package com.ksign.wizsign.others.crl;

import com.ksign.KCaseLogging;
import com.ksign.asn1.x509.X509Extension;
import com.ksign.util.Arrays;
import com.novell.ldap.LDAPConnection;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.StringTokenizer;
import java.util.Vector;
import ksign.jce.provider.x509.X509CRLEntryObject;
import ksign.jce.provider.x509.X509CRLObject;
import ksign.jce.provider.x509.X509CertificateObject;
import ksign.jce.util.HexPrint;
import ksign.jce.util.JCEUtil;

/* loaded from: classes.dex */
public class WizsignValidateCert {
    private static final String ANY_POLICY = "2.5.29.32.0";
    public static final int KCE_ALLUSAGE_CERT = 4;
    public static final int KCE_KM_CERT = 1;
    public static final int KCE_SN_CERT = 2;
    public static final int KCE_TSA_CERT = 3;
    public static final int KCV_CHECK_FULL_CRL = 0;
    public static final int KCV_CHECK_USER_CRL_ONLY = 1;
    private static final int MAX_CA_PATH_LEN = 1000;
    private static final int MAX_DIRCONTEXT_NO = 10;
    protected String Cert3280DN;
    private String baseDir;
    private Hashtable convertUrl;
    private Vector excludedSubtreesDN;
    private Vector excludedSubtreesdNSName;
    private Vector excludedSubtreesrfc822Name;
    private int explicitPolicy;
    private int inhibitAnyPolicy;
    private boolean initialAnyPolicyInhibit;
    private boolean initialExplicitPolicy;
    private boolean initialPolicyMappingInhibit;
    private boolean isLocalSaveCRL;
    private Vector m_acceptablePolicySet;
    private boolean m_bAcceptablePolicySet_any;
    private boolean m_bInitialPolicySet_any;
    private boolean m_bPathValidationOp;
    private Vector m_initialPolicySet;
    private int m_nCAPathLen;
    private int m_nCrlCheckOption;
    private int m_nExplicitPolicy;
    private int m_nPolicyMapping;
    private int m_nValidateNo;
    private int maxPathLenght;
    private int n;
    private String password;
    private Vector permittedSubtreesDN;
    private Vector permittedSubtreesdNSName;
    private Vector permittedSubtreesrfc822Name;
    private int policyMapping;
    private Date presentTime;
    private String strldapUrl;
    private String userLdapDN;

    public WizsignValidateCert() {
        this.m_bPathValidationOp = true;
        this.m_nCrlCheckOption = 0;
        this.m_bInitialPolicySet_any = true;
        this.m_initialPolicySet = null;
        this.isLocalSaveCRL = true;
        this.userLdapDN = null;
        this.password = null;
        this.m_nExplicitPolicy = 0;
        this.m_nPolicyMapping = 0;
        this.m_nCAPathLen = 0;
        this.m_nValidateNo = 0;
        this.m_bAcceptablePolicySet_any = true;
        this.m_acceptablePolicySet = null;
        this.baseDir = null;
        this.Cert3280DN = "AccreditedCA";
        this.n = 0;
        this.presentTime = null;
        this.initialPolicyMappingInhibit = false;
        this.initialExplicitPolicy = true;
        this.initialAnyPolicyInhibit = false;
        this.permittedSubtreesDN = null;
        this.permittedSubtreesrfc822Name = null;
        this.permittedSubtreesdNSName = null;
        this.excludedSubtreesDN = null;
        this.excludedSubtreesrfc822Name = null;
        this.excludedSubtreesdNSName = null;
        this.convertUrl = null;
        try {
            jbInit_wizsign();
        } catch (Exception e) {
        }
    }

    public WizsignValidateCert(String str) {
        this.m_bPathValidationOp = true;
        this.m_nCrlCheckOption = 0;
        this.m_bInitialPolicySet_any = true;
        this.m_initialPolicySet = null;
        this.isLocalSaveCRL = true;
        this.userLdapDN = null;
        this.password = null;
        this.m_nExplicitPolicy = 0;
        this.m_nPolicyMapping = 0;
        this.m_nCAPathLen = 0;
        this.m_nValidateNo = 0;
        this.m_bAcceptablePolicySet_any = true;
        this.m_acceptablePolicySet = null;
        this.baseDir = null;
        this.Cert3280DN = "AccreditedCA";
        this.n = 0;
        this.presentTime = null;
        this.initialPolicyMappingInhibit = false;
        this.initialExplicitPolicy = true;
        this.initialAnyPolicyInhibit = false;
        this.permittedSubtreesDN = null;
        this.permittedSubtreesrfc822Name = null;
        this.permittedSubtreesdNSName = null;
        this.excludedSubtreesDN = null;
        this.excludedSubtreesrfc822Name = null;
        this.excludedSubtreesdNSName = null;
        this.convertUrl = null;
        this.baseDir = str;
    }

    public WizsignValidateCert(String str, Hashtable hashtable) {
        this.m_bPathValidationOp = true;
        this.m_nCrlCheckOption = 0;
        this.m_bInitialPolicySet_any = true;
        this.m_initialPolicySet = null;
        this.isLocalSaveCRL = true;
        this.userLdapDN = null;
        this.password = null;
        this.m_nExplicitPolicy = 0;
        this.m_nPolicyMapping = 0;
        this.m_nCAPathLen = 0;
        this.m_nValidateNo = 0;
        this.m_bAcceptablePolicySet_any = true;
        this.m_acceptablePolicySet = null;
        this.baseDir = null;
        this.Cert3280DN = "AccreditedCA";
        this.n = 0;
        this.presentTime = null;
        this.initialPolicyMappingInhibit = false;
        this.initialExplicitPolicy = true;
        this.initialAnyPolicyInhibit = false;
        this.permittedSubtreesDN = null;
        this.permittedSubtreesrfc822Name = null;
        this.permittedSubtreesdNSName = null;
        this.excludedSubtreesDN = null;
        this.excludedSubtreesrfc822Name = null;
        this.excludedSubtreesdNSName = null;
        this.convertUrl = null;
        this.baseDir = str;
        if (hashtable != null) {
            this.convertUrl = hashtable;
        }
    }

    public WizsignValidateCert(String str, boolean z, String str2) {
        this.m_bPathValidationOp = true;
        this.m_nCrlCheckOption = 0;
        this.m_bInitialPolicySet_any = true;
        this.m_initialPolicySet = null;
        this.isLocalSaveCRL = true;
        this.userLdapDN = null;
        this.password = null;
        this.m_nExplicitPolicy = 0;
        this.m_nPolicyMapping = 0;
        this.m_nCAPathLen = 0;
        this.m_nValidateNo = 0;
        this.m_bAcceptablePolicySet_any = true;
        this.m_acceptablePolicySet = null;
        this.baseDir = null;
        this.Cert3280DN = "AccreditedCA";
        this.n = 0;
        this.presentTime = null;
        this.initialPolicyMappingInhibit = false;
        this.initialExplicitPolicy = true;
        this.initialAnyPolicyInhibit = false;
        this.permittedSubtreesDN = null;
        this.permittedSubtreesrfc822Name = null;
        this.permittedSubtreesdNSName = null;
        this.excludedSubtreesDN = null;
        this.excludedSubtreesrfc822Name = null;
        this.excludedSubtreesdNSName = null;
        this.convertUrl = null;
        setInitialPolicy_wizsign(str, z);
        this.baseDir = str2;
    }

    public WizsignValidateCert(String str, boolean z, boolean z2, int i, String str2) {
        this.m_bPathValidationOp = true;
        this.m_nCrlCheckOption = 0;
        this.m_bInitialPolicySet_any = true;
        this.m_initialPolicySet = null;
        this.isLocalSaveCRL = true;
        this.userLdapDN = null;
        this.password = null;
        this.m_nExplicitPolicy = 0;
        this.m_nPolicyMapping = 0;
        this.m_nCAPathLen = 0;
        this.m_nValidateNo = 0;
        this.m_bAcceptablePolicySet_any = true;
        this.m_acceptablePolicySet = null;
        this.baseDir = null;
        this.Cert3280DN = "AccreditedCA";
        this.n = 0;
        this.presentTime = null;
        this.initialPolicyMappingInhibit = false;
        this.initialExplicitPolicy = true;
        this.initialAnyPolicyInhibit = false;
        this.permittedSubtreesDN = null;
        this.permittedSubtreesrfc822Name = null;
        this.permittedSubtreesdNSName = null;
        this.excludedSubtreesDN = null;
        this.excludedSubtreesrfc822Name = null;
        this.excludedSubtreesdNSName = null;
        this.convertUrl = null;
        this.m_bPathValidationOp = z2;
        this.m_nCrlCheckOption = i;
        setInitialPolicy_wizsign(str, z);
        this.baseDir = str2;
    }

    public WizsignValidateCert(Hashtable hashtable) {
        this.m_bPathValidationOp = true;
        this.m_nCrlCheckOption = 0;
        this.m_bInitialPolicySet_any = true;
        this.m_initialPolicySet = null;
        this.isLocalSaveCRL = true;
        this.userLdapDN = null;
        this.password = null;
        this.m_nExplicitPolicy = 0;
        this.m_nPolicyMapping = 0;
        this.m_nCAPathLen = 0;
        this.m_nValidateNo = 0;
        this.m_bAcceptablePolicySet_any = true;
        this.m_acceptablePolicySet = null;
        this.baseDir = null;
        this.Cert3280DN = "AccreditedCA";
        this.n = 0;
        this.presentTime = null;
        this.initialPolicyMappingInhibit = false;
        this.initialExplicitPolicy = true;
        this.initialAnyPolicyInhibit = false;
        this.permittedSubtreesDN = null;
        this.permittedSubtreesrfc822Name = null;
        this.permittedSubtreesdNSName = null;
        this.excludedSubtreesDN = null;
        this.excludedSubtreesrfc822Name = null;
        this.excludedSubtreesdNSName = null;
        this.convertUrl = null;
        if (hashtable != null) {
            this.convertUrl = hashtable;
        }
    }

    public WizsignValidateCert(boolean z, int i, String str) {
        this.m_bPathValidationOp = true;
        this.m_nCrlCheckOption = 0;
        this.m_bInitialPolicySet_any = true;
        this.m_initialPolicySet = null;
        this.isLocalSaveCRL = true;
        this.userLdapDN = null;
        this.password = null;
        this.m_nExplicitPolicy = 0;
        this.m_nPolicyMapping = 0;
        this.m_nCAPathLen = 0;
        this.m_nValidateNo = 0;
        this.m_bAcceptablePolicySet_any = true;
        this.m_acceptablePolicySet = null;
        this.baseDir = null;
        this.Cert3280DN = "AccreditedCA";
        this.n = 0;
        this.presentTime = null;
        this.initialPolicyMappingInhibit = false;
        this.initialExplicitPolicy = true;
        this.initialAnyPolicyInhibit = false;
        this.permittedSubtreesDN = null;
        this.permittedSubtreesrfc822Name = null;
        this.permittedSubtreesdNSName = null;
        this.excludedSubtreesDN = null;
        this.excludedSubtreesrfc822Name = null;
        this.excludedSubtreesdNSName = null;
        this.convertUrl = null;
        this.m_bPathValidationOp = z;
        this.m_nCrlCheckOption = i;
        this.baseDir = str;
    }

    private void PolicyCheck(X509CertificateObject x509CertificateObject, boolean z) {
        if (!z) {
            try {
                if (x509CertificateObject.getPolicy() == null) {
                    JCEUtil.setErrorcode("20007");
                    throw new WizsignValidateException("(KSign) verifyCertificate3280's : Subject 3280 Cert's policy is null");
                }
                if (!checkCertificatePolicies3280_wizsign(x509CertificateObject)) {
                    JCEUtil.setErrorcode("50013");
                    throw new WizsignValidateException("(KSign) verifyCertificate3280's : Subject 3280 Cert's Mismatched certificate policy.");
                }
            } catch (Exception e) {
                throw e;
            }
        }
        if (x509CertificateObject.getPolicyMappings() != null) {
            for (int i = 0; i < x509CertificateObject.getPolicyMappings().length; i++) {
                if (ANY_POLICY.equals(x509CertificateObject.getPolicyMappings()[i].toString())) {
                    JCEUtil.setErrorcode("300026");
                    throw new WizsignValidateException("(KSign) verifyCertificate3280's : 3280 Cert's IssuerDomainPolicy && SubjectDomainPolicy is anyPolicy");
                }
            }
        }
    }

    private void ValidateCRL(X509CertificateObject x509CertificateObject, X509CertificateObject x509CertificateObject2, boolean z, boolean z2) {
        X509CRL[] x509crlArr;
        LDAPConnection lDAPConnection = new LDAPConnection();
        X509CRL[] x509crlArr2 = new X509CRL[1];
        try {
            String[] divisionFromLDAPUrl_wizsign = WizsignLDAPUtil.divisionFromLDAPUrl_wizsign(x509CertificateObject.getDistributionPoint(), this.convertUrl);
            if (divisionFromLDAPUrl_wizsign == null && !z2) {
                JCEUtil.setErrorcode("50006");
                throw new Exception("(KSign) verifyCertificate3280's not found CRL DP's ldap-url from 3280 Cert.");
            }
            if (divisionFromLDAPUrl_wizsign != null) {
                String removeDNQuotation_wizsign = (divisionFromLDAPUrl_wizsign == null || !divisionFromLDAPUrl_wizsign[0].startsWith("http")) ? divisionFromLDAPUrl_wizsign[1].indexOf("\"") != -1 ? removeDNQuotation_wizsign(divisionFromLDAPUrl_wizsign[1]) : divisionFromLDAPUrl_wizsign[1].indexOf("\\") != -1 ? removeDNQuotation2_wizsign(divisionFromLDAPUrl_wizsign[1]) : divisionFromLDAPUrl_wizsign[1] : divisionFromLDAPUrl_wizsign[0];
                if (this.m_nCrlCheckOption == 0 || (!z && this.m_nCrlCheckOption == 1)) {
                    if (divisionFromLDAPUrl_wizsign[0].equals(removeDNQuotation_wizsign)) {
                        x509crlArr = new X509CRL[]{(X509CRL) CertificateFactory.getInstance("X509", "Ksign").generateCRL(new URL(divisionFromLDAPUrl_wizsign[0]).openStream())};
                    } else {
                        ldapCrlCheak(lDAPConnection, x509crlArr2, divisionFromLDAPUrl_wizsign, removeDNQuotation_wizsign, z);
                        x509crlArr = x509crlArr2;
                    }
                    for (int i = 0; i < x509crlArr.length && !((X509CRLObject) x509crlArr[i]).checkValidity(new Date()); i++) {
                    }
                    if (0 < x509crlArr.length) {
                        crlIndentifierValidate(x509CertificateObject, x509crlArr, 0);
                        if (x509CertificateObject.getCRLDPcRLIssuer() == null && !x509CertificateObject.getIssuerDN2().getName().equalsIgnoreCase(((X509CRLObject) x509crlArr[0]).getIssuerDN2().getName())) {
                            JCEUtil.setErrorcode("300021");
                            throw new WizsignValidateException("(KSign) verifyCertificate3280's 3280 Cert : subjectCert isser DN different CRL issuer DN");
                        }
                        crlIdpCheck(x509CertificateObject, x509crlArr, 0);
                        if (x509CertificateObject.getExtensionCritial(X509Extension.keyUsage) && !checkKeyUsage_wizsign(x509CertificateObject2, 6)) {
                            JCEUtil.setErrorcode("300024");
                            throw new WizsignValidateException("(KSign) verifyCertificate3280's 3280 Cert : cRLSign Key usage error.");
                        }
                        crlVerify(x509CertificateObject, x509CertificateObject2, x509crlArr, 0, z);
                        cRLIssuerValidate(x509CertificateObject, x509CertificateObject2, x509crlArr, 0, z);
                    }
                }
            }
        } catch (Exception e) {
            throw e;
        }
    }

    private void cRLIssuerValidate(X509CertificateObject x509CertificateObject, X509CertificateObject x509CertificateObject2, X509CRL[] x509crlArr, int i, boolean z) {
        X509CRLEntryObject x509CRLEntryObject;
        X509CRLEntryObject x509CRLEntryObject2;
        try {
            if (this.m_nCrlCheckOption == 1) {
                if (z) {
                    return;
                }
                if (((X509CRLObject) x509crlArr[i]).isRevoked(x509CertificateObject)) {
                    JCEUtil.setErrorcode("50010");
                    throw new WizsignValidateException("(KSign) verifyCertificate3280's 3280 Cert : This Certificate3280 is revoked");
                }
                if (x509CertificateObject.getCRLDPcRLIssuer() == null || (x509CRLEntryObject2 = (X509CRLEntryObject) ((X509CRLObject) x509crlArr[i]).getRevokedCertificate(x509CertificateObject.getSerialNumber())) == null || x509CertificateObject.getIssuerDN().getName().equalsIgnoreCase(x509CRLEntryObject2.getcertificateIssuer())) {
                    return;
                }
                JCEUtil.setErrorcode("300025");
                throw new WizsignValidateException("(KSign) verifyCertificate3280's 3280 Cert : Cert's Issuer DN value and CRL Entry Extensions's certificateIssuer something wrong");
            }
            if (this.m_nCrlCheckOption == 0) {
                if (((X509CRLObject) x509crlArr[i]).isRevoked(x509CertificateObject)) {
                    JCEUtil.setErrorcode("50010");
                    throw new WizsignValidateException("(KSign) verifyCertificate3280's 3280 Cert : This Certificate3280 is revoked");
                }
                if (x509CertificateObject.getCRLDPcRLIssuer() == null || (x509CRLEntryObject = (X509CRLEntryObject) ((X509CRLObject) x509crlArr[i]).getRevokedCertificate(x509CertificateObject.getSerialNumber())) == null || x509CertificateObject.getIssuerDN().getName().equalsIgnoreCase(x509CRLEntryObject.getcertificateIssuer())) {
                    return;
                }
                JCEUtil.setErrorcode("300025");
                throw new WizsignValidateException("(KSign) verifyCertificate3280's 3280 Cert : Cert's Issuer DN value and CRL Entry Extensions's certificateIssuer something wrong");
            }
        } catch (Exception e) {
            throw e;
        }
    }

    private boolean checkCertIssuedbyIssuer_wizsign(X509CertificateObject x509CertificateObject, X509CertificateObject x509CertificateObject2) {
        String[] authorityKeyId = x509CertificateObject.getAuthorityKeyId();
        String subjectKeyId = x509CertificateObject2.getSubjectKeyId();
        if (authorityKeyId[0] == null || subjectKeyId == null) {
            JCEUtil.setErrorcode("20007");
            throw new WizsignValidateException("(KSign) Cert AKI's input value is null");
        }
        if (authorityKeyId[0].equalsIgnoreCase(subjectKeyId)) {
            return true;
        }
        JCEUtil.setErrorcode("300018");
        throw new WizsignValidateException("(KSign) Cert AKI's KeyIdentifier value wrong");
    }

    private boolean checkCertificatePolicies3280_wizsign(X509CertificateObject x509CertificateObject) {
        if (x509CertificateObject == null) {
            return false;
        }
        String[] policy = x509CertificateObject.getPolicy();
        for (String str : policy) {
            KCaseLogging.println("?�싫?�옙 ?�쏙?�占?�옙 policy : " + str);
        }
        return assureCertPoliciesInPolicySet_wizsign(policy, false, this.m_initialPolicySet, this.m_bInitialPolicySet_any) && intersectionAPSwithCP_wizsign(this.m_acceptablePolicySet, this.m_bAcceptablePolicySet_any, policy, false);
    }

    private void checkExcludedDN_wizsign(Vector vector, String str) {
        if (!vector.isEmpty() && withinDNSubtree_wizsign(str, vector)) {
            JCEUtil.setErrorcode("50021");
            throw new WizsignValidateException("(KSign) 3280 Cert's Subject directory name is not from an excluded subtree");
        }
    }

    private void checkExcludeddNSName_wizsign(Vector vector, String str) {
        if (vector.isEmpty()) {
            return;
        }
        String substring = (str.startsWith("WWW") || str.startsWith("www")) ? str.toLowerCase().substring(3) : str.toLowerCase();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            if (((String) it.next()).toLowerCase().endsWith(substring)) {
                JCEUtil.setErrorcode("50021");
                throw new WizsignValidateException("(KSign) 3280 Cert's Subject dNSname is from an excluded subtree");
            }
        }
    }

    private void checkExcludedrfc822Name_wizsign(Vector vector, String str) {
        if (vector.isEmpty()) {
            return;
        }
        String substring = str.toLowerCase().substring(str.indexOf(64) + 1);
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            if (((String) it.next()).toLowerCase().endsWith(substring)) {
                JCEUtil.setErrorcode("50021");
                throw new WizsignValidateException("(KSign) 3280 Cert's Subject rfc822Name address is from an excluded subtree");
            }
        }
    }

    private void checkPermittedDN_wizsign(Vector vector, String str) {
        if (vector.isEmpty() || withinDNSubtree_wizsign(str, vector)) {
            return;
        }
        JCEUtil.setErrorcode("50020");
        throw new WizsignValidateException("(KSign) 3280 Cert's Subject directory name is not from a permitted subtree");
    }

    private void checkPermitteddNSName_wizsign(Vector vector, String str) {
        if (vector.isEmpty()) {
            return;
        }
        String substring = (str.startsWith("WWW") || str.startsWith("www")) ? str.toLowerCase().substring(3) : str.toLowerCase();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            if (((String) it.next()).toLowerCase().endsWith(substring)) {
                return;
            }
        }
        JCEUtil.setErrorcode("50020");
        throw new WizsignValidateException("(KSign) 3280 Cert's Subject dNSname is not from a permitted subtree");
    }

    private void checkPermittedrfc822Name_wizsign(Vector vector, String str) {
        if (vector.isEmpty()) {
            return;
        }
        String substring = str.toLowerCase().substring(str.indexOf(64) + 1);
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            if (((String) it.next()).toLowerCase().endsWith(substring)) {
                return;
            }
        }
        JCEUtil.setErrorcode("50020");
        throw new WizsignValidateException("(KSign) 3280 Cert's Subject rfc822Name address is not from a permitted subtree");
    }

    private boolean checkValidateIssuerCrl_wizsign(String[] strArr, String[] strArr2) {
        return (strArr2 == null || strArr[0] == null || strArr[1] == null || strArr[2] == null || strArr2[0] == null || strArr2[1] == null || strArr2[2] == null || !strArr[0].equalsIgnoreCase(strArr2[0]) || !strArr[1].equalsIgnoreCase(strArr2[1]) || !strArr[2].equalsIgnoreCase(strArr2[2])) ? false : true;
    }

    private Vector constructCertificatChain_3280_wizsign(X509CertificateObject x509CertificateObject, boolean z) {
        KCaseLogging.println("<<KSign>> 3280 Cert");
        Vector vector = (Vector) setCertListFromLdap3280_wizsign(x509CertificateObject, false);
        if (vector == null) {
            JCEUtil.setErrorcode("50047");
            throw new WizsignValidateException("(KSign) setCertListFromLdap3's certificate path build error");
        }
        this.m_nValidateNo = vector.size();
        this.m_nCAPathLen = 1000;
        this.m_nExplicitPolicy = this.m_nValidateNo + 1;
        this.m_nPolicyMapping = this.m_nValidateNo + 1;
        this.m_bAcceptablePolicySet_any = false;
        return vector;
    }

    private void crlIdpCheck(X509CertificateObject x509CertificateObject, X509CRL[] x509crlArr, int i) {
        try {
            if (((X509CRLObject) x509crlArr[i]).getIssuingDistributionPointName() != null) {
                if (!x509CertificateObject.isCRLDPDistributionPointName()) {
                    String[] divisionFromLDAPUrl_wizsign = WizsignLDAPUtil.divisionFromLDAPUrl_wizsign(((X509CRLObject) x509crlArr[i]).getIssuingDistributionPointName());
                    if (divisionFromLDAPUrl_wizsign[1].equalsIgnoreCase(x509CertificateObject.getCRLDPcRLIssuer())) {
                        return;
                    }
                    JCEUtil.setErrorcode("300022");
                    throw new WizsignValidateException("(KSign) verifyCertificate3280's 3280 Cert : CRLIDP DistributionPointName 2 different IDP DistributionPointName");
                }
                String[] divisionFromLDAPUrl_wizsign2 = WizsignLDAPUtil.divisionFromLDAPUrl_wizsign(((X509CRLObject) x509crlArr[i]).getIssuingDistributionPointName());
                String[] divisionFromLDAPUrl_wizsign3 = WizsignLDAPUtil.divisionFromLDAPUrl_wizsign(x509CertificateObject.getDistributionPoint());
                if (divisionFromLDAPUrl_wizsign2[0].equalsIgnoreCase(divisionFromLDAPUrl_wizsign3[0]) && divisionFromLDAPUrl_wizsign2[1].equalsIgnoreCase(divisionFromLDAPUrl_wizsign3[1])) {
                    return;
                }
                JCEUtil.setErrorcode("300022");
                throw new WizsignValidateException("(KSign) verifyCertificate3280's 3280 Cert : CRLIDP DistributionPointName 1 different IDP DistributionPointName");
            }
        } catch (Exception e) {
            throw e;
        }
    }

    private void crlIndentifierValidate(X509CertificateObject x509CertificateObject, X509CRL[] x509crlArr, int i) {
        try {
            if (((X509CRLObject) x509crlArr[i]).isIndirectCRL() ? x509CertificateObject.getCRLDPcRLIssuer().equalsIgnoreCase(((X509CRLObject) x509crlArr[i]).getIssuerDN2().getName()) : checkValidateIssuerCrl_wizsign(x509CertificateObject.getAuthorityKeyId(), ((X509CRLObject) x509crlArr[i]).getAuthorityKeyIdentifier())) {
                return;
            }
            JCEUtil.setErrorcode("300017");
            throw new WizsignValidateException("(KSign) verifyCertificate3280's 3280 Cert : CRL issuer something wrong");
        } catch (Exception e) {
            throw e;
        }
    }

    private void crlVerify(X509CertificateObject x509CertificateObject, X509CertificateObject x509CertificateObject2, X509CRL[] x509crlArr, int i, boolean z) {
        try {
            if (this.m_nCrlCheckOption == 1) {
                if (z) {
                    return;
                }
                ((X509CRLObject) x509crlArr[i]).verify(x509CertificateObject2.getPublicKey(), "Ksign");
            } else if (this.m_nCrlCheckOption == 0) {
                try {
                    ((X509CRLObject) x509crlArr[i]).verify(x509CertificateObject2.getPublicKey(), "Ksign");
                } catch (InvalidKeyException e) {
                } catch (NoSuchAlgorithmException e2) {
                } catch (NoSuchProviderException e3) {
                } catch (SignatureException e4) {
                } catch (CRLException e5) {
                } catch (Exception e6) {
                }
            }
        } catch (Exception e7) {
            throw e7;
        }
    }

    private Vector intersectDN_wizsign(Vector vector, String str) {
        if (vector.isEmpty()) {
            return vector;
        }
        Vector vector2 = new Vector();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            String str2 = (String) it.next();
            if (str2.toLowerCase().endsWith(str.toLowerCase())) {
                vector2.add(str2.toLowerCase());
            }
        }
        return vector2;
    }

    private Vector intersectdNSName_wizsign(Vector vector, String str) {
        String substring = (str.startsWith("WWW") || str.startsWith("www")) ? str.toLowerCase().substring(3) : str.toLowerCase();
        if (vector.isEmpty()) {
            return vector;
        }
        Vector vector2 = new Vector();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            String str2 = (String) it.next();
            if (str2.toLowerCase().endsWith(substring)) {
                vector2.add(str2.toLowerCase());
            }
        }
        return vector2;
    }

    private Vector intersectrfc822Name_wizsign(Vector vector, String str) {
        String substring = str.toLowerCase().substring(str.indexOf(64) + 1);
        if (vector.isEmpty()) {
            return vector;
        }
        Vector vector2 = new Vector();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            String str2 = (String) it.next();
            if (str2.toLowerCase().endsWith(substring)) {
                vector2.add(str2.toLowerCase());
            }
        }
        return vector2;
    }

    private boolean isCertIssuedbyIssuerCert_wizsign(X509CertificateObject x509CertificateObject, X509CertificateObject x509CertificateObject2) {
        boolean z = x509CertificateObject.getIssuerDN().getName().equals(x509CertificateObject2.getSubjectDN().getName());
        if (!Arrays.areEqual(x509CertificateObject.getAuthorityKeyIdentifier(), x509CertificateObject2.getSubjectKeyIdentifier())) {
            KCaseLogging.println(">>DEBUG<< ValidateCert.isCertIssuedbyIssuer() : Issuer's SubjectKeyIdentifier is different from user's AuthorityKeyIdentifier \nuser(" + x509CertificateObject.getSubjectDN().getName() + ") : AKI :" + HexPrint.byteArrayToHexString(x509CertificateObject.getAuthorityKeyIdentifier()) + "\nissuer(" + x509CertificateObject2.getSubjectDN().getName() + ") : SKI :" + HexPrint.byteArrayToHexString(x509CertificateObject2.getSubjectKeyIdentifier()));
        }
        return z;
    }

    private void jbInit_wizsign() {
    }

    private void keyUsageCheck(X509CertificateObject x509CertificateObject, int i, boolean z, boolean z2) {
        try {
            if (z) {
                if (!z2 && !x509CertificateObject.getExtensionCritial(X509Extension.keyUsage)) {
                    JCEUtil.setErrorcode("20007");
                    throw new WizsignValidateException("(KSign) verifyCertificate3280's 3280 CA Cert's key usage is null");
                }
                if (!x509CertificateObject.getExtensionCritial(X509Extension.keyUsage) || checkKeyUsage_wizsign(x509CertificateObject, 5)) {
                    return;
                }
                JCEUtil.setErrorcode("300023");
                throw new WizsignValidateException("(KSign) verifyCertificate3280's 3280 Cert CA's  Key usage's is not keyCertSign value");
            }
            if (i != 4) {
                if (x509CertificateObject.getKeyUsage() == null) {
                    JCEUtil.setErrorcode("20007");
                    throw new WizsignValidateException("(KSign) verifyCertificate3280's 3280 Cert's Key usage field is null.");
                }
                if (checkCertUsage_wizsign(x509CertificateObject, i)) {
                    return;
                }
                JCEUtil.setErrorcode("50023");
                throw new WizsignValidateException("(KSign) verifyCertificate3280's 3280 Cert's Key usage error.");
            }
        } catch (Exception e) {
            throw e;
        }
    }

    private void ldapCrlCheak(LDAPConnection lDAPConnection, X509CRL[] x509crlArr, String[] strArr, String str, boolean z) {
        try {
            boolean isLocalCRL_wizsign = this.isLocalSaveCRL ? isLocalCRL_wizsign(this.baseDir, str) : false;
            WizsignLDAPUtil.createLDAP_wizsign(lDAPConnection, strArr[0], this.userLdapDN, this.password);
            if ((lDAPConnection == null && !isLocalCRL_wizsign) || (lDAPConnection == null && this.baseDir == null)) {
                JCEUtil.setErrorcode("50031");
                throw new WizsignValidateException("(KSign) verifyCertificate3280's No directory server information.");
            }
            if (this.baseDir == null) {
                WizsignLDAPUtil.findCRLFromLDAP_wizsign(lDAPConnection, strArr[1], z, x509crlArr);
                return;
            }
            X509CRL x509crl = this.isLocalSaveCRL ? (X509CRL) getLocalCRL_wizsign(this.baseDir, str) : null;
            if (x509crl != null) {
                new X509CRL[1][0] = x509crl;
                return;
            }
            if (lDAPConnection == null) {
                WizsignLDAPUtil.createLDAP_wizsign(lDAPConnection, strArr[0], this.userLdapDN, this.password);
            }
            WizsignLDAPUtil.findCRLFromLDAP_wizsign(lDAPConnection, strArr[1], z, x509crlArr);
            if (0 < x509crlArr.length && ((X509CRLObject) x509crlArr[0]).checkValidity(this.presentTime) && this.isLocalSaveCRL && !setLocalCRL_wizsign(this.baseDir + "/" + str, x509crlArr[0])) {
                throw new WizsignValidateException("(KSign) verifyCertificate3280's CRL not store");
            }
        } catch (Exception e) {
            throw e;
        }
    }

    private void permittedAndExcludedCheck(X509CertificateObject x509CertificateObject, boolean z) {
        if (z) {
            return;
        }
        try {
            checkPermittedDN_wizsign(this.permittedSubtreesDN, x509CertificateObject.getSubjectDN().getName());
            checkExcludedDN_wizsign(this.excludedSubtreesDN, x509CertificateObject.getSubjectDN().getName());
            if (x509CertificateObject.getSANSubjectAltName() != null) {
                if (x509CertificateObject.getSubjectAlternativeNamerfc822Name() != null) {
                    checkPermittedrfc822Name_wizsign(this.permittedSubtreesrfc822Name, x509CertificateObject.getSubjectAlternativeNamerfc822Name());
                    checkExcludedrfc822Name_wizsign(this.excludedSubtreesrfc822Name, x509CertificateObject.getSubjectAlternativeNamerfc822Name());
                } else if (x509CertificateObject.getSubjectAlternativeNamedNSName() != null) {
                    checkPermitteddNSName_wizsign(this.permittedSubtreesDN, x509CertificateObject.getSubjectAlternativeNamedNSName());
                    checkExcludeddNSName_wizsign(this.excludedSubtreesDN, x509CertificateObject.getSubjectAlternativeNamedNSName());
                } else if (x509CertificateObject.getSubjectAlternativeNameDN() != null) {
                    checkPermittedDN_wizsign(this.permittedSubtreesDN, x509CertificateObject.getSubjectAlternativeNameDN());
                    checkExcludedDN_wizsign(this.excludedSubtreesDN, x509CertificateObject.getSubjectAlternativeNameDN());
                }
            }
        } catch (Exception e) {
            throw e;
        }
    }

    private void permittedAndExcludedReset(X509CertificateObject x509CertificateObject) {
        try {
            if (x509CertificateObject.getNameConstraintPermittedSubtrees() != null) {
                switch (x509CertificateObject.getSubjectAlternativeNameflag()) {
                    case 2:
                        this.permittedSubtreesrfc822Name = intersectrfc822Name_wizsign(this.permittedSubtreesrfc822Name, x509CertificateObject.getNameConstraintPermittedSubtrees());
                        break;
                    case 3:
                        this.permittedSubtreesdNSName = intersectdNSName_wizsign(this.permittedSubtreesdNSName, x509CertificateObject.getNameConstraintPermittedSubtrees());
                        break;
                    case 5:
                        this.permittedSubtreesDN = intersectDN_wizsign(this.permittedSubtreesDN, x509CertificateObject.getNameConstraintPermittedSubtrees());
                        break;
                }
            }
            if (x509CertificateObject.getNameConstraintsExcludedSubtrees() != null) {
                switch (x509CertificateObject.getSubjectAlternativeNameflag()) {
                    case 0:
                    case 1:
                    case 4:
                    default:
                        return;
                    case 2:
                        this.excludedSubtreesrfc822Name = unionrfc822Name_wizsign(this.permittedSubtreesrfc822Name, x509CertificateObject.getNameConstraintPermittedSubtrees());
                        return;
                    case 3:
                        this.excludedSubtreesdNSName = uniondNSName_wizsign(this.permittedSubtreesdNSName, x509CertificateObject.getNameConstraintPermittedSubtrees());
                        return;
                    case 5:
                        this.excludedSubtreesDN = unionDN_wizsign(this.permittedSubtreesDN, x509CertificateObject.getNameConstraintPermittedSubtrees());
                        return;
                }
            }
        } catch (Exception e) {
            throw e;
        }
    }

    private void policyDataReset(X509CertificateObject x509CertificateObject, boolean z) {
        if (z) {
            return;
        }
        try {
            if (this.explicitPolicy != 0) {
                this.explicitPolicy--;
            }
            if (this.policyMapping != 0) {
                this.policyMapping--;
            }
            if (this.inhibitAnyPolicy != 0) {
                this.inhibitAnyPolicy--;
            }
            if (!x509CertificateObject.isPolicyConstraintsRep() || x509CertificateObject.getPolicyConstraintsRep() >= this.explicitPolicy) {
                return;
            }
            this.explicitPolicy = x509CertificateObject.getPolicyConstraintsRep();
        } catch (Exception e) {
            throw e;
        }
    }

    private String removeDNQuotation2_wizsign(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(str);
        int indexOf = str.indexOf("\\");
        do {
            if (str.indexOf("\\") != -1) {
                stringBuffer.deleteCharAt(indexOf);
                str = str.substring(str.indexOf("\\") + 1, str.length());
            }
            indexOf += str.indexOf("\\");
        } while (str.indexOf("\\") != -1);
        return stringBuffer.toString();
    }

    private String removeDNQuotation_wizsign(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(str);
        int indexOf = str.indexOf("\"");
        do {
            if (str.indexOf("\"") != -1) {
                stringBuffer.deleteCharAt(indexOf);
                str = str.substring(str.indexOf("\"") + 1, str.length());
            }
            indexOf += str.indexOf("\"");
        } while (str.indexOf("\"") != -1);
        return stringBuffer.toString();
    }

    private Object setCertListFromLdap3280_wizsign(X509CertificateObject x509CertificateObject, boolean z) {
        Vector vector = new Vector();
        KCaseLogging.println("<<KSign>> setCertListFromLdap3280 Start");
        try {
            if (x509CertificateObject == null) {
                JCEUtil.setErrorcode("20007");
                throw new WizsignValidateException("(KSign) setCertListFromLdap3280's input cert value is null");
            }
            String name = x509CertificateObject.getIssuerDN().getName();
            String name2 = x509CertificateObject.getSubjectDN().getName();
            int i = 0;
            X509Certificate x509Certificate = x509CertificateObject;
            while (!name.equals(name2) && (!z || i != 1)) {
                X509Certificate obtainHigherCert_wizsign = obtainHigherCert_wizsign(x509Certificate);
                if (!checkCertIssuedbyIssuer_wizsign((X509CertificateObject) x509Certificate, (X509CertificateObject) obtainHigherCert_wizsign)) {
                    throw new WizsignValidateException("(KSign) setCertListFromLdap3280's Certificate and CA Certificate is different!!");
                }
                KCaseLogging.println("<<KSign>> ?�시바몌???�쏙?�占?�옙?�쏙?�占??�쌩깍옙?�쏙???�쏙?�占?�옙?�쏙??OK");
                vector.addElement(obtainHigherCert_wizsign);
                String name3 = obtainHigherCert_wizsign.getIssuerDN().getName();
                name2 = obtainHigherCert_wizsign.getSubjectDN().getName();
                KCaseLogging.println("issuercert : issuerDN : " + name3 + ",\n subjectDN : " + name2);
                i++;
                x509Certificate = obtainHigherCert_wizsign;
                name = name3;
            }
            return vector;
        } catch (Exception e) {
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("50047");
            }
            throw new WizsignValidateException("(KSign) ValidateCert : setCertListFromLdap3280's process Error    " + e.toString());
        }
    }

    private boolean setInit3280_wizsign() {
        this.n = this.m_nValidateNo + 1;
        this.presentTime = new Date();
        this.permittedSubtreesDN = new Vector();
        this.permittedSubtreesrfc822Name = new Vector();
        this.permittedSubtreesdNSName = new Vector();
        this.excludedSubtreesDN = new Vector();
        this.excludedSubtreesrfc822Name = new Vector();
        this.excludedSubtreesdNSName = new Vector();
        if (this.initialExplicitPolicy) {
            this.explicitPolicy = 0;
        } else {
            this.explicitPolicy = this.n + 1;
        }
        if (this.initialAnyPolicyInhibit) {
            this.inhibitAnyPolicy = 0;
        } else {
            this.inhibitAnyPolicy = this.n + 1;
        }
        if (this.initialPolicyMappingInhibit) {
            this.policyMapping = 0;
        } else {
            this.policyMapping = this.n + 1;
        }
        this.maxPathLenght = this.n;
        return true;
    }

    private Vector unionDN_wizsign(Vector vector, String str) {
        if (vector.isEmpty()) {
            vector.add(str.toLowerCase());
            return vector;
        }
        Vector vector2 = new Vector();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            vector2.add(((String) it.next()).toLowerCase());
        }
        vector2.add(str.toLowerCase());
        return vector2;
    }

    private Vector uniondNSName_wizsign(Vector vector, String str) {
        String substring = (str.startsWith("WWW") || str.startsWith("www")) ? str.toLowerCase().substring(3) : str.toLowerCase();
        if (vector.isEmpty()) {
            vector.add(substring);
            return vector;
        }
        Vector vector2 = new Vector();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            vector2.add(((String) it.next()).toLowerCase());
        }
        vector2.add(substring);
        return vector2;
    }

    private Vector unionrfc822Name_wizsign(Vector vector, String str) {
        String substring = str.toLowerCase().substring(str.indexOf(64) + 1);
        if (vector.isEmpty()) {
            vector.add(substring);
            return vector;
        }
        Vector vector2 = new Vector();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            vector2.add(((String) it.next()).toLowerCase());
        }
        vector2.add(substring);
        return vector2;
    }

    private boolean validateCertificateChain_3280_wizsign(X509CertificateObject x509CertificateObject, Vector vector, boolean z, int i, boolean z2) {
        if (!setInit3280_wizsign()) {
            JCEUtil.setErrorcode("300027");
            throw new WizsignValidateException("(KSign) validateCertificateFromLDAP's 3280 Cert's initial value setting Error !!!!!");
        }
        if (z) {
            if (!verifyCertificate3280_wizsign((X509CertificateObject) vector.lastElement(), (X509CertificateObject) vector.lastElement(), i, 1)) {
                throw new WizsignValidateException("(KSign) validateCertificateFromLDAP's 3280 Root CA certificate path verify error");
            }
            for (int size = vector.size() - 1; size > 0; size--) {
                X509CertificateObject x509CertificateObject2 = (X509CertificateObject) vector.get(size - 1);
                X509CertificateObject x509CertificateObject3 = (X509CertificateObject) vector.get(size);
                KCaseLogging.println("issuerCertList [" + size + "] : " + x509CertificateObject2.getSubjectDN() + "," + x509CertificateObject3.getSubjectDN());
                if (!verifyCertificate3280_wizsign(x509CertificateObject2, x509CertificateObject3, i, (vector.size() - size) + 1)) {
                    throw new WizsignValidateException("(KSign) validateCertificateFromLDAP's 3280 CA certificate path verify error");
                }
            }
        }
        if (!z2 || verifyCertificate3280_wizsign(x509CertificateObject, (X509CertificateObject) vector.firstElement(), i, vector.size() + 1)) {
            return true;
        }
        throw new WizsignValidateException("(KSign) validateCertificateFromLDAP's 3280 User certificate path verify error");
    }

    private boolean verifyCertificate3280_wizsign(X509CertificateObject x509CertificateObject, X509CertificateObject x509CertificateObject2, int i, int i2) {
        boolean z;
        boolean z2 = false;
        try {
            String name = x509CertificateObject.getIssuerDN().getName();
            String name2 = x509CertificateObject.getSubjectDN().getName();
            KCaseLogging.println("verifyCertificate3280() : subjectDN :" + name2);
            if (!name.equals(name2)) {
                z = false;
            } else {
                if (!x509CertificateObject.isBasicConstraintscA()) {
                    JCEUtil.setErrorcode("50016");
                    throw new WizsignValidateException("(KSign) 3280's Root CA Cert format Wrong");
                }
                z = true;
                z2 = true;
            }
            if (x509CertificateObject.isBasicConstraintsPathLenghtConstraint()) {
                if (!x509CertificateObject.isBasicConstraintscA()) {
                    JCEUtil.setErrorcode("50016");
                    throw new WizsignValidateException("(KSign) 3280's CA Cert format Wrong");
                }
                z2 = true;
            }
            ValidateCRL(x509CertificateObject, x509CertificateObject2, z2, z);
            if (this.m_bPathValidationOp) {
                x509CertificateObject.verify(x509CertificateObject2.getPublicKey(), "Ksign");
            }
            x509CertificateObject.checkValidity();
            if (this.m_bPathValidationOp && !z && !isCertIssuedbyIssuerCert_wizsign(x509CertificateObject, x509CertificateObject2)) {
                JCEUtil.setErrorcode("50011");
                throw new WizsignValidateException("(KSign) verifyCertificate3280's : Subject 3280 Cert is not Issuer 3280 Cert Error!!! ");
            }
            permittedAndExcludedCheck(x509CertificateObject, z);
            PolicyCheck(x509CertificateObject, z2);
            permittedAndExcludedReset(x509CertificateObject);
            policyDataReset(x509CertificateObject, z);
            if (!z) {
                if (this.maxPathLenght > 0) {
                    this.maxPathLenght--;
                }
                if (x509CertificateObject.isBasicConstraintsPathLenghtConstraint() && x509CertificateObject.getBasicConstraintsPathLenghtConstraint() < this.maxPathLenght) {
                    this.maxPathLenght = x509CertificateObject.getBasicConstraintsPathLenghtConstraint();
                }
            }
            keyUsageCheck(x509CertificateObject, i, z2, z);
            if (!z && this.explicitPolicy != 0) {
                this.explicitPolicy--;
            }
            if (x509CertificateObject.isPolicyConstraintsRep() && x509CertificateObject.getPolicyConstraintsRep() < this.explicitPolicy) {
                this.explicitPolicy = x509CertificateObject.getPolicyConstraintsRep();
            }
            return true;
        } catch (Exception e) {
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("300032");
            }
            throw new WizsignValidateException("(KSign) ValidateCert : verifyCertificate3280's process Error    " + e.toString());
        }
    }

    private boolean withinDNSubtree_wizsign(String str, Vector vector) {
        boolean z = vector.isEmpty();
        for (int size = vector.size() - 1; size >= 0; size--) {
            if (vector.elementAt(size).equals(str)) {
                z = true;
            }
        }
        return z;
    }

    protected boolean adjustNamingConstraint_wizsign(X509CertificateObject x509CertificateObject) {
        return true;
    }

    protected boolean assureCertPoliciesInInitialPolicySet_wizsign(X509CertificateObject x509CertificateObject) {
        String[] policy = x509CertificateObject.getPolicy();
        if (policy == null) {
            return false;
        }
        return assureCertPoliciesInPolicySet_wizsign(policy, false, this.m_initialPolicySet, this.m_bInitialPolicySet_any);
    }

    protected boolean assureCertPoliciesInPolicySet_wizsign(String[] strArr, boolean z, Vector vector, boolean z2) {
        if (z || z2) {
            return true;
        }
        if (strArr == null || vector == null) {
            return false;
        }
        for (int i = 0; i < strArr.length; i++) {
            for (int i2 = 0; i2 < vector.size(); i2++) {
                KCaseLogging.println("cert : " + strArr[i]);
                KCaseLogging.println("init : " + ((String) vector.get(i2)));
                if (strArr[i].equals((String) vector.get(i2))) {
                    return true;
                }
            }
        }
        return false;
    }

    protected boolean checkCertUsage_wizsign(X509CertificateObject x509CertificateObject, int i) {
        if (i == 1) {
            if (checkKeyUsage_wizsign(x509CertificateObject, 2)) {
                return true;
            }
        } else if (i == 2) {
            if (checkKeyUsage_wizsign(x509CertificateObject, 0)) {
                return true;
            }
        } else if (i == 3) {
        }
        return false;
    }

    protected boolean checkKeyUsage_wizsign(X509CertificateObject x509CertificateObject, int i) {
        boolean[] keyUsage = x509CertificateObject.getKeyUsage();
        return keyUsage == null ? x509CertificateObject.getSubjectDN().getName().equalsIgnoreCase(x509CertificateObject.getIssuerDN().getName()) : keyUsage[i];
    }

    protected boolean compatibleAPSwithIPS_wizsign(Vector vector, boolean z, Vector vector2, boolean z2) {
        if (z || z2) {
            return true;
        }
        if (vector == null || vector2 == null) {
            return false;
        }
        for (int i = 0; i < vector.size(); i++) {
            String str = (String) vector.get(i);
            for (int i2 = 0; i2 < vector2.size(); i2++) {
                if (str.equals((String) vector2.get(i2))) {
                    return true;
                }
            }
        }
        return false;
    }

    protected boolean extUsages_wizsign(boolean[] zArr, int[] iArr) {
        for (int i : iArr) {
            if (!zArr[i]) {
                return false;
            }
        }
        return true;
    }

    public CRL getLocalCRL_wizsign(String str, String str2) {
        try {
            if (!new File(str, str2).isDirectory()) {
                return null;
            }
            File file = new File(str + "/" + str2, "cert.crl");
            if (!file.isFile()) {
                return null;
            }
            FileInputStream fileInputStream = new FileInputStream(file);
            byte[] bArr = new byte[fileInputStream.available()];
            fileInputStream.read(bArr, 0, bArr.length);
            fileInputStream.close();
            X509CRLObject x509CRLObject = (X509CRLObject) CertificateFactory.getInstance("X509", "Ksign").generateCRL(new ByteArrayInputStream(bArr));
            if (x509CRLObject.checkValidity(new Date())) {
                return x509CRLObject;
            }
            return null;
        } catch (Exception e) {
            return null;
        }
    }

    public CRL getLocalCRL_wizsign(String str, String str2, boolean z) {
        try {
            if (!new File(str, str2).isDirectory()) {
                return null;
            }
            File file = new File(str + "/" + str2, z ? "cert.arl" : "cert.crl");
            if (!file.isFile()) {
                return null;
            }
            FileInputStream fileInputStream = new FileInputStream(file);
            byte[] bArr = new byte[fileInputStream.available()];
            fileInputStream.read(bArr, 0, bArr.length);
            fileInputStream.close();
            X509CRLObject x509CRLObject = (X509CRLObject) CertificateFactory.getInstance("X509", "Ksign").generateCRL(new ByteArrayInputStream(bArr));
            if (x509CRLObject.checkValidity(new Date())) {
                return x509CRLObject;
            }
            return null;
        } catch (Exception e) {
            return null;
        }
    }

    public Certificate getLocalCert_wizsign(String str, String str2) {
        if (str == null) {
            return null;
        }
        try {
            if (!new File(str, str2).isDirectory()) {
                return null;
            }
            File file = new File(str + "/" + str2, "cert.der");
            if (!file.isFile()) {
                return null;
            }
            FileInputStream fileInputStream = new FileInputStream(file);
            byte[] bArr = new byte[fileInputStream.available()];
            fileInputStream.read(bArr, 0, bArr.length);
            fileInputStream.close();
            X509CertificateObject x509CertificateObject = (X509CertificateObject) CertificateFactory.getInstance("X509", "Ksign").generateCertificate(new ByteArrayInputStream(bArr));
            x509CertificateObject.checkValidity(new Date());
            return x509CertificateObject;
        } catch (Exception e) {
            return null;
        }
    }

    protected boolean intersectionAPSwithCP_wizsign(Vector vector, boolean z, String[] strArr, boolean z2) {
        Vector vector2 = new Vector();
        if (vector != null && strArr != null) {
            if (z) {
                vector.removeAllElements();
                for (String str : strArr) {
                    vector.addElement(str);
                }
            } else {
                for (int i = 0; i < vector.size(); i++) {
                    String str2 = (String) vector.get(i);
                    for (int i2 = 0; i2 < strArr.length; i2++) {
                        if (str2.equals(strArr[i2])) {
                            vector2.addElement(strArr[i2]);
                        }
                    }
                }
                vector.removeAllElements();
                vector.addAll(vector2);
            }
        }
        return true;
    }

    protected boolean isIssueCert_wizsign(X509CertificateObject x509CertificateObject, X509CertificateObject x509CertificateObject2) {
        return x509CertificateObject.getIssuerDN().getName().equals(x509CertificateObject2.getSubjectDN().getName());
    }

    public boolean isLocalCRL_wizsign(String str, String str2) {
        try {
            if (!new File(str, str2).isDirectory()) {
                return false;
            }
            if (str != null) {
            }
            return new File(new StringBuilder().append(str).append("/").append(str2).toString(), "cert.crl").isFile();
        } catch (Exception e) {
            return false;
        }
    }

    public boolean isLocalCRL_wizsign(String str, String str2, boolean z) {
        try {
            if (!new File(str, str2).isDirectory()) {
                return false;
            }
            if (str != null) {
            }
            return new File(new StringBuilder().append(str).append("/").append(str2).toString(), z ? "cert.arl" : "cert.crl").isFile();
        } catch (Exception e) {
            return false;
        }
    }

    public boolean isLocalCert_wizsign(String str, String str2) {
        if (str == null) {
            return false;
        }
        if (str != null) {
        }
        try {
            if (new File(str, str2).isDirectory()) {
                return new File(new StringBuilder().append(str).append("/").append(str2).toString(), "cert.der").isFile();
            }
            return false;
        } catch (Exception e) {
            return false;
        }
    }

    public void isLocalSaveCRL_wizsign(boolean z) {
        this.isLocalSaveCRL = z;
    }

    protected X509Certificate obtainHigherCert_wizsign(X509Certificate x509Certificate) {
        String[] divisionFromLDAPUrl_wizsign;
        X509Certificate x509Certificate2;
        KCaseLogging.println("obtainHigherCert : assigndCert : " + x509Certificate.getIssuerDN().getName());
        if (((X509CertificateObject) x509Certificate).isAuthorityInfoAccess()) {
            divisionFromLDAPUrl_wizsign = WizsignLDAPUtil.divisionFromLDAPUrl_wizsign(((X509CertificateObject) x509Certificate).getAuthorityInfoAccess());
        } else {
            ((X509CertificateObject) x509Certificate).getDistributionPoint();
            divisionFromLDAPUrl_wizsign = WizsignLDAPUtil.divisionFromLDAPUrl_wizsign(((X509CertificateObject) x509Certificate).getDistributionPoint());
        }
        String name = x509Certificate.getIssuerDN().getName();
        String name2 = x509Certificate.getSubjectDN().getName();
        if (divisionFromLDAPUrl_wizsign == null && !name.equalsIgnoreCase(name2)) {
            JCEUtil.setErrorcode("50006");
            throw new Exception("(KSign) setCertListFromLdap3280' ldapurl generate error");
        }
        KCaseLogging.println("<<KSign>> Connect url: " + divisionFromLDAPUrl_wizsign[0]);
        if (!divisionFromLDAPUrl_wizsign[0].startsWith("http")) {
            return (!isLocalCert_wizsign(this.baseDir, name) || (x509Certificate2 = (X509Certificate) getLocalCert_wizsign(this.baseDir, name)) == null) ? queryCertfromLDAP_wizsign(x509Certificate, divisionFromLDAPUrl_wizsign[0]) : x509Certificate2;
        }
        URL url = new URL(divisionFromLDAPUrl_wizsign[0]);
        KCaseLogging.println("cert url is : " + divisionFromLDAPUrl_wizsign[0]);
        InputStream openStream = url.openStream();
        X509Certificate x509Certificate3 = (X509Certificate) CertificateFactory.getInstance("X.509", "Ksign").generateCertificate(openStream);
        openStream.close();
        return x509Certificate3;
    }

    protected X509Certificate queryCertfromLDAP_wizsign(X509Certificate x509Certificate, String str) {
        LDAPConnection lDAPConnection = new LDAPConnection();
        try {
            KCaseLogging.println("find DirContext :: url = " + str);
            KCaseLogging.println(">>Jenny ldapUrl : " + str);
            WizsignLDAPUtil.createLDAP_wizsign(lDAPConnection, str, this.userLdapDN, this.password);
            if (lDAPConnection == null) {
                throw new Exception("(KSign) ldap connection fail.");
            }
            X509Certificate[] findCertificatesFromLDAP_wizsign = WizsignLDAPUtil.findCertificatesFromLDAP_wizsign(lDAPConnection, ((X509CertificateObject) x509Certificate).getIssuerDN2().getName());
            X509Certificate x509Certificate2 = null;
            int i = 0;
            while (true) {
                if (i >= findCertificatesFromLDAP_wizsign.length) {
                    break;
                }
                if (findCertificatesFromLDAP_wizsign[i] != null) {
                    x509Certificate2 = findCertificatesFromLDAP_wizsign[i];
                    break;
                }
                i++;
            }
            if (x509Certificate2 == null) {
                JCEUtil.setErrorcode("40015");
                throw new WizsignValidateException("(KSign) setCertListFromLdap3280's Certificate's path building Error");
            }
            KCaseLogging.println("assigndCertDN:" + x509Certificate.getSubjectDN());
            KCaseLogging.println("higerCert" + x509Certificate2.getSubjectDN());
            if (this.baseDir != null) {
                throw new WizsignValidateException("(KSign) setCertListFromLdap3280's Can't store Certificate.");
            }
            return x509Certificate2;
        } catch (Exception e) {
            throw e;
        }
    }

    public void setADLdapInfo_wizsign(String str, String str2) {
        this.userLdapDN = str;
        this.password = str2;
    }

    public boolean setInitialPolicy_wizsign(String str, boolean z) {
        this.m_initialPolicySet = null;
        this.m_bInitialPolicySet_any = z;
        if (z) {
        }
        this.m_initialPolicySet = new Vector();
        StringTokenizer stringTokenizer = new StringTokenizer(str, "|");
        while (stringTokenizer.hasMoreTokens()) {
            this.m_initialPolicySet.addElement(stringTokenizer.nextToken());
        }
        return true;
    }

    public boolean setLocalCRL_wizsign(String str, CRL crl) {
        try {
            if (str == null) {
                JCEUtil.setErrorcode("20007");
                throw new WizsignValidateException("(KSign) setLocalCRL's crl path is null");
            }
            if (crl == null) {
                JCEUtil.setErrorcode("20007");
                throw new WizsignValidateException("(KSign) setLocalCRL's crl value is null");
            }
            File file = new File(str);
            if (!file.isDirectory() && !file.mkdir()) {
                JCEUtil.setErrorcode("20005");
                throw new WizsignValidateException("(KSign) setLocalCRL's directory generate error");
            }
            byte[] encoded = ((X509CRLObject) crl).getEncoded();
            FileOutputStream fileOutputStream = new FileOutputStream(str + "/cert.crl");
            fileOutputStream.write(encoded, 0, encoded.length);
            fileOutputStream.close();
            return true;
        } catch (FileNotFoundException e) {
            JCEUtil.setErrorcode("20004");
            throw new WizsignValidateException("(KSign) ValidateCert : setLocalCRL's CRL file generate error    " + e.toString());
        } catch (IOException e2) {
            JCEUtil.setErrorcode("300028");
            throw new WizsignValidateException("(KSign) ValidateCert : setLocalCRL's CRL store error    " + e2.toString());
        } catch (Exception e3) {
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("300028");
            }
            throw new WizsignValidateException("(KSign)  ValidateCert : setLocalCRL process Error    " + e3.toString());
        }
    }

    public boolean setLocalCRL_wizsign(String str, CRL crl, boolean z) {
        try {
            if (str == null) {
                JCEUtil.setErrorcode("20007");
                throw new WizsignValidateException("(KSign) setLocalCRL's crl path is null");
            }
            if (crl == null) {
                JCEUtil.setErrorcode("20007");
                throw new WizsignValidateException("(KSign) setLocalCRL's crl value is null");
            }
            File file = new File(str);
            if (!file.isDirectory() && !file.mkdir()) {
                JCEUtil.setErrorcode("20005");
                throw new WizsignValidateException("(KSign) setLocalCRL's directory generate error");
            }
            byte[] encoded = ((X509CRLObject) crl).getEncoded();
            FileOutputStream fileOutputStream = new FileOutputStream(str + (z ? "/cert.arl" : "/cert.crl"));
            fileOutputStream.write(encoded, 0, encoded.length);
            fileOutputStream.close();
            return true;
        } catch (FileNotFoundException e) {
            JCEUtil.setErrorcode("20004");
            throw new WizsignValidateException("(KSign) ValidateCert : setLocalCRL's CRL file generate error    " + e.toString());
        } catch (IOException e2) {
            JCEUtil.setErrorcode("300028");
            throw new WizsignValidateException("(KSign) ValidateCert : setLocalCRL's CRL store error    " + e2.toString());
        } catch (Exception e3) {
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("300028");
            }
            throw new WizsignValidateException("(KSign)  ValidateCert : setLocalCRL process Error    " + e3.toString());
        }
    }

    public void setValidateOption_wizsign(boolean z, int i) {
        this.m_bPathValidationOp = z;
        this.m_nCrlCheckOption = i;
    }

    public boolean validateCertificateFromLDAP_wizsign(Certificate[] certificateArr, int i) {
        KCaseLogging.println("<<KSign>> validateCertificateFromLDAP Start");
        try {
            if (certificateArr == null) {
                JCEUtil.setErrorcode("20007");
                throw new WizsignValidateException("(KSign) validateCertificateFromLDAP's input cert value is null");
            }
            X509CertificateObject x509CertificateObject = (X509CertificateObject) certificateArr[0];
            KCaseLogging.println("<<KSign>> Input Cert's Subject DN : " + x509CertificateObject.getSubjectDN().getName());
            validateCertificateChain_3280_wizsign(x509CertificateObject, constructCertificatChain_3280_wizsign(x509CertificateObject, this.m_bPathValidationOp), this.m_bPathValidationOp, i, true);
            return true;
        } catch (Exception e) {
            throw new Exception(e.toString());
        }
    }

    public boolean validateCertificateFromLDAP_wizsign(Certificate[] certificateArr, int i, int i2) {
        KCaseLogging.println("<<KSign>> validateCertificateFromLDAP Start");
        try {
            if (certificateArr == null) {
                JCEUtil.setErrorcode("20007");
                throw new WizsignValidateException("(KSign) validateCertificateFromLDAP's input cert value is null");
            }
            X509CertificateObject x509CertificateObject = (X509CertificateObject) certificateArr[0];
            KCaseLogging.println("<<KSign>> Input Cert's Subject DN : " + x509CertificateObject.getSubjectDN().getName());
            if (i2 == 1) {
                x509CertificateObject.checkValidity();
            } else {
                validateCertificateChain_3280_wizsign(x509CertificateObject, constructCertificatChain_3280_wizsign(x509CertificateObject, this.m_bPathValidationOp), this.m_bPathValidationOp, i, true);
            }
            return true;
        } catch (Exception e) {
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("300032");
            }
            throw new WizsignValidateException("(KSign) ValidateCert : validateCertificateFromLDAP's process Error    " + e.toString());
        }
    }
}
