }

    @Removal(version = "5.0.0")
    @Deprecated
    public void setUriDereferencer(URIDereferencer uRIDereferencer) {
        this.uriDereferencer = uRIDereferencer;
    }

    public String getSignatureDescription() {
        return this.signatureDescription;
    }

    public void setSignatureDescription(String str) {
        this.signatureDescription = str;
    }

    public byte[] getSignatureImage() {
        return this.signatureImage;
    }

    public byte[] getSignatureImageValid() {
        return this.signatureImageValid;
    }

    public byte[] getSignatureImageInvalid() {
        return this.signatureImageInvalid;
    }

    public ClassID getSignatureImageSetupId() {
        return this.signatureImageSetupId;
    }

    public void setSignatureImageSetupId(ClassID classID) {
        this.signatureImageSetupId = classID;
    }

    public void setSignatureImage(byte[] bArr) {
        this.signatureImage = bArr == null ? null : (byte[]) bArr.clone();
    }

    public void setSignatureImageValid(byte[] bArr) {
        this.signatureImageValid = bArr == null ? null : (byte[]) bArr.clone();
    }

    public void setSignatureImageInvalid(byte[] bArr) {
        this.signatureImageInvalid = bArr == null ? null : (byte[]) bArr.clone();
    }

    public String getCanonicalizationMethod() {
        return this.canonicalizationMethod;
    }

    public void setCanonicalizationMethod(String str) {
        this.canonicalizationMethod = verifyCanonicalizationMethod(str, "http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
    }

    private static String verifyCanonicalizationMethod(String str, String str2) {
        if (str == null || str.isEmpty()) {
            return str2;
        }
        boolean z = -1;
        switch (str.hashCode()) {
            case -2012395451:
                if (str.equals("http://www.w3.org/TR/2001/REC-xml-c14n-20010315")) {
                    z = true;
                    break;
                }
                break;
            case -785330953:
                if (str.equals("http://www.w3.org/2000/09/xmldsig#enveloped-signature")) {
                    z = false;
                    break;
                }
                break;
            case -549269964:
                if (str.equals("http://www.w3.org/2001/10/xml-exc-c14n#")) {
                    z = 3;
                    break;
                }
                break;
            case 246158456:
                if (str.equals("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments")) {
                    z = 2;
                    break;
                }
                break;
            case 1783513390:
                if (str.equals("http://www.w3.org/2001/10/xml-exc-c14n#WithComments")) {
                    z = 4;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
            case true:
            case true:
            case true:
                return str;
            default:
                throw new EncryptedDocumentException("Unknown CanonicalizationMethod: " + str);
        }
    }

    public String getPackageSignatureId() {
        return this.packageSignatureId;
    }

    public void setPackageSignatureId(String str) {
        this.packageSignatureId = (String) nvl(str, "xmldsig-" + UUID.randomUUID());
    }

    public String getTspUrl() {
        return this.tspUrl;
    }

    public void setTspUrl(String str) {
        this.tspUrl = str;
    }

    public boolean isTspOldProtocol() {
        return this.tspOldProtocol;
    }

    public void setTspOldProtocol(boolean z) {
        this.tspOldProtocol = z;
    }

    public HashAlgorithm getTspDigestAlgo() {
        return (HashAlgorithm) nvl(this.tspDigestAlgo, this.digestAlgo);
    }

    public void setTspDigestAlgo(HashAlgorithm hashAlgorithm) {
        this.tspDigestAlgo = hashAlgorithm;
    }

    public String getProxyUrl() {
        return this.proxyUrl;
    }

    public void setProxyUrl(String str) {
        this.proxyUrl = str;
    }

    public TimeStampService getTspService() {
        return this.tspService;
    }

    public void setTspService(TimeStampService timeStampService) {
        this.tspService = timeStampService;
    }

    public TimeStampHttpClient getTspHttpClient() {
        return this.tspHttpClient;
    }

    public void setTspHttpClient(TimeStampHttpClient timeStampHttpClient) {
        this.tspHttpClient = timeStampHttpClient;
    }

    public String getTspUser() {
        return this.tspUser;
    }

    public void setTspUser(String str) {
        this.tspUser = str;
    }

    public String getTspPass() {
        return this.tspPass;
    }

    public void setTspPass(String str) {
        this.tspPass = str;
    }

    public TimeStampServiceValidator getTspValidator() {
        return this.tspValidator;
    }

    public void setTspValidator(TimeStampServiceValidator timeStampServiceValidator) {
        this.tspValidator = timeStampServiceValidator;
    }

    public RevocationDataService getRevocationDataService() {
        return this.revocationDataService;
    }

    public void setRevocationDataService(RevocationDataService revocationDataService) {
        this.revocationDataService = revocationDataService;
    }

    public HashAlgorithm getXadesDigestAlgo() {
        return (HashAlgorithm) nvl(this.xadesDigestAlgo, this.digestAlgo);
    }

    public void setXadesDigestAlgo(HashAlgorithm hashAlgorithm) {
        this.xadesDigestAlgo = hashAlgorithm;
    }

    public void setXadesDigestAlgo(String str) {
        this.xadesDigestAlgo = getDigestMethodAlgo(str);
    }

    public String getUserAgent() {
        return this.userAgent;
    }

    public void setUserAgent(String str) {
        this.userAgent = str;
    }

    public String getTspRequestPolicy() {
        return this.tspRequestPolicy;
    }

    public void setTspRequestPolicy(String str) {
        this.tspRequestPolicy = str;
    }

    public boolean isIncludeEntireCertificateChain() {
        return this.includeEntireCertificateChain;
    }

    public void setIncludeEntireCertificateChain(boolean z) {
        this.includeEntireCertificateChain = z;
    }

    public boolean isIncludeIssuerSerial() {
        return this.includeIssuerSerial;
    }

    public void setIncludeIssuerSerial(boolean z) {
        this.includeIssuerSerial = z;
    }

    public boolean isIncludeKeyValue() {
        return this.includeKeyValue;
    }

    public void setIncludeKeyValue(boolean z) {
        this.includeKeyValue = z;
    }

    public String getXadesRole() {
        return this.xadesRole;
    }

    public void setXadesRole(String str) {
        this.xadesRole = str;
    }

    public String getXadesSignatureId() {
        return (String) nvl(this.xadesSignatureId, "idSignedProperties");
    }

    public void setXadesSignatureId(String str) {
        this.xadesSignatureId = str;
    }

    public boolean isXadesSignaturePolicyImplied() {
        return this.xadesSignaturePolicyImplied;
    }

    public void setXadesSignaturePolicyImplied(boolean z) {
        this.xadesSignaturePolicyImplied = z;
    }

    public boolean isXadesIssuerNameNoReverseOrder() {
        return this.xadesIssuerNameNoReverseOrder;
    }

    public void setXadesIssuerNameNoReverseOrder(boolean z) {
        this.xadesIssuerNameNoReverseOrder = z;
    }

    public SignatureMarshalListener getSignatureMarshalListener() {
        return this.signatureMarshalListener;
    }

    public void setSignatureMarshalListener(SignatureMarshalListener signatureMarshalListener) {
        this.signatureMarshalListener = signatureMarshalListener;
    }

    public Map<String, String> getNamespacePrefixes() {
        return this.namespacePrefixes;
    }

    public void setNamespacePrefixes(Map<String, String> map) {
        this.namespacePrefixes.clear();
        this.namespacePrefixes.putAll(map);
    }

    private static <T> T nvl(T t, T t2) {
        return t == null ? t2 : t;
    }

    public String getSignatureMethodUri() {
        switch (getDigestAlgo()) {
            case sha1:
                return "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
            case sha224:
                return "http://www.w3.org/2001/04/xmldsig-more#rsa-sha224";
            case sha256:
                return "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
            case sha384:
                return "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384";
            case sha512:
                return "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
            case ripemd160:
                return "http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160";
            default:
                throw new EncryptedDocumentException("Hash algorithm " + getDigestAlgo() + " not supported for signing.");
        }
    }

    public String getDigestMethodUri() {
        return getDigestMethodUri(getDigestAlgo());
    }

    public static String getDigestMethodUri(HashAlgorithm hashAlgorithm) {
        switch (hashAlgorithm) {
            case sha1:
                return "http://www.w3.org/2000/09/xmldsig#sha1";
            case sha224:
                return DigestMethod_SHA224;
            case sha256:
                return "http://www.w3.org/2001/04/xmlenc#sha256";
            case sha384:
                return DigestMethod_SHA384;
            case sha512:
                return "http://www.w3.org/2001/04/xmlenc#sha512";
            case ripemd160:
                return "http://www.w3.org/2001/04/xmlenc#ripemd160";
            default:
                throw new EncryptedDocumentException("Hash algorithm " + hashAlgorithm + " not supported for signing.");
        }
    }

    private static HashAlgorithm getDigestMethodAlgo(String str) {
        if (str == null || str.isEmpty()) {
            return null;
        }
        boolean z = -1;
        switch (str.hashCode()) {
            case -1000393448:
                if (str.equals("http://www.w3.org/2001/04/xmlenc#sha256")) {
                    z = 2;
                    break;
                }
                break;
            case -1000390693:
                if (str.equals("http://www.w3.org/2001/04/xmlenc#sha512")) {
                    z = 4;
                    break;
                }
                break;
            case 1060036557:
                if (str.equals("http://www.w3.org/2000/09/xmldsig#sha1")) {
                    z = false;
                    break;
                }
                break;
            case 1253031479:
                if (str.equals("http://www.w3.org/2001/04/xmlenc#ripemd160")) {
                    z = 5;
                    break;
                }
                break;
            case 2029689854:
                if (str.equals(DigestMethod_SHA224)) {
                    z = true;
                    break;
                }
                break;
            case 2029691001:
                if (str.equals(DigestMethod_SHA384)) {
                    z = 3;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return HashAlgorithm.sha1;
            case true:
                return HashAlgorithm.sha224;
            case true:
                return HashAlgorithm.sha256;
            case true:
                return HashAlgorithm.sha384;
            case true:
                return HashAlgorithm.sha512;
            case true:
                return HashAlgorithm.ripemd160;
            default:
                throw new EncryptedDocumentException("Hash algorithm " + str + " not supported for signing.");
        }
    }

    public void setSignatureMethodFromUri(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -871953275:
                if (str.equals("http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160")) {
                    z = 5;
                    break;
                }
                break;
            case -699582165:
                if (str.equals("http://www.w3.org/2001/04/xmldsig-more#rsa-sha224")) {
                    z = true;
                    break;
                }
                break;
            case -699582070:
                if (str.equals("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256")) {
                    z = 2;
                    break;
                }
                break;
            case -699581018:
                if (str.equals("http://www.w3.org/2001/04/xmldsig-more#rsa-sha384")) {
                    z = 3;
                    break;
                }
                break;
            case -699579315:
                if (str.equals("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512")) {
                    z = 4;
                    break;
                }
                break;
            case 670108474:
                if (str.equals("http://www.w3.org/2000/09/xmldsig#rsa-sha1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                setDigestAlgo(HashAlgorithm.sha1);
                return;
            case true:
                setDigestAlgo(HashAlgorithm.sha224);
                return;
            case true:
                setDigestAlgo(HashAlgorithm.sha256);
                return;
            case true:
                setDigestAlgo(HashAlgorithm.sha384);
                return;
            case true:
                setDigestAlgo(HashAlgorithm.sha512);
                return;
            case true:
                setDigestAlgo(HashAlgorithm.ripemd160);
                return;
            default:
                throw new EncryptedDocumentException("Hash algorithm " + str + " not supported.");
        }
    }

    @Removal(version = "5.0.0")
    @Deprecated
    public void setSignatureFactory(XMLSignatureFactory xMLSignatureFactory) {
        this.signatureFactory.set(xMLSignatureFactory);
    }

    @Removal(version = "5.0.0")
    @Deprecated
    public XMLSignatureFactory getSignatureFactory() {
        return this.signatureFactory.get();
    }

    @Removal(version = "5.0.0")
    @Deprecated
    public void setKeyInfoFactory(KeyInfoFactory keyInfoFactory) {
        this.keyInfoFactory.set(keyInfoFactory);
    }

    @Removal(version = "5.0.0")
    @Deprecated
    public KeyInfoFactory getKeyInfoFactory() {
        return this.keyInfoFactory.get();
    }

    @Removal(version = "5.0.0")
    @Internal
    @Deprecated
    public void setProvider(Provider provider) {
        this.provider.set(provider);
    }

    @Removal(version = "5.0.0")
    @Deprecated
    public Provider getProvider() {
        return this.provider.get();
    }

    public static String[] getProviderNames() {
        String property = System.getProperty("jsr105Provider");
        return (property == null || "".equals(property)) ? new String[]{XMLSEC_SANTUARIO, XMLSEC_JDK} : new String[]{property, XMLSEC_SANTUARIO, XMLSEC_JDK};
    }

    public String getXadesCanonicalizationMethod() {
        return this.xadesCanonicalizationMethod;
    }

    public void setXadesCanonicalizationMethod(String str) {
        this.xadesCanonicalizationMethod = verifyCanonicalizationMethod(str, "http://www.w3.org/2001/10/xml-exc-c14n#");
    }

    public boolean isUpdateConfigOnValidate() {
        return this.updateConfigOnValidate;
    }

    public void setUpdateConfigOnValidate(boolean z) {
        this.updateConfigOnValidate = z;
    }

    public boolean isAllowMultipleSignatures() {
        return this.allowMultipleSignatures;
    }

    public void setAllowMultipleSignatures(boolean z) {
        this.allowMultipleSignatures = z;
    }

    public boolean isSecureValidation() {
        return this.secureValidation;
    }

    public void setSecureValidation(boolean z) {
        this.secureValidation = z;
    }

    public String getCommitmentType() {
        return this.commitmentType;
    }

    public void setCommitmentType(String str) {
        this.commitmentType = str;
    }

    public CRLEntry addCRL(String str, String str2, byte[] bArr) {
        CRLEntry cRLEntry = new CRLEntry(str, str2, bArr);
        this.crlEntries.add(cRLEntry);
        return cRLEntry;
    }

    public List<CRLEntry> getCrlEntries() {
        return this.crlEntries;
    }

    public boolean isAllowCRLDownload() {
        return this.allowCRLDownload;
    }

    public void setAllowCRLDownload(boolean z) {
        this.allowCRLDownload = z;
    }

    public KeyStore getKeyStore() {
        return this.keyStore;
    }

    public void addCachedCertificate(String str, X509Certificate x509Certificate) throws KeyStoreException {
        String str2 = str;
        if (str2 == null) {
            str2 = x509Certificate.getSubjectX500Principal().getName();
        }
        if (this.keyStore != null) {
            synchronized (this.keyStore) {
                this.keyStore.setCertificateEntry(str2, x509Certificate);
            }
        }
    }

    public void addCachedCertificate(String str, byte[] bArr) throws KeyStoreException, CertificateException {
        addCachedCertificate((String) null, (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr)));
    }

    public X509Certificate getCachedCertificateByPrinicipal(String str) {
        if (this.keyStore == null) {
            return null;
        }
        try {
            Iterator it2 = Collections.list(this.keyStore.aliases()).iterator();
            while (it2.hasNext()) {
                String str2 = (String) it2.next();
                Certificate[] certificateChain = this.keyStore.getCertificateChain(str2);
                if (certificateChain == null) {
                    Certificate certificate = this.keyStore.getCertificate(str2);
                    if (certificate != null) {
                        certificateChain = new Certificate[]{certificate};
                    }
                }
                Stream of = Stream.of((Object[]) certificateChain);
                Class<X509Certificate> cls = X509Certificate.class;
                X509Certificate.class.getClass();
                Optional findFirst = of.map((v1) -> {
                    return r1.cast(v1);
                }).filter(x509Certificate -> {
                    return str.equalsIgnoreCase(x509Certificate.getSubjectX500Principal().getName());
                }).findFirst();
                if (findFirst.isPresent()) {
                    return (X509Certificate) findFirst.get();
                }
            }
            return null;
        } catch (KeyStoreException e) {
            return null;
        }
    }

    private static KeyStore emptyKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(null, null);
            return keyStore;
        } catch (IOException | GeneralSecurityException e) {
            LOG.atError().withThrowable(e).log("unable to create PKCS #12 keystore - XAdES certificate chain lookups disabled");
            return null;
        }
    }
}
