package iaik.pki;

import iaik.asn1.ObjectID;
import iaik.asn1.structures.AccessDescription;
import iaik.asn1.structures.AlgorithmID;
import iaik.asn1.structures.GeneralName;
import iaik.asn1.structures.Name;
import iaik.cms.SecurityProvider;
import iaik.logging.Log;
import iaik.logging.LogFactory;
import iaik.logging.TransactionId;
import iaik.pki.pathvalidation.ChainingModes;
import iaik.pki.pathvalidation.ValidationConfiguration;
import iaik.pki.revocation.CRLDistributionPointImpl;
import iaik.pki.revocation.DistributionPoint;
import iaik.pki.revocation.OCSPDistributionPointImpl;
import iaik.pki.revocation.RevocationConfiguration;
import iaik.pki.revocation.StatusCheckingException;
import iaik.pki.revocation.dbcrl.config.DBCrlConfig;
import iaik.pki.store.certstore.CertStoreConfiguration;
import iaik.pki.store.certstore.CertStoreParameters;
import iaik.pki.store.revocation.archive.ArchiveConfiguration;
import iaik.pki.store.revocation.archive.ArchiveParameters;
import iaik.pki.utils.CertUtil;
import iaik.pki.utils.Constants;
import iaik.pki.utils.NameUtils;
import iaik.pki.utils.UtilsException;
import iaik.utils.Util;
import iaik.x509.X509ExtensionInitException;
import iaik.x509.extensions.AuthorityInfoAccess;
import iaik.x509.extensions.CRLDistributionPoints;
import iaik.x509.ocsp.CertID;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:BKULocal.war:WEB-INF/lib/iaik_pki-2.00-MOA-MOCCA.jar:iaik/pki/DefaultPKIConfiguration.class */
public class DefaultPKIConfiguration implements PKIConfiguration, CertStoreConfiguration, RevocationConfiguration, ArchiveConfiguration, ValidationConfiguration {
    protected static Log log_ = LogFactory.getLog(Constants.MODULE_NAME);
    protected CertStoreParameters[] certStoreParameters_;
    protected Set<String> positiveOCSPResponders_;
    protected Set<A> revocationSources_ = new HashSet();
    protected Map<String, Set<DistributionPoint>> alternativeDPsFromCertHash_ = null;
    protected Map<String, Set<DistributionPoint>> alternativeDPsFromIssuerCertHash_ = null;
    protected Map<String, Set<DistributionPoint>> alternativeDPsFromIssuerName_ = null;
    protected Map<CertID, Set<DistributionPoint>> alternativeOcspDPsFromCertID_ = null;
    protected Map<String, Integer> crlRetentionIntervals_ = new HashMap();
    protected boolean doArchiveAll_ = false;
    protected String chainingMode_ = ChainingModes.PKIX_MODE;
    protected String archiveType_ = null;
    protected ArchiveParameters archiveParameters_ = null;
    protected int connectTimeout_ = 60000;
    protected int readTimeout_ = 60000;
    protected boolean keepRevocationInfo_ = false;
    private boolean A = false;

    public DefaultPKIConfiguration(CertStoreParameters[] certStoreParametersArr) {
        this.certStoreParameters_ = null;
        if (certStoreParametersArr == null) {
            throw new NullPointerException("CertstoreParameters must not be null.");
        }
        this.certStoreParameters_ = certStoreParametersArr;
    }

    @Override // iaik.pki.PKIConfiguration
    public CertStoreConfiguration getCertStoreConfiguration() {
        return this;
    }

    @Override // iaik.pki.PKIConfiguration
    public RevocationConfiguration getRevocationConfiguration() {
        return this;
    }

    @Override // iaik.pki.PKIConfiguration
    public ArchiveConfiguration getArchiveConfiguration() {
        if (this.archiveParameters_ == null || this.archiveType_ == null) {
            return null;
        }
        return this;
    }

    @Override // iaik.pki.PKIConfiguration
    public ValidationConfiguration getValidationConfiguration() {
        return this;
    }

    @Override // iaik.pki.store.certstore.CertStoreConfiguration
    public CertStoreParameters[] getParameters() {
        return this.certStoreParameters_;
    }

    public void setCertStoreParameters(CertStoreParameters[] certStoreParametersArr) {
        if (certStoreParametersArr == null) {
            throw new NullPointerException("Certstore parameters must not be null.");
        }
        this.certStoreParameters_ = certStoreParametersArr;
    }

    @Override // iaik.pki.revocation.RevocationConfiguration
    public Set<DistributionPoint> getAlternativeDistributionPoints(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) {
        AlgorithmID algorithmID;
        Enumeration distributionPoints;
        Set<DistributionPoint> set;
        Set<DistributionPoint> set2;
        HashSet hashSet = new HashSet();
        try {
            iaik.x509.X509Certificate convertCertificate = Util.convertCertificate(x509Certificate);
            iaik.x509.X509Certificate convertCertificate2 = Util.convertCertificate(x509Certificate2);
            if (this.alternativeDPsFromCertHash_ != null && (set2 = this.alternativeDPsFromCertHash_.get(CertUtil.getFingerPrintSHA(convertCertificate))) != null) {
                hashSet.addAll(set2);
            }
            if (this.alternativeDPsFromIssuerCertHash_ != null && (set = this.alternativeDPsFromIssuerCertHash_.get(CertUtil.getFingerPrintSHA(convertCertificate2))) != null) {
                hashSet.addAll(set);
            }
            if (this.alternativeDPsFromIssuerName_ != null) {
                Set<DistributionPoint> set3 = this.alternativeDPsFromIssuerName_.get(NameUtils.getNormalizedName((Name) convertCertificate.getIssuerDN()));
                if (set3 != null) {
                    hashSet.addAll(set3);
                } else {
                    CRLDistributionPoints cRLDistributionPoints = (CRLDistributionPoints) convertCertificate.getExtension(CRLDistributionPoints.oid);
                    if (cRLDistributionPoints != null && (distributionPoints = cRLDistributionPoints.getDistributionPoints()) != null) {
                        while (distributionPoints.hasMoreElements()) {
                            Name crlIssuerName = ((iaik.asn1.structures.DistributionPoint) distributionPoints.nextElement()).getCrlIssuerName();
                            if (crlIssuerName != null) {
                                Set<DistributionPoint> set4 = this.alternativeDPsFromIssuerName_.get(NameUtils.getNormalizedName(crlIssuerName));
                                if (set4 != null) {
                                    hashSet.addAll(set4);
                                }
                            }
                        }
                    }
                }
            }
            if (this.alternativeOcspDPsFromCertID_ != null && (algorithmID = AlgorithmID.getAlgorithmID(SecurityProvider.ALG_DIGEST_SHA)) != null) {
                try {
                    Set<DistributionPoint> set5 = this.alternativeOcspDPsFromCertID_.get(new CertID(algorithmID, (Name) convertCertificate.getIssuerDN(), convertCertificate2.getPublicKey(), convertCertificate.getSerialNumber()));
                    if (set5 != null) {
                        hashSet.addAll(set5);
                    }
                } catch (Exception e) {
                    throw new StatusCheckingException("Error creating ocsp request", e, getClass().getName() + ":1");
                }
            }
        } catch (Exception e2) {
            log_.info(null, "Error getting alternative CRL distribution point for certificate \"" + x509Certificate.getSubjectDN().getName() + "\": " + e2.getMessage(), null);
        }
        return hashSet;
    }

    public void setAlternativeDPsFromCertHash(Map<String, Set<DistributionPoint>> map) {
        this.alternativeDPsFromCertHash_ = map;
    }

    public void setAlternativeDPsFromIssuerCertHash(Map<String, Set<DistributionPoint>> map) {
        this.alternativeDPsFromIssuerCertHash_ = map;
    }

    public void setAlternativeDPsFromIssuerName(Map<String, Set<DistributionPoint>> map) {
        this.alternativeDPsFromIssuerName_ = map;
    }

    public void setAlternativeOcspDPsFromCertID(Map<CertID, Set<DistributionPoint>> map) {
        this.alternativeOcspDPsFromCertID_ = map;
    }

    public void addOCSPDistributionPoint(iaik.x509.X509Certificate x509Certificate, String str) {
        A(x509Certificate, new OCSPDistributionPointImpl(str));
    }

    public void addCrlDistributionPoint(iaik.x509.X509Certificate x509Certificate, String str) {
        A(x509Certificate, new CRLDistributionPointImpl(-1, str, (Name) x509Certificate.getIssuerDN()));
    }

    private void A(iaik.x509.X509Certificate x509Certificate, DistributionPoint distributionPoint) {
        String fingerPrintSHA = CertUtil.getFingerPrintSHA(x509Certificate);
        if (this.alternativeDPsFromIssuerCertHash_ == null) {
            this.alternativeDPsFromIssuerCertHash_ = new HashMap();
        }
        Set<DistributionPoint> set = this.alternativeDPsFromIssuerCertHash_.get(fingerPrintSHA);
        if (set == null) {
            set = new HashSet();
            this.alternativeDPsFromIssuerCertHash_.put(fingerPrintSHA, set);
        }
        set.add(distributionPoint);
    }

    public void addOCSPDistributionPoint(Name name, String str) {
        A(name, new OCSPDistributionPointImpl(str));
    }

    public void addCrlDistributionPoint(Name name, String str) {
        A(name, new CRLDistributionPointImpl(-1, str, name));
    }

    private void A(Name name, DistributionPoint distributionPoint) {
        String name2;
        try {
            name2 = NameUtils.getNormalizedName(name);
        } catch (UtilsException e) {
            name2 = name.getName();
        }
        if (this.alternativeDPsFromIssuerName_ == null) {
            this.alternativeDPsFromIssuerName_ = new HashMap();
        }
        Set<DistributionPoint> set = this.alternativeDPsFromIssuerName_.get(name2);
        if (set == null) {
            set = new HashSet();
            this.alternativeDPsFromIssuerName_.put(name2, set);
        }
        set.add(distributionPoint);
    }

    public void resetAlternativeDistributionPoints() {
        this.alternativeDPsFromCertHash_ = null;
        this.alternativeDPsFromIssuerCertHash_ = null;
        this.alternativeDPsFromIssuerName_ = null;
        this.alternativeOcspDPsFromCertID_ = null;
    }

    @Override // iaik.pki.revocation.RevocationConfiguration
    public boolean archiveRevocationInfo(String str, String str2) {
        if (str == null) {
            throw new NullPointerException("Type must not be null.");
        }
        if (str2 == null) {
            throw new NullPointerException("URI must not be null.");
        }
        if (this.doArchiveAll_) {
            return true;
        }
        return this.revocationSources_.contains(new A(str, str2));
    }

    @Override // iaik.pki.revocation.RevocationConfiguration
    public Integer getCrlRetentionInterval(String str) {
        try {
            return this.crlRetentionIntervals_.get(NameUtils.getNormalizedName(str));
        } catch (UtilsException e) {
            return this.crlRetentionIntervals_.get(str);
        }
    }

    public void addCrlRetentionInterval(String str, Integer num, TransactionId transactionId) {
        String lowerCase;
        if (str == null) {
            throw new NullPointerException("Parameter \"issuerDN\" must not be null.");
        }
        if (num == null) {
            throw new NullPointerException("Parameter \"interval\" must not be null.");
        }
        try {
            lowerCase = NameUtils.getNormalizedName(str);
        } catch (UtilsException e) {
            log_.debug(transactionId, "Could not normalize issuer \"" + str + "\".", null);
            lowerCase = str.toLowerCase();
        }
        if (lowerCase != null) {
            this.crlRetentionIntervals_.put(lowerCase, num);
            log_.info(transactionId, "Setting crl retention interval for crl issuer \"" + lowerCase + "\" to " + num + " days.", null);
        }
    }

    public void addCrlRetentionInterval(Name name, Integer num, TransactionId transactionId) {
        String lowerCase;
        if (name == null) {
            throw new NullPointerException("Parameter \"issuerDN\" must not be null.");
        }
        if (num == null) {
            throw new NullPointerException("Parameter \"interval\" must not be null.");
        }
        try {
            lowerCase = NameUtils.getNormalizedName(name);
        } catch (UtilsException e) {
            log_.debug(transactionId, "Could not normalize issuer \"" + name.getName() + "\".", null);
            lowerCase = name.getName().toLowerCase();
        }
        if (lowerCase != null) {
            this.crlRetentionIntervals_.put(lowerCase, num);
            log_.info(transactionId, "Setting crl retention interval for crl issuer \"" + lowerCase + "\" to " + num + " days.", null);
        }
    }

    public void addCrlRetentionInterval(X509Certificate x509Certificate, Integer num, TransactionId transactionId) throws PKIException {
        try {
            CRLDistributionPoints cRLDistributionPoints = null;
            try {
                cRLDistributionPoints = (CRLDistributionPoints) Util.convertCertificate(x509Certificate).getExtension(CRLDistributionPoints.oid);
            } catch (X509ExtensionInitException e) {
            }
            boolean z = true;
            if (cRLDistributionPoints != null) {
                int i = 0;
                int i2 = 0;
                Enumeration distributionPoints = cRLDistributionPoints.getDistributionPoints();
                if (distributionPoints != null) {
                    while (distributionPoints.hasMoreElements()) {
                        i++;
                        Name crlIssuerName = ((iaik.asn1.structures.DistributionPoint) distributionPoints.nextElement()).getCrlIssuerName();
                        if (crlIssuerName != null) {
                            i2++;
                            String normalizedName = NameUtils.getNormalizedName(crlIssuerName);
                            log_.info(transactionId, "Setting crl retention interval for (indirect) crl issuer \"" + normalizedName + "\" to " + num + " days.", null);
                            this.crlRetentionIntervals_.put(normalizedName, num);
                        }
                    }
                }
                if (i2 > 0 && i == i2) {
                    z = false;
                }
            }
            if (z) {
                String normalizedName2 = NameUtils.getNormalizedName((Name) x509Certificate.getIssuerDN());
                log_.info(transactionId, "Setting crl retention interval for crl issuer \"" + normalizedName2 + "\" to " + num + " days.", null);
                this.crlRetentionIntervals_.put(normalizedName2, num);
            }
        } catch (Exception e2) {
            throw new PKIException("Could not add crl retention interval.", e2, getClass().getName() + ":2");
        }
    }

    public void setDoArchiveAll(boolean z) {
        this.doArchiveAll_ = z;
    }

    public void setArchiveRevocationInfo(String str, String str2) {
        this.revocationSources_.add(new A(str, str2));
    }

    @Override // iaik.pki.PKIConfiguration
    public int getConnectTimeout() {
        return this.connectTimeout_;
    }

    @Override // iaik.pki.PKIConfiguration
    public int getReadTimeout() {
        return this.readTimeout_;
    }

    public void setConnectTimeout(int i) {
        this.connectTimeout_ = i;
    }

    public void setReadTimeout(int i) {
        this.readTimeout_ = i;
    }

    @Override // iaik.pki.store.revocation.archive.ArchiveConfiguration
    public String getType() {
        return this.archiveType_;
    }

    @Override // iaik.pki.store.revocation.archive.ArchiveConfiguration
    public ArchiveParameters getArchiveParameters() {
        return this.archiveParameters_;
    }

    public void setArchive(String str, ArchiveParameters archiveParameters) {
        if (str == null) {
            throw new NullPointerException("Archiv type must not be null.");
        }
        if (archiveParameters == null) {
            throw new NullPointerException("Archiv parameters must not be null.");
        }
        this.archiveType_ = str;
        this.archiveParameters_ = archiveParameters;
    }

    @Override // iaik.pki.pathvalidation.ValidationConfiguration
    public String getChainingMode(X509Certificate x509Certificate) {
        return this.chainingMode_;
    }

    public void setChainingMode(String str) {
        if (str == null) {
            throw new NullPointerException("Chaining mode must not be null.");
        }
        if (!ChainingModes.ALL.contains(str)) {
            throw new IllegalArgumentException("Unknown chaining mode.");
        }
        this.chainingMode_ = str;
    }

    @Override // iaik.pki.pathvalidation.ValidationConfiguration
    public AlgorithmParameterSpec getPublicKeyParamsAsSpec(X509Certificate x509Certificate) {
        return null;
    }

    @Override // iaik.pki.pathvalidation.ValidationConfiguration
    public X509Certificate getPublicKeyParamsAsCert(X509Certificate x509Certificate) {
        return null;
    }

    public void setKeepRevocationInfo(boolean z) {
        this.keepRevocationInfo_ = z;
    }

    @Override // iaik.pki.revocation.RevocationConfiguration
    public boolean getKeepRevocationInfo() {
        return this.keepRevocationInfo_;
    }

    public void addPositiveOCSPResponder(String str) {
        if (this.positiveOCSPResponders_ == null) {
            this.positiveOCSPResponders_ = Collections.synchronizedSet(new HashSet());
        }
        this.positiveOCSPResponders_.add(str);
    }

    public void addPositiveOCSPResponder(X509Certificate x509Certificate, TransactionId transactionId) throws PKIException {
        if (this.positiveOCSPResponders_ == null) {
            this.positiveOCSPResponders_ = Collections.synchronizedSet(new HashSet());
        }
        try {
            AuthorityInfoAccess authorityInfoAccess = (AuthorityInfoAccess) Util.convertCertificate(x509Certificate).getExtension(AuthorityInfoAccess.oid);
            if (authorityInfoAccess != null) {
                Enumeration accessDescriptions = authorityInfoAccess.getAccessDescriptions();
                while (accessDescriptions.hasMoreElements()) {
                    AccessDescription accessDescription = (AccessDescription) accessDescriptions.nextElement();
                    if (accessDescription.getAccessMethod().equals(ObjectID.ocsp)) {
                        GeneralName accessLocation = accessDescription.getAccessLocation();
                        if (accessLocation.getType() == 6) {
                            String str = (String) accessLocation.getName();
                            this.positiveOCSPResponders_.add(str);
                            if (log_.isDebugEnabled()) {
                                log_.debug(transactionId, "Added positive OCSP responder:  " + str, null);
                            }
                        }
                    }
                }
            }
        } catch (Exception e) {
            throw new PKIException("Could not get OCSP responder url from certificate: " + e.getMessage(), null, null);
        }
    }

    @Override // iaik.pki.revocation.RevocationConfiguration
    public Set<String> getPositiveOCSPResponders() {
        return this.positiveOCSPResponders_;
    }

    @Override // iaik.pki.revocation.RevocationConfiguration
    public boolean skipIndirectCRLCheckForAlternativeDistributionPoints() {
        return this.A;
    }

    @Override // iaik.pki.revocation.RevocationConfiguration
    public DBCrlConfig getDataBaseCRLConfig() {
        return null;
    }
}
