package com.sun.messaging.smime.security.cert;

import com.sun.messaging.smime.applet.AppletLogger;
import com.sun.messaging.smime.applet.SMIMEAppletAPI;
import com.sun.messaging.smime.applet.exception.CertiaException;
import com.sun.messaging.smime.applet.util.Logger;
import com.sun.messaging.smime.security.Cert;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.List;

/* loaded from: input_file:com/sun/messaging/smime/security/cert/CertCRL.class */
public class CertCRL implements CertCRLCheck {
    private String m_crlRequestURL;

    public CertCRL(String str) {
        this.m_crlRequestURL = str;
    }

    @Override // com.sun.messaging.smime.security.cert.CertCRLCheck
    public int validateCertAgainstCRL(CertVerify certVerify, Cert cert, Date date) throws CertiaException {
        int i = 0;
        try {
            ArrayList arrayList = new ArrayList();
            arrayList.add("http");
            arrayList.add("https");
            arrayList.add(SMIMEAppletAPI.PARAM_LDAP);
            List distributionPointURLs = cert.getDistributionPointURLs(arrayList);
            if (distributionPointURLs.size() > 0) {
                for (int i2 = 0; i2 < distributionPointURLs.size(); i2++) {
                    X509CRL cRLFromHTTP = getCRLFromHTTP((String) distributionPointURLs.get(i2));
                    if (cRLFromHTTP != null) {
                        Enumeration findTrustedCert = certVerify.findTrustedCert(cRLFromHTTP.getIssuerDN().toString());
                        boolean z = false;
                        if (findTrustedCert != null) {
                            while (findTrustedCert.hasMoreElements() && !z) {
                                try {
                                    cRLFromHTTP.verify(((Cert) findTrustedCert.nextElement()).getPublicKey());
                                    z = true;
                                } catch (InvalidKeyException e) {
                                } catch (NoSuchAlgorithmException e2) {
                                } catch (NoSuchProviderException e3) {
                                } catch (SignatureException e4) {
                                }
                            }
                        }
                        if (z) {
                            Logger.log("Valid CRL found, checking for revoked certificate");
                            if (cRLFromHTTP.isRevoked(cert.getX509Certificate())) {
                                Logger.log("Certificate has been revoked.");
                                return 1;
                            }
                            AppletLogger.log("Cert has not been revoked");
                        } else {
                            i = 2;
                            Logger.log("Unable to verify signature for CRL from " + cRLFromHTTP.getIssuerDN());
                        }
                    }
                }
            } else {
                i = 3;
            }
            return i;
        } catch (Exception e5) {
            e5.printStackTrace();
            AppletLogger.log(e5);
            throw new CertiaException(e5.getMessage());
        }
    }

    private X509CRL getCRLFromHTTP(String str) throws MalformedURLException, IOException, CRLException, CertificateException {
        URLConnection openConnection = new URL(this.m_crlRequestURL + "?crlurl=" + str).openConnection();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        BufferedInputStream bufferedInputStream = new BufferedInputStream(openConnection.getInputStream());
        while (true) {
            int read = bufferedInputStream.read();
            if (read < 0) {
                bufferedInputStream.close();
                byteArrayOutputStream.flush();
                byteArrayOutputStream.close();
                return (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()));
            }
            byteArrayOutputStream.write(read);
        }
    }
}
