package com.ibm.security.cert;

import com.ibm.misc.Debug;
import com.ibm.misc.HexDumpEncoder;
import com.ibm.security.util.Cache;
import com.ibm.security.x509.X500Name;
import com.ibm.security.x509.X509CRLImpl;
import com.ibm.security.x509.X509CertImpl;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.AccessController;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction;
import java.security.cert.CRLException;
import java.security.cert.CRLSelector;
import java.security.cert.CertSelector;
import java.security.cert.CertStoreException;
import java.security.cert.CertStoreParameters;
import java.security.cert.CertStoreSpi;
import java.security.cert.CertificateException;
import java.security.cert.LDAPCertStoreParameters;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.naming.CommunicationException;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.security.auth.x500.X500Principal;
import org.eclipse.core.internal.boot.PlatformURLHandler;

/* loaded from: input_file:wasJars/ibmcertpathprovider.jar:com/ibm/security/cert/LDAPCertStoreImpl.class */
public class LDAPCertStoreImpl extends CertStoreSpi {
    private static final String USER_CERT = "userCertificate";
    private static final String CA_CERT = "cACertificate";
    private static final String CROSS_CERT = "crossCertificatePair";
    private static final String CRL = "certificateRevocationList";
    private static final String ARL = "authorityRevocationList";
    private static final String DELTA_CRL = "deltaRevocationList";
    private static final String USER_CERT_BIN = "userCertificate;binary";
    private static final String CA_CERT_BIN = "cACertificate;binary";
    private static final String CROSS_CERT_BIN = "crossCertificatePair;binary";
    private static final String CRL_BIN = "certificateRevocationList;binary";
    private static final String ARL_BIN = "authorityRevocationList;binary";
    private static final String DELTA_CRL_BIN = "deltaRevocationList;binary";
    private static final Attributes EMPTY_ATTRIBUTES = new BasicAttributes();
    private static final byte[][] EMPTY_VALUES = new byte[0];
    private static final int DEFAULT_CACHE_SIZE = 3000;
    private static final int DEFAULT_CACHE_LIFETIME = 86400;
    private static int LIFETIME;
    private static final String PROP_LIFETIME = "ibm.security.certpath.ldap.cache.lifetime";
    private DirContext ctx;
    private static final int MAXIMUM_CONSECUTIVE_FAILED_GETATTRIBUTE_ATTEMPTS = 2;
    private int consecutiveFailedGetAttributeAttemptsCounter;
    LDAPCertStoreParameters savedLDAPCertStoreParameters;
    private boolean prefetchCRLs;
    private final MemoryCache valueCache;
    private static final Debug debug;
    private static final Cache certStoreCache;

    /* loaded from: input_file:wasJars/ibmcertpathprovider.jar:com/ibm/security/cert/LDAPCertStoreImpl$IBMLDAPCertStoreParameters.class */
    static class IBMLDAPCertStoreParameters extends LDAPCertStoreParameters {
        private volatile int hashCode;

        IBMLDAPCertStoreParameters(String str, int i) {
            super(str, i);
            this.hashCode = 0;
        }

        IBMLDAPCertStoreParameters(String str) {
            super(str);
            this.hashCode = 0;
        }

        IBMLDAPCertStoreParameters() {
            this.hashCode = 0;
        }

        public boolean equals(Object obj) {
            if (!(obj instanceof LDAPCertStoreParameters)) {
                return false;
            }
            LDAPCertStoreParameters lDAPCertStoreParameters = (LDAPCertStoreParameters) obj;
            return getPort() == lDAPCertStoreParameters.getPort() && getServerName().equalsIgnoreCase(lDAPCertStoreParameters.getServerName());
        }

        public int hashCode() {
            if (this.hashCode == 0) {
                this.hashCode = (37 * ((37 * 17) + getPort())) + getServerName().toLowerCase().hashCode();
            }
            return this.hashCode;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:wasJars/ibmcertpathprovider.jar:com/ibm/security/cert/LDAPCertStoreImpl$LDAPRequest.class */
    public class LDAPRequest {
        private final String name;
        private Map valueMap;
        private final ArrayList requestedAttributes = new ArrayList(5);
        private Attributes attrs;

        LDAPRequest(String str) {
            this.name = str;
        }

        String getName() {
            return this.name;
        }

        void addRequestedAttribute(String str) {
            if (this.valueMap != null) {
                throw new IllegalStateException("Request already sent");
            }
            this.requestedAttributes.add(str);
        }

        /* JADX WARN: Multi-variable type inference failed */
        byte[][] getValues(String str) throws NamingException {
            String str2 = this.name + str;
            if (LDAPCertStoreImpl.debug != null) {
                System.out.println("CERTPATH:  LDAPRequest:  getValues():  METHOD ENTRY. ");
                System.out.println("CERTPATH:  LDAPRequest:  getValues():  The LDAP object associated with this LDAPRequest is:  " + this.name);
                System.out.println("                                       Seeking the value of the following attribute:         " + str);
            }
            byte[][] bArr = (byte[][]) LDAPCertStoreImpl.this.valueCache.get(str2);
            if (bArr != null) {
                if (LDAPCertStoreImpl.debug != null) {
                    System.out.println("CERTPATH:  LDAPRequest:  getValues():  Returning the value found for the requested attribute within the LDAPCertStore cache, key=" + str2);
                    System.out.println("CERTPATH:  LDAPRequest:  getValues():  METHOD EXIT. ");
                }
                return bArr;
            }
            if (this.valueMap != null) {
                bArr = (byte[][]) this.valueMap.get(str);
            } else {
                this.valueMap = new HashMap(5);
            }
            if (bArr != null) {
                if (LDAPCertStoreImpl.debug != null) {
                    System.out.println("CERTPATH:  LDAPRequest:  getValues():  Returning the value found for the requested attribute within the LDAPRequest cache, key=" + str);
                    System.out.println("CERTPATH:  LDAPRequest:  getValues():  METHOD EXIT. ");
                }
                return bArr;
            }
            if (LDAPCertStoreImpl.debug != null) {
                System.out.println("CERTPATH:  LDAPRequest:  getValues():  The requested attribute was not located within either cache.");
                System.out.println("                                       Issuing request to LDAP server to locate the object:  " + this.name);
                System.out.println("                                       All attributes within the list of requestedAttributes will also be requested.");
            }
            if (LDAPCertStoreImpl.debug != null) {
                System.out.println("CERTPATH:  LDAPRequest:  getValues():  The list of requestedAttributes is:");
            }
            Boolean bool = false;
            Iterator it = this.requestedAttributes.iterator();
            while (it.hasNext()) {
                String str3 = (String) it.next();
                if (str.equals(str3)) {
                    bool = true;
                }
                if (LDAPCertStoreImpl.debug != null) {
                    System.out.println(str3);
                }
            }
            if (!bool.booleanValue() && LDAPCertStoreImpl.debug != null) {
                System.out.println("CERTPATH:  LDAPRequest:  getValues():  ERROR.  Caller failed to add attrId to the list of requestedAttributes.");
            }
            if (this.attrs == null) {
                String[] strArr = new String[this.requestedAttributes.size()];
                this.requestedAttributes.toArray(strArr);
                boolean z = true;
                while (z) {
                    if (LDAPCertStoreImpl.debug != null) {
                        System.out.println("CERTPATH: LDAPCertStoreImpl.java:  getValues():  Entering getAttributes() retry loop");
                    }
                    try {
                        this.attrs = LDAPCertStoreImpl.this.ctx.getAttributes(this.name, strArr);
                        z = false;
                        LDAPCertStoreImpl.this.consecutiveFailedGetAttributeAttemptsCounter = 0;
                        if (LDAPCertStoreImpl.debug != null) {
                            System.out.println("CERTPATH: LDAPCertStoreImpl.java:  getValues():  The getAttributes() call succeeded.");
                            System.out.println("                                                 Setting consecutiveFailedGetAttributeAttemptsCounter = 0");
                            System.out.println("                                                 Setting communicationExceptionOccurred = false");
                        }
                    } catch (CommunicationException e) {
                        if (LDAPCertStoreImpl.debug != null) {
                            System.out.println("CERTPATH: LDAPCertStoreImpl.java:  getValues():  The getAttributes() call failed with the following CommunicationException.");
                            System.out.println("          This may be due to the LDAP server dropping the connection due to inactivity.");
                            System.out.println(e.toString());
                            e.printStackTrace();
                        }
                        z = true;
                        LDAPCertStoreImpl.access$308(LDAPCertStoreImpl.this);
                        if (LDAPCertStoreImpl.debug != null) {
                            System.out.println("CERTPATH: LDAPCertStoreImpl.java:  getValues():  Setting consecutiveFailedGetAttributeAttemptsCounter = " + LDAPCertStoreImpl.this.consecutiveFailedGetAttributeAttemptsCounter);
                            System.out.println("CERTPATH: LDAPCertStoreImpl.java:  getValues():  Setting communicationExceptionOccurred = true");
                        }
                        if (LDAPCertStoreImpl.this.consecutiveFailedGetAttributeAttemptsCounter >= 2) {
                            if (LDAPCertStoreImpl.debug != null) {
                                System.out.println("CERTPATH: LDAPCertStoreImpl.java:  getValues():  We have exceeded the MAXIMUM_CONSECUTIVE_FAILED_GETATTRIBUTE_ATTEMPTS!!");
                                System.out.println("                                                 Giving up and returning null attributes (same as original implementation)");
                            }
                            this.attrs = null;
                            return LDAPCertStoreImpl.EMPTY_VALUES;
                        }
                        if (LDAPCertStoreImpl.debug != null) {
                            System.out.println("CERTPATH: LDAPCertStoreImpl.java:  getValues():  We have not yet exceeded the MAXIMUM_CONSECUTIVE_FAILED_GETATTRIBUTE_ATTEMPTS ");
                        }
                        try {
                            if (LDAPCertStoreImpl.debug != null) {
                                System.out.println("CERTPATH: LDAPCertStoreImpl.java:  getValues():  Attempting to re-initialize this LDAPCertStore object (and the DirContext).");
                            }
                            LDAPCertStoreImpl.this.init(LDAPCertStoreImpl.this.savedLDAPCertStoreParameters);
                            if (LDAPCertStoreImpl.debug != null) {
                                System.out.println("CERTPATH: LDAPCertStoreImpl.java:  getValues():  Re-initialization succeeded following the CommunicationException");
                            }
                        } catch (Exception e2) {
                            if (LDAPCertStoreImpl.debug != null) {
                                System.out.println("CERTPATH: LDAPCertStoreImpl.java:  getValues():  Re-initialization failed.  The following exception was thrown:");
                                System.out.println(e2.toString());
                                e2.printStackTrace();
                            }
                        }
                    } catch (NamingException e3) {
                        if (LDAPCertStoreImpl.debug != null) {
                            System.out.println("CERTPATH:  LDAPRequest:  getValues():  The LDAP server request failed with a NamingException.");
                            System.out.println("CERTPATH:  LDAPRequest:  getValues():  Returning an empty value for the requested attribute: " + str);
                            System.out.println("CERTPATH:  LDAPRequest:  getValues():  METHOD EXIT. ");
                            e3.printStackTrace();
                        }
                        this.attrs = null;
                        return LDAPCertStoreImpl.EMPTY_VALUES;
                    }
                }
                if (LDAPCertStoreImpl.debug != null) {
                    System.out.println("CERTPATH: LDAPCertStoreImpl.java:  getValues():  Exiting getAttributes() retry loop");
                }
            }
            Iterator it2 = this.requestedAttributes.iterator();
            while (it2.hasNext()) {
                String str4 = (String) it2.next();
                Attribute attribute = this.attrs.get(str4);
                if (attribute != null) {
                    if (LDAPCertStoreImpl.debug != null) {
                        System.out.println("CERTPATH:  LDAPRequest:  getValues():  Successfully retrieved one of the requestedAttribute's with id " + str4);
                        System.out.println("                                       That attribute is: ");
                        System.out.println(attribute.toString());
                    }
                    byte[] bArr2 = new byte[attribute.size()];
                    for (int i = 0; i < attribute.size(); i++) {
                        Object obj = attribute.get(i);
                        if (obj instanceof byte[]) {
                            bArr2[i] = (byte[]) obj;
                            if (LDAPCertStoreImpl.debug != null) {
                                System.out.println("CERTPATH:  LDAPRequest:  getValues():  The retrieved requestedAttribute with id " + str4 + " has at least one value");
                            }
                        } else if (LDAPCertStoreImpl.debug != null) {
                            System.out.println("CERTPATH:  LDAPRequest:  getValues():  The retrieved requestedAttribute with id " + str4 + " has a non byte[] value");
                        }
                    }
                    this.valueMap.put(str4, bArr2);
                    LDAPCertStoreImpl.this.valueCache.put(this.name + str4, bArr2);
                    if (LDAPCertStoreImpl.debug != null) {
                        System.out.println("CERTPATH:  LDAPRequest:  getValues():  Store the retrieved requestedAttribute value into both caches.");
                        System.out.println("                                       Into the LDAPCertStore cache using the key:  " + this.name + str4);
                        System.out.println("                                       Into the LDAPRequest   cache using the key:  " + str4);
                    }
                    if (str4.equals(str)) {
                        if (LDAPCertStoreImpl.debug != null) {
                            System.out.println("CERTPATH:  LDAPRequest:  getValues():  Returning the value found for the requested attribute on the LDAP server.  attrId = " + str);
                        }
                        bArr = bArr2;
                    }
                } else {
                    this.valueMap.put(str4, LDAPCertStoreImpl.EMPTY_VALUES);
                    LDAPCertStoreImpl.this.valueCache.put(this.name + str4, LDAPCertStoreImpl.EMPTY_VALUES);
                    if (LDAPCertStoreImpl.debug != null) {
                        System.out.println("CERTPATH:  LDAPRequest:  getValues():  Store an empty attribute value into both caches for the non-found attribute.");
                        System.out.println("                                       Into the LDAPCertStore cache using the key:  " + this.name + str4);
                        System.out.println("                                       Into the LDAPRequest   cache using the key:  " + str4);
                    }
                }
            }
            if (bArr != null) {
                if (LDAPCertStoreImpl.debug != null) {
                    System.out.println("CERTPATH:  LDAPRequest:  getValues():  METHOD EXIT");
                }
                return bArr;
            }
            if (LDAPCertStoreImpl.debug != null) {
                System.out.println("CERTPATH:  LDAPRequest:  getValues():  Returning an empty value for the requested attribute: " + str);
                System.out.println("CERTPATH:  LDAPRequest:  getValues():  METHOD EXIT");
            }
            return LDAPCertStoreImpl.EMPTY_VALUES;
        }
    }

    public LDAPCertStoreImpl(CertStoreParameters certStoreParameters) throws InvalidAlgorithmParameterException {
        super(certStoreParameters);
        this.consecutiveFailedGetAttributeAttemptsCounter = 0;
        this.savedLDAPCertStoreParameters = null;
        this.prefetchCRLs = false;
        if (!(certStoreParameters instanceof LDAPCertStoreParameters)) {
            throw new InvalidAlgorithmParameterException("parameters must be LDAPCertStoreParameters");
        }
        init((LDAPCertStoreParameters) certStoreParameters);
        if (LIFETIME <= 0) {
            this.valueCache = new MemoryCache(DEFAULT_CACHE_SIZE, 0);
        } else {
            this.valueCache = new MemoryCache(DEFAULT_CACHE_SIZE, LIFETIME);
        }
    }

    public void init(LDAPCertStoreParameters lDAPCertStoreParameters) throws InvalidAlgorithmParameterException {
        Properties properties = new Properties();
        String str = new String("ldap://");
        this.savedLDAPCertStoreParameters = lDAPCertStoreParameters;
        if (debug != null) {
            System.out.println("CERTPATH: LDAPCertStoreImpl.java:  init():  Saving the LDAPCertStoreParameters used to initialize.");
            System.out.println("                                            consecutiveFailedGetAttributeAttemptsCounter     = " + this.consecutiveFailedGetAttributeAttemptsCounter);
            System.out.println("                                            MAXIMUM_CONSECUTIVE_FAILED_GETATTRIBUTE_ATTEMPTS = 2");
        }
        try {
            properties.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
            properties.put("java.naming.factory.url.pkgs", "com.sun.jndi.ldap");
            if (!(lDAPCertStoreParameters instanceof LDAPCertStoreParameters)) {
                throw new InvalidAlgorithmParameterException();
            }
            String serverName = lDAPCertStoreParameters.getServerName();
            int port = lDAPCertStoreParameters.getPort();
            if (serverName == null || port < 0) {
                throw new InvalidAlgorithmParameterException();
            }
            properties.put("java.naming.provider.url", str + serverName + PlatformURLHandler.PROTOCOL_SEPARATOR + port);
            this.ctx = new InitialDirContext(properties);
        } catch (NamingException e) {
            InvalidAlgorithmParameterException invalidAlgorithmParameterException = new InvalidAlgorithmParameterException(e.getMessage());
            invalidAlgorithmParameterException.initCause(e);
            throw invalidAlgorithmParameterException;
        } catch (InvalidAlgorithmParameterException e2) {
            InvalidAlgorithmParameterException invalidAlgorithmParameterException2 = new InvalidAlgorithmParameterException(e2.getMessage());
            invalidAlgorithmParameterException2.initCause(e2);
            throw invalidAlgorithmParameterException2;
        }
    }

    private Collection getCertificates(LDAPRequest lDAPRequest, String str, CertSelector certSelector) throws CertStoreException {
        try {
            byte[][] values = lDAPRequest.getValues(str);
            int length = values.length;
            if (length == 0) {
                return Collections.EMPTY_LIST;
            }
            ArrayList arrayList = new ArrayList(length);
            for (int i = 0; i < length; i++) {
                try {
                    X509CertImpl x509CertImpl = new X509CertImpl(new ByteArrayInputStream(values[i]));
                    if (certSelector.match(x509CertImpl)) {
                        if (debug != null) {
                            System.out.println("CERTPATH: found a matched cert");
                        }
                        arrayList.add(x509CertImpl);
                    }
                } catch (CertificateException e) {
                    if (debug != null) {
                        System.out.println("CERTPATH: receive bad cert data ");
                        System.out.println("[ " + new HexDumpEncoder().encodeBuffer(values[i]) + " ]");
                    }
                }
            }
            return arrayList;
        } catch (NamingException e2) {
            throw new CertStoreException((Throwable) e2);
        }
    }

    private Collection getCertPairs(LDAPRequest lDAPRequest, String str) throws CertStoreException {
        try {
            byte[][] values = lDAPRequest.getValues(str);
            int length = values.length;
            if (length == 0) {
                return Collections.EMPTY_LIST;
            }
            ArrayList arrayList = new ArrayList(length);
            for (int i = 0; i < length; i++) {
                try {
                    arrayList.add(new X509CertificatePair(values[i]));
                } catch (CertificateException e) {
                    if (debug != null) {
                        System.out.println("CERTPATH: receive bad certificate pair data ");
                        System.out.println("[ " + new HexDumpEncoder().encodeBuffer(values[i]) + " ]");
                    }
                }
            }
            return arrayList;
        } catch (NamingException e2) {
            throw new CertStoreException((Throwable) e2);
        }
    }

    private Collection getMatchingCrossCerts(LDAPRequest lDAPRequest, CertSelector certSelector, CertSelector certSelector2) throws CertStoreException {
        X509Certificate reverse;
        X509Certificate forward;
        Collection<X509CertificatePair> certPairs = getCertPairs(lDAPRequest, CROSS_CERT);
        ArrayList arrayList = new ArrayList();
        for (X509CertificatePair x509CertificatePair : certPairs) {
            if (certSelector != null && (forward = x509CertificatePair.getForward()) != null && certSelector.match(forward)) {
                arrayList.add(forward);
            }
            if (certSelector2 != null && (reverse = x509CertificatePair.getReverse()) != null && certSelector2.match(reverse)) {
                arrayList.add(reverse);
            }
        }
        return arrayList;
    }

    @Override // java.security.cert.CertStoreSpi
    public synchronized Collection engineGetCertificates(CertSelector certSelector) throws CertStoreException {
        if (certSelector == null) {
            new X509CertSelector();
        }
        if (!(certSelector instanceof X509CertSelector)) {
            throw new CertStoreException("LDAPCertStore needs an X509CertSelector to find certs");
        }
        X509CertSelector x509CertSelector = (X509CertSelector) certSelector;
        HashSet hashSet = new HashSet();
        X500Principal subject = x509CertSelector.getSubject();
        X500Principal issuer = x509CertSelector.getIssuer();
        String str = null;
        if (subject != null) {
            str = removeOIDStringsFromDN(subject.getName("RFC1779"));
        }
        String str2 = null;
        if (issuer != null) {
            str2 = removeOIDStringsFromDN(issuer.getName("RFC1779"));
        }
        int basicConstraints = x509CertSelector.getBasicConstraints();
        if (str != null) {
            LDAPRequest lDAPRequest = new LDAPRequest(str);
            if (basicConstraints > -2) {
                lDAPRequest.addRequestedAttribute(CROSS_CERT);
                lDAPRequest.addRequestedAttribute(CROSS_CERT_BIN);
                lDAPRequest.addRequestedAttribute(CA_CERT);
                lDAPRequest.addRequestedAttribute(CA_CERT_BIN);
                lDAPRequest.addRequestedAttribute(ARL);
                lDAPRequest.addRequestedAttribute(ARL_BIN);
                if (this.prefetchCRLs) {
                    lDAPRequest.addRequestedAttribute(CRL);
                    lDAPRequest.addRequestedAttribute(CRL_BIN);
                }
            }
            if (basicConstraints < 0) {
                lDAPRequest.addRequestedAttribute(USER_CERT);
                lDAPRequest.addRequestedAttribute(USER_CERT_BIN);
            }
            if (basicConstraints > -2) {
                hashSet.addAll(getMatchingCrossCerts(lDAPRequest, x509CertSelector, null));
                hashSet.addAll(getCertificates(lDAPRequest, CA_CERT, x509CertSelector));
                hashSet.addAll(getCertificates(lDAPRequest, CA_CERT_BIN, x509CertSelector));
            }
            if (basicConstraints < 0) {
                hashSet.addAll(getCertificates(lDAPRequest, USER_CERT, x509CertSelector));
                hashSet.addAll(getCertificates(lDAPRequest, USER_CERT_BIN, x509CertSelector));
            }
        } else {
            if (debug != null) {
                System.out.println("CERTPATH: LDAP type certstore, subject is null");
            }
            if (basicConstraints == -2) {
                throw new CertStoreException("need subject to find EE certs");
            }
            if (str2 == null) {
                throw new CertStoreException("need subject or issuer to find certs");
            }
        }
        if (str2 != null && basicConstraints > -2) {
            LDAPRequest lDAPRequest2 = new LDAPRequest(str2);
            lDAPRequest2.addRequestedAttribute(CROSS_CERT);
            lDAPRequest2.addRequestedAttribute(CROSS_CERT_BIN);
            lDAPRequest2.addRequestedAttribute(CA_CERT);
            lDAPRequest2.addRequestedAttribute(CA_CERT_BIN);
            lDAPRequest2.addRequestedAttribute(ARL);
            lDAPRequest2.addRequestedAttribute(ARL_BIN);
            if (this.prefetchCRLs) {
                lDAPRequest2.addRequestedAttribute(CRL);
                lDAPRequest2.addRequestedAttribute(CRL_BIN);
            }
            hashSet.addAll(getMatchingCrossCerts(lDAPRequest2, null, x509CertSelector));
            hashSet.addAll(getCertificates(lDAPRequest2, CA_CERT, x509CertSelector));
            hashSet.addAll(getCertificates(lDAPRequest2, CA_CERT_BIN, x509CertSelector));
        }
        if (debug != null) {
            System.out.println("CERTPATH: LDAP type certstore returning certs size=" + hashSet.size());
        }
        return hashSet;
    }

    private Collection getCRLs(LDAPRequest lDAPRequest, String str, CRLSelector cRLSelector) throws CertStoreException {
        try {
            byte[][] values = lDAPRequest.getValues(str);
            int length = values.length;
            if (length == 0) {
                return Collections.EMPTY_LIST;
            }
            ArrayList arrayList = new ArrayList(length);
            for (int i = 0; i < length; i++) {
                try {
                    X509CRLImpl x509CRLImpl = new X509CRLImpl(new ByteArrayInputStream(values[i]));
                    if (cRLSelector.match(x509CRLImpl)) {
                        arrayList.add(x509CRLImpl);
                    }
                } catch (CRLException e) {
                    if (debug != null) {
                        System.out.println("CERTPATH: receive bad CRL data ");
                        System.out.println("[ " + new HexDumpEncoder().encodeBuffer(values[i]) + " ]");
                    }
                }
            }
            return arrayList;
        } catch (NamingException e2) {
            throw new CertStoreException((Throwable) e2);
        }
    }

    @Override // java.security.cert.CertStoreSpi
    public synchronized Collection engineGetCRLs(CRLSelector cRLSelector) throws CertStoreException {
        String str;
        if (debug != null) {
            System.out.println("CERTPATH: selector used to retrieve CRLs from LDAP CertStore: " + cRLSelector);
        }
        if (cRLSelector == null) {
            cRLSelector = new X509CRLSelector();
        }
        if (!(cRLSelector instanceof X509CRLSelector)) {
            throw new CertStoreException("need X509CRLSelector to find CRLs");
        }
        X509CRLSelector x509CRLSelector = (X509CRLSelector) cRLSelector;
        HashSet hashSet = new HashSet();
        Collection<Object> hashSet2 = new HashSet();
        X509Certificate certificateChecking = x509CRLSelector.getCertificateChecking();
        if (certificateChecking == null) {
            hashSet2 = x509CRLSelector.getIssuerNames();
            if (hashSet2 == null) {
                throw new CertStoreException("need issuerNames or certChecking to find CRLs");
            }
        } else if (certificateChecking instanceof X509CertImpl) {
            hashSet2.add(certificateChecking.getIssuerDN().getName());
        } else {
            hashSet2.add(certificateChecking.getIssuerX500Principal().getName("RFC2253"));
        }
        for (Object obj : hashSet2) {
            if (obj instanceof byte[]) {
                try {
                    str = new X500Name((byte[]) obj).getName();
                } catch (IOException e) {
                    if (debug != null) {
                        System.out.println("CERTPATH: non fatal error happens while getting CRLs from LDAP CertStore " + e);
                    }
                }
            } else {
                str = (String) obj;
            }
            List list = Collections.EMPTY_LIST;
            boolean z = true;
            if (certificateChecking == null || certificateChecking.getBasicConstraints() != -1) {
                LDAPRequest lDAPRequest = new LDAPRequest(str);
                lDAPRequest.addRequestedAttribute(CROSS_CERT);
                lDAPRequest.addRequestedAttribute(CROSS_CERT_BIN);
                lDAPRequest.addRequestedAttribute(CA_CERT);
                lDAPRequest.addRequestedAttribute(CA_CERT_BIN);
                lDAPRequest.addRequestedAttribute(ARL);
                lDAPRequest.addRequestedAttribute(ARL_BIN);
                if (this.prefetchCRLs) {
                    lDAPRequest.addRequestedAttribute(CRL);
                    lDAPRequest.addRequestedAttribute(CRL_BIN);
                }
                try {
                    Collection cRLs = getCRLs(lDAPRequest, ARL, x509CRLSelector);
                    if (!cRLs.isEmpty()) {
                        hashSet.addAll(cRLs);
                        z = false;
                    }
                    Collection cRLs2 = getCRLs(lDAPRequest, ARL_BIN, x509CRLSelector);
                    if (!cRLs2.isEmpty()) {
                        hashSet.addAll(cRLs2);
                        z = false;
                    }
                    if (z) {
                        this.prefetchCRLs = true;
                    }
                } catch (CertStoreException e2) {
                    if (debug != null) {
                        System.out.println("CERTPATH: error getting CRLs from LDAP CertStore " + e2);
                        e2.printStackTrace();
                    }
                }
            }
            if (z || certificateChecking == null) {
                LDAPRequest lDAPRequest2 = new LDAPRequest(str);
                lDAPRequest2.addRequestedAttribute(CRL);
                lDAPRequest2.addRequestedAttribute(CRL_BIN);
                lDAPRequest2.addRequestedAttribute(ARL);
                lDAPRequest2.addRequestedAttribute(ARL_BIN);
                hashSet.addAll(getCRLs(lDAPRequest2, CRL, x509CRLSelector));
                hashSet.addAll(getCRLs(lDAPRequest2, CRL_BIN, x509CRLSelector));
            }
        }
        return hashSet;
    }

    private String removeOIDStringsFromDN(String str) {
        if (str.length() == 0) {
            return str;
        }
        while (str.length() != 0 && str.charAt(0) == ' ') {
            str = str.substring(1);
        }
        if (str.length() == 0) {
            return str;
        }
        if (str.indexOf("OID.") == 0) {
            str = str.substring(4);
        }
        int i = 0;
        while (true) {
            int indexOf = str.indexOf("OID.", i + 1);
            i = indexOf;
            if (indexOf == -1) {
                return str;
            }
            int i2 = i - 1;
            while (str.charAt(i2) == ' ') {
                i2--;
            }
            if (str.charAt(i2) == ',') {
                StringBuffer stringBuffer = new StringBuffer(str);
                stringBuffer.delete(i, i + 4);
                str = new String(stringBuffer);
            }
        }
    }

    static synchronized LDAPCertStoreImpl getInstance(LDAPCertStoreParameters lDAPCertStoreParameters) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        if (debug != null) {
            System.out.println("LDAPCertStoreImpl.java:  getInstance():  Seeking an LDAPCertStoreImpl that matches the following CertStoreParameters:");
            System.out.println(lDAPCertStoreParameters);
        }
        LDAPCertStoreImpl lDAPCertStoreImpl = (LDAPCertStoreImpl) certStoreCache.get(lDAPCertStoreParameters);
        if (lDAPCertStoreImpl == null) {
            if (debug != null) {
                System.out.println("LDAPCertStoreImpl.getInstance: cache miss");
            }
            lDAPCertStoreImpl = new LDAPCertStoreImpl(lDAPCertStoreParameters);
            if (lDAPCertStoreImpl != null) {
                certStoreCache.put(lDAPCertStoreParameters, lDAPCertStoreImpl);
            } else if (debug != null) {
                System.out.println("LDAPCertStoreImpl.getInstance:  Failed to create an LDAPCertStoreImpl object for these CertStoreParameters.");
                System.out.println("                                The LDAPCertStoreImpl constructor will throw a InvalidAlgorithmParameterException if invalid parms are supplied.");
            }
        } else if (debug != null) {
            System.out.println("LDAPCertStoreImpl.getInstance: cache hit");
        }
        return lDAPCertStoreImpl;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static LDAPCertStoreParameters getParameters(String str, int i) {
        return str == null ? new IBMLDAPCertStoreParameters() : i < 0 ? new IBMLDAPCertStoreParameters(str) : new IBMLDAPCertStoreParameters(str, i);
    }

    static /* synthetic */ int access$308(LDAPCertStoreImpl lDAPCertStoreImpl) {
        int i = lDAPCertStoreImpl.consecutiveFailedGetAttributeAttemptsCounter;
        lDAPCertStoreImpl.consecutiveFailedGetAttributeAttemptsCounter = i + 1;
        return i;
    }

    /* JADX WARN: Type inference failed for: r0v2, types: [byte[], byte[][]] */
    static {
        String str = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.security.cert.LDAPCertStoreImpl.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                return System.getProperty(LDAPCertStoreImpl.PROP_LIFETIME);
            }
        });
        if (str != null) {
            try {
                LIFETIME = Integer.parseInt(str);
            } catch (NumberFormatException e) {
                LIFETIME = DEFAULT_CACHE_LIFETIME;
            }
        } else {
            LIFETIME = DEFAULT_CACHE_LIFETIME;
        }
        debug = Debug.getInstance("certpath");
        certStoreCache = Cache.newSoftMemoryCache(185);
    }
}
