package com.ibm.security.cert;

import com.ibm.misc.Debug;
import com.ibm.security.x509.GeneralSubtrees;
import com.ibm.security.x509.NameConstraintsExtension;
import com.ibm.security.x509.OIDMap;
import com.ibm.security.x509.SubjectAlternativeNameExtension;
import java.io.IOException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Set;
import java.util.Vector;

/* loaded from: input_file:efixes/JDKiFix_linux_i386/components/prereq.jdk/update.jar:/java/jre/lib/ibmcertpathprovider.jar:com/ibm/security/cert/NameChecker.class */
public class NameChecker extends PKIXCertPathChecker {
    static final int NAME_CONSTRAINTS_ERROR = 5;
    private int numberOfCertsInCertPath;
    private CertPath certPath;
    private int currentCertIndex;
    private GeneralSubtrees permittedSubtrees = null;
    private GeneralSubtrees excludedSubtrees = null;
    private String sigProvider;
    static final String[] myExtensions = {OIDMap.getOID(NameConstraintsExtension.IDENT).toString(), OIDMap.getOID(SubjectAlternativeNameExtension.IDENT).toString()};
    private static final Debug debug = Debug.getInstance("certpath");

    public NameChecker(CertPath certPath, String str) throws CertPathValidatorException {
        this.certPath = certPath;
        this.numberOfCertsInCertPath = certPath.getCertificates().size();
        this.currentCertIndex = this.numberOfCertsInCertPath - 1;
        this.sigProvider = str;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("The direction of forward is not supported.");
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection collection) throws CertPathValidatorException {
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (!x509Certificate.getIssuerDN().equals(x509Certificate.getSubjectDN()) || this.currentCertIndex <= 0) {
            if (this.excludedSubtrees == null) {
                try {
                    this.excludedSubtrees = new GeneralSubtrees(new Vector());
                } catch (IOException e) {
                    throw new CertPathValidatorException("An internal error has occurred.", e);
                }
            }
            try {
                NameConstraintsExtension nameConstraintsExtension = new NameConstraintsExtension(this.permittedSubtrees, this.excludedSubtrees);
                if (debug != null) {
                    System.out.print("CERTPATH: Checking name constraints");
                    if (this.permittedSubtrees != null) {
                        System.out.println("permitted trees:");
                        for (int i = 0; i < this.permittedSubtrees.size(); i++) {
                            System.out.println(this.permittedSubtrees.get(i));
                        }
                    }
                    if (this.excludedSubtrees != null) {
                        System.out.println("excluded trees:");
                        for (int i2 = 0; i2 < this.excludedSubtrees.size(); i2++) {
                            System.out.println(this.excludedSubtrees.get(i2));
                        }
                    }
                }
                X509CertSelector x509CertSelector = new X509CertSelector();
                x509CertSelector.setNameConstraints(nameConstraintsExtension.getExtensionValue());
                if (!x509CertSelector.match(x509Certificate)) {
                    throw new CertPathValidatorException("The certificate failed the name constraint check", null, this.certPath, this.currentCertIndex);
                }
                if (this.currentCertIndex < this.numberOfCertsInCertPath) {
                    processNameConstraints(x509Certificate);
                }
            } catch (IOException e2) {
                throw new CertPathValidatorException("An internal error has occurred.", e2);
            }
        }
        this.currentCertIndex--;
        CertPathUtil.removeExtensions(collection, myExtensions);
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Object clone() {
        return null;
    }

    private void processNameConstraints(X509Certificate x509Certificate) throws CertPathValidatorException {
        NameConstraintsExtension nameConstraintsExtension = null;
        Object[] extension = CertPathUtil.getExtension(NameConstraintsExtension.IDENT, x509Certificate);
        if (extension[1] != null) {
            try {
                nameConstraintsExtension = new NameConstraintsExtension((Boolean) extension[0], extension[1]);
            } catch (IOException e) {
                throw new CertPathValidatorException("An internal error has occurred.", e);
            }
        }
        if (nameConstraintsExtension != null) {
            if (!nameConstraintsExtension.isCritical()) {
                throw new CertPathValidatorException("The NameConstraints extension was not critical.");
            }
            try {
                GeneralSubtrees generalSubtrees = (GeneralSubtrees) nameConstraintsExtension.get(NameConstraintsExtension.PERMITTED_SUBTREES);
                if (generalSubtrees != null) {
                    if (this.permittedSubtrees == null) {
                        this.permittedSubtrees = (GeneralSubtrees) generalSubtrees.clone();
                    } else {
                        GeneralSubtrees intersect = this.permittedSubtrees.intersect(generalSubtrees);
                        if (intersect != null) {
                            if (this.excludedSubtrees != null) {
                                this.excludedSubtrees.union(intersect);
                            } else {
                                this.excludedSubtrees = (GeneralSubtrees) intersect.clone();
                            }
                        }
                    }
                }
                try {
                    GeneralSubtrees generalSubtrees2 = (GeneralSubtrees) nameConstraintsExtension.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
                    if (generalSubtrees2 != null) {
                        if (this.excludedSubtrees == null) {
                            this.excludedSubtrees = (GeneralSubtrees) generalSubtrees2.clone();
                        } else {
                            this.excludedSubtrees.union(generalSubtrees2);
                        }
                    }
                } catch (IOException e2) {
                    throw new CertPathValidatorException("An internal error has occurred.", e2);
                }
            } catch (IOException e3) {
                throw new CertPathValidatorException("An internal error has occurred.", e3);
            }
        }
    }
}
