package com.sun.identity.security.cert;

import com.iplanet.am.util.AMURLEncDec;
import com.iplanet.dpro.session.share.SessionEncodeURL;
import com.iplanet.security.x509.CRLDistributionPoint;
import com.iplanet.security.x509.CRLDistributionPointsExtension;
import com.iplanet.security.x509.IssuingDistributionPoint;
import com.iplanet.security.x509.IssuingDistributionPointExtension;
import com.iplanet.security.x509.X500Name;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import java.io.ByteArrayInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.StringTokenizer;
import netscape.ldap.LDAPAttribute;
import netscape.ldap.LDAPAttributeSet;
import netscape.ldap.LDAPConnection;
import netscape.ldap.LDAPEntry;
import netscape.ldap.LDAPException;
import netscape.ldap.LDAPModification;
import netscape.ldap.LDAPSearchResults;
import netscape.ldap.LDAPUrl;
import securecomputing.swec.EasspMessage;
import sun.security.x509.CertificateExtensions;
import sun.security.x509.Extension;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;

/* JADX WARN: Classes with same name are omitted:
  input_file:117585-13/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/security/cert/AMCRLStore.class
 */
/* loaded from: input_file:117585-13/fullbits/SUNWamclnt/reloc/SUNWam/lib/amclientsdk.jar:com/sun/identity/security/cert/AMCRLStore.class */
public class AMCRLStore extends AMCertStore {
    private static Hashtable cachedcrls = new Hashtable();
    private String mCrlAttrName;

    public AMCRLStore(AMLDAPCertStoreParameters aMLDAPCertStoreParameters) {
        super(aMLDAPCertStoreParameters);
        this.mCrlAttrName = null;
    }

    public X509CRL getCRL(X509Certificate x509Certificate) throws IOException {
        LDAPEntry lDAPEntry = null;
        X509CRL cRLFromCache = getCRLFromCache(x509Certificate);
        LDAPConnection connection = getConnection();
        if (cRLFromCache == null) {
            try {
                lDAPEntry = getLdapEntry(connection);
                cRLFromCache = getCRLFromEntry(lDAPEntry);
            } catch (Exception e) {
                debug.error(new StringBuffer().append("Error in getting CRL : ").append(e.toString()).toString());
            }
        }
        if (needCRLUpdate(cRLFromCache)) {
            X509CRL x509crl = null;
            IssuingDistributionPointExtension cRLIDPExt = getCRLIDPExt(cRLFromCache);
            CRLDistributionPointsExtension cRLDPExt = getCRLDPExt(x509Certificate);
            if (0 == 0 && cRLIDPExt != null) {
                x509crl = getUpdateCRLFromCrlIDP(cRLIDPExt);
            }
            if (x509crl == null && cRLDPExt != null) {
                x509crl = getUpdateCRLFromCrlDP(cRLDPExt);
            }
            if (x509crl != null) {
                if (lDAPEntry == null) {
                    lDAPEntry = getLdapEntry(connection);
                }
                updateCRL(connection, lDAPEntry.getDN().toString(), x509crl.getEncoded());
            }
            cRLFromCache = x509crl;
        }
        updateCRLCache(x509Certificate, cRLFromCache);
        return cRLFromCache;
    }

    public X509CRL getCRLFromCache(X509Certificate x509Certificate) throws IOException {
        return (X509CRL) cachedcrls.get(getIssuerDN(x509Certificate).toString());
    }

    public void updateCRLCache(X509Certificate x509Certificate, X509CRL x509crl) throws IOException {
        X500Name issuerDN = getIssuerDN(x509Certificate);
        if (x509crl == null) {
            cachedcrls.remove(issuerDN.toString());
        } else {
            cachedcrls.put(issuerDN.toString(), x509crl);
        }
    }

    private X509CRL getCRLFromEntry(LDAPEntry lDAPEntry) throws AuthLoginException {
        LDAPAttribute attribute;
        LDAPAttributeSet attributeSet = lDAPEntry.getAttributeSet();
        X509CRL x509crl = null;
        try {
            if (this.mCrlAttrName == null) {
                attribute = attributeSet.getAttribute("certificaterevocationlist");
                if (attribute == null) {
                    attribute = attributeSet.getAttribute("certificaterevocationlist;binary");
                    if (attribute == null) {
                        debug.error("No CRL Cache is configured");
                        return null;
                    }
                }
                this.mCrlAttrName = attribute.getName();
            } else {
                attribute = attributeSet.getAttribute(this.mCrlAttrName);
            }
            if (attribute.size() > 1) {
                debug.error("More than one CRL entries are configured");
                return null;
            }
            try {
                byte[] bArr = (byte[]) attribute.getByteValues().nextElement();
                cf = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID);
                x509crl = (X509CRL) cf.generateCRL(new ByteArrayInputStream(bArr));
            } catch (Exception e) {
                debug.error("Certificate: CertRevoked = ", e);
            }
            return x509crl;
        } catch (Exception e2) {
            debug.error("Error in getting Cached CRL");
            return null;
        }
    }

    private CRLDistributionPointsExtension getCRLDPExt(X509Certificate x509Certificate) {
        CRLDistributionPointsExtension cRLDistributionPointsExtension = null;
        try {
            Enumeration elements = ((CertificateExtensions) new X509CertInfo(new X509CertImpl(x509Certificate.getEncoded()).getTBSCertificate()).get("extensions")).getElements();
            while (cRLDistributionPointsExtension == null) {
                if (!elements.hasMoreElements()) {
                    break;
                }
                Extension extension = (Extension) elements.nextElement();
                if (extension.getExtensionId().toString().equals(CRLDistributionPointsExtension.OID)) {
                    cRLDistributionPointsExtension = new CRLDistributionPointsExtension(Boolean.FALSE, extension.getExtensionValue());
                }
            }
        } catch (Exception e) {
            debug.error("Error finding CRL distribution Point configured: ", e);
        }
        return cRLDistributionPointsExtension;
    }

    private IssuingDistributionPointExtension getCRLIDPExt(X509CRL x509crl) {
        IssuingDistributionPointExtension issuingDistributionPointExtension = null;
        try {
            byte[] extensionValue = x509crl.getExtensionValue(IssuingDistributionPointExtension.OID);
            if (extensionValue != null) {
                issuingDistributionPointExtension = new IssuingDistributionPointExtension(Boolean.FALSE, extensionValue);
            }
        } catch (Exception e) {
            debug.error("Error finding CRL distribution Point configured: ", e);
        }
        return issuingDistributionPointExtension;
    }

    private CRLDistributionPoint[] getCRLdp(CRLDistributionPointsExtension cRLDistributionPointsExtension) {
        CRLDistributionPoint[] cRLDistributionPointArr = null;
        if (cRLDistributionPointsExtension != null && cRLDistributionPointsExtension.getNumPoints() > 0) {
            cRLDistributionPointArr = new CRLDistributionPoint[cRLDistributionPointsExtension.getNumPoints()];
            for (int i = 0; i < cRLDistributionPointsExtension.getNumPoints(); i++) {
                cRLDistributionPointArr[i] = cRLDistributionPointsExtension.getPointAt(i);
            }
        }
        return cRLDistributionPointArr;
    }

    private synchronized X509CRL getUpdateCRLFromCrlDP(CRLDistributionPointsExtension cRLDistributionPointsExtension) {
        CRLDistributionPoint[] cRLdp = getCRLdp(cRLDistributionPointsExtension);
        byte[] bArr = null;
        X509CRL x509crl = null;
        int i = 0;
        if (cRLdp == null) {
            return null;
        }
        while (bArr == null && i < cRLdp.length) {
            int i2 = i;
            i++;
            bArr = getCRLsFromGeneralNames(cRLdp[i2].getFullName());
        }
        if (bArr != null) {
            try {
                x509crl = (X509CRL) cf.generateCRL(new ByteArrayInputStream(bArr));
            } catch (Exception e) {
                debug.error(new StringBuffer().append("Error in generating X509CRL").append(e.toString()).toString());
            }
        }
        return x509crl;
    }

    private synchronized X509CRL getUpdateCRLFromCrlIDP(IssuingDistributionPointExtension issuingDistributionPointExtension) {
        IssuingDistributionPoint issuingDistributionPoint = issuingDistributionPointExtension.getIssuingDistributionPoint();
        byte[] bArr = null;
        X509CRL x509crl = null;
        if (issuingDistributionPoint != null) {
            bArr = getCRLsFromGeneralNames(issuingDistributionPoint.getFullName());
        }
        if (bArr != null) {
            try {
                x509crl = (X509CRL) cf.generateCRL(new ByteArrayInputStream(bArr));
            } catch (Exception e) {
                debug.error(new StringBuffer().append("Error in generating X509CRL").append(e.toString()).toString());
            }
        }
        return x509crl;
    }

    /* JADX WARN: Code restructure failed: missing block: B:9:0x0050, code lost:
    
        if (r0 == (-1)) goto L16;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private byte[] getCRLsFromGeneralNames(sun.security.x509.GeneralNames r5) {
        /*
            r4 = this;
            r0 = 0
            r6 = r0
            r0 = 0
            r7 = r0
        L4:
            r0 = r5
            r1 = r7
            int r7 = r7 + 1
            sun.security.x509.GeneralName r0 = r0.get(r1)
            java.lang.String r0 = r0.toString()
            java.lang.String r0 = r0.trim()
            r8 = r0
            r0 = r8
            java.lang.String r0 = r0.toLowerCase()
            r9 = r0
            r0 = r9
            java.lang.String r1 = "http"
            int r0 = r0.indexOf(r1)
            r1 = r0
            r10 = r1
            r1 = -1
            if (r0 != r1) goto L56
            r0 = r9
            java.lang.String r1 = "https"
            int r0 = r0.indexOf(r1)
            r1 = r0
            r10 = r1
            r1 = -1
            if (r0 != r1) goto L56
            r0 = r9
            java.lang.String r1 = "ldap"
            int r0 = r0.indexOf(r1)
            r1 = r0
            r10 = r1
            r1 = -1
            if (r0 != r1) goto L56
            r0 = r9
            java.lang.String r1 = "ldaps"
            int r0 = r0.indexOf(r1)
            r1 = r0
            r10 = r1
            r1 = -1
            if (r0 != r1) goto L56
            goto L8e
        L56:
            r0 = r8
            r1 = r10
            r2 = r8
            int r2 = r2.length()
            java.lang.String r0 = r0.substring(r1, r2)
            r8 = r0
            com.iplanet.am.util.Debug r0 = com.sun.identity.security.cert.AMCRLStore.debug
            boolean r0 = r0.messageEnabled()
            if (r0 == 0) goto L87
            com.iplanet.am.util.Debug r0 = com.sun.identity.security.cert.AMCRLStore.debug
            java.lang.StringBuffer r1 = new java.lang.StringBuffer
            r2 = r1
            r2.<init>()
            java.lang.String r2 = "DP Name : "
            java.lang.StringBuffer r1 = r1.append(r2)
            r2 = r8
            java.lang.StringBuffer r1 = r1.append(r2)
            java.lang.String r1 = r1.toString()
            r0.message(r1)
        L87:
            r0 = r4
            r1 = r8
            byte[] r0 = r0.getCRLByURI(r1)
            r6 = r0
        L8e:
            r0 = r6
            if (r0 == 0) goto L9a
            r0 = r7
            r1 = r5
            int r1 = r1.size()
            if (r0 < r1) goto L4
        L9a:
            r0 = r6
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.identity.security.cert.AMCRLStore.getCRLsFromGeneralNames(sun.security.x509.GeneralNames):byte[]");
    }

    private boolean updateCRL(LDAPConnection lDAPConnection, String str, byte[] bArr) {
        try {
            lDAPConnection.modify(str, new LDAPModification(2, new LDAPAttribute(this.mCrlAttrName, bArr)));
            return true;
        } catch (LDAPException e) {
            debug.error("Error updating CRL Cache : ", e);
            return false;
        }
    }

    private byte[] getCRLByURI(String str) {
        if (str == null) {
            return null;
        }
        String lowerCase = str.trim().toLowerCase();
        if (lowerCase.startsWith("http") || lowerCase.startsWith("https")) {
            return getCRLByHttpURI(str);
        }
        if (lowerCase.startsWith("ldap") || lowerCase.startsWith("ldaps")) {
            return getCRLByLdapURI(str);
        }
        return null;
    }

    private byte[] getCRLByLdapURI(String str) {
        LDAPSearchResults search;
        byte[] bArr = null;
        try {
            LDAPUrl lDAPUrl = new LDAPUrl(str);
            LDAPConnection lDAPConnection = lDAPUrl.isSecure() ? new LDAPConnection(this.storeParam.getSecureSocketFactory()) : new LDAPConnection();
            lDAPConnection.connect(lDAPUrl.getHost(), lDAPUrl.getPort(), "", "");
            search = lDAPConnection.search(lDAPUrl.getDN().toString(), 0, (String) null, (String[]) null, false);
        } catch (Exception e) {
            debug.error("Error in getting CRL", e);
        }
        if (search == null || !search.hasMoreElements()) {
            debug.error("verifyCertificate - No CRL distribution Point configured");
            return null;
        }
        LDAPAttributeSet attributeSet = search.next().getAttributeSet();
        LDAPAttribute attribute = attributeSet.getAttribute("certificaterevocationlist");
        if (attribute == null) {
            attribute = attributeSet.getAttribute("certificaterevocationlist;binary");
            if (attribute == null) {
                debug.error("verifyCertificate - No CRL distribution Point configured");
                return null;
            }
        }
        bArr = (byte[]) attribute.getByteValues().nextElement();
        return bArr;
    }

    private byte[] getCRLByHttpURI(String str) {
        StringBuffer stringBuffer = null;
        byte[] bArr = null;
        String uRIParams = this.storeParam.getURIParams();
        if (uRIParams != null) {
            try {
                stringBuffer = new StringBuffer();
                StringTokenizer stringTokenizer = new StringTokenizer(uRIParams, ",");
                while (stringTokenizer.hasMoreTokens()) {
                    StringTokenizer stringTokenizer2 = new StringTokenizer(stringTokenizer.nextToken(), "=");
                    if (stringTokenizer2.countTokens() == 2) {
                        stringBuffer.append(new StringBuffer().append(AMURLEncDec.encode(stringTokenizer2.nextToken())).append("=").append(AMURLEncDec.encode(stringTokenizer2.nextToken())).toString());
                        if (stringTokenizer.hasMoreTokens()) {
                            stringBuffer.append(SessionEncodeURL.AMPERSAND);
                        }
                    }
                }
            } catch (Exception e) {
                debug.error("Error in getting CRL", e);
            }
        }
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setDoInput(true);
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setRequestProperty("Content-Length", Integer.toString(stringBuffer.toString().trim().getBytes("UTF-8").length));
        DataOutputStream dataOutputStream = new DataOutputStream(httpURLConnection.getOutputStream());
        dataOutputStream.writeBytes(stringBuffer.toString().trim());
        dataOutputStream.flush();
        dataOutputStream.close();
        InputStream inputStream = httpURLConnection.getInputStream();
        StringBuffer stringBuffer2 = new StringBuffer();
        byte[] bArr2 = new byte[EasspMessage.ATTR_ECHO_ON];
        while (inputStream.read(bArr2, 0, bArr2.length) != -1) {
            stringBuffer2.append(new String(bArr2));
        }
        bArr = stringBuffer2.toString().getBytes();
        return bArr;
    }

    private boolean needCRLUpdate(X509CRL x509crl) {
        Date nextUpdate = x509crl.getNextUpdate();
        return nextUpdate != null && nextUpdate.before(new Date());
    }
}
