package com.ibm.mq.ese.pki;

import com.ibm.mq.commonservices.Common;
import com.ibm.mq.ese.core.AMBIException;
import com.ibm.mq.ese.core.KeyStoreAccess;
import com.ibm.mq.ese.core.PkiSpec;
import com.ibm.mq.ese.nls.AmsErrorMessageInserts;
import com.ibm.mq.ese.nls.AmsErrorMessages;
import com.ibm.msg.client.commonservices.trace.Trace;
import com.ibm.security.x509.X509CRLImpl;
import com.sun.jndi.fscontext.FSContextFactory;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URI;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.LDAPCertStoreParameters;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import javax.naming.CommunicationException;

/* loaded from: input_file:lib/com.ibm.mq.jmqi.jar:com/ibm/mq/ese/pki/CertAccessImpl.class */
public class CertAccessImpl implements CertAccess {
    static final String copyright_notice = "Licensed Materials - Property of IBM 5724-H72, 5655-R36, 5724-L26, 5655-L82, 5724-Z94 (c) Copyright IBM Corp. 2011, 2012 All Rights Reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    public static final String sccsid = "@(#) MQMBID sn=p750-004-140807 su=_pY8W4B4HEeS1ypf5zzZGLw pn=com.ibm.mq.ese/src/com/ibm/mq/ese/pki/CertAccessImpl.java";
    private FileAccessor fileAccessor = new FileAccessor();
    private LdapAccessor ldapAccessor = new LdapAccessor();

    /* loaded from: input_file:lib/com.ibm.mq.jmqi.jar:com/ibm/mq/ese/pki/CertAccessImpl$FileAccessor.class */
    static class FileAccessor implements CertAccess {
        FileAccessor() {
        }

        @Override // com.ibm.mq.ese.pki.CertAccess
        public X509Certificate[] loadCertificates(KeyStoreAccess keyStoreAccess, PkiSpec pkiSpec, List list) throws MissingCertificateException, CertAccessException {
            return null;
        }

        @Override // com.ibm.mq.ese.pki.CertAccess
        public X509CRL[] loadCRLs(KeyStoreAccess keyStoreAccess, PkiSpec pkiSpec, X509Certificate[] x509CertificateArr) throws CrlAccessException {
            if (Trace.isOn) {
                Trace.entry(this, "com.ibm.mq.ese.pki.FileAccessor", "loadCRLs(KeyStoreAccess, PkiSpec, X509Certificate[])");
            }
            URI[] uriArr = pkiSpec.crlUris;
            String[] strArr = pkiSpec.crlFiles;
            FileInputStream fileInputStream = null;
            BufferedInputStream bufferedInputStream = null;
            LinkedList linkedList = new LinkedList();
            LinkedList<File> linkedList2 = new LinkedList();
            if (uriArr != null) {
                for (URI uri : uriArr) {
                    if (FSContextFactory.FILE_PROTOCOL.equalsIgnoreCase(uri.getScheme())) {
                        linkedList2.add(new File(uri));
                    } else if (Trace.isOn) {
                        Trace.traceInfo(this, "com.ibm.mq.ese.pki.FileAccessor", "loadCRLs(KeyStoreAccess, PkiSpec, X509Certificate[])", "skipping non file URI: ", uri);
                    }
                }
            }
            if (strArr != null) {
                for (String str : strArr) {
                    linkedList2.add(new File(str));
                }
            }
            String str2 = null;
            try {
                try {
                    for (File file : linkedList2) {
                        str2 = file.getAbsolutePath();
                        if (Trace.isOn) {
                            Trace.traceInfo(this, "com.ibm.mq.ese.pki.FileAccessor", "loadCRLs(KeyStoreAccess, PkiSpec, X509Certificate[])", "loading ", str2);
                        }
                        FileInputStream fileInputStream2 = new FileInputStream(file);
                        BufferedInputStream bufferedInputStream2 = new BufferedInputStream(fileInputStream2);
                        X509CRLImpl x509CRLImpl = new X509CRLImpl(bufferedInputStream2);
                        bufferedInputStream2.close();
                        bufferedInputStream = null;
                        fileInputStream2.close();
                        fileInputStream = null;
                        linkedList.add(x509CRLImpl);
                    }
                    if (bufferedInputStream != null) {
                        try {
                            bufferedInputStream.close();
                        } catch (IOException e) {
                        }
                    }
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e2) {
                        }
                    }
                    if (Trace.isOn) {
                        Trace.exit(this, "com.ibm.mq.ese.pki.FileAccessor", "loadCRLs(KeyStoreAccess, PkiSpec, X509Certificate[])", new Object[]{Integer.valueOf(linkedList.size())});
                    }
                    return (X509CRL[]) linkedList.toArray(new X509CRL[linkedList.size()]);
                } catch (Throwable th) {
                    if (bufferedInputStream != null) {
                        try {
                            bufferedInputStream.close();
                        } catch (IOException e3) {
                        }
                    }
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e4) {
                        }
                    }
                    throw th;
                }
            } catch (IOException e5) {
                HashMap hashMap = new HashMap();
                hashMap.put(AmsErrorMessageInserts.AMS_INSERT_CRL_NAME, str2);
                throw new CrlAccessException(AmsErrorMessages.mjp_certvalid_error_crl_not_found, hashMap, e5);
            } catch (CRLException e6) {
                HashMap hashMap2 = new HashMap();
                hashMap2.put(AmsErrorMessageInserts.AMS_INSERT_CRL_NAME, str2);
                throw new CrlAccessException(AmsErrorMessages.mjp_certvalid_error_crl_not_found, hashMap2, e6);
            }
        }
    }

    /* loaded from: input_file:lib/com.ibm.mq.jmqi.jar:com/ibm/mq/ese/pki/CertAccessImpl$LdapAccessor.class */
    static class LdapAccessor implements CertAccess {
        private CertStore store;
        private static final Object STORE_LOCK = new Object();
        private static final int MAX_RECONNECT_COUNT = 5;

        LdapAccessor() {
        }

        @Override // com.ibm.mq.ese.pki.CertAccess
        public X509Certificate[] loadCertificates(KeyStoreAccess keyStoreAccess, PkiSpec pkiSpec, List list) throws MissingCertificateException, CertAccessException {
            return null;
        }

        @Override // com.ibm.mq.ese.pki.CertAccess
        public X509CRL[] loadCRLs(KeyStoreAccess keyStoreAccess, PkiSpec pkiSpec, X509Certificate[] x509CertificateArr) throws CrlAccessException {
            if (Trace.isOn) {
                Trace.entry(this, "com.ibm.mq.ese.pki.LdapAccessor", "loadCRLs(KeyStoreAccess, PkiSpec, X509Certificate[])");
            }
            CertStore initConnection = initConnection(pkiSpec);
            int i = 0;
            while (initConnection != null) {
                try {
                    X509CRLSelector x509CRLSelector = new X509CRLSelector();
                    HashSet hashSet = new HashSet(x509CertificateArr.length);
                    for (X509Certificate x509Certificate : x509CertificateArr) {
                        hashSet.add(x509Certificate.getIssuerDN().getName());
                    }
                    x509CRLSelector.setIssuerNames(hashSet);
                    Collection<? extends CRL> cRLs = initConnection.getCRLs(x509CRLSelector);
                    i = 0;
                    if (Trace.isOn) {
                        Trace.exit(this, "com.ibm.mq.ese.pki.LdapAccessor", "loadCRLs(KeyStoreAccess, PkiSpec, X509Certificate[])", new Object[]{Integer.valueOf(cRLs.size())});
                    }
                    return (X509CRL[]) cRLs.toArray(new X509CRL[cRLs.size()]);
                } catch (IOException e) {
                    if (e.getCause() instanceof CommunicationException) {
                        i++;
                        if (i < 5) {
                            synchronized (STORE_LOCK) {
                                this.store = null;
                                initConnection = initConnection(pkiSpec);
                            }
                        }
                    }
                    throw new CrlAccessException(AmsErrorMessages.mjp_certvalid_error_crl_failed_to_retrieve, e);
                } catch (CertStoreException e2) {
                    if (e2.getCause() instanceof CommunicationException) {
                        i++;
                        if (i < 5) {
                            synchronized (STORE_LOCK) {
                                this.store = null;
                                initConnection = initConnection(pkiSpec);
                            }
                        }
                    }
                    throw new CrlAccessException(AmsErrorMessages.mjp_certvalid_error_crl_failed_to_retrieve, e2);
                }
            }
            if (Trace.isOn) {
                Trace.exit(this, "com.ibm.mq.ese.pki.LdapAccessor", "loadCRLs(KeyStoreAccess, PkiSpec, X509Certificate[])", new Object[]{0});
            }
            return new X509CRL[0];
        }

        private CertStore initConnection(PkiSpec pkiSpec) throws CrlAccessException {
            CertStore certStore;
            if (Trace.isOn) {
                Trace.entry(this, "com.ibm.mq.ese.pki.LdapAccessor", "initConnection(PkiSpec)");
            }
            int i = 0;
            List list = pkiSpec.ldapConfig.connections;
            if (list.size() < 1) {
                if (!Trace.isOn) {
                    return null;
                }
                Trace.traceInfo(this, "com.ibm.mq.ese.pki.LdapAccessor", "initConnection(PkiSpec)", "no LDAP configuration available", "");
                Trace.exit(this, "com.ibm.mq.ese.pki.LdapAccessor", "initConnection(PkiSpec)");
                return null;
            }
            try {
                synchronized (STORE_LOCK) {
                    while (this.store == null && i <= list.size()) {
                        String str = ((PkiSpec.ConnectionConfig) list.get(i)).host;
                        int i2 = ((PkiSpec.ConnectionConfig) list.get(i)).portNum;
                        if (Trace.isOn) {
                            Trace.traceInfo(this, "com.ibm.mq.ese.pki.LdapAccessor", "initConnection(PkiSpec)", "using configuration: " + i + Common.SPACE + str + Common.SPACE + i2, "");
                        }
                        LDAPCertStoreParameters lDAPCertStoreParameters = new LDAPCertStoreParameters(str, i2);
                        try {
                            if (this.store == null) {
                                this.store = CertStore.getInstance("LDAP", lDAPCertStoreParameters);
                            }
                        } catch (InvalidAlgorithmParameterException e) {
                            CommunicationException cause = e.getCause();
                            if (Trace.isOn) {
                                Trace.catchBlock(this, "com.ibm.mq.ese.pki.LdapAccessor", "initConnection(PkiSpec)", e);
                            }
                            if (!(cause instanceof CommunicationException)) {
                                throw e;
                            }
                            i++;
                            if (i >= list.size()) {
                                throw cause;
                            }
                        }
                    }
                    if (Trace.isOn) {
                        Trace.exit(this, "com.ibm.mq.ese.pki.LdapAccessor", "initConnection(PkiSpec)");
                    }
                    certStore = this.store;
                }
                return certStore;
            } catch (CommunicationException e2) {
                throw new CrlAccessException(AmsErrorMessages.mjp_certvalid_error_crl_failed_to_retrieve, e2);
            } catch (InvalidAlgorithmParameterException e3) {
                throw new CrlAccessException(AmsErrorMessages.mjp_certvalid_error_crl_failed_to_retrieve, e3);
            } catch (NoSuchAlgorithmException e4) {
                throw new CrlAccessException(AmsErrorMessages.mjp_certvalid_error_crl_failed_to_retrieve, e4);
            }
        }
    }

    @Override // com.ibm.mq.ese.pki.CertAccess
    public X509Certificate[] loadCertificates(KeyStoreAccess keyStoreAccess, PkiSpec pkiSpec, List list) throws MissingCertificateException, CertAccessException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.CertAccessImpl", "loadCertificates(KeyStoreAccess, PkiSpec, List)");
        }
        try {
            X509Certificate[] certificates = keyStoreAccess.getCertificates(new LinkedList(list), true);
            if (certificates == null || certificates.length == 0) {
                throw new MissingCertificateException(AmsErrorMessages.mjp_msg_error_getting_no_recipient_cert_MissingCertificateException);
            }
            if (Trace.isOn) {
                Trace.exit(this, "com.ibm.mq.ese.pki.CertAccessImpl", "loadCertificates(KeyStoreAccess, PkiSpec, List)");
            }
            return certificates;
        } catch (MissingCertificateException e) {
            throw e;
        } catch (AMBIException e2) {
            throw new CertAccessException(e2);
        }
    }

    @Override // com.ibm.mq.ese.pki.CertAccess
    public X509CRL[] loadCRLs(KeyStoreAccess keyStoreAccess, PkiSpec pkiSpec, X509Certificate[] x509CertificateArr) throws CrlAccessException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.CertAccessImpl", "loadCRLs(KeyStoreAccess, PkiSpec, X509Certificate[])");
        }
        if ((x509CertificateArr == null || x509CertificateArr.length == 0) && Trace.isOn) {
            Trace.traceInfo(this, "com.ibm.mq.ese.pki.CertAccessImpl", "loadCRLs(KeyStoreAccess, PkiSpec, X509Certificate[])", "no certificates to search CRLs for", "");
        }
        X509CRL[] x509crlArr = new X509CRL[0];
        X509CRL[] x509crlArr2 = new X509CRL[0];
        if (this.fileAccessor != null) {
            x509crlArr = this.fileAccessor.loadCRLs(keyStoreAccess, pkiSpec, x509CertificateArr);
        }
        if (this.ldapAccessor != null) {
            x509crlArr2 = this.ldapAccessor.loadCRLs(keyStoreAccess, pkiSpec, x509CertificateArr);
        }
        HashSet hashSet = new HashSet(x509crlArr.length + x509crlArr2.length + 1);
        hashSet.addAll(Arrays.asList(x509crlArr));
        hashSet.addAll(Arrays.asList(x509crlArr2));
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.pki.CertAccessImpl", "loadCRLs(KeyStoreAccess, PkiSpec, X509Certificate[])", new Object[]{Integer.valueOf(hashSet.size())});
        }
        return (X509CRL[]) hashSet.toArray(new X509CRL[hashSet.size()]);
    }

    public void setFileAccessor(FileAccessor fileAccessor) {
        this.fileAccessor = fileAccessor;
    }

    public void setLdapAccessor(LdapAccessor ldapAccessor) {
        this.ldapAccessor = ldapAccessor;
    }

    static {
        if (Trace.isOn) {
            Trace.data("com.ibm.mq.ese.pki.CertAccessImpl", "static", "SCCS id", (Object) sccsid);
        }
    }
}
