package org.jmrtd.cert;

import com.facebook.stetho.common.Utf8Charset;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.Provider;
import java.security.cert.CRL;
import java.security.cert.CRLSelector;
import java.security.cert.CertSelector;
import java.security.cert.CertStoreException;
import java.security.cert.CertStoreParameters;
import java.security.cert.CertStoreSpi;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CertSelector;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Logger;
import javax.naming.CommunicationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import net.sourceforge.scuba.util.Hex;
import t.c.h;

/* loaded from: classes2.dex */
public class PKDCertStoreSpi extends CertStoreSpi {
    private static final String CERTIFICATE_ATTRIBUTE_NAME = "userCertificate";
    private static final String CRL_ATTRIBUTE_NAME = "certificateRevocationList";
    private static final String CSCA_MASTER_LIST_DATA_ATTRIBUTE_NAME = "CscaMasterListData";
    private static final Provider JMRTD_PROVIDER = h.c();
    private static final Logger LOGGER = Logger.getLogger("org.jmrtd");
    private static final long SERVER_TIMEOUT = 5000;
    private String baseDN;
    private Collection<Certificate> certificates;
    private DirContext context;
    private Collection<CRL> crls;
    private List<CertificateFactory> factories;
    private long heartBeat;
    private boolean isMasterListStore;
    private PKDCertStoreParameters params;
    private int port;
    private String server;

    public PKDCertStoreSpi(CertStoreParameters certStoreParameters) throws InvalidAlgorithmParameterException {
        super(certStoreParameters);
        if (certStoreParameters == null) {
            throw new InvalidAlgorithmParameterException("Input was null.");
        }
        if (!(certStoreParameters instanceof PKDCertStoreParameters)) {
            throw new InvalidAlgorithmParameterException("Expected PKDCertStoreParameters, found " + certStoreParameters.getClass().getCanonicalName());
        }
        PKDCertStoreParameters pKDCertStoreParameters = (PKDCertStoreParameters) certStoreParameters;
        this.params = pKDCertStoreParameters;
        this.isMasterListStore = certStoreParameters instanceof PKDMasterListCertStoreParameters;
        this.server = pKDCertStoreParameters.getServerName();
        this.port = pKDCertStoreParameters.getPort();
        this.baseDN = pKDCertStoreParameters.getBaseDN();
        this.factories = new ArrayList();
        try {
            this.factories.add(CertificateFactory.getInstance("X.509"));
        } catch (Exception unused) {
        }
        try {
            if (JMRTD_PROVIDER != null) {
                this.factories.add(CertificateFactory.getInstance("X.509", JMRTD_PROVIDER.getName()));
            }
        } catch (Exception unused2) {
        }
    }

    private void addToList(NamingEnumeration<?> namingEnumeration, String str, Collection<byte[]> collection) throws NamingException {
        while (namingEnumeration != null && namingEnumeration.hasMore()) {
            NamingEnumeration all = ((SearchResult) namingEnumeration.next()).getAttributes().getAll();
            int i2 = 0;
            while (all.hasMore()) {
                Attribute attribute = (Attribute) all.next();
                String id = attribute.getID();
                if (!id.startsWith(str)) {
                    LOGGER.warning("Search found \"" + id + "\", was expecting \"" + str + "\"");
                }
                NamingEnumeration all2 = attribute.getAll();
                int i3 = 0;
                while (all2.hasMore()) {
                    Object next = all2.next();
                    if (next instanceof byte[]) {
                        collection.add((byte[]) next);
                    } else if (next instanceof String) {
                        LOGGER.warning("Found String attribute value, was expecting byte[]");
                        try {
                            collection.add(((String) next).getBytes(Utf8Charset.NAME));
                        } catch (Exception e) {
                            e.printStackTrace();
                        }
                    } else {
                        LOGGER.warning("Found attribute value of type " + next.getClass().getCanonicalName());
                    }
                    i3++;
                }
                if (i3 != 1) {
                    LOGGER.warning("More than 1 value for \"" + id + "\"");
                }
                i2++;
            }
            if (i2 != 1) {
                LOGGER.warning("More than 1 attribute found in an object with attribute \"" + str + "\"");
            }
        }
    }

    private synchronized void connect() throws CommunicationException {
        try {
            this.context = null;
            Hashtable hashtable = new Hashtable();
            hashtable.put("java.naming.ldap.attributes.binary", CSCA_MASTER_LIST_DATA_ATTRIBUTE_NAME);
            hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
            hashtable.put("java.naming.provider.url", "ldap://" + this.server + ":" + this.port);
            this.context = new InitialDirContext(hashtable);
        } catch (NamingException e) {
            e.printStackTrace();
            throw new IllegalArgumentException("Could not connect to server \"" + this.server + "\"");
        }
    }

    private Collection<byte[]> searchAllAttributes(String str, String str2, String str3) {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{str2});
        searchControls.setReturningObjFlag(true);
        HashSet hashSet = new HashSet();
        try {
            addToList(this.context.search(str, str3, searchControls), str2, hashSet);
        } catch (NamingException e) {
            e.printStackTrace();
        }
        return hashSet;
    }

    private Collection<CRL> searchCRLs(CRLSelector cRLSelector) {
        if (this.crls != null && System.currentTimeMillis() - this.heartBeat < SERVER_TIMEOUT) {
            this.heartBeat = System.currentTimeMillis();
            return this.crls;
        }
        Collection<byte[]> searchAllAttributes = searchAllAttributes(this.params.getBaseDN(), CRL_ATTRIBUTE_NAME, "(&(objectclass=cRLDistributionPoint))");
        HashSet hashSet = new HashSet(searchAllAttributes.size());
        for (byte[] bArr : searchAllAttributes) {
            CRL crl = null;
            Iterator<CertificateFactory> it = this.factories.iterator();
            while (it.hasNext()) {
                try {
                    crl = it.next().generateCRL(new ByteArrayInputStream(bArr));
                } catch (Exception unused) {
                }
            }
            if (crl != null && cRLSelector.match(crl)) {
                hashSet.add(crl);
            }
        }
        this.heartBeat = System.currentTimeMillis();
        this.crls = hashSet;
        return hashSet;
    }

    private Collection<Certificate> searchCSCACertificates(CertSelector certSelector) {
        if (this.certificates != null && System.currentTimeMillis() - this.heartBeat < SERVER_TIMEOUT) {
            this.heartBeat = System.currentTimeMillis();
            return this.certificates;
        }
        Collection<byte[]> searchAllAttributes = searchAllAttributes(this.params.getBaseDN(), CSCA_MASTER_LIST_DATA_ATTRIBUTE_NAME, "(&(objectclass=CscaMasterList))");
        ArrayList arrayList = new ArrayList(searchAllAttributes.size());
        Iterator<byte[]> it = searchAllAttributes.iterator();
        while (it.hasNext()) {
            arrayList.addAll(new CSCAMasterList(it.next(), certSelector).getCertificates());
        }
        this.certificates = arrayList;
        this.heartBeat = System.currentTimeMillis();
        return arrayList;
    }

    private Collection<Certificate> searchCertificates(CertSelector certSelector) {
        BigInteger serialNumber;
        if (this.certificates != null && System.currentTimeMillis() - this.heartBeat < SERVER_TIMEOUT) {
            this.heartBeat = System.currentTimeMillis();
            return this.certificates;
        }
        Collection<byte[]> searchAllAttributes = searchAllAttributes(this.params.getBaseDN(), CERTIFICATE_ATTRIBUTE_NAME, (!(certSelector instanceof X509CertSelector) || (serialNumber = ((X509CertSelector) certSelector).getSerialNumber()) == null) ? "(&(objectclass=inetOrgPerson))" : "(&(objectclass=inetOrgPerson)(sn=" + Hex.bytesToHexString(serialNumber.toByteArray()) + "))");
        HashSet hashSet = new HashSet(searchAllAttributes.size());
        for (byte[] bArr : searchAllAttributes) {
            Certificate certificate = null;
            Iterator<CertificateFactory> it = this.factories.iterator();
            while (it.hasNext()) {
                try {
                    certificate = it.next().generateCertificate(new ByteArrayInputStream(bArr));
                } catch (Exception unused) {
                }
            }
            if (certSelector.match(certificate)) {
                hashSet.add(certificate);
            }
        }
        this.certificates = hashSet;
        this.heartBeat = System.currentTimeMillis();
        return hashSet;
    }

    @Override // java.security.cert.CertStoreSpi
    public Collection<? extends CRL> engineGetCRLs(CRLSelector cRLSelector) throws CertStoreException {
        try {
            if (this.context == null) {
                connect();
            }
            return searchCRLs(cRLSelector);
        } catch (CommunicationException e) {
            e.printStackTrace();
            return new HashSet();
        }
    }

    @Override // java.security.cert.CertStoreSpi
    public Collection<? extends Certificate> engineGetCertificates(CertSelector certSelector) {
        try {
            if (this.context == null) {
                connect();
            }
            return this.isMasterListStore ? searchCSCACertificates(certSelector) : searchCertificates(certSelector);
        } catch (CommunicationException e) {
            e.printStackTrace();
            return new HashSet();
        }
    }

    public String getBaseDN() {
        return this.baseDN;
    }
}
