package com.ibm.security.cert;

import com.ibm.security.x509.CRLNumberExtension;
import com.ibm.security.x509.X500Name;
import com.ibm.security.x509.X509CRLImpl;
import com.ibm.security.x509.X509CertImpl;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashSet;
import java.util.Properties;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.security.cert.CRLSelector;
import javax.security.cert.CertPathValidatorException;
import javax.security.cert.CertSelector;
import javax.security.cert.CertStoreException;
import javax.security.cert.CertStoreParameters;
import javax.security.cert.CertStoreSpi;
import javax.security.cert.LDAPCertStoreParameters;
import javax.security.cert.X509CRLSelector;
import javax.security.cert.X509CertSelector;

/* loaded from: input_file:java_tmp/jre/lib/ext/certpath.jar:com/ibm/security/cert/LDAPCertStoreImpl.class */
public class LDAPCertStoreImpl extends CertStoreSpi {
    private final String USER_CERT = "userCertificate";
    private final String CA_CERT = "cACertificate";
    private final String CROSS_CERT = "crossCertificatePair";
    private final String CRL = "certificateRevocationList";
    private final String ARL = "authorityRevocationList";
    private final String DELTA_CRL = "deltaRevocationList";
    private DirContext ctx;

    public LDAPCertStoreImpl(CertStoreParameters certStoreParameters) throws InvalidAlgorithmParameterException {
        super(certStoreParameters);
        this.USER_CERT = "userCertificate";
        this.CA_CERT = "cACertificate";
        this.CROSS_CERT = "crossCertificatePair";
        this.CRL = "certificateRevocationList";
        this.ARL = "authorityRevocationList";
        this.DELTA_CRL = "deltaRevocationList";
        init(certStoreParameters);
    }

    public void init(CertStoreParameters certStoreParameters) throws InvalidAlgorithmParameterException {
        Properties properties = new Properties();
        String str = new String("");
        String str2 = new String("ldap://");
        try {
            properties.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
            properties.put(Context.URL_PKG_PREFIXES, "com.sun.jndi.ldap");
            if (!(certStoreParameters instanceof LDAPCertStoreParameters)) {
                throw new InvalidAlgorithmParameterException();
            }
            String serverName = ((LDAPCertStoreParameters) certStoreParameters).getServerName();
            properties.put(Context.PROVIDER_URL, new StringBuffer().append(str2).append(serverName).append(":").append(((LDAPCertStoreParameters) certStoreParameters).getPort()).toString());
            this.ctx = new InitialDirContext(properties);
        } catch (InvalidAlgorithmParameterException e) {
            throw e;
        } catch (NamingException e2) {
            throw new InvalidAlgorithmParameterException(new StringBuffer().append(str).append(":").append(0).append(" not valid.").toString());
        }
    }

    @Override // javax.security.cert.CertStoreSpi
    public synchronized Collection engineGetCertificates(CertSelector certSelector) throws CertStoreException {
        X509CertSelector x509CertSelector;
        if (certSelector == null) {
            x509CertSelector = new X509CertSelector();
        } else {
            try {
                x509CertSelector = (X509CertSelector) certSelector;
            } catch (ClassCastException e) {
                throw new CertStoreException("selector not an X509CertSelector");
            }
        }
        HashSet hashSet = new HashSet();
        String subjectAsString = x509CertSelector.getSubjectAsString();
        String issuerAsString = x509CertSelector.getIssuerAsString();
        int basicConstraints = x509CertSelector.getBasicConstraints();
        if (subjectAsString != null) {
            if (basicConstraints == -2) {
                hashSet.addAll(getCerts(new String[]{"userCertificate"}, subjectAsString, x509CertSelector));
            } else if (basicConstraints > -2) {
                hashSet.addAll(getCerts(new String[]{"userCertificate", "cACertificate", "crossCertificatePair"}, subjectAsString, x509CertSelector));
            }
        } else {
            if (basicConstraints == -2) {
                throw new CertStoreException("need subject to find end-entity certficates");
            }
            if (issuerAsString == null) {
                throw new CertStoreException("not enough information to find certifictes");
            }
        }
        if (issuerAsString != null && basicConstraints > -2) {
            hashSet.addAll(getCerts(new String[]{"cACertificate", "crossCertificatePair"}, issuerAsString, x509CertSelector));
        }
        return hashSet;
    }

    private Collection getCerts(String[] strArr, String str, X509CertSelector x509CertSelector) {
        HashSet hashSet = new HashSet();
        try {
            new BasicAttributes(true);
            Attributes attributes = this.ctx.getAttributes(str);
            if (attributes.size() != 0) {
                NamingEnumeration all = attributes.getAll();
                while (all.hasMoreElements()) {
                    Attribute attribute = (Attribute) all.next();
                    if (attribute != null && attribute.size() != 0) {
                        String trim = attribute.getID().trim();
                        if (match(trim, strArr)) {
                            NamingEnumeration all2 = attribute.getAll();
                            while (all2.hasMoreElements()) {
                                Object next = all2.next();
                                try {
                                    X509CertImpl x509CertImpl = new X509CertImpl((byte[]) next);
                                    if (x509CertSelector.match(x509CertImpl)) {
                                        hashSet.add(x509CertImpl);
                                    }
                                } catch (CertificateException e) {
                                    if (match(trim, new String[]{"crossCertificatePair"})) {
                                        try {
                                            X509CertificatePair x509CertificatePair = new X509CertificatePair((byte[]) next);
                                            X509CertImpl x509CertImpl2 = (X509CertImpl) x509CertificatePair.getForward();
                                            if (x509CertSelector.match(x509CertImpl2)) {
                                                hashSet.add(x509CertImpl2);
                                            }
                                            X509CertImpl x509CertImpl3 = (X509CertImpl) x509CertificatePair.getReverse();
                                            if (x509CertSelector.match(x509CertImpl3)) {
                                                hashSet.add(x509CertImpl3);
                                            }
                                        } catch (CertificateException e2) {
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
        } catch (NamingException e3) {
        }
        return hashSet;
    }

    private boolean match(String str, String[] strArr) {
        for (int i = 0; i < strArr.length; i++) {
            if (str.length() >= strArr[i].length() && str.substring(0, strArr[i].length()).equalsIgnoreCase(strArr[i])) {
                return true;
            }
        }
        return false;
    }

    @Override // javax.security.cert.CertStoreSpi
    public synchronized Collection engineGetCRLs(CRLSelector cRLSelector) throws CertStoreException {
        Collection issuerNames;
        X509CRLImpl x509CRLImpl;
        if (cRLSelector == null) {
            cRLSelector = new X509CRLSelector();
        }
        if (!(cRLSelector instanceof X509CRLSelector)) {
            throw new CertStoreException("need X509CRLSelector to find CRLs");
        }
        X509CRLSelector x509CRLSelector = (X509CRLSelector) cRLSelector;
        HashSet hashSet = new HashSet();
        X509Certificate certificateChecking = x509CRLSelector.getCertificateChecking();
        if (certificateChecking != null) {
            issuerNames = new HashSet();
            issuerNames.add(certificateChecking.getIssuerDN().getName());
        } else {
            issuerNames = x509CRLSelector.getIssuerNames();
            if (issuerNames == null) {
                throw new CertStoreException("need issuerNames or certiticateChecking to find CRLs");
            }
        }
        String str = null;
        for (Object obj : issuerNames) {
            if (obj instanceof byte[]) {
                try {
                    str = new X500Name((byte[]) obj).toString();
                } catch (IOException e) {
                    str = null;
                }
            } else if (obj instanceof String) {
                str = (String) obj;
            }
            if (str != null) {
                try {
                    new BasicAttributes(true);
                    Attributes attributes = this.ctx.getAttributes(str);
                    if (attributes.size() == 0) {
                        return hashSet;
                    }
                    NamingEnumeration all = attributes.getAll();
                    while (all.hasMoreElements()) {
                        Attribute attribute = (Attribute) all.next();
                        if (attribute != null && attribute.size() != 0 && match(attribute.getID().trim(), new String[]{"certificateRevocationList", "authorityRevocationList", "deltaRevocationList"})) {
                            NamingEnumeration all2 = attribute.getAll();
                            while (all2.hasMoreElements()) {
                                try {
                                    x509CRLImpl = new X509CRLImpl((byte[]) all2.next());
                                } catch (CRLException e2) {
                                }
                                if (x509CRLSelector.getMinCRL() != null || x509CRLSelector.getMaxCRL() != null) {
                                    try {
                                        Object[] extension = CertPathUtil.getExtension("x509.info.extensions.CRLNumber", x509CRLImpl);
                                        BigInteger bigInteger = (BigInteger) new CRLNumberExtension((Boolean) extension[0], extension[1]).get("value");
                                        if (x509CRLSelector.getMinCRL() == null || bigInteger.compareTo(x509CRLSelector.getMinCRL()) >= 0) {
                                            if (x509CRLSelector.getMaxCRL() != null && bigInteger.compareTo(x509CRLSelector.getMaxCRL()) > 0) {
                                            }
                                        }
                                    } catch (IOException e3) {
                                    } catch (NullPointerException e4) {
                                    } catch (CertPathValidatorException e5) {
                                    }
                                }
                                if (x509CRLSelector.getDateAndTime() == null || (!x509CRLSelector.getDateAndTime().before(x509CRLImpl.getThisUpdate()) && x509CRLImpl.getNextUpdate() != null && x509CRLSelector.getDateAndTime().before(x509CRLImpl.getNextUpdate()))) {
                                    hashSet.add(x509CRLImpl);
                                }
                            }
                        }
                    }
                } catch (NamingException e6) {
                }
            }
        }
        return hashSet;
    }
}
