package com.ftc.gss;

import com.ftc.appmod.AppCertificate;
import com.ftc.tools.Cfg;
import com.ftc.tools.Syslog;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.sql.SQLException;
import java.util.Enumeration;
import java.util.Hashtable;

/* loaded from: input_file:com/ftc/gss/SKSCRL.class */
public class SKSCRL extends CRL {
    private byte[] lastSignature;
    private SKSDAO db;

    @Override // java.security.cert.CRL
    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        try {
            Enumeration findAll = this.db.findAll();
            while (findAll.hasMoreElements()) {
                String[] strArr = (String[]) findAll.nextElement();
                stringBuffer.append(new StringBuffer().append("subject=").append(strArr[0]).toString()).append(new StringBuffer().append(", issuer=").append(strArr[1]).toString()).append(new StringBuffer().append(", #=").append(strArr[2]).toString()).append(new StringBuffer().append(" vers=").append(strArr[3]).toString()).append("\n");
            }
            return stringBuffer.toString();
        } catch (SQLException e) {
            Syslog.err(new StringBuffer().append("SKSCRL::toString:").append(e).toString());
            return null;
        }
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        try {
            if (certificate instanceof SKSCertificate) {
                return this.db.isCRLEntry(((SKSCertificate) certificate).getSubject(), ((SKSCertificate) certificate).getIssuer(), ((SKSCertificate) certificate).getSerialNumber(), ((SKSCertificate) certificate).getVersion());
            }
            return true;
        } catch (SQLException e) {
            Syslog.err(new StringBuffer().append("SKSCRL::isRevoked:").append(e).toString());
            return true;
        }
    }

    public void verify(PublicKey publicKey) throws GeneralSecurityException {
    }

    public SKSCRL() throws CRLException {
        super("SKS");
        try {
            this.db = new SKSDAO();
            update();
        } catch (GeneralSecurityException e) {
            Syslog.err(new StringBuffer().append("SKSCRL::SKSCRL: SECURITY ALERT !!! ").append(e).toString());
            throw new CRLException(e.getMessage());
        } catch (Exception e2) {
            throw new CRLException(e2.getMessage());
        }
    }

    public void update() throws GeneralSecurityException, SQLException, IOException {
        Hashtable crl = SKSRetriever.getCRL(Cfg.getProperty("caDN.1"));
        if (crl.size() == 0) {
            return;
        }
        byte[] bArr = (byte[]) crl.get("crlsignature");
        if (isByteArrayEqual(this.lastSignature, bArr)) {
            return;
        }
        this.lastSignature = bArr;
        String[] strArr = (String[]) crl.get("certificaterevocationlist");
        if (bArr == null && strArr == null) {
            return;
        }
        if ((bArr == null && strArr != null) || (bArr != null && strArr == null)) {
            Syslog.err("SKSCRL::update: SECURITY ALERT !!! Invalid CRL.");
            return;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        for (String str : strArr) {
            byte[] bytes = str.getBytes();
            byteArrayOutputStream.write(bytes, 0, bytes.length);
        }
        byteArrayOutputStream.close();
        Signature signature = Signature.getInstance("SKS", "FTC");
        signature.initVerify(CertificateFactory.getInstance("SKS").generateCertificate(new ByteArrayInputStream(new byte[1])).getPublicKey());
        signature.update(byteArrayOutputStream.toByteArray());
        ((SKSSignature) signature).idupVerify(bArr);
        Syslog.dbg(5, "SKSCRL::update:Signature is OK.");
        this.db.putCRLEntries(strArr);
    }

    private static boolean isByteArrayEqual(byte[] bArr, byte[] bArr2) {
        if (bArr == null && bArr2 == null) {
            return true;
        }
        if (bArr == null && bArr2 != null) {
            return false;
        }
        if ((bArr != null && bArr2 == null) || bArr.length != bArr2.length) {
            return false;
        }
        for (int i = 0; i < bArr.length; i++) {
            if (bArr[i] != bArr2[i]) {
                return false;
            }
        }
        return true;
    }

    public boolean isRevoked(AppCertificate appCertificate) {
        try {
            return this.db.isCRLEntry(appCertificate.getSubjectName(), appCertificate.getIssuerName(), appCertificate.getSerialNumber(), appCertificate.getVersion());
        } catch (SQLException e) {
            Syslog.err(new StringBuffer().append("SKSCRL::isRevoked:").append(e).toString());
            return true;
        }
    }
}
