package com.sun.identity.security.cert;

import com.forgerock.opendj.ldap.controls.TransactionIdControl;
import com.iplanet.security.x509.CertUtils;
import com.iplanet.security.x509.IssuingDistributionPointExtension;
import com.sun.identity.common.HttpURLConnectionManager;
import com.sun.identity.shared.encode.URLEncDec;
import java.io.BufferedOutputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.StringTokenizer;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.lang.ArrayUtils;
import org.forgerock.i18n.LocalizedIllegalArgumentException;
import org.forgerock.openam.audit.context.AuditRequestContext;
import org.forgerock.openam.ldap.LDAPRequests;
import org.forgerock.openam.utils.Time;
import org.forgerock.opendj.ldap.Attribute;
import org.forgerock.opendj.ldap.Connection;
import org.forgerock.opendj.ldap.LDAPConnectionFactory;
import org.forgerock.opendj.ldap.LDAPUrl;
import org.forgerock.opendj.ldap.LdapException;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.SSLContextBuilder;
import org.forgerock.opendj.ldap.responses.SearchResultEntry;
import org.forgerock.opendj.ldif.ConnectionEntryReader;
import org.forgerock.util.Options;
import sun.security.x509.CRLDistributionPointsExtension;
import sun.security.x509.DistributionPoint;
import sun.security.x509.GeneralNames;
import sun.security.x509.PKIXExtensions;
import sun.security.x509.X509CertImpl;

/* loaded from: input_file:com/sun/identity/security/cert/AMCRLStore.class */
public class AMCRLStore extends AMCertStore {
    public static final String CERTIFICATE_REVOCATION_LIST = "certificaterevocationlist";
    public static final String CERTIFICATE_REVOCATION_LIST_BINARY = "certificaterevocationlist;binary";
    private static Hashtable<String, X509CRL> cachedcrls = new Hashtable<>();
    private String mCrlAttrName;

    public AMCRLStore(AMLDAPCertStoreParameters aMLDAPCertStoreParameters) {
        super(aMLDAPCertStoreParameters);
        this.mCrlAttrName = null;
    }

    public X509CRL getCRL(X509Certificate x509Certificate) throws IOException {
        Connection connection;
        Throwable th;
        SearchResultEntry searchResultEntry = null;
        X509CRL x509crl = null;
        if (this.storeParam.isDoCRLCaching()) {
            if (debug.messageEnabled()) {
                debug.message("AMCRLStore.getCRL: Trying to get CRL from cache");
            }
            x509crl = getCRLFromCache(x509Certificate);
        }
        try {
            connection = getConnection();
            th = null;
        } catch (Exception e) {
            debug.error("AMCRLStore.getCRL: Error in getting CRL : ", e);
        }
        if (connection == null) {
            if (connection != null) {
                if (0 != 0) {
                    try {
                        connection.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    connection.close();
                }
            }
            return null;
        }
        if (x509crl == null) {
            try {
                try {
                    if (debug.messageEnabled()) {
                        debug.message("AMCRLStore.getCRL: crl is null");
                    }
                    searchResultEntry = this.mCrlAttrName == null ? getLdapEntry(connection, CERTIFICATE_REVOCATION_LIST, CERTIFICATE_REVOCATION_LIST_BINARY) : getLdapEntry(connection, this.mCrlAttrName);
                    x509crl = getCRLFromEntry(searchResultEntry);
                } finally {
                }
            } finally {
            }
        }
        if (this.storeParam.isDoUpdateCRLs() && needCRLUpdate(x509crl)) {
            if (debug.messageEnabled()) {
                debug.message("AMCRLStore.getCRL: need CRL update");
            }
            X509CRL x509crl2 = null;
            IssuingDistributionPointExtension issuingDistributionPointExtension = null;
            if (x509crl != null) {
                try {
                    issuingDistributionPointExtension = getCRLIDPExt(x509crl);
                } catch (Exception e2) {
                    debug.message("AMCRLStore.getCRL: crlIDPExt is null");
                }
            }
            CRLDistributionPointsExtension cRLDistributionPointsExtension = null;
            try {
                cRLDistributionPointsExtension = getCRLDPExt(x509Certificate);
            } catch (Exception e3) {
                debug.message("AMCRLStore.getCRL: crlDPExt is null");
            }
            if (0 == 0 && issuingDistributionPointExtension != null) {
                x509crl2 = getUpdateCRLFromCrlIDP(issuingDistributionPointExtension);
            }
            if (x509crl2 == null && cRLDistributionPointsExtension != null) {
                x509crl2 = getUpdateCRLFromCrlDP(cRLDistributionPointsExtension);
            }
            if (x509crl2 != null) {
                if (searchResultEntry == null) {
                    searchResultEntry = getLdapEntry(connection, new String[0]);
                }
                if (debug.messageEnabled()) {
                    debug.message("AMCRLStore.getCRL: new crl = " + x509crl2);
                }
                if (searchResultEntry != null) {
                    updateCRL(connection, searchResultEntry.getName().toString(), x509crl2.getEncoded());
                }
            }
            x509crl = x509crl2;
        }
        if (this.storeParam.isDoCRLCaching()) {
            if (debug.messageEnabled()) {
                debug.message("AMCRLStore.getCRL: Updating CRL cache");
            }
            updateCRLCache(x509Certificate, x509crl);
        }
        if (connection != null) {
            if (0 != 0) {
                try {
                    connection.close();
                } catch (Throwable th3) {
                    th.addSuppressed(th3);
                }
            } else {
                connection.close();
            }
        }
        return x509crl;
        debug.error("AMCRLStore.getCRL: Error in getting CRL : ", e);
        return x509crl;
    }

    public X509CRL getCRLFromCache(X509Certificate x509Certificate) {
        return cachedcrls.get(CertUtils.getIssuerName(x509Certificate));
    }

    public void updateCRLCache(X509Certificate x509Certificate, X509CRL x509crl) {
        String issuerName = CertUtils.getIssuerName(x509Certificate);
        if (x509crl == null) {
            cachedcrls.remove(issuerName);
        } else {
            cachedcrls.put(issuerName, x509crl);
        }
    }

    private X509CRL getCRLFromEntry(SearchResultEntry searchResultEntry) throws Exception {
        Attribute attribute;
        if (debug.messageEnabled()) {
            debug.message("AMCRLStore.getCRLFromEntry:");
        }
        if (searchResultEntry == null) {
            return null;
        }
        X509CRL x509crl = null;
        try {
            if (this.mCrlAttrName == null) {
                attribute = searchResultEntry.getAttribute(CERTIFICATE_REVOCATION_LIST);
                if (attribute == null) {
                    attribute = searchResultEntry.getAttribute(CERTIFICATE_REVOCATION_LIST_BINARY);
                    if (attribute == null) {
                        debug.error("No CRL Cache is configured");
                        return null;
                    }
                }
                this.mCrlAttrName = attribute.getAttributeDescriptionAsString();
            } else {
                attribute = searchResultEntry.getAttribute(this.mCrlAttrName);
            }
            if (attribute.size() > 1) {
                debug.error("More than one CRL entries are configured");
                return null;
            }
            try {
                byte[] byteArray = attribute.firstValue().toByteArray();
                if (debug.messageEnabled()) {
                    debug.message("AMCRLStore.getCRLFromEntry: crl size = " + byteArray.length);
                }
                cf = CertificateFactory.getInstance("X.509");
                x509crl = (X509CRL) cf.generateCRL(new ByteArrayInputStream(byteArray));
            } catch (Exception e) {
                debug.error("Certificate: CertRevoked = ", e);
            }
            return x509crl;
        } catch (Exception e2) {
            debug.error("Error in getting Cached CRL");
            return null;
        }
    }

    private CRLDistributionPointsExtension getCRLDPExt(X509Certificate x509Certificate) {
        CRLDistributionPointsExtension cRLDistributionPointsExtension = null;
        try {
            cRLDistributionPointsExtension = new X509CertImpl(x509Certificate.getEncoded()).getCRLDistributionPointsExtension();
        } catch (Exception e) {
            debug.error("Error finding CRL distribution Point configured: ", e);
        }
        return cRLDistributionPointsExtension;
    }

    private IssuingDistributionPointExtension getCRLIDPExt(X509CRL x509crl) {
        IssuingDistributionPointExtension issuingDistributionPointExtension = null;
        if (x509crl == null) {
            return null;
        }
        if (debug.messageEnabled()) {
            debug.message("AMCRLStore.getCRLIDPExt: crl = " + x509crl);
        }
        try {
            byte[] extensionValue = x509crl.getExtensionValue(PKIXExtensions.IssuingDistributionPoint_Id.toString());
            if (extensionValue != null) {
                issuingDistributionPointExtension = new IssuingDistributionPointExtension(extensionValue);
            }
        } catch (Exception e) {
            debug.error("Error finding CRL distribution Point configured: ", e);
        }
        return issuingDistributionPointExtension;
    }

    private synchronized X509CRL getUpdateCRLFromCrlDP(CRLDistributionPointsExtension cRLDistributionPointsExtension) {
        if (cRLDistributionPointsExtension == null) {
            return null;
        }
        List list = null;
        try {
            list = cRLDistributionPointsExtension.get("points");
        } catch (IOException e) {
            if (debug.warningEnabled()) {
                debug.warning("AMCRLStore.getUpdateCRLFromCrlDP: ", e);
            }
        }
        if (list == null || list.isEmpty()) {
            return null;
        }
        Iterator it = list.iterator();
        while (it.hasNext()) {
            GeneralNames fullName = ((DistributionPoint) it.next()).getFullName();
            if (debug.messageEnabled()) {
                debug.message("AMCRLStore.getUpdateCRLFromCrlDP: DP = " + fullName);
            }
            byte[] cRLsFromGeneralNames = getCRLsFromGeneralNames(fullName);
            if (cRLsFromGeneralNames != null && cRLsFromGeneralNames.length > 0) {
                try {
                    return (X509CRL) cf.generateCRL(new ByteArrayInputStream(cRLsFromGeneralNames));
                } catch (Exception e2) {
                    if (debug.warningEnabled()) {
                        debug.warning("AMCRLStore.getUpdateCRLFromCrlDP: Error in generating X509CRL", e2);
                    }
                }
            }
        }
        return null;
    }

    private synchronized X509CRL getUpdateCRLFromCrlIDP(IssuingDistributionPointExtension issuingDistributionPointExtension) {
        GeneralNames fullName = issuingDistributionPointExtension.getFullName();
        if (fullName == null) {
            return null;
        }
        if (debug.messageEnabled()) {
            debug.message("AMCRLStore.getUpdateCRLFromCrlIDP: gName = " + fullName);
        }
        byte[] cRLsFromGeneralNames = getCRLsFromGeneralNames(fullName);
        X509CRL x509crl = null;
        if (cRLsFromGeneralNames != null) {
            try {
                x509crl = (X509CRL) cf.generateCRL(new ByteArrayInputStream(cRLsFromGeneralNames));
            } catch (Exception e) {
                debug.error("Error in generating X509CRL" + e.toString());
            }
        }
        return x509crl;
    }

    /* JADX WARN: Code restructure failed: missing block: B:12:0x0075, code lost:
    
        if (r0 == (-1)) goto L19;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private byte[] getCRLsFromGeneralNames(sun.security.x509.GeneralNames r5) {
        /*
            r4 = this;
            r0 = 0
            r6 = r0
            com.sun.identity.shared.debug.Debug r0 = com.sun.identity.security.cert.AMCRLStore.debug
            boolean r0 = r0.messageEnabled()
            if (r0 == 0) goto L27
            com.sun.identity.shared.debug.Debug r0 = com.sun.identity.security.cert.AMCRLStore.debug
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r2 = r1
            r2.<init>()
            java.lang.String r2 = "AMCRLStore.getCRLsFromGeneralNames: gNames.size = "
            java.lang.StringBuilder r1 = r1.append(r2)
            r2 = r5
            int r2 = r2.size()
            java.lang.StringBuilder r1 = r1.append(r2)
            java.lang.String r1 = r1.toString()
            r0.message(r1)
        L27:
            r0 = 0
            r7 = r0
        L29:
            r0 = r5
            r1 = r7
            int r7 = r7 + 1
            sun.security.x509.GeneralName r0 = r0.get(r1)
            java.lang.String r0 = r0.toString()
            java.lang.String r0 = r0.trim()
            r8 = r0
            r0 = r8
            java.lang.String r0 = r0.toLowerCase()
            r9 = r0
            r0 = r9
            java.lang.String r1 = "http"
            int r0 = r0.indexOf(r1)
            r1 = r0
            r10 = r1
            r1 = -1
            if (r0 != r1) goto L7b
            r0 = r9
            java.lang.String r1 = "https"
            int r0 = r0.indexOf(r1)
            r1 = r0
            r10 = r1
            r1 = -1
            if (r0 != r1) goto L7b
            r0 = r9
            java.lang.String r1 = "ldap"
            int r0 = r0.indexOf(r1)
            r1 = r0
            r10 = r1
            r1 = -1
            if (r0 != r1) goto L7b
            r0 = r9
            java.lang.String r1 = "ldaps"
            int r0 = r0.indexOf(r1)
            r1 = r0
            r10 = r1
            r1 = -1
            if (r0 != r1) goto L7b
            goto Lb3
        L7b:
            r0 = r8
            r1 = r10
            r2 = r8
            int r2 = r2.length()
            java.lang.String r0 = r0.substring(r1, r2)
            r8 = r0
            com.sun.identity.shared.debug.Debug r0 = com.sun.identity.security.cert.AMCRLStore.debug
            boolean r0 = r0.messageEnabled()
            if (r0 == 0) goto Lac
            com.sun.identity.shared.debug.Debug r0 = com.sun.identity.security.cert.AMCRLStore.debug
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r2 = r1
            r2.<init>()
            java.lang.String r2 = "DP Name : "
            java.lang.StringBuilder r1 = r1.append(r2)
            r2 = r8
            java.lang.StringBuilder r1 = r1.append(r2)
            java.lang.String r1 = r1.toString()
            r0.message(r1)
        Lac:
            r0 = r4
            r1 = r8
            byte[] r0 = r0.getCRLByURI(r1)
            r6 = r0
        Lb3:
            r0 = r6
            if (r0 == 0) goto Lbf
            r0 = r7
            r1 = r5
            int r1 = r1.size()
            if (r0 < r1) goto L29
        Lbf:
            r0 = r6
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.identity.security.cert.AMCRLStore.getCRLsFromGeneralNames(sun.security.x509.GeneralNames):byte[]");
    }

    private void updateCRL(Connection connection, String str, byte[] bArr) {
        try {
            connection.modify(LDAPRequests.newModifyRequest(str).addModification(ModificationType.REPLACE, this.mCrlAttrName, new Object[]{bArr}));
        } catch (LdapException e) {
            debug.error("Error updating CRL Cache : ", e);
        }
    }

    private byte[] getCRLByURI(String str) {
        if (debug.messageEnabled()) {
            debug.message("AMCRLStore.getCRLByURI : uri = " + str);
        }
        if (str == null) {
            return null;
        }
        String lowerCase = str.trim().toLowerCase();
        if (lowerCase.startsWith("http") || lowerCase.startsWith("https")) {
            return getCRLByHttpURI(str);
        }
        if (lowerCase.startsWith("ldap") || lowerCase.startsWith("ldaps")) {
            return getCRLByLdapURI(str);
        }
        return null;
    }

    /* JADX WARN: Failed to calculate best type for var: r14v3 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r14v3 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r15v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r15v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 14, insn: 0x01e8: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r14 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:75:0x01e8 */
    /* JADX WARN: Not initialized variable reg: 15, insn: 0x01ed: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r15 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:77:0x01ed */
    /* JADX WARN: Type inference failed for: r14v3, types: [org.forgerock.opendj.ldap.Connection] */
    /* JADX WARN: Type inference failed for: r15v0, types: [java.lang.Throwable] */
    private byte[] getCRLByLdapURI(String str) {
        LDAPConnectionFactory lDAPConnectionFactory;
        Connection connection;
        Throwable th;
        ConnectionEntryReader search;
        if (debug.messageEnabled()) {
            debug.message("AMCRLStore.getCRLByLdapURI: uri = " + str);
        }
        byte[] bArr = null;
        try {
            LDAPUrl valueOf = LDAPUrl.valueOf(str);
            debug.message("AMCRLStore.getCRLByLdapURI: url.dn = {}", new Object[]{valueOf.getName()});
            if (valueOf.isSecure()) {
                try {
                    lDAPConnectionFactory = new LDAPConnectionFactory(valueOf.getHost(), valueOf.getPort(), Options.defaultOptions().set(LDAPConnectionFactory.SSL_CONTEXT, new SSLContextBuilder().getSSLContext()));
                } catch (GeneralSecurityException e) {
                    debug.error("AMCRLStore.getCRLByLdapURI: Error getting SSL Context", e);
                    return null;
                }
            } else {
                lDAPConnectionFactory = new LDAPConnectionFactory(valueOf.getHost(), valueOf.getPort());
            }
            try {
                try {
                    connection = lDAPConnectionFactory.getConnection();
                    th = null;
                    search = connection.search(valueOf.asSearchRequest().addControl(TransactionIdControl.newControl(AuditRequestContext.createSubTransactionIdValue())));
                } finally {
                }
            } catch (Exception e2) {
                debug.error("getCRLByLdapURI : Error in getting CRL", e2);
            }
            if (!search.hasNext()) {
                debug.error("verifyCertificate - No CRL distribution Point configured");
                if (connection != null) {
                    if (0 != 0) {
                        try {
                            connection.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        connection.close();
                    }
                }
                return null;
            }
            if (search.isReference()) {
                debug.warning("Getting CRL but got LDAP reference: {}", new Object[]{search.readReference()});
                if (connection != null) {
                    if (0 != 0) {
                        try {
                            connection.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        connection.close();
                    }
                }
                return null;
            }
            SearchResultEntry readEntry = search.readEntry();
            Attribute attribute = readEntry.getAttribute(CERTIFICATE_REVOCATION_LIST);
            if (attribute == null) {
                attribute = readEntry.getAttribute(CERTIFICATE_REVOCATION_LIST_BINARY);
                if (attribute == null) {
                    debug.error("verifyCertificate - No CRL distribution Point configured");
                    if (connection != null) {
                        if (0 != 0) {
                            try {
                                connection.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            connection.close();
                        }
                    }
                    return null;
                }
            }
            bArr = attribute.firstValue().toByteArray();
            if (connection != null) {
                if (0 != 0) {
                    try {
                        connection.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    connection.close();
                }
            }
            return bArr;
            debug.error("getCRLByLdapURI : Error in getting CRL", e2);
            return bArr;
        } catch (LocalizedIllegalArgumentException e3) {
            debug.error("AMCRLStore.getCRLByLdapURI(): Could not parse uri: {}", new Object[]{str, e3});
            return null;
        }
    }

    private byte[] getCRLByHttpURI(String str) {
        StringBuffer stringBuffer = null;
        byte[] bArr = null;
        String uRIParams = this.storeParam.getURIParams();
        if (uRIParams != null) {
            try {
                stringBuffer = new StringBuffer();
                StringTokenizer stringTokenizer = new StringTokenizer(uRIParams, ",");
                while (stringTokenizer.hasMoreTokens()) {
                    StringTokenizer stringTokenizer2 = new StringTokenizer(stringTokenizer.nextToken(), "=");
                    if (stringTokenizer2.countTokens() == 2) {
                        stringBuffer.append(URLEncDec.encode(stringTokenizer2.nextToken()) + "=" + URLEncDec.encode(stringTokenizer2.nextToken()));
                        if (stringTokenizer.hasMoreTokens()) {
                            stringBuffer.append("&");
                        }
                    }
                }
            } catch (Exception e) {
                debug.error("getCRLByHttpURI : Error in getting CRL", e);
            }
        }
        HttpURLConnection connection = HttpURLConnectionManager.getConnection(new URL(str));
        connection.setDoInput(true);
        connection.setUseCaches(false);
        if (stringBuffer != null) {
            byte[] bytes = stringBuffer.toString().trim().getBytes("UTF-8");
            if (bytes.length > 0) {
                connection.setDoOutput(true);
                connection.setRequestProperty("Content-Length", Integer.toString(bytes.length));
                BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(connection.getOutputStream());
                bufferedOutputStream.write(bytes, 0, bytes.length);
                bufferedOutputStream.flush();
                bufferedOutputStream.close();
            }
        }
        InputStream inputStream = connection.getInputStream();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr2 = new byte[1024];
        while (true) {
            int read = inputStream.read(bArr2, 0, bArr2.length);
            if (read == -1) {
                break;
            }
            byteArrayOutputStream.write(bArr2, 0, read);
        }
        bArr = byteArrayOutputStream.toByteArray();
        if (debug.messageEnabled()) {
            debug.message("AMCRLStore.getCRLByHttpURI: crl.length = " + bArr.length);
        }
        return bArr;
    }

    private boolean needCRLUpdate(X509CRL x509crl) {
        if (x509crl == null) {
            return true;
        }
        Date nextUpdate = x509crl.getNextUpdate();
        if (debug.messageEnabled()) {
            debug.message("AMCRLStore.needCRLUpdate: nextCrlUpdate = " + nextUpdate);
        }
        return nextUpdate != null && nextUpdate.before(Time.newDate());
    }

    public static X509CRL getCRL(AMLDAPCertStoreParameters aMLDAPCertStoreParameters, X509Certificate x509Certificate, String... strArr) {
        String searchFilter;
        X509CRL x509crl = null;
        try {
            if (!ArrayUtils.isEmpty(strArr)) {
                X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
                if (strArr.length < 2) {
                    String attributeValue = CertUtils.getAttributeValue(issuerX500Principal, strArr[0]);
                    if (null == attributeValue) {
                        return null;
                    }
                    searchFilter = setSearchFilter(strArr[0], attributeValue);
                } else {
                    String buildSearchFilterValue = buildSearchFilterValue(strArr, issuerX500Principal);
                    if (buildSearchFilterValue.isEmpty()) {
                        return null;
                    }
                    searchFilter = setSearchFilter("cn", buildSearchFilterValue);
                }
                if (debug.messageEnabled()) {
                    debug.message("AMCRLStore:getCRL using searchFilter " + searchFilter);
                }
                aMLDAPCertStoreParameters.setSearchFilter(searchFilter);
                x509crl = new AMCRLStore(aMLDAPCertStoreParameters).getCRL(x509Certificate);
            }
        } catch (Exception e) {
            debug.error("AMCRLStore:getCRL ", e);
        }
        return x509crl;
    }

    private static String buildSearchFilterValue(String[] strArr, X500Principal x500Principal) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < strArr.length; i++) {
            String str = strArr[i];
            String attributeValue = CertUtils.getAttributeValue(x500Principal, str);
            if (null != attributeValue) {
                sb.append(str);
                sb.append("=");
                sb.append(attributeValue);
                if (i < strArr.length - 1) {
                    sb.append(",");
                }
            }
        }
        return sb.toString();
    }
}
