package ksign.jce.provider.validate;

import com.ksign.KCaseLogging;
import com.ksign.asn1.ASN1InputStream;
import com.ksign.asn1.ASN1Object;
import com.ksign.asn1.ASN1ObjectIdentifier;
import com.ksign.asn1.ASN1OctetString;
import com.ksign.asn1.DEREnumerated;
import com.ksign.asn1.x509.CRLReason;
import com.ksign.asn1.x509.KeyPurposeId;
import com.ksign.asn1.x509.X509Extension;
import com.ksign.util.Arrays;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
import java.net.URLConnection;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import ksign.jce.crypto.ldap.LDAPUtil;
import ksign.jce.provider.x509.X509CRLEntryObject;
import ksign.jce.provider.x509.X509CRLObject;
import ksign.jce.provider.x509.X509CertificateObject;
import ksign.jce.util.HexPrint;
import ksign.jce.util.JCEUtil;

/* loaded from: classes.dex */
public class ValidateCert {
    static final /* synthetic */ boolean $assertionsDisabled;
    private static final String ANY_POLICY = "2.5.29.32.0";
    public static final int KCE_ALLUSAGE_CERT = 4;
    public static final int KCE_KM_CERT = 1;
    public static final int KCE_SN_CERT = 2;
    public static final int KCE_TSA_CERT = 3;
    public static final int KCV_CHECK_FULL_CRL = 0;
    public static final int KCV_CHECK_USER_CRL_ONLY = 1;
    private static final int MAX_CA_PATH_LEN = 1000;
    private static final int MAX_CERT_NO = 30;
    private static final int MAX_DIRCONTEXT_NO = 10;
    private static File cacheDir;
    protected String Cert3280DN;
    private String Ksigngpki_Cert_path;
    private String Ksigngpki_ConfFile_path;
    private String Ksigngpki_LicenFile_path;
    private String Ksigngpki_ServerCert_path;
    private String Ksigngpki_ServerKey_path;
    private String Ksigngpki_TrustCert_path;
    private X509CertificateObject RootxObject;
    private String baseDir;
    private Hashtable convertUrl;
    private Vector excludedSubtreesDN;
    private Vector excludedSubtreesdNSName;
    private Vector excludedSubtreesrfc822Name;
    private int explicitPolicy;
    private int inhibitAnyPolicy;
    private boolean initialAnyPolicyInhibit;
    private boolean initialExplicitPolicy;
    private boolean initialPolicyMappingInhibit;
    private boolean isLocalSaveCRL;
    private Vector m_acceptablePolicySet;
    private boolean m_bAcceptablePolicySet_any;
    private boolean m_bInitialPolicySet_any;
    private boolean m_bPathValidationOp;
    private DirContext[] m_dircontexts;
    private Vector m_initialPolicySet;
    private int m_nCAPathLen;
    private int m_nCrlCheckOption;
    private int m_nExplicitPolicy;
    private int m_nPolicyMapping;
    private int m_nValidateNo;
    private int maxPathLenght;
    private int n;
    private String password;
    private Vector permittedSubtreesDN;
    private Vector permittedSubtreesdNSName;
    private Vector permittedSubtreesrfc822Name;
    private int policyMapping;
    private Date presentTime;
    private String strldapUrl;
    private String userLdapDN;

    static {
        $assertionsDisabled = !ValidateCert.class.desiredAssertionStatus();
    }

    public ValidateCert() {
        this.Ksigngpki_Cert_path = null;
        this.Ksigngpki_ServerCert_path = null;
        this.Ksigngpki_ServerKey_path = null;
        this.Ksigngpki_ConfFile_path = null;
        this.Ksigngpki_LicenFile_path = null;
        this.Ksigngpki_TrustCert_path = null;
        this.m_bPathValidationOp = true;
        this.m_nCrlCheckOption = 0;
        this.m_bInitialPolicySet_any = true;
        this.m_initialPolicySet = null;
        this.isLocalSaveCRL = true;
        this.userLdapDN = null;
        this.password = null;
        this.m_nExplicitPolicy = 0;
        this.m_nPolicyMapping = 0;
        this.m_nCAPathLen = 0;
        this.m_nValidateNo = 0;
        this.m_bAcceptablePolicySet_any = true;
        this.m_acceptablePolicySet = null;
        this.m_dircontexts = new DirContext[10];
        this.baseDir = null;
        this.Cert3280DN = "AccreditedCA";
        this.RootxObject = null;
        this.n = 0;
        this.presentTime = null;
        this.initialPolicyMappingInhibit = false;
        this.initialExplicitPolicy = true;
        this.initialAnyPolicyInhibit = false;
        this.permittedSubtreesDN = null;
        this.permittedSubtreesrfc822Name = null;
        this.permittedSubtreesdNSName = null;
        this.excludedSubtreesDN = null;
        this.excludedSubtreesrfc822Name = null;
        this.excludedSubtreesdNSName = null;
        this.convertUrl = null;
        try {
            jbInit();
        } catch (Exception e) {
            KCaseLogging.print(e);
        }
    }

    public ValidateCert(String str) {
        this.Ksigngpki_Cert_path = null;
        this.Ksigngpki_ServerCert_path = null;
        this.Ksigngpki_ServerKey_path = null;
        this.Ksigngpki_ConfFile_path = null;
        this.Ksigngpki_LicenFile_path = null;
        this.Ksigngpki_TrustCert_path = null;
        this.m_bPathValidationOp = true;
        this.m_nCrlCheckOption = 0;
        this.m_bInitialPolicySet_any = true;
        this.m_initialPolicySet = null;
        this.isLocalSaveCRL = true;
        this.userLdapDN = null;
        this.password = null;
        this.m_nExplicitPolicy = 0;
        this.m_nPolicyMapping = 0;
        this.m_nCAPathLen = 0;
        this.m_nValidateNo = 0;
        this.m_bAcceptablePolicySet_any = true;
        this.m_acceptablePolicySet = null;
        this.m_dircontexts = new DirContext[10];
        this.baseDir = null;
        this.Cert3280DN = "AccreditedCA";
        this.RootxObject = null;
        this.n = 0;
        this.presentTime = null;
        this.initialPolicyMappingInhibit = false;
        this.initialExplicitPolicy = true;
        this.initialAnyPolicyInhibit = false;
        this.permittedSubtreesDN = null;
        this.permittedSubtreesrfc822Name = null;
        this.permittedSubtreesdNSName = null;
        this.excludedSubtreesDN = null;
        this.excludedSubtreesrfc822Name = null;
        this.excludedSubtreesdNSName = null;
        this.convertUrl = null;
        this.baseDir = str;
    }

    public ValidateCert(String str, Hashtable hashtable) {
        this.Ksigngpki_Cert_path = null;
        this.Ksigngpki_ServerCert_path = null;
        this.Ksigngpki_ServerKey_path = null;
        this.Ksigngpki_ConfFile_path = null;
        this.Ksigngpki_LicenFile_path = null;
        this.Ksigngpki_TrustCert_path = null;
        this.m_bPathValidationOp = true;
        this.m_nCrlCheckOption = 0;
        this.m_bInitialPolicySet_any = true;
        this.m_initialPolicySet = null;
        this.isLocalSaveCRL = true;
        this.userLdapDN = null;
        this.password = null;
        this.m_nExplicitPolicy = 0;
        this.m_nPolicyMapping = 0;
        this.m_nCAPathLen = 0;
        this.m_nValidateNo = 0;
        this.m_bAcceptablePolicySet_any = true;
        this.m_acceptablePolicySet = null;
        this.m_dircontexts = new DirContext[10];
        this.baseDir = null;
        this.Cert3280DN = "AccreditedCA";
        this.RootxObject = null;
        this.n = 0;
        this.presentTime = null;
        this.initialPolicyMappingInhibit = false;
        this.initialExplicitPolicy = true;
        this.initialAnyPolicyInhibit = false;
        this.permittedSubtreesDN = null;
        this.permittedSubtreesrfc822Name = null;
        this.permittedSubtreesdNSName = null;
        this.excludedSubtreesDN = null;
        this.excludedSubtreesrfc822Name = null;
        this.excludedSubtreesdNSName = null;
        this.convertUrl = null;
        this.baseDir = str;
        if (hashtable != null) {
            this.convertUrl = hashtable;
        }
    }

    public ValidateCert(String str, boolean z, String str2) {
        this.Ksigngpki_Cert_path = null;
        this.Ksigngpki_ServerCert_path = null;
        this.Ksigngpki_ServerKey_path = null;
        this.Ksigngpki_ConfFile_path = null;
        this.Ksigngpki_LicenFile_path = null;
        this.Ksigngpki_TrustCert_path = null;
        this.m_bPathValidationOp = true;
        this.m_nCrlCheckOption = 0;
        this.m_bInitialPolicySet_any = true;
        this.m_initialPolicySet = null;
        this.isLocalSaveCRL = true;
        this.userLdapDN = null;
        this.password = null;
        this.m_nExplicitPolicy = 0;
        this.m_nPolicyMapping = 0;
        this.m_nCAPathLen = 0;
        this.m_nValidateNo = 0;
        this.m_bAcceptablePolicySet_any = true;
        this.m_acceptablePolicySet = null;
        this.m_dircontexts = new DirContext[10];
        this.baseDir = null;
        this.Cert3280DN = "AccreditedCA";
        this.RootxObject = null;
        this.n = 0;
        this.presentTime = null;
        this.initialPolicyMappingInhibit = false;
        this.initialExplicitPolicy = true;
        this.initialAnyPolicyInhibit = false;
        this.permittedSubtreesDN = null;
        this.permittedSubtreesrfc822Name = null;
        this.permittedSubtreesdNSName = null;
        this.excludedSubtreesDN = null;
        this.excludedSubtreesrfc822Name = null;
        this.excludedSubtreesdNSName = null;
        this.convertUrl = null;
        setInitialPolicy(str, z);
        this.baseDir = str2;
    }

    public ValidateCert(String str, boolean z, boolean z2, int i, String str2) {
        this.Ksigngpki_Cert_path = null;
        this.Ksigngpki_ServerCert_path = null;
        this.Ksigngpki_ServerKey_path = null;
        this.Ksigngpki_ConfFile_path = null;
        this.Ksigngpki_LicenFile_path = null;
        this.Ksigngpki_TrustCert_path = null;
        this.m_bPathValidationOp = true;
        this.m_nCrlCheckOption = 0;
        this.m_bInitialPolicySet_any = true;
        this.m_initialPolicySet = null;
        this.isLocalSaveCRL = true;
        this.userLdapDN = null;
        this.password = null;
        this.m_nExplicitPolicy = 0;
        this.m_nPolicyMapping = 0;
        this.m_nCAPathLen = 0;
        this.m_nValidateNo = 0;
        this.m_bAcceptablePolicySet_any = true;
        this.m_acceptablePolicySet = null;
        this.m_dircontexts = new DirContext[10];
        this.baseDir = null;
        this.Cert3280DN = "AccreditedCA";
        this.RootxObject = null;
        this.n = 0;
        this.presentTime = null;
        this.initialPolicyMappingInhibit = false;
        this.initialExplicitPolicy = true;
        this.initialAnyPolicyInhibit = false;
        this.permittedSubtreesDN = null;
        this.permittedSubtreesrfc822Name = null;
        this.permittedSubtreesdNSName = null;
        this.excludedSubtreesDN = null;
        this.excludedSubtreesrfc822Name = null;
        this.excludedSubtreesdNSName = null;
        this.convertUrl = null;
        this.m_bPathValidationOp = z2;
        this.m_nCrlCheckOption = i;
        setInitialPolicy(str, z);
        this.baseDir = str2;
    }

    public ValidateCert(Hashtable hashtable) {
        this.Ksigngpki_Cert_path = null;
        this.Ksigngpki_ServerCert_path = null;
        this.Ksigngpki_ServerKey_path = null;
        this.Ksigngpki_ConfFile_path = null;
        this.Ksigngpki_LicenFile_path = null;
        this.Ksigngpki_TrustCert_path = null;
        this.m_bPathValidationOp = true;
        this.m_nCrlCheckOption = 0;
        this.m_bInitialPolicySet_any = true;
        this.m_initialPolicySet = null;
        this.isLocalSaveCRL = true;
        this.userLdapDN = null;
        this.password = null;
        this.m_nExplicitPolicy = 0;
        this.m_nPolicyMapping = 0;
        this.m_nCAPathLen = 0;
        this.m_nValidateNo = 0;
        this.m_bAcceptablePolicySet_any = true;
        this.m_acceptablePolicySet = null;
        this.m_dircontexts = new DirContext[10];
        this.baseDir = null;
        this.Cert3280DN = "AccreditedCA";
        this.RootxObject = null;
        this.n = 0;
        this.presentTime = null;
        this.initialPolicyMappingInhibit = false;
        this.initialExplicitPolicy = true;
        this.initialAnyPolicyInhibit = false;
        this.permittedSubtreesDN = null;
        this.permittedSubtreesrfc822Name = null;
        this.permittedSubtreesdNSName = null;
        this.excludedSubtreesDN = null;
        this.excludedSubtreesrfc822Name = null;
        this.excludedSubtreesdNSName = null;
        this.convertUrl = null;
        if (hashtable != null) {
            this.convertUrl = hashtable;
        }
    }

    public ValidateCert(boolean z, int i, String str) {
        this.Ksigngpki_Cert_path = null;
        this.Ksigngpki_ServerCert_path = null;
        this.Ksigngpki_ServerKey_path = null;
        this.Ksigngpki_ConfFile_path = null;
        this.Ksigngpki_LicenFile_path = null;
        this.Ksigngpki_TrustCert_path = null;
        this.m_bPathValidationOp = true;
        this.m_nCrlCheckOption = 0;
        this.m_bInitialPolicySet_any = true;
        this.m_initialPolicySet = null;
        this.isLocalSaveCRL = true;
        this.userLdapDN = null;
        this.password = null;
        this.m_nExplicitPolicy = 0;
        this.m_nPolicyMapping = 0;
        this.m_nCAPathLen = 0;
        this.m_nValidateNo = 0;
        this.m_bAcceptablePolicySet_any = true;
        this.m_acceptablePolicySet = null;
        this.m_dircontexts = new DirContext[10];
        this.baseDir = null;
        this.Cert3280DN = "AccreditedCA";
        this.RootxObject = null;
        this.n = 0;
        this.presentTime = null;
        this.initialPolicyMappingInhibit = false;
        this.initialExplicitPolicy = true;
        this.initialAnyPolicyInhibit = false;
        this.permittedSubtreesDN = null;
        this.permittedSubtreesrfc822Name = null;
        this.permittedSubtreesdNSName = null;
        this.excludedSubtreesDN = null;
        this.excludedSubtreesrfc822Name = null;
        this.excludedSubtreesdNSName = null;
        this.convertUrl = null;
        this.m_bPathValidationOp = z;
        this.m_nCrlCheckOption = i;
        this.baseDir = str;
    }

    private boolean checkCertIssuedbyIssuer(X509CertificateObject x509CertificateObject, X509CertificateObject x509CertificateObject2) {
        String[] authorityKeyId = x509CertificateObject.getAuthorityKeyId();
        String subjectKeyId = x509CertificateObject2.getSubjectKeyId();
        if (authorityKeyId[0] == null || subjectKeyId == null) {
            JCEUtil.setErrorcode("20007");
            throw new ValidateException("(KSign) Cert AKI's input value is null");
        }
        if (authorityKeyId[0].equalsIgnoreCase(subjectKeyId)) {
            return true;
        }
        JCEUtil.setErrorcode("300018");
        throw new ValidateException("(KSign) Cert AKI's KeyIdentifier value wrong");
    }

    private boolean checkCertificatePolicies3280(X509CertificateObject x509CertificateObject) {
        if (x509CertificateObject == null) {
            return false;
        }
        String[] policy = x509CertificateObject.getPolicy();
        for (String str : policy) {
            KCaseLogging.println("�뜝�떕�슱�삕 �뜝�룞�삕�뜝�룞�삕 policy : " + str);
        }
        return assureCertPoliciesInPolicySet(policy, false, this.m_initialPolicySet, this.m_bInitialPolicySet_any) && intersectionAPSwithCP(this.m_acceptablePolicySet, this.m_bAcceptablePolicySet_any, policy, false);
    }

    private void checkExcludedDN(Vector vector, String str) {
        if (!vector.isEmpty() && withinDNSubtree(str, vector)) {
            JCEUtil.setErrorcode("50021");
            throw new ValidateException("(KSign) 3280 Cert's Subject directory name is not from an excluded subtree");
        }
    }

    private void checkExcludeddNSName(Vector vector, String str) {
        if (vector.isEmpty()) {
            return;
        }
        String substring = (str.startsWith("WWW") || str.startsWith("www")) ? str.toLowerCase().substring(3) : str.toLowerCase();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            if (((String) it.next()).toLowerCase().endsWith(substring)) {
                JCEUtil.setErrorcode("50021");
                throw new ValidateException("(KSign) 3280 Cert's Subject dNSname is from an excluded subtree");
            }
        }
    }

    private void checkExcludedrfc822Name(Vector vector, String str) {
        if (vector.isEmpty()) {
            return;
        }
        String substring = str.toLowerCase().substring(str.indexOf(64) + 1);
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            if (((String) it.next()).toLowerCase().endsWith(substring)) {
                JCEUtil.setErrorcode("50021");
                throw new ValidateException("(KSign) 3280 Cert's Subject rfc822Name address is from an excluded subtree");
            }
        }
    }

    private void checkPermittedDN(Vector vector, String str) {
        if (vector.isEmpty() || withinDNSubtree(str, vector)) {
            return;
        }
        JCEUtil.setErrorcode("50020");
        throw new ValidateException("(KSign) 3280 Cert's Subject directory name is not from a permitted subtree");
    }

    private void checkPermitteddNSName(Vector vector, String str) {
        if (vector.isEmpty()) {
            return;
        }
        String substring = (str.startsWith("WWW") || str.startsWith("www")) ? str.toLowerCase().substring(3) : str.toLowerCase();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            if (((String) it.next()).toLowerCase().endsWith(substring)) {
                return;
            }
        }
        JCEUtil.setErrorcode("50020");
        throw new ValidateException("(KSign) 3280 Cert's Subject dNSname is not from a permitted subtree");
    }

    private void checkPermittedrfc822Name(Vector vector, String str) {
        if (vector.isEmpty()) {
            return;
        }
        String substring = str.toLowerCase().substring(str.indexOf(64) + 1);
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            if (((String) it.next()).toLowerCase().endsWith(substring)) {
                return;
            }
        }
        JCEUtil.setErrorcode("50020");
        throw new ValidateException("(KSign) 3280 Cert's Subject rfc822Name address is not from a permitted subtree");
    }

    private boolean checkValidateIssuerCrl(String[] strArr, String[] strArr2) {
        return (strArr2 == null || strArr[0] == null || strArr[1] == null || strArr[2] == null || strArr2[0] == null || strArr2[1] == null || strArr2[2] == null || !strArr[0].equalsIgnoreCase(strArr2[0]) || !strArr[1].equalsIgnoreCase(strArr2[1]) || !strArr[2].equalsIgnoreCase(strArr2[2])) ? false : true;
    }

    private Vector constructCertificatChain_2459(X509CertificateObject x509CertificateObject, boolean z) {
        if (!z) {
            return (Vector) setCertListFromLdap3(x509CertificateObject, true);
        }
        KCaseLogging.println("<<KSign>> 2459 Cert");
        Vector vector = (Vector) setCertListFromLdap3(x509CertificateObject, false);
        if (vector == null) {
            JCEUtil.setErrorcode("50047");
            throw new ValidateException("(KSign) setCertListFromLdap3's certificate path build error");
        }
        this.m_nValidateNo = vector.size();
        this.m_nCAPathLen = 1000;
        this.m_nExplicitPolicy = this.m_nValidateNo + 1;
        this.m_nPolicyMapping = this.m_nValidateNo + 1;
        this.m_bAcceptablePolicySet_any = false;
        return vector;
    }

    private Vector constructCertificatChain_3280(X509CertificateObject x509CertificateObject, boolean z) {
        KCaseLogging.println("<<KSign>> 3280 Cert");
        Vector vector = (Vector) setCertListFromLdap3280(x509CertificateObject, false);
        if (vector == null) {
            JCEUtil.setErrorcode("50047");
            throw new ValidateException("(KSign) setCertListFromLdap3's certificate path build error");
        }
        this.m_nValidateNo = vector.size();
        this.m_nCAPathLen = 1000;
        this.m_nExplicitPolicy = this.m_nValidateNo + 1;
        this.m_nPolicyMapping = this.m_nValidateNo + 1;
        this.m_bAcceptablePolicySet_any = false;
        return vector;
    }

    private int copyStream(InputStream inputStream, OutputStream outputStream, int i) {
        float f = 100.0f / i;
        byte[] bArr = new byte[1000];
        int i2 = 0;
        while (true) {
            int read = inputStream.read(bArr);
            if (read == -1) {
                return i2;
            }
            outputStream.write(bArr, 0, read);
            i2 += read;
        }
    }

    private int copyURLToFile(URLConnection uRLConnection, File file) {
        BufferedInputStream bufferedInputStream = new BufferedInputStream(uRLConnection.getInputStream());
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(file));
            try {
                return copyStream(bufferedInputStream, bufferedOutputStream, uRLConnection.getContentLength());
            } finally {
                bufferedOutputStream.close();
            }
        } finally {
            bufferedInputStream.close();
        }
    }

    private void createCacheDir() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(System.getProperty("user.home")).append(File.separator).append(".kcaseApplet").append(File.separator).append("cache");
        File file = new File(stringBuffer.toString());
        if (KCaseLogging.isKsignDebug) {
            System.err.println("cacheBaseDir = " + file.getAbsolutePath());
        }
        cacheDir = new File(file, "CRL");
        if (KCaseLogging.isKsignDebug) {
            System.err.println("cacheDir = " + cacheDir.getAbsolutePath());
        }
        if (!cacheDir.isDirectory() && !cacheDir.mkdirs()) {
            throw new IOException("Cannot create directory " + cacheDir);
        }
        if (!$assertionsDisabled && !file.isDirectory()) {
            throw new AssertionError();
        }
    }

    private Vector intersectDN(Vector vector, String str) {
        if (vector.isEmpty()) {
            return vector;
        }
        Vector vector2 = new Vector();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            String str2 = (String) it.next();
            if (str2.toLowerCase().endsWith(str.toLowerCase())) {
                vector2.add(str2.toLowerCase());
            }
        }
        return vector2;
    }

    private Vector intersectdNSName(Vector vector, String str) {
        String substring = (str.startsWith("WWW") || str.startsWith("www")) ? str.toLowerCase().substring(3) : str.toLowerCase();
        if (vector.isEmpty()) {
            return vector;
        }
        Vector vector2 = new Vector();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            String str2 = (String) it.next();
            if (str2.toLowerCase().endsWith(substring)) {
                vector2.add(str2.toLowerCase());
            }
        }
        return vector2;
    }

    private Vector intersectrfc822Name(Vector vector, String str) {
        String substring = str.toLowerCase().substring(str.indexOf(64) + 1);
        if (vector.isEmpty()) {
            return vector;
        }
        Vector vector2 = new Vector();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            String str2 = (String) it.next();
            if (str2.toLowerCase().endsWith(substring)) {
                vector2.add(str2.toLowerCase());
            }
        }
        return vector2;
    }

    private boolean isCertIssuedbyIssuer2459(X509CertificateObject x509CertificateObject, X509CertificateObject x509CertificateObject2) {
        String name = x509CertificateObject2.getSubjectDN().getName();
        String name2 = x509CertificateObject.getIssuerDN().getName();
        KCaseLogging.println(">> DEBUG << ValidateCert.isCertIssuedbyIssuer() : " + x509CertificateObject.getSubjectDN().getName());
        if (!name.equals(name2)) {
            KCaseLogging.println("ValidateCert.isCertIssuedbyIssuer() : Issuer's subject's DN is different from user's issuerDN \nuser(" + x509CertificateObject.getSubjectDN().getName() + "," + x509CertificateObject.getIssuerDN().getName() + ")issuer(" + x509CertificateObject2.getSubjectDN().getName());
            return false;
        }
        if (Arrays.areEqual(x509CertificateObject.getAuthorityKeyIdentifier(), x509CertificateObject2.getSubjectKeyIdentifier())) {
            return true;
        }
        KCaseLogging.println("ValidateCert.isCertIssuedbyIssuer() : Issuer's SubjectKeyIdentifier is different from user's AuthorityKeyIdentifier \nuser(" + x509CertificateObject.getSubjectDN().getName() + ") : AKI :" + HexPrint.byteArrayToHexString(x509CertificateObject.getAuthorityKeyIdentifier()) + "\nissuer(" + x509CertificateObject2.getSubjectDN().getName() + ") : SKI :" + HexPrint.byteArrayToHexString(x509CertificateObject2.getSubjectKeyIdentifier()));
        return false;
    }

    private boolean isCertIssuedbyIssuerCert(X509CertificateObject x509CertificateObject, X509CertificateObject x509CertificateObject2) {
        boolean z = x509CertificateObject.getIssuerDN().getName().equals(x509CertificateObject2.getSubjectDN().getName());
        if (!Arrays.areEqual(x509CertificateObject.getAuthorityKeyIdentifier(), x509CertificateObject2.getSubjectKeyIdentifier())) {
            KCaseLogging.println(">>DEBUG<< ValidateCert.isCertIssuedbyIssuer() : Issuer's SubjectKeyIdentifier is different from user's AuthorityKeyIdentifier \nuser(" + x509CertificateObject.getSubjectDN().getName() + ") : AKI :" + HexPrint.byteArrayToHexString(x509CertificateObject.getAuthorityKeyIdentifier()) + "\nissuer(" + x509CertificateObject2.getSubjectDN().getName() + ") : SKI :" + HexPrint.byteArrayToHexString(x509CertificateObject2.getSubjectKeyIdentifier()));
        }
        return z;
    }

    private void jbInit() {
    }

    private String removeDNQuotation(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(str);
        int indexOf = str.indexOf("\"");
        do {
            if (str.indexOf("\"") != -1) {
                stringBuffer.deleteCharAt(indexOf);
                str = str.substring(str.indexOf("\"") + 1, str.length());
            }
            indexOf += str.indexOf("\"");
        } while (str.indexOf("\"") != -1);
        return stringBuffer.toString();
    }

    private String removeDNQuotation2(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(str);
        int indexOf = str.indexOf("\\");
        do {
            if (str.indexOf("\\") != -1) {
                stringBuffer.deleteCharAt(indexOf);
                str = str.substring(str.indexOf("\\") + 1, str.length());
            }
            indexOf += str.indexOf("\\");
        } while (str.indexOf("\\") != -1);
        return stringBuffer.toString();
    }

    private X509CertificateObject searchCert(String str, X509CertificateObject[] x509CertificateObjectArr) {
        for (int i = 0; i < x509CertificateObjectArr.length; i++) {
            if (str.equals(x509CertificateObjectArr[i].getSubjectDN().getName())) {
                return x509CertificateObjectArr[i];
            }
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v62, types: [java.security.cert.X509Certificate] */
    /* JADX WARN: Type inference failed for: r1v88, types: [java.security.cert.X509Certificate] */
    private Object setCertListFromLdap3(X509CertificateObject x509CertificateObject, boolean z) {
        X509CertificateObject x509CertificateObject2;
        String str;
        Vector vector = new Vector();
        try {
            if (x509CertificateObject == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) setCertListFromLdap3's input cert value is null");
            }
            String name = x509CertificateObject.getIssuerDN().getName();
            String name2 = x509CertificateObject.getSubjectDN().getName();
            int i = 0;
            String str2 = name;
            X509CertificateObject x509CertificateObject3 = x509CertificateObject;
            while (!str2.equals(name2) && (!z || i != 1)) {
                String str3 = (this.convertUrl == null || (str = (String) this.convertUrl.get(str2)) == null) ? null : str;
                X509CertificateObject searchCert = searchCert(str2, new X509CertificateObject[]{x509CertificateObject});
                boolean isLocalCert = str3 != null ? isLocalCert(this.baseDir, str3) : isLocalCert(this.baseDir, str2);
                if (searchCert != null) {
                    if (!isLocalCert && this.baseDir != null) {
                        if (str3 != null) {
                            if (!setLocalCert(String.valueOf(this.baseDir) + "/" + str3, searchCert)) {
                                throw new ValidateException("(KSign) setCertListFromLdap3's Can't store Certificate.");
                            }
                        } else if (!setLocalCert(String.valueOf(this.baseDir) + "/" + str2, searchCert)) {
                            throw new ValidateException("(KSign) setCertListFromLdap3's Can't store Certificate.");
                        }
                    }
                    vector.addElement(searchCert);
                    i++;
                    str2 = searchCert.getIssuerDN().getName();
                    name2 = searchCert.getSubjectDN().getName();
                    x509CertificateObject3 = searchCert;
                } else {
                    String[] divisionFromLDAPUrl = LDAPUtil.divisionFromLDAPUrl(x509CertificateObject3.getDistributionPoint(), this.convertUrl);
                    if (isLocalCert) {
                        X509CertificateObject x509CertificateObject4 = str3 != null ? (X509Certificate) getLocalCert(this.baseDir, str3) : (X509Certificate) getLocalCert(this.baseDir, str2);
                        if (x509CertificateObject4 != null) {
                            vector.addElement(x509CertificateObject4);
                            x509CertificateObject2 = x509CertificateObject4;
                        } else {
                            if (divisionFromLDAPUrl == null) {
                                JCEUtil.setErrorcode("50006");
                                throw new NamingException("(KSign) setCertListFromLdap3' ldapurl generate error");
                            }
                            DirContext findDirContext = findDirContext(divisionFromLDAPUrl[0]);
                            if (findDirContext == null) {
                                findDirContext = LDAPUtil.createLDAP(divisionFromLDAPUrl[0], this.userLdapDN, this.password);
                                addDirContext(findDirContext);
                            }
                            if (findDirContext == null) {
                                JCEUtil.setErrorcode("50031");
                                throw new NamingException("(KSign) setCertListFromLdap3's No directory server information.");
                            }
                            Certificate[] findCertificatesFromLDAP = str3 != null ? LDAPUtil.findCertificatesFromLDAP(findDirContext, str3) : LDAPUtil.findCertificatesFromLDAP(findDirContext, str2);
                            int i2 = 0;
                            while (true) {
                                if (i2 >= findCertificatesFromLDAP.length) {
                                    break;
                                }
                                if (findCertificatesFromLDAP[i2] != null) {
                                    vector.addElement(findCertificatesFromLDAP[i2]);
                                    break;
                                }
                                i2++;
                            }
                            if (vector.size() == 0) {
                                JCEUtil.setErrorcode("40015");
                                throw new ValidateException("(KSign) setCertListFromLdap3's Certificate's path building Error");
                            }
                            Certificate certificate = findCertificatesFromLDAP[i2];
                            if (this.baseDir != null) {
                                if (str3 != null) {
                                    if (!setLocalCert(String.valueOf(this.baseDir) + "/" + str3, findCertificatesFromLDAP[i2])) {
                                        throw new ValidateException("(KSign) setCertListFromLdap3's Can't store Certificate.");
                                    }
                                } else if (!setLocalCert(String.valueOf(this.baseDir) + "/" + str2, findCertificatesFromLDAP[i2])) {
                                    throw new ValidateException("(KSign) setCertListFromLdap3's Can't store Certificate.");
                                }
                            }
                            x509CertificateObject2 = certificate;
                        }
                    } else {
                        if (divisionFromLDAPUrl == null) {
                            JCEUtil.setErrorcode("50006");
                            throw new NamingException("(KSign) setCertListFromLdap3' ldapurl generate error");
                        }
                        DirContext findDirContext2 = findDirContext(divisionFromLDAPUrl[0]);
                        if (findDirContext2 == null) {
                            findDirContext2 = LDAPUtil.createLDAP(divisionFromLDAPUrl[0], this.userLdapDN, this.password);
                            addDirContext(findDirContext2);
                        }
                        if (findDirContext2 == null) {
                            JCEUtil.setErrorcode("50031");
                            throw new NamingException("(KSign) setCertListFromLdap3's No directory server information.");
                        }
                        Certificate[] findCertificatesFromLDAP2 = str3 != null ? LDAPUtil.findCertificatesFromLDAP(findDirContext2, str3) : LDAPUtil.findCertificatesFromLDAP(findDirContext2, str2);
                        int i3 = 0;
                        while (true) {
                            if (i3 >= findCertificatesFromLDAP2.length) {
                                break;
                            }
                            if (findCertificatesFromLDAP2[i3] != null) {
                                vector.addElement(findCertificatesFromLDAP2[i3]);
                                break;
                            }
                            i3++;
                        }
                        if (vector.size() == 0) {
                            JCEUtil.setErrorcode("40015");
                            throw new ValidateException("(KSign) setCertListFromLdap3's Certificate's path building Error");
                        }
                        Certificate certificate2 = findCertificatesFromLDAP2[i3];
                        if (this.baseDir != null) {
                            if (str3 != null) {
                                if (!setLocalCert(String.valueOf(this.baseDir) + "/" + str3, findCertificatesFromLDAP2[i3])) {
                                    throw new ValidateException("(KSign) setCertListFromLdap3's Can't store Certificate.");
                                }
                            } else if (!setLocalCert(String.valueOf(this.baseDir) + "/" + str2, findCertificatesFromLDAP2[i3])) {
                                throw new ValidateException("(KSign) setCertListFromLdap3's Can't store Certificate.");
                            }
                        }
                        x509CertificateObject2 = certificate2;
                    }
                    i++;
                    str2 = x509CertificateObject2.getIssuerDN().getName();
                    name2 = x509CertificateObject2.getSubjectDN().getName();
                    x509CertificateObject3 = x509CertificateObject2;
                }
            }
            return vector;
        } catch (Exception e) {
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("50047");
            }
            throw new ValidateException("(KSign) ValidateCert : setCertListFromLdap3's process Error    " + e.toString());
        }
    }

    private Object setCertListFromLdap3280(X509CertificateObject x509CertificateObject, boolean z) {
        Vector vector = new Vector();
        KCaseLogging.println("<<KSign>> setCertListFromLdap3280 Start");
        try {
            if (x509CertificateObject == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) setCertListFromLdap3280's input cert value is null");
            }
            String name = x509CertificateObject.getIssuerDN().getName();
            String name2 = x509CertificateObject.getSubjectDN().getName();
            int i = 0;
            X509Certificate x509Certificate = x509CertificateObject;
            while (!name.equals(name2) && (!z || i != 1)) {
                X509Certificate obtainHigherCert = obtainHigherCert(x509Certificate);
                if (!checkCertIssuedbyIssuer((X509CertificateObject) x509Certificate, (X509CertificateObject) obtainHigherCert)) {
                    throw new ValidateException("(KSign) setCertListFromLdap3280's Certificate and CA Certificate is different!!");
                }
                KCaseLogging.println("<<KSign>> �뜝�떆諛붾챿�삕 �뜝�룞�삕�뜝�룞�삕�뜝�룞�삕�뜝�뜝�뙥源띿삕�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 OK");
                vector.addElement(obtainHigherCert);
                String name3 = obtainHigherCert.getIssuerDN().getName();
                name2 = obtainHigherCert.getSubjectDN().getName();
                KCaseLogging.println("issuercert : issuerDN : " + name3 + ",\n subjectDN : " + name2);
                i++;
                x509Certificate = obtainHigherCert;
                name = name3;
            }
            return vector;
        } catch (Exception e) {
            KCaseLogging.print(e);
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("50047");
            }
            throw new ValidateException("(KSign) ValidateCert : setCertListFromLdap3280's process Error    " + e.toString());
        }
    }

    private boolean setInit3280() {
        this.n = this.m_nValidateNo + 1;
        this.presentTime = new Date();
        this.permittedSubtreesDN = new Vector();
        this.permittedSubtreesrfc822Name = new Vector();
        this.permittedSubtreesdNSName = new Vector();
        this.excludedSubtreesDN = new Vector();
        this.excludedSubtreesrfc822Name = new Vector();
        this.excludedSubtreesdNSName = new Vector();
        if (this.initialExplicitPolicy) {
            this.explicitPolicy = 0;
        } else {
            this.explicitPolicy = this.n + 1;
        }
        if (this.initialAnyPolicyInhibit) {
            this.inhibitAnyPolicy = 0;
        } else {
            this.inhibitAnyPolicy = this.n + 1;
        }
        if (this.initialPolicyMappingInhibit) {
            this.policyMapping = 0;
        } else {
            this.policyMapping = this.n + 1;
        }
        this.maxPathLenght = this.n;
        return true;
    }

    private Vector unionDN(Vector vector, String str) {
        if (vector.isEmpty()) {
            vector.add(str.toLowerCase());
            return vector;
        }
        Vector vector2 = new Vector();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            vector2.add(((String) it.next()).toLowerCase());
        }
        vector2.add(str.toLowerCase());
        return vector2;
    }

    private Vector uniondNSName(Vector vector, String str) {
        String substring = (str.startsWith("WWW") || str.startsWith("www")) ? str.toLowerCase().substring(3) : str.toLowerCase();
        if (vector.isEmpty()) {
            vector.add(substring);
            return vector;
        }
        Vector vector2 = new Vector();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            vector2.add(((String) it.next()).toLowerCase());
        }
        vector2.add(substring);
        return vector2;
    }

    private Vector unionrfc822Name(Vector vector, String str) {
        String substring = str.toLowerCase().substring(str.indexOf(64) + 1);
        if (vector.isEmpty()) {
            vector.add(substring);
            return vector;
        }
        Vector vector2 = new Vector();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            vector2.add(((String) it.next()).toLowerCase());
        }
        vector2.add(substring);
        return vector2;
    }

    private boolean validateCertificateChain_2459(X509CertificateObject x509CertificateObject, Vector vector, boolean z, int i, boolean z2) {
        if (z) {
            if (!verifyCertificate2459((X509CertificateObject) vector.lastElement(), (X509CertificateObject) vector.lastElement(), i, 1)) {
                throw new ValidateException("(KSign) validateCertificateFromLDAP's Root CA certificate path verify error");
            }
            for (int size = vector.size() - 1; size > 0; size--) {
                if (!verifyCertificate2459((X509CertificateObject) vector.get(size - 1), (X509CertificateObject) vector.get(size), i, (vector.size() - size) + 1)) {
                    throw new ValidateException("(KSign) validateCertificateFromLDAP's CA certificate path verify error");
                }
            }
        }
        if (z2 && !verifyCertificate2459(x509CertificateObject, (X509CertificateObject) vector.firstElement(), i, vector.size() + 1)) {
            throw new ValidateException("(KSign) validateCertificateFromLDAP's User certificate path verify error");
        }
        closeDirContexts();
        return true;
    }

    private boolean validateCertificateChain_3280(X509CertificateObject x509CertificateObject, Vector vector, boolean z, int i, boolean z2) {
        if (!setInit3280()) {
            JCEUtil.setErrorcode("300027");
            throw new ValidateException("(KSign) validateCertificateFromLDAP's 3280 Cert's initial value setting Error !!!!!");
        }
        if (z) {
            if (!verifyCertificate3280((X509CertificateObject) vector.lastElement(), (X509CertificateObject) vector.lastElement(), i, 1)) {
                throw new ValidateException("(KSign) validateCertificateFromLDAP's 3280 Root CA certificate path verify error");
            }
            for (int size = vector.size() - 1; size > 0; size--) {
                X509CertificateObject x509CertificateObject2 = (X509CertificateObject) vector.get(size - 1);
                X509CertificateObject x509CertificateObject3 = (X509CertificateObject) vector.get(size);
                KCaseLogging.println("issuerCertList [" + size + "] : " + x509CertificateObject2.getSubjectDN() + "," + x509CertificateObject3.getSubjectDN());
                if (!verifyCertificate3280(x509CertificateObject2, x509CertificateObject3, i, (vector.size() - size) + 1)) {
                    throw new ValidateException("(KSign) validateCertificateFromLDAP's 3280 CA certificate path verify error");
                }
            }
        }
        if (z2 && !verifyCertificate3280(x509CertificateObject, (X509CertificateObject) vector.firstElement(), i, vector.size() + 1)) {
            throw new ValidateException("(KSign) validateCertificateFromLDAP's 3280 User certificate path verify error");
        }
        closeDirContexts();
        return true;
    }

    private boolean verifyCertificate2459(X509CertificateObject x509CertificateObject, X509CertificateObject x509CertificateObject2, int i, int i2) {
        DirContext findDirContext;
        X509CRL[] x509crlArr;
        DirContext dirContext;
        X509CRL x509crl;
        try {
            String name = x509CertificateObject.getIssuerDN().getName();
            String name2 = x509CertificateObject.getSubjectDN().getName();
            KCaseLogging.println("usercert:subjectDn : " + x509CertificateObject.getSubjectDN().getName() + ", issuerCert:subjectDn :" + x509CertificateObject2.getSubjectDN().getName());
            boolean z = name.equals(name2);
            boolean z2 = x509CertificateObject.getBasicConstraints() >= 0;
            String[] divisionFromLDAPUrl = LDAPUtil.divisionFromLDAPUrl(x509CertificateObject.getDistributionPoint(), this.convertUrl);
            if (divisionFromLDAPUrl == null && !z) {
                JCEUtil.setErrorcode("50006");
                throw new NamingException("(KSign) verifyCertificate' ldapurl generate error");
            }
            if (divisionFromLDAPUrl != null || !z) {
                if (this.m_nCrlCheckOption == 0 || (!z2 && this.m_nCrlCheckOption == 1)) {
                    findDirContext = findDirContext(divisionFromLDAPUrl[0]);
                    boolean isLocalCRL = this.isLocalSaveCRL ? isLocalCRL(this.baseDir, divisionFromLDAPUrl[1], z2) : false;
                    if ((findDirContext == null && !isLocalCRL) || (findDirContext == null && this.baseDir == null)) {
                        findDirContext = LDAPUtil.createLDAP(divisionFromLDAPUrl[0], this.userLdapDN, this.password);
                        addDirContext(findDirContext);
                    }
                    if ((findDirContext == null && !isLocalCRL) || (findDirContext == null && this.baseDir == null)) {
                        JCEUtil.setErrorcode("50031");
                        throw new NamingException("(KSign) verifyCertificate's No directory server information.");
                    }
                } else {
                    findDirContext = null;
                }
                if (this.m_nCrlCheckOption == 0 || (!z2 && this.m_nCrlCheckOption == 1)) {
                    if (this.baseDir == null) {
                        x509crlArr = LDAPUtil.findCRLFromLDAP(findDirContext, divisionFromLDAPUrl[1], z2);
                    } else {
                        X509CRL x509crl2 = this.isLocalSaveCRL ? (X509CRL) getLocalCRL(this.baseDir, divisionFromLDAPUrl[1], z2) : null;
                        if (x509crl2 == null) {
                            if (findDirContext == null) {
                                dirContext = LDAPUtil.createLDAP(divisionFromLDAPUrl[0], this.userLdapDN, this.password);
                                addDirContext(dirContext);
                            } else {
                                dirContext = findDirContext;
                            }
                            x509crlArr = LDAPUtil.findCRLFromLDAP(dirContext, divisionFromLDAPUrl[1], z2);
                            if (0 < x509crlArr.length && ((X509CRLObject) x509crlArr[0]).checkValidity(new Date()) && this.isLocalSaveCRL && !setLocalCRL(String.valueOf(this.baseDir) + "/" + divisionFromLDAPUrl[1], x509crlArr[0], z2)) {
                                throw new ValidateException("(KSign) verifyCertificate's CRL not store");
                            }
                        } else {
                            x509crlArr = new X509CRL[]{x509crl2};
                        }
                    }
                    for (int i3 = 0; i3 < x509crlArr.length; i3++) {
                        if (((X509CRLObject) x509crlArr[i3]).checkValidity(new Date())) {
                            x509crl = x509crlArr[i3];
                            break;
                        }
                    }
                }
                x509crl = null;
                if (this.m_bPathValidationOp) {
                    x509CertificateObject.verify(x509CertificateObject2.getPublicKey(), "Ksign");
                }
                x509CertificateObject.checkValidity();
                if (this.m_nCrlCheckOption == 1) {
                    if (!z2 && x509crl.isRevoked(x509CertificateObject)) {
                        JCEUtil.setErrorcode("50010");
                        throw new ValidateException("(KSign) verifyCertificate's : This Certificate is revoked");
                    }
                } else if (this.m_nCrlCheckOption == 0 && x509crl.isRevoked(x509CertificateObject)) {
                    JCEUtil.setErrorcode("50010");
                    throw new ValidateException("(KSign) verifyCertificate's : This Certificate is revoked");
                }
                if (this.m_bPathValidationOp && !isCertIssuedbyIssuer2459(x509CertificateObject, x509CertificateObject2)) {
                    JCEUtil.setErrorcode("50011");
                    throw new ValidateException("(KSign) verifyCertificate's : Invalid name chain.");
                }
                if (!isNameConsistentwithNamingConstraint(x509CertificateObject)) {
                    JCEUtil.setErrorcode("50021");
                    throw new ValidateException("(KSign) verifyCertificate's : Mismatch Subject name and SubjectAltName extension to CS.");
                }
                HashSet hashSet = (HashSet) x509CertificateObject.getCriticalExtensionOIDs();
                int size = hashSet != null ? hashSet.size() : 0;
                if (!z2 && this.m_nExplicitPolicy <= i2) {
                    if (!assureCertPoliciesInInitialPolicySet(x509CertificateObject)) {
                        JCEUtil.setErrorcode("50013");
                        throw new ValidateException("(KSign) verifyCertificate's : Mismatched initial certificate policy.");
                    }
                    if (x509CertificateObject.getExtensionCritial(X509Extension.certificatePolicies)) {
                        size--;
                    }
                }
                if (this.m_nPolicyMapping > i2) {
                    adjustPSwithPM(x509CertificateObject);
                }
                if (x509CertificateObject.getPolicy() != null) {
                    if (!checkCertificatePolicies(x509CertificateObject)) {
                        JCEUtil.setErrorcode("50014");
                        throw new ValidateException("(KSign) verifyCertificate's : Mismatched allowable certificate policy.");
                    }
                    if (x509CertificateObject.getExtensionCritial(X509Extension.certificatePolicies)) {
                        size--;
                    }
                }
                if (z2) {
                    if (this.m_nCAPathLen < 1000) {
                        this.m_nCAPathLen--;
                        if (this.m_nCAPathLen < 0) {
                            JCEUtil.setErrorcode("50017");
                            throw new ValidateException("(KSign) verifyCertificate's : Wrong CA certification path length.");
                        }
                    }
                    if (!checkBasicConstraints(x509CertificateObject)) {
                        JCEUtil.setErrorcode("50015");
                        throw new ValidateException("(KSign) verifyCertificate's : This is not CA certificate ");
                    }
                    if (x509CertificateObject.getExtensionCritial(X509Extension.basicConstraints)) {
                        size--;
                    }
                    if (x509CertificateObject.getExtensionCritial(X509Extension.keyUsage)) {
                        if (!checkKeyUsage(x509CertificateObject, 5)) {
                            JCEUtil.setErrorcode("300023");
                            throw new ValidateException("(KSign) verifyCertificate's CA Certificate's Key usage(keyCertSign) error.");
                        }
                        size--;
                    }
                    if (!adjustNamingConstraint(x509CertificateObject)) {
                        JCEUtil.setErrorcode("50022");
                        throw new ValidateException("(KSign) verifyCertificate's Name adjust error(Naming Constraint).");
                    }
                    if (x509CertificateObject.getExtensionCritial(X509Extension.nameConstraints)) {
                        size--;
                    }
                    checkPolicyConstraints(x509CertificateObject, i2);
                    if (x509CertificateObject.getExtensionCritial(X509Extension.policyConstraints)) {
                        size--;
                    }
                } else if (i != 4 && !checkCertUsage(x509CertificateObject, i)) {
                    JCEUtil.setErrorcode("50023");
                    throw new ValidateException("(KSign) verifyCertificate's User Certificate's Key usage error.");
                }
                if (x509CertificateObject.getExtensionCritial(X509Extension.extendedKeyUsage) && x509CertificateObject.getKeyUsage() != null && x509CertificateObject.getExtensionCritial(X509Extension.keyUsage) && !isKUsageCompatWithExtKUsage(x509CertificateObject)) {
                    JCEUtil.setErrorcode("50018");
                    throw new ValidateException("(KSign) verifyCertificate's Mismatch extended key usage and key usage.");
                }
                if (size != 0) {
                }
            }
            return true;
        } catch (Exception e) {
            KCaseLogging.print(e);
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("300032");
            }
            throw new ValidateException("(KSign) ValidateCert : verifyCertificate's process Error    " + e.toString());
        }
    }

    private boolean verifyCertificate3280(X509CertificateObject x509CertificateObject, X509CertificateObject x509CertificateObject2, int i, int i2) {
        boolean z;
        boolean z2;
        boolean z3;
        X509CRL[] x509crlArr;
        DirContext dirContext;
        X509CRLEntryObject x509CRLEntryObject;
        X509CRLEntryObject x509CRLEntryObject2;
        try {
            String name = x509CertificateObject.getIssuerDN().getName();
            String name2 = x509CertificateObject.getSubjectDN().getName();
            KCaseLogging.println("verifyCertificate3280() : subjectDN :" + name2);
            if (!name.equals(name2)) {
                z = false;
                z2 = false;
            } else {
                if (!x509CertificateObject.isBasicConstraintscA()) {
                    JCEUtil.setErrorcode("50016");
                    throw new ValidateException("(KSign) 3280's Root CA Cert format Wrong");
                }
                z = true;
                z2 = true;
            }
            if (!x509CertificateObject.isBasicConstraintsPathLenghtConstraint()) {
                z3 = z2;
            } else {
                if (!x509CertificateObject.isBasicConstraintscA()) {
                    JCEUtil.setErrorcode("50016");
                    throw new ValidateException("(KSign) 3280's CA Cert format Wrong");
                }
                z3 = true;
            }
            String[] divisionFromLDAPUrl = LDAPUtil.divisionFromLDAPUrl(x509CertificateObject.getDistributionPoint(), this.convertUrl);
            if (divisionFromLDAPUrl == null && !z) {
                JCEUtil.setErrorcode("50006");
                throw new NamingException("(KSign) verifyCertificate3280's not found CRL DP's ldap-url from 3280 Cert.");
            }
            if (divisionFromLDAPUrl != null) {
                String removeDNQuotation = (divisionFromLDAPUrl == null || !divisionFromLDAPUrl[0].startsWith("http")) ? divisionFromLDAPUrl[1].indexOf("\"") != -1 ? removeDNQuotation(divisionFromLDAPUrl[1]) : divisionFromLDAPUrl[1].indexOf("\\") != -1 ? removeDNQuotation2(divisionFromLDAPUrl[1]) : divisionFromLDAPUrl[1] : divisionFromLDAPUrl[0];
                if (this.m_nCrlCheckOption == 0 || (!z3 && this.m_nCrlCheckOption == 1)) {
                    if (divisionFromLDAPUrl[0].equals(removeDNQuotation)) {
                        x509crlArr = new X509CRL[]{(X509CRL) CertificateFactory.getInstance("X509", "Ksign").generateCRL(new URL(divisionFromLDAPUrl[0]).openStream())};
                    } else {
                        DirContext findDirContext = findDirContext(divisionFromLDAPUrl[0]);
                        boolean isLocalCRL = this.isLocalSaveCRL ? isLocalCRL(this.baseDir, removeDNQuotation) : false;
                        if ((findDirContext == null && !isLocalCRL) || (findDirContext == null && this.baseDir == null)) {
                            findDirContext = LDAPUtil.createLDAP(divisionFromLDAPUrl[0], this.userLdapDN, this.password);
                            addDirContext(findDirContext);
                        }
                        if ((findDirContext == null && !isLocalCRL) || (findDirContext == null && this.baseDir == null)) {
                            JCEUtil.setErrorcode("50031");
                            throw new ValidateException("(KSign) verifyCertificate3280's No directory server information.");
                        }
                        if (this.baseDir == null) {
                            x509crlArr = LDAPUtil.findCRLFromLDAP(findDirContext, divisionFromLDAPUrl[1], z3);
                        } else {
                            X509CRL x509crl = this.isLocalSaveCRL ? (X509CRL) getLocalCRL(this.baseDir, removeDNQuotation) : null;
                            if (x509crl == null) {
                                if (findDirContext == null) {
                                    dirContext = LDAPUtil.createLDAP(divisionFromLDAPUrl[0], this.userLdapDN, this.password);
                                    addDirContext(dirContext);
                                } else {
                                    dirContext = findDirContext;
                                }
                                x509crlArr = LDAPUtil.findCRLFromLDAP(dirContext, divisionFromLDAPUrl[1], z3);
                                if (0 < x509crlArr.length && ((X509CRLObject) x509crlArr[0]).checkValidity(this.presentTime) && this.isLocalSaveCRL && !setLocalCRL(String.valueOf(this.baseDir) + "/" + removeDNQuotation, x509crlArr[0])) {
                                    throw new ValidateException("(KSign) verifyCertificate3280's CRL not store");
                                }
                            } else {
                                x509crlArr = new X509CRL[]{x509crl};
                            }
                        }
                    }
                    for (int i3 = 0; i3 < x509crlArr.length && !((X509CRLObject) x509crlArr[i3]).checkValidity(new Date()); i3++) {
                    }
                    if (0 < x509crlArr.length) {
                        if (!(((X509CRLObject) x509crlArr[0]).isIndirectCRL() ? x509CertificateObject.getCRLDPcRLIssuer().equalsIgnoreCase(((X509CRLObject) x509crlArr[0]).getIssuerDN2().getName()) : checkValidateIssuerCrl(x509CertificateObject.getAuthorityKeyId(), ((X509CRLObject) x509crlArr[0]).getAuthorityKeyIdentifier()))) {
                            JCEUtil.setErrorcode("300017");
                            throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert : CRL issuer something wrong");
                        }
                        if (x509CertificateObject.getCRLDPcRLIssuer() == null && !x509CertificateObject.getIssuerDN2().getName().equalsIgnoreCase(((X509CRLObject) x509crlArr[0]).getIssuerDN2().getName())) {
                            JCEUtil.setErrorcode("300021");
                            throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert : subjectCert isser DN different CRL issuer DN");
                        }
                        if (((X509CRLObject) x509crlArr[0]).getIssuingDistributionPointName() != null) {
                            if (x509CertificateObject.isCRLDPDistributionPointName()) {
                                String[] divisionFromLDAPUrl2 = LDAPUtil.divisionFromLDAPUrl(((X509CRLObject) x509crlArr[0]).getIssuingDistributionPointName());
                                String[] divisionFromLDAPUrl3 = LDAPUtil.divisionFromLDAPUrl(x509CertificateObject.getDistributionPoint());
                                if (!divisionFromLDAPUrl2[0].equalsIgnoreCase(divisionFromLDAPUrl3[0]) || !divisionFromLDAPUrl2[1].equalsIgnoreCase(divisionFromLDAPUrl3[1])) {
                                    JCEUtil.setErrorcode("300022");
                                    throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert : CRLIDP DistributionPointName 1 different IDP DistributionPointName");
                                }
                            } else if (!LDAPUtil.divisionFromLDAPUrl(((X509CRLObject) x509crlArr[0]).getIssuingDistributionPointName())[1].equalsIgnoreCase(x509CertificateObject.getCRLDPcRLIssuer())) {
                                JCEUtil.setErrorcode("300022");
                                throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert : CRLIDP DistributionPointName 2 different IDP DistributionPointName");
                            }
                        }
                        if (x509CertificateObject.getExtensionCritial(X509Extension.keyUsage) && !checkKeyUsage(x509CertificateObject2, 6)) {
                            JCEUtil.setErrorcode("300024");
                            throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert : cRLSign Key usage error.");
                        }
                        if (this.m_nCrlCheckOption == 1) {
                            if (!z3) {
                                ((X509CRLObject) x509crlArr[0]).verify(x509CertificateObject2.getPublicKey(), "Ksign");
                            }
                        } else if (this.m_nCrlCheckOption == 0) {
                            try {
                                try {
                                    try {
                                        ((X509CRLObject) x509crlArr[0]).verify(x509CertificateObject2.getPublicKey(), "Ksign");
                                    } catch (SignatureException e) {
                                        KCaseLogging.print((Exception) e);
                                    } catch (CRLException e2) {
                                        KCaseLogging.print((Exception) e2);
                                    }
                                } catch (NoSuchAlgorithmException e3) {
                                    KCaseLogging.print((Exception) e3);
                                } catch (NoSuchProviderException e4) {
                                    KCaseLogging.print((Exception) e4);
                                }
                            } catch (InvalidKeyException e5) {
                                KCaseLogging.print((Exception) e5);
                            } catch (Exception e6) {
                                KCaseLogging.print(e6);
                            }
                        }
                        if (this.m_nCrlCheckOption == 1) {
                            if (!z3) {
                                X509CRLObject x509CRLObject = (X509CRLObject) x509crlArr[0];
                                if (x509CRLObject.isRevoked(x509CertificateObject)) {
                                    X509CRLEntry revokedCertificate = x509CRLObject.getRevokedCertificate(x509CertificateObject.getSerialNumber());
                                    String str = "(KSign) verifyCertificate3280's 3280 Cert : This Certificate3280 is revoked /" + (revokedCertificate.getNonCriticalExtensionOIDs() != null ? new CRLReason(DEREnumerated.getInstance(new ASN1InputStream(((ASN1OctetString) ASN1Object.fromByteArray(revokedCertificate.getExtensionValue("2.5.29.21"))).getOctets()).readObject())).getValue().intValue() : -1);
                                    SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
                                    if (revokedCertificate != null) {
                                        str = String.valueOf(str) + "/" + simpleDateFormat.format(revokedCertificate.getRevocationDate());
                                    }
                                    JCEUtil.setErrorcode("50010");
                                    throw new ValidateException(str);
                                }
                                if (x509CertificateObject.getCRLDPcRLIssuer() != null && (x509CRLEntryObject2 = (X509CRLEntryObject) ((X509CRLObject) x509crlArr[0]).getRevokedCertificate(x509CertificateObject.getSerialNumber())) != null && !x509CertificateObject.getIssuerDN().getName().equalsIgnoreCase(x509CRLEntryObject2.getcertificateIssuer())) {
                                    JCEUtil.setErrorcode("300025");
                                    throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert : Cert's Issuer DN value and CRL Entry Extensions's certificateIssuer something wrong");
                                }
                            }
                        } else if (this.m_nCrlCheckOption == 0) {
                            if (((X509CRLObject) x509crlArr[0]).isRevoked(x509CertificateObject)) {
                                JCEUtil.setErrorcode("50010");
                                throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert : This Certificate3280 is revoked");
                            }
                            if (x509CertificateObject.getCRLDPcRLIssuer() != null && (x509CRLEntryObject = (X509CRLEntryObject) ((X509CRLObject) x509crlArr[0]).getRevokedCertificate(x509CertificateObject.getSerialNumber())) != null && !x509CertificateObject.getIssuerDN().getName().equalsIgnoreCase(x509CRLEntryObject.getcertificateIssuer())) {
                                JCEUtil.setErrorcode("300025");
                                throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert : Cert's Issuer DN value and CRL Entry Extensions's certificateIssuer something wrong");
                            }
                        }
                    }
                }
            }
            if (this.m_bPathValidationOp) {
                x509CertificateObject.verify(x509CertificateObject2.getPublicKey(), "Ksign");
            }
            x509CertificateObject.checkValidity();
            if (this.m_bPathValidationOp && !z && !isCertIssuedbyIssuerCert(x509CertificateObject, x509CertificateObject2)) {
                JCEUtil.setErrorcode("50011");
                throw new ValidateException("(KSign) verifyCertificate3280's : Subject 3280 Cert is not Issuer 3280 Cert Error!!! ");
            }
            if (!z) {
                checkPermittedDN(this.permittedSubtreesDN, x509CertificateObject.getSubjectDN().getName());
                checkExcludedDN(this.excludedSubtreesDN, x509CertificateObject.getSubjectDN().getName());
                if (x509CertificateObject.getSANSubjectAltName() != null) {
                    if (x509CertificateObject.getSubjectAlternativeNamerfc822Name() != null) {
                        checkPermittedrfc822Name(this.permittedSubtreesrfc822Name, x509CertificateObject.getSubjectAlternativeNamerfc822Name());
                        checkExcludedrfc822Name(this.excludedSubtreesrfc822Name, x509CertificateObject.getSubjectAlternativeNamerfc822Name());
                    } else if (x509CertificateObject.getSubjectAlternativeNamedNSName() != null) {
                        checkPermitteddNSName(this.permittedSubtreesDN, x509CertificateObject.getSubjectAlternativeNamedNSName());
                        checkExcludeddNSName(this.excludedSubtreesDN, x509CertificateObject.getSubjectAlternativeNamedNSName());
                    } else if (x509CertificateObject.getSubjectAlternativeNameDN() != null) {
                        checkPermittedDN(this.permittedSubtreesDN, x509CertificateObject.getSubjectAlternativeNameDN());
                        checkExcludedDN(this.excludedSubtreesDN, x509CertificateObject.getSubjectAlternativeNameDN());
                    }
                }
            }
            if (!z3) {
                if (x509CertificateObject.getPolicy() == null) {
                    JCEUtil.setErrorcode("20007");
                    throw new ValidateException("(KSign) verifyCertificate3280's : Subject 3280 Cert's policy is null");
                }
                if (!checkCertificatePolicies3280(x509CertificateObject)) {
                    JCEUtil.setErrorcode("50013");
                    throw new ValidateException("(KSign) verifyCertificate3280's : Subject 3280 Cert's Mismatched certificate policy.");
                }
            }
            if (x509CertificateObject.getPolicyMappings() != null) {
                for (int i4 = 0; i4 < x509CertificateObject.getPolicyMappings().length; i4++) {
                    if (ANY_POLICY.equals(x509CertificateObject.getPolicyMappings()[i4].toString())) {
                        JCEUtil.setErrorcode("300026");
                        throw new ValidateException("(KSign) verifyCertificate3280's : 3280 Cert's IssuerDomainPolicy && SubjectDomainPolicy is anyPolicy");
                    }
                }
            }
            if (x509CertificateObject.getNameConstraintPermittedSubtrees() != null) {
                switch (x509CertificateObject.getSubjectAlternativeNameflag()) {
                    case 2:
                        this.permittedSubtreesrfc822Name = intersectrfc822Name(this.permittedSubtreesrfc822Name, x509CertificateObject.getNameConstraintPermittedSubtrees());
                        break;
                    case 3:
                        this.permittedSubtreesdNSName = intersectdNSName(this.permittedSubtreesdNSName, x509CertificateObject.getNameConstraintPermittedSubtrees());
                        break;
                    case 5:
                        this.permittedSubtreesDN = intersectDN(this.permittedSubtreesDN, x509CertificateObject.getNameConstraintPermittedSubtrees());
                        break;
                }
            }
            if (x509CertificateObject.getNameConstraintsExcludedSubtrees() != null) {
                switch (x509CertificateObject.getSubjectAlternativeNameflag()) {
                    case 2:
                        this.excludedSubtreesrfc822Name = unionrfc822Name(this.permittedSubtreesrfc822Name, x509CertificateObject.getNameConstraintPermittedSubtrees());
                        break;
                    case 3:
                        this.excludedSubtreesdNSName = uniondNSName(this.permittedSubtreesdNSName, x509CertificateObject.getNameConstraintPermittedSubtrees());
                        break;
                    case 5:
                        this.excludedSubtreesDN = unionDN(this.permittedSubtreesDN, x509CertificateObject.getNameConstraintPermittedSubtrees());
                        break;
                }
            }
            if (!z) {
                if (this.explicitPolicy != 0) {
                    this.explicitPolicy--;
                }
                if (this.policyMapping != 0) {
                    this.policyMapping--;
                }
                if (this.inhibitAnyPolicy != 0) {
                    this.inhibitAnyPolicy--;
                }
                if (x509CertificateObject.isPolicyConstraintsRep() && x509CertificateObject.getPolicyConstraintsRep() < this.explicitPolicy) {
                    this.explicitPolicy = x509CertificateObject.getPolicyConstraintsRep();
                }
            }
            if (!z) {
                if (this.maxPathLenght > 0) {
                    this.maxPathLenght--;
                }
                if (x509CertificateObject.isBasicConstraintsPathLenghtConstraint() && x509CertificateObject.getBasicConstraintsPathLenghtConstraint() < this.maxPathLenght) {
                    this.maxPathLenght = x509CertificateObject.getBasicConstraintsPathLenghtConstraint();
                }
            }
            if (z3) {
                if (!z && !x509CertificateObject.getExtensionCritial(X509Extension.keyUsage)) {
                    JCEUtil.setErrorcode("20007");
                    throw new ValidateException("(KSign) verifyCertificate3280's 3280 CA Cert's key usage is null");
                }
                if (x509CertificateObject.getExtensionCritial(X509Extension.keyUsage) && !checkKeyUsage(x509CertificateObject, 5)) {
                    JCEUtil.setErrorcode("300023");
                    throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert CA's  Key usage's is not keyCertSign value");
                }
            } else if (i != 4) {
                if (x509CertificateObject.getKeyUsage() == null) {
                    JCEUtil.setErrorcode("20007");
                    throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert's Key usage field is null.");
                }
                if (!checkCertUsage(x509CertificateObject, i)) {
                    JCEUtil.setErrorcode("50023");
                    throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert's Key usage error.");
                }
            }
            if (!z && this.explicitPolicy != 0) {
                this.explicitPolicy--;
            }
            if (x509CertificateObject.isPolicyConstraintsRep() && x509CertificateObject.getPolicyConstraintsRep() < this.explicitPolicy) {
                this.explicitPolicy = x509CertificateObject.getPolicyConstraintsRep();
            }
            return true;
        } catch (Exception e7) {
            KCaseLogging.print(e7);
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("300032");
            }
            throw new ValidateException("(KSign) ValidateCert : verifyCertificate3280's process Error    " + e7.toString());
        }
    }

    private boolean withinDNSubtree(String str, Vector vector) {
        boolean z = vector.isEmpty();
        for (int size = vector.size() - 1; size >= 0; size--) {
            if (vector.elementAt(size).equals(str)) {
                z = true;
            }
        }
        return z;
    }

    /* JADX WARN: Removed duplicated region for block: B:17:0x00a4 A[Catch: Exception -> 0x006b, TryCatch #0 {Exception -> 0x006b, blocks: (B:3:0x000a, B:5:0x0017, B:6:0x0043, B:8:0x004c, B:10:0x005c, B:11:0x006a, B:14:0x009e, B:17:0x00a4, B:18:0x00b2, B:19:0x00ba, B:25:0x00bd, B:21:0x00c4, B:29:0x0097), top: B:2:0x000a }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean GetCRLFROMLDAP(java.lang.String r8) {
        /*
            r7 = this;
            r6 = 1
            r0 = 0
            java.lang.String r1 = "<<KSign>> verifyCertificate Start"
            com.ksign.KCaseLogging.println(r1)
            r2 = 0
            r1 = 2
            java.lang.String[] r3 = new java.lang.String[r1]     // Catch: java.lang.Exception -> L6b
            r1 = 0
            java.lang.String r4 = "ldap://ldap.epki.go.kr:389"
            r3[r1] = r4     // Catch: java.lang.Exception -> L6b
            r1 = 1
            r3[r1] = r8     // Catch: java.lang.Exception -> L6b
            if (r3 == 0) goto L43
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.lang.Exception -> L6b
            java.lang.String r4 = "<<KSign>> CRL DP's information url: "
            r1.<init>(r4)     // Catch: java.lang.Exception -> L6b
            r4 = 0
            r4 = r3[r4]     // Catch: java.lang.Exception -> L6b
            java.lang.StringBuilder r1 = r1.append(r4)     // Catch: java.lang.Exception -> L6b
            java.lang.String r1 = r1.toString()     // Catch: java.lang.Exception -> L6b
            com.ksign.KCaseLogging.println(r1)     // Catch: java.lang.Exception -> L6b
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.lang.Exception -> L6b
            java.lang.String r4 = "<<KSign>> CRL DP's information crl dn: "
            r1.<init>(r4)     // Catch: java.lang.Exception -> L6b
            r4 = 1
            r4 = r3[r4]     // Catch: java.lang.Exception -> L6b
            java.lang.StringBuilder r1 = r1.append(r4)     // Catch: java.lang.Exception -> L6b
            java.lang.String r1 = r1.toString()     // Catch: java.lang.Exception -> L6b
            com.ksign.KCaseLogging.println(r1)     // Catch: java.lang.Exception -> L6b
        L43:
            r1 = 0
            r1 = r3[r1]     // Catch: java.lang.Exception -> L6b
            javax.naming.directory.DirContext r1 = r7.findDirContext(r1)     // Catch: java.lang.Exception -> L6b
            if (r1 != 0) goto L95
        L4c:
            r1 = 0
            r1 = r3[r1]     // Catch: java.lang.Exception -> L6b
            java.lang.String r4 = r7.userLdapDN     // Catch: java.lang.Exception -> L6b
            java.lang.String r5 = r7.password     // Catch: java.lang.Exception -> L6b
            javax.naming.directory.DirContext r1 = ksign.jce.crypto.ldap.LDAPUtil.createLDAP(r1, r4, r5)     // Catch: java.lang.Exception -> L6b
            r7.addDirContext(r1)     // Catch: java.lang.Exception -> L6b
        L5a:
            if (r1 != 0) goto L9c
        L5c:
            java.lang.String r0 = "50031"
            ksign.jce.util.JCEUtil.setErrorcode(r0)     // Catch: java.lang.Exception -> L6b
            javax.naming.NamingException r0 = new javax.naming.NamingException     // Catch: java.lang.Exception -> L6b
            java.lang.String r1 = "(KSign) verifyCertificate's No directory server information."
            r0.<init>(r1)     // Catch: java.lang.Exception -> L6b
            throw r0     // Catch: java.lang.Exception -> L6b
        L6b:
            r0 = move-exception
            com.ksign.KCaseLogging.print(r0)
            int r1 = ksign.jce.util.JCEUtil.getErrorcode()
            if (r1 != 0) goto L7b
            java.lang.String r1 = "300032"
            ksign.jce.util.JCEUtil.setErrorcode(r1)
        L7b:
            ksign.jce.provider.validate.ValidateException r1 = new ksign.jce.provider.validate.ValidateException
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            java.lang.String r3 = "(KSign) ValidateCert : verifyCertificate's process Error    "
            r2.<init>(r3)
            java.lang.String r0 = r0.toString()
            java.lang.StringBuilder r0 = r2.append(r0)
            java.lang.String r0 = r0.toString()
            r1.<init>(r0)
            throw r1
        L95:
            if (r1 != 0) goto L5a
            java.lang.String r4 = r7.baseDir     // Catch: java.lang.Exception -> L6b
            if (r4 != 0) goto L5a
            goto L4c
        L9c:
            if (r1 != 0) goto La2
            java.lang.String r4 = r7.baseDir     // Catch: java.lang.Exception -> L6b
            if (r4 == 0) goto L5c
        La2:
            if (r1 != 0) goto Lb2
            r1 = 0
            r1 = r3[r1]     // Catch: java.lang.Exception -> L6b
            java.lang.String r4 = r7.userLdapDN     // Catch: java.lang.Exception -> L6b
            java.lang.String r5 = r7.password     // Catch: java.lang.Exception -> L6b
            javax.naming.directory.DirContext r1 = ksign.jce.crypto.ldap.LDAPUtil.createLDAP(r1, r4, r5)     // Catch: java.lang.Exception -> L6b
            r7.addDirContext(r1)     // Catch: java.lang.Exception -> L6b
        Lb2:
            r4 = 1
            r3 = r3[r4]     // Catch: java.lang.Exception -> L6b
            java.security.cert.X509CRL[] r2 = ksign.jce.crypto.ldap.LDAPUtil.findCRLFromLDAP(r1, r3, r2)     // Catch: java.lang.Exception -> L6b
            r1 = r0
        Lba:
            int r0 = r2.length     // Catch: java.lang.Exception -> L6b
            if (r1 < r0) goto Lc4
        Lbd:
            java.lang.String r0 = "<<KSign>> CRL �뜝�떆怨ㅼ삕 �뜝�룞�삕�슚�뜝�룞�삕 OK"
            com.ksign.KCaseLogging.println(r0)     // Catch: java.lang.Exception -> L6b
            return r6
        Lc4:
            r0 = r2[r1]     // Catch: java.lang.Exception -> L6b
            ksign.jce.provider.x509.X509CRLObject r0 = (ksign.jce.provider.x509.X509CRLObject) r0     // Catch: java.lang.Exception -> L6b
            java.util.Date r3 = new java.util.Date     // Catch: java.lang.Exception -> L6b
            r3.<init>()     // Catch: java.lang.Exception -> L6b
            boolean r0 = r0.checkValidity(r3)     // Catch: java.lang.Exception -> L6b
            if (r0 != 0) goto Lbd
            int r0 = r1 + 1
            r1 = r0
            goto Lba
        */
        throw new UnsupportedOperationException("Method not decompiled: ksign.jce.provider.validate.ValidateCert.GetCRLFROMLDAP(java.lang.String):boolean");
    }

    /* JADX WARN: Removed duplicated region for block: B:17:0x00a1 A[Catch: Exception -> 0x0068, TryCatch #0 {Exception -> 0x0068, blocks: (B:3:0x000a, B:5:0x0014, B:6:0x0040, B:8:0x0049, B:10:0x0059, B:11:0x0067, B:14:0x009b, B:17:0x00a1, B:18:0x00af, B:20:0x00ba, B:22:0x00c6, B:29:0x00ca, B:24:0x00d5, B:28:0x00e4, B:34:0x0094), top: B:2:0x000a }] */
    /* JADX WARN: Removed duplicated region for block: B:20:0x00ba A[Catch: Exception -> 0x0068, TryCatch #0 {Exception -> 0x0068, blocks: (B:3:0x000a, B:5:0x0014, B:6:0x0040, B:8:0x0049, B:10:0x0059, B:11:0x0067, B:14:0x009b, B:17:0x00a1, B:18:0x00af, B:20:0x00ba, B:22:0x00c6, B:29:0x00ca, B:24:0x00d5, B:28:0x00e4, B:34:0x0094), top: B:2:0x000a }] */
    /* JADX WARN: Removed duplicated region for block: B:24:0x00d5 A[Catch: Exception -> 0x0068, TryCatch #0 {Exception -> 0x0068, blocks: (B:3:0x000a, B:5:0x0014, B:6:0x0040, B:8:0x0049, B:10:0x0059, B:11:0x0067, B:14:0x009b, B:17:0x00a1, B:18:0x00af, B:20:0x00ba, B:22:0x00c6, B:29:0x00ca, B:24:0x00d5, B:28:0x00e4, B:34:0x0094), top: B:2:0x000a }] */
    /* JADX WARN: Removed duplicated region for block: B:31:0x00c9 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public byte[] IsLocalSaveAndGetLDAP(java.lang.String r8, java.lang.String r9) {
        /*
            Method dump skipped, instructions count: 235
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: ksign.jce.provider.validate.ValidateCert.IsLocalSaveAndGetLDAP(java.lang.String, java.lang.String):byte[]");
    }

    public void addDirContext(DirContext dirContext) {
        int i = 0;
        while (i < 10 && this.m_dircontexts[i] != null) {
            i++;
        }
        if (i < 10) {
            this.m_dircontexts[i] = dirContext;
        }
    }

    protected boolean adjustNamingConstraint(X509CertificateObject x509CertificateObject) {
        return true;
    }

    protected void adjustPSwithPM(X509CertificateObject x509CertificateObject) {
        String[] policyMappings = x509CertificateObject.getPolicyMappings();
        if (policyMappings == null) {
            return;
        }
        for (int i = 0; i < policyMappings.length; i += 2) {
            String str = policyMappings[i];
            String str2 = policyMappings[i + 1];
            if (this.m_initialPolicySet.contains(str)) {
                this.m_initialPolicySet.addElement(str2);
            }
        }
        for (int i2 = 0; i2 < policyMappings.length; i2 += 2) {
            String str3 = policyMappings[i2];
            String str4 = policyMappings[i2 + 1];
            if (this.m_acceptablePolicySet.contains(str3)) {
                this.m_acceptablePolicySet.addElement(str4);
            }
        }
    }

    protected boolean assureCertPoliciesInInitialPolicySet(X509CertificateObject x509CertificateObject) {
        String[] policy = x509CertificateObject.getPolicy();
        if (policy == null) {
            return false;
        }
        return assureCertPoliciesInPolicySet(policy, false, this.m_initialPolicySet, this.m_bInitialPolicySet_any);
    }

    protected boolean assureCertPoliciesInPolicySet(String[] strArr, boolean z, Vector vector, boolean z2) {
        if (z || z2) {
            return true;
        }
        if (strArr == null || vector == null) {
            return false;
        }
        for (int i = 0; i < strArr.length; i++) {
            for (int i2 = 0; i2 < vector.size(); i2++) {
                KCaseLogging.println("cert : " + strArr[i]);
                KCaseLogging.println("init : " + ((String) vector.get(i2)));
                if (strArr[i].equals((String) vector.get(i2))) {
                    return true;
                }
            }
        }
        return false;
    }

    protected boolean checkBasicConstraints(X509CertificateObject x509CertificateObject) {
        int basicConstraints = x509CertificateObject.getBasicConstraints();
        if (basicConstraints < 0) {
            return false;
        }
        if (basicConstraints < this.m_nCAPathLen) {
            this.m_nCAPathLen = basicConstraints;
        }
        return true;
    }

    protected boolean checkCertUsage(X509CertificateObject x509CertificateObject, int i) {
        if (i == 1) {
            if (checkKeyUsage(x509CertificateObject, 2)) {
                return true;
            }
        } else if (i == 2 && checkKeyUsage(x509CertificateObject, 0)) {
            return true;
        }
        return false;
    }

    protected boolean checkCertificatePolicies(X509CertificateObject x509CertificateObject) {
        if (x509CertificateObject == null) {
            return false;
        }
        if (x509CertificateObject.getExtensionCritial(X509Extension.certificatePolicies)) {
            String[] policy = x509CertificateObject.getPolicy();
            if (!assureCertPoliciesInPolicySet(policy, false, this.m_initialPolicySet, this.m_bInitialPolicySet_any) || !intersectionAPSwithCP(this.m_acceptablePolicySet, this.m_bAcceptablePolicySet_any, policy, false)) {
                return false;
            }
        }
        return true;
    }

    protected boolean checkKeyUsage(X509CertificateObject x509CertificateObject, int i) {
        boolean[] keyUsage = x509CertificateObject.getKeyUsage();
        return keyUsage == null ? x509CertificateObject.getSubjectDN().getName().equalsIgnoreCase(x509CertificateObject.getIssuerDN().getName()) : keyUsage[i];
    }

    protected void checkPolicyConstraints(X509CertificateObject x509CertificateObject, int i) {
        int[] policyConstraints = x509CertificateObject.getPolicyConstraints();
        if (policyConstraints == null) {
            return;
        }
        if (policyConstraints[0] + i < this.m_nExplicitPolicy) {
            this.m_nExplicitPolicy = policyConstraints[0] + i;
        }
        if (policyConstraints[1] + i < this.m_nPolicyMapping) {
            this.m_nPolicyMapping = policyConstraints[1] + i;
        }
    }

    public void closeDirContexts() {
        for (int i = 0; i < 10 && this.m_dircontexts[i] != null; i++) {
            LDAPUtil.closeLDAP(this.m_dircontexts[i]);
        }
    }

    protected boolean compatibleAPSwithIPS(Vector vector, boolean z, Vector vector2, boolean z2) {
        if (z || z2) {
            return true;
        }
        if (vector == null || vector2 == null) {
            return false;
        }
        for (int i = 0; i < vector.size(); i++) {
            String str = (String) vector.get(i);
            for (int i2 = 0; i2 < vector2.size(); i2++) {
                if (str.equals((String) vector2.get(i2))) {
                    return true;
                }
            }
        }
        return false;
    }

    protected boolean extUsages(boolean[] zArr, int[] iArr) {
        for (int i : iArr) {
            if (!zArr[i]) {
                return false;
            }
        }
        return true;
    }

    public DirContext findDirContext(String str) {
        if (this.m_dircontexts == null) {
            return null;
        }
        for (int i = 0; i < this.m_dircontexts.length; i++) {
            if (LDAPUtil.compareLDAPUrl(this.m_dircontexts[i], str)) {
                return this.m_dircontexts[i];
            }
        }
        return null;
    }

    public String getCert3280DN() {
        return this.Cert3280DN;
    }

    public Certificate getCertificate(String str) {
        X509Certificate x509Certificate;
        int i = 0;
        try {
            if (isLocalCert(this.baseDir, str)) {
                x509Certificate = (X509Certificate) getLocalCert(this.baseDir, str);
                if (x509Certificate == null) {
                    this.strldapUrl = "";
                    String[] divisionFromLDAPUrl = LDAPUtil.divisionFromLDAPUrl("ldap://ds.yessign.or.kr:389", this.convertUrl);
                    KCaseLogging.println(this.convertUrl);
                    if (divisionFromLDAPUrl == null) {
                        return null;
                    }
                    DirContext findDirContext = findDirContext(divisionFromLDAPUrl[0]);
                    if (findDirContext == null) {
                        findDirContext = LDAPUtil.createLDAP(divisionFromLDAPUrl[0], this.userLdapDN, this.password);
                        addDirContext(findDirContext);
                    }
                    if (findDirContext == null) {
                        return null;
                    }
                    X509Certificate[] findCertificatesFromLDAP = LDAPUtil.findCertificatesFromLDAP(findDirContext, str);
                    if (findCertificatesFromLDAP == null) {
                        throw new Exception("(KSign) getRootCert's LDAP Server something wrong.(Certificate1)");
                    }
                    while (i < findCertificatesFromLDAP.length && findCertificatesFromLDAP[i] == null) {
                        i++;
                    }
                    x509Certificate = findCertificatesFromLDAP[i];
                    if (this.baseDir != null && !setLocalCert(String.valueOf(this.baseDir) + "/" + str, findCertificatesFromLDAP[i])) {
                        throw new Exception("(KSign) getRootCert's Can't write Certificate.");
                    }
                }
            } else {
                if (this.strldapUrl != null) {
                    this.strldapUrl = this.strldapUrl;
                } else if (str.toLowerCase().endsWith("o=yessign,c=kr")) {
                    this.strldapUrl = "ldap://ds.yessign.or.kr:389/";
                } else if (str.toLowerCase().endsWith("o=ncasign,c=kr")) {
                    this.strldapUrl = "ldap://ds.nca.or.kr:389/";
                } else if (str.toLowerCase().endsWith("o=crosscert,c=kr")) {
                    this.strldapUrl = "ldap://dir.crosscert.com:389/";
                } else if (str.toLowerCase().endsWith("o=kica,c=kr")) {
                    this.strldapUrl = "ldap://ldap.signgate.com:389/";
                } else if (str.toLowerCase().endsWith("o=signkorea,c=kr")) {
                    this.strldapUrl = "ldap://dir.signkorea.com:389/";
                } else if (str.toLowerCase().endsWith("o=tradesign,c=kr")) {
                    this.strldapUrl = "ldap://ldap.tradesign.net:389/";
                } else if (str.toLowerCase().endsWith("o=government of korea,c=kr")) {
                    this.strldapUrl = "ldap://ldap.gcc.go.kr:389/";
                } else if (str.toLowerCase().endsWith("o=dsc,c=kr")) {
                    this.strldapUrl = "ldap://4.7.1.70:389/";
                }
                if (this.strldapUrl == null) {
                    return null;
                }
                DirContext findDirContext2 = findDirContext(this.strldapUrl);
                if (findDirContext2 == null) {
                    findDirContext2 = LDAPUtil.createLDAP(this.strldapUrl, this.userLdapDN, this.password);
                    addDirContext(findDirContext2);
                }
                if (findDirContext2 == null) {
                    return null;
                }
                X509Certificate[] findCertificatesFromLDAP2 = LDAPUtil.findCertificatesFromLDAP(findDirContext2, str);
                if (findCertificatesFromLDAP2 == null) {
                    throw new Exception("(KSign) getRootCert's LDAP Server something wrong.(Certificate2)");
                }
                while (i < findCertificatesFromLDAP2.length && findCertificatesFromLDAP2[i] == null) {
                    i++;
                }
                x509Certificate = findCertificatesFromLDAP2[i];
                if (this.baseDir != null && !setLocalCert(String.valueOf(this.baseDir) + "/" + str, findCertificatesFromLDAP2[i])) {
                    throw new Exception("(KSign) getRootCert's Can't write Certificate.");
                }
            }
            x509Certificate.getSubjectDN().getName();
            return x509Certificate;
        } catch (Exception e) {
            System.err.println("(KSign) getRootCert's Get Certificate Error : " + e.toString());
            return null;
        }
    }

    public Certificate getCertificate(String str, String str2, String str3) {
        try {
            this.strldapUrl = "ldap://" + str2 + ":" + str3;
            DirContext findDirContext = findDirContext(this.strldapUrl);
            if (findDirContext == null) {
                findDirContext = LDAPUtil.createLDAP(this.strldapUrl, this.userLdapDN, this.password);
                addDirContext(findDirContext);
            }
            if (findDirContext == null) {
                return null;
            }
            X509Certificate[] findCertificatesFromLDAP = LDAPUtil.findCertificatesFromLDAP(findDirContext, str);
            if (findCertificatesFromLDAP == null) {
                throw new Exception("(KSign) getRootCert's LDAP Server something wrong.(Certificate1)");
            }
            int i = 0;
            while (i < findCertificatesFromLDAP.length && findCertificatesFromLDAP[i] == null) {
                i++;
            }
            X509Certificate x509Certificate = findCertificatesFromLDAP[i];
            if (this.baseDir != null && !setLocalCert(String.valueOf(this.baseDir) + "/" + str, findCertificatesFromLDAP[i])) {
                throw new Exception("(KSign) getRootCert's Can't write Certificate.");
            }
            x509Certificate.getSubjectDN().getName();
            return x509Certificate;
        } catch (Exception e) {
            System.err.println("(KSign) getRootCert's Get Certificate Error : " + e.toString());
            return null;
        }
    }

    public String[] getDNfromCerts(String str) {
        Vector vector = new Vector();
        int i = 0;
        String str2 = str;
        while (true) {
            try {
                X509CertificateObject x509CertificateObject = (X509CertificateObject) getCertificate(str2);
                String name = x509CertificateObject.getIssuerDN().getName();
                String name2 = x509CertificateObject.getSubjectDN().getName();
                vector.add(name2);
                closeDirContexts();
                if (name2.equalsIgnoreCase(name)) {
                    break;
                }
                i++;
                str2 = name;
            } catch (Exception e) {
                System.err.println("(KSign) getCert's Get Certificate Error : " + e.toString());
                closeDirContexts();
                return new String[]{str};
            }
        }
        Iterator it = vector.iterator();
        String[] strArr = new String[vector.size()];
        int i2 = 0;
        while (it.hasNext()) {
            strArr[i2] = (String) it.next();
            i2++;
        }
        return strArr;
    }

    public String[] getDNfromCerts(String str, String str2) {
        this.strldapUrl = str2;
        return getDNfromCerts(str);
    }

    public CRL getLocalCRL(String str, String str2) {
        try {
            if (!new File(str, str2).isDirectory()) {
                return null;
            }
            File file = new File(String.valueOf(str) + "/" + str2, "cert.crl");
            if (!file.isFile()) {
                return null;
            }
            FileInputStream fileInputStream = new FileInputStream(file);
            byte[] bArr = new byte[fileInputStream.available()];
            fileInputStream.read(bArr, 0, bArr.length);
            fileInputStream.close();
            X509CRLObject x509CRLObject = (X509CRLObject) CertificateFactory.getInstance("X509", "Ksign").generateCRL(new ByteArrayInputStream(bArr));
            if (x509CRLObject.checkValidity(new Date())) {
                return x509CRLObject;
            }
            return null;
        } catch (Exception e) {
            KCaseLogging.print(e);
            return null;
        }
    }

    public CRL getLocalCRL(String str, String str2, boolean z) {
        try {
            if (!new File(str, str2).isDirectory()) {
                return null;
            }
            File file = new File(String.valueOf(str) + "/" + str2, z ? "cert.arl" : "cert.crl");
            if (!file.isFile()) {
                return null;
            }
            FileInputStream fileInputStream = new FileInputStream(file);
            byte[] bArr = new byte[fileInputStream.available()];
            fileInputStream.read(bArr, 0, bArr.length);
            fileInputStream.close();
            X509CRLObject x509CRLObject = (X509CRLObject) CertificateFactory.getInstance("X509", "Ksign").generateCRL(new ByteArrayInputStream(bArr));
            if (x509CRLObject.checkValidity(new Date())) {
                return x509CRLObject;
            }
            return null;
        } catch (Exception e) {
            return null;
        }
    }

    public Certificate getLocalCert(String str, String str2) {
        if (str == null) {
            return null;
        }
        try {
            if (!new File(str, str2).isDirectory()) {
                return null;
            }
            File file = new File(String.valueOf(str) + "/" + str2, "cert.der");
            if (!file.isFile()) {
                return null;
            }
            FileInputStream fileInputStream = new FileInputStream(file);
            byte[] bArr = new byte[fileInputStream.available()];
            fileInputStream.read(bArr, 0, bArr.length);
            fileInputStream.close();
            X509CertificateObject x509CertificateObject = (X509CertificateObject) CertificateFactory.getInstance("X509", "Ksign").generateCertificate(new ByteArrayInputStream(bArr));
            x509CertificateObject.checkValidity(new Date());
            return x509CertificateObject;
        } catch (Exception e) {
            return null;
        }
    }

    public Certificate getRootCert(Certificate certificate) {
        X509Certificate x509Certificate;
        if (certificate == null) {
            return null;
        }
        X509Certificate x509Certificate2 = (X509Certificate) certificate;
        String name = x509Certificate2.getIssuerDN().getName();
        Object name2 = x509Certificate2.getSubjectDN().getName();
        X509Certificate x509Certificate3 = x509Certificate2;
        while (!name.equals(name2)) {
            try {
                X509Certificate x509Certificate4 = null;
                boolean isLocalCert = isLocalCert(this.baseDir, name);
                if (0 == 0) {
                    if (isLocalCert) {
                        X509Certificate x509Certificate5 = (X509Certificate) getLocalCert(this.baseDir, name);
                        if (x509Certificate5 == null) {
                            String[] divisionFromLDAPUrl = LDAPUtil.divisionFromLDAPUrl(((X509CertificateObject) x509Certificate5).getDistributionPoint(), this.convertUrl);
                            if (divisionFromLDAPUrl == null) {
                                return null;
                            }
                            DirContext findDirContext = findDirContext(divisionFromLDAPUrl[0]);
                            if (findDirContext == null) {
                                findDirContext = LDAPUtil.createLDAP(divisionFromLDAPUrl[0], this.userLdapDN, this.password);
                                addDirContext(findDirContext);
                            }
                            if (findDirContext == null) {
                                return null;
                            }
                            X509Certificate[] findCertificatesFromLDAP = LDAPUtil.findCertificatesFromLDAP(findDirContext, name);
                            if (findCertificatesFromLDAP == null) {
                                throw new Exception("(KSign) getRootCert's LDAP Server something wrong.(Certificate1)");
                            }
                            int i = 0;
                            while (i < findCertificatesFromLDAP.length && findCertificatesFromLDAP[i] == null) {
                                i++;
                            }
                            x509Certificate = findCertificatesFromLDAP[i];
                            if (this.baseDir != null && !setLocalCert(String.valueOf(this.baseDir) + "/" + name, findCertificatesFromLDAP[i])) {
                                throw new Exception("(KSign) getRootCert's Can't write Certificate.");
                            }
                        } else {
                            x509Certificate = x509Certificate5;
                        }
                    } else {
                        String[] divisionFromLDAPUrl2 = LDAPUtil.divisionFromLDAPUrl(((X509CertificateObject) x509Certificate3).getDistributionPoint(), this.convertUrl);
                        if (divisionFromLDAPUrl2 == null) {
                            return null;
                        }
                        DirContext findDirContext2 = findDirContext(divisionFromLDAPUrl2[0]);
                        if (findDirContext2 == null) {
                            findDirContext2 = LDAPUtil.createLDAP(divisionFromLDAPUrl2[0], this.userLdapDN, this.password);
                            addDirContext(findDirContext2);
                        }
                        if (findDirContext2 == null) {
                            return null;
                        }
                        X509Certificate[] findCertificatesFromLDAP2 = LDAPUtil.findCertificatesFromLDAP(findDirContext2, name);
                        if (findCertificatesFromLDAP2 == null) {
                            throw new Exception("(KSign) getRootCert's LDAP Server something wrong.(Certificate2)");
                        }
                        int i2 = 0;
                        while (i2 < findCertificatesFromLDAP2.length && findCertificatesFromLDAP2[i2] == null) {
                            i2++;
                        }
                        x509Certificate = findCertificatesFromLDAP2[i2];
                        if (this.baseDir != null && !setLocalCert(String.valueOf(this.baseDir) + "/" + name, findCertificatesFromLDAP2[i2])) {
                            throw new Exception("(KSign) getRootCert's Can't write Certificate.");
                        }
                    }
                    name = x509Certificate.getIssuerDN().getName();
                    name2 = x509Certificate.getSubjectDN().getName();
                    x509Certificate3 = x509Certificate;
                } else {
                    if (!isLocalCert && this.baseDir != null && !setLocalCert(String.valueOf(this.baseDir) + "/" + name, null)) {
                        throw new Exception("(KSign) getRootCert's can't write Certificate.");
                    }
                    name = x509Certificate4.getIssuerDN().getName();
                    name2 = x509Certificate4.getSubjectDN().getName();
                    x509Certificate3 = null;
                }
            } catch (Exception e) {
                System.err.println("(KSign) getRootCert's Get Certificate Error : " + e.toString());
                return null;
            }
        }
        return x509Certificate3;
    }

    protected boolean intersectionAPSwithCP(Vector vector, boolean z, String[] strArr, boolean z2) {
        Vector vector2 = new Vector();
        if (vector != null && strArr != null) {
            if (z) {
                vector.removeAllElements();
                for (String str : strArr) {
                    vector.addElement(str);
                }
            } else {
                for (int i = 0; i < vector.size(); i++) {
                    String str2 = (String) vector.get(i);
                    for (int i2 = 0; i2 < strArr.length; i2++) {
                        if (str2.equals(strArr[i2])) {
                            vector2.addElement(strArr[i2]);
                        }
                    }
                }
                vector.removeAllElements();
                vector.addAll(vector2);
            }
        }
        return true;
    }

    protected boolean isIssueCert(X509CertificateObject x509CertificateObject, X509CertificateObject x509CertificateObject2) {
        return x509CertificateObject.getIssuerDN().getName().equals(x509CertificateObject2.getSubjectDN().getName());
    }

    protected boolean isKUsageCompatWithExtKUsage(X509CertificateObject x509CertificateObject) {
        int[] iArr = {0, 2, 4};
        int[] iArr2 = {0, 4};
        int[] iArr3 = new int[1];
        int[] iArr4 = {0, 1, 2, 4};
        int[] iArr5 = {0, 1};
        ASN1ObjectIdentifier[] aSN1ObjectIdentifierArr = (ASN1ObjectIdentifier[]) x509CertificateObject.getExtKeyUsage();
        boolean[] keyUsage = x509CertificateObject.getKeyUsage();
        for (int i = 0; i < aSN1ObjectIdentifierArr.length; i++) {
            if (aSN1ObjectIdentifierArr[i].equals(KeyPurposeId.id_kp_serverAuth)) {
                if (extUsages(keyUsage, iArr)) {
                    return true;
                }
            } else if (aSN1ObjectIdentifierArr[i].equals(KeyPurposeId.id_kp_clientAuth)) {
                if (extUsages(keyUsage, iArr2)) {
                    return true;
                }
            } else if (aSN1ObjectIdentifierArr[i].equals(KeyPurposeId.id_kp_codeSigning)) {
                if (extUsages(keyUsage, iArr3)) {
                    return true;
                }
            } else if (aSN1ObjectIdentifierArr[i].equals(KeyPurposeId.id_kp_emailProtection)) {
                if (extUsages(keyUsage, iArr4)) {
                    return true;
                }
            } else if (aSN1ObjectIdentifierArr[i].equals(KeyPurposeId.id_kp_timeStamping) && extUsages(keyUsage, iArr5)) {
                return true;
            }
        }
        return false;
    }

    public boolean isLocalCRL(String str, String str2) {
        try {
            if (new File(str, str2).isDirectory()) {
                return new File(new StringBuilder(String.valueOf(str)).append("/").append(str2).toString(), "cert.crl").isFile();
            }
            return false;
        } catch (Exception e) {
            return false;
        }
    }

    public boolean isLocalCRL(String str, String str2, boolean z) {
        try {
            if (new File(str, str2).isDirectory()) {
                return new File(new StringBuilder(String.valueOf(str)).append("/").append(str2).toString(), z ? "cert.arl" : "cert.crl").isFile();
            }
            return false;
        } catch (Exception e) {
            return false;
        }
    }

    public boolean isLocalCert(String str, String str2) {
        if (str == null) {
            return false;
        }
        try {
            if (new File(str, str2).isDirectory()) {
                return new File(new StringBuilder(String.valueOf(str)).append("/").append(str2).toString(), "cert.der").isFile();
            }
            return false;
        } catch (Exception e) {
            return false;
        }
    }

    public void isLocalSaveCRL(boolean z) {
        this.isLocalSaveCRL = z;
    }

    protected boolean isNameConsistentwithNamingConstraint(X509CertificateObject x509CertificateObject) {
        return true;
    }

    protected X509Certificate obtainHigherCert(X509Certificate x509Certificate) {
        X509Certificate x509Certificate2;
        KCaseLogging.println("obtainHigherCert : assigndCert : " + x509Certificate.getIssuerDN().getName());
        String[] divisionFromLDAPUrl = ((X509CertificateObject) x509Certificate).isAuthorityInfoAccess() ? LDAPUtil.divisionFromLDAPUrl(((X509CertificateObject) x509Certificate).getAuthorityInfoAccess()) : LDAPUtil.divisionFromLDAPUrl(((X509CertificateObject) x509Certificate).getDistributionPoint());
        String name = x509Certificate.getIssuerDN().getName();
        String name2 = x509Certificate.getSubjectDN().getName();
        if (divisionFromLDAPUrl == null && !name.equalsIgnoreCase(name2)) {
            JCEUtil.setErrorcode("50006");
            throw new NamingException("(KSign) setCertListFromLdap3280' ldapurl generate error");
        }
        KCaseLogging.println("<<KSign>> Connect url: " + divisionFromLDAPUrl[0]);
        if (!divisionFromLDAPUrl[0].startsWith("http")) {
            return (!isLocalCert(this.baseDir, name) || (x509Certificate2 = (X509Certificate) getLocalCert(this.baseDir, name)) == null) ? queryCertfromLDAP(x509Certificate, divisionFromLDAPUrl[0]) : x509Certificate2;
        }
        URL url = new URL(divisionFromLDAPUrl[0]);
        KCaseLogging.println("cert url is : " + divisionFromLDAPUrl[0]);
        InputStream openStream = url.openStream();
        X509Certificate x509Certificate3 = (X509Certificate) CertificateFactory.getInstance("X.509", "Ksign").generateCertificate(openStream);
        openStream.close();
        return x509Certificate3;
    }

    protected X509Certificate queryCertfromLDAP(X509Certificate x509Certificate, String str) {
        X509Certificate x509Certificate2;
        KCaseLogging.println("find DirContext :: url = " + str);
        KCaseLogging.println(">>Jenny ldapUrl : " + str);
        DirContext findDirContext = findDirContext(str);
        if (findDirContext == null) {
            KCaseLogging.println("dirContext is null. ==> createLDAP :: url = [" + str + "] ,userLdapDN = [" + this.userLdapDN + "] ,password = [" + this.password + "]");
            findDirContext = LDAPUtil.createLDAP(str, this.userLdapDN, this.password);
            addDirContext(findDirContext);
        }
        DirContext dirContext = findDirContext;
        if (dirContext == null) {
            JCEUtil.setErrorcode("50031");
            throw new NamingException("(KSign) setCertListFromLdap3280's No directory server information.");
        }
        X509Certificate[] findCertificatesFromLDAP = LDAPUtil.findCertificatesFromLDAP(dirContext, ((X509CertificateObject) x509Certificate).getIssuerDN2().getName());
        int i = 0;
        while (true) {
            if (i >= findCertificatesFromLDAP.length) {
                x509Certificate2 = null;
                break;
            }
            if (findCertificatesFromLDAP[i] != null) {
                x509Certificate2 = findCertificatesFromLDAP[i];
                break;
            }
            i++;
        }
        if (x509Certificate2 == null) {
            JCEUtil.setErrorcode("40015");
            throw new ValidateException("(KSign) setCertListFromLdap3280's Certificate's path building Error");
        }
        KCaseLogging.println("assigndCertDN:" + x509Certificate.getSubjectDN());
        KCaseLogging.println("higerCert" + x509Certificate2.getSubjectDN());
        if (this.baseDir == null || setLocalCert(String.valueOf(this.baseDir) + "/" + x509Certificate.getIssuerDN().getName(), x509Certificate2)) {
            return x509Certificate2;
        }
        throw new ValidateException("(KSign) setCertListFromLdap3280's Can't store Certificate.");
    }

    public void setADLdapInfo(String str, String str2) {
        this.userLdapDN = str;
        this.password = str2;
    }

    public void setCert3280DN(String str) {
        this.Cert3280DN = str;
    }

    public boolean setInitialPolicy(String str, boolean z) {
        this.m_initialPolicySet = null;
        this.m_bInitialPolicySet_any = z;
        if (z) {
        }
        this.m_initialPolicySet = new Vector();
        StringTokenizer stringTokenizer = new StringTokenizer(str, "|");
        while (stringTokenizer.hasMoreTokens()) {
            this.m_initialPolicySet.addElement(stringTokenizer.nextToken());
        }
        return true;
    }

    public boolean setLocalCRL(String str, CRL crl) {
        try {
            if (str == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) setLocalCRL's crl path is null");
            }
            if (crl == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) setLocalCRL's crl value is null");
            }
            File file = new File(str);
            if (!file.isDirectory() && !file.mkdir()) {
                JCEUtil.setErrorcode("20005");
                throw new ValidateException("(KSign) setLocalCRL's directory generate error");
            }
            byte[] encoded = ((X509CRLObject) crl).getEncoded();
            FileOutputStream fileOutputStream = new FileOutputStream(String.valueOf(str) + "/cert.crl");
            fileOutputStream.write(encoded, 0, encoded.length);
            fileOutputStream.close();
            return true;
        } catch (FileNotFoundException e) {
            JCEUtil.setErrorcode("20004");
            throw new ValidateException("(KSign) ValidateCert : setLocalCRL's CRL file generate error    " + e.toString());
        } catch (IOException e2) {
            JCEUtil.setErrorcode("300028");
            throw new ValidateException("(KSign) ValidateCert : setLocalCRL's CRL store error    " + e2.toString());
        } catch (Exception e3) {
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("300028");
            }
            throw new ValidateException("(KSign)  ValidateCert : setLocalCRL process Error    " + e3.toString());
        }
    }

    public boolean setLocalCRL(String str, CRL crl, boolean z) {
        try {
            if (str == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) setLocalCRL's crl path is null");
            }
            if (crl == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) setLocalCRL's crl value is null");
            }
            File file = new File(str);
            if (!file.isDirectory() && !file.mkdir()) {
                JCEUtil.setErrorcode("20005");
                throw new ValidateException("(KSign) setLocalCRL's directory generate error");
            }
            byte[] encoded = ((X509CRLObject) crl).getEncoded();
            FileOutputStream fileOutputStream = new FileOutputStream(String.valueOf(str) + (z ? "/cert.arl" : "/cert.crl"));
            fileOutputStream.write(encoded, 0, encoded.length);
            fileOutputStream.close();
            return true;
        } catch (FileNotFoundException e) {
            JCEUtil.setErrorcode("20004");
            throw new ValidateException("(KSign) ValidateCert : setLocalCRL's CRL file generate error    " + e.toString());
        } catch (IOException e2) {
            JCEUtil.setErrorcode("300028");
            throw new ValidateException("(KSign) ValidateCert : setLocalCRL's CRL store error    " + e2.toString());
        } catch (Exception e3) {
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("300028");
            }
            throw new ValidateException("(KSign)  ValidateCert : setLocalCRL process Error    " + e3.toString());
        }
    }

    public boolean setLocalCert(String str, Certificate certificate) {
        try {
            KCaseLogging.println("certPath : " + str);
            if (str == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) setLocalCert's cert path is null");
            }
            if (certificate == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) setLocalCert's certificate value is null");
            }
            File file = new File(str);
            if (!file.isDirectory() && !file.mkdir()) {
                JCEUtil.setErrorcode("20005");
                throw new ValidateException("(KSign) setLocalCert's directory generate error");
            }
            byte[] encoded = certificate.getEncoded();
            FileOutputStream fileOutputStream = new FileOutputStream(String.valueOf(str) + "/cert.der");
            fileOutputStream.write(encoded, 0, encoded.length);
            fileOutputStream.close();
            return true;
        } catch (FileNotFoundException e) {
            JCEUtil.setErrorcode("20004");
            throw new ValidateException("(KSign) ValidateCert : setLocalCert's certificate file generate error    " + e.toString());
        } catch (IOException e2) {
            JCEUtil.setErrorcode("40013");
            throw new ValidateException("(KSign) ValidateCert : setLocalCert's certificate store error    " + e2.toString());
        } catch (Exception e3) {
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("40013");
            }
            throw new ValidateException("(KSign)  ValidateCert : setLocalCert process Error    " + e3.toString());
        }
    }

    public void setValidateOption(boolean z, int i) {
        this.m_bPathValidationOp = z;
        this.m_nCrlCheckOption = i;
    }

    public boolean validateCertificateFromLDAP(Certificate[] certificateArr, int i) {
        KCaseLogging.println("<<KSign>> validateCertificateFromLDAP Start");
        try {
            if (certificateArr == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) validateCertificateFromLDAP's input cert value is null");
            }
            X509CertificateObject x509CertificateObject = (X509CertificateObject) certificateArr[0];
            KCaseLogging.println("<<KSign>> Input Cert's Subject DN : " + x509CertificateObject.getSubjectDN().getName());
            if (x509CertificateObject.isCert3280() || x509CertificateObject.isCert3280DN(x509CertificateObject.getSubjectDN().getName(), getCert3280DN())) {
                validateCertificateChain_3280(x509CertificateObject, constructCertificatChain_3280(x509CertificateObject, this.m_bPathValidationOp), this.m_bPathValidationOp, i, true);
            } else {
                validateCertificateChain_2459(x509CertificateObject, constructCertificatChain_2459(x509CertificateObject, this.m_bPathValidationOp), this.m_bPathValidationOp, i, true);
            }
            return true;
        } catch (Exception e) {
            KCaseLogging.print(e);
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("300032");
            }
            throw new ValidateException("(KSign) ValidateCert : validateCertificateFromLDAP's process Error    " + e.toString());
        }
    }

    public boolean validateCertificateFromLDAP(Certificate[] certificateArr, int i, int i2) {
        KCaseLogging.println("<<KSign>> validateCertificateFromLDAP Start");
        try {
            if (certificateArr == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) validateCertificateFromLDAP's input cert value is null");
            }
            X509CertificateObject x509CertificateObject = (X509CertificateObject) certificateArr[0];
            KCaseLogging.println("<<KSign>> Input Cert's Subject DN : " + x509CertificateObject.getSubjectDN().getName());
            if (i2 == 1) {
                x509CertificateObject.checkValidity();
            } else {
                if (x509CertificateObject.isCert3280() || x509CertificateObject.isCert3280DN(x509CertificateObject.getSubjectDN().getName(), getCert3280DN())) {
                    validateCertificateChain_3280(x509CertificateObject, constructCertificatChain_3280(x509CertificateObject, this.m_bPathValidationOp), this.m_bPathValidationOp, i, true);
                } else {
                    validateCertificateChain_2459(x509CertificateObject, constructCertificatChain_2459(x509CertificateObject, this.m_bPathValidationOp), this.m_bPathValidationOp, i, true);
                }
                closeDirContexts();
            }
            return true;
        } catch (Exception e) {
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("300032");
            }
            throw new ValidateException("(KSign) ValidateCert : validateCertificateFromLDAP's process Error    " + e.toString());
        }
    }

    public boolean validateCertificateFromLDAP2(Certificate[] certificateArr, int i) {
        X509CertificateObject x509CertificateObject = (X509CertificateObject) certificateArr[0];
        validateCertificateChain_3280(x509CertificateObject, constructCertificatChain_3280(x509CertificateObject, this.m_bPathValidationOp), this.m_bPathValidationOp, i, true);
        return true;
    }

    public boolean validateCertificateNPKI_GPKI(Certificate[] certificateArr, int i) {
        int i2 = 0;
        KCaseLogging.println("<<KSign>> validateCertificateNPKI_GPKI Start");
        try {
            if (certificateArr == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) validateCertificateNPKI_GPKI's input cert value is null");
            }
            X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
            while (true) {
                int i3 = i2;
                if (i3 >= certificateArr.length) {
                    KCaseLogging.println("<<KSign>> validate Certificate DN : " + x509CertificateArr[0].getSubjectDN().getName());
                    boolean validateCertificateFromLDAP = validateCertificateFromLDAP(certificateArr, i);
                    KCaseLogging.println("<<KSign>> validateCertificateNPKI_GPKI End");
                    return validateCertificateFromLDAP;
                }
                x509CertificateArr[i3] = (X509Certificate) certificateArr[i3];
                i2 = i3 + 1;
            }
        } catch (Exception e) {
            KCaseLogging.print(e);
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("300032");
            }
            throw new ValidateException("(KSign) ValidateCert : validateCertificateNPKI_GPKI's process Error    " + e.toString());
        }
    }

    public boolean validateCertificateNPKI_GPKI(Certificate[] certificateArr, String str, int i) {
        int i2 = 0;
        KCaseLogging.println("<<KSign>> validateCertificateNPKI_GPKI Start");
        try {
            if (certificateArr == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) validateCertificateNPKI_GPKI's input cert value is null");
            }
            X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
            while (true) {
                int i3 = i2;
                if (i3 >= certificateArr.length) {
                    KCaseLogging.println("<<KSign>> �뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕�뜝�뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 : " + x509CertificateArr[0].getSubjectDN().getName());
                    boolean validateCertificateFromLDAP = validateCertificateFromLDAP(certificateArr, i);
                    KCaseLogging.println("<<KSign>> validateCertificateNPKI_GPKI End(result :: " + validateCertificateFromLDAP + ")");
                    return validateCertificateFromLDAP;
                }
                x509CertificateArr[i3] = (X509Certificate) certificateArr[i3];
                i2 = i3 + 1;
            }
        } catch (Exception e) {
            KCaseLogging.print(e);
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("300032");
            }
            throw new ValidateException("(KSign) ValidateCert : validateCertificateNPKI_GPKI's process Error    " + e.toString());
        }
    }

    public boolean validateCertificateNPKI_GPKI(Certificate[] certificateArr, String str, int i, String str2, String str3, String str4, String str5) {
        KCaseLogging.println("<<KSign>> validateCertificateNPKI_GPKI Start");
        try {
            if (certificateArr == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) validateCertificateNPKI_GPKI's input cert value is null");
            }
            X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
            int i2 = 0;
            while (true) {
                int i3 = i2;
                if (i3 >= certificateArr.length) {
                    boolean validateCertificateFromLDAP = validateCertificateFromLDAP(certificateArr, i);
                    KCaseLogging.println("<<KSign>> validateCertificateNPKI_GPKI End(result :: " + validateCertificateFromLDAP + ")");
                    return validateCertificateFromLDAP;
                }
                x509CertificateArr[i3] = (X509Certificate) certificateArr[i3];
                i2 = i3 + 1;
            }
        } catch (Exception e) {
            KCaseLogging.print(e);
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("300032");
            }
            throw new ValidateException("(KSign) ValidateCert : validateCertificateNPKI_GPKI's process Error    " + e.toString());
        }
    }

    protected boolean verifyCertificate3280(X509CertificateObject x509CertificateObject, X509CertificateObject x509CertificateObject2, int i, int i2, String str) {
        boolean z;
        boolean z2;
        boolean z3;
        X509CRL[] x509crlArr;
        X509CRL[] x509crlArr2;
        DirContext dirContext;
        boolean z4;
        X509CRLEntryObject x509CRLEntryObject;
        X509CRLEntryObject x509CRLEntryObject2;
        KCaseLogging.println("<<KSign>> verifyCertificate3280 Start");
        try {
            String name = x509CertificateObject.getIssuerDN().getName();
            String name2 = x509CertificateObject.getSubjectDN().getName();
            KCaseLogging.println("<<KSign>> �뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕�뜝�뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 " + name2);
            if (!name.equals(name2)) {
                z = false;
                z2 = false;
            } else {
                if (!x509CertificateObject.isBasicConstraintscA()) {
                    JCEUtil.setErrorcode("50016");
                    throw new ValidateException("(KSign) 3280's Root CA Cert format Wrong");
                }
                z = true;
                z2 = true;
            }
            if (!x509CertificateObject.isBasicConstraintsPathLenghtConstraint()) {
                z3 = z2;
            } else {
                if (!x509CertificateObject.isBasicConstraintscA()) {
                    JCEUtil.setErrorcode("50016");
                    throw new ValidateException("(KSign) 3280's CA Cert format Wrong");
                }
                z3 = true;
            }
            KCaseLogging.println("<<KSign>> �뜝�룞�삕�뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 CRL �뜝�룞�삕�뜝�룞�삕 Start");
            String[] divisionFromLDAPUrl = LDAPUtil.divisionFromLDAPUrl(x509CertificateObject.getDistributionPoint(), this.convertUrl);
            if (divisionFromLDAPUrl == null && !z) {
                JCEUtil.setErrorcode("50006");
                throw new NamingException("(KSign) verifyCertificate3280's not found CRL DP's ldap-url from 3280 Cert.");
            }
            if (divisionFromLDAPUrl != null) {
                String removeDNQuotation = divisionFromLDAPUrl[1].indexOf("\"") != -1 ? removeDNQuotation(divisionFromLDAPUrl[1]) : divisionFromLDAPUrl[1].indexOf("\\") != -1 ? removeDNQuotation2(divisionFromLDAPUrl[1]) : divisionFromLDAPUrl[1];
                divisionFromLDAPUrl[0] = str;
                KCaseLogging.println("<<KSign>> CRL DP's information url    : " + divisionFromLDAPUrl[0]);
                KCaseLogging.println("<<KSign>> CRL DP's information crl dn : " + removeDNQuotation);
                if (this.m_nCrlCheckOption == 0 || (!z3 && this.m_nCrlCheckOption == 1)) {
                    DirContext findDirContext = findDirContext(divisionFromLDAPUrl[0]);
                    boolean isLocalCRL = this.isLocalSaveCRL ? isLocalCRL(this.baseDir, removeDNQuotation) : false;
                    if ((findDirContext == null && !isLocalCRL) || (findDirContext == null && this.baseDir == null)) {
                        findDirContext = LDAPUtil.createLDAP(divisionFromLDAPUrl[0], this.userLdapDN, this.password);
                        addDirContext(findDirContext);
                    }
                    if ((findDirContext == null && !isLocalCRL) || (findDirContext == null && this.baseDir == null)) {
                        JCEUtil.setErrorcode("50031");
                        throw new ValidateException("(KSign) verifyCertificate3280's No directory server information.");
                    }
                    if (this.baseDir == null) {
                        x509crlArr2 = LDAPUtil.findCRLFromLDAP(findDirContext, divisionFromLDAPUrl[1], z3);
                    } else {
                        X509CRL x509crl = this.isLocalSaveCRL ? (X509CRL) getLocalCRL(this.baseDir, removeDNQuotation) : null;
                        if (x509crl == null) {
                            if (findDirContext == null) {
                                dirContext = LDAPUtil.createLDAP(divisionFromLDAPUrl[0], this.userLdapDN, this.password);
                                addDirContext(dirContext);
                            } else {
                                dirContext = findDirContext;
                            }
                            x509crlArr = LDAPUtil.findCRLFromLDAP(dirContext, divisionFromLDAPUrl[1], z3);
                            if (0 < x509crlArr.length && this.isLocalSaveCRL && !setLocalCRL(String.valueOf(this.baseDir) + "/" + removeDNQuotation, x509crlArr[0])) {
                                throw new ValidateException("(KSign) verifyCertificate3280's CRL not store");
                            }
                        } else {
                            x509crlArr = new X509CRL[]{x509crl};
                        }
                        x509crlArr2 = x509crlArr;
                    }
                    KCaseLogging.println("<<KSign>> crl�뜝�룞�삕 �뜝�뙥源띿삕�뜝�룞�삕 : " + x509crlArr2[0].getIssuerDN().getName());
                    KCaseLogging.println("<<KSign>> CRL�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕 �뜝�떎�뼲�삕�뜝�룞�삕�뜝泥댄겕 : OK");
                    if (0 < x509crlArr2.length) {
                        if (((X509CRLObject) x509crlArr2[0]).isIndirectCRL()) {
                            KCaseLogging.println("<<KSign> IndirectCRL true");
                            z4 = x509CertificateObject.getCRLDPcRLIssuer().equalsIgnoreCase(((X509CRLObject) x509crlArr2[0]).getIssuerDN2().getName());
                        } else {
                            KCaseLogging.println("<<KSign> IndirectCRL false");
                            z4 = true;
                        }
                        if (!z4) {
                            JCEUtil.setErrorcode("300017");
                            throw new ValidateException("(KSign)verifyCertificate3280's 3280 Cert : CRL issuer something wrong");
                        }
                        KCaseLogging.println("<<KSign>> CRL �뜝�뙥源띿삕�뜝�뙓怨ㅼ삕 �뜝�떆諛붾챿�삕�뜝�룞�삕 泥댄겕 : " + z4);
                        if (x509CertificateObject.getCRLDPcRLIssuer() == null && !x509CertificateObject.getIssuerDN2().getName().equalsIgnoreCase(((X509CRLObject) x509crlArr2[0]).getIssuerDN2().getName())) {
                            JCEUtil.setErrorcode("300021");
                            throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert : subjectCert isser DN different CRL issuer DN");
                        }
                        KCaseLogging.println("<<KSign>> CRL �뜝�뙥源띿삕�뜝�룞�삕 DN�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕 OK");
                        if (((X509CRLObject) x509crlArr2[0]).getIssuingDistributionPointName() != null) {
                            if (x509CertificateObject.isCRLDPDistributionPointName()) {
                                String[] divisionFromLDAPUrl2 = LDAPUtil.divisionFromLDAPUrl(((X509CRLObject) x509crlArr2[0]).getIssuingDistributionPointName());
                                String[] divisionFromLDAPUrl3 = LDAPUtil.divisionFromLDAPUrl(x509CertificateObject.getDistributionPoint());
                                if (!divisionFromLDAPUrl2[0].equalsIgnoreCase(divisionFromLDAPUrl3[0]) || !divisionFromLDAPUrl2[1].equalsIgnoreCase(divisionFromLDAPUrl3[1])) {
                                    JCEUtil.setErrorcode("300022");
                                    throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert : CRLIDP DistributionPointName 1 different IDP DistributionPointName");
                                }
                            } else if (!LDAPUtil.divisionFromLDAPUrl(((X509CRLObject) x509crlArr2[0]).getIssuingDistributionPointName())[1].equalsIgnoreCase(x509CertificateObject.getCRLDPcRLIssuer())) {
                                JCEUtil.setErrorcode("300022");
                                throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert : CRLIDP DistributionPointName 2 different IDP DistributionPointName");
                            }
                        }
                        KCaseLogging.println("<<KSign>> CRL�뜝�룞�삕 IDP �뜝�룞�삕�뜝�룞�삕 OK : " + ((X509CRLObject) x509crlArr2[0]).getIssuingDistributionPointName());
                        if (x509CertificateObject.getExtensionCritial(X509Extension.keyUsage) && !checkKeyUsage(x509CertificateObject2, 6)) {
                            JCEUtil.setErrorcode("300024");
                            throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert : cRLSign Key usage error.");
                        }
                        KCaseLogging.println("<<KSign>> Key Usage�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕 OK");
                        if (this.m_nCrlCheckOption == 1) {
                            if (!z3) {
                                ((X509CRLObject) x509crlArr2[0]).verify(x509CertificateObject2.getPublicKey(), "Ksign");
                            }
                        } else if (this.m_nCrlCheckOption == 0) {
                            ((X509CRLObject) x509crlArr2[0]).verify(x509CertificateObject2.getPublicKey(), "Ksign");
                        }
                        KCaseLogging.println("<<KSign>> ARL/CRL�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕 OK ");
                        if (this.m_nCrlCheckOption == 1) {
                            if (!z3) {
                                if (((X509CRLObject) x509crlArr2[0]).isRevoked(x509CertificateObject)) {
                                    JCEUtil.setErrorcode("50010");
                                    throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert : This Certificate3280 is revoked");
                                }
                                if (x509CertificateObject.getCRLDPcRLIssuer() != null && (x509CRLEntryObject2 = (X509CRLEntryObject) ((X509CRLObject) x509crlArr2[0]).getRevokedCertificate(x509CertificateObject.getSerialNumber())) != null && !x509CertificateObject.getIssuerDN().getName().equalsIgnoreCase(x509CRLEntryObject2.getcertificateIssuer())) {
                                    JCEUtil.setErrorcode("300025");
                                    throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert : Cert's Issuer DN value and CRL Entry Extensions's certificateIssuer something wrong");
                                }
                            }
                        } else if (this.m_nCrlCheckOption == 0) {
                            if (((X509CRLObject) x509crlArr2[0]).isRevoked(x509CertificateObject)) {
                                JCEUtil.setErrorcode("50010");
                                throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert : This Certificate3280 is revoked");
                            }
                            if (x509CertificateObject.getCRLDPcRLIssuer() != null && (x509CRLEntryObject = (X509CRLEntryObject) ((X509CRLObject) x509crlArr2[0]).getRevokedCertificate(x509CertificateObject.getSerialNumber())) != null && !x509CertificateObject.getIssuerDN().getName().equalsIgnoreCase(x509CRLEntryObject.getcertificateIssuer())) {
                                JCEUtil.setErrorcode("300025");
                                throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert : Cert's Issuer DN value and CRL Entry Extensions's certificateIssuer something wrong");
                            }
                        }
                        KCaseLogging.println("<<KSign>> �뜝�룞�삕�뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 �뜝�떗�뼲�삕�뜝�룞�삕");
                    }
                }
            }
            if (this.m_bPathValidationOp) {
                x509CertificateObject.verify(x509CertificateObject2.getPublicKey(), "Ksign");
            }
            x509CertificateObject.checkValidity();
            if (this.m_bPathValidationOp && !z && !isCertIssuedbyIssuerCert(x509CertificateObject, x509CertificateObject2)) {
                JCEUtil.setErrorcode("50011");
                throw new ValidateException("(KSign) verifyCertificate3280's : Subject 3280 Cert is not Issuer 3280 Cert Error!!! ");
            }
            KCaseLogging.println("<<KSign>> �뜝�뜦蹂� �뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕 OK");
            if (!z) {
                checkPermittedDN(this.permittedSubtreesDN, x509CertificateObject.getSubjectDN().getName());
                checkExcludedDN(this.excludedSubtreesDN, x509CertificateObject.getSubjectDN().getName());
                if (x509CertificateObject.getSANSubjectAltName() != null) {
                    if (x509CertificateObject.getSubjectAlternativeNamerfc822Name() != null) {
                        checkPermittedrfc822Name(this.permittedSubtreesrfc822Name, x509CertificateObject.getSubjectAlternativeNamerfc822Name());
                        checkExcludedrfc822Name(this.excludedSubtreesrfc822Name, x509CertificateObject.getSubjectAlternativeNamerfc822Name());
                    } else if (x509CertificateObject.getSubjectAlternativeNamedNSName() != null) {
                        checkPermitteddNSName(this.permittedSubtreesDN, x509CertificateObject.getSubjectAlternativeNamedNSName());
                        checkExcludeddNSName(this.excludedSubtreesDN, x509CertificateObject.getSubjectAlternativeNamedNSName());
                    } else if (x509CertificateObject.getSubjectAlternativeNameDN() != null) {
                        checkPermittedDN(this.permittedSubtreesDN, x509CertificateObject.getSubjectAlternativeNameDN());
                        checkExcludedDN(this.excludedSubtreesDN, x509CertificateObject.getSubjectAlternativeNameDN());
                    }
                }
            }
            KCaseLogging.println("<<KSign>> Root CA �뜝�룞�삕�뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 �뜝�뜫媛��뜝�룞�삕 �뜝�룞�삕移��뜝�룞�삕�뜝�룞�삕 & �뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕移� �뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕 OK");
            if (!z3) {
                if (x509CertificateObject.getPolicy() == null) {
                    JCEUtil.setErrorcode("20007");
                    throw new ValidateException("(KSign) verifyCertificate3280's : Subject 3280 Cert's policy is null");
                }
                if (!checkCertificatePolicies3280(x509CertificateObject)) {
                    JCEUtil.setErrorcode("50013");
                    throw new ValidateException("(KSign) verifyCertificate3280's : Subject 3280 Cert's Mismatched certificate policy.");
                }
            }
            KCaseLogging.println("<<KSign>> �뜝�룞�삕�슚�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕梨끻뜝�룞�삕 泥섇뜝�룞�삕 OK");
            if (x509CertificateObject.getPolicyMappings() != null) {
                for (int i3 = 0; i3 < x509CertificateObject.getPolicyMappings().length; i3++) {
                    if (ANY_POLICY.equals(x509CertificateObject.getPolicyMappings()[i3].toString())) {
                        JCEUtil.setErrorcode("300026");
                        throw new ValidateException("(KSign) verifyCertificate3280's : 3280 Cert's IssuerDomainPolicy && SubjectDomainPolicy is anyPolicy");
                    }
                }
            }
            KCaseLogging.println("<<KSign>> �뜝�룞�삕�뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕梨� �뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕 OK");
            if (x509CertificateObject.getNameConstraintPermittedSubtrees() != null) {
                switch (x509CertificateObject.getSubjectAlternativeNameflag()) {
                    case 2:
                        this.permittedSubtreesrfc822Name = intersectrfc822Name(this.permittedSubtreesrfc822Name, x509CertificateObject.getNameConstraintPermittedSubtrees());
                        break;
                    case 3:
                        this.permittedSubtreesdNSName = intersectdNSName(this.permittedSubtreesdNSName, x509CertificateObject.getNameConstraintPermittedSubtrees());
                        break;
                    case 5:
                        this.permittedSubtreesDN = intersectDN(this.permittedSubtreesDN, x509CertificateObject.getNameConstraintPermittedSubtrees());
                        break;
                }
            }
            if (x509CertificateObject.getNameConstraintsExcludedSubtrees() != null) {
                switch (x509CertificateObject.getSubjectAlternativeNameflag()) {
                    case 2:
                        this.excludedSubtreesrfc822Name = unionrfc822Name(this.permittedSubtreesrfc822Name, x509CertificateObject.getNameConstraintPermittedSubtrees());
                        break;
                    case 3:
                        this.excludedSubtreesdNSName = uniondNSName(this.permittedSubtreesdNSName, x509CertificateObject.getNameConstraintPermittedSubtrees());
                        break;
                    case 5:
                        this.excludedSubtreesDN = unionDN(this.permittedSubtreesDN, x509CertificateObject.getNameConstraintPermittedSubtrees());
                        break;
                }
            }
            KCaseLogging.println("<<KSign>> �뜝�룞�삕移� �뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕�뜝�뜝�룞�삕�뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 �뜝�뜾�꽕�뜝�룞�삕 OK");
            if (!z) {
                if (this.explicitPolicy != 0) {
                    this.explicitPolicy--;
                }
                if (this.policyMapping != 0) {
                    this.policyMapping--;
                }
                if (this.inhibitAnyPolicy != 0) {
                    this.inhibitAnyPolicy--;
                }
                if (x509CertificateObject.isPolicyConstraintsRep() && x509CertificateObject.getPolicyConstraintsRep() < this.explicitPolicy) {
                    this.explicitPolicy = x509CertificateObject.getPolicyConstraintsRep();
                }
            }
            KCaseLogging.println("<<KSign>> �뜝�룞�삕梨끻뜝�룞�삕�뜝�뜝�룞�삕�뜝�듅釉앹삕�뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 �뜝�뜾�꽕�뜝�룞�삕 OK");
            if (!z) {
                if (this.maxPathLenght > 0) {
                    this.maxPathLenght--;
                }
                if (x509CertificateObject.isBasicConstraintsPathLenghtConstraint() && x509CertificateObject.getBasicConstraintsPathLenghtConstraint() < this.maxPathLenght) {
                    this.maxPathLenght = x509CertificateObject.getBasicConstraintsPathLenghtConstraint();
                }
            }
            if (z3) {
                if (!z && !x509CertificateObject.getExtensionCritial(X509Extension.keyUsage)) {
                    JCEUtil.setErrorcode("20007");
                    throw new ValidateException("(KSign) verifyCertificate3280's 3280 CA Cert�뜝�룞�삕 key usage is null");
                }
                if (x509CertificateObject.getExtensionCritial(X509Extension.keyUsage) && !checkKeyUsage(x509CertificateObject, 5)) {
                    JCEUtil.setErrorcode("300023");
                    throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert CA's  Key usage's is not keyCertSign value");
                }
            } else if (i != 4) {
                if (x509CertificateObject.getKeyUsage() == null) {
                    JCEUtil.setErrorcode("20007");
                    throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert's Key usage field is null.");
                }
                if (!checkCertUsage(x509CertificateObject, i)) {
                    JCEUtil.setErrorcode("50023");
                    throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert's Key usage error.");
                }
            }
            KCaseLogging.println("<KSign> key usage �솗�뜝�룞�삕 �뜝�떗�뱶媛� KeyCertSign �뜝�룞�삕�듃�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕 OK");
            if (!z && this.explicitPolicy != 0) {
                this.explicitPolicy--;
            }
            if (x509CertificateObject.isPolicyConstraintsRep() && x509CertificateObject.getPolicyConstraintsRep() < this.explicitPolicy) {
                this.explicitPolicy = x509CertificateObject.getPolicyConstraintsRep();
            }
            KCaseLogging.println("<<KSign>> verifyCertificate3280 End");
            KCaseLogging.println("<<KSign>> verifyCertificate3280 End");
            return true;
        } catch (Exception e) {
            KCaseLogging.print(e);
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("300032");
            }
            throw new ValidateException("(KSign) ValidateCert : verifyCertificate3280's process Error    " + e.toString());
        }
    }
}
