package com.sun.messaging.smime.security.cert;

import com.sun.messaging.smime.applet.AppletLogger;
import com.sun.messaging.smime.applet.exception.CertiaException;
import com.sun.messaging.smime.applet.util.AppConstants;
import com.sun.messaging.smime.security.Cert;
import com.sun.messaging.smime.security.ssl.AppletSSLException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.StringTokenizer;
import java.util.Vector;

/* loaded from: input_file:com/sun/messaging/smime/security/cert/CertVerify.class */
public class CertVerify implements CertVerification {
    protected Vector retrieval;
    protected Hashtable trustedRoots;
    protected Vector trustedCertRetrieval;
    protected CertCRLCheck m_crlChecker;
    protected boolean bVerifyDate;
    protected boolean bVerifySignature;
    protected boolean bVerifyChain;
    protected boolean bVerifySignerKeyUsage;
    protected boolean bTrustSelfSigned;

    public CertVerify() {
        this.retrieval = null;
        this.trustedRoots = null;
        this.trustedCertRetrieval = null;
        this.m_crlChecker = null;
        this.bVerifyDate = true;
        this.bVerifySignature = true;
        this.bVerifyChain = true;
        this.bVerifySignerKeyUsage = true;
        this.bTrustSelfSigned = false;
        Log("entered1");
    }

    public CertVerify(CertRetrieval certRetrieval) throws CertiaException {
        this.retrieval = null;
        this.trustedRoots = null;
        this.trustedCertRetrieval = null;
        this.m_crlChecker = null;
        this.bVerifyDate = true;
        this.bVerifySignature = true;
        this.bVerifyChain = true;
        this.bVerifySignerKeyUsage = true;
        this.bTrustSelfSigned = false;
        Log("entered2");
        if (certRetrieval == null) {
            throw new CertiaException("CertRetrieval interface is null!");
        }
        this.retrieval = new Vector();
        this.retrieval.addElement(certRetrieval);
    }

    public CertVerify(CertRetrieval[] certRetrievalArr) throws CertiaException {
        this.retrieval = null;
        this.trustedRoots = null;
        this.trustedCertRetrieval = null;
        this.m_crlChecker = null;
        this.bVerifyDate = true;
        this.bVerifySignature = true;
        this.bVerifyChain = true;
        this.bVerifySignerKeyUsage = true;
        this.bTrustSelfSigned = false;
        Log("entered3");
        if (certRetrievalArr == null) {
            throw new CertiaException("CertRetrieval interface is null!");
        }
        this.retrieval = new Vector();
        for (CertRetrieval certRetrieval : certRetrievalArr) {
            this.retrieval.addElement(certRetrieval);
        }
    }

    public void Log(String str) {
        AppletLogger.log("[" + new SimpleDateFormat("MM/dd/yyyy hh:mm:ss").format(new Date()) + "] " + str + "\r\n");
    }

    @Override // com.sun.messaging.smime.security.cert.CertVerification
    public void addCertRetrieval(CertRetrieval certRetrieval) throws CertiaException {
        if (certRetrieval == null) {
            throw new CertiaException("CertRetrieval interface is null!");
        }
        if (this.retrieval == null) {
            this.retrieval = new Vector();
        }
        this.retrieval.addElement(certRetrieval);
    }

    @Override // com.sun.messaging.smime.security.cert.CertVerification
    public void removeCertRetrieval(CertRetrieval certRetrieval) throws CertiaException {
        if (certRetrieval == null) {
            throw new CertiaException("CertRetrieval interface is null!");
        }
        if (this.retrieval == null) {
            return;
        }
        this.retrieval.removeElement(certRetrieval);
    }

    public void setCRLChecker(CertCRLCheck certCRLCheck) {
        this.m_crlChecker = certCRLCheck;
    }

    @Override // com.sun.messaging.smime.security.cert.CertVerification
    public int verifyCert(Cert cert, Date date) throws CertiaException, AppletSSLException {
        int i = 0;
        if (this.bVerifyChain) {
            if (cert.checkValidity()) {
                X509Certificate x509Certificate = cert.getX509Certificate();
                Cert cert2 = null;
                if (cert.getIssuerName().equalsIgnoreCase(cert.getSubjectName())) {
                    cert2 = cert;
                }
                if (cert2 != cert) {
                    Enumeration findTrustedCert = findTrustedCert(cert.getIssuerName());
                    if (findTrustedCert == null || !findTrustedCert.hasMoreElements()) {
                        i = 3;
                    }
                    while (true) {
                        if (!findTrustedCert.hasMoreElements()) {
                            break;
                        }
                        cert2 = (Cert) findTrustedCert.nextElement();
                        Log("Verify user cert against " + cert2.getSubjectName());
                        if (verifyCertSignature(x509Certificate, cert2) == 1) {
                            i = 1;
                            Log(x509Certificate.getSubjectDN() + " verified against " + cert2.getSubjectName());
                            break;
                        }
                    }
                } else {
                    cert2 = cert;
                    i = verifyCertSignature(x509Certificate, cert2);
                }
                if (i == 1 && this.bVerifySignerKeyUsage && cert2.getKeyUsage() != null && !cert2.getKeyUsage()[5]) {
                    i = 2;
                }
                if (i == 1 && this.bVerifyChain && cert2 != cert) {
                    if (isTrustedRoot(cert2)) {
                        i = 1;
                    } else {
                        i = verifyCert(cert2, date);
                        if (i == 1) {
                            addTrustedRoot(cert2);
                        }
                    }
                }
                if (i == 1 && this.m_crlChecker != null) {
                    i = checkCertRevoked(cert, date);
                }
            } else {
                i = 2;
            }
        } else if (this.m_crlChecker != null) {
            i = checkCertRevoked(cert, date);
        }
        return i;
    }

    protected int verifyCertSignature(X509Certificate x509Certificate, Cert cert) {
        int i;
        try {
            x509Certificate.verify(cert.getPublicKey());
            i = 1;
        } catch (InvalidKeyException e) {
            AppletLogger.log(e);
            i = 3;
        } catch (NoSuchAlgorithmException e2) {
            AppletLogger.log(e2);
            i = 3;
        } catch (NoSuchProviderException e3) {
            AppletLogger.log(e3);
            i = 3;
        } catch (SignatureException e4) {
            i = 2;
        } catch (CertificateException e5) {
            AppletLogger.log(e5);
            i = 3;
        }
        return i;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Enumeration findTrustedCert(String str) throws AppletSSLException {
        Log("findTrustedCert called with string " + str);
        Vector vector = new Vector();
        if (this.trustedCertRetrieval != null) {
            Enumeration elements = this.trustedCertRetrieval.elements();
            while (elements.hasMoreElements()) {
                Cert[] certsBySubject = ((CertRetrieval) elements.nextElement()).getCertsBySubject(str);
                if (certsBySubject != null) {
                    for (int i = 0; i < certsBySubject.length; i++) {
                        vector.addElement(certsBySubject[i]);
                        AppletLogger.log("Found CA cert " + certsBySubject[i].getSubjectName());
                    }
                }
            }
        }
        return vector.elements();
    }

    private String getValueFromDN(String str, String str2) {
        String str3 = null;
        if (str2.indexOf(AppConstants.HTML_SANITIZER_TOKEN_SEPARATOR) >= 0) {
            StringTokenizer stringTokenizer = new StringTokenizer(str2, AppConstants.HTML_SANITIZER_TOKEN_SEPARATOR);
            while (stringTokenizer.hasMoreTokens()) {
                String[] field = getField(stringTokenizer.nextToken());
                if (field[0] != null && field[0] != null && field[0].equalsIgnoreCase(str)) {
                    str3 = field[0];
                }
            }
        } else if (str2.indexOf("=") >= 0) {
            String[] field2 = getField(str2);
            if (field2[0] != null && field2[0] != null && field2[0].equalsIgnoreCase(str)) {
                str3 = field2[0];
            }
        } else {
            str3 = str2;
        }
        return str3;
    }

    private String[] getField(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, "=");
        String[] strArr = new String[2];
        if (stringTokenizer.hasMoreTokens()) {
            strArr[0] = stringTokenizer.nextToken().trim();
        }
        if (stringTokenizer.hasMoreTokens()) {
            strArr[1] = stringTokenizer.nextToken().trim();
        }
        return strArr;
    }

    @Override // com.sun.messaging.smime.security.cert.CertVerification
    public void addTrustedRoot(Cert cert) {
        if (this.trustedRoots == null) {
            this.trustedRoots = new Hashtable();
        }
        this.trustedRoots.put(new String(cert.getIssuerAndSerialNumber()), cert);
    }

    @Override // com.sun.messaging.smime.security.cert.CertVerification
    public void addTrustedRoot(CertRetrieval certRetrieval) {
        if (this.trustedCertRetrieval == null) {
            this.trustedCertRetrieval = new Vector();
        }
        this.trustedCertRetrieval.addElement(certRetrieval);
    }

    @Override // com.sun.messaging.smime.security.cert.CertVerification
    public void removeTrustedRoot(Cert cert) {
        if (this.trustedRoots != null) {
            this.trustedRoots.remove(cert.getIssuerAndSerialNumber());
        }
    }

    @Override // com.sun.messaging.smime.security.cert.CertVerification
    public void removeTrustedRoot(CertRetrieval certRetrieval) {
        if (this.trustedCertRetrieval != null) {
            this.trustedCertRetrieval.removeElement(certRetrieval);
        }
    }

    @Override // com.sun.messaging.smime.security.cert.CertVerification
    public boolean isTrustedRoot(Cert cert) {
        Cert cert2;
        if (this.bTrustSelfSigned && cert.getIssuerName().equalsIgnoreCase(cert.getSubjectName())) {
            return true;
        }
        return (this.trustedRoots == null || (cert2 = (Cert) this.trustedRoots.get(new String(cert.getIssuerAndSerialNumber()))) == null || !cert2.equals(cert)) ? false : true;
    }

    @Override // com.sun.messaging.smime.security.cert.CertVerification
    public void setVerifyDateFlag(boolean z) {
        this.bVerifyDate = z;
    }

    @Override // com.sun.messaging.smime.security.cert.CertVerification
    public boolean getVerifyDateFlag() {
        return this.bVerifyDate;
    }

    @Override // com.sun.messaging.smime.security.cert.CertVerification
    public void setVerifySignatureFlag(boolean z) {
        this.bVerifySignature = z;
    }

    @Override // com.sun.messaging.smime.security.cert.CertVerification
    public boolean getVerifySignatureFlag() {
        return this.bVerifySignature;
    }

    @Override // com.sun.messaging.smime.security.cert.CertVerification
    public void setVerifyChainFlag(boolean z) {
        this.bVerifyChain = z;
    }

    @Override // com.sun.messaging.smime.security.cert.CertVerification
    public boolean getVerifyChainFlag() {
        return this.bVerifyChain;
    }

    @Override // com.sun.messaging.smime.security.cert.CertVerification
    public void setVerifySignerKeyUsageFlag(boolean z) {
        this.bVerifySignerKeyUsage = z;
    }

    @Override // com.sun.messaging.smime.security.cert.CertVerification
    public boolean getVerifySignerKeyUsageFlag() {
        return this.bVerifySignerKeyUsage;
    }

    @Override // com.sun.messaging.smime.security.cert.CertVerification
    public void setTrustSelfSignedFlag(boolean z) {
        this.bTrustSelfSigned = z;
    }

    @Override // com.sun.messaging.smime.security.cert.CertVerification
    public boolean getTrustSelfSignedFlag() {
        return this.bTrustSelfSigned;
    }

    @Override // com.sun.messaging.smime.security.cert.CertVerification
    public void setCheckCRL(CertCRLCheck certCRLCheck) {
        this.m_crlChecker = certCRLCheck;
    }

    @Override // com.sun.messaging.smime.security.cert.CertVerification
    public boolean getCheckCRLFlag() {
        return this.m_crlChecker != null;
    }

    @Override // com.sun.messaging.smime.security.cert.CertVerification
    public int checkCertRevoked(Cert cert, Date date) throws CertiaException, AppletSSLException {
        int i = 0;
        if (!cert.hasDistributionPoints()) {
            i = 1;
        } else if (this.m_crlChecker != null) {
            switch (this.m_crlChecker.validateCertAgainstCRL(this, cert, date)) {
                case 0:
                    i = 1;
                    break;
                case 1:
                    i = 4;
                    break;
                case 2:
                    i = 6;
                    break;
            }
        }
        return i;
    }
}
