package oracle.security.crypto.ldap;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Vector;
import javax.naming.directory.DirContext;
import javax.security.auth.x500.X500Principal;
import oracle.security.crypto.cert.CertificateStatus;
import oracle.security.crypto.cert.CertificateValidator;
import oracle.security.crypto.cert.ValidationException;
import oracle.security.crypto.cert.X509;

/* loaded from: input_file:oracle/security/crypto/ldap/LDAPCertificateValidator.class */
public class LDAPCertificateValidator implements CertificateValidator {
    protected transient DirContext ctx;

    public LDAPCertificateValidator() {
    }

    public LDAPCertificateValidator(DirContext dirContext) {
        this.ctx = dirContext;
    }

    public DirContext getDirContext() {
        return this.ctx;
    }

    public void setDirContext(DirContext dirContext) {
        this.ctx = dirContext;
    }

    public CertificateStatus validateCert(X509 x509) throws ValidationException {
        try {
            return validateCert(LDAPUtils.toJCECert(x509));
        } catch (CertificateException e) {
            throw new ValidationException(e.toString());
        }
    }

    public CertificateStatus validateCert(X509Certificate x509Certificate) throws ValidationException {
        return validateCert(x509Certificate.getSubjectX500Principal(), x509Certificate);
    }

    public CertificateStatus validateCert(X500Principal x500Principal, X509Certificate x509Certificate) throws ValidationException {
        try {
            CertificateStatus certificateStatus = new CertificateStatus(2);
            if (this.ctx == null) {
                certificateStatus.setStatusCode(0);
                certificateStatus.setReason("No directory context has been set");
                return certificateStatus;
            }
            Vector userCerts = LDAPUtils.getUserCerts(x500Principal, this.ctx);
            if (userCerts != null) {
                Enumeration elements = userCerts.elements();
                while (elements.hasMoreElements()) {
                    if (x509Certificate.equals((X509Certificate) elements.nextElement())) {
                        certificateStatus.setStatusCode(1);
                        return certificateStatus;
                    }
                }
            }
            Vector cACerts = LDAPUtils.getCACerts(x500Principal, this.ctx);
            if (cACerts != null) {
                Enumeration elements2 = cACerts.elements();
                while (elements2.hasMoreElements()) {
                    if (x509Certificate.equals((X509Certificate) elements2.nextElement())) {
                        certificateStatus.setStatusCode(1);
                        return certificateStatus;
                    }
                }
            }
            if ((userCerts == null || userCerts.size() == 0) && (cACerts == null || cACerts.size() == 0)) {
                certificateStatus.setStatusCode(0);
                certificateStatus.setReason("Subject directory entry not found, or does not contain any certificates");
            }
            return certificateStatus;
        } catch (Exception e) {
            throw new ValidationException(e.toString());
        }
    }
}
