package com.ibm.security.cert;

import com.ibm.misc.Debug;
import com.ibm.security.util.DerValue;
import com.ibm.security.x509.CRLDistributionPointsExtension;
import com.ibm.security.x509.CRLReasonCodeExtension;
import com.ibm.security.x509.DeltaCRLIndicatorExtension;
import com.ibm.security.x509.DistributionPoint;
import com.ibm.security.x509.GeneralName;
import com.ibm.security.x509.GeneralNames;
import com.ibm.security.x509.GeneralNamesException;
import com.ibm.security.x509.IssuingDistributionPointExtension;
import com.ibm.security.x509.OIDMap;
import com.ibm.security.x509.ReasonFlags;
import com.ibm.security.x509.X500Name;
import com.ibm.security.x509.X509CRLEntryImpl;
import com.ibm.security.x509.X509CRLImpl;
import com.ibm.security.x509.X509CertImpl;
import java.awt.Event;
import java.io.IOException;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.sql.Types;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.Vector;
import javax.naming.CompositeName;
import javax.naming.InvalidNameException;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;

/* loaded from: input_file:efixes/PQ87578_express_win/components/prereq.jdk/update.jar:/java/jre/lib/security.jar:com/ibm/security/cert/CRSChecker.class */
public class CRSChecker {
    private static final Debug debug = Debug.getInstance("certpath");
    static final String[] myExtensions = {OIDMap.getOID(CRLDistributionPointsExtension.IDENT).toString()};
    static final String[] deltaCRLAttrIDArray = {"deltaRevocationList"};
    static final String[] baseCRLAttrIDArray = {"certificateRevocationList"};
    static final String[] baseARLAttrIDArray = {"authorityRevocationList"};
    static final String[] allCRLAttrIDArray = {"authorityRevocationList", "certificateRevocationList", "caCertificate"};
    private CertPath certPath;
    private Collection certStores;
    private boolean trustCertPathForCRLs;
    private boolean useDeltas;
    private Set trustBaseSet;
    private Date validationDate;
    private int numberOfCertsInCertPath;
    private String sigProvider;
    private Collection ibmCollectionCertStores;
    private int currentCertIndex;
    private Vector willBeTrustedCollection;
    private Hashtable CRLCache;
    private boolean[] userReasons = {false, true, true, true, true, true, true};
    private TrustAnchor trustAnchor;

    public CRSChecker(CertPath certPath, Collection collection, boolean z, boolean z2, Set set, Date date, boolean z3, String str) throws CertPathValidatorException {
        this.ibmCollectionCertStores = null;
        this.CRLCache = new Hashtable();
        this.certPath = certPath;
        this.certStores = collection;
        this.trustCertPathForCRLs = z;
        this.useDeltas = z2;
        this.trustBaseSet = set;
        this.validationDate = date;
        this.sigProvider = str;
        List certificates = certPath.getCertificates();
        this.numberOfCertsInCertPath = certificates.size();
        this.currentCertIndex = this.numberOfCertsInCertPath - 1;
        this.willBeTrustedCollection = new Vector();
        this.ibmCollectionCertStores = getIBMCollectionCertStores(collection);
        this.CRLCache = setCRLCache(collection);
        X509Certificate x509Certificate = (X509Certificate) certificates.get(this.numberOfCertsInCertPath - 1);
        if (x509Certificate != null) {
            this.trustAnchor = null;
            try {
                this.trustAnchor = CertPathUtil.findIssuer(x509Certificate, set, str);
            } catch (CertPathValidatorException e) {
                throw new CertPathValidatorException(new StringBuffer().append("The certificate issued by ").append(x509Certificate.getIssuerDN().toString()).append(" is not trusted").toString(), e, certPath, this.numberOfCertsInCertPath - 1);
            }
        }
    }

    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("The direction of forward is not supported");
        }
    }

    public Set getSupportedExtensions() {
        return null;
    }

    public boolean isForwardCheckingSupported() {
        return false;
    }

    public void check(Certificate certificate, Collection collection) throws CertPathValidatorException {
        DistributionPoint[] cRLDistributionPoints;
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (x509Certificate.getIssuerDN().equals(x509Certificate.getSubjectDN())) {
            try {
                this.trustAnchor = new TrustAnchor(x509Certificate, null);
                this.currentCertIndex--;
                return;
            } catch (IllegalArgumentException e) {
                throw new CertPathValidatorException("Fail to instantiate trust anchor for certificate revocation status processing", e, this.certPath, this.currentCertIndex);
            }
        }
        boolean booleanValue = ((Boolean) CertPathUtil.getBasicConstraints(x509Certificate)[1]).booleanValue();
        if (this.trustCertPathForCRLs) {
            this.willBeTrustedCollection.add(x509Certificate);
        }
        int checkCRLCache = checkCRLCache(x509Certificate, this.trustAnchor, booleanValue);
        if (checkCRLCache == 2001 && (cRLDistributionPoints = CertPathUtil.getCRLDistributionPoints(x509Certificate)) != null) {
            checkCRLCache = processDistributionPoints(cRLDistributionPoints, x509Certificate, this.willBeTrustedCollection, this.certStores, this.useDeltas, this.trustBaseSet, booleanValue, this.validationDate, this.userReasons, this.sigProvider);
        }
        String principal = x509Certificate.getSubjectDN().toString();
        String str = null;
        switch (checkCRLCache) {
            case 1000:
                str = new StringBuffer().append("The certificate with subject (").append(principal).append(") has been revoked for an unspecified reason.").toString();
                break;
            case 1001:
                str = new StringBuffer().append("The certificate with subject (").append(principal).append(") has been revoked because the key has been compromised.").toString();
                break;
            case 1002:
                str = new StringBuffer().append("The certificate with subject (").append(principal).append(") has been revoked because the CA key has been compromised.").toString();
                break;
            case 1003:
                str = new StringBuffer().append("The certificate with subject (").append(principal).append(") has been revoked because the owner's affiliation has changed.").toString();
                break;
            case 1004:
                str = new StringBuffer().append("The certificate with subject (").append(principal).append(") has been revoked because is is superseded.").toString();
                break;
            case 1005:
                str = new StringBuffer().append("The certificate with subject (").append(principal).append(") has been revoked because of cessation of operation.").toString();
                break;
            case Event.LEFT /* 1006 */:
                str = new StringBuffer().append("The certificate with subject (").append(principal).append(") has been put on hold.").toString();
                break;
            case 2000:
                break;
            case Types.DISTINCT /* 2001 */:
                str = new StringBuffer().append("The revocation status of the certificate with subject (").append(principal).append(") could not be determined.").toString();
                break;
            case Types.STRUCT /* 2002 */:
                str = new StringBuffer().append("The certificate with subject (").append(principal).append(") has been revoked, revocation reason unknown.").toString();
                break;
            default:
                str = new StringBuffer().append("An internal error has occurred in processing the certificate:").append(checkCRLCache).toString();
                break;
        }
        if (str != null) {
            throw new CertPathValidatorException(str, null, this.certPath, this.currentCertIndex);
        }
        try {
            this.trustAnchor = new TrustAnchor(x509Certificate, null);
            this.currentCertIndex--;
        } catch (IllegalArgumentException e2) {
            throw new CertPathValidatorException("Fail to instantiate trust anchor for certificate revocation status processing", e2, this.certPath, this.currentCertIndex);
        }
    }

    int checkCRLCache(X509Certificate x509Certificate, TrustAnchor trustAnchor, boolean z) throws CertPathValidatorException {
        Principal x500Name;
        PublicKey cAPublicKey;
        int i;
        boolean[] keyUsage = CertPathUtil.getKeyUsage(x509Certificate);
        if (this.currentCertIndex != 0 && z && keyUsage != null && !keyUsage[6]) {
            return Types.DISTINCT;
        }
        X509Certificate trustedCert = trustAnchor.getTrustedCert();
        X509Certificate x509Certificate2 = trustedCert;
        if (trustedCert != null) {
            if (!(x509Certificate2 instanceof X509CertImpl)) {
                try {
                    x509Certificate2 = new X509CertImpl(x509Certificate2.getEncoded());
                } catch (CertificateException e) {
                    throw new CertPathValidatorException(e.getMessage());
                }
            }
            x500Name = x509Certificate2.getSubjectDN();
            cAPublicKey = x509Certificate2.getPublicKey();
        } else {
            try {
                x500Name = new X500Name(trustAnchor.getCAName());
                cAPublicKey = trustAnchor.getCAPublicKey();
            } catch (IOException e2) {
                return Types.DISTINCT;
            }
        }
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        int i2 = 2001;
        boolean z2 = false;
        ArrayList cRLCache = getCRLCache(x500Name);
        if (cRLCache != null) {
            Iterator it = cRLCache.iterator();
            while (it.hasNext()) {
                X509CRL x509crl = (X509CRL) it.next();
                Date nextUpdate = x509crl.getNextUpdate();
                if (nextUpdate == null || !nextUpdate.before(new Date())) {
                    try {
                        x509crl.verify(cAPublicKey);
                        if (!z2) {
                            z2 = true;
                        }
                        byte[] extensionValue = x509crl.getExtensionValue("2.5.29.28");
                        if (extensionValue != null) {
                            try {
                                IssuingDistributionPointExtension issuingDistributionPointExtension = new IssuingDistributionPointExtension(new DerValue(extensionValue).getOctetString());
                                if (z) {
                                    if (((Boolean) issuingDistributionPointExtension.get(IssuingDistributionPointExtension.USER_CERTS_ONLY)).booleanValue()) {
                                        z2 = false;
                                    }
                                } else if (((Boolean) issuingDistributionPointExtension.get(IssuingDistributionPointExtension.CA_CERTS_ONLY)).booleanValue()) {
                                    z2 = false;
                                }
                            } catch (IOException e3) {
                            }
                        }
                        X509CRLEntryImpl x509CRLEntryImpl = (X509CRLEntryImpl) x509crl.getRevokedCertificate(serialNumber);
                        if (x509CRLEntryImpl != null) {
                            byte[] extensionValue2 = x509CRLEntryImpl.getExtensionValue("2.5.29.21");
                            if (extensionValue2 != null) {
                                try {
                                    i = 1000 + ((Integer) new CRLReasonCodeExtension(Boolean.FALSE, extensionValue2).get(CRLReasonCodeExtension.REASON)).intValue();
                                } catch (IOException e4) {
                                    i = 2002;
                                }
                            } else {
                                i = 2002;
                            }
                            return i;
                        }
                        byte[] extensionValue3 = x509crl.getExtensionValue("2.5.29.27");
                        if (extensionValue3 != null) {
                            try {
                                new DeltaCRLIndicatorExtension(Boolean.TRUE, new DerValue(extensionValue3).getOctetString());
                            } catch (IOException e5) {
                            }
                            z2 = false;
                        }
                    } catch (Exception e6) {
                    }
                }
            }
            if (z2) {
                i2 = 2000;
            }
        }
        return i2;
    }

    ArrayList getCRLCache(Principal principal) {
        ArrayList arrayList = (ArrayList) this.CRLCache.get(principal);
        if (arrayList != null) {
            return arrayList;
        }
        Enumeration keys = this.CRLCache.keys();
        while (keys.hasMoreElements()) {
            Principal principal2 = (Principal) keys.nextElement();
            if (principal2.equals(principal)) {
                return (ArrayList) this.CRLCache.get(principal2);
            }
        }
        return arrayList;
    }

    static int processDistributionPoints(DistributionPoint[] distributionPointArr, X509Certificate x509Certificate, Collection collection, Collection collection2, boolean z, Collection collection3, boolean z2, Date date, boolean[] zArr, String str) throws CertPathValidatorException {
        boolean[] booleanArray;
        boolean[] zArr2 = {false, false, false, false, false, false, false, false, false};
        boolean[] zArr3 = {true, true, true, true, true, true, true, true, true, true};
        int i = 2000;
        for (int i2 = 0; i2 < distributionPointArr.length && !CertPathUtil.allUserReasonsSatisfied(zArr, zArr2) && (i == 2000 || i == 2001); i2++) {
            try {
                ReasonFlags reasons = distributionPointArr[i2].getReasons();
                if (reasons == null) {
                    booleanArray = new boolean[10];
                    Arrays.fill(booleanArray, true);
                } else {
                    booleanArray = reasons.getReasonFlags().toBooleanArray();
                }
                CompositeCRL compositeCRLFromDP = getCompositeCRLFromDP(distributionPointArr[i2], x509Certificate, collection, collection2, z, collection3, z2, date, booleanArray, str);
                if (compositeCRLFromDP != null) {
                    boolean[] reasons2 = compositeCRLFromDP.getReasons();
                    try {
                        CertPathUtil.intersectReasons(reasons2, booleanArray);
                        if (!CertPathUtil.interimContainMoreReasons(reasons2, zArr2)) {
                            throw new CertPathValidatorException("Interim Reasons Mask did not contain more reaons than reasons mask ");
                            break;
                        }
                        Principal findDNCRLIssuer = CertPathUtil.findDNCRLIssuer(distributionPointArr[i2].getIssuer());
                        if (findDNCRLIssuer != null) {
                            if (findDNCRLIssuer.equals(compositeCRLFromDP.getIssuerName())) {
                            }
                        } else if (x509Certificate.getIssuerDN().equals(compositeCRLFromDP.getIssuerName())) {
                        }
                        i = compositeCRLFromDP.getStatus(x509Certificate.getSerialNumber(), date);
                        CertPathUtil.unionReasons(zArr2, reasons2);
                    } catch (GeneralNamesException e) {
                    } catch (IOException e2) {
                    }
                }
            } catch (IOException e3) {
                throw new CertPathValidatorException("An internal error has occurred in processing the certificate.", e3);
            }
        }
        if (i == 2000 && !CertPathUtil.allUserReasonsSatisfied(zArr, zArr2)) {
            i = 2001;
        }
        return i;
    }

    static CompositeCRL getCompositeCRLFromDP(DistributionPoint distributionPoint, X509Certificate x509Certificate, Collection collection, Collection collection2, boolean z, Collection collection3, boolean z2, Date date, boolean[] zArr, String str) throws CertPathValidatorException {
        CompositeCRL compositeCRL = null;
        GeneralNames generalNames = null;
        try {
            generalNames = distributionPoint.getIssuer();
        } catch (GeneralNamesException e) {
        } catch (IOException e2) {
        }
        Principal findDNCRLIssuer = CertPathUtil.findDNCRLIssuer(generalNames);
        if (findDNCRLIssuer == null) {
            findDNCRLIssuer = x509Certificate.getIssuerDN();
        }
        GeneralName generalName = null;
        try {
            generalName = CertPathUtil.getSupportedNameObjectFromGeneralNames((GeneralNames) distributionPoint.getName());
        } catch (GeneralNamesException e3) {
        } catch (IOException e4) {
        }
        if (generalName != null) {
            if (generalName.getType() == 6) {
                compositeCRL = getCompositeCRLByDPName(CertPathUtil.stripJunk(generalName.toString()), findDNCRLIssuer, collection2, z, collection, collection3, z2, date, str);
                if (compositeCRL != null && !isIssuerTrusted(compositeCRL.getIssuerCertificate(), collection, collection3, str)) {
                    compositeCRL = null;
                }
            } else if (generalName.getType() == 4) {
                compositeCRL = getCompositeCRLByIssuerName(generalName.toString(), date, collection2, zArr, false, z2, collection, collection3, z, str);
            }
        }
        return compositeCRL;
    }

    static CompositeCRL getCompositeCRLByDPName(String str, Principal principal, Collection collection, boolean z, Collection collection2, Collection collection3, boolean z2, Date date, String str2) throws CertPathValidatorException {
        X509Certificate x509Certificate;
        CompositeCRL compositeCRL = (CompositeCRL) (z2 ? CompositeCRL.CAcompositeCRLHashtable : CompositeCRL.EEcompositeCRLHashtable).get(str);
        CompositeCRL[] compositeCRLArr = null;
        if (compositeCRL != null) {
            if (compositeCRL.getNextUpdate().compareTo(date) <= 0) {
                int i = 0;
                if (CertPathUtil.isHTTPURI(str)) {
                    X509CRL cRLWithHttp = getCRLWithHttp(str);
                    if (cRLWithHttp != null) {
                        i = compositeCRL.update(cRLWithHttp, date, str2);
                    }
                } else if (CertPathUtil.isLDAPURI(str)) {
                    i = updateCompositeCRL(str, compositeCRL, z, z2, date, str2);
                }
                if (i != 1001 && i != 1002) {
                    compositeCRL = null;
                }
            }
        } else if (compositeCRL == null) {
            if (CertPathUtil.isHTTPURI(str)) {
                compositeCRLArr = new CompositeCRL[2];
                X509CRL cRLWithHttp2 = getCRLWithHttp(str);
                if (cRLWithHttp2 != null) {
                    compositeCRL = new CompositeCRL(null);
                    compositeCRL.update(cRLWithHttp2);
                    try {
                        x509Certificate = CertPathUtil.findIssuerOfCRL(cRLWithHttp2, collection2, collection3, collection, str2);
                    } catch (CertificateNotYetValidException e) {
                        x509Certificate = null;
                    }
                    if (x509Certificate == null) {
                        compositeCRL = null;
                    } else {
                        compositeCRL.setIssuerCertificate(x509Certificate);
                        if (isIssuerTrusted(x509Certificate, collection2, collection3, str2)) {
                            compositeCRLArr[0] = compositeCRL;
                            compositeCRLArr[1] = compositeCRL;
                        }
                    }
                }
            } else if (CertPathUtil.isLDAPURI(str)) {
                compositeCRLArr = createCompositeCRLWithDPName(str, collection2, collection, str2);
            }
            if (compositeCRLArr[0] != null && z2) {
                CompositeCRL.CAcompositeCRLHashtable.put(str, compositeCRLArr[0]);
            }
            if (compositeCRLArr[1] != null && !z2) {
                CompositeCRL.EEcompositeCRLHashtable.put(str, compositeCRLArr[1]);
            }
            if (z2) {
                compositeCRL = compositeCRLArr[0];
            } else if (!z2) {
                compositeCRL = compositeCRLArr[1];
            }
        }
        return compositeCRL;
    }

    static CompositeCRL[] createCompositeCRLWithDPName(String str, Collection collection, Collection collection2, String str2) throws CertPathValidatorException {
        CompositeCRL[] compositeCRLArr = new CompositeCRL[2];
        String[] lDAPURLAndDN = getLDAPURLAndDN(str);
        if ((lDAPURLAndDN[0] != null) & (lDAPURLAndDN[1] != null)) {
            Object[] retrieveCRLs = CertPathUtil.retrieveCRLs(CertPathUtil.getDirContext(lDAPURLAndDN[0]), lDAPURLAndDN[1], allCRLAttrIDArray);
            X509CRLImpl x509CRLImpl = (X509CRLImpl) retrieveCRLs[0];
            X509Certificate x509Certificate = (X509Certificate) retrieveCRLs[2];
            CompositeCRL createOneCompositeCRL = createOneCompositeCRL(lDAPURLAndDN[1], collection, collection2, x509CRLImpl, x509Certificate, str2);
            CompositeCRL createOneCompositeCRL2 = createOneCompositeCRL(lDAPURLAndDN[1], collection, collection2, (X509CRLImpl) retrieveCRLs[1], x509Certificate, str2);
            compositeCRLArr[0] = createOneCompositeCRL;
            compositeCRLArr[1] = createOneCompositeCRL2;
        }
        return compositeCRLArr;
    }

    static X509CRL getCRLWithHttp(String str) {
        X509CRL x509crl = null;
        try {
            x509crl = (X509CRL) CertificateFactory.getInstance("X.509", "IBMCertPath").generateCRL(((HttpURLConnection) new URL(str).openConnection()).getInputStream());
        } catch (MalformedURLException e) {
            if (debug != null) {
                System.out.println(new StringBuffer().append("Failed to retrieve CRL from ").append(str).toString());
                e.printStackTrace();
            }
        } catch (IOException e2) {
            if (debug != null) {
                System.out.println(new StringBuffer().append("Failed to retrieve CRL from ").append(str).toString());
                e2.printStackTrace();
            }
        } catch (NoSuchProviderException e3) {
            if (debug != null) {
                System.out.println(new StringBuffer().append("Failed to retrieve CRL from ").append(str).toString());
                e3.printStackTrace();
            }
        } catch (CRLException e4) {
            if (debug != null) {
                System.out.println(new StringBuffer().append("Failed to retrieve CRL from ").append(str).toString());
                e4.printStackTrace();
            }
        } catch (CertificateException e5) {
            if (debug != null) {
                System.out.println(new StringBuffer().append("Failed to retrieve CRL from ").append(str).toString());
                e5.printStackTrace();
            }
        }
        return x509crl;
    }

    static CompositeCRL createOneCompositeCRL(String str, Collection collection, Collection collection2, X509CRLImpl x509CRLImpl, X509Certificate x509Certificate, String str2) throws CertPathValidatorException {
        int i;
        X509Certificate x509Certificate2 = null;
        CompositeCRL compositeCRL = null;
        if (x509CRLImpl != null) {
            if (x509Certificate != null) {
                if (!(x509Certificate instanceof X509CertImpl)) {
                    try {
                        x509Certificate = new X509CertImpl(x509Certificate.getEncoded());
                    } catch (CertificateException e) {
                        throw new CertPathValidatorException(e.getMessage());
                    }
                }
                try {
                    i = CertPathUtil.verifyCRLIssuer(x509CRLImpl, x509Certificate.getPublicKey(), x509Certificate.getIssuerDN(), str2);
                } catch (CertificateNotYetValidException e2) {
                    i = Integer.MAX_VALUE;
                }
                if (i == 0) {
                    x509Certificate2 = x509Certificate;
                }
            }
            if (x509Certificate2 == null) {
                try {
                    x509Certificate2 = CertPathUtil.findIssuerOfCRL(x509CRLImpl, collection, null, collection2, str2);
                } catch (CertificateNotYetValidException e3) {
                    x509Certificate2 = null;
                }
            }
            if (x509Certificate2 != null) {
                compositeCRL = new CompositeCRL(str);
                compositeCRL.update(x509CRLImpl);
                compositeCRL.setIssuerCertificate(x509Certificate2);
            }
        }
        return compositeCRL;
    }

    static int updateCompositeCRL(String str, CompositeCRL compositeCRL, boolean z, boolean z2, Date date, String str2) throws CertPathValidatorException {
        int i = 0;
        String[] lDAPURLAndDN = getLDAPURLAndDN(str);
        if ((lDAPURLAndDN[0] != null) & (lDAPURLAndDN[1] != null)) {
            DirContext dirContext = CertPathUtil.getDirContext(lDAPURLAndDN[0]);
            if (z2) {
                i = retrieveBaseCRL(compositeCRL, dirContext, lDAPURLAndDN[1], baseARLAttrIDArray, date, str2);
            } else if (!z2) {
                if (z) {
                    i = retrieveDeltaCRL(compositeCRL, dirContext, lDAPURLAndDN[1], deltaCRLAttrIDArray, date, str2);
                    if (i != 1001 && i != 1001) {
                        i = retrieveBaseCRL(compositeCRL, dirContext, lDAPURLAndDN[1], baseCRLAttrIDArray, date, str2);
                    }
                } else {
                    i = retrieveBaseCRL(compositeCRL, dirContext, lDAPURLAndDN[1], baseCRLAttrIDArray, date, str2);
                }
            }
        }
        return i;
    }

    static CompositeCRL getCompositeCRLByIssuerName(String str, Date date, Collection collection, boolean[] zArr, boolean z, boolean z2, Collection collection2, Collection collection3, boolean z3, String str2) throws CertPathValidatorException {
        CompositeCRL firstFindFromCache = getFirstFindFromCache(str, zArr, z2);
        if (firstFindFromCache != null) {
            getStatusFromCertStores(str, z2, date, collection, zArr, true, collection2, collection3, z3, str2);
            firstFindFromCache = getFirstFindFromCache(str, zArr, z2);
        }
        return firstFindFromCache;
    }

    static CompositeCRL getFirstFindFromCache(String str, boolean[] zArr, boolean z) {
        CompositeCRL compositeCRL = null;
        Hashtable hashtable = z ? (Hashtable) CompositeCRL.CAcompositeCRLHashtable.get(str) : (Hashtable) CompositeCRL.CAcompositeCRLHashtable.get(str);
        if (hashtable != null) {
            synchronized (hashtable) {
                Enumeration elements = hashtable.elements();
                while (elements.hasMoreElements()) {
                    compositeCRL = (CompositeCRL) elements.nextElement();
                    if (CertPathUtil.minimalUserReasonsSatisfied(zArr, compositeCRL.getReasons())) {
                        break;
                    }
                    compositeCRL = null;
                }
            }
        }
        return compositeCRL;
    }

    static int processIssuerName(X509Certificate x509Certificate, Collection collection, Collection collection2, boolean z, Collection collection3, boolean z2, Date date, boolean[] zArr, String str) throws CertPathValidatorException {
        String principal = x509Certificate.getIssuerDN().toString();
        int i = 2001;
        Hashtable hashtable = z2 ? (Hashtable) CompositeCRL.CAcompositeCRLHashtable.get(principal) : (Hashtable) CompositeCRL.EEcompositeCRLHashtable.get(principal);
        if (hashtable != null) {
            i = getCRSFromCache(hashtable, date, x509Certificate.getSerialNumber(), zArr);
        }
        if (i == 2001) {
            Object[] statusFromCertStores = getStatusFromCertStores(principal, z2, date, collection2, zArr, true, collection, collection3, z, str);
            i = getCRSFromCache(z2 ? (Hashtable) statusFromCertStores[0] : (Hashtable) statusFromCertStores[1], date, x509Certificate.getSerialNumber(), zArr);
        }
        return i;
    }

    static int getCRSFromCache(Hashtable hashtable, Date date, BigInteger bigInteger, boolean[] zArr) throws CertPathValidatorException {
        boolean[] zArr2 = {false, false, false, false, false, false, false, false, false};
        int i = 2001;
        Enumeration elements = hashtable.elements();
        while (elements.hasMoreElements()) {
            CompositeCRL compositeCRL = (CompositeCRL) elements.nextElement();
            i = compositeCRL.getStatus(bigInteger, date);
            if (i == 2001 || i == 2000) {
                CertPathUtil.unionReasons(zArr2, compositeCRL.getReasons());
                if (CertPathUtil.allUserReasonsSatisfied(zArr, zArr2)) {
                    break;
                }
            }
        }
        return i;
    }

    static Object[] getStatusFromCertStores(String str, boolean z, Date date, Collection collection, boolean[] zArr, boolean z2, Collection collection2, Collection collection3, boolean z3, String str2) throws CertPathValidatorException {
        Hashtable hashtable;
        Hashtable hashtable2;
        synchronized (CompositeCRL.CAcompositeCRLHashtable) {
            hashtable = (Hashtable) CompositeCRL.CAcompositeCRLHashtable.get(str);
            if (hashtable == null) {
                hashtable = new Hashtable();
                CompositeCRL.CAcompositeCRLHashtable.put(str, hashtable);
            }
        }
        synchronized (CompositeCRL.EEcompositeCRLHashtable) {
            hashtable2 = (Hashtable) CompositeCRL.EEcompositeCRLHashtable.get(str);
            if (hashtable2 == null) {
                hashtable2 = new Hashtable();
                CompositeCRL.EEcompositeCRLHashtable.put(str, hashtable2);
            }
        }
        updateCachesFromCertStores(str, z, date, collection, hashtable, hashtable2, zArr, z2, collection2, collection3, z3, str2);
        return new Object[]{hashtable, hashtable2};
    }

    static void updateCachesFromCertStores(String str, boolean z, Date date, Collection collection, Hashtable hashtable, Hashtable hashtable2, boolean[] zArr, boolean z2, Collection collection2, Collection collection3, boolean z3, String str2) throws CertPathValidatorException {
        boolean[] zArr2 = {false, false, false, false, false, false, false, false, false};
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            x509CRLSelector.addIssuerName(str);
            Vector vector = new Vector();
            Iterator it = collection.iterator();
            loop0: while (it.hasNext()) {
                Collection<X509CRL> collection4 = null;
                try {
                    collection4 = ((CertStore) it.next()).getCRLs(x509CRLSelector);
                } catch (CertStoreException e) {
                }
                if (collection4 != null) {
                    for (X509CRL x509crl : collection4) {
                        if (!CompositeCRL.isDeltaCRL(x509crl)) {
                            CompositeCRL createCompositeCRL = createCompositeCRL(hashtable2, hashtable, x509crl, collection, collection2, collection3, str2);
                            if (createCompositeCRL != null && ((z && createCompositeCRL.isTypeCA()) || (!z && createCompositeCRL.isTypeEE()))) {
                                CertPathUtil.unionReasons(zArr2, createCompositeCRL.getReasons());
                                if (!z2) {
                                    if (CertPathUtil.minimalUserReasonsSatisfied(zArr, zArr2)) {
                                        break loop0;
                                    }
                                } else if (CertPathUtil.allUserReasonsSatisfied(zArr, zArr2)) {
                                    int compareTo = createCompositeCRL.getNextUpdate().compareTo(date);
                                    if (compareTo > 0) {
                                        break loop0;
                                    } else if (compareTo <= 0) {
                                    }
                                } else {
                                    continue;
                                }
                            }
                        } else {
                            vector.add(x509crl);
                        }
                    }
                }
            }
            Hashtable hashtable3 = z ? hashtable : hashtable2;
            Iterator it2 = vector.iterator();
            while (it2.hasNext()) {
                X509CRL x509crl2 = (X509CRL) it2.next();
                CompositeCRL compositeCRL = (CompositeCRL) hashtable3.get(CompositeCRL.getCRLNumber(x509crl2));
                if (compositeCRL != null) {
                    compositeCRL.refresh(x509crl2);
                }
            }
        } catch (IOException e2) {
        }
    }

    static CompositeCRL createCompositeCRL(Hashtable hashtable, Hashtable hashtable2, X509CRL x509crl, Collection collection, Collection collection2, Collection collection3, String str) throws CertPathValidatorException {
        X509Certificate x509Certificate;
        CompositeCRL compositeCRL = null;
        CompositeCRL compositeCRL2 = new CompositeCRL(null);
        compositeCRL2.update(x509crl);
        Object number = compositeCRL2.getNumber();
        boolean z = false;
        boolean z2 = false;
        if (compositeCRL2.isTypeEE() && hashtable.get(number) == null) {
            z = true;
        }
        if (compositeCRL2.isTypeCA() && hashtable2.get(number) == null) {
            z2 = true;
        }
        if (z || z2) {
            try {
                x509Certificate = CertPathUtil.findIssuerOfCRL(x509crl, collection2, collection3, collection, str);
            } catch (CertificateNotYetValidException e) {
                x509Certificate = null;
            }
            if (x509Certificate != null) {
                compositeCRL2.setIssuerCertificate(x509Certificate);
                compositeCRL = compositeCRL2;
                if (isIssuerTrusted(x509Certificate, collection2, collection3, str)) {
                    if (z) {
                        hashtable.put(number, compositeCRL2);
                    }
                    if (z2) {
                        hashtable2.put(number, compositeCRL2);
                    }
                }
            }
        }
        return compositeCRL;
    }

    static boolean isIssuerTrusted(X509Certificate x509Certificate, Collection collection, Collection collection2, String str) {
        boolean z = false;
        if (0 == 0) {
            TrustAnchor trustAnchor = null;
            try {
                trustAnchor = CertPathUtil.findIssuer(x509Certificate, collection, str);
            } catch (CertPathValidatorException e) {
            }
            if (trustAnchor == null) {
                try {
                    trustAnchor = CertPathUtil.findIssuer(x509Certificate, collection2, str);
                } catch (CertPathValidatorException e2) {
                }
                if (trustAnchor != null) {
                    z = true;
                }
            } else {
                z = true;
            }
        }
        return z;
    }

    static int retrieveBaseCRL(CompositeCRL compositeCRL, DirContext dirContext, String str, String[] strArr, Date date, String str2) throws CertPathValidatorException {
        return compositeCRL.updateBase(CertPathUtil.retrieveCRLs(dirContext, str, strArr)[0], date, str2);
    }

    static int retrieveDeltaCRL(CompositeCRL compositeCRL, DirContext dirContext, String str, String[] strArr, Date date, String str2) throws CertPathValidatorException {
        return compositeCRL.updateDelta(CertPathUtil.retrieveCRLs(dirContext, str, strArr)[0], date, str2);
    }

    static String[] getLDAPURLAndDN(String str) {
        String[] strArr = new String[2];
        try {
            CompositeName compositeName = new CompositeName(str);
            strArr[0] = new StringBuffer().append(compositeName.get(0)).append("//").append(compositeName.get(2)).toString();
            strArr[1] = compositeName.getSuffix(3).toString();
        } catch (InvalidNameException e) {
            if (debug != null) {
                System.out.println(new StringBuffer().append("Failed to retrieve CRL from ").append(str).toString());
                e.printStackTrace();
            }
        } catch (NamingException e2) {
            if (debug != null) {
                System.out.println(new StringBuffer().append("Failed to retrieve CRL from ").append(str).toString());
                e2.printStackTrace();
            }
        }
        return strArr;
    }

    private static Collection getIBMCollectionCertStores(Collection collection) {
        Collection vector = new Vector();
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            CertStore certStore = (CertStore) it.next();
            if (certStore.getType().equals("Collection")) {
                vector.add(certStore);
            }
        }
        if (vector.size() <= 0) {
            vector = null;
        }
        return vector;
    }

    private Hashtable setCRLCache(Collection collection) {
        if (!collection.isEmpty()) {
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                Collection<X509CRL> collection2 = null;
                CertStore certStore = (CertStore) it.next();
                if (certStore.getType().equals("Collection")) {
                    try {
                        collection2 = certStore.getCRLs(null);
                    } catch (CertStoreException e) {
                        collection2 = null;
                    }
                } else if (certStore.getType().equals("LDAP")) {
                    List certificates = this.certPath.getCertificates();
                    if (!certificates.isEmpty()) {
                        X509CRLSelector x509CRLSelector = new X509CRLSelector();
                        Iterator it2 = certificates.iterator();
                        while (it2.hasNext()) {
                            try {
                                x509CRLSelector.addIssuerName(((X509Certificate) it2.next()).getIssuerDN().toString());
                            } catch (IOException e2) {
                            }
                        }
                        try {
                            collection2 = certStore.getCRLs(x509CRLSelector);
                        } catch (CertStoreException e3) {
                            collection2 = null;
                        }
                    }
                }
                if (collection2 != null) {
                    for (X509CRL x509crl : collection2) {
                        if (!(x509crl instanceof X509CRLImpl)) {
                            try {
                                x509crl = new X509CRLImpl(x509crl.getEncoded());
                            } catch (CRLException e4) {
                            }
                        }
                        Principal issuerDN = x509crl.getIssuerDN();
                        ArrayList arrayList = (ArrayList) this.CRLCache.get(issuerDN);
                        if (arrayList != null) {
                            arrayList.add(x509crl);
                            this.CRLCache.put(issuerDN, arrayList);
                        } else {
                            ArrayList arrayList2 = new ArrayList();
                            arrayList2.add(x509crl);
                            this.CRLCache.put(issuerDN, arrayList2);
                        }
                    }
                }
            }
        }
        return this.CRLCache;
    }
}
