package iaik.pki;

import iaik.logging.Log;
import iaik.logging.LogFactory;
import iaik.logging.TransactionId;
import iaik.pki.store.certinfo.CertInfoStore;
import iaik.pki.store.certstore.CertStore;
import iaik.pki.store.certstore.CertStoreException;
import iaik.pki.store.certstore.selector.CertSelector;
import iaik.pki.store.certstore.selector.X509CertSelector;
import iaik.pki.store.certstore.selector.email.EmailCertSelectorFactory;
import iaik.pki.store.certstore.selector.is.IssuerSerialCertSelectorFactory;
import iaik.pki.store.certstore.selector.kv.KeyValueCertSelectorFactory;
import iaik.pki.store.certstore.selector.sdn.SubjectDNCertSelectorFactory;
import iaik.pki.store.certstore.selector.ski.SubjectKeyIdentifierCertSelectorFactory;
import iaik.pki.utils.Constants;
import iaik.x509.X509Certificate;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;

/* loaded from: input_file:BKULocal.war:WEB-INF/lib/iaik_pki-2.00-MOA-MOCCA.jar:iaik/pki/CertificateFinder.class */
public class CertificateFinder {
    protected static Log log_ = LogFactory.getLog(Constants.MODULE_NAME);
    protected CertInfoStore certInfoStore_;

    private CertificateFinder() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CertificateFinder(CertInfoStore certInfoStore) {
        this.certInfoStore_ = certInfoStore;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:16:0x0121. Please report as an issue. */
    public X509Certificate[] getCertificates(CertSelector certSelector, TransactionId transactionId) throws CertStoreException {
        boolean z;
        if (certSelector == null) {
            throw new NullPointerException("Argument \"certSelector\" must not be null.");
        }
        HashSet<X509Certificate> hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        Collection<CertStore> certStores = this.certInfoStore_.getCertStores(transactionId);
        if (certSelector instanceof X509CertSelector) {
            X509CertSelector x509CertSelector = (X509CertSelector) certSelector;
            if (x509CertSelector.getSubjectDN() != null) {
                z = false;
            } else if (x509CertSelector.getNormalizedIssuer() != null && x509CertSelector.getSerialNumber() != null) {
                z = true;
            } else if (x509CertSelector.getEmailAddress() != null) {
                z = 2;
            } else if (x509CertSelector.getSubjectKeyIdentifier() != null) {
                z = 3;
            } else {
                if (x509CertSelector.getPublicKey() == null) {
                    if (x509CertSelector.getNormalizedIssuer() != null) {
                        throw new CertStoreException("Pure issuer search is not supported.", null, getClass().getName() + ":1");
                    }
                    if (x509CertSelector.getSerialNumber() != null) {
                        throw new CertStoreException("Pure serial number search is not supported.", null, getClass().getName() + ":2");
                    }
                    log_.info(transactionId, "Cert selector does not specify any search criteria.", null);
                    return new X509Certificate[0];
                }
                z = 4;
            }
            for (CertStore certStore : certStores) {
                try {
                    String type = certStore.getParameters().getType();
                    CertSelector certSelector2 = null;
                    switch (z) {
                        case false:
                            certSelector2 = SubjectDNCertSelectorFactory.createCertSelector(x509CertSelector.getSubjectDN(), type);
                            break;
                        case true:
                            certSelector2 = IssuerSerialCertSelectorFactory.createCertSelector(x509CertSelector.getNormalizedIssuer(), true, x509CertSelector.getSerialNumber(), type);
                            break;
                        case true:
                            certSelector2 = EmailCertSelectorFactory.createCertSelector(x509CertSelector.getEmailAddress(), type);
                            break;
                        case true:
                            certSelector2 = SubjectKeyIdentifierCertSelectorFactory.createCertSelector(x509CertSelector.getSubjectKeyIdentifier(), type);
                            break;
                        case true:
                            certSelector2 = KeyValueCertSelectorFactory.createCertSelector(x509CertSelector.getPublicKey(), type);
                            break;
                    }
                    for (X509Certificate x509Certificate : certStore.getCertificates(certSelector2, transactionId)) {
                        hashSet.add(x509Certificate);
                    }
                } catch (CertStoreException e) {
                    if (log_ != null) {
                        log_.debug(transactionId, "Error accessing certstore: " + e.getMessage(), null);
                    }
                }
            }
            for (X509Certificate x509Certificate2 : hashSet) {
                try {
                    if (x509CertSelector.matches(x509Certificate2, transactionId)) {
                        hashSet2.add(x509Certificate2);
                    }
                } catch (CertStoreException e2) {
                    log_.debug(transactionId, "Could not check if certificate (subjectDN: " + x509Certificate2.getSubjectDN() + ", serial number: " + x509Certificate2.getSerialNumber() + ") matches certificate selector: " + e2.getMessage(), null);
                }
            }
        } else {
            Iterator<CertStore> it = certStores.iterator();
            while (it.hasNext()) {
                try {
                    for (X509Certificate x509Certificate3 : it.next().getCertificates(certSelector, transactionId)) {
                        hashSet2.add(x509Certificate3);
                    }
                } catch (CertStoreException e3) {
                    if (log_ != null) {
                        log_.debug(transactionId, "Error accessing certstore: " + e3.getMessage(), null);
                    }
                }
            }
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[hashSet2.size()];
        log_.debug(transactionId, "Found " + x509CertificateArr.length + " certificates.", null);
        return (X509Certificate[]) hashSet2.toArray(x509CertificateArr);
    }
}
