package com.rsa.certj.provider.path;

import com.rsa.certj.CertJ;
import com.rsa.certj.CertJUtils;
import com.rsa.certj.DatabaseService;
import com.rsa.certj.InvalidParameterException;
import com.rsa.certj.NoServiceException;
import com.rsa.certj.NotSupportedException;
import com.rsa.certj.ProviderImplementation;
import com.rsa.certj.cert.CRL;
import com.rsa.certj.cert.Certificate;
import com.rsa.certj.cert.X500Name;
import com.rsa.certj.cert.X509CRL;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.provider.revocation.CRLEvidence;
import com.rsa.certj.spi.db.DatabaseException;
import com.rsa.certj.spi.path.CertPathCtx;
import com.rsa.certj.spi.path.CertPathException;
import com.rsa.certj.spi.path.CertPathInterface;
import com.rsa.certj.spi.path.CertPathResult;
import com.rsa.certj.spi.revocation.CertRevocationInfo;
import com.rsa.certj.spi.revocation.CertStatusException;
import com.rsa.jsafe.JSAFE_PublicKey;
import java.util.Date;
import java.util.Vector;

/* loaded from: input_file:WEB-INF/lib/certjFIPS.jar:com/rsa/certj/provider/path/CertPathCommon.class */
abstract class CertPathCommon extends ProviderImplementation implements CertPathInterface {
    /* JADX INFO: Access modifiers changed from: protected */
    public CertPathCommon(CertJ certJ, String str) throws InvalidParameterException {
        super(certJ, str);
    }

    private boolean a(CertPathCtx certPathCtx, Object obj, Vector vector, Vector vector2, Vector vector3, Vector vector4, CertPathResult certPathResult) throws NotSupportedException, CertPathException {
        if (a(certPathCtx)) {
            throw new CertPathException("CertPathCtx.buildCertPath: trustedCerts component of pathCtx should not be empty.");
        }
        if (vector2 == null && vector3 != null) {
            vector3 = null;
        }
        Vector vector5 = new Vector();
        if (obj instanceof X509Certificate) {
            X509Certificate x509Certificate = (X509Certificate) obj;
            if (!a(certPathCtx, x509Certificate)) {
                if (!isTrusted(certPathCtx, x509Certificate)) {
                    return false;
                }
                if (vector != null && !vector.contains(x509Certificate)) {
                    vector.addElement(x509Certificate);
                }
                if (certPathResult == null) {
                    return true;
                }
                certPathResult.setValidationResult(true);
                return true;
            }
            if (!a(certPathCtx, x509Certificate, vector5, vector2, vector3, vector4, certPathResult)) {
                return false;
            }
        } else {
            if (!(obj instanceof X509CRL)) {
                throw new NotSupportedException("CertPathCommon.buildCertPath: does not support startObjects other than X509Certificate or X509CRL.");
            }
            if (!a(certPathCtx, (X509CRL) obj, vector5, vector2, vector3, vector4)) {
                return false;
            }
        }
        CertJUtils.mergeLists(vector, vector5);
        CertJUtils.subtractLists(vector3, vector);
        return true;
    }

    @Override // com.rsa.certj.spi.path.CertPathInterface
    public boolean buildCertPath(CertPathCtx certPathCtx, Object obj, Vector vector, Vector vector2, Vector vector3, Vector vector4) throws NotSupportedException, CertPathException {
        return a(certPathCtx, obj, vector, vector2, vector3, vector4, (CertPathResult) null);
    }

    @Override // com.rsa.certj.spi.path.CertPathInterface
    public CertPathResult buildCertPath(CertPathCtx certPathCtx, Object obj, Vector vector, Vector vector2, Vector vector3) throws NotSupportedException, CertPathException {
        CertPathResult createCertPathResult = createCertPathResult();
        a(certPathCtx, obj, vector, vector2, vector3, (Vector) null, createCertPathResult);
        return createCertPathResult;
    }

    protected CertPathResult createCertPathResult() throws NotSupportedException {
        throw new NotSupportedException("The path provider does not support this functionality!");
    }

    @Override // com.rsa.certj.spi.path.CertPathInterface
    public void getNextCertInPath(CertPathCtx certPathCtx, Object obj, Vector vector) throws NotSupportedException, CertPathException {
        if (!(obj instanceof X509Certificate) && !(obj instanceof X509CRL)) {
            throw new NotSupportedException("CertPathCommon.getNextCertInPath: does not support startObjects other than X509Certificate or X509CRL.");
        }
        getNextCertInPathInternal(certPathCtx, obj, vector);
    }

    protected void getNextCertInPathInternal(CertPathCtx certPathCtx, Object obj, Vector vector) throws CertPathException {
        Vector vector2 = new Vector();
        getNextCertCandidates(certPathCtx, obj, vector2);
        a(certPathCtx, obj, vector2);
        CertJUtils.mergeLists(vector, vector2);
    }

    @Override // com.rsa.certj.spi.path.CertPathInterface
    public boolean validateCertificate(CertPathCtx certPathCtx, Certificate certificate, JSAFE_PublicKey jSAFE_PublicKey) throws NotSupportedException, CertPathException {
        if (!(certificate instanceof X509Certificate)) {
            throw new NotSupportedException("CertPathCommon.validateCertificate: does not support certificate types other than X509Certificate.");
        }
        if (!a(certPathCtx, (X509Certificate) certificate)) {
            return false;
        }
        if ((certPathCtx.getPathOptions() & 1) != 0) {
            return true;
        }
        try {
            return certificate.verifyCertificateSignature(this.certJ.getDevice(), jSAFE_PublicKey, this.certJ.getRandomObject());
        } catch (NoServiceException e) {
            throw new CertPathException(new StringBuffer().append("CertPathCommon.validateCertificate: (no random service is registerd)").append(e.getMessage()).toString());
        } catch (Exception e2) {
            return false;
        }
    }

    private boolean a(CertPathCtx certPathCtx, X509Certificate x509Certificate, Vector vector, Vector vector2, Vector vector3, Vector vector4, CertPathResult certPathResult) throws CertPathException {
        if (vector.contains(x509Certificate)) {
            return false;
        }
        vector.addElement(x509Certificate);
        if (isTrusted(certPathCtx, x509Certificate)) {
            if (verifyPath(certPathCtx, vector, vector2, vector3, vector4, certPathResult)) {
                return true;
            }
            vector.removeElement(x509Certificate);
            return false;
        }
        Vector vector5 = new Vector();
        getNextCertInPathInternal(certPathCtx, x509Certificate, vector5);
        for (int i = 0; i < vector5.size(); i++) {
            if (a(certPathCtx, (X509Certificate) vector5.elementAt(i), vector, vector2, vector3, vector4, certPathResult)) {
                return true;
            }
        }
        vector.removeElement(x509Certificate);
        return false;
    }

    private boolean a(CertPathCtx certPathCtx, X509CRL x509crl, Vector vector, Vector vector2, Vector vector3, Vector vector4) throws CertPathException {
        Vector vector5 = new Vector();
        getNextCertInPathInternal(certPathCtx, x509crl, vector5);
        for (int i = 0; i < vector5.size(); i++) {
            if (a(certPathCtx, (X509Certificate) vector5.elementAt(i), vector, vector2, vector3, vector4, (CertPathResult) null)) {
                return true;
            }
        }
        return false;
    }

    protected void getNextCertCandidates(CertPathCtx certPathCtx, Object obj, Vector vector) throws CertPathException {
        throw new CertPathException("CertPathCommon.getNextCertCandidates: subclass should override this method.");
    }

    protected boolean verifyPath(CertPathCtx certPathCtx, Vector vector, Vector vector2, Vector vector3, Vector vector4, CertPathResult certPathResult) throws CertPathException {
        throw new CertPathException("CertPathCommon.verifyPath: subclass should override this method.");
    }

    public boolean verifyRevocation(CertPathCtx certPathCtx, X509Certificate x509Certificate, Vector vector, Vector vector2) throws CertPathException {
        CRL crl;
        if ((certPathCtx.getPathOptions() & 4) != 0) {
            return true;
        }
        try {
            CertRevocationInfo checkCertRevocation = this.certJ.checkCertRevocation(certPathCtx, x509Certificate);
            if (checkCertRevocation.getStatus() != 0) {
                return false;
            }
            switch (checkCertRevocation.getType()) {
                case 1:
                    CRLEvidence cRLEvidence = (CRLEvidence) checkCertRevocation.getEvidence();
                    if (vector != null && (crl = cRLEvidence.getCRL()) != null && !vector.contains(crl)) {
                        vector.addElement(crl);
                    }
                    CertJUtils.mergeLists(vector, cRLEvidence.getCRLList());
                    CertJUtils.mergeLists(vector2, cRLEvidence.getCertList());
                    return true;
                case 2:
                default:
                    return true;
            }
        } catch (InvalidParameterException e) {
            throw new CertPathException(new StringBuffer().append("CertPathCommon.verifyRevocation: (checkCertRevocation parameters)").append(e.getMessage()).toString());
        } catch (NoServiceException e2) {
            throw new CertPathException(new StringBuffer().append("CertPathCommon.verifyRevocation: (no Certificate Status Service is registered)").append(e2.getMessage()).toString());
        } catch (CertStatusException e3) {
            throw new CertPathException(new StringBuffer().append("CertPathCommon.verifyRevocation: ").append(e3.getMessage()).toString());
        }
    }

    private void a(CertPathCtx certPathCtx, Object obj, Vector vector) throws CertPathException {
        int size = vector.size();
        while (size > 0) {
            size--;
            X509Certificate x509Certificate = (X509Certificate) vector.elementAt(size);
            boolean a = obj instanceof X509Certificate ? a(certPathCtx, (X509Certificate) obj, x509Certificate) : a(certPathCtx, (X509CRL) obj, x509Certificate);
            if (a) {
                a = a(certPathCtx, x509Certificate);
            }
            if (!a) {
                vector.removeElementAt(size);
            }
        }
    }

    private boolean a(CertPathCtx certPathCtx, X509Certificate x509Certificate, X509Certificate x509Certificate2) throws CertPathException {
        if ((certPathCtx.getPathOptions() & 1) != 0) {
            return true;
        }
        try {
            return x509Certificate.verifyCertificateSignature(this.certJ.getDevice(), x509Certificate2.getSubjectPublicKey(this.certJ.getDevice()), this.certJ.getRandomObject());
        } catch (NoServiceException e) {
            throw new CertPathException(new StringBuffer().append("CertPathCommon.verifyCertSignature:").append(e.getMessage()).toString());
        } catch (Exception e2) {
            return false;
        }
    }

    private boolean a(CertPathCtx certPathCtx, X509CRL x509crl, X509Certificate x509Certificate) throws CertPathException {
        if ((certPathCtx.getPathOptions() & 1) != 0) {
            return true;
        }
        String device = this.certJ.getDevice();
        try {
            return x509crl.verifyCRLSignature(device, x509Certificate.getSubjectPublicKey(device), this.certJ.getRandomObject());
        } catch (NoServiceException e) {
            throw new CertPathException(new StringBuffer().append("CertPathCommon.verifyCrlSignature:").append(e.getMessage()).toString());
        } catch (Exception e2) {
            return false;
        }
    }

    private boolean a(CertPathCtx certPathCtx, X509Certificate x509Certificate) {
        if ((certPathCtx.getPathOptions() & 2) != 0) {
            return true;
        }
        Date validationTime = certPathCtx.getValidationTime();
        if (validationTime == null) {
            validationTime = new Date();
        }
        return (x509Certificate.getStartDate() == null || x509Certificate.getEndDate() == null || validationTime.before(x509Certificate.getStartDate()) || validationTime.after(x509Certificate.getEndDate())) ? false : true;
    }

    protected boolean isTrusted(CertPathCtx certPathCtx, Certificate certificate) {
        Certificate[] trustedCerts = certPathCtx.getTrustedCerts();
        if (trustedCerts == null) {
            return false;
        }
        for (Certificate certificate2 : trustedCerts) {
            if (certificate.equals(certificate2)) {
                return true;
            }
        }
        return false;
    }

    private boolean a(CertPathCtx certPathCtx) {
        Certificate[] trustedCerts = certPathCtx.getTrustedCerts();
        return trustedCerts == null || trustedCerts.length == 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void findCertBySubject(CertPathCtx certPathCtx, X500Name x500Name, Vector vector) throws CertPathException {
        Certificate[] trustedCerts = certPathCtx.getTrustedCerts();
        if (trustedCerts != null) {
            for (Certificate certificate : trustedCerts) {
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    if (x500Name.equals(x509Certificate.getSubjectName()) && !vector.contains(x509Certificate)) {
                        vector.addElement(x509Certificate);
                    }
                }
            }
        }
        try {
            DatabaseService database = certPathCtx.getDatabase();
            if (database != null) {
                database.selectCertificateBySubject(x500Name, vector);
            }
        } catch (NoServiceException e) {
            throw new CertPathException(new StringBuffer().append("CertPathCommon.findCertBySubject: ").append(e.getMessage()).toString());
        } catch (DatabaseException e2) {
            throw new CertPathException(new StringBuffer().append("CertPathCommon.findCertBySubject: ").append(e2.getMessage()).toString());
        }
    }
}
