package oracle.security.pki;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.ResourceBundle;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.NoPermissionException;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import oracle.security.crypto.cert.CRL;
import oracle.security.crypto.core.AuthenticationException;
import oracle.security.crypto.core.RSAPublicKey;
import oracle.security.pki.ldap.ConnectionUtil;
import oracle.security.pki.resources.OraclePKICmd;
import oracle.security.pki.resources.OraclePKIMsgID;
import oracle.security.pki.textui.OraclePKIGenFunc;

/* loaded from: input_file:oracle/security/pki/OracleCRL.class */
public class OracleCRL {
    static ResourceBundle a = ResourceBundle.getBundle(OraclePKIMsgID.a);

    public static void uploadCRL(String str, char[] cArr, boolean z, InputStream inputStream, String str2, String str3, String str4, char[] cArr2, boolean z2) throws AuthenticationException, KeyStoreException, NameNotFoundException, NoPermissionException, NamingException, IOException {
        OraclePKIDebug.a("OracleCRL: uploadCRL");
        CRL readB64CRLFrom = OraclePKIX509CrlHelper.readB64CRLFrom(new InputStreamReader(inputStream));
        if (str != null && cArr != null) {
            a(str, readB64CRLFrom, new String(cArr), z, z2);
        }
        if (cArr2 == null) {
            throw new NullPointerException("Ldap password should not be null.");
        }
        InitialLdapContext sSLDirCtx = ConnectionUtil.getSSLDirCtx(str2, str3, str4, new String(cArr2));
        BasicAttributes a2 = a(readB64CRLFrom.getIssuer().toString());
        NamingEnumeration search = sSLDirCtx.search(OraclePKICmd.aI, a2);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        readB64CRLFrom.output(byteArrayOutputStream);
        BasicAttribute basicAttribute = new BasicAttribute("certificaterevocationlist", byteArrayOutputStream.toByteArray());
        if (z2) {
            System.out.println(a.getString(OraclePKIMsgID.br) + readB64CRLFrom.getIssuer());
        }
        if (search.hasMore()) {
            SearchResult searchResult = (SearchResult) search.next();
            String str5 = searchResult.getName() + "," + OraclePKICmd.aI;
            BasicAttributes basicAttributes = new BasicAttributes();
            basicAttributes.put(basicAttribute);
            sSLDirCtx.modifyAttributes(searchResult.getName() + "," + OraclePKICmd.aI, 2, basicAttributes);
            if (z2) {
                System.out.println(a.getString(OraclePKIMsgID.bE) + str5);
                return;
            }
            return;
        }
        a2.put(basicAttribute);
        String str6 = readB64CRLFrom.getIssuer().getCommonName() + " " + OraclePKIX509CrlFileStore.hashName(readB64CRLFrom.getIssuer());
        if (str6.equals("")) {
            str6 = readB64CRLFrom.getIssuer().getOrgUnitName();
        }
        String str7 = "cn=" + str6 + "," + OraclePKICmd.aI;
        sSLDirCtx.createSubcontext(str7, a2);
        if (z2) {
            System.out.println(a.getString(OraclePKIMsgID.bF) + str7);
        }
    }

    private static BasicAttributes a(String str) {
        BasicAttribute basicAttribute = new BasicAttribute("objectclass");
        basicAttribute.add("orclPKICRL");
        basicAttribute.add("cRLDistributionPoint");
        basicAttribute.add("top");
        BasicAttributes basicAttributes = new BasicAttributes(true);
        basicAttributes.put(basicAttribute);
        basicAttributes.put(new BasicAttribute(OraclePKICmd.aJ, str));
        return basicAttributes;
    }

    private static void a(String str, CRL crl, String str2, boolean z, boolean z2) throws AuthenticationException, KeyStoreException, IOException {
        if (str != null) {
            a(crl, OraclePKIGenFunc.openAWallet(str, str2, z));
            if (z2) {
                System.out.println(a.getString(OraclePKIMsgID.bq));
            }
        }
    }

    private static void a(CRL crl, OracleWallet oracleWallet) throws AuthenticationException, KeyStoreException, IOException {
        OraclePKIPrincipalImpl oraclePKIPrincipalImpl = new OraclePKIPrincipalImpl(crl.getIssuer());
        if (!crl.verifyDate()) {
            throw new AuthenticationException("CRL expired/not yet valid");
        }
        KeyStore keyStore = oracleWallet.getKeyStore();
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            Certificate certificate = keyStore.getCertificate(aliases.nextElement());
            if ((certificate instanceof X509Certificate) && oraclePKIPrincipalImpl.equals(((X509Certificate) certificate).getSubjectDN()) && certificate.getPublicKey().getAlgorithm().equals(PKIConstants.RSA)) {
                crl.setPublicKey(new RSAPublicKey(certificate.getPublicKey().getEncoded()));
                if (crl.verify()) {
                    return;
                }
            }
        }
        throw new AuthenticationException(a.getString(OraclePKIMsgID.ay));
    }
}
