package progress.message.net.ssl.jsafe.providers;

import com.rsa.certj.CertJ;
import com.rsa.certj.CertJUtils;
import com.rsa.certj.InvalidParameterException;
import com.rsa.certj.NotSupportedException;
import com.rsa.certj.Provider;
import com.rsa.certj.ProviderImplementation;
import com.rsa.certj.ProviderManagementException;
import com.rsa.certj.cert.Certificate;
import com.rsa.certj.cert.RevokedCertificates;
import com.rsa.certj.cert.X509CRL;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.spi.path.CertPathCtx;
import com.rsa.certj.spi.revocation.CertRevocationInfo;
import com.rsa.certj.spi.revocation.CertStatusException;
import com.rsa.certj.spi.revocation.CertStatusInterface;
import java.util.Date;
import java.util.Vector;
import progress.message.net.ssl.jsafe.providers.MemoryDB;
import progress.message.net.ssl.prAccessor;
import progress.message.zclient.SessionConfig;

/* loaded from: input_file:progress/message/net/ssl/jsafe/providers/CRLCertStatus.class */
public final class CRLCertStatus extends Provider {
    private boolean DEBUG;

    /* loaded from: input_file:progress/message/net/ssl/jsafe/providers/CRLCertStatus$Implementation.class */
    private final class Implementation extends ProviderImplementation implements CertStatusInterface {
        private Implementation(CertJ certJ, String str) throws InvalidParameterException {
            super(certJ, str);
        }

        public CertRevocationInfo checkCertRevocation(CertPathCtx certPathCtx, Certificate certificate) throws NotSupportedException, CertStatusException {
            if (!(certificate instanceof X509Certificate)) {
                throw new NotSupportedException("CRLCertStatus$Implementation.checkCertRevocation: does not support certificat types other than X509Certificate.");
            }
            X509Certificate x509Certificate = (X509Certificate) certificate;
            if (CRLCertStatus.this.DEBUG) {
                System.out.println("CRL checking for " + x509Certificate.getSubjectName() + " by CA " + x509Certificate.getIssuerName());
            }
            try {
                Vector vector = new Vector();
                Date date = certPathCtx.getValidationTime() == null ? new Date() : certPathCtx.getValidationTime();
                certPathCtx.getDatabase().selectCRLByIssuerAndTime(x509Certificate.getIssuerName(), date, vector);
                if (CRLCertStatus.this.DEBUG) {
                    System.out.println(vector.size() + " CRL(s) found.");
                }
                for (int i = 0; i < vector.size(); i++) {
                    X509CRL x509crl = (X509CRL) vector.elementAt(i);
                    if (CRLCertStatus.this.DEBUG) {
                        System.out.println("Checking against CRL issued by " + x509crl.getIssuerName() + " on " + x509crl.getThisUpdate());
                    }
                    if (x509crl instanceof MemoryDB.ExpiredCachedCRL) {
                        if (CRLCertStatus.this.DEBUG) {
                            System.out.println("Connection rejected: cached CRL expired");
                        }
                        SessionConfig.logMessage(prAccessor.getString("CACHED_CRL_EXPIRED") + x509Certificate.getSubjectName(), SessionConfig.getLevelWarning());
                        return new CertRevocationInfo(1, 1, x509crl);
                    }
                    if (!isCRLObsolete(x509crl, date)) {
                        if (CRLCertStatus.this.DEBUG) {
                            System.out.println("CRL is valid (not obsolete).");
                        }
                        if (findSerialNumberInCrl(x509Certificate.getSerialNumber(), x509crl)) {
                            SessionConfig.logMessage(prAccessor.getString("CERTIFICATE_REVOKED") + x509Certificate.getSubjectName(), SessionConfig.getLevelWarning());
                            return new CertRevocationInfo(1, 1, x509crl);
                        }
                        if (CRLCertStatus.this.DEBUG) {
                            System.out.println("Target certificate NOT revoked!!!");
                        }
                        return new CertRevocationInfo(0, 1, x509crl);
                    }
                }
                if (CRLCertStatus.this.DEBUG) {
                    System.out.println("Target certificate revocation unknown - no CRL!!!");
                }
                return new CertRevocationInfo(2, 0, (Object) null);
            } catch (Exception e) {
                if (CRLCertStatus.this.DEBUG) {
                    e.printStackTrace();
                }
                throw new CertStatusException("CRLCertStatus$Implementation.checkCertRevocation: " + e.getMessage());
            }
        }

        private boolean findSerialNumberInCrl(byte[] bArr, X509CRL x509crl) {
            RevokedCertificates revokedCertificates = x509crl.getRevokedCertificates();
            if (revokedCertificates == null) {
                return false;
            }
            for (int i = 0; i < revokedCertificates.getCertificateCount(); i++) {
                if (CertJUtils.byteArraysEqual(bArr, revokedCertificates.getSerialNumber(i))) {
                    return true;
                }
            }
            return false;
        }

        private boolean isCRLObsolete(X509CRL x509crl, Date date) {
            Date nextUpdate = x509crl.getNextUpdate();
            return nextUpdate != null && date.after(nextUpdate);
        }

        public String toString() {
            return "CRL Certificate Status provider named: " + super.getName();
        }
    }

    public void setDebug(boolean z) {
        this.DEBUG = z;
    }

    public CRLCertStatus() throws InvalidParameterException {
        super(2, "CRLStatus");
        this.DEBUG = false;
    }

    public ProviderImplementation instantiate(CertJ certJ) throws ProviderManagementException {
        try {
            return new Implementation(certJ, getName());
        } catch (InvalidParameterException e) {
            throw new ProviderManagementException("CRLCertStatus.instantiate: " + e.getMessage());
        }
    }
}
