package com.ibm.security.cert;

import com.ibm.misc.Debug;
import java.net.URI;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.Extension;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
import java.security.cert.PKIXRevocationChecker;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/ibm/security/cert/PKIXRevocationCheckerImpl.class */
public class PKIXRevocationCheckerImpl extends PKIXRevocationChecker {
    private URI ocspResponder;
    private X509Certificate ocspResponderCert;
    private List<Extension> ocspExtensions = Collections.emptyList();
    private Map<X509Certificate, byte[]> ocspResponses = Collections.emptyMap();
    private Set<PKIXRevocationChecker.Option> options = Collections.emptySet();
    protected LinkedList<CertPathValidatorException> softFailExceptions = new LinkedList<>();
    private static final Debug debug = Debug.getInstance("certpath");

    public void setOCSPResponder(URI uri) {
        this.ocspResponder = uri;
    }

    public URI getOCSPResponder() {
        return this.ocspResponder;
    }

    public void setOCSPResponderCert(X509Certificate x509Certificate) {
        this.ocspResponderCert = x509Certificate;
    }

    public X509Certificate getOCSPResponderCert() {
        return this.ocspResponderCert;
    }

    public void setOCSPExtensions(List<Extension> list) {
        this.ocspExtensions = list == null ? Collections.emptyList() : new ArrayList<>(list);
    }

    public List<Extension> getOCSPExtensions() {
        return Collections.unmodifiableList(this.ocspExtensions);
    }

    public void setOCSPResponses(Map<X509Certificate, byte[]> map) {
        if (map == null) {
            this.ocspResponses = Collections.emptyMap();
            return;
        }
        HashMap hashMap = new HashMap(map.size());
        for (Map.Entry<X509Certificate, byte[]> entry : map.entrySet()) {
            hashMap.put(entry.getKey(), entry.getValue().clone());
        }
        this.ocspResponses = hashMap;
    }

    public Map<X509Certificate, byte[]> getOCSPResponses() {
        HashMap hashMap = new HashMap(this.ocspResponses.size());
        for (Map.Entry<X509Certificate, byte[]> entry : this.ocspResponses.entrySet()) {
            hashMap.put(entry.getKey(), entry.getValue().clone());
        }
        return hashMap;
    }

    @Override // java.security.cert.PKIXRevocationChecker
    public void setOptions(Set<PKIXRevocationChecker.Option> set) {
        this.options = set == null ? Collections.emptySet() : new HashSet<>(set);
    }

    @Override // java.security.cert.PKIXRevocationChecker
    public Set<PKIXRevocationChecker.Option> getOptions() {
        return Collections.unmodifiableSet(this.options);
    }

    @Override // java.security.cert.PKIXRevocationChecker, java.security.cert.PKIXCertPathChecker
    public PKIXRevocationChecker clone() {
        PKIXRevocationCheckerImpl pKIXRevocationCheckerImpl = (PKIXRevocationCheckerImpl) super.clone();
        pKIXRevocationCheckerImpl.ocspExtensions = new ArrayList(this.ocspExtensions);
        pKIXRevocationCheckerImpl.ocspResponses = new HashMap(this.ocspResponses);
        for (Map.Entry entry : pKIXRevocationCheckerImpl.ocspResponses.entrySet()) {
            entry.setValue(((byte[]) entry.getValue()).clone());
        }
        pKIXRevocationCheckerImpl.options = new HashSet(this.options);
        pKIXRevocationCheckerImpl.softFailExceptions = new LinkedList<>(this.softFailExceptions);
        return pKIXRevocationCheckerImpl;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("Forward checking is unsupported.");
        }
        this.softFailExceptions.clear();
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXRevocationChecker
    public List<CertPathValidatorException> getSoftFailExceptions() {
        return Collections.unmodifiableList(this.softFailExceptions);
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) {
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void check(Certificate certificate) throws CertPathValidatorException {
        check(certificate, Collections.emptySet());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean isSoftFailException(CertPathValidatorException certPathValidatorException, PKIXParameters pKIXParameters) {
        PKIXRevocationCheckerImpl pKIXRevocationCheckerFromPKIXParameters = getPKIXRevocationCheckerFromPKIXParameters(pKIXParameters);
        if (pKIXRevocationCheckerFromPKIXParameters == null || !getSoftFail(pKIXParameters) || certPathValidatorException.getReason() != CertPathValidatorException.BasicReason.UNDETERMINED_REVOCATION_STATUS) {
            return false;
        }
        pKIXRevocationCheckerFromPKIXParameters.softFailExceptions.addFirst(certPathValidatorException);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean getSoftFail(PKIXParameters pKIXParameters) {
        PKIXRevocationCheckerImpl pKIXRevocationCheckerFromPKIXParameters = getPKIXRevocationCheckerFromPKIXParameters(pKIXParameters);
        if (pKIXRevocationCheckerFromPKIXParameters == null) {
            if (debug == null) {
                return false;
            }
            System.out.println("CERTPATH:  PKIXRevocationCheckerImpl.java:  getSoftFail():  SOFT_FAIL was NOT specified by the caller.  The RevocationChecker object was null.  Returning FALSE");
            return false;
        }
        Set<PKIXRevocationChecker.Option> options = pKIXRevocationCheckerFromPKIXParameters.getOptions();
        if (options == null) {
            if (debug == null) {
                return false;
            }
            System.out.println("CERTPATH:  PKIXRevocationCheckerImpl.java:  getSoftFail():  SOFT_FAIL was NOT specified by the caller.  The OptionSet was null.  Returning FALSE");
            return false;
        }
        if (debug != null) {
            System.out.println("CERTPATH:  PKIXRevocationCheckerImpl.java:  getSoftFail():  The revocation optionSet is not null.");
        }
        if (options.size() == 0) {
            if (debug == null) {
                return false;
            }
            System.out.println("CERTPATH:  PKIXRevocationCheckerImpl.java:  getSoftFail():  SOFT_FAIL was NOT specified by the caller.  The OptionSet was empty.  Returning FALSE");
            return false;
        }
        Iterator<PKIXRevocationChecker.Option> it = options.iterator();
        while (it.hasNext()) {
            if (it.next() == PKIXRevocationChecker.Option.SOFT_FAIL) {
                if (debug == null) {
                    return true;
                }
                System.out.println("CERTPATH:  PKIXRevocationCheckerImpl.java:  getSoftFail():  SOFT_FAIL was specified by the caller.  Returning TRUE");
                return true;
            }
        }
        if (debug == null) {
            return false;
        }
        System.out.println("CERTPATH:  PKIXRevocationCheckerImpl.java:  getSoftFail():  SOFT_FAIL was NOT specified by the caller.  Returning FALSE");
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean getOnlyCheckEECert(PKIXParameters pKIXParameters) {
        boolean z = false;
        PKIXRevocationCheckerImpl pKIXRevocationCheckerFromPKIXParameters = getPKIXRevocationCheckerFromPKIXParameters(pKIXParameters);
        if (pKIXRevocationCheckerFromPKIXParameters != null) {
            Set<PKIXRevocationChecker.Option> options = pKIXRevocationCheckerFromPKIXParameters.getOptions();
            if (options != null) {
                Iterator<PKIXRevocationChecker.Option> it = options.iterator();
                while (it.hasNext()) {
                    if (it.next() == PKIXRevocationChecker.Option.ONLY_END_ENTITY) {
                        z = true;
                        if (debug != null) {
                            System.out.println("CERTPATH: PKIXRevocationCheckerImpl.java:  getOnlyCheckEECert():  ONLY_END_ENTITY = true IN REVOCATION CHECKER ");
                            System.out.println("                                                                  Setting onlyCheckEECert = true               ");
                        }
                    } else if (debug != null) {
                        System.out.println("CERTPATH: PKIXRevocationCheckerImpl.java:  getOnlyCheckEECert():  This PKIXRevocationChecker.Option is NOT \"ONLY_END_ENTITY\" ");
                    }
                }
            } else if (debug != null) {
                System.out.println("CERTPATH:  PKIXRevocationCheckerImpl.java:  getOnlyCheckEECert():  ONLY_END_ENTITY = false SINCE THE OPTIONS IN REVOCATION CHECKER ARE NULL");
            }
        }
        if (CertPathSystemProperties.getOnlyEECert()) {
            z = true;
            if (debug != null) {
                System.out.println("CERTPATH: PKIXRevocationCheckerImpl.java:  getOnlyCheckEECert():  The system property com.ibm.security.onlyCheckRevocationOfEECert DID specify that only the end-entity cert was to be checked.");
            }
        } else if (debug != null) {
            System.out.println("CERTPATH: PKIXRevocationCheckerImpl.java:  getOnlyCheckEECert():  The system property com.ibm.security.onlyCheckRevocationOfEECert DID NOT specify that only the end-entity cert was to be checked.");
        }
        if (debug != null) {
            System.out.println("CERTPATH: PKIXRevocationCheckerImpl.java:  getOnlyCheckEECert():  Returning:  " + z);
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PKIXRevocationCheckerImpl getPKIXRevocationCheckerFromPKIXParameters(PKIXParameters pKIXParameters) {
        if (pKIXParameters == null) {
            return null;
        }
        List<PKIXCertPathChecker> certPathCheckers = pKIXParameters.getCertPathCheckers();
        if (certPathCheckers == null) {
            if (debug == null) {
                return null;
            }
            System.out.println("PKIXRevocationCheckerImpl.java:  getPKIXRevocationCheckerFromPKIXParameters():  The list of CertPathCheckers from PKIXParameters was NULL.  Therefore, there was no PKIXRevocationChecker object.");
            return null;
        }
        if (debug != null) {
            System.out.println("PKIXRevocationCheckerImpl.java:  The PKIXParameters contains a list of CertPathCheckers that is not null");
        }
        int size = certPathCheckers.size();
        if (size == 0) {
            if (debug == null) {
                return null;
            }
            System.out.println("PKIXRevocationCheckerImpl.java:  getPKIXRevocationCheckerFromPKIXParameters():  The list of CertPathCheckers from PKIXParameters was empty.  Therefore, there was no PKIXRevocationChecker object.");
            return null;
        }
        if (debug != null) {
            System.out.println("PKIXRevocationCheckerImpl.java:  The PKIXParameters contains a list of CertPathCheckers and the list size is not zero");
        }
        for (int i = 0; i < size; i++) {
            PKIXCertPathChecker pKIXCertPathChecker = certPathCheckers.get(i);
            if (debug != null) {
                System.out.println("PKIXRevocationCheckerImpl.java:  The PKIXParameters contains a checker of class:  " + pKIXCertPathChecker.getClass().getName());
            }
            if (pKIXCertPathChecker instanceof PKIXRevocationCheckerImpl) {
                if (debug != null) {
                    System.out.println("PKIXRevocationCheckerImpl.java:  getPKIXRevocationCheckerFromPKIXParameters():  PKIXParameters DID contain a PKIXRevocationChecker object.");
                }
                return (PKIXRevocationCheckerImpl) pKIXCertPathChecker;
            }
        }
        return null;
    }
}
