package org.xipki.ca.api.profile;

import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERGeneralizedTime;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUniversalString;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.DirectoryString;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.ca.api.BadCertTemplateException;
import org.xipki.ca.api.mgmt.PermissionConstants;
import org.xipki.ca.api.profile.Certprofile;
import org.xipki.ca.api.profile.KeyParametersOption;
import org.xipki.security.EdECConstants;
import org.xipki.security.ObjectIdentifiers;
import org.xipki.security.util.AlgorithmUtil;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;
import org.xipki.util.CollectionUtil;
import org.xipki.util.LogUtil;
import org.xipki.util.LruCache;
import org.xipki.util.StringUtil;

/* loaded from: input_file:org/xipki/ca/api/profile/BaseCertprofile.class */
public abstract class BaseCertprofile extends Certprofile {
    private static final Logger LOG = LoggerFactory.getLogger(BaseCertprofile.class);
    private static LruCache<ASN1ObjectIdentifier, Integer> ecCurveFieldSizes = new LruCache<>(100);

    protected BaseCertprofile() {
    }

    @Override // org.xipki.ca.api.profile.Certprofile
    public abstract Map<ASN1ObjectIdentifier, KeyParametersOption> getKeyAlgorithms();

    @Override // org.xipki.ca.api.profile.Certprofile
    public Certprofile.CertDomain getCertDomain() {
        return Certprofile.CertDomain.RFC5280;
    }

    @Override // org.xipki.ca.api.profile.Certprofile
    public Integer getPathLenBasicConstraint() {
        return null;
    }

    @Override // org.xipki.ca.api.profile.Certprofile
    public Certprofile.AuthorityInfoAccessControl getAiaControl() {
        return null;
    }

    @Override // org.xipki.ca.api.profile.Certprofile
    public Certprofile.CrlDistributionPointsControl getCrlDpControl() {
        return null;
    }

    @Override // org.xipki.ca.api.profile.Certprofile
    public Certprofile.CrlDistributionPointsControl getFreshestCrlControl() {
        return null;
    }

    @Override // org.xipki.ca.api.profile.Certprofile
    public Date getNotBefore(Date date) {
        Date date2 = new Date();
        return (date == null || !date.after(date2)) ? date2 : date;
    }

    @Override // org.xipki.ca.api.profile.Certprofile
    public Certprofile.SubjectInfo getSubject(X500Name x500Name) throws CertprofileException, BadCertTemplateException {
        RDN createDateOfBirthRdn;
        Args.notNull(x500Name, "requestedSubject");
        verifySubjectDnOccurence(x500Name);
        RDN[] rDNs = x500Name.getRDNs();
        Certprofile.SubjectControl subjectControl = getSubjectControl();
        List linkedList = new LinkedList();
        for (ASN1ObjectIdentifier aSN1ObjectIdentifier : subjectControl.getTypes()) {
            Certprofile.RdnControl control = subjectControl.getControl(aSN1ObjectIdentifier);
            if (control != null && !control.isNotInSubject()) {
                String value = control.getValue();
                RDN[] rdns = control.isValueOverridable() ? getRdns(rDNs, aSN1ObjectIdentifier) : null;
                int length = rdns == null ? 0 : rdns.length;
                if (value == null) {
                    if (length == 0) {
                    }
                } else if (length == 0) {
                    length = 1;
                } else {
                    if (length != 1) {
                        throw new BadCertTemplateException(length + " RDNs of type " + ObjectIdentifiers.getName(aSN1ObjectIdentifier) + " are requested, but max 1 is allowed.");
                    }
                    value = null;
                }
                if (length == 1) {
                    if (value != null) {
                        createDateOfBirthRdn = createSubjectRdn(value, aSN1ObjectIdentifier, control, 0);
                    } else {
                        ASN1Encodable value2 = rdns[0].getFirst().getValue();
                        createDateOfBirthRdn = ObjectIdentifiers.DN.dateOfBirth.equals(aSN1ObjectIdentifier) ? createDateOfBirthRdn(aSN1ObjectIdentifier, value2) : ObjectIdentifiers.DN.postalAddress.equals(aSN1ObjectIdentifier) ? createPostalAddressRdn(aSN1ObjectIdentifier, value2, control, 0) : createSubjectRdn(X509Util.rdnValueToString(value2), aSN1ObjectIdentifier, control, 0);
                    }
                    linkedList.add(createDateOfBirthRdn);
                } else if (ObjectIdentifiers.DN.dateOfBirth.equals(aSN1ObjectIdentifier)) {
                    for (int i = 0; i < length; i++) {
                        linkedList.add(createDateOfBirthRdn(aSN1ObjectIdentifier, rdns[i].getFirst().getValue()));
                    }
                } else if (ObjectIdentifiers.DN.postalAddress.equals(aSN1ObjectIdentifier)) {
                    for (int i2 = 0; i2 < length; i2++) {
                        linkedList.add(createPostalAddressRdn(aSN1ObjectIdentifier, rdns[i2].getFirst().getValue(), control, i2));
                    }
                } else {
                    String[] strArr = new String[length];
                    for (int i3 = 0; i3 < length; i3++) {
                        strArr[i3] = X509Util.rdnValueToString(rdns[i3].getFirst().getValue());
                    }
                    int i4 = 0;
                    for (String str : strArr) {
                        int i5 = i4;
                        i4++;
                        linkedList.add(createSubjectRdn(str, aSN1ObjectIdentifier, control, i5));
                    }
                }
            }
        }
        if (CollectionUtil.isNotEmpty(subjectControl.getGroups())) {
            HashSet hashSet = new HashSet();
            int size = linkedList.size();
            List arrayList = new ArrayList(linkedList.size());
            for (int i6 = 0; i6 < size; i6++) {
                RDN rdn = (RDN) linkedList.get(i6);
                String group = subjectControl.getGroup(rdn.getFirst().getType());
                if (group == null) {
                    arrayList.add(rdn);
                } else if (!hashSet.contains(group)) {
                    LinkedList linkedList2 = new LinkedList();
                    linkedList2.add(rdn.getFirst());
                    for (int i7 = i6 + 1; i7 < size; i7++) {
                        RDN rdn2 = (RDN) linkedList.get(i7);
                        if (group.equals(subjectControl.getGroup(rdn2.getFirst().getType()))) {
                            linkedList2.add(rdn2.getFirst());
                        }
                    }
                    arrayList.add(new RDN((AttributeTypeAndValue[]) linkedList2.toArray(new AttributeTypeAndValue[0])));
                    hashSet.add(group);
                }
            }
            linkedList = arrayList;
        }
        return new Certprofile.SubjectInfo(new X500Name((RDN[]) linkedList.toArray(new RDN[0])), null);
    }

    @Override // org.xipki.ca.api.profile.Certprofile
    public boolean incSerialNumberIfSubjectExists() {
        return false;
    }

    @Override // org.xipki.ca.api.profile.Certprofile
    public SubjectPublicKeyInfo checkPublicKey(SubjectPublicKeyInfo subjectPublicKeyInfo) throws CertprofileException, BadCertTemplateException {
        Args.notNull(subjectPublicKeyInfo, "publicKey");
        Map<ASN1ObjectIdentifier, KeyParametersOption> keyAlgorithms = getKeyAlgorithms();
        if (CollectionUtil.isEmpty(keyAlgorithms)) {
            return subjectPublicKeyInfo;
        }
        ASN1ObjectIdentifier algorithm = subjectPublicKeyInfo.getAlgorithm().getAlgorithm();
        if (!keyAlgorithms.containsKey(algorithm)) {
            throw new BadCertTemplateException("key type " + algorithm.getId() + " is not permitted");
        }
        if (EdECConstants.isEdwardsOrMontgomeryCurve(algorithm)) {
            int publicKeyByteSize = EdECConstants.getPublicKeyByteSize(algorithm);
            if (publicKeyByteSize <= 0 || subjectPublicKeyInfo.getPublicKeyData().getOctets().length == publicKeyByteSize) {
                return subjectPublicKeyInfo;
            }
            throw new BadCertTemplateException("invalid length of key.");
        }
        KeyParametersOption keyParametersOption = keyAlgorithms.get(algorithm);
        if (keyParametersOption instanceof KeyParametersOption.AllowAllParametersOption) {
            return subjectPublicKeyInfo;
        }
        if (keyParametersOption instanceof KeyParametersOption.ECParamatersOption) {
            KeyParametersOption.ECParamatersOption eCParamatersOption = (KeyParametersOption.ECParamatersOption) keyParametersOption;
            ASN1Encodable parameters = subjectPublicKeyInfo.getAlgorithm().getParameters();
            if (!(parameters instanceof ASN1ObjectIdentifier)) {
                throw new BadCertTemplateException("only namedCurve EC public key is supported");
            }
            ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) parameters;
            if (!eCParamatersOption.allowsCurve(aSN1ObjectIdentifier)) {
                throw new BadCertTemplateException(String.format("EC curve %s (OID: %s) is not allowed", AlgorithmUtil.getCurveName(aSN1ObjectIdentifier), aSN1ObjectIdentifier.getId()));
            }
            if (eCParamatersOption.getPointEncodings() != null) {
                byte[] bytes = subjectPublicKeyInfo.getPublicKeyData().getBytes();
                if (bytes.length < 1) {
                    throw new BadCertTemplateException("invalid publicKeyData");
                }
                byte b = bytes[0];
                if (!eCParamatersOption.getPointEncodings().contains(Byte.valueOf(b))) {
                    throw new BadCertTemplateException(String.format("not accepted EC point encoding '%s'", Byte.valueOf(b)));
                }
            }
            try {
                checkEcSubjectPublicKeyInfo(aSN1ObjectIdentifier, subjectPublicKeyInfo.getPublicKeyData().getBytes());
                return subjectPublicKeyInfo;
            } catch (BadCertTemplateException e) {
                throw e;
            } catch (Exception e2) {
                LogUtil.warn(LOG, e2, "checkEcSubjectPublicKeyInfo");
                throw new BadCertTemplateException(String.format("invalid public key: %s", e2.getMessage()));
            }
        }
        if (keyParametersOption instanceof KeyParametersOption.RSAParametersOption) {
            try {
                if (((KeyParametersOption.RSAParametersOption) keyParametersOption).allowsModulusLength(ASN1Integer.getInstance(ASN1Sequence.getInstance(subjectPublicKeyInfo.getPublicKeyData().getBytes()).getObjectAt(0)).getPositiveValue().bitLength())) {
                    return subjectPublicKeyInfo;
                }
            } catch (IllegalArgumentException e3) {
                throw new BadCertTemplateException("invalid publicKeyData");
            }
        } else {
            if (!(keyParametersOption instanceof KeyParametersOption.DSAParametersOption)) {
                throw new IllegalStateException(String.format("should not reach here, unknown KeyParametersOption %s", keyParametersOption));
            }
            KeyParametersOption.DSAParametersOption dSAParametersOption = (KeyParametersOption.DSAParametersOption) keyParametersOption;
            ASN1Encodable parameters2 = subjectPublicKeyInfo.getAlgorithm().getParameters();
            if (parameters2 == null) {
                throw new BadCertTemplateException("null Dss-Parms is not permitted");
            }
            try {
                ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(parameters2);
                ASN1Integer aSN1Integer = ASN1Integer.getInstance(aSN1Sequence.getObjectAt(0));
                ASN1Integer aSN1Integer2 = ASN1Integer.getInstance(aSN1Sequence.getObjectAt(1));
                int bitLength = aSN1Integer.getPositiveValue().bitLength();
                int bitLength2 = aSN1Integer2.getPositiveValue().bitLength();
                boolean allowsPlength = dSAParametersOption.allowsPlength(bitLength);
                if (allowsPlength) {
                    allowsPlength = dSAParametersOption.allowsQlength(bitLength2);
                }
                if (allowsPlength) {
                    return subjectPublicKeyInfo;
                }
            } catch (ArrayIndexOutOfBoundsException | IllegalArgumentException e4) {
                throw new BadCertTemplateException("illegal Dss-Parms");
            }
        }
        throw new BadCertTemplateException("the given publicKey is not permitted");
    }

    protected abstract void verifySubjectDnOccurence(X500Name x500Name) throws BadCertTemplateException;

    protected RDN createSubjectRdn(String str, ASN1ObjectIdentifier aSN1ObjectIdentifier, Certprofile.RdnControl rdnControl, int i) throws BadCertTemplateException {
        if (ObjectIdentifiers.DN.emailAddress.equals(aSN1ObjectIdentifier)) {
            str = str.toLowerCase();
        }
        ASN1Encodable createRdnValue = createRdnValue(str, aSN1ObjectIdentifier, rdnControl, i);
        if (createRdnValue == null) {
            return null;
        }
        return new RDN(aSN1ObjectIdentifier, createRdnValue);
    }

    protected void fixRdnControl(Certprofile.RdnControl rdnControl) throws CertprofileException {
        SubjectDnSpec.fixRdnControl(rdnControl);
    }

    public static GeneralName createGeneralName(GeneralName generalName, Set<Certprofile.GeneralNameMode> set) throws BadCertTemplateException {
        Args.notNull(generalName, "requestedName");
        int tagNo = generalName.getTagNo();
        Certprofile.GeneralNameMode generalNameMode = null;
        if (set != null) {
            Iterator<Certprofile.GeneralNameMode> it = set.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Certprofile.GeneralNameMode next = it.next();
                if (next.getTag().getTag() == tagNo) {
                    generalNameMode = next;
                    break;
                }
            }
            if (generalNameMode == null) {
                throw new BadCertTemplateException("generalName tag " + tagNo + " is not allowed");
            }
        }
        switch (tagNo) {
            case 0:
                ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(generalName.getName());
                int size = aSN1Sequence.size();
                if (size != 2) {
                    throw new BadCertTemplateException("invalid otherName sequence: size is not 2: " + size);
                }
                ASN1ObjectIdentifier aSN1ObjectIdentifier = ASN1ObjectIdentifier.getInstance(aSN1Sequence.getObjectAt(0));
                if (generalNameMode != null && !generalNameMode.getAllowedTypes().contains(aSN1ObjectIdentifier)) {
                    throw new BadCertTemplateException("otherName.type " + aSN1ObjectIdentifier.getId() + " is not allowed");
                }
                ASN1Encodable objectAt = aSN1Sequence.getObjectAt(1);
                if (!(objectAt instanceof ASN1TaggedObject)) {
                    throw new BadCertTemplateException("otherName.value is not tagged Object");
                }
                int tagNo2 = ASN1TaggedObject.getInstance(objectAt).getTagNo();
                if (tagNo2 != 0) {
                    throw new BadCertTemplateException("otherName.value does not have tag 0: " + tagNo2);
                }
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                aSN1EncodableVector.add(aSN1ObjectIdentifier);
                aSN1EncodableVector.add(new DERTaggedObject(true, 0, ASN1TaggedObject.getInstance(objectAt).getObject()));
                return new GeneralName(0, new DERSequence(aSN1EncodableVector));
            case PermissionConstants.ENROLL_CERT /* 1 */:
            case PermissionConstants.REVOKE_CERT /* 2 */:
            case PermissionConstants.UNREVOKE_CERT /* 4 */:
            case 6:
            case 7:
            case PermissionConstants.REMOVE_CERT /* 8 */:
                return new GeneralName(tagNo, generalName.getName());
            case 3:
            default:
                throw new IllegalStateException("should not reach here, unknown GeneralName tag " + tagNo);
            case 5:
                ASN1Sequence aSN1Sequence2 = ASN1Sequence.getInstance(generalName.getName());
                String str = null;
                int i = 0;
                if (aSN1Sequence2.size() > 1) {
                    i = 0 + 1;
                    str = DirectoryString.getInstance(ASN1TaggedObject.getInstance(aSN1Sequence2.getObjectAt(0)).getObject()).getString();
                }
                int i2 = i;
                int i3 = i + 1;
                String string = DirectoryString.getInstance(ASN1TaggedObject.getInstance(aSN1Sequence2.getObjectAt(i2)).getObject()).getString();
                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                if (str != null) {
                    aSN1EncodableVector2.add(new DERTaggedObject(false, 0, new DirectoryString(str)));
                }
                aSN1EncodableVector2.add(new DERTaggedObject(false, 1, new DirectoryString(string)));
                return new GeneralName(5, new DERSequence(aSN1EncodableVector2));
        }
    }

    private static RDN createDateOfBirthRdn(ASN1ObjectIdentifier aSN1ObjectIdentifier, ASN1Encodable aSN1Encodable) throws BadCertTemplateException {
        String string;
        Args.notNull(aSN1ObjectIdentifier, "type");
        ASN1Encodable aSN1Encodable2 = null;
        if (aSN1Encodable instanceof ASN1GeneralizedTime) {
            string = ((ASN1GeneralizedTime) aSN1Encodable).getTimeString();
            aSN1Encodable2 = aSN1Encodable;
        } else {
            if (!(aSN1Encodable instanceof ASN1String) || (aSN1Encodable instanceof DERUniversalString)) {
                throw new BadCertTemplateException("Value of RDN dateOfBirth has incorrect syntax");
            }
            string = ((ASN1String) aSN1Encodable).getString();
        }
        if (!TextVadidator.DATE_OF_BIRTH.isValid(string)) {
            throw new BadCertTemplateException("Value of RDN dateOfBirth does not have format YYYMMDD000000Z");
        }
        if (aSN1Encodable2 == null) {
            aSN1Encodable2 = new DERGeneralizedTime(string);
        }
        return new RDN(aSN1ObjectIdentifier, aSN1Encodable2);
    }

    private static RDN createPostalAddressRdn(ASN1ObjectIdentifier aSN1ObjectIdentifier, ASN1Encodable aSN1Encodable, Certprofile.RdnControl rdnControl, int i) throws BadCertTemplateException {
        Args.notNull(aSN1ObjectIdentifier, "type");
        if (!(aSN1Encodable instanceof ASN1Sequence)) {
            throw new BadCertTemplateException("rdnValue of RDN postalAddress has incorrect syntax");
        }
        ASN1Sequence aSN1Sequence = (ASN1Sequence) aSN1Encodable;
        int size = aSN1Sequence.size();
        if (size < 1 || size > 6) {
            throw new BadCertTemplateException("Sequence size of RDN postalAddress is not within [1, 6]: " + size);
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (int i2 = 0; i2 < size; i2++) {
            ASN1String objectAt = aSN1Sequence.getObjectAt(i2);
            if (!(objectAt instanceof ASN1String) || (objectAt instanceof DERUniversalString)) {
                throw new BadCertTemplateException(String.format("postalAddress[%d] has incorrect syntax", Integer.valueOf(i2)));
            }
            aSN1EncodableVector.add(createRdnValue(objectAt.getString(), aSN1ObjectIdentifier, rdnControl, i));
        }
        return new RDN(aSN1ObjectIdentifier, new DERSequence(aSN1EncodableVector));
    }

    private static RDN[] getRdns(RDN[] rdnArr, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        Args.notNull(rdnArr, "rdns");
        Args.notNull(aSN1ObjectIdentifier, "type");
        ArrayList arrayList = new ArrayList(1);
        for (RDN rdn : rdnArr) {
            if (rdn.getFirst().getType().equals(aSN1ObjectIdentifier)) {
                arrayList.add(rdn);
            }
        }
        if (CollectionUtil.isEmpty(arrayList)) {
            return null;
        }
        return (RDN[]) arrayList.toArray(new RDN[0]);
    }

    private static ASN1Encodable createRdnValue(String str, ASN1ObjectIdentifier aSN1ObjectIdentifier, Certprofile.RdnControl rdnControl, int i) throws BadCertTemplateException {
        String trim = str.trim();
        Certprofile.StringType stringType = null;
        if (rdnControl != null) {
            stringType = rdnControl.getStringType();
            String prefix = rdnControl.getPrefix();
            String suffix = rdnControl.getSuffix();
            if (prefix != null || suffix != null) {
                String lowerCase = trim.toLowerCase();
                if (prefix != null && lowerCase.startsWith(prefix.toLowerCase())) {
                    trim = trim.substring(prefix.length());
                    lowerCase = trim.toLowerCase();
                }
                if (suffix != null && lowerCase.endsWith(suffix.toLowerCase())) {
                    trim = trim.substring(0, trim.length() - suffix.length());
                }
            }
            TextVadidator pattern = rdnControl.getPattern();
            if (pattern != null && !pattern.isValid(trim)) {
                throw new BadCertTemplateException(String.format("invalid subject %s '%s' against regex '%s'", ObjectIdentifiers.oidToDisplayName(aSN1ObjectIdentifier), trim, pattern.pattern()));
            }
            String str2 = prefix != null ? prefix : "";
            String[] strArr = new String[2];
            strArr[0] = trim;
            strArr[1] = suffix != null ? suffix : "";
            trim = StringUtil.concat(str2, strArr);
            int length = trim.length();
            Range stringLengthRange = rdnControl.getStringLengthRange();
            Integer min = stringLengthRange == null ? null : stringLengthRange.getMin();
            if (min != null && length < min.intValue()) {
                throw new BadCertTemplateException(String.format("subject %s '%s' is too short (length (%d) < minLen (%d))", ObjectIdentifiers.oidToDisplayName(aSN1ObjectIdentifier), trim, Integer.valueOf(length), min));
            }
            Integer max = stringLengthRange == null ? null : stringLengthRange.getMax();
            if (max != null && length > max.intValue()) {
                throw new BadCertTemplateException(String.format("subject %s '%s' is too long (length (%d) > maxLen (%d))", ObjectIdentifiers.oidToDisplayName(aSN1ObjectIdentifier), trim, Integer.valueOf(length), max));
            }
        }
        if (stringType == null) {
            stringType = Certprofile.StringType.utf8String;
        }
        return stringType.createString(trim.trim());
    }

    private static void checkEcSubjectPublicKeyInfo(ASN1ObjectIdentifier aSN1ObjectIdentifier, byte[] bArr) throws BadCertTemplateException {
        Args.notNull(aSN1ObjectIdentifier, "curveOid");
        Args.notNull(bArr, "encoded");
        Args.positive(bArr.length, "encoded.length");
        Integer num = (Integer) ecCurveFieldSizes.get(aSN1ObjectIdentifier);
        if (num == null) {
            num = Integer.valueOf((ECUtil.getNamedCurveByOid(aSN1ObjectIdentifier).getCurve().getFieldSize() + 7) / 8);
            ecCurveFieldSizes.put(aSN1ObjectIdentifier, num);
        }
        switch (bArr[0]) {
            case PermissionConstants.REVOKE_CERT /* 2 */:
            case 3:
                if (bArr.length != num.intValue() + 1) {
                    throw new BadCertTemplateException("incorrect length for compressed encoding");
                }
                return;
            case PermissionConstants.UNREVOKE_CERT /* 4 */:
            case 6:
            case 7:
                if (bArr.length != (2 * num.intValue()) + 1) {
                    throw new BadCertTemplateException("incorrect length for uncompressed/hybrid encoding");
                }
                return;
            case 5:
            default:
                throw new BadCertTemplateException(String.format("invalid point encoding 0x%02x", Byte.valueOf(bArr[0])));
        }
    }
}
