package oracle.security.crypto.cert;

import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import oracle.security.crypto.cert.ext.BasicConstraintsExtension;
import oracle.security.crypto.core.AuthenticationException;

/* loaded from: input_file:BOOT-INF/lib/osdt_cert-11.2.0.4.jar:oracle/security/crypto/cert/TrustedCAPolicy.class */
public class TrustedCAPolicy implements CertificateTrustPolicy {
    private boolean requireCRL;
    private boolean requireCA;
    private Hashtable trustedTable;

    /* loaded from: input_file:BOOT-INF/lib/osdt_cert-11.2.0.4.jar:oracle/security/crypto/cert/TrustedCAPolicy$TrustedCACertificateVerifier.class */
    class TrustedCACertificateVerifier implements CertificateVerifier {
        private Hashtable iasnTable = new Hashtable();
        private Hashtable subjectTable = new Hashtable();
        private Hashtable crlTable = new Hashtable();
        private final TrustedCAPolicy this$0;

        TrustedCACertificateVerifier(TrustedCAPolicy trustedCAPolicy, Vector vector, Vector vector2) {
            this.this$0 = trustedCAPolicy;
            if (vector != null) {
                int size = vector.size();
                for (int i = 0; i < size; i++) {
                    X509 x509 = (X509) vector.elementAt(i);
                    this.iasnTable.put(new IssuerAndSerialNo(x509), x509);
                    this.subjectTable.put(x509.getSubject(), x509);
                }
            }
            if (vector2 != null) {
                int size2 = vector2.size();
                for (int i2 = 0; i2 < size2; i2++) {
                    CRL crl = (CRL) vector2.elementAt(i2);
                    this.crlTable.put(crl.getIssuer(), crl);
                }
            }
        }

        @Override // oracle.security.crypto.cert.CertificateVerifier
        public X509 getValidCertificate(IssuerAndSerialNo issuerAndSerialNo) throws AuthenticationException {
            BasicConstraintsExtension basicConstraintsExtension;
            X509 x509 = (X509) this.iasnTable.get(issuerAndSerialNo);
            if (x509 == null) {
                return null;
            }
            if (this.this$0.trustedTable.containsKey(x509.getSubject())) {
                return x509;
            }
            Vector vector = new Vector();
            X500Name x500Name = null;
            while (x509 != null) {
                Object obj = this.subjectTable.get(x509.getIssuer());
                if (obj != null && vector.contains(obj)) {
                    throw new AuthenticationException("Chain does not terminate with a trusted CA");
                }
                vector.addElement(x509);
                x500Name = x509.getIssuer();
                x509 = (X509) this.subjectTable.get(x500Name);
                if (this.this$0.trustedTable.containsKey(x500Name)) {
                    break;
                }
                if (x509 == null) {
                    throw new AuthenticationException("Chain does not terminate with a trusted CA");
                }
            }
            X509 x5092 = (X509) this.this$0.trustedTable.get(x500Name);
            boolean z = false;
            while (true) {
                boolean z2 = z;
                if (vector.isEmpty()) {
                    return x509;
                }
                x509 = (X509) vector.lastElement();
                CRL crl = (CRL) this.crlTable.get(x5092.getSubject());
                x509.setIssuerCertificate(x5092);
                if (crl != null) {
                    x509.setIssuerCRL(crl);
                } else if (this.this$0.requireCRL) {
                    throw new AuthenticationException("CRL not found for certificate");
                }
                if (!this.this$0.requireCA || !z2 || ((basicConstraintsExtension = (BasicConstraintsExtension) x5092.getExtension(PKIX.id_ce_basicConstraints)) != null && basicConstraintsExtension.getCA())) {
                    if (!x509.verify()) {
                        throw new AuthenticationException("Certificate invalid");
                    }
                    x5092 = x509;
                    vector.removeElementAt(vector.size() - 1);
                    z = true;
                }
            }
            throw new AuthenticationException("Certificate is not a CA");
        }
    }

    public TrustedCAPolicy() {
        this.requireCRL = false;
        this.requireCA = true;
        this.trustedTable = new Hashtable();
    }

    public TrustedCAPolicy(Vector vector, boolean z, boolean z2) {
        this.requireCRL = false;
        this.requireCA = true;
        this.trustedTable = new Hashtable();
        setTrustedCAs(vector);
        this.requireCRL = z;
        this.requireCA = z2;
    }

    @Override // oracle.security.crypto.cert.CertificateTrustPolicy
    public CertificateVerifier makeCertificateVerifier(Vector vector, Vector vector2) {
        return new TrustedCACertificateVerifier(this, vector, vector2);
    }

    public void addTrustedCA(X509 x509) {
        this.trustedTable.put(x509.getSubject(), x509);
    }

    public void setRequireCRLs(boolean z) {
        this.requireCRL = z;
    }

    public boolean getRequireCRLs() {
        return this.requireCRL;
    }

    public void setRequireCAFlag(boolean z) {
        this.requireCA = z;
    }

    public boolean getRequireCAFlag() {
        return this.requireCA;
    }

    public void setTrustedCAs(Vector vector) {
        this.trustedTable.clear();
        if (vector == null) {
            return;
        }
        int size = vector.size();
        for (int i = 0; i < size; i++) {
            X509 x509 = (X509) vector.elementAt(i);
            this.trustedTable.put(x509.getSubject(), x509);
        }
    }

    public Enumeration trustedCAs() {
        return this.trustedTable.elements();
    }
}
