package iaik.pki.store.revocation.dbcrl.util;

import iaik.logging.Log;
import iaik.logging.LogFactory;
import iaik.logging.TransactionId;
import iaik.pki.PKIException;
import iaik.pki.PKIFactory;
import iaik.pki.revocation.dbcrl.config.DBCrlConfigEntry;
import iaik.pki.revocation.dbcrl.crl.DBEntrysCRLListener;
import iaik.pki.revocation.dbcrl.crl.X509CRLStreamToDB;
import iaik.pki.store.certstore.selector.X509CertSelector;
import iaik.pki.store.revocation.dbcrl.RevCertDBStore;
import iaik.pki.utils.Constants;
import iaik.x509.X509Certificate;
import iaik.x509.stream.RevokedCertificatesCRLListener;
import iaik.x509.stream.X509CRLStream;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.security.cert.CRLException;

/* loaded from: input_file:BKULocal.war:WEB-INF/lib/iaik_pki-2.00-MOA-MOCCA.jar:iaik/pki/store/revocation/dbcrl/util/RevCertCRLDownloader.class */
public class RevCertCRLDownloader {
    private final RevCertDBStore C;
    private final TransactionId B;
    private String A;
    protected static Log log_ = LogFactory.getLog(Constants.MODULE_NAME);
    public static int DOWNLOAD_TIMEOUT = 60000;

    public RevCertCRLDownloader(RevCertDBStore revCertDBStore, String str, TransactionId transactionId) {
        this.C = revCertDBStore;
        this.A = str;
        this.B = transactionId;
    }

    public void downloadCRLAndAddToDB(DBCrlConfigEntry dBCrlConfigEntry, X509Certificate x509Certificate) throws CRLException, IOException {
        String[] additionalUrls;
        log_.debug(this.B, "download and add CRL to DB.", null);
        File file = null;
        boolean z = false;
        try {
            file = A(dBCrlConfigEntry.getUrl(), x509Certificate);
        } catch (IOException e) {
            z = true;
        }
        if (z && (additionalUrls = dBCrlConfigEntry.getAdditionalUrls()) != null && additionalUrls.length > 0) {
            for (String str : dBCrlConfigEntry.getAdditionalUrls()) {
                try {
                    file = A(str, x509Certificate);
                } catch (IOException e2) {
                }
                if (file != null) {
                    break;
                }
            }
        }
        if (file == null) {
            log_.error(this.B, "unable to download CRL from ANY of the given distribution points", null);
            throw new CRLException("unable to download CRL from ANY of the given distribution points");
        }
        log_.debug(this.B, "written CRL to tmp file.", null);
        A(file, dBCrlConfigEntry.getUrl(), this.A, x509Certificate);
    }

    private File A(String str, X509Certificate x509Certificate) throws IOException {
        BufferedInputStream bufferedInputStream = null;
        try {
            URLConnection openConnection = new URL(str).openConnection();
            openConnection.setConnectTimeout(DOWNLOAD_TIMEOUT);
            openConnection.setReadTimeout(DOWNLOAD_TIMEOUT);
            bufferedInputStream = new BufferedInputStream(openConnection.getInputStream());
            File createTempFile = File.createTempFile("tmpCRL", ".crl", new File(this.A));
            A(bufferedInputStream, new FileOutputStream(createTempFile));
            if (bufferedInputStream != null) {
                try {
                    bufferedInputStream.close();
                } catch (IOException e) {
                }
            }
            return createTempFile;
        } catch (Throwable th) {
            if (bufferedInputStream != null) {
                try {
                    bufferedInputStream.close();
                } catch (IOException e2) {
                    throw th;
                }
            }
            throw th;
        }
    }

    private void A(File file, String str, String str2, X509Certificate x509Certificate) throws CRLException, IOException {
        log_.debug(this.B, "flush DBStore entry cache, to avoid false answers from cache.", null);
        this.C.flushDBCache();
        log_.debug(this.B, "add CRL from tmp file to DB.", null);
        X509Certificate B = B(x509Certificate, file);
        if (B == null) {
            log_.error(this.B, "could NOT verify CRL with given issuer certificate, as well as any other cert in store", null);
        }
        X509CRLStreamToDB x509CRLStreamToDB = new X509CRLStreamToDB(new DBEntrysCRLListener(B, this.C, str, file, str2, this.B));
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(file);
                x509CRLStreamToDB.parse(fileInputStream);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                        log_.error(this.B, "could not close tmp file.", e.getCause());
                        throw e;
                    }
                }
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e2) {
                        log_.error(this.B, "could not close tmp file.", e2.getCause());
                        throw e2;
                    }
                }
                throw th;
            }
        } catch (IOException e3) {
            log_.error(this.B, "problems parsing CRL file from tmp file.", e3.getCause());
            throw e3;
        }
    }

    private void A(InputStream inputStream, FileOutputStream fileOutputStream) throws IOException {
        try {
            try {
                byte[] bArr = new byte[65535];
                while (true) {
                    int read = inputStream.read(bArr);
                    if (read == -1) {
                        break;
                    } else {
                        fileOutputStream.write(bArr, 0, read);
                    }
                }
            } catch (IOException e) {
                throw e;
            }
        } finally {
            if (inputStream != null) {
                inputStream.close();
            }
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
        }
    }

    private X509Certificate B(X509Certificate x509Certificate, File file) {
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            log_.debug(this.B, "check if CRL can be verified by given issuer certificate", null);
            X509Certificate A = A(x509Certificate, file);
            if (A != null) {
                log_.debug(this.B, " CRL can be verified by given issuer certificate", null);
                return A;
            }
            log_.debug(this.B, "CRL can NOT be verified with given issuer certificate, searching for other certificates in store", null);
            x509CertSelector.setSubjectDN(x509Certificate.getSubjectDN().getName());
            X509Certificate x509Certificate2 = null;
            for (X509Certificate x509Certificate3 : PKIFactory.getInstance().getCertificateFinder().getCertificates(x509CertSelector, this.B)) {
                x509Certificate2 = A(x509Certificate3, file);
                if (x509Certificate2 != null) {
                    return x509Certificate2;
                }
            }
            return x509Certificate2;
        } catch (PKIException e) {
            log_.error(this.B, "problems searching the certstore for certificates.", e.getCause());
            return null;
        }
    }

    private X509Certificate A(X509Certificate x509Certificate, File file) {
        RevokedCertificatesCRLListener revokedCertificatesCRLListener = new RevokedCertificatesCRLListener(new X509Certificate[0], x509Certificate.getPublicKey());
        X509CRLStream x509CRLStream = new X509CRLStream(revokedCertificatesCRLListener);
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(file);
                x509CRLStream.parse(fileInputStream);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                        log_.error(this.B, "could not close tmp CRL file.", e.getCause());
                    }
                }
                if (revokedCertificatesCRLListener.isVerified()) {
                    return x509Certificate;
                }
                return null;
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e2) {
                        log_.error(this.B, "could not close tmp CRL file.", e2.getCause());
                    }
                }
                throw th;
            }
        } catch (IOException e3) {
            log_.error(this.B, "problems parsing CRL file from tmp file.", e3.getCause());
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e4) {
                    log_.error(this.B, "could not close tmp CRL file.", e4.getCause());
                }
            }
            return null;
        } catch (CRLException e5) {
            log_.error(this.B, "problems parsing CRL file from tmp file.", e5.getCause());
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e6) {
                    log_.error(this.B, "could not close tmp CRL file.", e6.getCause());
                }
            }
            return null;
        }
    }
}
