package com.rsa.certj.provider.path;

import com.rsa.certj.CertJ;
import com.rsa.certj.CertJUtils;
import com.rsa.certj.DatabaseService;
import com.rsa.certj.InvalidParameterException;
import com.rsa.certj.NoServiceException;
import com.rsa.certj.NotSupportedException;
import com.rsa.certj.ProviderImplementation;
import com.rsa.certj.cert.CRL;
import com.rsa.certj.cert.Certificate;
import com.rsa.certj.cert.X509CRL;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.provider.revocation.CRLEvidence;
import com.rsa.certj.spi.path.CertPathCtx;
import com.rsa.certj.spi.path.CertPathException;
import com.rsa.certj.spi.path.CertPathInterface;
import com.rsa.certj.spi.revocation.CertRevocationInfo;
import com.rsa.certj.spi.revocation.CertStatusException;
import com.rsa.jsafe.JSAFE_PublicKey;
import java.security.SecureRandom;
import java.util.Date;
import java.util.Vector;

/* loaded from: input_file:com/rsa/certj/provider/path/CertPathCommonImplementation.class */
public abstract class CertPathCommonImplementation extends ProviderImplementation implements CertPathInterface {
    private CertPathCtx pathCtx;
    private int pathOptions;
    protected Vector trustedCerts;
    private Vector policies;
    private Date validationTime;
    private DatabaseService database;

    public CertPathCommonImplementation(CertJ certJ, String str) throws InvalidParameterException {
        super(certJ, str);
    }

    @Override // com.rsa.certj.spi.path.CertPathInterface
    public boolean buildCertPath(CertPathCtx certPathCtx, Object obj, Vector vector, Vector vector2, Vector vector3, Vector vector4) throws NotSupportedException, CertPathException {
        savePathCtx(certPathCtx);
        if (vector2 == null && vector3 != null) {
            vector3 = null;
        }
        Vector vector5 = new Vector();
        if (obj instanceof X509Certificate) {
            X509Certificate x509Certificate = (X509Certificate) obj;
            if (!verifyCertValidityPeriod(x509Certificate)) {
                if (!this.trustedCerts.contains(x509Certificate)) {
                    return false;
                }
                if (vector == null) {
                    return true;
                }
                if (!vector.contains(x509Certificate)) {
                    vector.addElement(x509Certificate);
                    return true;
                }
            }
            if (!certBuildPath(x509Certificate, vector5, vector2, vector3, vector4)) {
                return false;
            }
        } else {
            if (!(obj instanceof X509CRL)) {
                throw new NotSupportedException("CertPathCommonImplementation.buildCertPath: does not support startObjects other than X509Certificate or X509CRL.");
            }
            if (!crlBuildPath((X509CRL) obj, vector5, vector2, vector3, vector4)) {
                return false;
            }
        }
        CertJUtils.mergeLists(vector, vector5);
        CertJUtils.subtractLists(vector3, vector);
        return true;
    }

    @Override // com.rsa.certj.spi.path.CertPathInterface
    public void getNextCertInPath(CertPathCtx certPathCtx, Object obj, Vector vector) throws NotSupportedException, CertPathException {
        if (!(obj instanceof X509Certificate) && !(obj instanceof X509CRL)) {
            throw new NotSupportedException("CertPathCommonImplementation.getNextCertInPath: does not support startObjects other than X509Certificate or X509CRL.");
        }
        savePathCtx(certPathCtx);
        getNextCertInPathInternal(obj, vector);
    }

    private void getNextCertInPathInternal(Object obj, Vector vector) throws CertPathException {
        Vector vector2 = new Vector();
        getNextCertCandidates(obj, vector2);
        removeInvalidNextCerts(obj, vector2);
        CertJUtils.mergeLists(vector, vector2);
    }

    @Override // com.rsa.certj.spi.path.CertPathInterface
    public boolean validateCertificate(CertPathCtx certPathCtx, Certificate certificate, JSAFE_PublicKey jSAFE_PublicKey) throws NotSupportedException, CertPathException {
        savePathCtx(certPathCtx);
        if (!(certificate instanceof X509Certificate)) {
            throw new NotSupportedException("CertPathCommonImplementation.validateCertificate: does not support certificate types other than X509Certificate.");
        }
        if (!verifyCertValidityPeriod((X509Certificate) certificate)) {
            return false;
        }
        if ((this.pathOptions & 1) != 0) {
            return true;
        }
        try {
            return certificate.verifyCertificateSignature(this.certJ.getDevice(), jSAFE_PublicKey, (SecureRandom) this.certJ.getRandomObject());
        } catch (NoServiceException e) {
            throw new CertPathException("CertPathCommonImplementation.validateCertificate: (no random service is registered)", e);
        } catch (Exception e2) {
            return false;
        }
    }

    public int getPathOptions() {
        return this.pathOptions;
    }

    public Vector getPolicies() {
        return this.policies;
    }

    public DatabaseService getDatabase() {
        return this.database;
    }

    private boolean certBuildPath(X509Certificate x509Certificate, Vector vector, Vector vector2, Vector vector3, Vector vector4) throws CertPathException {
        if (vector.contains(x509Certificate)) {
            return false;
        }
        vector.addElement(x509Certificate);
        if (this.trustedCerts.contains(x509Certificate)) {
            if (verifyPath(vector, vector2, vector3, vector4)) {
                return true;
            }
            vector.removeElement(x509Certificate);
            return false;
        }
        Vector vector5 = new Vector();
        getNextCertInPathInternal(x509Certificate, vector5);
        for (int i = 0; i < vector5.size(); i++) {
            if (certBuildPath((X509Certificate) vector5.elementAt(i), vector, vector2, vector3, vector4)) {
                return true;
            }
        }
        vector.removeElement(x509Certificate);
        return false;
    }

    private boolean crlBuildPath(X509CRL x509crl, Vector vector, Vector vector2, Vector vector3, Vector vector4) throws CertPathException {
        Vector vector5 = new Vector();
        getNextCertInPathInternal(x509crl, vector5);
        for (int i = 0; i < vector5.size(); i++) {
            if (certBuildPath((X509Certificate) vector5.elementAt(i), vector, vector2, vector3, vector4)) {
                return true;
            }
        }
        return false;
    }

    public void getNextCertCandidates(Object obj, Vector vector) throws CertPathException {
        throw new CertPathException("CertPathCommonImplementatin.getNextCertCandidates: subclass should override this method.");
    }

    public boolean verifyPath(Vector vector, Vector vector2, Vector vector3, Vector vector4) throws CertPathException {
        throw new CertPathException("CertPathCommonImplementation.verifyPath: subclass should overrides this method.");
    }

    public boolean verifyRevocation(X509Certificate x509Certificate, Vector vector, Vector vector2) throws CertPathException {
        if ((this.pathOptions & 4) != 0) {
            return true;
        }
        try {
            CertRevocationInfo checkCertRevocation = this.certJ.checkCertRevocation(this.pathCtx, x509Certificate);
            if (checkCertRevocation.getStatus() != 0) {
                return false;
            }
            if (checkCertRevocation.getType() != 1) {
                return true;
            }
            CRLEvidence cRLEvidence = (CRLEvidence) checkCertRevocation.getEvidence();
            if (vector != null) {
                CRL crl = cRLEvidence.getCRL();
                if (!vector.contains(crl)) {
                    vector.addElement(crl);
                }
            }
            CertJUtils.mergeLists(vector, cRLEvidence.getCRLList());
            CertJUtils.mergeLists(vector2, cRLEvidence.getCertList());
            return true;
        } catch (InvalidParameterException e) {
            throw new CertPathException("CertPathCommonImplementation.verifyRevocation: (checkCertRevocation parameters)", e);
        } catch (NoServiceException e2) {
            throw new CertPathException("CertPathCommonImplementation.verifyRevocation: (no Certificate Status Service is registered)", e2);
        } catch (CertStatusException e3) {
            throw new CertPathException("CertPathCommonImplementation.verifyRevocation: ", e3);
        }
    }

    private void removeInvalidNextCerts(Object obj, Vector vector) throws CertPathException {
        int size = vector.size();
        while (size > 0) {
            size--;
            X509Certificate x509Certificate = (X509Certificate) vector.elementAt(size);
            if (obj instanceof X509Certificate) {
                if (!verifyCertSignature((X509Certificate) obj, x509Certificate)) {
                    vector.removeElementAt(size);
                }
            } else if (!verifyCrlSignature((X509CRL) obj, x509Certificate)) {
                vector.removeElementAt(size);
            }
            if (!verifyCertValidityPeriod(x509Certificate)) {
                vector.removeElementAt(size);
            }
        }
    }

    private boolean verifyCertSignature(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws CertPathException {
        if ((this.pathOptions & 1) != 0) {
            return true;
        }
        try {
            return x509Certificate.verifyCertificateSignature(this.certJ.getDevice(), x509Certificate2.getSubjectPublicKey(this.certJ.getDevice()), (SecureRandom) this.certJ.getRandomObject());
        } catch (NoServiceException e) {
            throw new CertPathException("CertPathCommonImplementation.verifyCertSignature:", e);
        } catch (Exception e2) {
            return false;
        }
    }

    private boolean verifyCrlSignature(X509CRL x509crl, X509Certificate x509Certificate) throws CertPathException {
        if ((this.pathOptions & 1) != 0) {
            return true;
        }
        String device = this.certJ.getDevice();
        try {
            return x509crl.verifyCRLSignature(device, x509Certificate.getSubjectPublicKey(device), (SecureRandom) this.certJ.getRandomObject());
        } catch (NoServiceException e) {
            throw new CertPathException("CertPathCommonImplementation.verifyCrlSignature:", e);
        } catch (Exception e2) {
            return false;
        }
    }

    private boolean verifyCertValidityPeriod(X509Certificate x509Certificate) {
        if ((this.pathOptions & 2) != 0) {
            return true;
        }
        return (this.validationTime.before(x509Certificate.getStartDate()) || this.validationTime.after(x509Certificate.getEndDate())) ? false : true;
    }

    private void savePathCtx(CertPathCtx certPathCtx) {
        this.pathCtx = certPathCtx;
        this.pathOptions = certPathCtx.getPathOptions();
        this.trustedCerts = new Vector();
        Certificate[] trustedCerts = certPathCtx.getTrustedCerts();
        if (trustedCerts != null) {
            for (Certificate certificate : trustedCerts) {
                this.trustedCerts.addElement(certificate);
            }
        }
        byte[][] policies = certPathCtx.getPolicies();
        if (policies == null) {
            this.policies = null;
        } else {
            this.policies = new Vector();
            for (byte[] bArr : policies) {
                this.policies.addElement(bArr);
            }
        }
        this.validationTime = certPathCtx.getValidationTime();
        if (this.validationTime == null) {
            this.validationTime = new Date();
        }
        this.database = certPathCtx.getDatabase();
    }
}
