package com.rsa.certj.provider.revocation;

import com.rsa.certj.CertJ;
import com.rsa.certj.CertJUtils;
import com.rsa.certj.DatabaseService;
import com.rsa.certj.InvalidParameterException;
import com.rsa.certj.NoServiceException;
import com.rsa.certj.NotSupportedException;
import com.rsa.certj.Provider;
import com.rsa.certj.ProviderImplementation;
import com.rsa.certj.ProviderManagementException;
import com.rsa.certj.cert.CRL;
import com.rsa.certj.cert.Certificate;
import com.rsa.certj.cert.CertificateException;
import com.rsa.certj.cert.NameException;
import com.rsa.certj.cert.NameMatcher;
import com.rsa.certj.cert.RDN;
import com.rsa.certj.cert.RevokedCertificates;
import com.rsa.certj.cert.X500Name;
import com.rsa.certj.cert.X509CRL;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.cert.X509V3Extensions;
import com.rsa.certj.cert.extensions.BasicConstraints;
import com.rsa.certj.cert.extensions.CRLDistributionPoints;
import com.rsa.certj.cert.extensions.CertificateIssuer;
import com.rsa.certj.cert.extensions.GeneralName;
import com.rsa.certj.cert.extensions.GeneralNames;
import com.rsa.certj.cert.extensions.IssuingDistributionPoint;
import com.rsa.certj.cert.extensions.KeyUsage;
import com.rsa.certj.cert.extensions.ReasonCode;
import com.rsa.certj.cert.extensions.X509V3Extension;
import com.rsa.certj.spi.path.CertPathCtx;
import com.rsa.certj.spi.path.CertPathResult;
import com.rsa.certj.spi.random.RandomException;
import com.rsa.certj.spi.revocation.CertRevocationInfo;
import com.rsa.certj.spi.revocation.CertStatusException;
import com.rsa.certj.spi.revocation.CertStatusInterface;
import com.rsa.jsafe.JSAFE_PublicKey;
import java.security.SecureRandom;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Vector;

/* loaded from: input_file:com/rsa/certj/provider/revocation/CRLCertStatus.class */
public final class CRLCertStatus extends Provider {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/rsa/certj/provider/revocation/CRLCertStatus$Implementation.class */
    public final class Implementation extends ProviderImplementation implements CertStatusInterface {
        private final CRLCertStatus a;

        private Implementation(CRLCertStatus cRLCertStatus, CertJ certJ, String str) throws InvalidParameterException {
            super(certJ, str);
            this.a = cRLCertStatus;
        }

        @Override // com.rsa.certj.spi.revocation.CertStatusInterface
        public CertRevocationInfo checkCertRevocation(CertPathCtx certPathCtx, Certificate certificate) throws NotSupportedException, CertStatusException {
            CertRevocationInfo a;
            if (!(certificate instanceof X509Certificate)) {
                throw new NotSupportedException("CRLCertStatus$Implementation.checkCertRevocation: does not support certificat types other than X509Certificate.");
            }
            X509Certificate x509Certificate = (X509Certificate) certificate;
            CRLDistributionPoints cRLDistributionPoints = (CRLDistributionPoints) a(x509Certificate, 31);
            if (cRLDistributionPoints == null || certPathCtx.isFlagRaised(1024)) {
                CRLDistributionPoints cRLDistributionPoints2 = new CRLDistributionPoints();
                GeneralNames generalNames = new GeneralNames();
                GeneralName generalName = new GeneralName();
                try {
                    generalName.setGeneralName(x509Certificate.getIssuerName(), 5);
                    generalNames.addGeneralName(generalName);
                    cRLDistributionPoints2.addDistributionPoints(generalNames, -1, (GeneralNames) null);
                    a = a(certPathCtx, x509Certificate, cRLDistributionPoints2);
                } catch (NameException e) {
                    throw new CertStatusException(e.getMessage());
                }
            } else {
                a = a(certPathCtx, x509Certificate, cRLDistributionPoints);
            }
            return a;
        }

        private CertRevocationInfo a(CertPathCtx certPathCtx, X509Certificate x509Certificate, CRLDistributionPoints cRLDistributionPoints) throws CertStatusException {
            Vector a;
            CertRevocationInfo certRevocationInfo = new CertRevocationInfo();
            Caf caf = new Caf(this, null);
            Vector vector = new Vector();
            Vector vector2 = new Vector();
            Vector vector3 = new Vector();
            Date date = certPathCtx.getValidationTime() == null ? new Date() : certPathCtx.getValidationTime();
            int distributionPointCount = cRLDistributionPoints.getDistributionPointCount();
            loop0: for (int i = 0; i < distributionPointCount; i++) {
                GeneralNames generalNames = null;
                try {
                    generalNames = cRLDistributionPoints.getCRLIssuer(i);
                } catch (NameException e) {
                    a(e);
                }
                boolean z = false;
                if (generalNames != null) {
                    X500Name a2 = a(generalNames);
                    b(a2);
                    a = a(certPathCtx, a2, date);
                    z = true;
                } else {
                    a = a(certPathCtx, x509Certificate.getIssuerName(), date);
                }
                Iterator it = a.iterator();
                while (it.hasNext()) {
                    if (caf.a() || !caf.c()) {
                        break loop0;
                    }
                    X509CRL x509crl = (X509CRL) it.next();
                    if (!a(certPathCtx, x509crl, date) && (!z || a(x509crl))) {
                        b();
                        try {
                        } catch (NameException e2) {
                            a(e2);
                        }
                        if (a(certPathCtx, x509crl, x509Certificate, cRLDistributionPoints, i)) {
                            a();
                            if (!certPathCtx.isFlagRaised(16384)) {
                                a(certPathCtx, caf, x509crl, cRLDistributionPoints, i);
                                if (!a(caf)) {
                                }
                            }
                            if (a(certPathCtx, x509crl, x509Certificate, vector, vector2, vector3)) {
                                if (vector2 != null && !vector2.contains(x509crl)) {
                                    vector2.add(x509crl);
                                }
                                CertJUtils.mergeLists(vector3, vector);
                                if (a(x509Certificate, x509crl, z)) {
                                    ReasonCode reasonCode = (ReasonCode) a(x509crl, 21);
                                    if (reasonCode != null) {
                                        caf.c = reasonCode.getReasonCode();
                                    } else {
                                        caf.c = 0;
                                    }
                                    certRevocationInfo.setStatus(1);
                                    certRevocationInfo.setType(1);
                                    certRevocationInfo.setEvidence(new CRLEvidence(x509crl, null, null));
                                } else if (!certPathCtx.isFlagRaised(128) && b(x509crl)) {
                                    caf.c = 0;
                                    certRevocationInfo.setStatus(2);
                                    certRevocationInfo.setType(1);
                                    certRevocationInfo.setEvidence(new CRLEvidence(x509crl, null, null));
                                } else if (certPathCtx.isFlagRaised(16384)) {
                                    certRevocationInfo.setStatus(0);
                                    certRevocationInfo.setType(1);
                                    certRevocationInfo.setEvidence(new CRLEvidence(null, vector3, vector2));
                                }
                                if (caf.c == 8) {
                                    caf.d();
                                }
                                caf.b |= caf.d;
                            }
                        }
                    }
                }
            }
            if (certPathCtx.isFlagRaised(16384)) {
                return certRevocationInfo;
            }
            if (!caf.a() && caf.c()) {
                certRevocationInfo.setStatus(2);
                certRevocationInfo.setEvidence(null);
                certRevocationInfo.setType(0);
            } else if (caf.c()) {
                CRLEvidence cRLEvidence = new CRLEvidence(null, vector3, vector2);
                certRevocationInfo.setStatus(0);
                certRevocationInfo.setType(1);
                certRevocationInfo.setEvidence(cRLEvidence);
            }
            return certRevocationInfo;
        }

        private boolean a(X509CRL x509crl) {
            IssuingDistributionPoint issuingDistributionPoint = (IssuingDistributionPoint) a(x509crl, 28);
            if (issuingDistributionPoint == null) {
                return false;
            }
            return issuingDistributionPoint.getIndirectCRL();
        }

        private X500Name a(GeneralNames generalNames) {
            Vector generalNames2 = generalNames.getGeneralNames();
            for (int i = 0; i < generalNames2.size(); i++) {
                Object generalName = ((GeneralName) generalNames2.get(i)).getGeneralName();
                if (generalName instanceof X500Name) {
                    return (X500Name) generalName;
                }
            }
            return null;
        }

        private void a(Exception exc) throws CertStatusException {
            throw new CertStatusException(new StringBuffer().append("Internal error! ").append(exc.getMessage()).toString());
        }

        private boolean a(Caf caf) {
            return (caf.d & (caf.b ^ (-1))) != 0;
        }

        private void a(CertPathCtx certPathCtx, Caf caf, X509CRL x509crl, CRLDistributionPoints cRLDistributionPoints, int i) throws CertStatusException {
            try {
                int reasonFlags = cRLDistributionPoints.getReasonFlags(i);
                IssuingDistributionPoint issuingDistributionPoint = (IssuingDistributionPoint) a(x509crl, 28);
                if (issuingDistributionPoint == null) {
                    if (reasonFlags != -1) {
                        caf.d = reasonFlags;
                        return;
                    } else {
                        caf.d = -8388608;
                        return;
                    }
                }
                int reasonFlags2 = issuingDistributionPoint.getReasonFlags();
                if (reasonFlags2 == -1) {
                    if (reasonFlags != -1) {
                        caf.d = reasonFlags;
                        return;
                    } else {
                        caf.d = -8388608;
                        return;
                    }
                }
                caf.d = reasonFlags2;
                if (reasonFlags != -1) {
                    caf.d &= reasonFlags;
                }
            } catch (NameException e) {
                throw new CertStatusException(new StringBuffer().append("Internal error! ").append(e.getMessage()).toString());
            }
        }

        private Vector a(CertPathCtx certPathCtx, X500Name x500Name, Date date) throws CertStatusException {
            Vector vector = new Vector();
            try {
                DatabaseService database = certPathCtx.getDatabase();
                database.setupCRLIterator();
                while (database.hasMoreCRLs()) {
                    CRL nextCRL = database.nextCRL();
                    if (nextCRL instanceof X509CRL) {
                        X509CRL x509crl = (X509CRL) nextCRL;
                        if (x500Name.equals(x509crl.getIssuerName()) && !x509crl.getThisUpdate().after(date) && !vector.contains(x509crl)) {
                            vector.add(x509crl.clone());
                        }
                    }
                }
                return a(vector);
            } catch (Exception e) {
                throw new CertStatusException(new StringBuffer().append("CRLCertStatus$Implementation.checkCertRevocation: ").append(e.getMessage()).toString());
            }
        }

        private boolean a() {
            return true;
        }

        private boolean a(CertPathCtx certPathCtx, X509CRL x509crl, X509Certificate x509Certificate, CRLDistributionPoints cRLDistributionPoints, int i) throws NameException, CertStatusException {
            GeneralNames cRLIssuer = cRLDistributionPoints.getCRLIssuer(i);
            IssuingDistributionPoint issuingDistributionPoint = (IssuingDistributionPoint) a(x509crl, 28);
            if (cRLIssuer != null) {
                X500Name a = a(cRLIssuer);
                b(a);
                if (!NameMatcher.matchDirectoryNames(x509crl.getIssuerName(), a)) {
                    return false;
                }
                if (!certPathCtx.isFlagRaised(16384) && (issuingDistributionPoint == null || !issuingDistributionPoint.getIndirectCRL())) {
                    return false;
                }
            } else if (!NameMatcher.matchDirectoryNames(x509crl.getIssuerName(), x509Certificate.getIssuerName())) {
                return false;
            }
            if (issuingDistributionPoint == null || certPathCtx.isFlagRaised(16384)) {
                return true;
            }
            if (!a(cRLIssuer, x509crl, x509Certificate, issuingDistributionPoint, cRLDistributionPoints, i)) {
                return false;
            }
            BasicConstraints basicConstraints = (BasicConstraints) a(x509Certificate, 19);
            if (issuingDistributionPoint.getUserCerts() && basicConstraints != null && basicConstraints.getCA()) {
                return false;
            }
            return (!issuingDistributionPoint.getCACerts() || (basicConstraints != null && basicConstraints.getCA())) && !issuingDistributionPoint.getAttributeCerts();
        }

        private boolean a(GeneralNames generalNames, X509CRL x509crl, X509Certificate x509Certificate, IssuingDistributionPoint issuingDistributionPoint, CRLDistributionPoints cRLDistributionPoints, int i) throws NameException, CertStatusException {
            GeneralNames generalNames2;
            X500Name issuerName;
            GeneralNames a;
            X500Name issuerName2;
            Object distributionPointName = issuingDistributionPoint.getDistributionPointName();
            Object distributionPointName2 = cRLDistributionPoints.getDistributionPointName(i);
            if (distributionPointName == null) {
                return true;
            }
            if (distributionPointName2 == null) {
                if (generalNames == null) {
                    return false;
                }
                if (distributionPointName instanceof RDN) {
                    X500Name issuerName3 = x509crl.getIssuerName();
                    issuerName3.addRDN((RDN) distributionPointName);
                    generalNames2 = a(issuerName3);
                } else {
                    generalNames2 = (GeneralNames) distributionPointName;
                }
                return a(generalNames2, generalNames);
            }
            if (!(distributionPointName instanceof RDN)) {
                GeneralNames generalNames3 = (GeneralNames) distributionPointName;
                if (distributionPointName2 instanceof GeneralNames) {
                    a = (GeneralNames) distributionPointName2;
                } else {
                    if (generalNames != null) {
                        issuerName = a(generalNames);
                        b(issuerName);
                    } else {
                        issuerName = x509Certificate.getIssuerName();
                    }
                    issuerName.addRDN((RDN) distributionPointName2);
                    a = a(issuerName);
                }
                return a(generalNames3, a);
            }
            X500Name issuerName4 = x509crl.getIssuerName();
            issuerName4.addRDN((RDN) distributionPointName);
            if (!(distributionPointName2 instanceof RDN)) {
                GeneralNames generalNames4 = (GeneralNames) distributionPointName2;
                GeneralName generalName = new GeneralName();
                generalName.setGeneralName(issuerName4, 5);
                return a(generalName, generalNames4);
            }
            if (generalNames != null) {
                issuerName2 = a(generalNames);
                b(issuerName2);
            } else {
                issuerName2 = x509Certificate.getIssuerName();
            }
            issuerName2.addRDN((RDN) distributionPointName2);
            return issuerName4.equals(issuerName2);
        }

        private boolean a(GeneralName generalName, GeneralNames generalNames) throws NameException {
            if (generalName == null || generalNames == null) {
                return false;
            }
            for (int i = 0; i < generalNames.getNameCount(); i++) {
                if (generalName.equals(generalNames.getGeneralName(i))) {
                    return true;
                }
            }
            return false;
        }

        private boolean a(GeneralNames generalNames, GeneralNames generalNames2) throws NameException {
            if (generalNames == null) {
                return false;
            }
            for (int i = 0; i < generalNames.getNameCount(); i++) {
                if (a(generalNames.getGeneralName(i), generalNames2)) {
                    return true;
                }
            }
            return false;
        }

        private GeneralNames a(X500Name x500Name) throws NameException {
            GeneralNames generalNames = new GeneralNames();
            GeneralName generalName = new GeneralName();
            generalName.setGeneralName(x500Name, 5);
            generalNames.addGeneralName(generalName);
            return generalNames;
        }

        private void b(X500Name x500Name) throws CertStatusException {
            if (x500Name == null) {
                throw new CertStatusException("the cRLIssuer MUST contain at least one X.500 distinguished name");
            }
        }

        private void b() {
        }

        private Vector a(Vector vector) {
            HashMap hashMap = new HashMap();
            IssuingDistributionPoint issuingDistributionPoint = new IssuingDistributionPoint();
            Iterator it = vector.iterator();
            while (it.hasNext()) {
                X509CRL x509crl = (X509CRL) it.next();
                IssuingDistributionPoint issuingDistributionPoint2 = (IssuingDistributionPoint) a(x509crl, 28);
                if (issuingDistributionPoint2 == null) {
                    issuingDistributionPoint2 = issuingDistributionPoint;
                }
                X509CRL x509crl2 = (X509CRL) hashMap.get(issuingDistributionPoint2);
                if (x509crl2 == null || x509crl.getThisUpdate().after(x509crl2.getThisUpdate())) {
                    hashMap.put(issuingDistributionPoint2, x509crl);
                }
            }
            return new Vector(hashMap.values());
        }

        private boolean a(CertPathCtx certPathCtx, X509CRL x509crl, X509Certificate x509Certificate, Vector vector, Vector vector2, Vector vector3) throws CertStatusException {
            Vector vector4 = (Vector) certPathCtx.getAttribute(x509crl);
            if (vector4 != null) {
                CertJUtils.mergeLists(vector3, vector4);
                return true;
            }
            certPathCtx.setAttribute(x509crl, new Vector());
            Vector vector5 = new Vector();
            try {
                this.certJ.getNextCertInPath(certPathCtx, x509crl, vector5);
                if (vector5.size() == 0) {
                    certPathCtx.removeAttribute(x509crl);
                    return false;
                }
                for (int i = 0; i < vector5.size(); i++) {
                    X509Certificate x509Certificate2 = (X509Certificate) vector5.get(i);
                    try {
                        CertPathResult buildCertPath = this.certJ.buildCertPath(certPathCtx, x509Certificate2, vector, vector2, vector3);
                        if (buildCertPath.getValidationResult() && a(x509crl, x509Certificate2, buildCertPath) && a(certPathCtx, x509Certificate2)) {
                            certPathCtx.setAttribute(x509crl, vector.clone());
                            return true;
                        }
                    } catch (Exception e) {
                        certPathCtx.removeAttribute(x509crl);
                        throw new CertStatusException(new StringBuffer().append("CRLCertStatus$Implementation.verifyPath: ").append(e.getMessage()).toString());
                    }
                }
                certPathCtx.removeAttribute(x509crl);
                return false;
            } catch (Exception e2) {
                certPathCtx.removeAttribute(x509crl);
                throw new CertStatusException(new StringBuffer().append("CRLCertStatus$Implementation.verifyPath: ").append(e2.getMessage()).toString());
            }
        }

        private boolean a(X509CRL x509crl, X509Certificate x509Certificate, CertPathResult certPathResult) {
            try {
                String device = this.certJ.getDevice();
                JSAFE_PublicKey subjectPublicKey = certPathResult.getSubjectPublicKey(device);
                if (subjectPublicKey == null) {
                    subjectPublicKey = x509Certificate.getSubjectPublicKey(device);
                }
                return x509crl.verifyCRLSignature(device, subjectPublicKey, (SecureRandom) this.certJ.getRandomObject());
            } catch (NoServiceException e) {
                return false;
            } catch (CertificateException e2) {
                return false;
            } catch (RandomException e3) {
                return false;
            }
        }

        private boolean a(CertPathCtx certPathCtx, X509Certificate x509Certificate) {
            KeyUsage keyUsage;
            return certPathCtx.isFlagRaised(64) || (keyUsage = (KeyUsage) a(x509Certificate, 15)) == null || (keyUsage.getKeyUsage() & 33554432) != 0;
        }

        private X509V3Extension a(X509V3Extensions x509V3Extensions, int i) {
            X509V3Extension x509V3Extension = null;
            if (x509V3Extensions != null) {
                try {
                    x509V3Extension = x509V3Extensions.getExtensionByType(i);
                } catch (CertificateException e) {
                }
            }
            return x509V3Extension;
        }

        private X509V3Extension a(X509CRL x509crl, int i) {
            if (x509crl == null) {
                return null;
            }
            return a(x509crl.getExtensions(), i);
        }

        private X509V3Extension a(X509Certificate x509Certificate, int i) {
            if (x509Certificate == null) {
                return null;
            }
            return a(x509Certificate.getExtensions(), i);
        }

        private boolean b(X509CRL x509crl) throws CertStatusException {
            X509V3Extensions extensions = x509crl.getExtensions();
            if (extensions == null) {
                return false;
            }
            for (int i = 0; i < extensions.getExtensionCount(); i++) {
                try {
                    X509V3Extension extensionByIndex = extensions.getExtensionByIndex(i);
                    if (extensionByIndex.getExtensionType() != 28 && extensionByIndex.getCriticality()) {
                        return true;
                    }
                } catch (CertificateException e) {
                    a(e);
                    return false;
                }
            }
            return false;
        }

        private boolean a(X509Certificate x509Certificate, X509CRL x509crl, boolean z) throws CertStatusException {
            CertificateIssuer certificateIssuer;
            RevokedCertificates revokedCertificates = x509crl.getRevokedCertificates();
            byte[] serialNumber = x509Certificate.getSerialNumber();
            if (revokedCertificates == null) {
                return false;
            }
            X500Name issuerName = x509crl.getIssuerName();
            for (int i = 0; i < revokedCertificates.getCertificateCount(); i++) {
                try {
                    if (z && (certificateIssuer = (CertificateIssuer) a(revokedCertificates.getExtensions(i), 29)) != null) {
                        issuerName = a(certificateIssuer.getGeneralNames());
                    }
                    if (CertJUtils.byteArraysEqual(serialNumber, revokedCertificates.getSerialNumber(i))) {
                        if (z) {
                            return x509Certificate.getIssuerName().equals(issuerName);
                        }
                        return true;
                    }
                } catch (CertificateException e) {
                    a(e);
                    return false;
                }
            }
            return false;
        }

        private boolean a(CertPathCtx certPathCtx, X509CRL x509crl, Date date) {
            Date nextUpdate;
            return (certPathCtx.isFlagRaised(262144) || (nextUpdate = x509crl.getNextUpdate()) == null || !date.after(nextUpdate)) ? false : true;
        }

        @Override // com.rsa.certj.ProviderImplementation
        public String toString() {
            return new StringBuffer().append("CRL Certificate Status provider named: ").append(super.getName()).toString();
        }

        Implementation(CRLCertStatus cRLCertStatus, CertJ certJ, String str, Cae cae) throws InvalidParameterException {
            this(cRLCertStatus, certJ, str);
        }
    }

    public CRLCertStatus(String str) throws InvalidParameterException {
        super(2, str);
    }

    @Override // com.rsa.certj.Provider
    public ProviderImplementation instantiate(CertJ certJ) throws ProviderManagementException {
        try {
            return new Implementation(this, certJ, getName(), null);
        } catch (InvalidParameterException e) {
            throw new ProviderManagementException(new StringBuffer().append("CRLCertStatus.instantiate: ").append(e.getMessage()).toString());
        }
    }
}
