package weblogic.security.pki.revocation.common;

import com.rsa.certj.cert.NameException;
import com.rsa.certj.cert.X500Name;
import com.rsa.certj.cert.extensions.CRLDistributionPoints;
import com.rsa.certj.cert.extensions.GeneralName;
import com.rsa.certj.cert.extensions.GeneralNames;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLConnection;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import javax.security.auth.x500.X500Principal;
import weblogic.auddi.uddi.datastructure.AccessPoint;
import weblogic.security.pki.revocation.common.AbstractCertRevocContext;

/* loaded from: input_file:weblogic/security/pki/revocation/common/DefaultCrlDpFetcher.class */
class DefaultCrlDpFetcher extends CrlDpFetcher {
    @Override // weblogic.security.pki.revocation.common.CrlDpFetcher
    boolean updateCrls(X509Certificate x509Certificate, CrlCacheAccessor crlCacheAccessor, URI uri, AbstractCertRevocContext.AttributeUsage attributeUsage, long j, long j2, LogListener logListener) throws Exception {
        com.rsa.certj.cert.X509Certificate rsaCert;
        X500Name rsaIssuerX500Name;
        Util.checkNotNull("X509Certificate with DPs", x509Certificate);
        Util.checkNotNull("CrlCacheAccessor", crlCacheAccessor);
        X500Principal issuerX500Principal = getIssuerX500Principal(x509Certificate, logListener);
        if (null == issuerX500Principal || null == (rsaCert = toRsaCert(x509Certificate, logListener)) || null == (rsaIssuerX500Name = getRsaIssuerX500Name(x509Certificate, logListener, rsaCert))) {
            return false;
        }
        URI uri2 = getUri(uri, attributeUsage, logListener, issuerX500Principal, rsaCert, rsaIssuerX500Name);
        if (null != uri2) {
            if (null != logListener && logListener.isLoggable(Level.FINEST)) {
                logListener.log(Level.FINEST, "Attempting to download CRL from URI \"{0}\".", uri2);
            }
            return loadCrl(crlCacheAccessor, logListener, issuerX500Principal, j2 > 2147483647L ? Integer.MAX_VALUE : (int) j2, j > 2147483647L ? Integer.MAX_VALUE : (int) j, uri2);
        }
        if (null == logListener || !logListener.isLoggable(Level.FINER)) {
            return false;
        }
        logListener.log(Level.FINER, "Unable to determine CRL DP URI for certificate with subject \"{0}\".", x509Certificate.getSubjectX500Principal());
        return false;
    }

    private URI getUri(URI uri, AbstractCertRevocContext.AttributeUsage attributeUsage, LogListener logListener, X500Principal x500Principal, com.rsa.certj.cert.X509Certificate x509Certificate, X500Name x500Name) throws NameException {
        URI uri2 = null;
        if (AbstractCertRevocContext.AttributeUsage.OVERRIDE != attributeUsage) {
            CRLDistributionPoints distributionPoints = getDistributionPoints(logListener, x509Certificate);
            if (null != distributionPoints) {
                uri2 = findUriInDp(logListener, x500Principal, x500Name, distributionPoints);
                if (null == uri2) {
                    uri2 = findFailoverUri(uri, attributeUsage, logListener, x500Principal);
                }
            }
        } else if (!isAlternateUriNull(uri, logListener, x500Principal)) {
            uri2 = uri;
        }
        return uri2;
    }

    private CRLDistributionPoints getDistributionPoints(LogListener logListener, com.rsa.certj.cert.X509Certificate x509Certificate) {
        CRLDistributionPoints cRLDistributionPoints = (CRLDistributionPoints) RsaUtil.getExtension(x509Certificate, 31);
        if (null == cRLDistributionPoints && null != logListener && logListener.isLoggable(Level.FINER)) {
            logListener.log(Level.FINER, "No Distribution points found in cert with subject \"{0}\".", x509Certificate.getSubjectName());
        }
        return cRLDistributionPoints;
    }

    private URI findFailoverUri(URI uri, AbstractCertRevocContext.AttributeUsage attributeUsage, LogListener logListener, X500Principal x500Principal) {
        URI uri2 = null;
        if (null != logListener && logListener.isLoggable(Level.FINER)) {
            logListener.log(Level.FINER, "Unable to find any usable CRL DP URI, checking FAILOVER CRL DP URI.", new Object[0]);
        }
        if (AbstractCertRevocContext.AttributeUsage.FAILOVER == attributeUsage && null != uri) {
            if (null != logListener && logListener.isLoggable(Level.FINER)) {
                logListener.log(Level.FINER, "Trying FAILOVER CRL DP URI \"{0}\".", uri);
            }
            uri2 = uri;
        } else if (null != logListener && logListener.isLoggable(Level.FINER)) {
            logListener.log(Level.FINER, "NO FAILOVER CRL DP URI for issuer \"{0}\".", x500Principal);
        }
        return uri2;
    }

    private URI findUriInDp(LogListener logListener, X500Principal x500Principal, X500Name x500Name, CRLDistributionPoints cRLDistributionPoints) throws NameException {
        URI uri = null;
        int distributionPointCount = cRLDistributionPoints.getDistributionPointCount();
        for (int i = 0; i < distributionPointCount; i++) {
            if (-1 == cRLDistributionPoints.getReasonFlags(i) && isDpCrlIssuerEqual(x500Name, cRLDistributionPoints, i)) {
                Object distributionPointName = cRLDistributionPoints.getDistributionPointName(i);
                if (distributionPointName instanceof GeneralNames) {
                    uri = getUri(logListener, x500Principal, (GeneralNames) distributionPointName);
                    if (null != uri) {
                        break;
                    }
                } else {
                    continue;
                }
            }
        }
        return uri;
    }

    private static boolean isAlternateUriNull(URI uri, LogListener logListener, X500Principal x500Principal) {
        if (null != uri) {
            return false;
        }
        if (null == logListener || !logListener.isLoggable(Level.FINE)) {
            return true;
        }
        logListener.log(Level.FINE, "Unable to fetch CRL from DP. CRL DP override URI set to null for cert issuer \"{0}\".", x500Principal);
        return true;
    }

    /* JADX WARN: Finally extract failed */
    private boolean loadCrl(CrlCacheAccessor crlCacheAccessor, LogListener logListener, X500Principal x500Principal, int i, int i2, URI uri) {
        boolean z = false;
        InputStream inputStream = null;
        try {
            try {
                inputStream = getInputStream(i, i2, uri);
                z = crlCacheAccessor.loadCrl(inputStream);
                if (null != inputStream) {
                    try {
                        inputStream.close();
                    } catch (IOException e) {
                    }
                }
            } catch (Exception e2) {
                if (null != logListener && logListener.isLoggable(Level.FINE)) {
                    logListener.log(Level.FINE, e2, "Exception fetching CRL from DP URI \"{0}\" for cert issuer \"{1}\".", uri, x500Principal);
                }
                if (null != inputStream) {
                    try {
                        inputStream.close();
                    } catch (IOException e3) {
                    }
                }
            }
            return z;
        } catch (Throwable th) {
            if (null != inputStream) {
                try {
                    inputStream.close();
                } catch (IOException e4) {
                }
            }
            throw th;
        }
    }

    private InputStream getInputStream(int i, int i2, URI uri) throws IOException {
        URLConnection openConnection = uri.toURL().openConnection();
        openConnection.setConnectTimeout(i);
        openConnection.setReadTimeout(i2);
        return openConnection.getInputStream();
    }

    private URI getUri(LogListener logListener, X500Principal x500Principal, GeneralNames generalNames) throws NameException {
        URI uri = null;
        int nameCount = generalNames.getNameCount();
        for (int i = 0; i < nameCount; i++) {
            GeneralName generalName = generalNames.getGeneralName(i);
            if (generalName.getGeneralNameType() == 7) {
                String str = (String) generalName.getGeneralName();
                try {
                    uri = new URI(str);
                    String lowerCase = uri.getScheme().toLowerCase();
                    if (lowerCase.equals("http") || lowerCase.equals(AccessPoint.ACCESS_POINT_FTP)) {
                        break;
                    }
                } catch (URISyntaxException e) {
                    if (null != logListener && logListener.isLoggable(Level.FINE)) {
                        logListener.log(Level.FINE, "Unable to parse DP URI \"{0}\" for cert issuer \"{1}\".", str, x500Principal);
                    }
                }
            }
        }
        return uri;
    }

    private boolean isDpCrlIssuerEqual(X500Name x500Name, CRLDistributionPoints cRLDistributionPoints, int i) throws NameException {
        GeneralNames cRLIssuer = cRLDistributionPoints.getCRLIssuer(i);
        if (null == cRLIssuer) {
            return true;
        }
        if (cRLIssuer == null) {
            return false;
        }
        int nameCount = cRLIssuer.getNameCount();
        for (int i2 = 0; i2 < nameCount; i2++) {
            if (x500Name.equals(cRLIssuer.getGeneralName(i2))) {
                return true;
            }
        }
        return false;
    }

    private X500Name getRsaIssuerX500Name(X509Certificate x509Certificate, LogListener logListener, com.rsa.certj.cert.X509Certificate x509Certificate2) {
        X500Name issuerName = x509Certificate2.getIssuerName();
        if (null == issuerName && null != logListener && logListener.isLoggable(Level.FINE)) {
            logListener.log(Level.FINE, "Unable to update CRLs, missing internal issuer, certificate=\"{0}\".", x509Certificate.getSubjectDN());
        }
        return issuerName;
    }

    private com.rsa.certj.cert.X509Certificate toRsaCert(X509Certificate x509Certificate, LogListener logListener) {
        com.rsa.certj.cert.X509Certificate rsaCert = RsaUtil.toRsaCert(x509Certificate, logListener);
        if (null == rsaCert && null != logListener && logListener.isLoggable(Level.FINE)) {
            logListener.log(Level.FINE, "Unable to update CRLs, certificate not convertible, certificate=\"{0}\".", x509Certificate.getSubjectDN());
        }
        return rsaCert;
    }

    private X500Principal getIssuerX500Principal(X509Certificate x509Certificate, LogListener logListener) {
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        if (null == issuerX500Principal && null != logListener && logListener.isLoggable(Level.FINE)) {
            logListener.log(Level.FINE, "Unable to update CRLs, missing issuer, certificate=\"{0}\".", x509Certificate.getSubjectDN());
        }
        return issuerX500Principal;
    }
}
