package com.ibm.bcg.util;

import com.ibm.bcg.server.BusinessDocument;
import com.ibm.bcg.server.VMSLog;
import com.ibm.bcg.server.event.EventTextId;
import com.ibm.bcg.server.util.EventUtil;
import com.ibm.bcg.server.util.RouterProperty;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import org.apache.log4j.Category;

/* loaded from: input_file:com/ibm/bcg/util/CertPathUtil.class */
public class CertPathUtil {
    public static final String copyright = "Licensed Material - Property of IBM , 5724-E75,5724-E87,5724-L68,5724-L69.  (C) Copyright IBM Corp. 2001,2004 - All Rights Reserved. The source code for this program is not published or otherwisedivested of its trade secrets, irrespective of what has beendeposited with the U.S. Copyright Office. ";
    private static Map certPathEntries = new HashMap();
    private static final Category m_logger;
    private static final VMSLog vmsLog;
    static Class class$com$ibm$bcg$util$CertPathUtil;

    private static boolean checkDateValidity(X509Certificate x509Certificate, boolean z) throws BcgException {
        boolean z2 = false;
        try {
            x509Certificate.checkValidity();
            z2 = true;
        } catch (CertificateExpiredException e) {
            error("Got CertificateExpiredException ", e);
            try {
                logEvent(EventTextId.EVENT_CERT_EXPIRED, "3", new StringBuffer().append(x509Certificate.getSerialNumber().toString(16).toUpperCase()).append(EventUtil.PIPE_STR).append(x509Certificate.getSubjectDN().getName()).append(EventUtil.PIPE_STR).append(x509Certificate.getIssuerDN().getName()).toString(), e);
                if (z) {
                    WBICSecurityManager.getInstance().certificateExpired(x509Certificate);
                }
            } catch (BcgException e2) {
                error("Error while resetting the database", e2);
                throw e2;
            }
        } catch (CertificateNotYetValidException e3) {
            error("Got CertificateNotYetValidException ", e3);
            String stringBuffer = new StringBuffer().append(x509Certificate.getSerialNumber().toString(16).toUpperCase()).append(EventUtil.PIPE_STR).append(x509Certificate.getSubjectDN().getName()).append(EventUtil.PIPE_STR).append(x509Certificate.getIssuerDN().getName()).toString();
            logEvent(EventTextId.EVENT_CERT_NOT_YET_VALID, "3", stringBuffer, e3);
            throw new BcgException("Certificate Not Yet Valid ", stringBuffer, EventTextId.EVENT_CERT_NOT_YET_VALID, null, e3);
        }
        return z2;
    }

    private static void logEvent(String str, String str2, String str3, Throwable th) {
        Class cls;
        if (class$com$ibm$bcg$util$CertPathUtil == null) {
            cls = class$("com.ibm.bcg.util.CertPathUtil");
            class$com$ibm$bcg$util$CertPathUtil = cls;
        } else {
            cls = class$com$ibm$bcg$util$CertPathUtil;
        }
        vmsLog.log(Util.logWarning((BusinessDocument) null, str, cls.getName(), str3, str2, th));
    }

    public static boolean validateCertPathWithReset(Certificate certificate, boolean z) throws BcgException {
        PKIXCertPathBuilderResult pKIXCertPathBuilderResult = null;
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (!checkDateValidity(x509Certificate, z)) {
            return false;
        }
        if (x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
            try {
                WBICCertificateUtilities.validateSignatureOfSelfSignedCertificate(x509Certificate);
                return true;
            } catch (Exception e) {
                logEvent("240421", "3", e.getMessage(), e);
                return false;
            }
        }
        try {
            PKIXCertPathBuilderResult buildCertPath = buildCertPath(certificate);
            String prop = RouterProperty.getInstance("bcg.properties").getProp("bcg.checkRevocationStatus");
            if ((prop == null || !prop.equalsIgnoreCase("true")) && prop != null && !prop.equals("")) {
                m_logger.warn("Revocation Check for Certificates is disabled.");
                return true;
            }
            if (buildCertPath == null) {
                throw new Exception("Could not build the certificate path.");
            }
            CertPath certPath = buildCertPath.getCertPath();
            new ArrayList();
            HashSet hashSet = new HashSet();
            hashSet.add(buildCertPath.getTrustAnchor());
            CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certPath.getCertificates()));
            new ArrayList().add(certStore);
            PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
            CertStore cRLCertStore = WBICSecurityManager.getInstance().getCRLCertStore();
            if (cRLCertStore != null) {
                pKIXParameters.addCertStore(cRLCertStore);
            }
            pKIXParameters.addCertStore(certStore);
            pKIXParameters.setRevocationEnabled(true);
            CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", "IBMCertPath");
            debug("\nVerifying the certification path ...");
            certPathValidator.validate(certPath, pKIXParameters);
            debug("\nSuccessfully validate this certification path.");
            return true;
        } catch (BcgException e2) {
            logEvent(EventTextId.EVENT_CERT_PATH_NOT_VALID, "3", new StringBuffer().append(x509Certificate.getSerialNumber().toString(16).toUpperCase()).append(EventUtil.PIPE_STR).append(x509Certificate.getSubjectDN().getName()).append(EventUtil.PIPE_STR).append(x509Certificate.getIssuerDN().getName()).append(EventUtil.PIPE_STR).append(e2.getMessage()).toString(), e2);
            debug(new StringBuffer().append("BcgException : ").append(e2.getMessage()).toString());
            e2.printStackTrace();
            throw e2;
        } catch (CertPathBuilderException e3) {
            debug(new StringBuffer().append("CertPathBuilderException Cause : ").append(e3.getCause()).toString());
            if (e3.getCause() != null) {
                debug(new StringBuffer().append("CertPathBuilderException Message : ").append(e3.getCause().getMessage()).toString());
            }
            logEvent(EventTextId.EVENT_CERT_PATH_NOT_BUILT, "3", new StringBuffer().append(x509Certificate.getSerialNumber().toString(16).toUpperCase()).append(EventUtil.PIPE_STR).append(x509Certificate.getSubjectDN().getName()).append(EventUtil.PIPE_STR).append(x509Certificate.getIssuerDN().getName()).append(EventUtil.PIPE_STR).append(e3.getMessage()).toString(), e3);
            e3.printStackTrace();
            throw new BcgException("Could not Build the path ", null, EventTextId.EVENT_CERT_PATH_NOT_BUILT, null, e3.getCause());
        } catch (CertPathValidatorException e4) {
            debug(new StringBuffer().append("CertPathValidatorException : ").append(e4.getMessage()).toString());
            logEvent(EventTextId.EVENT_CERT_PATH_NOT_VALID, "3", new StringBuffer().append(x509Certificate.getSerialNumber().toString(16).toUpperCase()).append(EventUtil.PIPE_STR).append(x509Certificate.getSubjectDN().getName()).append(EventUtil.PIPE_STR).append(x509Certificate.getIssuerDN().getName()).append(EventUtil.PIPE_STR).append(e4.getMessage()).toString(), e4);
            throw new BcgException("Certpath is not valid .", null, EventTextId.EVENT_CERT_PATH_NOT_VALID, null, e4.getCause());
        } catch (Exception e5) {
            String stringBuffer = new StringBuffer().append(new StringBuffer().append(x509Certificate.getSerialNumber().toString(16).toUpperCase()).append(EventUtil.PIPE_STR).append(x509Certificate.getSubjectDN().getName()).append(EventUtil.PIPE_STR).append(x509Certificate.getIssuerDN().getName()).toString()).append(EventUtil.PIPE_STR).append(e5.getMessage()).toString();
            if (0 == 0) {
                debug(new StringBuffer().append("No Root Certificate found. Exception : ").append(e5.getCause()).toString());
                e5.printStackTrace();
                logEvent(EventTextId.EVENT_CERT_PATH_NOT_BUILT, "3", stringBuffer, e5);
                throw new BcgException("Could not Build the path ", null, EventTextId.EVENT_CERT_PATH_NOT_BUILT, null, e5);
            }
            debug(new StringBuffer().append("Exception : ").append(e5.getCause()).toString());
            e5.printStackTrace();
            logEvent(EventTextId.EVENT_CERT_PATH_NOT_VALID, "3", stringBuffer, e5);
            throw new BcgException("Could not Build the path ", null, EventTextId.EVENT_CERT_PATH_NOT_VALID, null, e5.getCause());
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:15:0x00c0 A[LOOP:0: B:13:0x00b8->B:15:0x00c0, LOOP_END] */
    /* JADX WARN: Removed duplicated region for block: B:19:0x011a  */
    /* JADX WARN: Removed duplicated region for block: B:33:0x014f  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.security.cert.PKIXCertPathBuilderResult buildCertPath(java.security.cert.Certificate r5) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 555
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.bcg.util.CertPathUtil.buildCertPath(java.security.cert.Certificate):java.security.cert.PKIXCertPathBuilderResult");
    }

    private static void debug(String str) {
        if (m_logger.isDebugEnabled()) {
            m_logger.debug(str);
        }
    }

    private static void info(String str) {
        if (m_logger.isInfoEnabled()) {
            m_logger.info(str);
        }
    }

    private static void warn(String str) {
        m_logger.warn(str);
    }

    private static void error(String str) {
        error(str, null);
    }

    private static void error(String str, Throwable th) {
        m_logger.error(str);
        if (th != null) {
            th.printStackTrace();
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:18:0x0055, code lost:
    
        com.ibm.bcg.util.WBICSecurityManager.getInstance().certificateRevoked(r7);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static boolean validateSelfSignedCertificate(java.security.cert.X509Certificate r7) throws com.ibm.bcg.util.BcgException {
        /*
            java.lang.String r0 = "Its a self signed Certificate"
            debug(r0)
            r0 = 0
            r8 = r0
            r0 = 0
            r9 = r0
            com.ibm.bcg.util.WBICSecurityManager r0 = com.ibm.bcg.util.WBICSecurityManager.getInstance()     // Catch: java.security.cert.CertStoreException -> L65
            r10 = r0
            r0 = r10
            java.security.cert.CertStore r0 = r0.getCRLCertStore()     // Catch: java.security.cert.CertStoreException -> L65
            r11 = r0
            r0 = r11
            if (r0 != 0) goto L22
            r0 = r9
            if (r0 != 0) goto L20
            r0 = 1
            goto L21
        L20:
            r0 = 0
        L21:
            return r0
        L22:
            r0 = r11
            r1 = 0
            java.util.Collection r0 = r0.getCRLs(r1)     // Catch: java.security.cert.CertStoreException -> L65
            r12 = r0
            r0 = r12
            java.util.Iterator r0 = r0.iterator()     // Catch: java.security.cert.CertStoreException -> L65
            r13 = r0
        L33:
            r0 = r13
            boolean r0 = r0.hasNext()     // Catch: java.security.cert.CertStoreException -> L65
            if (r0 == 0) goto L62
            r0 = r13
            java.lang.Object r0 = r0.next()     // Catch: java.security.cert.CertStoreException -> L65
            java.security.cert.X509CRL r0 = (java.security.cert.X509CRL) r0     // Catch: java.security.cert.CertStoreException -> L65
            r14 = r0
            r0 = r14
            r1 = r7
            boolean r0 = r0.isRevoked(r1)     // Catch: java.security.cert.CertStoreException -> L65
            r9 = r0
            r0 = r9
            r1 = 1
            if (r0 != r1) goto L5f
            com.ibm.bcg.util.WBICSecurityManager r0 = com.ibm.bcg.util.WBICSecurityManager.getInstance()     // Catch: java.security.cert.CertStoreException -> L65
            r1 = r7
            r0.certificateRevoked(r1)     // Catch: java.security.cert.CertStoreException -> L65
            goto L62
        L5f:
            goto L33
        L62:
            goto L73
        L65:
            r10 = move-exception
            com.ibm.bcg.util.BcgException r0 = new com.ibm.bcg.util.BcgException
            r1 = r0
            java.lang.String r2 = "Error in CertStore"
            r3 = 0
            r4 = 0
            r5 = 0
            r1.<init>(r2, r3, r4, r5)
            throw r0
        L73:
            r0 = r9
            if (r0 != 0) goto L7b
            r0 = 1
            goto L7c
        L7b:
            r0 = 0
        L7c:
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.bcg.util.CertPathUtil.validateSelfSignedCertificate(java.security.cert.X509Certificate):boolean");
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$bcg$util$CertPathUtil == null) {
            cls = class$("com.ibm.bcg.util.CertPathUtil");
            class$com$ibm$bcg$util$CertPathUtil = cls;
        } else {
            cls = class$com$ibm$bcg$util$CertPathUtil;
        }
        m_logger = Category.getInstance(cls.getName());
        vmsLog = new VMSLog(m_logger);
    }
}
