package com.rsa.ssl;

import com.rsa.certj.CertJ;
import com.rsa.certj.CertJException;
import com.rsa.certj.DatabaseService;
import com.rsa.certj.Provider;
import com.rsa.certj.cert.CRL;
import com.rsa.certj.cert.X500Name;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.cert.extensions.BasicConstraints;
import com.rsa.certj.cert.extensions.X509V3Extension;
import com.rsa.certj.provider.db.MemoryDB;
import com.rsa.certj.provider.path.PKIXCertPath;
import com.rsa.certj.provider.random.DefaultRandom;
import com.rsa.certj.provider.revocation.CRLCertStatus;
import com.rsa.certj.spi.path.CertPathCtx;
import com.rsa.jsafe.JSAFE_PrivateKey;
import com.rsa.jsafe.JSAFE_PublicKey;
import java.util.Date;
import java.util.Vector;

/* loaded from: input_file:lib/external/sslj.jar:com/rsa/ssl/CertJIntegrator.class */
public class CertJIntegrator {
    private DatabaseService a;
    private CertJ b;
    private CertPathCtx c;

    public CertJIntegrator(DatabaseService databaseService, CertJ certJ) {
        this.a = databaseService;
        this.b = certJ;
    }

    public CertJIntegrator(CertJ certJ) throws SSLException {
        try {
            this.b = certJ;
            this.a = (DatabaseService) this.b.bindServices(1);
        } catch (Exception e) {
            throw new SSLException("Cannot create a CertJIntegrator");
        }
    }

    public CertJIntegrator(DatabaseService databaseService, CertJ certJ, CertPathCtx certPathCtx) {
        this.a = databaseService;
        this.b = certJ;
        this.c = certPathCtx;
    }

    public CertJIntegrator() throws SSLException {
        try {
            this.b = new CertJ(new Provider[]{new MemoryDB("MyDB"), new PKIXCertPath("PKIX path"), new CRLCertStatus("CRL status"), new DefaultRandom("RSARandom")});
            this.a = (DatabaseService) this.b.bindServices(1);
        } catch (Exception e) {
            throw new SSLException("Cannot create a CertJIntegrator");
        }
    }

    public void setDatabaseService(DatabaseService databaseService) {
        this.a = databaseService;
    }

    public void setCertJ(CertJ certJ) throws SSLException {
        try {
            this.b = certJ;
            this.a = (DatabaseService) this.b.bindServices(1);
        } catch (CertJException e) {
            throw new SSLException(new StringBuffer().append("can't bind database service").append(e.getMessage()).toString());
        }
    }

    public void setCertPathCtx(CertPathCtx certPathCtx) throws SSLException {
        this.c = certPathCtx;
    }

    public DatabaseService getDatabaseService() {
        return this.a;
    }

    public CertJ getCertJObject() {
        return this.b;
    }

    public CertPathCtx getCertPathCtx() {
        return this.c;
    }

    public X509Certificate[] loadCertificateChain(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) throws SSLException {
        X509Certificate[] x509CertificateArr2;
        try {
            Vector vector = new Vector();
            if (this.c == null) {
                this.c = new CertPathCtx(0, x509CertificateArr, (byte[][]) null, new Date(), this.a);
            }
            if (this.b.buildCertPath(this.c, x509Certificate, vector, null, null, null)) {
                x509CertificateArr2 = new X509Certificate[vector.size()];
                for (int i = 0; i < vector.size(); i++) {
                    x509CertificateArr2[i] = (X509Certificate) vector.elementAt(i);
                }
            } else {
                x509CertificateArr2 = new X509Certificate[]{x509Certificate};
            }
            return x509CertificateArr2;
        } catch (Exception e) {
            throw new SSLException("Cannot load certificate chain from database");
        }
    }

    public X509Certificate[] loadCACerts(X500Name[] x500NameArr) throws SSLException {
        Vector[] vectorArr = new Vector[x500NameArr.length];
        for (int i = 0; i < x500NameArr.length; i++) {
            try {
                vectorArr[i] = new Vector();
                this.a.selectCertificateBySubject(x500NameArr[i], vectorArr[i]);
            } catch (Exception e) {
                throw new SSLException("Cannot load CA certificates from database");
            }
        }
        int i2 = 0;
        for (int i3 = 0; i3 < x500NameArr.length; i3++) {
            i2 += vectorArr[i3].size();
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[i2];
        int i4 = 0;
        for (int i5 = 0; i5 < x500NameArr.length; i5++) {
            for (int i6 = 0; i6 < vectorArr[i5].size(); i6++) {
                x509CertificateArr[i4] = (X509Certificate) vectorArr[i5].elementAt(i6);
                i4++;
            }
        }
        return x509CertificateArr;
    }

    public X509Certificate[] loadCACerts() throws SSLException {
        X509V3Extension extensionByType;
        X509V3Extension extensionByType2;
        Vector vector = new Vector();
        try {
            X509Certificate x509Certificate = (X509Certificate) this.a.firstCertificate();
            if (x509Certificate.getExtensions() != null && (extensionByType2 = x509Certificate.getExtensions().getExtensionByType(19)) != null && ((BasicConstraints) extensionByType2).getCA()) {
                vector.addElement(x509Certificate);
            }
        } catch (Exception e) {
        }
        while (this.a.hasMoreCertificates()) {
            try {
                try {
                    X509Certificate x509Certificate2 = (X509Certificate) this.a.nextCertificate();
                    if (x509Certificate2.getExtensions() != null && (extensionByType = x509Certificate2.getExtensions().getExtensionByType(19)) != null && ((BasicConstraints) extensionByType).getCA()) {
                        vector.addElement(x509Certificate2);
                    }
                } catch (Exception e2) {
                }
            } catch (Exception e3) {
                throw new SSLException("Cannot load CA certificates from database");
            }
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[vector.size()];
        for (int i = 0; i < vector.size(); i++) {
            x509CertificateArr[i] = (X509Certificate) vector.elementAt(i);
        }
        return x509CertificateArr;
    }

    public JSAFE_PrivateKey loadPrivateKey(X509Certificate x509Certificate) throws SSLException {
        try {
            return this.a.selectPrivateKeyByCertificate(x509Certificate);
        } catch (Exception e) {
            throw new SSLException("Cannot load private key from database");
        }
    }

    public CRL[] loadCRLs(X500Name x500Name, Date date) throws SSLException {
        try {
            Vector vector = new Vector();
            this.a.selectCRLByIssuerAndTime(x500Name, date, vector);
            CRL[] crlArr = new CRL[vector.size()];
            for (int i = 0; i < vector.size(); i++) {
                crlArr[i] = (CRL) vector.elementAt(i);
            }
            return crlArr;
        } catch (Exception e) {
            throw new SSLException("Cannot load CRL from database");
        }
    }

    public int verifyCertificate(X509Certificate[] x509CertificateArr, X509Certificate[] x509CertificateArr2, String str) throws AlertException, SSLException {
        int i = 0;
        int i2 = 0;
        while (i2 < x509CertificateArr.length) {
            try {
                i = 0;
                while (i < x509CertificateArr2.length && !x509CertificateArr2[i].getSubjectName().equals(x509CertificateArr[i2].getIssuerName())) {
                    i++;
                }
                if (i < x509CertificateArr2.length) {
                    break;
                }
                i2++;
            } catch (AlertException e) {
                throw e;
            } catch (Exception e2) {
                throw new SSLException("Cannot verify certificate");
            }
        }
        if (i >= x509CertificateArr2.length || i2 >= x509CertificateArr.length) {
            return -1;
        }
        JSAFE_PublicKey subjectPublicKey = x509CertificateArr2[i].getSubjectPublicKey(str);
        if (this.c == null) {
            this.c = new CertPathCtx(0, x509CertificateArr2, (byte[][]) null, new Date(), this.a);
        }
        if (this.b.checkCertRevocation(this.c, x509CertificateArr[i2]).getStatus() == 1) {
            throw new AlertException("Revoked certificate", 1, 44);
        }
        if (!x509CertificateArr[0].checkValidityDate(new Date())) {
            throw new AlertException("Certificate expired", 1, 45);
        }
        if (this.b.validateCertificate(this.c, x509CertificateArr[i2], subjectPublicKey)) {
            return i;
        }
        throw new AlertException("Bad certificate", 1, 42);
    }
}
