package com.sun.deploy.security;

import com.sun.deploy.util.PerfLogger;
import java.io.IOException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import javax.security.auth.x500.X500Principal;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:jre/lib/deploy.jar:com/sun/deploy/security/LazyRootStore.class */
public final class LazyRootStore {
    private CertStore browserRootStore;
    private CertStore jreRootStore;
    private boolean isBrowserRootStoreLoaded = false;
    private boolean isJRERootStoreLoaded = false;
    private X509Certificate ocspCertCA = null;
    private LinkedHashSet allRootCerts = new LinkedHashSet();
    private LinkedHashSet jreRootCerts = new LinkedHashSet();
    private HashMap allTrustedSubjects = new HashMap();
    private HashMap allTrustedSubjectKeys = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:jre/lib/deploy.jar:com/sun/deploy/security/LazyRootStore$TrustedRootResult.class */
    public static class TrustedRootResult {
        private List matchedCAList;
        private boolean isAlreadyTrusted;

        TrustedRootResult(List list, boolean z) {
            this.matchedCAList = list;
            this.isAlreadyTrusted = z;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public List getMatchedCAList() {
            return this.matchedCAList;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean isAlreadyTrusted() {
            return this.isAlreadyTrusted;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public LazyRootStore(CertStore certStore, CertStore certStore2) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        this.browserRootStore = null;
        this.jreRootStore = null;
        this.browserRootStore = certStore;
        this.jreRootStore = certStore2;
    }

    private void loadBrowserStore() throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        if (this.browserRootStore != null && !this.isBrowserRootStoreLoaded) {
            PerfLogger.setTime("Security: Start loading browser Root certStore");
            this.browserRootStore.load();
            this.isBrowserRootStoreLoaded = true;
            PerfLogger.setTime("Security: End loading browser Root certStore");
            this.allRootCerts.addAll(this.browserRootStore.getCertificates());
        }
        createAllTrustedSubject(this.allRootCerts);
    }

    private void loadJREStores() throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        if (this.isJRERootStoreLoaded) {
            return;
        }
        PerfLogger.setTime("Security: Start loading JRE root cert store");
        this.jreRootStore.load();
        this.jreRootCerts.addAll(this.jreRootStore.getCertificates());
        this.allRootCerts.addAll(this.jreRootStore.getCertificates());
        createAllTrustedSubject(this.jreRootCerts);
        this.isJRERootStoreLoaded = true;
        PerfLogger.setTime("Security: End loading JRE root cert store");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TrustedRootResult getTrustAnchors(X509Certificate x509Certificate) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        if (!this.isBrowserRootStoreLoaded) {
            loadBrowserStore();
        }
        TrustedRootResult matchedResult = getMatchedResult(x509Certificate);
        if (matchedResult == null && !this.isJRERootStoreLoaded) {
            loadJREStores();
            matchedResult = getMatchedResult(x509Certificate);
        }
        return matchedResult;
    }

    private TrustedRootResult getMatchedResult(X509Certificate x509Certificate) {
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
        boolean z = false;
        List list = null;
        if (this.allRootCerts.contains(x509Certificate) || (this.allTrustedSubjectKeys.containsKey(subjectX500Principal) && ((List) this.allTrustedSubjectKeys.get(subjectX500Principal)).contains(x509Certificate.getPublicKey()))) {
            list = new LinkedList();
            list.add(x509Certificate);
            z = true;
        } else if (this.allTrustedSubjects.containsKey(issuerX500Principal)) {
            list = verifySignature((List) this.allTrustedSubjects.get(issuerX500Principal), x509Certificate);
        }
        if (list == null || list.isEmpty()) {
            return null;
        }
        return new TrustedRootResult(list, z);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v32, types: [java.util.List] */
    /* JADX WARN: Type inference failed for: r0v37, types: [java.util.List] */
    private void createAllTrustedSubject(LinkedHashSet linkedHashSet) {
        LinkedList linkedList;
        LinkedList linkedList2;
        Iterator it = linkedHashSet.iterator();
        while (it.hasNext()) {
            X509Certificate x509Certificate = (X509Certificate) it.next2();
            if (x509Certificate != null) {
                X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
                if (this.allTrustedSubjects.containsKey(subjectX500Principal)) {
                    linkedList = (List) this.allTrustedSubjects.get(subjectX500Principal);
                } else {
                    linkedList = new LinkedList();
                    this.allTrustedSubjects.put(subjectX500Principal, linkedList);
                }
                linkedList.add(x509Certificate);
                if (this.allTrustedSubjectKeys.containsKey(subjectX500Principal)) {
                    linkedList2 = (List) this.allTrustedSubjectKeys.get(subjectX500Principal);
                } else {
                    linkedList2 = new LinkedList();
                    this.allTrustedSubjectKeys.put(subjectX500Principal, linkedList2);
                }
                linkedList2.add(x509Certificate.getPublicKey());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean containSubject(String str) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        if (!this.isBrowserRootStoreLoaded) {
            loadBrowserStore();
        }
        Iterator<E> it = this.allRootCerts.iterator();
        while (it.hasNext()) {
            X509Certificate x509Certificate = (X509Certificate) it.next2();
            if (x509Certificate != null && str.equals(CertUtils.extractSubjectAliasName(x509Certificate))) {
                this.ocspCertCA = x509Certificate;
                return true;
            }
        }
        if (!this.isJRERootStoreLoaded) {
            loadJREStores();
            Iterator<E> it2 = this.jreRootCerts.iterator();
            while (it2.hasNext()) {
                X509Certificate x509Certificate2 = (X509Certificate) it2.next2();
                if (x509Certificate2 != null && str.equals(CertUtils.extractSubjectAliasName(x509Certificate2))) {
                    this.ocspCertCA = x509Certificate2;
                    return true;
                }
            }
        }
        this.ocspCertCA = null;
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate getOCSPCert() {
        return this.ocspCertCA;
    }

    private List verifySignature(List list, X509Certificate x509Certificate) {
        LinkedList linkedList = new LinkedList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            X509Certificate x509Certificate2 = (X509Certificate) it.next2();
            if (x509Certificate2 != null) {
                try {
                    x509Certificate.verify(x509Certificate2.getPublicKey());
                    linkedList.add(x509Certificate2);
                } catch (Exception e) {
                }
            }
        }
        return linkedList;
    }
}
