package JSPservletPkg;

import java.io.ByteArrayInputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Hashtable;
import javax.naming.directory.InitialDirContext;

/* loaded from: input_file:JSPservletPkg/CRLchecker.class */
class CRLchecker {
    private JSPhandler handler;
    private static final long scantime = 10000;
    private X509CRL crl = null;
    private X509Certificate[] caCerts = null;
    private long nextCheck = -2;

    public CRLchecker(JSPhandler jSPhandler) {
        this.handler = jSPhandler;
    }

    private JSPloaderException refresh() {
        if (this.crl == null || (this.handler.CAURL != null && this.caCerts == null)) {
            long currentTimeMillis = System.currentTimeMillis();
            if (this.nextCheck != -2 && currentTimeMillis < this.nextCheck) {
                return new JSPloaderException(this.handler, String.valueOf(String.valueOf(String.valueOf(String.valueOf(String.valueOf(String.valueOf(toString()).concat(String.valueOf(".refresh Current crl:"))).concat(String.valueOf(this.crl))).concat(String.valueOf(" or caCerts:"))).concat(String.valueOf(this.caCerts))).concat(String.valueOf(" null, next attempt at "))).concat(String.valueOf(new Date(this.nextCheck))), 1);
            }
            this.nextCheck = currentTimeMillis + scantime;
        }
        byte[] bArr = null;
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", this.handler.CRLURL);
        hashtable.put("java.naming.referral", "follow");
        hashtable.put("java.naming.security.authentication", "simple");
        if (this.handler.CRLLDAPuser != null) {
            hashtable.put("java.naming.security.principal", this.handler.CRLLDAPuser);
            if (this.handler.CRLLDAPpasswd != null) {
                hashtable.put("java.naming.security.credentials", this.handler.CRLLDAPpasswd);
            }
        }
        JSPloaderException jSPloaderException = null;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            try {
                bArr = (byte[]) new InitialDirContext(hashtable).getAttributes("").get("certificateRevocationList").get();
            } catch (Exception e) {
                jSPloaderException = new JSPloaderException(this.handler, String.valueOf(String.valueOf(String.valueOf(String.valueOf(toString()).concat(String.valueOf(".refresh Unchecked LDAP CRLURL:"))).concat(String.valueOf(this.handler.CRLURL))).concat(String.valueOf(" "))).concat(String.valueOf(e)), 1);
            }
            if (jSPloaderException != null || bArr == null || bArr.length == 0) {
                jSPloaderException = new JSPloaderException(this.handler, String.valueOf(String.valueOf(toString()).concat(String.valueOf(".refresh Unchecked LDAP CRLURL:"))).concat(String.valueOf(this.handler.CRLURL)), 1);
            } else {
                try {
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
                    this.crl = (X509CRL) certificateFactory.generateCRL(byteArrayInputStream);
                    byteArrayInputStream.close();
                } catch (Exception e2) {
                    jSPloaderException = new JSPloaderException(this.handler, String.valueOf(String.valueOf(String.valueOf(String.valueOf(toString()).concat(String.valueOf(".refresh Invalid LDAP CRLURL:"))).concat(String.valueOf(this.handler.CRLURL))).concat(String.valueOf(" "))).concat(String.valueOf(e2)), 2);
                }
            }
            if (this.handler.CAURL == null) {
                return jSPloaderException;
            }
            hashtable.put("java.naming.provider.url", this.handler.CAURL);
            if (this.handler.CALDAPuser != null) {
                hashtable.put("java.naming.security.principal", this.handler.CALDAPuser);
                if (this.handler.CALDAPpasswd != null) {
                    hashtable.put("java.naming.security.credentials", this.handler.CALDAPpasswd);
                }
            }
            try {
                byte[] bArr2 = (byte[]) new InitialDirContext(hashtable).getAttributes("").get("cACertificate").get();
                if (bArr2 != null && bArr2.length != 0) {
                    ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(bArr2);
                    this.caCerts = (X509Certificate[]) certificateFactory.generateCertificates(byteArrayInputStream2).toArray();
                    byteArrayInputStream2.close();
                }
            } catch (Exception e3) {
                this.handler.log.errorPrint(String.valueOf(String.valueOf(String.valueOf(String.valueOf(toString()).concat(String.valueOf(".refresh Unable to retrieve caCerts: CAURL:"))).concat(String.valueOf(this.handler.CAURL))).concat(String.valueOf(" "))).concat(String.valueOf(e3)));
            }
            this.handler.log.logprint(String.valueOf(String.valueOf(String.valueOf(String.valueOf(String.valueOf(String.valueOf(toString()).concat(String.valueOf(".refresh url:"))).concat(String.valueOf(this.handler.CRLURL))).concat(String.valueOf(" user:"))).concat(String.valueOf(this.handler.CRLLDAPuser))).concat(String.valueOf(" password:"))).concat(String.valueOf(this.handler.CRLLDAPpasswd)));
            return jSPloaderException;
        } catch (CertificateException e4) {
            return new JSPloaderException(this.handler, String.valueOf(String.valueOf(toString()).concat(String.valueOf(".refresh "))).concat(String.valueOf(e4)), 1);
        }
    }

    public long check(Certificate[] certificateArr) throws JSPloaderException {
        X509CRLEntry revokedCertificate;
        Date nextUpdate;
        JSPloaderException refresh = refresh();
        if (this.crl == null && this.caCerts == null) {
            throw refresh;
        }
        boolean z = false;
        long j = 604800000;
        if (this.crl != null && (nextUpdate = this.crl.getNextUpdate()) != null) {
            j = nextUpdate.getTime();
        }
        for (int i = 0; i < certificateArr.length; i++) {
            if (certificateArr[i] instanceof X509Certificate) {
                X509Certificate x509Certificate = (X509Certificate) certificateArr[i];
                int i2 = 0;
                if (this.caCerts != null) {
                    while (true) {
                        if (i2 >= this.caCerts.length) {
                            break;
                        }
                        if (this.caCerts[i2].equals(x509Certificate)) {
                            z = true;
                            this.handler.log.logprint(String.valueOf(String.valueOf(String.valueOf(String.valueOf(String.valueOf(toString()).concat(String.valueOf(".check Issuer:"))).concat(String.valueOf(x509Certificate.getIssuerDN()))).concat(String.valueOf(" Serial:"))).concat(String.valueOf(x509Certificate.getSerialNumber()))).concat(String.valueOf(" found CA")));
                            break;
                        }
                        i2++;
                    }
                }
                if (this.caCerts == null || i2 == this.caCerts.length) {
                    this.handler.log.logprint(String.valueOf(String.valueOf(String.valueOf(String.valueOf(toString()).concat(String.valueOf(".check Issuer:"))).concat(String.valueOf(x509Certificate.getIssuerDN()))).concat(String.valueOf(" Serial:"))).concat(String.valueOf(x509Certificate.getSerialNumber())));
                }
                if (this.crl != null && (revokedCertificate = this.crl.getRevokedCertificate(x509Certificate.getSerialNumber())) != null) {
                    throw new JSPloaderException(this.handler, String.valueOf(String.valueOf(String.valueOf(String.valueOf(toString()).concat(String.valueOf(".check revoked since:"))).concat(String.valueOf(revokedCertificate.getRevocationDate()))).concat(String.valueOf(", serial:"))).concat(String.valueOf(revokedCertificate.getSerialNumber())), 4);
                }
            }
        }
        if (this.caCerts != null && !z) {
            throw new JSPloaderException(this.handler, String.valueOf(toString()).concat(String.valueOf(".check invalid signature")), 3);
        }
        if (refresh != null) {
            throw refresh;
        }
        return j;
    }
}
