package com.ibm.mq.ese.pki;

import com.ibm.mq.ese.core.AMBIException;
import com.ibm.mq.ese.core.KeyStoreAccess;
import com.ibm.mq.ese.core.PkiSpec;
import com.ibm.mq.ese.nls.AmsErrorMessageInserts;
import com.ibm.mq.ese.nls.AmsErrorMessages;
import com.ibm.msg.client.commonservices.trace.Trace;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URI;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.LDAPCertStoreParameters;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import javax.naming.CommunicationException;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.jcajce.JcaX509CRLConverter;

/* loaded from: input_file:com/ibm/mq/ese/pki/CertAccessImpl.class */
public class CertAccessImpl implements CertAccess {
    public static final String sccsid = "@(#) MQMBID sn=p920-L200710.DE su=_6p8lZ8KXEeqhru3bNhtEjw pn=com.ibm.mq.ese/src/com/ibm/mq/ese/pki/CertAccessImpl.java";
    private FileAccessor fileAccessor;
    private LdapAccessor ldapAccessor;

    /* loaded from: input_file:com/ibm/mq/ese/pki/CertAccessImpl$FileAccessor.class */
    static class FileAccessor implements CertAccess {
        private JcaX509CRLConverter crlConverter = new JcaX509CRLConverter();

        FileAccessor() {
        }

        @Override // com.ibm.mq.ese.pki.CertAccess
        public X509Certificate[] loadCertificates(KeyStoreAccess keyStoreAccess, PkiSpec pkiSpec, List<String> list) throws MissingCertificateException, CertAccessException {
            if (Trace.isOn) {
                Trace.entry(this, "com.ibm.mq.ese.pki.FileAccessor", "loadCertificates(KeyStoreAccess,PkiSpec,List)", new Object[]{keyStoreAccess, pkiSpec, list});
            }
            if (!Trace.isOn) {
                return null;
            }
            Trace.exit(this, "com.ibm.mq.ese.pki.FileAccessor", "loadCertificates(KeyStoreAccess,PkiSpec,List)", (Object) null);
            return null;
        }

        @Override // com.ibm.mq.ese.pki.CertAccess
        public X509CRL[] loadCRLs(KeyStoreAccess keyStoreAccess, PkiSpec pkiSpec, X509Certificate[] x509CertificateArr) throws CrlAccessException {
            if (Trace.isOn) {
                Trace.entry(this, "com.ibm.mq.ese.pki.FileAccessor", "loadCRLs(KeyStoreAccess,PkiSpec,X509Certificate [ ])", new Object[]{keyStoreAccess, pkiSpec, x509CertificateArr});
            }
            URI[] uriArr = pkiSpec.crlUris;
            String[] strArr = pkiSpec.crlFiles;
            FileInputStream fileInputStream = null;
            BufferedInputStream bufferedInputStream = null;
            LinkedList linkedList = new LinkedList();
            LinkedList<File> linkedList2 = new LinkedList();
            if (uriArr != null) {
                for (URI uri : uriArr) {
                    if ("file".equalsIgnoreCase(uri.getScheme())) {
                        linkedList2.add(new File(uri));
                    } else if (Trace.isOn) {
                        Trace.traceInfo(this, "com.ibm.mq.ese.pki.FileAccessor", "loadCRLs(KeyStoreAccess, PkiSpec, X509Certificate[])", "skipping non file URI: ", uri);
                    }
                }
            }
            if (strArr != null) {
                for (String str : strArr) {
                    linkedList2.add(new File(str));
                }
            }
            String str2 = null;
            try {
                try {
                    try {
                        for (File file : linkedList2) {
                            str2 = file.getAbsolutePath();
                            if (Trace.isOn) {
                                Trace.traceInfo(this, "com.ibm.mq.ese.pki.FileAccessor", "loadCRLs(KeyStoreAccess, PkiSpec, X509Certificate[])", "loading ", str2);
                            }
                            FileInputStream fileInputStream2 = new FileInputStream(file);
                            BufferedInputStream bufferedInputStream2 = new BufferedInputStream(fileInputStream2);
                            X509CRL crl = this.crlConverter.getCRL(new X509CRLHolder(bufferedInputStream2));
                            bufferedInputStream2.close();
                            bufferedInputStream = null;
                            fileInputStream2.close();
                            fileInputStream = null;
                            linkedList.add(crl);
                        }
                        if (Trace.isOn) {
                            Trace.finallyBlock(this, "com.ibm.mq.ese.pki.FileAccessor", "loadCRLs(KeyStoreAccess,PkiSpec,X509Certificate [ ])");
                        }
                        if (bufferedInputStream != null) {
                            try {
                                bufferedInputStream.close();
                            } catch (IOException e) {
                                if (Trace.isOn) {
                                    Trace.catchBlock(this, "com.ibm.mq.ese.pki.FileAccessor", "loadCRLs(KeyStoreAccess,PkiSpec,X509Certificate [ ])", e, 3);
                                }
                            }
                        }
                        if (fileInputStream != null) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e2) {
                                if (Trace.isOn) {
                                    Trace.catchBlock(this, "com.ibm.mq.ese.pki.FileAccessor", "loadCRLs(KeyStoreAccess,PkiSpec,X509Certificate [ ])", e2, 4);
                                }
                            }
                        }
                        X509CRL[] x509crlArr = (X509CRL[]) linkedList.toArray(new X509CRL[linkedList.size()]);
                        if (Trace.isOn) {
                            Trace.exit(this, "com.ibm.mq.ese.pki.FileAccessor", "loadCRLs(KeyStoreAccess,PkiSpec,X509Certificate [ ])", x509crlArr);
                        }
                        return x509crlArr;
                    } catch (IOException e3) {
                        if (Trace.isOn) {
                            Trace.catchBlock(this, "com.ibm.mq.ese.pki.FileAccessor", "loadCRLs(KeyStoreAccess,PkiSpec,X509Certificate [ ])", e3, 1);
                        }
                        HashMap hashMap = new HashMap();
                        hashMap.put(AmsErrorMessageInserts.AMS_INSERT_CRL_NAME, str2);
                        CrlAccessException crlAccessException = new CrlAccessException(AmsErrorMessages.mjp_certvalid_error_crl_not_found, hashMap, e3);
                        if (Trace.isOn) {
                            Trace.throwing(this, "com.ibm.mq.ese.pki.FileAccessor", "loadCRLs(KeyStoreAccess,PkiSpec,X509Certificate [ ])", crlAccessException, 1);
                        }
                        throw crlAccessException;
                    }
                } catch (CRLException e4) {
                    if (Trace.isOn) {
                        Trace.catchBlock(this, "com.ibm.mq.ese.pki.FileAccessor", "loadCRLs(KeyStoreAccess,PkiSpec,X509Certificate [ ])", e4, 2);
                    }
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put(AmsErrorMessageInserts.AMS_INSERT_CRL_NAME, str2);
                    CrlAccessException crlAccessException2 = new CrlAccessException(AmsErrorMessages.mjp_certvalid_error_crl_not_found, hashMap2, e4);
                    if (Trace.isOn) {
                        Trace.throwing(this, "com.ibm.mq.ese.pki.FileAccessor", "loadCRLs(KeyStoreAccess,PkiSpec,X509Certificate [ ])", crlAccessException2, 2);
                    }
                    throw crlAccessException2;
                }
            } catch (Throwable th) {
                if (Trace.isOn) {
                    Trace.finallyBlock(this, "com.ibm.mq.ese.pki.FileAccessor", "loadCRLs(KeyStoreAccess,PkiSpec,X509Certificate [ ])");
                }
                if (bufferedInputStream != null) {
                    try {
                        bufferedInputStream.close();
                    } catch (IOException e5) {
                        if (Trace.isOn) {
                            Trace.catchBlock(this, "com.ibm.mq.ese.pki.FileAccessor", "loadCRLs(KeyStoreAccess,PkiSpec,X509Certificate [ ])", e5, 3);
                        }
                    }
                }
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e6) {
                        if (Trace.isOn) {
                            Trace.catchBlock(this, "com.ibm.mq.ese.pki.FileAccessor", "loadCRLs(KeyStoreAccess,PkiSpec,X509Certificate [ ])", e6, 4);
                        }
                    }
                }
                throw th;
            }
        }

        @Override // com.ibm.mq.ese.pki.CertAccess
        public boolean initialise() {
            return false;
        }
    }

    /* loaded from: input_file:com/ibm/mq/ese/pki/CertAccessImpl$LdapAccessor.class */
    static class LdapAccessor implements CertAccess {
        private CertStore store;
        private static final Object STORE_LOCK = new Object();
        private static final int MAX_RECONNECT_COUNT = 5;

        LdapAccessor() {
        }

        @Override // com.ibm.mq.ese.pki.CertAccess
        public X509Certificate[] loadCertificates(KeyStoreAccess keyStoreAccess, PkiSpec pkiSpec, List<String> list) throws MissingCertificateException, CertAccessException {
            if (Trace.isOn) {
                Trace.entry(this, "com.ibm.mq.ese.pki.LdapAccessor", "loadCertificates(KeyStoreAccess,PkiSpec,List)", new Object[]{keyStoreAccess, pkiSpec, list});
            }
            if (!Trace.isOn) {
                return null;
            }
            Trace.exit(this, "com.ibm.mq.ese.pki.LdapAccessor", "loadCertificates(KeyStoreAccess,PkiSpec,List)", (Object) null);
            return null;
        }

        @Override // com.ibm.mq.ese.pki.CertAccess
        public X509CRL[] loadCRLs(KeyStoreAccess keyStoreAccess, PkiSpec pkiSpec, X509Certificate[] x509CertificateArr) throws CrlAccessException {
            if (Trace.isOn) {
                Trace.entry(this, "com.ibm.mq.ese.pki.LdapAccessor", "loadCRLs(KeyStoreAccess,PkiSpec,X509Certificate [ ])", new Object[]{keyStoreAccess, pkiSpec, x509CertificateArr});
            }
            CertStore initConnection = initConnection(pkiSpec);
            int i = 0;
            while (initConnection != null) {
                try {
                    X509CRLSelector x509CRLSelector = new X509CRLSelector();
                    HashSet hashSet = new HashSet(x509CertificateArr.length);
                    for (X509Certificate x509Certificate : x509CertificateArr) {
                        hashSet.add(x509Certificate.getIssuerDN().getName());
                    }
                    x509CRLSelector.setIssuerNames(hashSet);
                    Collection<? extends CRL> cRLs = initConnection.getCRLs(x509CRLSelector);
                    i = 0;
                    if (Trace.isOn) {
                        Trace.exit(this, "com.ibm.mq.ese.pki.LdapAccessor", "loadCRLs(KeyStoreAccess, PkiSpec, X509Certificate[])", new Object[]{Integer.valueOf(cRLs.size())});
                    }
                    X509CRL[] x509crlArr = (X509CRL[]) cRLs.toArray(new X509CRL[cRLs.size()]);
                    if (Trace.isOn) {
                        Trace.exit(this, "com.ibm.mq.ese.pki.LdapAccessor", "loadCRLs(KeyStoreAccess,PkiSpec,X509Certificate [ ])", x509crlArr, 1);
                    }
                    return x509crlArr;
                } catch (IOException e) {
                    if (Trace.isOn) {
                        Trace.catchBlock(this, "com.ibm.mq.ese.pki.LdapAccessor", "loadCRLs(KeyStoreAccess,PkiSpec,X509Certificate [ ])", e, 2);
                    }
                    if (e.getCause() instanceof CommunicationException) {
                        i++;
                        if (i < 5) {
                            synchronized (STORE_LOCK) {
                                this.store = null;
                                initConnection = initConnection(pkiSpec);
                            }
                        }
                    }
                    CrlAccessException crlAccessException = new CrlAccessException(AmsErrorMessages.mjp_certvalid_error_crl_failed_to_retrieve, e);
                    if (Trace.isOn) {
                        Trace.throwing(this, "com.ibm.mq.ese.pki.LdapAccessor", "loadCRLs(KeyStoreAccess,PkiSpec,X509Certificate [ ])", crlAccessException, 2);
                    }
                    throw crlAccessException;
                } catch (CertStoreException e2) {
                    if (Trace.isOn) {
                        Trace.catchBlock(this, "com.ibm.mq.ese.pki.LdapAccessor", "loadCRLs(KeyStoreAccess,PkiSpec,X509Certificate [ ])", e2, 1);
                    }
                    if (e2.getCause() instanceof CommunicationException) {
                        i++;
                        if (i < 5) {
                            synchronized (STORE_LOCK) {
                                this.store = null;
                                initConnection = initConnection(pkiSpec);
                            }
                        }
                    }
                    CrlAccessException crlAccessException2 = new CrlAccessException(AmsErrorMessages.mjp_certvalid_error_crl_failed_to_retrieve, e2);
                    if (Trace.isOn) {
                        Trace.throwing(this, "com.ibm.mq.ese.pki.LdapAccessor", "loadCRLs(KeyStoreAccess,PkiSpec,X509Certificate [ ])", crlAccessException2, 1);
                    }
                    throw crlAccessException2;
                }
            }
            X509CRL[] x509crlArr2 = new X509CRL[0];
            if (Trace.isOn) {
                Trace.exit(this, "com.ibm.mq.ese.pki.LdapAccessor", "loadCRLs(KeyStoreAccess,PkiSpec,X509Certificate [ ])", x509crlArr2, 2);
            }
            return x509crlArr2;
        }

        private CertStore initConnection(PkiSpec pkiSpec) throws CrlAccessException {
            CertStore certStore;
            if (Trace.isOn) {
                Trace.entry(this, "com.ibm.mq.ese.pki.LdapAccessor", "initConnection(PkiSpec)", new Object[]{pkiSpec});
            }
            int i = 0;
            List<PkiSpec.ConnectionConfig> list = pkiSpec.ldapConfig.connections;
            if (list.size() < 1) {
                if (Trace.isOn) {
                    Trace.traceInfo(this, "com.ibm.mq.ese.pki.LdapAccessor", "initConnection(PkiSpec)", "no LDAP configuration available", "");
                    Trace.exit(this, "com.ibm.mq.ese.pki.LdapAccessor", "initConnection(PkiSpec)");
                }
                if (!Trace.isOn) {
                    return null;
                }
                Trace.exit(this, "com.ibm.mq.ese.pki.LdapAccessor", "initConnection(PkiSpec)", null, 1);
                return null;
            }
            try {
                synchronized (STORE_LOCK) {
                    while (this.store == null && i <= list.size()) {
                        String str = list.get(i).host;
                        int i2 = list.get(i).portNum;
                        if (Trace.isOn) {
                            Trace.traceInfo(this, "com.ibm.mq.ese.pki.LdapAccessor", "initConnection(PkiSpec)", "using configuration: " + i + " " + str + " " + i2, "");
                        }
                        LDAPCertStoreParameters lDAPCertStoreParameters = new LDAPCertStoreParameters(str, i2);
                        try {
                            if (this.store == null) {
                                this.store = CertStore.getInstance("LDAP", lDAPCertStoreParameters);
                            }
                        } catch (InvalidAlgorithmParameterException e) {
                            if (Trace.isOn) {
                                Trace.catchBlock(this, "com.ibm.mq.ese.pki.LdapAccessor", "initConnection(PkiSpec)", e, 1);
                            }
                            Throwable cause = e.getCause();
                            if (Trace.isOn) {
                                Trace.catchBlock(this, "com.ibm.mq.ese.pki.LdapAccessor", "initConnection(PkiSpec)", e);
                            }
                            if (!(cause instanceof CommunicationException)) {
                                if (Trace.isOn) {
                                    Trace.throwing(this, "com.ibm.mq.ese.pki.LdapAccessor", "initConnection(PkiSpec)", e, 1);
                                }
                                throw e;
                            }
                            i++;
                            if (i >= list.size()) {
                                CrlAccessException crlAccessException = (CrlAccessException) cause;
                                if (Trace.isOn) {
                                    Trace.throwing(this, "com.ibm.mq.ese.pki.LdapAccessor", "initConnection(PkiSpec)", crlAccessException, 2);
                                }
                                throw crlAccessException;
                            }
                        }
                    }
                    if (Trace.isOn) {
                        Trace.exit(this, "com.ibm.mq.ese.pki.LdapAccessor", "initConnection(PkiSpec)", this.store, 2);
                    }
                    certStore = this.store;
                }
                return certStore;
            } catch (InvalidAlgorithmParameterException e2) {
                if (Trace.isOn) {
                    Trace.catchBlock(this, "com.ibm.mq.ese.pki.LdapAccessor", "initConnection(PkiSpec)", e2, 2);
                }
                CrlAccessException crlAccessException2 = new CrlAccessException(AmsErrorMessages.mjp_certvalid_error_crl_failed_to_retrieve, e2);
                if (Trace.isOn) {
                    Trace.throwing(this, "com.ibm.mq.ese.pki.LdapAccessor", "initConnection(PkiSpec)", crlAccessException2, 3);
                }
                throw crlAccessException2;
            } catch (NoSuchAlgorithmException e3) {
                if (Trace.isOn) {
                    Trace.catchBlock(this, "com.ibm.mq.ese.pki.LdapAccessor", "initConnection(PkiSpec)", e3, 3);
                }
                CrlAccessException crlAccessException3 = new CrlAccessException(AmsErrorMessages.mjp_certvalid_error_crl_failed_to_retrieve, e3);
                if (Trace.isOn) {
                    Trace.throwing(this, "com.ibm.mq.ese.pki.LdapAccessor", "initConnection(PkiSpec)", crlAccessException3, 4);
                }
                throw crlAccessException3;
            }
        }

        @Override // com.ibm.mq.ese.pki.CertAccess
        public boolean initialise() {
            return false;
        }
    }

    public CertAccessImpl() {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.CertAccessImpl", "<init>()");
        }
        this.fileAccessor = new FileAccessor();
        this.ldapAccessor = new LdapAccessor();
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.pki.CertAccessImpl", "<init>()");
        }
    }

    @Override // com.ibm.mq.ese.pki.CertAccess
    public X509Certificate[] loadCertificates(KeyStoreAccess keyStoreAccess, PkiSpec pkiSpec, List<String> list) throws MissingCertificateException, CertAccessException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.CertAccessImpl", "loadCertificates(KeyStoreAccess,PkiSpec,List)", new Object[]{keyStoreAccess, pkiSpec, list});
        }
        try {
            X509Certificate[] certificates = keyStoreAccess.getCertificates(new LinkedList(list), true);
            if (certificates != null && certificates.length != 0) {
                if (Trace.isOn) {
                    Trace.exit(this, "com.ibm.mq.ese.pki.CertAccessImpl", "loadCertificates(KeyStoreAccess,PkiSpec,List)", certificates);
                }
                return certificates;
            }
            MissingCertificateException missingCertificateException = new MissingCertificateException(AmsErrorMessages.mjp_msg_error_getting_no_recipient_cert_MissingCertificateException);
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.pki.CertAccessImpl", "loadCertificates(KeyStoreAccess,PkiSpec,List)", missingCertificateException, 3);
            }
            throw missingCertificateException;
        } catch (MissingCertificateException e) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "com.ibm.mq.ese.pki.CertAccessImpl", "loadCertificates(KeyStoreAccess,PkiSpec,List)", e, 1);
            }
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.pki.CertAccessImpl", "loadCertificates(KeyStoreAccess,PkiSpec,List)", e, 1);
            }
            throw e;
        } catch (AMBIException e2) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "com.ibm.mq.ese.pki.CertAccessImpl", "loadCertificates(KeyStoreAccess,PkiSpec,List)", e2, 2);
            }
            CertAccessException certAccessException = new CertAccessException(e2);
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.pki.CertAccessImpl", "loadCertificates(KeyStoreAccess,PkiSpec,List)", certAccessException, 2);
            }
            throw certAccessException;
        }
    }

    @Override // com.ibm.mq.ese.pki.CertAccess
    public X509CRL[] loadCRLs(KeyStoreAccess keyStoreAccess, PkiSpec pkiSpec, X509Certificate[] x509CertificateArr) throws CrlAccessException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.CertAccessImpl", "loadCRLs(KeyStoreAccess,PkiSpec,X509Certificate [ ])", new Object[]{keyStoreAccess, pkiSpec, x509CertificateArr});
        }
        if ((x509CertificateArr == null || x509CertificateArr.length == 0) && Trace.isOn) {
            Trace.traceInfo(this, "com.ibm.mq.ese.pki.CertAccessImpl", "loadCRLs(KeyStoreAccess, PkiSpec, X509Certificate[])", "no certificates to search CRLs for", "");
        }
        X509CRL[] x509crlArr = new X509CRL[0];
        X509CRL[] x509crlArr2 = new X509CRL[0];
        if (this.fileAccessor != null) {
            x509crlArr = this.fileAccessor.loadCRLs(keyStoreAccess, pkiSpec, x509CertificateArr);
        }
        if (this.ldapAccessor != null) {
            x509crlArr2 = this.ldapAccessor.loadCRLs(keyStoreAccess, pkiSpec, x509CertificateArr);
        }
        HashSet hashSet = new HashSet(x509crlArr.length + x509crlArr2.length + 1);
        hashSet.addAll(Arrays.asList(x509crlArr));
        hashSet.addAll(Arrays.asList(x509crlArr2));
        X509CRL[] x509crlArr3 = (X509CRL[]) hashSet.toArray(new X509CRL[hashSet.size()]);
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.pki.CertAccessImpl", "loadCRLs(KeyStoreAccess,PkiSpec,X509Certificate [ ])", x509crlArr3);
        }
        return x509crlArr3;
    }

    public void setFileAccessor(FileAccessor fileAccessor) {
        if (Trace.isOn) {
            Trace.data(this, "com.ibm.mq.ese.pki.CertAccessImpl", "setFileAccessor(FileAccessor)", "setter", fileAccessor);
        }
        this.fileAccessor = fileAccessor;
    }

    public void setLdapAccessor(LdapAccessor ldapAccessor) {
        if (Trace.isOn) {
            Trace.data(this, "com.ibm.mq.ese.pki.CertAccessImpl", "setLdapAccessor(LdapAccessor)", "setter", ldapAccessor);
        }
        this.ldapAccessor = ldapAccessor;
    }

    @Override // com.ibm.mq.ese.pki.CertAccess
    public boolean initialise() {
        return false;
    }

    static {
        if (Trace.isOn) {
            Trace.data("com.ibm.mq.ese.pki.CertAccessImpl", "static", "SCCS id", (Object) sccsid);
        }
    }
}
