package iaik.pki.store.certstore.ldap;

import iaik.logging.Log;
import iaik.logging.LogFactory;
import iaik.logging.TransactionId;
import iaik.pki.store.certstore.AbstractCertStore;
import iaik.pki.store.certstore.CertStore;
import iaik.pki.store.certstore.CertStoreException;
import iaik.pki.store.certstore.CertStoreParameters;
import iaik.pki.store.certstore.selector.CertSelector;
import iaik.pki.store.certstore.selector.DefaultCertSelector;
import iaik.pki.store.certstore.selector.email.DefaultEmailCertSelector;
import iaik.pki.store.certstore.selector.email.EmailCertSelectorFactory;
import iaik.pki.store.certstore.selector.is.DefaultIssuerSerialCertSelector;
import iaik.pki.store.certstore.selector.is.IssuerSerialCertSelectorFactory;
import iaik.pki.store.certstore.selector.kv.DefaultKeyValueCertSelector;
import iaik.pki.store.certstore.selector.sdn.DefaultSubjectDNCertSelector;
import iaik.pki.store.certstore.selector.sdn.SubjectDNCertSelectorFactory;
import iaik.pki.store.certstore.selector.ski.DefaultSubjectKeyIdentifierCertSelector;
import iaik.pki.utils.Constants;
import iaik.x509.X509Certificate;
import iaik.x509.net.ldap.LdapURLConnection;
import java.security.cert.CertificateException;
import java.util.Hashtable;
import java.util.Vector;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;

/* loaded from: classes.dex */
class B extends AbstractCertStore implements CertStore {
    protected static final String J = ";binary";
    protected static final String M = "ldap";
    protected static final String N = "com.sun.jndi.ldap.LdapCtxFactory";
    protected static Log log_ = LogFactory.getLog(Constants.MODULE_NAME);
    protected Hashtable K;
    protected LDAPCertStoreParameters L;
    protected DirContext O;

    /* JADX INFO: Access modifiers changed from: package-private */
    public B(LDAPCertStoreParameters lDAPCertStoreParameters) {
        this.O = null;
        this.L = null;
        if (lDAPCertStoreParameters == null) {
            throw new NullPointerException("Argument \"params\" must not be null.");
        }
        this.L = lDAPCertStoreParameters;
        this.K = new Hashtable();
        this.K.put("java.naming.factory.initial", N);
        this.K.put("java.naming.provider.url", B());
        try {
            this.O = new InitialDirContext(this.K);
        } catch (NamingException e) {
            this.O = null;
        }
    }

    protected synchronized X509Certificate[] A(LDAPCertSelector lDAPCertSelector, TransactionId transactionId) {
        X509Certificate[] x509CertificateArr;
        X509Certificate x509Certificate;
        if (lDAPCertSelector == null) {
            throw new NullPointerException("Argument \"ldapSelector\" must not be null.");
        }
        if (this.O == null) {
            try {
                this.O = new InitialDirContext(this.K);
            } catch (NamingException e) {
                log_.error(transactionId, "LDAP service not available", e);
                throw new LDAPCertStoreException("ldap not available", e, new StringBuffer().append(getClass().getName()).append(":7").toString());
            }
        }
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(new String[]{LdapURLConnection.AD_USER_CERTIFICATE, LdapURLConnection.AD_CA_CERTIFICATE});
        searchControls.setSearchScope(2);
        try {
            log_.debug(transactionId, "Retrieving certificates from ldap server.", null);
            log_.debug(transactionId, new StringBuffer("BaseDN:  ").append(this.L.getBaseDN()).toString(), null);
            NamingEnumeration search = this.O.search(C(), lDAPCertSelector.getFilterString(), searchControls);
            Vector vector = new Vector();
            log_.debug(transactionId, "Finished query from ldap server, retrieving now...", null);
            if (search.hasMore()) {
                while (search.hasMore()) {
                    Attributes attributes = ((SearchResult) search.next()).getAttributes();
                    if (attributes != null) {
                        NamingEnumeration all = attributes.getAll();
                        while (all.hasMore()) {
                            Attribute attribute = (Attribute) all.next();
                            attribute.getID();
                            NamingEnumeration all2 = attribute.getAll();
                            while (all2.hasMoreElements()) {
                                try {
                                    try {
                                        x509Certificate = new X509Certificate((byte[]) all2.nextElement());
                                        try {
                                            if (lDAPCertSelector.matches(x509Certificate, transactionId)) {
                                                vector.addElement(x509Certificate);
                                            }
                                        } catch (CertStoreException e2) {
                                            e = e2;
                                            log_.error(transactionId, new StringBuffer("Coult not normalize name: ").append(x509Certificate).toString(), e);
                                            e.printStackTrace();
                                        }
                                    } catch (CertificateException e3) {
                                        log_.error(transactionId, "Error while converting received Certificate from LDAP CertStore", e3);
                                    }
                                } catch (CertStoreException e4) {
                                    e = e4;
                                    x509Certificate = null;
                                }
                            }
                        }
                    }
                }
            }
            log_.debug(transactionId, new StringBuffer("Finished retrieving certs from server: number found: ").append(vector.size()).toString(), null);
            x509CertificateArr = new X509Certificate[vector.size()];
            vector.copyInto(x509CertificateArr);
        } catch (NamingException e5) {
            throw new LDAPCertStoreException(new StringBuffer("Error while retrieving certificate from LDAP server due to the following reason: ").append(e5.toString()).toString(), e5, new StringBuffer().append(getClass().getName()).append(":8").toString());
        }
        return x509CertificateArr;
    }

    protected CertSelector B(CertSelector certSelector, TransactionId transactionId) {
        if (certSelector == null) {
            throw new NullPointerException(new StringBuffer("CertSelector must not be null.").append(getClass().getName()).append(":5").toString());
        }
        if (certSelector instanceof LDAPCertSelector) {
            return certSelector;
        }
        if (certSelector instanceof DefaultCertSelector) {
            if (certSelector instanceof DefaultSubjectDNCertSelector) {
                log_.debug(transactionId, "Converting default SubjectDNCertSelector to LDAP SubjectDNCertSelector.", null);
                return SubjectDNCertSelectorFactory.createCertSelector(((DefaultSubjectDNCertSelector) certSelector).getSubjectDN(), "ldap");
            }
            if (certSelector instanceof DefaultIssuerSerialCertSelector) {
                log_.debug(transactionId, "Converting default IssuerSerialCertSelector to LDAP IssuerSerialCertSelector.", null);
                DefaultIssuerSerialCertSelector defaultIssuerSerialCertSelector = (DefaultIssuerSerialCertSelector) certSelector;
                return IssuerSerialCertSelectorFactory.createCertSelector(defaultIssuerSerialCertSelector.getNormalizedIssuer(), true, defaultIssuerSerialCertSelector.getSerialNumber(), "ldap");
            }
            if (certSelector instanceof DefaultEmailCertSelector) {
                log_.debug(transactionId, "Converting default EmailCertSelector to LDAP EmailCertSelector.", null);
                return EmailCertSelectorFactory.createCertSelector(((DefaultEmailCertSelector) certSelector).getEmailAddress(), "ldap");
            }
            if (certSelector instanceof DefaultKeyValueCertSelector) {
                log_.debug(transactionId, "Key value search not supported by LDAP cert store.", null);
                return null;
            }
            if (certSelector instanceof DefaultSubjectKeyIdentifierCertSelector) {
                log_.debug(transactionId, "SubjectKeyIdentifier search not supported by LDAP cert store.", null);
                return null;
            }
        }
        log_.debug(transactionId, "Unknown cert selector type.", null);
        return null;
    }

    public String B() {
        StringBuffer stringBuffer = new StringBuffer(32);
        stringBuffer.append("ldap");
        stringBuffer.append("://");
        stringBuffer.append(this.L.getHost());
        stringBuffer.append(':');
        stringBuffer.append(this.L.getPort());
        return stringBuffer.toString();
    }

    protected String C() {
        return this.L.getBaseDN();
    }

    @Override // iaik.pki.store.certstore.CertStore
    public X509Certificate[] getCertificates(CertSelector certSelector, TransactionId transactionId) {
        if (certSelector == null) {
            throw new NullPointerException("Argument \"selector\" must not be null.");
        }
        return A((LDAPCertSelector) B(certSelector, transactionId), transactionId);
    }

    @Override // iaik.pki.store.certstore.AbstractCertStore, iaik.pki.store.certstore.CertStore
    public CertStoreParameters getParameters() {
        return this.L;
    }

    @Override // iaik.pki.store.certstore.AbstractCertStore, iaik.pki.store.certstore.CertStore
    public String getUniqueID() {
        return this.L.getId();
    }

    @Override // iaik.pki.store.certstore.AbstractCertStore, iaik.pki.store.certstore.CertStore
    public boolean isReadOnly() {
        return this.L.isReadOnly();
    }

    @Override // iaik.pki.store.certstore.AbstractCertStore
    public boolean removeCertificate(X509Certificate x509Certificate, TransactionId transactionId) {
        if (this.L.isReadOnly()) {
            throw new LDAPCertStoreException("CertStore is read-only", null, new StringBuffer().append(getClass().getName()).append(":3").toString());
        }
        throw new LDAPCertStoreException("Cannot write to LDAP certstore: there is only read-only supported", null, new StringBuffer().append(getClass().getName()).append(":4").toString());
    }

    @Override // iaik.pki.store.certstore.AbstractCertStore, iaik.pki.store.certstore.CertStore
    public void storeCertificate(X509Certificate x509Certificate, TransactionId transactionId) {
        if (x509Certificate == null) {
            throw new NullPointerException("Argument \"cert\" must not be null.");
        }
        if (!this.L.isReadOnly()) {
            throw new LDAPCertStoreException("Writing to LDAP certstore is not supported.", null, new StringBuffer().append(getClass().getName()).append(":6").toString());
        }
        throw new LDAPCertStoreException("CertStore is read-only", null, new StringBuffer().append(getClass().getName()).append(":5").toString());
    }
}
