package org.bouncycastle.mail.smime.validator;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.mail.MessagingException;
import javax.mail.Part;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;
import org.bouncycastle.asn1.ASN1IA5String;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.asn1.cms.Time;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.TBSCertificate;
import org.bouncycastle.cert.jcajce.JcaCertStoreBuilder;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.cms.jcajce.JcaX509CertSelectorConverter;
import org.bouncycastle.i18n.ErrorBundle;
import org.bouncycastle.i18n.filter.TrustedInput;
import org.bouncycastle.i18n.filter.UntrustedInput;
import org.bouncycastle.mail.smime.SMIMESigned;
import org.bouncycastle.util.Integers;
import org.bouncycastle.x509.CertPathReviewerException;
import org.bouncycastle.x509.PKIXCertPathReviewer;

/* loaded from: input_file:org/bouncycastle/mail/smime/validator/SignedMailValidator.class */
public class SignedMailValidator {
    private static final String RESOURCE_NAME = "org.bouncycastle.mail.smime.validator.SignedMailValidatorMessages";
    private static final Class DEFAULT_CERT_PATH_REVIEWER;
    private static final String EXT_KEY_USAGE;
    private static final String SUBJECT_ALTERNATIVE_NAME;
    private static final int shortKeyLength = 512;
    private static final long THIRTY_YEARS_IN_MILLI_SEC = 946728000000L;
    private static final JcaX509CertSelectorConverter selectorConverter;
    private CertStore certs;
    private SignerInformationStore signers;
    private Map results;
    private String[] fromAddresses;
    private Class certPathReviewerClass;
    static Class class$org$bouncycastle$x509$PKIXCertPathReviewer;

    /* loaded from: input_file:org/bouncycastle/mail/smime/validator/SignedMailValidator$ValidationResult.class */
    public class ValidationResult {
        private PKIXCertPathReviewer review;
        private List errors;
        private List notifications;
        private List userProvidedCerts;
        private boolean signVerified;
        private final SignedMailValidator this$0;

        ValidationResult(SignedMailValidator signedMailValidator, PKIXCertPathReviewer pKIXCertPathReviewer, boolean z, List list, List list2, List list3) {
            this.this$0 = signedMailValidator;
            this.review = pKIXCertPathReviewer;
            this.errors = list;
            this.notifications = list2;
            this.signVerified = z;
            this.userProvidedCerts = list3;
        }

        public List getErrors() {
            return this.errors;
        }

        public List getNotifications() {
            return this.notifications;
        }

        public PKIXCertPathReviewer getCertPathReview() {
            return this.review;
        }

        public CertPath getCertPath() {
            if (this.review != null) {
                return this.review.getCertPath();
            }
            return null;
        }

        public List getUserProvidedCerts() {
            return this.userProvidedCerts;
        }

        public boolean isVerifiedSignature() {
            return this.signVerified;
        }

        public boolean isValidSignature() {
            return this.review != null && this.signVerified && this.review.isValidCertPath() && this.errors.isEmpty();
        }
    }

    public SignedMailValidator(MimeMessage mimeMessage, PKIXParameters pKIXParameters) throws SignedMailValidatorException {
        this(mimeMessage, pKIXParameters, DEFAULT_CERT_PATH_REVIEWER);
    }

    public SignedMailValidator(MimeMessage mimeMessage, PKIXParameters pKIXParameters, Class cls) throws SignedMailValidatorException {
        SMIMESigned sMIMESigned;
        this.certPathReviewerClass = cls;
        if (!DEFAULT_CERT_PATH_REVIEWER.isAssignableFrom(cls)) {
            throw new IllegalArgumentException(new StringBuffer().append("certPathReviewerClass is not a subclass of ").append(DEFAULT_CERT_PATH_REVIEWER.getName()).toString());
        }
        try {
            if (mimeMessage.isMimeType("multipart/signed")) {
                sMIMESigned = new SMIMESigned((MimeMultipart) mimeMessage.getContent());
            } else {
                if (!mimeMessage.isMimeType("application/pkcs7-mime") && !mimeMessage.isMimeType("application/x-pkcs7-mime")) {
                    throw new SignedMailValidatorException(new ErrorBundle(RESOURCE_NAME, "SignedMailValidator.noSignedMessage"));
                }
                sMIMESigned = new SMIMESigned((Part) mimeMessage);
            }
            this.certs = new JcaCertStoreBuilder().addCertificates(sMIMESigned.getCertificates()).addCRLs(sMIMESigned.getCRLs()).setProvider("BC").build();
            this.signers = sMIMESigned.getSignerInfos();
            InternetAddress[] from = mimeMessage.getFrom();
            InternetAddress internetAddress = null;
            try {
                if (mimeMessage.getHeader("Sender") != null) {
                    internetAddress = new InternetAddress(mimeMessage.getHeader("Sender")[0]);
                }
            } catch (MessagingException e) {
            }
            int length = from != null ? from.length : 0;
            this.fromAddresses = new String[length + (internetAddress != null ? 1 : 0)];
            for (int i = 0; i < length; i++) {
                this.fromAddresses[i] = from[i].getAddress();
            }
            if (internetAddress != null) {
                this.fromAddresses[length] = internetAddress.getAddress();
            }
            this.results = new HashMap();
            validateSignatures(pKIXParameters);
        } catch (Exception e2) {
            if (!(e2 instanceof SignedMailValidatorException)) {
                throw new SignedMailValidatorException(new ErrorBundle(RESOURCE_NAME, "SignedMailValidator.exceptionReadingMessage", new Object[]{e2.getMessage(), e2, e2.getClass().getName()}), e2);
            }
            throw ((SignedMailValidatorException) e2);
        }
    }

    protected void validateSignatures(PKIXParameters pKIXParameters) {
        PKIXParameters pKIXParameters2 = (PKIXParameters) pKIXParameters.clone();
        pKIXParameters2.addCertStore(this.certs);
        for (SignerInformation signerInformation : this.signers.getSigners()) {
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            try {
                Iterator it = findCerts(pKIXParameters2.getCertStores(), selectorConverter.getCertSelector(signerInformation.getSID())).iterator();
                r19 = it.hasNext() ? (X509Certificate) it.next() : null;
            } catch (CertStoreException e) {
                arrayList.add(new ErrorBundle(RESOURCE_NAME, "SignedMailValidator.exceptionRetrievingSignerCert", new Object[]{e.getMessage(), e, e.getClass().getName()}));
            }
            if (r19 != null) {
                boolean z = false;
                try {
                    z = signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(r19.getPublicKey()));
                    if (!z) {
                        arrayList.add(new ErrorBundle(RESOURCE_NAME, "SignedMailValidator.signatureNotVerified"));
                    }
                } catch (Exception e2) {
                    arrayList.add(new ErrorBundle(RESOURCE_NAME, "SignedMailValidator.exceptionVerifyingSignature", new Object[]{e2.getMessage(), e2, e2.getClass().getName()}));
                }
                checkSignerCert(r19, arrayList, arrayList2);
                AttributeTable signedAttributes = signerInformation.getSignedAttributes();
                if (signedAttributes != null && signedAttributes.get(PKCSObjectIdentifiers.id_aa_receiptRequest) != null) {
                    arrayList2.add(new ErrorBundle(RESOURCE_NAME, "SignedMailValidator.signedReceiptRequest"));
                }
                Date signatureTime = getSignatureTime(signerInformation);
                if (signatureTime == null) {
                    arrayList2.add(new ErrorBundle(RESOURCE_NAME, "SignedMailValidator.noSigningTime"));
                    signatureTime = pKIXParameters.getDate();
                    if (signatureTime == null) {
                        signatureTime = new Date();
                    }
                } else {
                    try {
                        r19.checkValidity(signatureTime);
                    } catch (CertificateExpiredException e3) {
                        arrayList.add(new ErrorBundle(RESOURCE_NAME, "SignedMailValidator.certExpired", new Object[]{new TrustedInput(signatureTime), new TrustedInput(r19.getNotAfter())}));
                    } catch (CertificateNotYetValidException e4) {
                        arrayList.add(new ErrorBundle(RESOURCE_NAME, "SignedMailValidator.certNotYetValid", new Object[]{new TrustedInput(signatureTime), new TrustedInput(r19.getNotBefore())}));
                    }
                }
                pKIXParameters2.setDate(signatureTime);
                try {
                    ArrayList arrayList3 = new ArrayList();
                    arrayList3.add(this.certs);
                    Object[] createCertPath = createCertPath(r19, pKIXParameters2.getTrustAnchors(), pKIXParameters.getCertStores(), arrayList3);
                    CertPath certPath = (CertPath) createCertPath[0];
                    List list = (List) createCertPath[1];
                    try {
                        PKIXCertPathReviewer pKIXCertPathReviewer = (PKIXCertPathReviewer) this.certPathReviewerClass.newInstance();
                        pKIXCertPathReviewer.init(certPath, pKIXParameters2);
                        if (!pKIXCertPathReviewer.isValidCertPath()) {
                            arrayList.add(new ErrorBundle(RESOURCE_NAME, "SignedMailValidator.certPathInvalid"));
                        }
                        this.results.put(signerInformation, new ValidationResult(this, pKIXCertPathReviewer, z, arrayList, arrayList2, list));
                    } catch (IllegalAccessException e5) {
                        throw new IllegalArgumentException(new StringBuffer().append("Cannot instantiate object of type ").append(this.certPathReviewerClass.getName()).append(": ").append(e5.getMessage()).toString());
                    } catch (InstantiationException e6) {
                        throw new IllegalArgumentException(new StringBuffer().append("Cannot instantiate object of type ").append(this.certPathReviewerClass.getName()).append(": ").append(e6.getMessage()).toString());
                    }
                } catch (GeneralSecurityException e7) {
                    arrayList.add(new ErrorBundle(RESOURCE_NAME, "SignedMailValidator.exceptionCreateCertPath", new Object[]{e7.getMessage(), e7, e7.getClass().getName()}));
                    this.results.put(signerInformation, new ValidationResult(this, null, z, arrayList, arrayList2, null));
                } catch (CertPathReviewerException e8) {
                    arrayList.add(e8.getErrorMessage());
                    this.results.put(signerInformation, new ValidationResult(this, null, z, arrayList, arrayList2, null));
                }
            } else {
                arrayList.add(new ErrorBundle(RESOURCE_NAME, "SignedMailValidator.noSignerCert"));
                this.results.put(signerInformation, new ValidationResult(this, null, false, arrayList, arrayList2, null));
            }
        }
    }

    public static Set getEmailAddresses(X509Certificate x509Certificate) throws IOException, CertificateEncodingException {
        HashSet hashSet = new HashSet();
        for (RDN rdn : getTBSCert(x509Certificate).getSubject().getRDNs(PKCSObjectIdentifiers.pkcs_9_at_emailAddress)) {
            AttributeTypeAndValue[] typesAndValues = rdn.getTypesAndValues();
            for (int i = 0; i != typesAndValues.length; i++) {
                if (typesAndValues[i].getType().equals(PKCSObjectIdentifiers.pkcs_9_at_emailAddress)) {
                    hashSet.add(typesAndValues[i].getValue().getString().toLowerCase());
                }
            }
        }
        byte[] extensionValue = x509Certificate.getExtensionValue(SUBJECT_ALTERNATIVE_NAME);
        if (extensionValue != null) {
            ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(getObject(extensionValue));
            for (int i2 = 0; i2 < aSN1Sequence.size(); i2++) {
                ASN1TaggedObject objectAt = aSN1Sequence.getObjectAt(i2);
                if (objectAt.getTagNo() == 1) {
                    hashSet.add(ASN1IA5String.getInstance(objectAt, false).getString().toLowerCase());
                }
            }
        }
        return hashSet;
    }

    private static ASN1Primitive getObject(byte[] bArr) throws IOException {
        return ASN1Primitive.fromByteArray(ASN1OctetString.getInstance(new ASN1InputStream(bArr).readObject()).getOctets());
    }

    protected void checkSignerCert(X509Certificate x509Certificate, List list, List list2) {
        PublicKey publicKey = x509Certificate.getPublicKey();
        int i = -1;
        if (publicKey instanceof RSAPublicKey) {
            i = ((RSAPublicKey) publicKey).getModulus().bitLength();
        } else if (publicKey instanceof DSAPublicKey) {
            i = ((DSAPublicKey) publicKey).getParams().getP().bitLength();
        }
        if (i != -1 && i <= shortKeyLength) {
            list2.add(new ErrorBundle(RESOURCE_NAME, "SignedMailValidator.shortSigningKey", new Object[]{Integers.valueOf(i)}));
        }
        if (x509Certificate.getNotAfter().getTime() - x509Certificate.getNotBefore().getTime() > THIRTY_YEARS_IN_MILLI_SEC) {
            list2.add(new ErrorBundle(RESOURCE_NAME, "SignedMailValidator.longValidity", new Object[]{new TrustedInput(x509Certificate.getNotBefore()), new TrustedInput(x509Certificate.getNotAfter())}));
        }
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage != null && !keyUsage[0] && !keyUsage[1]) {
            list.add(new ErrorBundle(RESOURCE_NAME, "SignedMailValidator.signingNotPermitted"));
        }
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(EXT_KEY_USAGE);
            if (extensionValue != null) {
                ExtendedKeyUsage extendedKeyUsage = ExtendedKeyUsage.getInstance(getObject(extensionValue));
                if (!extendedKeyUsage.hasKeyPurposeId(KeyPurposeId.anyExtendedKeyUsage) && !extendedKeyUsage.hasKeyPurposeId(KeyPurposeId.id_kp_emailProtection)) {
                    list.add(new ErrorBundle(RESOURCE_NAME, "SignedMailValidator.extKeyUsageNotPermitted"));
                }
            }
        } catch (Exception e) {
            list.add(new ErrorBundle(RESOURCE_NAME, "SignedMailValidator.extKeyUsageError", new Object[]{e.getMessage(), e, e.getClass().getName()}));
        }
        try {
            Set emailAddresses = getEmailAddresses(x509Certificate);
            if (emailAddresses.isEmpty()) {
                list.add(new ErrorBundle(RESOURCE_NAME, "SignedMailValidator.noEmailInCert"));
            } else {
                boolean z = false;
                int i2 = 0;
                while (true) {
                    if (i2 >= this.fromAddresses.length) {
                        break;
                    }
                    if (emailAddresses.contains(this.fromAddresses[i2].toLowerCase())) {
                        z = true;
                        break;
                    }
                    i2++;
                }
                if (!z) {
                    list.add(new ErrorBundle(RESOURCE_NAME, "SignedMailValidator.emailFromCertMismatch", new Object[]{new UntrustedInput(addressesToString(this.fromAddresses)), new UntrustedInput(emailAddresses)}));
                }
            }
        } catch (Exception e2) {
            list.add(new ErrorBundle(RESOURCE_NAME, "SignedMailValidator.certGetEmailError", new Object[]{e2.getMessage(), e2, e2.getClass().getName()}));
        }
    }

    static String addressesToString(Object[] objArr) {
        if (objArr == null) {
            return "null";
        }
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append('[');
        for (int i = 0; i != objArr.length; i++) {
            if (i > 0) {
                stringBuffer.append(", ");
            }
            stringBuffer.append(String.valueOf(objArr[i]));
        }
        return stringBuffer.append(']').toString();
    }

    public static Date getSignatureTime(SignerInformation signerInformation) {
        Attribute attribute;
        AttributeTable signedAttributes = signerInformation.getSignedAttributes();
        Date date = null;
        if (signedAttributes != null && (attribute = signedAttributes.get(CMSAttributes.signingTime)) != null) {
            date = Time.getInstance(attribute.getAttrValues().getObjectAt(0).toASN1Primitive()).getDate();
        }
        return date;
    }

    private static List findCerts(List list, X509CertSelector x509CertSelector) throws CertStoreException {
        ArrayList arrayList = new ArrayList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            arrayList.addAll(((CertStore) it.next()).getCertificates(x509CertSelector));
        }
        return arrayList;
    }

    private static X509Certificate findNextCert(List list, X509CertSelector x509CertSelector, Set set) throws CertStoreException {
        Iterator it = findCerts(list, x509CertSelector).iterator();
        boolean z = false;
        X509Certificate x509Certificate = null;
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            x509Certificate = (X509Certificate) it.next();
            if (!set.contains(x509Certificate)) {
                z = true;
                break;
            }
        }
        if (z) {
            return x509Certificate;
        }
        return null;
    }

    public static CertPath createCertPath(X509Certificate x509Certificate, Set set, List list) throws GeneralSecurityException {
        return (CertPath) createCertPath(x509Certificate, set, list, null)[0];
    }

    public static Object[] createCertPath(X509Certificate x509Certificate, Set set, List list, List list2) throws GeneralSecurityException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        ArrayList arrayList = new ArrayList();
        X509Certificate x509Certificate2 = x509Certificate;
        linkedHashSet.add(x509Certificate2);
        arrayList.add(new Boolean(true));
        boolean z = false;
        X509Certificate x509Certificate3 = null;
        while (x509Certificate2 != null && !z) {
            Iterator it = set.iterator();
            while (it.hasNext()) {
                TrustAnchor trustAnchor = (TrustAnchor) it.next();
                X509Certificate trustedCert = trustAnchor.getTrustedCert();
                if (trustedCert != null) {
                    if (trustedCert.getSubjectX500Principal().equals(x509Certificate2.getIssuerX500Principal())) {
                        try {
                            x509Certificate2.verify(trustedCert.getPublicKey(), "BC");
                            z = true;
                            x509Certificate3 = trustedCert;
                            break;
                        } catch (Exception e) {
                        }
                    } else {
                        continue;
                    }
                } else if (trustAnchor.getCAName().equals(x509Certificate2.getIssuerX500Principal().getName())) {
                    try {
                        x509Certificate2.verify(trustAnchor.getCAPublicKey(), "BC");
                        z = true;
                        break;
                    } catch (Exception e2) {
                    }
                } else {
                    continue;
                }
            }
            if (!z) {
                X509CertSelector x509CertSelector = new X509CertSelector();
                try {
                    x509CertSelector.setSubject(x509Certificate2.getIssuerX500Principal().getEncoded());
                    byte[] extensionValue = x509Certificate2.getExtensionValue(Extension.authorityKeyIdentifier.getId());
                    if (extensionValue != null) {
                        try {
                            AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(getObject(extensionValue));
                            if (authorityKeyIdentifier.getKeyIdentifier() != null) {
                                x509CertSelector.setSubjectKeyIdentifier(new DEROctetString(authorityKeyIdentifier.getKeyIdentifier()).getEncoded("DER"));
                            }
                        } catch (IOException e3) {
                        }
                    }
                    boolean z2 = false;
                    x509Certificate2 = findNextCert(list, x509CertSelector, linkedHashSet);
                    if (x509Certificate2 == null && list2 != null) {
                        z2 = true;
                        x509Certificate2 = findNextCert(list2, x509CertSelector, linkedHashSet);
                    }
                    if (x509Certificate2 != null) {
                        linkedHashSet.add(x509Certificate2);
                        arrayList.add(new Boolean(z2));
                    }
                } catch (IOException e4) {
                    throw new IllegalStateException(e4.toString());
                }
            }
        }
        if (z) {
            if (x509Certificate3 == null || !x509Certificate3.getSubjectX500Principal().equals(x509Certificate3.getIssuerX500Principal())) {
                X509CertSelector x509CertSelector2 = new X509CertSelector();
                try {
                    x509CertSelector2.setSubject(x509Certificate2.getIssuerX500Principal().getEncoded());
                    x509CertSelector2.setIssuer(x509Certificate2.getIssuerX500Principal().getEncoded());
                    boolean z3 = false;
                    X509Certificate findNextCert = findNextCert(list, x509CertSelector2, linkedHashSet);
                    if (findNextCert == null && list2 != null) {
                        z3 = true;
                        findNextCert = findNextCert(list2, x509CertSelector2, linkedHashSet);
                    }
                    if (findNextCert != null) {
                        try {
                            x509Certificate2.verify(findNextCert.getPublicKey(), "BC");
                            linkedHashSet.add(findNextCert);
                            arrayList.add(new Boolean(z3));
                        } catch (GeneralSecurityException e5) {
                        }
                    }
                } catch (IOException e6) {
                    throw new IllegalStateException(e6.toString());
                }
            } else {
                linkedHashSet.add(x509Certificate3);
                arrayList.add(new Boolean(false));
            }
        }
        return new Object[]{CertificateFactory.getInstance("X.509", "BC").generateCertPath(new ArrayList(linkedHashSet)), arrayList};
    }

    public CertStore getCertsAndCRLs() {
        return this.certs;
    }

    public SignerInformationStore getSignerInformationStore() {
        return this.signers;
    }

    public ValidationResult getValidationResult(SignerInformation signerInformation) throws SignedMailValidatorException {
        if (this.signers.getSigners(signerInformation.getSID()).isEmpty()) {
            throw new SignedMailValidatorException(new ErrorBundle(RESOURCE_NAME, "SignedMailValidator.wrongSigner"));
        }
        return (ValidationResult) this.results.get(signerInformation);
    }

    private static TBSCertificate getTBSCert(X509Certificate x509Certificate) throws CertificateEncodingException {
        return TBSCertificate.getInstance(x509Certificate.getTBSCertificate());
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$bouncycastle$x509$PKIXCertPathReviewer == null) {
            cls = class$("org.bouncycastle.x509.PKIXCertPathReviewer");
            class$org$bouncycastle$x509$PKIXCertPathReviewer = cls;
        } else {
            cls = class$org$bouncycastle$x509$PKIXCertPathReviewer;
        }
        DEFAULT_CERT_PATH_REVIEWER = cls;
        EXT_KEY_USAGE = Extension.extendedKeyUsage.getId();
        SUBJECT_ALTERNATIVE_NAME = Extension.subjectAlternativeName.getId();
        selectorConverter = new JcaX509CertSelectorConverter();
    }
}
