package com.ibm.security.cert;

import com.ibm.security.util.BitArray;
import com.ibm.security.util.ObjectIdentifier;
import com.ibm.security.x509.CRLNumberExtension;
import com.ibm.security.x509.CRLReasonCodeExtension;
import com.ibm.security.x509.DeltaCRLIndicatorExtension;
import com.ibm.security.x509.Extension;
import com.ibm.security.x509.IssuingDistributionPointExtension;
import com.ibm.security.x509.OIDMap;
import com.ibm.security.x509.PKIXExtensions;
import com.ibm.security.x509.ReasonFlags;
import java.io.IOException;
import java.math.BigInteger;
import java.security.Principal;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.Hashtable;

/* loaded from: input_file:efixes/PK60674_Linux_i386/components/prereq.jdk/update.jar:/java/jre/lib/ibmcertpathprovider.jar:com/ibm/security/cert/CompositeCRL.class */
class CompositeCRL {
    static final int CERTIFICATE_REVOCATION_STATUS_UNSPECIFIED = 1000;
    static final int CERTIFICATE_REVOCATION_STATUS_KEY_COMPROMISE = 1001;
    static final int CERTIFICATE_REVOCATION_STATUS_CA_COMPROMISE = 1002;
    static final int CERTIFICATE_REVOCATION_STATUS_AFFILIATION_CHANGED = 1003;
    static final int CERTIFICATE_REVOCATION_STATUS_SUPERSEDED = 1004;
    static final int CERTIFICATE_REVOCATION_STATUS_CESSATION_OF_OPERATION = 1005;
    static final int CERTIFICATE_REVOCATION_STATUS_CERTIFICATE_HOLD = 1006;
    static final int CERTIFICATE_REVOCATION_STATUS_UNREVOKED = 2000;
    static final int CERTIFICATE_REVOCATION_STATUS_UNDETERMINED = 2001;
    static final int CERTIFICATE_REVOCATION_STATUS_REVOKED_NOREASONS = 2002;
    static final int COMPOSITE_UPDATED = 1001;
    static final int COMPOSITE_OUT_OF_DATE = 1002;
    static final int COMPOSITE_IS_CURRENT = 1003;
    static final int CRL_NOT_FOUND = 1004;
    static final int DELTA_OUT_OF_SEQUENCE = 1005;
    static final int COMPOSITE_IS_BACK_LEVEL = 1006;
    static final int CERTIFICATE_SETS_DO_NOT_MATCH = 1007;
    static final int REASONS_DO_NOT_MATCH = 1008;
    static final int DELTA_NOT_FOUND = 1009;
    static final int UPDATE_BASE_WITH_DELTA = 1010;
    static final int UPDATE_DELTA_WITH_BASE = 1011;
    static final int FAIL = Integer.MAX_VALUE;
    private String distributionPoint;
    private long lastModified;
    static final BigInteger BI_NEG_ONE = new BigInteger("-1");
    static Hashtable CAcompositeCRLHashtable = new Hashtable();
    static Hashtable EEcompositeCRLHashtable = new Hashtable();
    private int BASE_CRL_INDEX = 0;
    private int DELTA_CRL_INDEX = 1;
    private int NUMBER_INDEX = 2;
    private int REASONS_INDEX = 3;
    private int ONLY_CONTAINS_CA_INDEX = 4;
    private int ONLY_CONTAINS_EE_INDEX = 5;
    private X509Certificate issuerCertificate = null;
    private Principal issuerName = null;
    private Object[] crlInfo = {null, null, null, null, null, null};

    /* JADX INFO: Access modifiers changed from: package-private */
    public CompositeCRL(String str) {
        this.distributionPoint = null;
        this.distributionPoint = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getStatus(BigInteger bigInteger, Date date) throws CertPathValidatorException {
        int i = 2000;
        Object[] objArr = this.crlInfo;
        X509CRLEntry x509CRLEntry = null;
        X509CRL x509crl = (X509CRL) objArr[this.BASE_CRL_INDEX];
        Date nextUpdate = x509crl.getNextUpdate();
        if (objArr[this.DELTA_CRL_INDEX] != null) {
            X509CRL x509crl2 = (X509CRL) objArr[this.DELTA_CRL_INDEX];
            x509CRLEntry = x509crl2.getRevokedCertificate(bigInteger);
            nextUpdate = x509crl2.getNextUpdate();
        }
        if (x509CRLEntry == null) {
            x509CRLEntry = x509crl.getRevokedCertificate(bigInteger);
        }
        if (x509CRLEntry != null) {
            i = getCRLEntryReasonCode(x509CRLEntry);
        }
        if ((i == 2000 || i == 1006) && nextUpdate.compareTo(date) <= 0) {
            i = 2001;
        }
        return i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void update(X509CRL x509crl) throws CertPathValidatorException {
        Object[] objArr = new Object[this.crlInfo.length];
        if (isDeltaCRL(x509crl)) {
            objArr[this.BASE_CRL_INDEX] = null;
            objArr[this.DELTA_CRL_INDEX] = x509crl;
        } else {
            objArr[this.BASE_CRL_INDEX] = x509crl;
            objArr[this.DELTA_CRL_INDEX] = null;
        }
        objArr[this.NUMBER_INDEX] = getCRLNumber(x509crl);
        Object[] issuingDistributionPoint = getIssuingDistributionPoint(x509crl);
        objArr[this.ONLY_CONTAINS_CA_INDEX] = (Boolean) issuingDistributionPoint[2];
        objArr[this.ONLY_CONTAINS_EE_INDEX] = (Boolean) issuingDistributionPoint[1];
        objArr[this.REASONS_INDEX] = (boolean[]) issuingDistributionPoint[3];
        this.crlInfo = objArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int update(X509CRL x509crl, Date date, String str, long j) throws CertPathValidatorException {
        int i = isDeltaCRL(x509crl) ? this.BASE_CRL_INDEX : this.DELTA_CRL_INDEX;
        try {
            CertPathUtil.verifySignature(x509crl, getIssuerCertificate().getPublicKey(), str);
            if (this.crlInfo[this.BASE_CRL_INDEX] == null) {
                this.crlInfo[this.BASE_CRL_INDEX] = x509crl;
                this.lastModified = j;
            } else if (x509crl.getThisUpdate().compareTo(((X509CRL) this.crlInfo[i]).getThisUpdate()) > 0) {
                this.crlInfo[i] = x509crl;
                this.lastModified = j;
            }
            Date nextUpdate = ((X509CRL) this.crlInfo[i]).getNextUpdate();
            return nextUpdate != null ? nextUpdate.compareTo(date) >= 0 ? 1003 : 1002 : 1003;
        } catch (CertificateNotYetValidException e) {
            throw new CertPathValidatorException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int updateBase(X509CRL x509crl, Date date, String str) throws CertPathValidatorException {
        int i = 0;
        if (x509crl != null) {
            try {
                if (isDeltaCRL(x509crl)) {
                    i = 1010;
                } else {
                    try {
                        CertPathUtil.verifySignature(x509crl, getIssuerCertificate().getPublicKey(), str);
                        int compareTo = getCRLNumber(x509crl).compareTo(getNumber());
                        if (compareTo <= 0) {
                            int compareTo2 = getNextUpdate().compareTo(date);
                            if (compareTo2 > 0) {
                                i = 1003;
                            } else if (compareTo2 <= 0) {
                                i = 1002;
                            }
                        } else if (compareTo > 0) {
                            update(x509crl);
                            int compareTo3 = getNextUpdate().compareTo(date);
                            if (compareTo3 > 0) {
                                i = 1001;
                            } else if (compareTo3 <= 0) {
                                i = 1002;
                            }
                        }
                    } catch (CertificateNotYetValidException e) {
                        throw new CertPathValidatorException(e);
                    }
                }
            } catch (CertPathValidatorException e2) {
                throw e2;
            }
        } else if (x509crl == null) {
            i = 1004;
        }
        return i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int updateDelta(X509CRL x509crl, Date date, String str) throws CertPathValidatorException {
        int i = 0;
        if (x509crl != null) {
            try {
                if (isDeltaCRL(x509crl)) {
                    try {
                        CertPathUtil.verifySignature(x509crl, getIssuerCertificate().getPublicKey(), str);
                        int compareTo = getCRLNumber(x509crl).compareTo(getNumber());
                        if (compareTo < 0) {
                            i = 1005;
                        } else if (compareTo > 0) {
                            i = 1006;
                        } else if (compareTo == 0) {
                            Object[] issuingDistributionPoint = getIssuingDistributionPoint(x509crl);
                            if (!CertPathUtil.isEqualReasons(getReasons(), (boolean[]) issuingDistributionPoint[3])) {
                                i = 1008;
                            } else if ((isTypeEE() && ((Boolean) issuingDistributionPoint[1]).booleanValue()) || (isTypeCA() && ((Boolean) issuingDistributionPoint[2]).booleanValue())) {
                                refresh(x509crl);
                                int compareTo2 = getNextUpdate().compareTo(date);
                                if (compareTo2 > 0) {
                                    i = 1001;
                                } else if (compareTo2 <= 0) {
                                    i = 1002;
                                }
                            } else {
                                i = 1007;
                            }
                        }
                    } catch (CertificateNotYetValidException e) {
                        throw new CertPathValidatorException(e);
                    }
                } else {
                    i = 1011;
                }
            } catch (CertPathValidatorException e2) {
                throw e2;
            }
        } else if (x509crl == null) {
            i = 1009;
        }
        return i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void refresh(X509CRL x509crl) throws CertPathValidatorException {
        Object[] objArr = new Object[this.crlInfo.length];
        objArr[this.DELTA_CRL_INDEX] = x509crl;
        objArr[this.BASE_CRL_INDEX] = this.crlInfo[this.BASE_CRL_INDEX];
        objArr[this.NUMBER_INDEX] = getCRLNumber(x509crl);
        objArr[this.REASONS_INDEX] = this.crlInfo[this.REASONS_INDEX];
        this.crlInfo = objArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean[] getReasons() {
        if (this.crlInfo[this.REASONS_INDEX] == null) {
            return null;
        }
        boolean[] zArr = (boolean[]) this.crlInfo[this.REASONS_INDEX];
        boolean[] zArr2 = new boolean[zArr.length];
        System.arraycopy(zArr, 0, zArr2, 0, zArr2.length);
        return zArr2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Date getNextUpdate() {
        Object[] objArr = this.crlInfo;
        return objArr[this.DELTA_CRL_INDEX] != null ? ((X509CRL) objArr[this.DELTA_CRL_INDEX]).getNextUpdate() : ((X509CRL) objArr[this.BASE_CRL_INDEX]).getNextUpdate();
    }

    Date getThisUpdate() {
        Object[] objArr = this.crlInfo;
        return objArr[this.DELTA_CRL_INDEX] != null ? ((X509CRL) objArr[this.DELTA_CRL_INDEX]).getThisUpdate() : ((X509CRL) objArr[this.BASE_CRL_INDEX]).getThisUpdate();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BigInteger getNumber() {
        return (BigInteger) this.crlInfo[this.NUMBER_INDEX];
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Principal getIssuerName() {
        return ((X509CRL) this.crlInfo[this.BASE_CRL_INDEX]).getIssuerDN();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate getIssuerCertificate() {
        return this.issuerCertificate;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isTypeCA() {
        return !((Boolean) this.crlInfo[this.ONLY_CONTAINS_EE_INDEX]).equals(Boolean.TRUE);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isTypeEE() {
        return !((Boolean) this.crlInfo[this.ONLY_CONTAINS_CA_INDEX]).equals(Boolean.TRUE);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setIssuerCertificate(X509Certificate x509Certificate) {
        this.issuerCertificate = x509Certificate;
    }

    public String toString() {
        return super.toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static BigInteger getCRLNumber(X509CRL x509crl) throws CertPathValidatorException {
        BigInteger bigInteger = null;
        byte[] extensionValue = x509crl.getExtensionValue(OIDMap.getOID("x509.info.extensions.CRLNumber").toString());
        if (extensionValue != null) {
            try {
                Extension extension = new Extension(PKIXExtensions.CRLNumber_Id, false, extensionValue);
                bigInteger = (BigInteger) new CRLNumberExtension(new Boolean(extension.isCritical()), extension.getExtensionValue()).get("value");
            } catch (IOException e) {
                throw new CertPathValidatorException("An internal error has occurred when processing the CRLNumber extension.", e);
            }
        }
        return bigInteger;
    }

    static BigInteger getBaseNumber(X509CRL x509crl) throws CertPathValidatorException {
        BigInteger bigInteger = null;
        byte[] extensionValue = x509crl.getExtensionValue(PKIXExtensions.DeltaCRLIndicator_Id.toString());
        if (extensionValue != null) {
            try {
                Extension extension = new Extension(PKIXExtensions.DeltaCRLIndicator_Id, false, extensionValue);
                bigInteger = (BigInteger) new DeltaCRLIndicatorExtension(new Boolean(extension.isCritical()), extension.getExtensionValue()).get("value");
            } catch (IOException e) {
                throw new CertPathValidatorException("An internal error has occurred when processing the DeltaCRLIndicator extension.", e);
            }
        }
        return bigInteger;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isDeltaCRL(X509CRL x509crl) throws CertPathValidatorException {
        boolean z = false;
        BigInteger baseNumber = getBaseNumber(x509crl);
        if (baseNumber != null && baseNumber.compareTo(BI_NEG_ONE) != 0) {
            z = true;
        }
        return z;
    }

    static Object[] getIssuingDistributionPoint(X509CRL x509crl) throws CertPathValidatorException {
        Object[] objArr = new Object[5];
        boolean[] zArr = new boolean[9];
        Arrays.fill(zArr, true);
        zArr[7] = false;
        objArr[1] = new Boolean(false);
        objArr[2] = new Boolean(false);
        objArr[3] = zArr;
        objArr[4] = new Boolean(false);
        byte[] extensionValue = x509crl.getExtensionValue(OIDMap.getOID(IssuingDistributionPointExtension.IDENT).toString());
        if (extensionValue != null) {
            try {
                Extension extension = new Extension(PKIXExtensions.IssuingDistributionPoint_Id, true, extensionValue);
                IssuingDistributionPointExtension issuingDistributionPointExtension = new IssuingDistributionPointExtension(new Boolean(extension.isCritical()), extension.getExtensionValue());
                Boolean bool = (Boolean) issuingDistributionPointExtension.get(IssuingDistributionPointExtension.CA_CERTS_ONLY);
                if (bool != null && bool.equals(Boolean.TRUE)) {
                    objArr[2] = Boolean.TRUE;
                }
                Boolean bool2 = (Boolean) issuingDistributionPointExtension.get(IssuingDistributionPointExtension.USER_CERTS_ONLY);
                if (bool2 != null && bool2.equals(Boolean.TRUE)) {
                    objArr[1] = Boolean.TRUE;
                }
                ReasonFlags reasonFlags = (ReasonFlags) issuingDistributionPointExtension.get(IssuingDistributionPointExtension.LIMITED_REASONS);
                if (reasonFlags != null) {
                    BitArray reasonFlags2 = reasonFlags.getReasonFlags();
                    if (reasonFlags2 != null) {
                        int min = Math.min(reasonFlags2.length(), zArr.length);
                        for (int i = 0; i < min; i++) {
                            zArr[i] = reasonFlags2.get(i);
                        }
                    }
                } else {
                    objArr[3] = null;
                }
                objArr[4] = (Boolean) issuingDistributionPointExtension.get(IssuingDistributionPointExtension.INDIRECT_CRL);
            } catch (IOException e) {
                throw new CertPathValidatorException("An internal error has occurred when processing the IssuingDistributionPoint extension.", e);
            }
        } else {
            objArr[3] = null;
        }
        return objArr;
    }

    static int getCRLEntryReasonCode(X509CRLEntry x509CRLEntry) throws CertPathValidatorException {
        int i = 1000;
        ObjectIdentifier oid = OIDMap.getOID("x509.info.extensions.CRLReasonCode");
        byte[] extensionValue = x509CRLEntry.getExtensionValue(oid.toString());
        if (extensionValue != null) {
            try {
                Extension extension = new Extension(oid, false, extensionValue);
                switch (((Integer) new CRLReasonCodeExtension(new Boolean(extension.isCritical()), extension.getExtensionValue()).get(CRLReasonCodeExtension.REASON)).intValue()) {
                    case 0:
                    case 7:
                    default:
                        i = 1000;
                        break;
                    case 1:
                        i = 1001;
                        break;
                    case 2:
                        i = 1002;
                        break;
                    case 3:
                        i = 1003;
                        break;
                    case 4:
                        i = 1004;
                        break;
                    case 5:
                        i = 1005;
                        break;
                    case 6:
                        i = 1006;
                        break;
                    case 8:
                        i = 2000;
                        break;
                }
            } catch (IOException e) {
                throw new CertPathValidatorException("An internal error has occurred when processing the CRLReasonsCode extension.", e);
            }
        }
        return i;
    }

    public long getModifiedTime() {
        return this.lastModified;
    }

    public void setModifiedTime(long j) {
        this.lastModified = j;
    }
}
