package org.adullact.parapheur.applets.splittedsign;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.List;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.commons.lang.StringUtils;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;

/* loaded from: input_file:org/adullact/parapheur/applets/splittedsign/CRLVerifier.class */
public class CRLVerifier {
    public static void verifyCertificateCRLs(X509Certificate x509Certificate, List<String> list) throws CertificateVerificationException, CertificateRevokedException, CRLNotFoundException {
        X509CRL downloadCRL;
        try {
            List<String> crlDistributionPoints = getCrlDistributionPoints(x509Certificate);
            if (crlDistributionPoints.isEmpty()) {
                System.out.println("verifyCertificateCRLs : crlDistPoints.isEmpty");
                crlDistributionPoints = getNetscapeCaRevocationUrl(x509Certificate);
            } else {
                System.out.println("verifyCertificateCRLs : " + (crlDistributionPoints.isEmpty() ? "empty list" : crlDistributionPoints));
            }
            Exception exc = null;
            boolean z = false;
            for (String str : crlDistributionPoints) {
                if (list.contains(str)) {
                    System.out.println("\t ignoring invalid CRL: " + str);
                } else {
                    try {
                        System.out.println("\t processing " + str);
                        downloadCRL = downloadCRL(str);
                    } catch (Exception e) {
                        e.printStackTrace();
                        exc = e;
                    }
                    if (downloadCRL == null) {
                        System.out.println("verifyCertificateCRLs : " + str + " download not successful.");
                    } else {
                        if (downloadCRL.isRevoked(x509Certificate)) {
                            throw new CertificateRevokedException("The certificate is revoked by CRL: " + str);
                            break;
                        }
                        z = true;
                    }
                }
            }
            if (!z && exc != null) {
                throw exc;
            }
        } catch (Exception e2) {
            if (e2 instanceof CertificateVerificationException) {
                throw ((CertificateVerificationException) e2);
            }
            if (e2 instanceof CertificateRevokedException) {
                throw ((CertificateRevokedException) e2);
            }
            if (e2 instanceof CRLNotFoundException) {
                System.out.println("verifyCertificateCRLs : CRL download is not possible. " + e2.getLocalizedMessage());
                throw ((CRLNotFoundException) e2);
            }
            if ((e2 instanceof IOException) || (e2 instanceof NamingException) || (e2 instanceof CertificateException) || (e2 instanceof CRLException)) {
                throw new CRLNotFoundException(e2.getLocalizedMessage(), x509Certificate.getSubjectX500Principal().getName());
            }
            System.out.println("verifyCertificateCRLs : il y a une exception inconnue: " + e2.getLocalizedMessage());
            String str2 = StringUtils.EMPTY;
            for (StackTraceElement stackTraceElement : e2.getStackTrace()) {
                str2 = str2 + stackTraceElement + "\n";
            }
            throw new CertificateVerificationException("Can not verify CRL for certificate: " + x509Certificate.getSubjectX500Principal() + "\n" + str2);
        }
    }

    private static X509CRL downloadCRL(String str) throws IOException, CertificateException, CRLException, CRLNotFoundException, CertificateVerificationException, NamingException {
        if (!str.startsWith("http://") && !str.startsWith("https://") && !str.startsWith("ftp://")) {
            if (str.startsWith("ldap://")) {
                return null;
            }
            throw new CertificateVerificationException("Can not download CRL from certificate distribution point: " + str);
        }
        try {
            return downloadCRLFromWeb(str);
        } catch (SecurityException e) {
            System.out.println("\t" + e.getMessage());
            throw new CRLNotFoundException(e.getMessage(), str);
        }
    }

    private static X509CRL downloadCRLFromLDAP(String str) throws CertificateException, NamingException, CRLException, CertificateVerificationException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", str);
        InitialDirContext initialDirContext = new InitialDirContext(hashtable);
        byte[] bArr = null;
        System.out.println("\t processing 1");
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        System.out.println("\t processing 2");
        NamingEnumeration search = initialDirContext.search(StringUtils.EMPTY, "(certificateRevocationList;binary=*)", searchControls);
        System.out.println("\t processing 3");
        while (search.hasMore()) {
            bArr = (byte[]) ((SearchResult) search.next()).getAttributes().get("certificateRevocationList;binary").get();
            System.out.println(" CRL = " + bArr);
        }
        System.out.println("\t processing 5");
        if (bArr == null || bArr.length == 0) {
            throw new CertificateVerificationException("Can not download CRL from: " + str);
        }
        return (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(new ByteArrayInputStream(bArr));
    }

    private static X509CRL downloadCRLFromWeb(String str) throws MalformedURLException, IOException, CertificateException, CRLException, CRLNotFoundException, SecurityException {
        InputStream inputStream = null;
        try {
            try {
                try {
                    inputStream = new URL(str).openStream();
                    X509CRL x509crl = (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(inputStream);
                    if (inputStream != null) {
                        inputStream.close();
                    }
                    return x509crl;
                } catch (SecurityException e) {
                    throw new SecurityException("'" + str + "'Problème de sécurité: " + e.getLocalizedMessage());
                }
            } catch (IOException e2) {
                throw new CRLNotFoundException(StringUtils.EMPTY, str);
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                inputStream.close();
            }
            throw th;
        }
    }

    public static List<String> getCrlDistributionPoints(X509Certificate x509Certificate) throws CertificateParsingException, IOException {
        byte[] extensionValue = x509Certificate.getExtensionValue(Extension.cRLDistributionPoints.getId());
        if (extensionValue == null) {
            System.out.print("CRLs getCrlDistributionPoints: getExtensionValue() is null !?!");
            return new ArrayList();
        }
        CRLDistPoint cRLDistPoint = CRLDistPoint.getInstance(new ASN1InputStream(new ByteArrayInputStream(new ASN1InputStream(new ByteArrayInputStream(extensionValue)).readObject().getOctets())).readObject());
        ArrayList arrayList = new ArrayList();
        for (DistributionPoint distributionPoint : cRLDistPoint.getDistributionPoints()) {
            DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
            if (distributionPoint2 != null && distributionPoint2.getType() == 0) {
                GeneralName[] names = GeneralNames.getInstance(distributionPoint2.getName()).getNames();
                for (int i = 0; i < names.length; i++) {
                    if (names[i].getTagNo() == 6) {
                        String string = DERIA5String.getInstance(names[i].getName()).getString();
                        arrayList.add(string);
                        System.out.println("CRLs getCrlDistributionPoints GOTCHA : " + string);
                    }
                }
            }
        }
        return arrayList;
    }

    public static List<String> getNetscapeCaRevocationUrl(X509Certificate x509Certificate) throws CertificateParsingException, IOException {
        String extensionValueAsString = getExtensionValueAsString(x509Certificate, MiscObjectIdentifiers.netscapeCARevocationURL.getId());
        ArrayList arrayList = new ArrayList();
        if (extensionValueAsString != null) {
            arrayList.add(extensionValueAsString.substring(extensionValueAsString.indexOf("http")));
            System.out.println("CRLs getNetscapeCaRevocationUrl GOTCHA : [" + extensionValueAsString + "]");
        }
        return arrayList;
    }

    private static String getExtensionValueAsString(X509Certificate x509Certificate, String str) throws IOException {
        String str2 = null;
        byte[] extensionValue = x509Certificate.getExtensionValue(str);
        if (extensionValue != null) {
            DEROctetString aSN1Primitive = toASN1Primitive(extensionValue);
            if (aSN1Primitive instanceof DEROctetString) {
                ASN1Primitive aSN1Primitive2 = toASN1Primitive(aSN1Primitive.getOctets());
                if (aSN1Primitive2 instanceof DERUTF8String) {
                    str2 = DERUTF8String.getInstance(aSN1Primitive2).getString();
                } else if (aSN1Primitive2 instanceof DERIA5String) {
                    str2 = DERIA5String.getInstance(aSN1Primitive2).getString();
                } else {
                    System.out.print("  getExtensionValueAsString::derObject not a known parsable String??  ");
                    System.out.println(aSN1Primitive2.toString());
                }
            } else {
                System.out.println("  getExtensionValueAsString::derObject not a DEROctetString??");
            }
        } else {
            System.out.println("  getExtensionValueAsString::extensionValue is null??");
        }
        return str2;
    }

    private static ASN1Primitive toASN1Primitive(byte[] bArr) throws IOException {
        return new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject();
    }
}
