package com.ibm.security.cert;

import com.ibm.security.krb5.PrincipalName;
import com.ibm.security.util.DerValue;
import com.ibm.security.x509.GeneralName;
import com.ibm.security.x509.GeneralSubtree;
import com.ibm.security.x509.GeneralSubtrees;
import com.ibm.security.x509.NameConstraintsExtension;
import com.ibm.security.x509.OIDMap;
import com.ibm.security.x509.SubjectAlternativeNameExtension;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.Set;
import java.util.Vector;

/* loaded from: input_file:efixes/PQ89734_linux_s390/components/prereq.jdk/update.jar:/java/jre/lib/security.jar:com/ibm/security/cert/NameChecker.class */
public class NameChecker extends PKIXCertPathChecker {
    static final int NAME_CONSTRAINTS_ERROR = 5;
    static final String[] myExtensions = {OIDMap.getOID(NameConstraintsExtension.IDENT).toString(), OIDMap.getOID(SubjectAlternativeNameExtension.IDENT).toString()};
    private int numberOfCertsInCertPath;
    private CertPath certPath;
    private int currentCertIndex;
    private ArrayList[] permittedSubtrees = null;
    private ArrayList[] excludedSubtrees = null;
    private String sigProvider;

    public NameChecker(CertPath certPath, String str) throws CertPathValidatorException {
        this.certPath = certPath;
        this.numberOfCertsInCertPath = certPath.getCertificates().size();
        this.currentCertIndex = this.numberOfCertsInCertPath - 1;
        this.sigProvider = str;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("The direction of forward is not supported.");
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection collection) throws CertPathValidatorException {
        GeneralSubtrees generalSubtrees;
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (!x509Certificate.getIssuerDN().equals(x509Certificate.getSubjectDN()) || this.currentCertIndex <= 0) {
            GeneralSubtrees generalSubtrees2 = null;
            if (this.permittedSubtrees != null) {
                Vector vector = new Vector();
                for (int i = 0; i < this.permittedSubtrees.length; i++) {
                    Iterator it = this.permittedSubtrees[i].iterator();
                    while (it.hasNext()) {
                        vector.add(new GeneralSubtree((GeneralName) it.next(), 0, 1));
                    }
                }
                try {
                    generalSubtrees2 = new GeneralSubtrees(vector);
                } catch (IOException e) {
                    throw new CertPathValidatorException("An internal error has occurred.", e);
                }
            }
            if (this.excludedSubtrees != null) {
                Vector vector2 = new Vector();
                for (int i2 = 0; i2 < this.excludedSubtrees.length; i2++) {
                    Iterator it2 = this.excludedSubtrees[i2].iterator();
                    while (it2.hasNext()) {
                        vector2.add(new GeneralSubtree((GeneralName) it2.next(), 0, 1));
                    }
                }
                try {
                    generalSubtrees = new GeneralSubtrees(vector2);
                } catch (IOException e2) {
                    throw new CertPathValidatorException("An internal error has occurred.", e2);
                }
            } else {
                try {
                    generalSubtrees = new GeneralSubtrees(new Vector());
                } catch (IOException e3) {
                    throw new CertPathValidatorException("An internal error has occurred.", e3);
                }
            }
            try {
                NameConstraintsExtension nameConstraintsExtension = new NameConstraintsExtension(generalSubtrees2, generalSubtrees);
                X509CertSelector x509CertSelector = new X509CertSelector();
                x509CertSelector.setNameConstraints(nameConstraintsExtension.getExtensionValue());
                if (!x509CertSelector.match(x509Certificate)) {
                    throw new CertPathValidatorException("The certificate failed the name constraint check", null, this.certPath, this.currentCertIndex);
                }
                if (this.currentCertIndex < this.numberOfCertsInCertPath) {
                    processNameConstraints(x509Certificate);
                }
            } catch (IOException e4) {
                throw new CertPathValidatorException("An internal error has occurred.", e4);
            }
        }
        this.currentCertIndex--;
        CertPathUtil.removeExtensions(collection, myExtensions);
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Object clone() {
        return null;
    }

    private void processNameConstraints(X509Certificate x509Certificate) throws CertPathValidatorException {
        NameConstraintsExtension nameConstraintsExtension = null;
        Object[] extension = CertPathUtil.getExtension(NameConstraintsExtension.IDENT, x509Certificate);
        if (extension[1] != null) {
            try {
                nameConstraintsExtension = new NameConstraintsExtension((Boolean) extension[0], extension[1]);
            } catch (IOException e) {
                throw new CertPathValidatorException("An internal error has occurred.", e);
            }
        }
        if (nameConstraintsExtension != null) {
            if (!nameConstraintsExtension.isCritical()) {
                throw new CertPathValidatorException("The NameConstraints extension was not critical.");
            }
            try {
                GeneralSubtrees generalSubtrees = (GeneralSubtrees) nameConstraintsExtension.get(NameConstraintsExtension.PERMITTED_SUBTREES);
                if (generalSubtrees != null) {
                    this.permittedSubtrees = intersectPermittedSubtrees(processGeneralSubtrees(generalSubtrees));
                }
                try {
                    GeneralSubtrees generalSubtrees2 = (GeneralSubtrees) nameConstraintsExtension.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
                    if (generalSubtrees2 != null) {
                        this.excludedSubtrees = unionExcludedSubtrees(processGeneralSubtrees(generalSubtrees2));
                    }
                } catch (IOException e2) {
                    throw new CertPathValidatorException("An internal error has occurred.", e2);
                }
            } catch (IOException e3) {
                throw new CertPathValidatorException("An internal error has occurred.", e3);
            }
        }
    }

    private ArrayList[] intersectPermittedSubtrees(ArrayList[] arrayListArr) throws IOException {
        boolean z = true;
        int i = 0;
        while (true) {
            if (i >= arrayListArr.length) {
                break;
            }
            if (!arrayListArr[i].isEmpty()) {
                z = false;
                break;
            }
            i++;
        }
        if (!z) {
            if (this.permittedSubtrees == null) {
                this.permittedSubtrees = new ArrayList[9];
                for (int i2 = 0; i2 < this.permittedSubtrees.length; i2++) {
                    this.permittedSubtrees[i2].addAll(arrayListArr[i2]);
                }
            } else {
                for (int i3 = 0; i3 < this.permittedSubtrees.length; i3++) {
                    if (arrayListArr[i3] != null) {
                        ArrayList intersectPermittedSubtree = intersectPermittedSubtree(i3, this.permittedSubtrees[i3], arrayListArr[i3]);
                        this.permittedSubtrees[i3].clear();
                        this.permittedSubtrees[i3].addAll(intersectPermittedSubtree);
                    }
                }
            }
        }
        return this.permittedSubtrees;
    }

    private ArrayList intersectPermittedSubtree(int i, ArrayList arrayList, ArrayList arrayList2) throws IOException {
        GeneralName generalName;
        String generalNameString;
        ArrayList arrayList3 = new ArrayList();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            GeneralName generalName2 = (GeneralName) it.next();
            boolean z = false;
            Iterator it2 = arrayList2.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                GeneralName generalName3 = (GeneralName) it2.next();
                if (generalName2.toString().equals(generalName3.toString())) {
                    z = true;
                    arrayList3.add(generalName3);
                    break;
                }
            }
            if (!z) {
                if (i == 6 || i == 1) {
                    try {
                        String generalNameString2 = getGeneralNameString(generalName2);
                        if (!generalNameString2.startsWith(".")) {
                            Iterator it3 = arrayList2.iterator();
                            while (true) {
                                if (!it3.hasNext()) {
                                    break;
                                }
                                GeneralName generalName4 = (GeneralName) it3.next();
                                String generalNameString3 = getGeneralNameString(generalName4);
                                if (generalNameString3.startsWith(".") && generalNameString2.endsWith(generalNameString3.substring(1))) {
                                    arrayList3.add(generalName2);
                                    break;
                                }
                                if (generalNameString3.endsWith(new StringBuffer().append(PrincipalName.NAME_REALM_SEPARATOR_STR).append(generalNameString2).toString())) {
                                    arrayList3.add(generalName4);
                                } else if (generalNameString2.endsWith(new StringBuffer().append(PrincipalName.NAME_REALM_SEPARATOR_STR).append(generalNameString3).toString())) {
                                    arrayList3.add(generalName2);
                                    break;
                                }
                            }
                        } else {
                            Iterator it4 = arrayList2.iterator();
                            while (it4.hasNext()) {
                                GeneralName generalName5 = (GeneralName) it4.next();
                                if (getGeneralNameString(generalName5).endsWith(generalNameString2.substring(1))) {
                                    arrayList3.add(generalName5);
                                }
                            }
                        }
                    } catch (IOException e) {
                    }
                } else if (i == 2) {
                    String generalNameString4 = getGeneralNameString(generalName2);
                    Iterator it5 = arrayList2.iterator();
                    while (true) {
                        if (!it5.hasNext()) {
                            break;
                        }
                        try {
                            generalName = (GeneralName) it5.next();
                            generalNameString = getGeneralNameString(generalName);
                        } catch (IOException e2) {
                        }
                        if (generalNameString4.endsWith(generalNameString)) {
                            arrayList3.add(generalName2);
                            break;
                        }
                        if (generalNameString.endsWith(generalNameString4)) {
                            arrayList3.add(generalName);
                        }
                    }
                }
            }
        }
        return arrayList3;
    }

    private String getGeneralNameString(GeneralName generalName) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = null;
        generalName.encode(null);
        return new String(new DerValue(byteArrayOutputStream.toByteArray()).getData().toByteArray()).toLowerCase();
    }

    private ArrayList[] unionExcludedSubtrees(ArrayList[] arrayListArr) throws IOException {
        boolean z = true;
        int i = 0;
        while (true) {
            if (i >= arrayListArr.length) {
                break;
            }
            if (!arrayListArr[i].isEmpty()) {
                z = false;
                break;
            }
            i++;
        }
        if (!z) {
            if (this.excludedSubtrees != null) {
                this.excludedSubtrees = new ArrayList[9];
                for (int i2 = 0; i2 < this.excludedSubtrees.length; i2++) {
                    this.excludedSubtrees[i2].addAll(arrayListArr[i2]);
                }
            } else {
                for (int i3 = 0; i3 < this.excludedSubtrees.length; i3++) {
                    if (arrayListArr[i3] != null) {
                        ArrayList unionExcludedSubtree = unionExcludedSubtree(i3, this.excludedSubtrees[i3], arrayListArr[i3]);
                        this.excludedSubtrees[i3].clear();
                        this.excludedSubtrees[i3].addAll(unionExcludedSubtree);
                    }
                }
            }
        }
        return this.excludedSubtrees;
    }

    private ArrayList unionExcludedSubtree(int i, ArrayList arrayList, ArrayList arrayList2) throws IOException {
        ArrayList arrayList3 = new ArrayList();
        boolean[] zArr = new boolean[arrayList2.size()];
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            GeneralName generalName = (GeneralName) it.next();
            int i2 = 0;
            while (true) {
                if (i2 >= arrayList2.size()) {
                    break;
                }
                if (generalName.toString().equals(((GeneralName) arrayList2.get(i2)).toString())) {
                    zArr[i2] = true;
                    break;
                }
                i2++;
            }
            arrayList3.add(generalName);
        }
        for (int i3 = 0; i3 < arrayList2.size(); i3++) {
            if (!zArr[i3]) {
                arrayList3.add(arrayList2.get(i3));
            }
        }
        return arrayList3;
    }

    private ArrayList[] processGeneralSubtrees(GeneralSubtrees generalSubtrees) {
        ArrayList[] arrayListArr = new ArrayList[9];
        for (int i = 0; i < 9; i++) {
            arrayListArr[i] = new ArrayList();
        }
        Iterator it = generalSubtrees.getSubtrees().iterator();
        while (it.hasNext()) {
            GeneralName base = ((GeneralSubtree) it.next()).getBase();
            try {
                arrayListArr[base.getType()].add(base);
            } catch (ArrayIndexOutOfBoundsException e) {
            }
        }
        return arrayListArr;
    }
}
