package com.sun.messaging.smime.applet.ldap;

import com.sun.messaging.smime.applet.AppletLogger;
import com.sun.messaging.smime.applet.exception.CertiaException;
import com.sun.messaging.smime.applet.util.Logger;
import com.sun.messaging.smime.security.Cert;
import com.sun.messaging.smime.security.cert.CertCRLCheck;
import com.sun.messaging.smime.security.cert.CertVerify;
import com.sun.messaging.smime.security.cert.LdapCertRetrieval;
import com.sun.messaging.smime.security.ssl.AppletSSLException;
import java.util.Enumeration;
import java.util.List;
import java.util.Vector;

/* loaded from: input_file:com/sun/messaging/smime/applet/ldap/LDAPApplet.class */
public class LDAPApplet {
    private boolean m_bInBrowser;
    private boolean m_bLogging;
    private String m_strLogFile;
    public static final int TYPE_TRUSTED = 1;
    public static final int TYPE_CERT = 2;
    private String m_logindn;
    private String m_loginpw;
    private String userCertFilter;
    private static final String LDAP_CERT_SEARCH_FAILURE_MSG = "LDAP cert search failed: ";
    private String m_strLastErrorMsgText = "";
    private int m_nLastErrorNumber = 0;
    private String m_strVersion = null;
    private Vector m_vTrustedLdapServer = null;
    private Vector m_vCertLdapServer = null;
    private boolean m_bVerifyChain = false;
    private CertCRLCheck m_crlChecker = null;

    public LDAPApplet(boolean z, boolean z2, String str, String str2) {
        this.m_bInBrowser = false;
        this.m_bLogging = false;
        this.m_strLogFile = null;
        this.m_logindn = "";
        this.m_loginpw = "";
        this.m_bInBrowser = z;
        this.m_bLogging = z2;
        this.m_logindn = str;
        this.m_loginpw = str2;
        if (this.m_bLogging) {
            this.m_strLogFile = System.getProperty("java.io.tmpdir") + "ldapapplet.log";
        }
        Log("Creating LDAPApplet object [" + z + "]");
    }

    public void setVerifyChain(boolean z) {
        this.m_bVerifyChain = z;
    }

    public void setUserCertFilter(String str) {
        this.userCertFilter = str;
    }

    public void setCheckCRL(CertCRLCheck certCRLCheck) {
        this.m_crlChecker = certCRLCheck;
    }

    public void setTrustedLdapServer(Vector vector) {
        this.m_vTrustedLdapServer = vector;
    }

    public void setCertLdapServer(Vector vector) {
        this.m_vCertLdapServer = vector;
    }

    public List getCertificateFromLDAP(String str, String str2) {
        LogError("getCertificateFromLDAP: not supported");
        return null;
    }

    public boolean verifyCert(Cert cert, String str) throws AppletSSLException {
        boolean z = false;
        CertVerify certVerify = new CertVerify();
        certVerify.setVerifySignerKeyUsageFlag(false);
        if (this.m_bVerifyChain) {
            Log("verifyCert: Verifying the certificate chain");
            Log("verifyCert: Loading LDAP List");
            Enumeration elements = this.m_vCertLdapServer.elements();
            while (elements.hasMoreElements()) {
                String str2 = (String) elements.nextElement();
                Log("verifyCert: Creating CertRetrieval for LDAP: " + str2);
                try {
                    certVerify.addCertRetrieval(new LdapCertRetrieval(str2, this.m_logindn, this.m_loginpw));
                } catch (Exception e) {
                    this.m_nLastErrorNumber = -805;
                    this.m_strLastErrorMsgText = "Exception encountered adding certificate ldap server for " + str;
                    LogError("verifyCert: Exception encountered: " + e.getMessage());
                }
            }
            Log("verifyCert: Loading Trusted List");
            try {
                certVerify.addTrustedRoot(LdapCertRetrieval.getTrustedInstance());
            } catch (Exception e2) {
                this.m_nLastErrorNumber = -806;
                this.m_strLastErrorMsgText = "Exception encountered adding certificate ldap server for " + str;
                LogError("verifyCert: Exception encountered: " + e2.getMessage());
            }
            Log("verifyCert: Verifying the certificate");
            try {
                if (certVerify.verifyCert(cert, null) == 1) {
                    Log("verifyCert: Certificate chain verified");
                    z = true;
                } else {
                    this.m_nLastErrorNumber = -807;
                    this.m_strLastErrorMsgText = "Certificate was revoked for " + str;
                    Log("verifyCert: Certificate chain was invalid for " + str);
                }
            } catch (Exception e3) {
                this.m_nLastErrorNumber = -808;
                this.m_strLastErrorMsgText = "Exception encountered verifying certificate chain for " + str;
                LogError("verifyCert: Exception encountered: " + e3.getMessage());
            }
        }
        if (this.m_crlChecker != null && z) {
            z = false;
            Log("verifyCert: Checking Certificate against CRL");
            try {
                switch (this.m_crlChecker.validateCertAgainstCRL(certVerify, cert, null)) {
                    case 0:
                        Log("verifyCert: The certificate was not in the CRL");
                        z = true;
                        break;
                    case 2:
                        this.m_nLastErrorNumber = -809;
                        this.m_strLastErrorMsgText = "Unable to verify signature for CRL, status undetermined " + str;
                        LogError("verifyCert: Unable to verify signature for CRL, status undetermined " + str);
                    case 1:
                        this.m_nLastErrorNumber = -814;
                        this.m_strLastErrorMsgText = "Certificate was revoked for " + str;
                        LogError("verifyCert: Certificate was revoked for " + str);
                        break;
                }
            } catch (CertiaException e4) {
                if (e4.getMessage().equals("Parsing LDAP URL failed")) {
                    this.m_nLastErrorNumber = -810;
                    this.m_strLastErrorMsgText = "Failed to parse LDAP Server URL for CRL verification";
                    LogError("verifyCert: (" + this.m_nLastErrorNumber + ") " + this.m_strLastErrorMsgText);
                } else if (e4.getMessage().equals("Failed to connect to LDAP Server")) {
                    this.m_nLastErrorNumber = -811;
                    this.m_strLastErrorMsgText = "Failed to connect to LDAP Server for CRL verification";
                    LogError("verifyCert: (" + this.m_nLastErrorNumber + ") " + this.m_strLastErrorMsgText);
                } else {
                    this.m_nLastErrorNumber = -812;
                    this.m_strLastErrorMsgText = "Certificate validation failed for " + str;
                    LogError("verifyCert: Exception encountered: " + e4.getMessage());
                }
            }
        }
        return z;
    }

    private Cert[] getCert(String str, String str2) {
        return null;
    }

    public int getLastErrorNumber() {
        return this.m_nLastErrorNumber;
    }

    public String getLastErrorMsgText() {
        return this.m_strLastErrorMsgText;
    }

    private void Log(String str) {
        if (this.m_bLogging) {
            new Logger(this.m_strLogFile, this.m_bInBrowser).logString(str + "[" + getLastErrorNumber() + ", " + getLastErrorMsgText() + "]");
        }
    }

    private void LogError(String str) {
        AppletLogger.log(str + "[" + getLastErrorNumber() + ", " + getLastErrorMsgText() + "]");
    }
}
