package com.ibm.security.certclient.beans;

import com.ibm.misc.Debug;
import com.ibm.security.certclient.PkEeFactory;
import com.ibm.security.certclient.base.PkCertRepEvent;
import com.ibm.security.certclient.base.PkCertReqEvent;
import com.ibm.security.certclient.base.PkConstants;
import com.ibm.security.certclient.base.PkException;
import com.ibm.security.certclient.base.PkPipe;
import com.ibm.security.certclient.base.PkXcerReqEvent;
import com.ibm.security.validator.Validator;
import com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;

/* loaded from: input_file:jre/lib/ext/ibmkeycert.jar:com/ibm/security/certclient/beans/PkCertPath.class */
public class PkCertPath extends PkPipe implements PkConstants {
    private static Debug debug = Debug.getInstance("keycertmanage");
    private static final Object className = "com.ibm.security.certclient.PkCertPath";
    private KeyStore kStore;
    private PKIXParameters pkixParms = null;

    public PkCertPath(String str, String str2, char[] cArr) throws PkException {
        this.kStore = null;
        try {
            this.kStore = KeyStore.getInstance(str, PkEeFactory.getProvider());
            this.kStore.load(new FileInputStream(str2), cArr);
            setPKIXParms();
        } catch (FileNotFoundException e) {
            if (debug != null) {
                debug.text(0L, className, "PkCertPath", "FileNotFoundException for file {0}", str2);
                debug.exception(0L, className, "PkCertPath", e);
            }
        } catch (IOException e2) {
            if (debug != null) {
                debug.text(0L, className, "PkCertPath", "IOException from file {0}", str2);
                debug.exception(0L, className, "PkCertPath", e2);
            }
        } catch (KeyStoreException e3) {
            if (debug != null) {
                debug.text(0L, className, "PkCertPath", "KeyStoreException. keyStoreType {0}", str);
                debug.exception(0L, className, "PkCertPath", e3);
            }
        } catch (GeneralSecurityException e4) {
            if (debug != null) {
                debug.text(0L, className, "PkCertPath", "GeneralSecurityException. file {0}", str2);
                debug.exception(0L, className, "PkCertPath", e4);
            }
        }
    }

    @Override // com.ibm.security.certclient.base.PkPipe, com.ibm.security.certclient.base.PkListener
    public PkCertRepEvent doCertReq(PkCertReqEvent pkCertReqEvent) throws PkException {
        PkCertRepEvent propagate = propagate(pkCertReqEvent);
        if (this.pkixParms != null && !(pkCertReqEvent instanceof PkXcerReqEvent)) {
            validateCert(propagate);
        }
        return propagate;
    }

    private boolean validateCert(PkCertRepEvent pkCertRepEvent) throws PkException {
        boolean z = false;
        try {
            CertPathValidator.getInstance(Validator.TYPE_PKIX).validate(CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID, "IBMCertPath").generateCertPath(Arrays.asList(pkCertRepEvent.getCert())), this.pkixParms);
            z = true;
            if (debug != null) {
                debug.text(0L, className, "validateCert", "certpath validated");
            }
        } catch (CertPathValidatorException e) {
            if (debug != null) {
                debug.text(0L, className, "validateCert", "WARNING:certpath could not be validated.The issuer of this certificate is not trusted");
                debug.exception(0L, className, "validateCert", e);
            }
        } catch (GeneralSecurityException e2) {
            throw new PkException(e2);
        }
        return z;
    }

    private void setPKIXParms() throws PkException {
        try {
            Enumeration<String> aliases = this.kStore.aliases();
            try {
                CertPathValidator.getInstance(Validator.TYPE_PKIX);
                HashSet hashSet = new HashSet();
                while (aliases.hasMoreElements()) {
                    String nextElement2 = aliases.nextElement2();
                    try {
                        if (this.kStore.isCertificateEntry(nextElement2)) {
                            hashSet.add(new TrustAnchor((X509Certificate) this.kStore.getCertificate(nextElement2), null));
                        }
                    } catch (Exception e) {
                        throw new PkException(e);
                    }
                }
                this.pkixParms = null;
                if (hashSet.isEmpty()) {
                    return;
                }
                try {
                    this.pkixParms = new PKIXParameters(hashSet);
                    this.pkixParms.setRevocationEnabled(false);
                } catch (GeneralSecurityException e2) {
                    throw new PkException(e2);
                }
            } catch (NoSuchAlgorithmException e3) {
                throw new PkException(e3);
            }
        } catch (Exception e4) {
            throw new PkException(e4);
        }
    }
}
