package com.adobe.internal.pdftoolkit.services.digsig.impl;

import com.adobe.internal.pdftoolkit.core.credentials.Credentials;
import com.adobe.internal.pdftoolkit.core.credentials.impl.JCECredentials;
import com.adobe.internal.pdftoolkit.core.credentials.impl.RSACredentials;
import com.adobe.internal.pdftoolkit.core.exceptions.PDFIOException;
import com.adobe.internal.pdftoolkit.core.exceptions.PDFInvalidDocumentException;
import com.adobe.internal.pdftoolkit.core.exceptions.PDFInvalidParameterException;
import com.adobe.internal.pdftoolkit.core.exceptions.PDFSecurityException;
import com.adobe.internal.pdftoolkit.core.exceptions.PDFSignatureException;
import com.adobe.internal.pdftoolkit.core.filter.DCTTables;
import com.adobe.internal.pdftoolkit.core.types.ASName;
import com.adobe.internal.pdftoolkit.pdf.digsig.PDFSignature;
import com.adobe.internal.pdftoolkit.pdf.digsig.PDFSignatureFieldSeedValue;
import com.adobe.internal.pdftoolkit.pdf.digsig.PDFSignatureSubFilter;
import com.adobe.internal.pdftoolkit.pdf.document.PDFDocument;
import com.adobe.internal.pdftoolkit.pdf.document.PDFSaveOptions;
import com.adobe.internal.pdftoolkit.pdf.document.PDFVersion;
import com.adobe.internal.pdftoolkit.pdf.interactive.forms.PDFFieldText;
import com.adobe.internal.pdftoolkit.services.digsig.SigCertificateSeedValue;
import com.adobe.internal.pdftoolkit.services.digsig.SigSeedValue;
import com.adobe.internal.pdftoolkit.services.digsig.SignatureOptions;
import com.adobe.internal.pdftoolkit.services.digsig.SignatureOptionsDocMDP;
import com.adobe.internal.pdftoolkit.services.digsig.UserInfo;
import com.adobe.internal.pdftoolkit.services.digsig.cryptoprovider.impl.RSACredentialUtils;
import com.adobe.internal.pdftoolkit.services.digsig.digsigframework.impl.SignatureHandlerPPKLite;
import com.rsa.asn1.ASN1;
import com.rsa.asn1.ASN1Container;
import com.rsa.asn1.ASN_Exception;
import com.rsa.asn1.OIDContainer;
import com.rsa.certj.cert.NameException;
import com.rsa.certj.cert.X500Name;
import com.rsa.certj.cert.extensions.CertPolicies;
import com.rsa.certj.cert.extensions.KeyUsage;
import com.rsa.certj.cert.extensions.X509V3Extension;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;

/* loaded from: input_file:com/adobe/internal/pdftoolkit/services/digsig/impl/SeedValueEnforcer.class */
public final class SeedValueEnforcer {
    private static final int NumKeyUsageBits = 9;
    private static final int AdobeExtensionLevel_A9 = 3;
    private static final List supportedDigests = Arrays.asList("SHA1", "SHA256", "SHA384", "SHA512", "RIPEMD160");
    private static final Double SV_VersionPDF1_5 = Double.valueOf(1.0d);
    private static final Double SV_VersionPDF1_6 = Double.valueOf(2.0d);
    private static final Double SV_VersionPDF1_7_Ext3 = Double.valueOf(3.0d);

    public PDFSignatureSubFilter enforceSignatureHandlerSeed(SigSeedValue sigSeedValue, PDFSignatureSubFilter pDFSignatureSubFilter) throws PDFInvalidDocumentException, PDFSecurityException, PDFIOException, PDFInvalidParameterException {
        if (sigSeedValue != null) {
            Integer flags = sigSeedValue.getFlags();
            int intValue = flags == null ? 0 : flags.intValue();
            enforceFilterSV(sigSeedValue.getFilter(), intValue);
            List<ASName> subFilters = sigSeedValue.getSubFilters();
            pDFSignatureSubFilter = enforceSubFilterSV(subFilters != null ? (ASName[]) subFilters.toArray(new ASName[0]) : null, intValue, pDFSignatureSubFilter);
        }
        return pDFSignatureSubFilter;
    }

    private void enforceFilterSV(ASName aSName, int i) throws PDFInvalidParameterException {
        if (aSName != null && (i & 1) == 1 && aSName != PDFSignature.k_Adobe_PPKLite) {
            throw new PDFInvalidParameterException("Filter (" + aSName + ") specified by signature seed value is not available.");
        }
    }

    private ASName getFirstAllowedSupportedSubFilter(ASName[] aSNameArr) throws PDFInvalidParameterException {
        for (int i = 0; i < aSNameArr.length; i++) {
            if (SignatureHandlerPPKLite.isSubFilterSupported(aSNameArr[i])) {
                return aSNameArr[i];
            }
        }
        throw new PDFInvalidParameterException("None of the subfilters specified by the signature seed value are available.");
    }

    private PDFSignatureSubFilter enforceSubFilterSV(ASName[] aSNameArr, int i, PDFSignatureSubFilter pDFSignatureSubFilter) throws PDFInvalidDocumentException, PDFInvalidParameterException {
        if (aSNameArr != null && (i & 2) == 2) {
            if (pDFSignatureSubFilter == null) {
                return PDFSignatureSubFilter.getInstance(getFirstAllowedSupportedSubFilter(aSNameArr));
            }
            for (ASName aSName : aSNameArr) {
                if (PDFSignatureSubFilter.getInstance(aSName) == pDFSignatureSubFilter) {
                    return pDFSignatureSubFilter;
                }
            }
            if (0 == 0) {
                throw new PDFInvalidDocumentException("None of the subfilters specified by the signature seed value are available.");
            }
        } else if (aSNameArr == null && (i & 2) == 2) {
            throw new PDFInvalidDocumentException("No seed subfilters specified by the signature seed value but the flag is set.");
        }
        return pDFSignatureSubFilter;
    }

    public void enforceSignatureSeedValue(SigSeedValue sigSeedValue, Credentials credentials, SignatureOptions signatureOptions, PDFSignatureSubFilter pDFSignatureSubFilter, PDFDocument pDFDocument) throws PDFInvalidDocumentException, PDFSecurityException, PDFIOException, PDFInvalidParameterException {
        if (sigSeedValue == null) {
            return;
        }
        Integer flags = sigSeedValue.getFlags();
        int intValue = flags == null ? 0 : flags.intValue();
        UserInfo userInfo = signatureOptions.getUserInfo();
        enforceVersionSV(intValue, sigSeedValue, signatureOptions, pDFDocument);
        enforceDigestMethodSV(sigSeedValue.getDigestMethod() != null ? (String[]) sigSeedValue.getDigestMethod().toArray(new String[0]) : null, intValue, credentials, signatureOptions.getDigestMethod());
        enforceReasonsSV(sigSeedValue.getReasons() != null ? (String[]) sigSeedValue.getReasons().toArray(new String[0]) : null, userInfo, intValue);
        enforceLegalAttestationsSV(sigSeedValue.getLegalAttestations(), intValue, signatureOptions);
        enforceAddRevInfoSV(sigSeedValue.getRevInfo(), intValue, signatureOptions, pDFSignatureSubFilter);
        enforceTimeStampSV(sigSeedValue.getTimeStampURL(), sigSeedValue.getTimeStampFlag(), signatureOptions);
        enforceCertificateSeedValue(sigSeedValue.getCertificateSeedValue(), credentials);
    }

    private void enforceReasonsSV(String[] strArr, UserInfo userInfo, int i) throws PDFInvalidParameterException {
        if (strArr == null || (i & 8) != 8) {
            return;
        }
        if (strArr.length == 1 && strArr[0].equals(PDFSignatureFieldSeedValue.EMPTY_REASON_STRING)) {
            return;
        }
        if (userInfo == null) {
            throw new PDFInvalidParameterException("User info did not specify a reason for signing, and a reason for signing is required.");
        }
        boolean z = false;
        String reason = userInfo.getReason();
        int i2 = 0;
        while (true) {
            if (i2 >= strArr.length) {
                break;
            }
            if (strArr[i2].equals(reason)) {
                z = true;
                break;
            }
            i2++;
        }
        if (!z) {
            throw new PDFInvalidParameterException("Reason for signing in user info is not allowed by signature seed value reasons.");
        }
    }

    private void enforceLegalAttestationsSV(String[] strArr, int i, SignatureOptions signatureOptions) throws PDFInvalidParameterException {
        if (strArr == null || (i & 16) != 16) {
            return;
        }
        if (!(signatureOptions instanceof SignatureOptionsDocMDP)) {
            throw new PDFInvalidParameterException("Signature options did not specify an attestation string, and an attestation string is required.");
        }
        boolean z = false;
        String legalAttestation = ((SignatureOptionsDocMDP) signatureOptions).getLegalAttestation();
        int i2 = 0;
        while (true) {
            if (i2 >= strArr.length) {
                break;
            }
            if (strArr[i2].equals(legalAttestation)) {
                z = true;
                break;
            }
            i2++;
        }
        if (!z) {
            throw new PDFInvalidParameterException("Attestation in signature options is not allowed by signature seed value attestations.");
        }
    }

    private void enforceDigestMethodSV(String[] strArr, int i, Credentials credentials, String str) throws PDFInvalidParameterException {
        if (strArr == null || strArr.length <= 0 || (i & 64) != 64) {
            return;
        }
        if (credentials instanceof RSACredentials) {
            checkDigestMethodValidity(strArr, str, ((RSACredentials) credentials).getJSAFEPrivateKey().getAlgorithm());
        } else if (credentials instanceof JCECredentials) {
            checkDigestMethodValidity(strArr, str, ((JCECredentials) credentials).getPrivateKey().getAlgorithm());
        }
    }

    private void checkDigestMethodValidity(String[] strArr, String str, String str2) throws PDFInvalidParameterException {
        if (str2.indexOf(PDFSignature.RSACipher) != -1) {
            boolean z = false;
            int i = 0;
            while (true) {
                if (i >= strArr.length) {
                    break;
                }
                if (str.equalsIgnoreCase(strArr[i])) {
                    z = true;
                    if (!supportedDigests.contains(str)) {
                        throw new PDFInvalidParameterException("The digest method " + str + " is not specified in the supported digest method list");
                    }
                } else {
                    z = false;
                    i++;
                }
            }
            if (!z) {
                throw new PDFInvalidParameterException("The digest method " + str + " is not specified in the allowed digest method list");
            }
        }
    }

    private void enforceAddRevInfoSV(boolean z, int i, SignatureOptions signatureOptions, PDFSignatureSubFilter pDFSignatureSubFilter) throws PDFIOException, PDFSecurityException, PDFInvalidDocumentException, PDFInvalidParameterException {
        if (z && (i & 32) == 32) {
            if (pDFSignatureSubFilter == PDFSignatureSubFilter.X509RSASha1) {
                throw new PDFInvalidParameterException("We cannot enforce revocation checking when the subfilter is adbe_x509_rsa_sha1");
            }
            if (!signatureOptions.embedRevocationInfo()) {
                throw new PDFInvalidParameterException("Revocation info provider not registered but add rev info seed value is set. Signing cannot proceed.");
            }
        }
    }

    private void enforceTimeStampSV(String str, boolean z, SignatureOptions signatureOptions) throws PDFIOException, PDFSecurityException, PDFInvalidDocumentException, PDFInvalidParameterException {
        if (str != null && z && !signatureOptions.isApplyTimestamp()) {
            throw new PDFInvalidParameterException("Timestamp provider not registered but timestamp seed value is set. Signing cannot proceed.");
        }
    }

    private void enforceVersionSV(int i, SigSeedValue sigSeedValue, SignatureOptions signatureOptions, PDFDocument pDFDocument) throws PDFIOException, PDFInvalidDocumentException, PDFSecurityException, PDFInvalidParameterException {
        PDFVersion saveVersion = getSaveVersion(signatureOptions, pDFDocument);
        int adobeExtensionLevel = saveVersion.getAdobeExtensionLevel();
        if ((i & 4) == 4) {
            if (sigSeedValue.getVersion() == null) {
                if (saveVersion.equalTo(PDFVersion.v1_5)) {
                    sigSeedValue.setVersion(SV_VersionPDF1_5);
                }
                if (saveVersion.equalTo(PDFVersion.v1_6)) {
                    sigSeedValue.setVersion(SV_VersionPDF1_6);
                }
                if (saveVersion.equalTo(PDFVersion.v1_7)) {
                    if (adobeExtensionLevel == 3) {
                        sigSeedValue.setVersion(SV_VersionPDF1_7_Ext3);
                    } else {
                        sigSeedValue.setVersion(SV_VersionPDF1_6);
                    }
                }
            }
            int intValue = sigSeedValue.getVersion().intValue();
            if (saveVersion.equalTo(PDFVersion.v1_5) && intValue != 1) {
                throw new PDFInvalidParameterException("Version value in signature seed not set to 1 for PDF 1.5");
            }
            if (saveVersion.equalTo(PDFVersion.v1_6) && intValue != 2) {
                throw new PDFInvalidParameterException("Version value in signature seed not set to 2 for PDF1.6");
            }
            if (saveVersion.equalTo(PDFVersion.v1_7)) {
                if (adobeExtensionLevel == 3 && intValue != 3) {
                    throw new PDFInvalidParameterException("Version value in signature seed not set to 3 for PDF 1.7, Extension Level 3");
                }
                if (intValue != 2) {
                    throw new PDFInvalidParameterException("Version value in signature seed not set to 2 for PDF 1.7");
                }
            }
        }
    }

    private PDFVersion getSaveVersion(SignatureOptions signatureOptions, PDFDocument pDFDocument) throws PDFInvalidDocumentException, PDFIOException, PDFSecurityException {
        PDFVersion originalVersion = pDFDocument.getOriginalVersion();
        if (originalVersion == null && signatureOptions != null && signatureOptions.hasSaveOptions()) {
            PDFSaveOptions saveOptions = signatureOptions.getSaveOptions();
            if (saveOptions.containsVersion()) {
                originalVersion = saveOptions.getVersion();
            }
        }
        return originalVersion;
    }

    private void enforceCertificateSeedValue(SigCertificateSeedValue sigCertificateSeedValue, Credentials credentials) throws PDFInvalidDocumentException, PDFSecurityException, PDFIOException, PDFInvalidParameterException {
        if (sigCertificateSeedValue != null) {
            int intValue = sigCertificateSeedValue.getFlags().intValue();
            if (credentials instanceof RSACredentials) {
                enforceSubjectSVForRSACerts(sigCertificateSeedValue.getSubjects(), intValue, credentials);
            } else if (credentials instanceof JCECredentials) {
                enforceSubjectSV(sigCertificateSeedValue.getSubjects(), intValue, (JCECredentials) credentials);
            }
            if (credentials instanceof RSACredentials) {
                enforceIssuerSVForRSACerts(sigCertificateSeedValue.getIssuers(), intValue, credentials, sigCertificateSeedValue.getOIDS());
            } else if (credentials instanceof JCECredentials) {
                enforceIssuerSV(sigCertificateSeedValue.getIssuers(), intValue, credentials, sigCertificateSeedValue.getOIDS());
            }
            enforceSubjectDNSV(sigCertificateSeedValue, credentials, intValue);
            enforceKeyUsageSV(sigCertificateSeedValue, credentials, intValue);
        }
    }

    private void enforceSubjectSV(byte[][] bArr, int i, JCECredentials jCECredentials) throws PDFInvalidDocumentException, PDFInvalidParameterException {
        X509Certificate certificate = jCECredentials.getCertificate();
        if (bArr == null || bArr.length <= 0 || (i & 1) != 1) {
            return;
        }
        boolean z = false;
        int i2 = 0;
        while (true) {
            if (i2 >= bArr.length) {
                break;
            }
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr[i2]);
            try {
                try {
                    if (((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream)).equals(certificate)) {
                        z = true;
                    } else {
                        if (byteArrayInputStream != null) {
                            try {
                                byteArrayInputStream.close();
                            } catch (IOException e) {
                            }
                        }
                        i2++;
                    }
                } finally {
                    if (byteArrayInputStream != null) {
                        try {
                            byteArrayInputStream.close();
                        } catch (IOException e2) {
                        }
                    }
                }
            } catch (CertificateException e3) {
                throw new PDFInvalidDocumentException("Could not parse subject certificate in certificate seed value object.", e3);
            }
        }
        if (!z) {
            throw new PDFInvalidParameterException("Certificate seed value does not allow the specified subject certificate.");
        }
    }

    private void enforceSubjectSVForRSACerts(byte[][] bArr, int i, Credentials credentials) throws PDFInvalidDocumentException, PDFInvalidParameterException {
        if (!(credentials instanceof RSACredentials)) {
            throw new PDFInvalidParameterException("The credentials supplied do not have RSA certs");
        }
        com.rsa.certj.cert.X509Certificate rSAX509Cert = ((RSACredentials) credentials).getRSAX509Cert();
        if (bArr == null || bArr.length <= 0 || (i & 1) != 1) {
            return;
        }
        boolean z = false;
        int i2 = 0;
        while (true) {
            if (i2 >= bArr.length) {
                break;
            }
            try {
                if (new com.rsa.certj.cert.X509Certificate(bArr[i2], 0, 0).equals(rSAX509Cert)) {
                    z = true;
                    break;
                }
                i2++;
            } catch (com.rsa.certj.cert.CertificateException e) {
                throw new PDFInvalidDocumentException("Could not parse subject certificate in certificate seed value object.", e);
            }
        }
        if (!z) {
            throw new PDFInvalidParameterException("Certificate seed value does not allow the specified subject certificate.");
        }
    }

    private void enforceIssuerSV(byte[][] bArr, int i, Credentials credentials, String[] strArr) throws PDFInvalidParameterException {
        if (bArr == null || bArr.length <= 0 || (i & 2) != 2 || strArr == null || strArr.length <= 0 || (i & 4) != 4) {
            return;
        }
        try {
            enforceCertPolicies(RSACredentialUtils.getRSACertificate(credentials), strArr);
        } catch (PDFSignatureException e) {
            throw new PDFInvalidParameterException(e);
        }
    }

    private void enforceIssuerSVForRSACerts(byte[][] bArr, int i, Credentials credentials, String[] strArr) throws PDFInvalidDocumentException, PDFInvalidParameterException {
        if (!(credentials instanceof RSACredentials)) {
            throw new PDFInvalidParameterException("The credentials supplied do not have RSA certs");
        }
        com.rsa.certj.cert.X509Certificate rSAX509Cert = ((RSACredentials) credentials).getRSAX509Cert();
        if (bArr == null || (i & 2) != 2 || strArr == null || strArr.length <= 0 || (i & 4) != 4) {
            return;
        }
        enforceCertPolicies(rSAX509Cert, strArr);
    }

    private void enforceCertPolicies(com.rsa.certj.cert.X509Certificate x509Certificate, String[] strArr) throws PDFInvalidParameterException {
        CertPolicies extensionByType;
        try {
            if (x509Certificate.getExtensions() == null || (extensionByType = x509Certificate.getExtensions().getExtensionByType(32)) == null) {
                throw new PDFInvalidParameterException("Certificate seed value required policy OID is not present in signing certificate.");
            }
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i < extensionByType.getPoliciesCount(); i++) {
                byte[] certPolicyId = extensionByType.getCertPolicyId(i);
                arrayList.add(new Oid(ASN1.derEncode(new ASN1Container[]{new OIDContainer(PDFFieldText.kComb, true, 0, certPolicyId, 0, certPolicyId.length)})));
            }
            Oid[] oidArr = (Oid[]) arrayList.toArray(new Oid[arrayList.size()]);
            for (String str : strArr) {
                try {
                    if (!new Oid(str).containedIn(oidArr)) {
                        throw new PDFInvalidParameterException("Certificate seed value required policy OID is not present in signing certificate.");
                    }
                } catch (GSSException e) {
                    throw new PDFInvalidParameterException("Exception when constructing and checking policy oids against seed value oids", e);
                }
            }
        } catch (ASN_Exception e2) {
            throw new PDFInvalidParameterException("The policy oids present in the signing certificate could not be parsed.", e2);
        } catch (GSSException e3) {
            throw new PDFInvalidParameterException("Exception when constructing policy oid", e3);
        } catch (com.rsa.certj.cert.CertificateException e4) {
            throw new PDFInvalidParameterException("The certificate present in the credentials could not be processed to extract policy oids.", e4);
        }
    }

    private void enforceKeyUsageSV(SigCertificateSeedValue sigCertificateSeedValue, Credentials credentials, int i) throws PDFInvalidDocumentException, PDFIOException, PDFSecurityException, PDFInvalidParameterException {
        String[] keyUsages = sigCertificateSeedValue.getKeyUsages();
        if (keyUsages == null || keyUsages.length <= 0 || (i & 32) != 32) {
            return;
        }
        boolean[] zArr = null;
        try {
            if (credentials instanceof RSACredentials) {
                zArr = createBooleanArray(((RSACredentials) credentials).getRSAX509Cert().getExtensions().getExtensionByType(15));
            } else if (credentials instanceof JCECredentials) {
                zArr = ((JCECredentials) credentials).getCertificate().getKeyUsage();
            }
            boolean z = false;
            for (String str : keyUsages) {
                if (str == null || str.length() <= 0 || zArr == null) {
                    z = false;
                } else {
                    int i2 = 0;
                    while (true) {
                        if (i2 >= str.length()) {
                            break;
                        }
                        boolean z2 = toBoolean(str, i2);
                        if (z2) {
                            if (z2 != zArr[i2]) {
                                z = false;
                                break;
                            } else if (i2 == 0 && !zArr[i2]) {
                                throw new PDFInvalidParameterException("The digital signature KeyUsage bit at position 0 is not set.");
                            }
                        }
                        z = true;
                        i2++;
                    }
                }
                if (z) {
                    break;
                }
            }
            if (!z) {
                throw new PDFInvalidParameterException("Seed value KeyUsage extensions are not present in the signing cert.");
            }
        } catch (com.rsa.certj.cert.CertificateException e) {
            throw new PDFInvalidParameterException("Could not obtain the key usage extensions from the certificate", e);
        }
    }

    private boolean[] createBooleanArray(X509V3Extension x509V3Extension) {
        boolean[] zArr = new boolean[9];
        for (int i = 0; i < 9; i++) {
            zArr[i] = getKeyUsageBit(x509V3Extension, i);
        }
        return zArr;
    }

    private boolean getKeyUsageBit(X509V3Extension x509V3Extension, int i) {
        if (i == 0) {
            return ((KeyUsage) x509V3Extension).verifyKeyUsage(Integer.MIN_VALUE);
        }
        if (i == 1) {
            return ((KeyUsage) x509V3Extension).verifyKeyUsage(1073741824);
        }
        if (i == 2) {
            return ((KeyUsage) x509V3Extension).verifyKeyUsage(536870912);
        }
        if (i == 3) {
            return ((KeyUsage) x509V3Extension).verifyKeyUsage(DCTTables.dontKnowAccCTFlag);
        }
        if (i == 4) {
            return ((KeyUsage) x509V3Extension).verifyKeyUsage(134217728);
        }
        if (i == 5) {
            return ((KeyUsage) x509V3Extension).verifyKeyUsage(67108864);
        }
        if (i == 6) {
            return ((KeyUsage) x509V3Extension).verifyKeyUsage(PDFFieldText.kRichText);
        }
        if (i == 7) {
            return ((KeyUsage) x509V3Extension).verifyKeyUsage(PDFFieldText.kComb);
        }
        if (i == 8) {
            return ((KeyUsage) x509V3Extension).verifyKeyUsage(8388608);
        }
        return false;
    }

    private boolean toBoolean(String str, int i) {
        return str.charAt(i) == '1';
    }

    private void enforceSubjectDNSV(SigCertificateSeedValue sigCertificateSeedValue, Credentials credentials, int i) throws PDFInvalidDocumentException, PDFIOException, PDFSecurityException, PDFInvalidParameterException {
        List<Map> subjectDN = sigCertificateSeedValue.getSubjectDN();
        if (subjectDN == null || subjectDN.isEmpty() || (i & 8) != 8) {
            return;
        }
        X500Name x500Name = null;
        if (credentials instanceof RSACredentials) {
            x500Name = ((RSACredentials) credentials).getRSAX509Cert().getSubjectName();
        } else if (credentials instanceof JCECredentials) {
            try {
                x500Name = new X500Name(((JCECredentials) credentials).getCertificate().getSubjectX500Principal().getName("RFC2253"));
            } catch (NameException e) {
                throw new PDFInvalidParameterException("Cannot construct an X500Name for the given certificate", e);
            }
        }
        try {
            checkCertSubjectDN(x500Name, subjectDN);
        } catch (NameException e2) {
            throw new PDFInvalidParameterException("Certificate DN - " + x500Name + " is incorrectly formatted", e2);
        }
    }

    private void checkCertSubjectDN(X500Name x500Name, List<Map> list) throws PDFInvalidDocumentException, PDFIOException, PDFSecurityException, PDFInvalidParameterException, NameException {
        DNUtils dNUtils = new DNUtils(x500Name);
        Map<Integer, String> createDNAttributeIDValueMap = dNUtils.createDNAttributeIDValueMap();
        Iterator<Map> it = list.iterator();
        boolean z = false;
        StringBuilder sb = null;
        if (it == null) {
            return;
        }
        while (it.hasNext()) {
            Iterator it2 = it.next().entrySet().iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                Map.Entry entry = (Map.Entry) it2.next();
                String str = (String) entry.getKey();
                String escapedRDNValue = DNUtils.getEscapedRDNValue((String) entry.getValue());
                Integer attributeID = dNUtils.getAttributeID(str + "=" + escapedRDNValue);
                if (!createDNAttributeIDValueMap.containsKey(attributeID)) {
                    sb.append("SubjectDN attribute name or value ").append(str).append(" is not present in signing certificate.\n");
                    throw new PDFInvalidParameterException("Certificate Seed Value : - None of the subjectDN seedvalues match the signing certificate.\n" + sb.toString());
                }
                if (createDNAttributeIDValueMap.get(attributeID).equalsIgnoreCase(escapedRDNValue)) {
                    z = true;
                } else {
                    z = false;
                    if (sb == null) {
                        sb = new StringBuilder(75);
                    }
                    sb.append("SubjectDN attribute name or value for ").append(str).append(" is not present in signing certificate.\n");
                }
            }
            if (z) {
                break;
            }
        }
        if (!z) {
            throw new PDFInvalidParameterException("Certificate seed value : required value for SubjectDN attribute  is not present in signing certificate.");
        }
    }
}
