package oracle.security.digsig;

import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Properties;
import oracle.security.crypto.cert.CRL;
import oracle.security.crypto.cert.X500Name;
import oracle.security.crypto.cert.X509;
import oracle.security.crypto.cert.ext.CRLReasonExtension;
import oracle.security.crypto.core.AuthenticationException;

/* loaded from: input_file:oracle/security/digsig/CRLValidator.class */
public class CRLValidator extends Validator {
    private static final int CRLVALIDATOR_OK = 1;
    private static final int CRLVALIDATOR_WAIT = 2;
    private static final int CRLVALIDATOR_NEXT = 3;
    private static final int CRLVALIDATOR_PREV = 4;
    private static final int CRLVALIDATOR_NOTOK = 5;
    public static final String CRLVALIDATOR_URL = "ORACLE.SECURITY.DIGSIG.VALIDATOR.CRL.URL";
    public static final String CRLVALIDATOR_FILE_URI_SCHEME = "FILE:";
    public static final String CRLVALIDATOR_HTTP_URI_SCHEME = "HTTP:";
    private HashMap validatorIDs;
    private HashMap validatorCRLs;
    private HashMap validatorURLs;
    private Hashtable validatorProperties;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CRLValidator(KeyStoreWrapper keyStoreWrapper, CertificateMapper certificateMapper, ValidatorStore validatorStore, Properties properties) throws DigitalSignatureException {
        super(keyStoreWrapper, certificateMapper, validatorStore, properties);
        this.validatorIDs = new HashMap();
        this.validatorCRLs = new HashMap();
        this.validatorURLs = new HashMap();
        this.validatorProperties = new Hashtable();
        if (properties != null) {
            ArrayList arrayList = new ArrayList();
            Enumeration<?> propertyNames = properties.propertyNames();
            while (propertyNames.hasMoreElements()) {
                String str = (String) propertyNames.nextElement();
                if (str.toUpperCase().startsWith(CRLVALIDATOR_URL)) {
                    arrayList.add(properties.getProperty(str));
                }
            }
            if (arrayList.size() != 0) {
                fetchAndVerifyCRLs(arrayList);
            }
        }
        if (validatorStore != null) {
            for (X500Name x500Name : this.validatorCRLs.keySet()) {
                CRL crl = (CRL) this.validatorCRLs.get(x500Name);
                String store = validatorStore.store(1, x500Name.toString(), crl.getDate(), crl.getNextDate(), Utilities.X509CRLtoBase64(crl));
                if (store != null) {
                    this.validatorIDs.put(x500Name, store);
                }
            }
        }
    }

    private void fetchAndVerifyCRLs(ArrayList arrayList) throws DigitalSignatureException {
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            CRL crl = Utilities.getCRL(str);
            if (verifyCRL(crl)) {
                this.validatorCRLs.put(crl.getIssuer(), crl);
                this.validatorURLs.put(crl.getIssuer(), str);
            }
        }
    }

    private boolean verifyCRL(CRL crl) throws DigitalSignatureException {
        X509 x509 = (X509) this.validatorTrustPoints.get(crl.getIssuer());
        if (x509 == null) {
            throw new DigitalSignatureException("CRL cannot be verified");
        }
        try {
            crl.setPublicKey(x509.getPublicKey());
            return crl.verify();
        } catch (AuthenticationException e) {
            throw new DigitalSignatureException("CRL Verification exception" + e);
        }
    }

    private int isCRLRecent(CRL crl, Date date) {
        Date date2 = crl.getDate();
        Date nextDate = crl.getNextDate();
        if (date.after(nextDate) && nextDate.after(Calendar.getInstance().getTime())) {
            return 2;
        }
        if (date.after(nextDate) && nextDate.before(Calendar.getInstance().getTime())) {
            return 3;
        }
        if (date.before(date2)) {
            return 4;
        }
        if (date.after(date2) && date.before(nextDate)) {
            return 1;
        }
        return CRLVALIDATOR_NOTOK;
    }

    @Override // oracle.security.digsig.Validator
    public ValidatorProperties getValidatorProperties() throws DigitalSignatureException {
        if (this.validatorProperties.isEmpty()) {
            throw new DigitalSignatureException("validateCert() needs to be called first - invalid state");
        }
        return new ValidatorProperties(this.validatorProperties);
    }

    @Override // oracle.security.digsig.Validator
    public int getValidationMode() {
        return 1;
    }

    @Override // oracle.security.digsig.Validator
    public int validateCert(String str, Date date) throws DigitalSignatureException {
        int i;
        if (str == null) {
            throw new DigitalSignatureException("validateCert - Invalid parameters");
        }
        X509 Base64toX509 = Utilities.Base64toX509(str);
        if (date == null) {
            date = Calendar.getInstance().getTime();
        }
        CRL crl = (CRL) this.validatorCRLs.get(Base64toX509.getIssuer());
        String str2 = (String) this.validatorIDs.get(Base64toX509.getIssuer());
        int isCRLRecent = isCRLRecent(crl, date);
        int i2 = isCRLRecent;
        switch (isCRLRecent) {
            case 3:
                String str3 = (String) this.validatorURLs.get(Base64toX509.getIssuer());
                if (str3 == null) {
                    str3 = Utilities.getCRLDistributionPoints(Base64toX509);
                }
                crl = Utilities.getCRL(str3);
                int isCRLRecent2 = isCRLRecent(crl, date);
                i2 = isCRLRecent2;
                switch (isCRLRecent2) {
                    case 1:
                        if (verifyCRL(crl)) {
                            if (this.validatorStore != null) {
                                str2 = this.validatorStore.store(1, crl.getIssuer().toString(), crl.getDate(), crl.getNextDate(), Utilities.X509CRLtoBase64(crl));
                                this.validatorIDs.put(crl.getIssuer(), str2);
                            }
                            this.validatorCRLs.put(crl.getIssuer(), crl);
                            break;
                        }
                        break;
                    case 3:
                        i2 = CRLVALIDATOR_NOTOK;
                        break;
                    case 4:
                        throw new DigitalSignatureException("CRL Validator - Invalid State");
                }
            case 4:
                i2 = CRLVALIDATOR_NOTOK;
                if (this.validatorStore != null) {
                    StringBuffer stringBuffer = new StringBuffer();
                    str2 = this.validatorStore.retreive(1, Base64toX509.getIssuer().toString(), date, stringBuffer);
                    crl = Utilities.Base64toX509CRL(stringBuffer.toString());
                    if (verifyCRL(crl)) {
                        i2 = 1;
                        break;
                    }
                }
                break;
        }
        if (i2 == CRLVALIDATOR_NOTOK) {
            i = -3;
        } else {
            if (i2 == 2) {
                i = -2;
            } else {
                i = crl.isRevoked(Base64toX509.getSerialNo()) ? -1 : 0;
            }
            this.validatorProperties.clear();
            this.validatorProperties.put("IssuerName", crl.getIssuer().toString());
            this.validatorProperties.put("ValidatorRecord", Utilities.X509CRLtoBase64(crl));
            this.validatorProperties.put("IssueTime", crl.getDate());
            this.validatorProperties.put("NextUpdateTime", crl.getNextDate());
            if (this.validatorStore != null) {
                this.validatorProperties.put("ValidatorReference", str2);
            }
            if (i == -1) {
                this.validatorProperties.put("RevocationReason", crl.getRevokedCertificate(Base64toX509.getSerialNo()).getExtension(new CRLReasonExtension().getType()).getReason().toString());
            }
        }
        return i;
    }
}
