package iaik.pki;

import iaik.asn1.ObjectID;
import iaik.asn1.structures.AccessDescription;
import iaik.asn1.structures.AlgorithmID;
import iaik.asn1.structures.DistributionPoint;
import iaik.asn1.structures.GeneralName;
import iaik.asn1.structures.Name;
import iaik.cms.SecurityProvider;
import iaik.logging.Log;
import iaik.logging.LogFactory;
import iaik.logging.TransactionId;
import iaik.pki.pathvalidation.ChainingModes;
import iaik.pki.pathvalidation.ValidationConfiguration;
import iaik.pki.revocation.RevocationConfiguration;
import iaik.pki.revocation.StatusCheckingException;
import iaik.pki.revocation.dbcrl.config.DBCrlConfig;
import iaik.pki.store.certstore.CertStoreConfiguration;
import iaik.pki.store.certstore.CertStoreParameters;
import iaik.pki.store.revocation.archive.ArchiveConfiguration;
import iaik.pki.store.revocation.archive.ArchiveParameters;
import iaik.pki.utils.CertUtil;
import iaik.pki.utils.Constants;
import iaik.pki.utils.NameUtils;
import iaik.pki.utils.UtilsException;
import iaik.utils.Util;
import iaik.x509.extensions.AuthorityInfoAccess;
import iaik.x509.extensions.CRLDistributionPoints;
import iaik.x509.ocsp.CertID;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

/* loaded from: classes.dex */
public class DefaultPKIConfiguration implements PKIConfiguration, ValidationConfiguration, RevocationConfiguration, CertStoreConfiguration, ArchiveConfiguration {
    protected static Log log_ = LogFactory.getLog(Constants.MODULE_NAME);
    protected CertStoreParameters[] certStoreParameters_;
    protected Set positiveOCSPResponders_;
    protected Set revocationSources_ = new HashSet();
    protected Map alternativeDPsFromCertHash_ = null;
    protected Map alternativeDPsFromIssuerCertHash_ = null;
    protected Map alternativeDPsFromIssuerName_ = null;
    protected Map alternativeOcspDPsFromCertID_ = null;
    protected Map crlRetentionIntervals_ = new HashMap();
    protected boolean doArchiveAll_ = false;
    protected String chainingMode_ = ChainingModes.PKIX_MODE;
    protected String archiveType_ = null;
    protected ArchiveParameters archiveParameters_ = null;
    protected int connectTimeout_ = 60000;
    protected int readTimeout_ = 60000;
    protected boolean keepRevocationInfo_ = false;
    private boolean A = false;

    public DefaultPKIConfiguration(CertStoreParameters[] certStoreParametersArr) {
        this.certStoreParameters_ = null;
        if (certStoreParametersArr == null) {
            throw new NullPointerException("CertstoreParameters must not be null.");
        }
        this.certStoreParameters_ = certStoreParametersArr;
    }

    public void addCrlRetentionInterval(Name name, Integer num, TransactionId transactionId) {
        String lowerCase;
        if (name == null) {
            throw new NullPointerException("Parameter \"issuerDN\" must not be null.");
        }
        if (num == null) {
            throw new NullPointerException("Parameter \"interval\" must not be null.");
        }
        try {
            lowerCase = NameUtils.getNormalizedName(name);
        } catch (UtilsException e) {
            log_.debug(transactionId, new StringBuffer("Could not normalize issuer \"").append(name.getName()).append("\".").toString(), null);
            lowerCase = name.getName().toLowerCase();
        }
        if (lowerCase != null) {
            this.crlRetentionIntervals_.put(lowerCase, num);
            log_.info(transactionId, new StringBuffer("Setting crl retention interval for crl issuer \"").append(lowerCase).append("\" to ").append(num).append(" days.").toString(), null);
        }
    }

    public void addCrlRetentionInterval(String str, Integer num, TransactionId transactionId) {
        String lowerCase;
        if (str == null) {
            throw new NullPointerException("Parameter \"issuerDN\" must not be null.");
        }
        if (num == null) {
            throw new NullPointerException("Parameter \"interval\" must not be null.");
        }
        try {
            lowerCase = NameUtils.getNormalizedName(str);
        } catch (UtilsException e) {
            log_.debug(transactionId, new StringBuffer("Could not normalize issuer \"").append(str).append("\".").toString(), null);
            lowerCase = str.toLowerCase();
        }
        if (lowerCase != null) {
            this.crlRetentionIntervals_.put(lowerCase, num);
            log_.info(transactionId, new StringBuffer("Setting crl retention interval for crl issuer \"").append(lowerCase).append("\" to ").append(num).append(" days.").toString(), null);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:25:0x0029 A[Catch: Exception -> 0x00a2, TryCatch #1 {Exception -> 0x00a2, blocks: (B:3:0x0002, B:5:0x0006, B:8:0x0011, B:11:0x0019, B:25:0x0029, B:13:0x0061, B:15:0x006f), top: B:2:0x0002 }] */
    /* JADX WARN: Removed duplicated region for block: B:29:? A[RETURN, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void addCrlRetentionInterval(java.security.cert.X509Certificate r11, java.lang.Integer r12, iaik.logging.TransactionId r13) {
        /*
            r10 = this;
            r2 = 0
            r1 = 0
            iaik.x509.X509Certificate r0 = iaik.utils.Util.convertCertificate(r11)     // Catch: java.lang.Exception -> La2
            iaik.asn1.ObjectID r3 = iaik.x509.extensions.CRLDistributionPoints.oid     // Catch: iaik.x509.X509ExtensionInitException -> L5e java.lang.Exception -> La2
            iaik.x509.V3Extension r0 = r0.getExtension(r3)     // Catch: iaik.x509.X509ExtensionInitException -> L5e java.lang.Exception -> La2
            iaik.x509.extensions.CRLDistributionPoints r0 = (iaik.x509.extensions.CRLDistributionPoints) r0     // Catch: iaik.x509.X509ExtensionInitException -> L5e java.lang.Exception -> La2
        Le:
            r2 = 1
            if (r0 == 0) goto Lc6
            java.util.Enumeration r5 = r0.getDistributionPoints()     // Catch: java.lang.Exception -> La2
            if (r5 == 0) goto Lc9
            r3 = r1
            r0 = r1
        L19:
            boolean r4 = r5.hasMoreElements()     // Catch: java.lang.Exception -> La2
            if (r4 != 0) goto L61
            r9 = r3
            r3 = r0
            r0 = r9
        L22:
            if (r0 <= 0) goto Lc6
            if (r3 != r0) goto Lc6
            r0 = r1
        L27:
            if (r0 == 0) goto L5d
            java.security.Principal r0 = r11.getIssuerDN()     // Catch: java.lang.Exception -> La2
            iaik.asn1.structures.Name r0 = (iaik.asn1.structures.Name) r0     // Catch: java.lang.Exception -> La2
            java.lang.String r0 = iaik.pki.utils.NameUtils.getNormalizedName(r0)     // Catch: java.lang.Exception -> La2
            iaik.logging.Log r1 = iaik.pki.DefaultPKIConfiguration.log_     // Catch: java.lang.Exception -> La2
            java.lang.StringBuffer r2 = new java.lang.StringBuffer     // Catch: java.lang.Exception -> La2
            java.lang.String r3 = "Setting crl retention interval for crl issuer \""
            r2.<init>(r3)     // Catch: java.lang.Exception -> La2
            java.lang.StringBuffer r2 = r2.append(r0)     // Catch: java.lang.Exception -> La2
            java.lang.String r3 = "\" to "
            java.lang.StringBuffer r2 = r2.append(r3)     // Catch: java.lang.Exception -> La2
            java.lang.StringBuffer r2 = r2.append(r12)     // Catch: java.lang.Exception -> La2
            java.lang.String r3 = " days."
            java.lang.StringBuffer r2 = r2.append(r3)     // Catch: java.lang.Exception -> La2
            java.lang.String r2 = r2.toString()     // Catch: java.lang.Exception -> La2
            r3 = 0
            r1.info(r13, r2, r3)     // Catch: java.lang.Exception -> La2
            java.util.Map r1 = r10.crlRetentionIntervals_     // Catch: java.lang.Exception -> La2
            r1.put(r0, r12)     // Catch: java.lang.Exception -> La2
        L5d:
            return
        L5e:
            r0 = move-exception
            r0 = r2
            goto Le
        L61:
            int r4 = r0 + 1
            java.lang.Object r0 = r5.nextElement()     // Catch: java.lang.Exception -> La2
            iaik.asn1.structures.DistributionPoint r0 = (iaik.asn1.structures.DistributionPoint) r0     // Catch: java.lang.Exception -> La2
            iaik.asn1.structures.Name r0 = r0.getCrlIssuerName()     // Catch: java.lang.Exception -> La2
            if (r0 == 0) goto L9f
            int r3 = r3 + 1
            java.lang.String r0 = iaik.pki.utils.NameUtils.getNormalizedName(r0)     // Catch: java.lang.Exception -> La2
            iaik.logging.Log r6 = iaik.pki.DefaultPKIConfiguration.log_     // Catch: java.lang.Exception -> La2
            java.lang.StringBuffer r7 = new java.lang.StringBuffer     // Catch: java.lang.Exception -> La2
            java.lang.String r8 = "Setting crl retention interval for (indirect) crl issuer \""
            r7.<init>(r8)     // Catch: java.lang.Exception -> La2
            java.lang.StringBuffer r7 = r7.append(r0)     // Catch: java.lang.Exception -> La2
            java.lang.String r8 = "\" to "
            java.lang.StringBuffer r7 = r7.append(r8)     // Catch: java.lang.Exception -> La2
            java.lang.StringBuffer r7 = r7.append(r12)     // Catch: java.lang.Exception -> La2
            java.lang.String r8 = " days."
            java.lang.StringBuffer r7 = r7.append(r8)     // Catch: java.lang.Exception -> La2
            java.lang.String r7 = r7.toString()     // Catch: java.lang.Exception -> La2
            r8 = 0
            r6.info(r13, r7, r8)     // Catch: java.lang.Exception -> La2
            java.util.Map r6 = r10.crlRetentionIntervals_     // Catch: java.lang.Exception -> La2
            r6.put(r0, r12)     // Catch: java.lang.Exception -> La2
        L9f:
            r0 = r4
            goto L19
        La2:
            r0 = move-exception
            iaik.pki.PKIException r1 = new iaik.pki.PKIException
            java.lang.String r2 = "Could not add crl retention interval."
            java.lang.StringBuffer r3 = new java.lang.StringBuffer
            r3.<init>()
            java.lang.Class r4 = r10.getClass()
            java.lang.String r4 = r4.getName()
            java.lang.StringBuffer r3 = r3.append(r4)
            java.lang.String r4 = ":2"
            java.lang.StringBuffer r3 = r3.append(r4)
            java.lang.String r3 = r3.toString()
            r1.<init>(r2, r0, r3)
            throw r1
        Lc6:
            r0 = r2
            goto L27
        Lc9:
            r0 = r1
            r3 = r1
            goto L22
        */
        throw new UnsupportedOperationException("Method not decompiled: iaik.pki.DefaultPKIConfiguration.addCrlRetentionInterval(java.security.cert.X509Certificate, java.lang.Integer, iaik.logging.TransactionId):void");
    }

    public void addPositiveOCSPResponder(String str) {
        if (this.positiveOCSPResponders_ == null) {
            this.positiveOCSPResponders_ = Collections.synchronizedSet(new HashSet());
        }
        this.positiveOCSPResponders_.add(str);
    }

    public void addPositiveOCSPResponder(X509Certificate x509Certificate, TransactionId transactionId) {
        if (this.positiveOCSPResponders_ == null) {
            this.positiveOCSPResponders_ = Collections.synchronizedSet(new HashSet());
        }
        try {
            AuthorityInfoAccess authorityInfoAccess = (AuthorityInfoAccess) Util.convertCertificate(x509Certificate).getExtension(AuthorityInfoAccess.oid);
            if (authorityInfoAccess != null) {
                Enumeration accessDescriptions = authorityInfoAccess.getAccessDescriptions();
                while (accessDescriptions.hasMoreElements()) {
                    AccessDescription accessDescription = (AccessDescription) accessDescriptions.nextElement();
                    if (accessDescription.getAccessMethod().equals(ObjectID.ocsp)) {
                        GeneralName accessLocation = accessDescription.getAccessLocation();
                        if (accessLocation.getType() == 6) {
                            String str = (String) accessLocation.getName();
                            this.positiveOCSPResponders_.add(str);
                            if (log_.isDebugEnabled()) {
                                log_.debug(transactionId, new StringBuffer("Added positive OCSP responder:  ").append(str).toString(), null);
                            }
                        }
                    }
                }
            }
        } catch (Exception e) {
            throw new PKIException(new StringBuffer("Could not get OCSP responder url from certificate: ").append(e.getMessage()).toString(), null, null);
        }
    }

    @Override // iaik.pki.revocation.RevocationConfiguration
    public boolean archiveRevocationInfo(String str, String str2) {
        if (str == null) {
            throw new NullPointerException("Type must not be null.");
        }
        if (str2 == null) {
            throw new NullPointerException("URI must not be null.");
        }
        if (this.doArchiveAll_) {
            return true;
        }
        return this.revocationSources_.contains(new A(str, str2));
    }

    @Override // iaik.pki.revocation.RevocationConfiguration
    public Set getAlternativeDistributionPoints(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) {
        AlgorithmID algorithmID;
        Enumeration distributionPoints;
        Set set;
        Set set2;
        HashSet hashSet = new HashSet();
        try {
            iaik.x509.X509Certificate convertCertificate = Util.convertCertificate(x509Certificate);
            iaik.x509.X509Certificate convertCertificate2 = Util.convertCertificate(x509Certificate2);
            if (this.alternativeDPsFromCertHash_ != null && (set2 = (Set) this.alternativeDPsFromCertHash_.get(CertUtil.getFingerPrintSHA(convertCertificate))) != null) {
                hashSet.addAll(set2);
            }
            if (this.alternativeDPsFromIssuerCertHash_ != null && (set = (Set) this.alternativeDPsFromIssuerCertHash_.get(CertUtil.getFingerPrintSHA(convertCertificate2))) != null) {
                hashSet.addAll(set);
            }
            if (this.alternativeDPsFromIssuerName_ != null) {
                Set set3 = (Set) this.alternativeDPsFromIssuerName_.get(NameUtils.getNormalizedName((Name) convertCertificate.getIssuerDN()));
                if (set3 != null) {
                    hashSet.addAll(set3);
                } else {
                    CRLDistributionPoints cRLDistributionPoints = (CRLDistributionPoints) convertCertificate.getExtension(CRLDistributionPoints.oid);
                    if (cRLDistributionPoints != null && (distributionPoints = cRLDistributionPoints.getDistributionPoints()) != null) {
                        while (distributionPoints.hasMoreElements()) {
                            Name crlIssuerName = ((DistributionPoint) distributionPoints.nextElement()).getCrlIssuerName();
                            if (crlIssuerName != null) {
                                Set set4 = (Set) this.alternativeDPsFromIssuerName_.get(NameUtils.getNormalizedName(crlIssuerName));
                                if (set4 != null) {
                                    hashSet.addAll(set4);
                                }
                            }
                        }
                    }
                }
            }
            if (this.alternativeOcspDPsFromCertID_ != null && (algorithmID = AlgorithmID.getAlgorithmID(SecurityProvider.ALG_DIGEST_SHA)) != null) {
                try {
                    Set set5 = (Set) this.alternativeOcspDPsFromCertID_.get(new CertID(algorithmID, (Name) convertCertificate.getIssuerDN(), convertCertificate2.getPublicKey(), convertCertificate.getSerialNumber()));
                    if (set5 != null) {
                        hashSet.addAll(set5);
                    }
                } catch (Exception e) {
                    throw new StatusCheckingException("Error creating ocsp request", e, new StringBuffer().append(getClass().getName()).append(":1").toString());
                }
            }
        } catch (Exception e2) {
            log_.info(null, new StringBuffer("Error getting alternative CRL distribution point for certificate \"").append(x509Certificate.getSubjectDN().getName()).append("\": ").append(e2.getMessage()).toString(), null);
        }
        return hashSet;
    }

    @Override // iaik.pki.PKIConfiguration
    public ArchiveConfiguration getArchiveConfiguration() {
        if (this.archiveParameters_ == null || this.archiveType_ == null) {
            return null;
        }
        return this;
    }

    @Override // iaik.pki.store.revocation.archive.ArchiveConfiguration
    public ArchiveParameters getArchiveParameters() {
        return this.archiveParameters_;
    }

    @Override // iaik.pki.PKIConfiguration
    public CertStoreConfiguration getCertStoreConfiguration() {
        return this;
    }

    @Override // iaik.pki.pathvalidation.ValidationConfiguration
    public String getChainingMode(X509Certificate x509Certificate) {
        return this.chainingMode_;
    }

    @Override // iaik.pki.PKIConfiguration
    public int getConnectTimeout() {
        return this.connectTimeout_;
    }

    @Override // iaik.pki.revocation.RevocationConfiguration
    public Integer getCrlRetentionInterval(String str) {
        try {
            return (Integer) this.crlRetentionIntervals_.get(NameUtils.getNormalizedName(str));
        } catch (UtilsException e) {
            return (Integer) this.crlRetentionIntervals_.get(str);
        }
    }

    @Override // iaik.pki.revocation.RevocationConfiguration
    public DBCrlConfig getDataBaseCRLConfig() {
        return null;
    }

    @Override // iaik.pki.revocation.RevocationConfiguration
    public boolean getKeepRevocationInfo() {
        return this.keepRevocationInfo_;
    }

    @Override // iaik.pki.store.certstore.CertStoreConfiguration
    public CertStoreParameters[] getParameters() {
        return this.certStoreParameters_;
    }

    @Override // iaik.pki.revocation.RevocationConfiguration
    public Set getPositiveOCSPResponders() {
        return this.positiveOCSPResponders_;
    }

    @Override // iaik.pki.pathvalidation.ValidationConfiguration
    public X509Certificate getPublicKeyParamsAsCert(X509Certificate x509Certificate) {
        return null;
    }

    @Override // iaik.pki.pathvalidation.ValidationConfiguration
    public AlgorithmParameterSpec getPublicKeyParamsAsSpec(X509Certificate x509Certificate) {
        return null;
    }

    @Override // iaik.pki.PKIConfiguration
    public int getReadTimeout() {
        return this.readTimeout_;
    }

    @Override // iaik.pki.PKIConfiguration
    public RevocationConfiguration getRevocationConfiguration() {
        return this;
    }

    @Override // iaik.pki.store.revocation.archive.ArchiveConfiguration
    public String getType() {
        return this.archiveType_;
    }

    @Override // iaik.pki.PKIConfiguration
    public ValidationConfiguration getValidationConfiguration() {
        return this;
    }

    public void resetAlternativeDistributionPoints() {
        this.alternativeDPsFromCertHash_ = null;
        this.alternativeDPsFromIssuerCertHash_ = null;
        this.alternativeDPsFromIssuerName_ = null;
        this.alternativeOcspDPsFromCertID_ = null;
    }

    public void setAlternativeDPsFromCertHash(Map map) {
        this.alternativeDPsFromCertHash_ = map;
    }

    public void setAlternativeDPsFromIssuerCertHash(Map map) {
        this.alternativeDPsFromIssuerCertHash_ = map;
    }

    public void setAlternativeDPsFromIssuerName(Map map) {
        this.alternativeDPsFromIssuerName_ = map;
    }

    public void setAlternativeOcspDPsFromCertID(Map map) {
        this.alternativeOcspDPsFromCertID_ = map;
    }

    public void setArchive(String str, ArchiveParameters archiveParameters) {
        if (str == null) {
            throw new NullPointerException("Archiv type must not be null.");
        }
        if (archiveParameters == null) {
            throw new NullPointerException("Archiv parameters must not be null.");
        }
        this.archiveType_ = str;
        this.archiveParameters_ = archiveParameters;
    }

    public void setArchiveRevocationInfo(String str, String str2) {
        this.revocationSources_.add(new A(str, str2));
    }

    public void setCertStoreParameters(CertStoreParameters[] certStoreParametersArr) {
        if (certStoreParametersArr == null) {
            throw new NullPointerException("Certstore parameters must not be null.");
        }
        this.certStoreParameters_ = certStoreParametersArr;
    }

    public void setChainingMode(String str) {
        if (str == null) {
            throw new NullPointerException("Chaining mode must not be null.");
        }
        if (!ChainingModes.ALL.contains(str)) {
            throw new IllegalArgumentException("Unknown chaining mode.");
        }
        this.chainingMode_ = str;
    }

    public void setConnectTimeout(int i) {
        this.connectTimeout_ = i;
    }

    public void setDoArchiveAll(boolean z) {
        this.doArchiveAll_ = z;
    }

    public void setKeepRevocationInfo(boolean z) {
        this.keepRevocationInfo_ = z;
    }

    public void setReadTimeout(int i) {
        this.readTimeout_ = i;
    }

    @Override // iaik.pki.revocation.RevocationConfiguration
    public boolean skipIndirectCRLCheckForAlternativeDistributionPoints() {
        return this.A;
    }
}
