package com.sun.messaging.smime.security.ssl;

import com.sun.messaging.smime.applet.exception.CertiaException;
import com.sun.messaging.smime.applet.wmap.WMAPCrlCheck;
import com.sun.messaging.smime.security.Cert;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;

/* loaded from: input_file:com/sun/messaging/smime/security/ssl/PKIXRevocationChecker.class */
public class PKIXRevocationChecker extends PKIXCertPathChecker {
    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException();
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set getSupportedExtensions() {
        HashSet hashSet = new HashSet();
        hashSet.add("2.5.29.31");
        return hashSet;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection collection) throws CertPathValidatorException {
        for (X509Certificate x509Certificate : AppletSSLContext.getInstance().getCacerts()) {
            if (certificate.equals(x509Certificate)) {
                return;
            }
        }
        WMAPCrlCheck wMAPCrlCheck = new WMAPCrlCheck(AppletSSLContext.getInstance().getCrlProxyUrl(), AppletSSLContext.getInstance().getWmapSID());
        if (!(certificate instanceof X509Certificate)) {
            throw new CertPathValidatorException("Certificate is not X509");
        }
        try {
            try {
                switch (wMAPCrlCheck.validateCertAgainstCRL(null, new Cert((X509Certificate) certificate), Calendar.getInstance().getTime())) {
                    case 0:
                        return;
                    case 1:
                        throw new CertPathValidatorException("Certificate Revoked");
                    case 2:
                    default:
                        throw new CertPathValidatorException("Certificate revocation status unknown");
                }
            } catch (AppletSSLException e) {
                throw new CertPathValidatorException("Cannot check server certificate revocation status");
            }
        } catch (CertiaException e2) {
            throw new CertPathValidatorException(e2);
        }
    }
}
