package weblogic.security.pki.revocation.wls;

import java.io.File;
import java.math.BigInteger;
import java.net.URI;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.X509Certificate;
import java.util.Set;
import java.util.logging.Level;
import javax.security.auth.x500.X500Principal;
import weblogic.kernel.KernelStatus;
import weblogic.management.DomainDir;
import weblogic.management.configuration.CertRevocCaMBean;
import weblogic.management.configuration.CertRevocMBean;
import weblogic.management.configuration.DomainMBean;
import weblogic.management.configuration.SecurityConfigurationMBean;
import weblogic.management.configuration.ServerMBean;
import weblogic.security.SecurityLogger;
import weblogic.security.SecurityRuntimeAccess;
import weblogic.security.internal.ServerPropertyNameService;
import weblogic.security.pki.revocation.common.AbstractCertRevocConstants;
import weblogic.security.pki.revocation.common.AbstractCertRevocContext;
import weblogic.security.pki.revocation.common.CertRevocCheckMethodList;
import weblogic.security.pki.revocation.common.CertRevocStatus;
import weblogic.security.pki.revocation.common.Timer;
import weblogic.security.pki.revocation.wls.WLSCertRevocConstants;
import weblogic.timers.TimerListener;
import weblogic.timers.TimerManagerFactory;
import weblogic.utils.LocatorUtilities;
import weblogic.work.WorkManager;
import weblogic.work.WorkManagerFactory;

/* loaded from: input_file:weblogic/security/pki/revocation/wls/WlsCertRevocContext.class */
public final class WlsCertRevocContext extends AbstractCertRevocContext {
    public static final WLSCertRevocConstants.ExplicitTrustMethod DEFAULT_OCSP_RESPONDER_EXPLICIT_TRUST_METHOD = WLSCertRevocConstants.ExplicitTrustMethod.NONE;
    public static final X500Principal DEFAULT_OCSP_RESPONDER_CERT_SUBJECT_NAME = null;
    public static final String DEFAULT_OCSP_RESPONDER_CERT_SUBJECT_NAME_STRING = null;
    public static final X500Principal DEFAULT_OCSP_RESPONDER_CERT_ISSUER_NAME = null;
    public static final String DEFAULT_OCSP_RESPONDER_CERT_ISSUER_NAME_STRING = null;
    public static final BigInteger DEFAULT_OCSP_RESPONDER_CERT_SERIAL_NUMBER = null;
    public static final String DEFAULT_OCSP_RESPONDER_CERT_SERIAL_NUMBER_STRING = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/security/pki/revocation/wls/WlsCertRevocContext$SecurityRuntimeAccessService.class */
    public static final class SecurityRuntimeAccessService {
        private static volatile SecurityRuntimeAccess runtimeAccess = null;

        private SecurityRuntimeAccessService() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static SecurityRuntimeAccess getRuntimeAccess(AbstractCertRevocContext abstractCertRevocContext) {
            if (null == runtimeAccess) {
                try {
                    runtimeAccess = (SecurityRuntimeAccess) AccessController.doPrivileged(new PrivilegedAction<SecurityRuntimeAccess>() { // from class: weblogic.security.pki.revocation.wls.WlsCertRevocContext.SecurityRuntimeAccessService.1
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedAction
                        public SecurityRuntimeAccess run() {
                            return (SecurityRuntimeAccess) LocatorUtilities.getService(SecurityRuntimeAccess.class);
                        }
                    });
                } catch (Exception e) {
                    if (null != abstractCertRevocContext && abstractCertRevocContext.isLoggable(Level.FINE)) {
                        abstractCertRevocContext.log(Level.FINE, "Unable to obtain SecurityRuntimeAccess, which may be due to a missing config.xml file. " + e.getClass().getName() + " occurred while getting " + SecurityRuntimeAccess.class.getName() + ", message: " + e.getMessage(), e);
                    }
                }
            }
            return runtimeAccess;
        }
    }

    public WlsCertRevocContext(Set<X509Certificate> set) {
        super(set, WlsLogListener.getInstance());
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public void logAttemptingCertRevocCheck(X500Principal x500Principal) {
        SecurityLogger.logAttemptingCertRevocCheck(nameFrom(x500Principal));
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public void logUnknownCertRevocStatusNoFail(X500Principal x500Principal) {
        SecurityLogger.logUnknownCertRevocStatusNoFail(nameFrom(x500Principal));
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public void logCertRevocStatus(CertRevocStatus certRevocStatus) {
        SecurityLogger.logCertRevocStatus(stringFrom(certRevocStatus));
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public void logIgnoredNonceCertRevocStatus(CertRevocStatus certRevocStatus) {
        SecurityLogger.logIgnoredNonceCertRevocStatus(stringFrom(certRevocStatus));
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public void logUnknownCertRevocStatusFail(X500Principal x500Principal) {
        SecurityLogger.logUnknownCertRevocStatusFail(nameFrom(x500Principal));
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public void logRevokedCertRevocStatusFail(X500Principal x500Principal) {
        SecurityLogger.logRevokedCertRevocStatusFail(nameFrom(x500Principal));
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public void logNotRevokedCertRevocStatusNotFail(X500Principal x500Principal) {
        SecurityLogger.logNotRevokedCertRevocStatusNotFail(nameFrom(x500Principal));
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public void schedule(Runnable runnable) {
        if (null == runnable) {
            throw new IllegalArgumentException("Expected non-null Runnable.");
        }
        WorkManager workManager = WorkManagerFactory.getInstance().getDefault();
        if (null == workManager) {
            throw new IllegalStateException("No weblogic.work.WorkManager available.");
        }
        workManager.schedule(runnable);
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public Timer scheduleWithFixedDelay(final Runnable runnable, long j, long j2) {
        if (null == runnable) {
            throw new IllegalArgumentException("Unexpected null Runnable.");
        }
        final weblogic.timers.Timer schedule = TimerManagerFactory.getTimerManagerFactory().getDefaultTimerManager().schedule(new TimerListener() { // from class: weblogic.security.pki.revocation.wls.WlsCertRevocContext.1
            @Override // weblogic.timers.TimerListener
            public final void timerExpired(weblogic.timers.Timer timer) {
                try {
                    runnable.run();
                } catch (Exception e) {
                    if (WlsCertRevocContext.this.isLoggable(Level.FINE)) {
                        WlsCertRevocContext.this.log(Level.FINE, e, "Exception occurred running timer task {0}.", runnable.getClass().getName());
                    }
                }
            }
        }, j, j2);
        return new Timer() { // from class: weblogic.security.pki.revocation.wls.WlsCertRevocContext.2
            @Override // weblogic.security.pki.revocation.common.Timer
            public void cancel() {
                if (WlsCertRevocContext.this.isLoggable(Level.FINEST)) {
                    WlsCertRevocContext.this.log(Level.FINEST, "Cancelling timer task {0}.", runnable.getClass().getName());
                }
                boolean cancel = schedule.cancel();
                if (WlsCertRevocContext.this.isLoggable(Level.FINEST)) {
                    WlsCertRevocContext.this.log(Level.FINEST, "Returned from cancel for timer task {0}, Found/cancelled={1}.", runnable.getClass().getName(), Boolean.valueOf(cancel));
                }
            }
        };
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public boolean isCheckingEnabled() {
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        return null == certRevocMBean ? DEFAULT_CHECKING_ENABLED.booleanValue() : certRevocMBean.isCheckingEnabled();
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public boolean isCheckingDisabled(X500Principal x500Principal) {
        CertRevocCaMBean certRevocCaMBean;
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        if (null != certRevocMBean && null != (certRevocCaMBean = getCertRevocCaMBean(certRevocMBean, x500Principal))) {
            return certRevocCaMBean.isCheckingDisabled();
        }
        return DEFAULT_CHECKING_DISABLED.booleanValue();
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public boolean isFailOnUnknownRevocStatus(X500Principal x500Principal) {
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        if (null == certRevocMBean) {
            return DEFAULT_FAIL_ON_UNKNOWN_REVOC_STATUS.booleanValue();
        }
        CertRevocCaMBean certRevocCaMBean = getCertRevocCaMBean(certRevocMBean, x500Principal);
        return null == certRevocCaMBean ? certRevocMBean.isFailOnUnknownRevocStatus() : certRevocCaMBean.isFailOnUnknownRevocStatus();
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public CertRevocCheckMethodList getMethodOrder(X500Principal x500Principal) {
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        if (null == certRevocMBean) {
            return DEFAULT_METHOD_ORDER;
        }
        CertRevocCaMBean certRevocCaMBean = getCertRevocCaMBean(certRevocMBean, x500Principal);
        String methodOrder = null == certRevocCaMBean ? certRevocMBean.getMethodOrder() : certRevocCaMBean.getMethodOrder();
        try {
            return new CertRevocCheckMethodList(methodOrder);
        } catch (Exception e) {
            logParsingException("MethodOrder", certRevocCaMBean, methodOrder, e);
            return DEFAULT_METHOD_ORDER;
        }
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public URI getOcspResponderUrl(X500Principal x500Principal) {
        CertRevocCaMBean certRevocCaMBean;
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        if (null != certRevocMBean && null != (certRevocCaMBean = getCertRevocCaMBean(certRevocMBean, x500Principal))) {
            String ocspResponderUrl = certRevocCaMBean.getOcspResponderUrl();
            if (null == ocspResponderUrl) {
                return null;
            }
            try {
                return new URI(ocspResponderUrl);
            } catch (Exception e) {
                logParsingException("OcspResponderUrl", certRevocCaMBean, ocspResponderUrl, e);
                return DEFAULT_OCSP_RESPONDER_URL;
            }
        }
        return DEFAULT_OCSP_RESPONDER_URL;
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public AbstractCertRevocConstants.AttributeUsage getOcspResponderUrlUsage(X500Principal x500Principal) {
        CertRevocCaMBean certRevocCaMBean;
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        if (null != certRevocMBean && null != (certRevocCaMBean = getCertRevocCaMBean(certRevocMBean, x500Principal))) {
            String ocspResponderUrlUsage = certRevocCaMBean.getOcspResponderUrlUsage();
            try {
                return AbstractCertRevocConstants.AttributeUsage.valueOf(ocspResponderUrlUsage);
            } catch (Exception e) {
                logParsingException("OcspResponderUrlUsage", certRevocCaMBean, ocspResponderUrlUsage, e);
                return DEFAULT_OCSP_RESPONDER_URL_USAGE;
            }
        }
        return DEFAULT_OCSP_RESPONDER_URL_USAGE;
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public X509Certificate getOcspResponderTrustedCert(X500Principal x500Principal) {
        X509Certificate x509Certificate = null;
        WLSCertRevocConstants.ExplicitTrustMethod ocspResponderExplicitTrustMethod = getOcspResponderExplicitTrustMethod(x500Principal);
        switch (ocspResponderExplicitTrustMethod) {
            case USE_SUBJECT:
                X500Principal ocspResponderCertSubjectName = getOcspResponderCertSubjectName(x500Principal);
                if (null != ocspResponderCertSubjectName) {
                    x509Certificate = getValidTrustedCert(ocspResponderCertSubjectName);
                }
                if (null == x509Certificate && isLoggable(Level.FINE)) {
                    log(Level.FINE, "No valid OCSP explicitly trusted certificate for CA \"{0}\" with subject \"{1}\" was found.", x500Principal, ocspResponderCertSubjectName);
                    break;
                }
                break;
            case USE_ISSUER_SERIAL_NUMBER:
                X500Principal ocspResponderCertIssuerName = getOcspResponderCertIssuerName(x500Principal);
                BigInteger ocspResponderCertSerialNumber = getOcspResponderCertSerialNumber(x500Principal);
                if (null != ocspResponderCertIssuerName && null != ocspResponderCertSerialNumber) {
                    x509Certificate = getValidTrustedCert(ocspResponderCertIssuerName, ocspResponderCertSerialNumber);
                }
                if (null == x509Certificate && isLoggable(Level.FINE)) {
                    log(Level.FINE, "No valid OCSP explicitly trusted certificate for CA \"{0}\" with issuer \"{1}\" serial number \"{2}\" was found.", x500Principal, ocspResponderCertIssuerName, ocspResponderCertSerialNumber);
                    break;
                }
                break;
            case NONE:
                if (isLoggable(Level.FINEST)) {
                    log(Level.FINEST, "No OCSP explicitly trusted certificate for CA \"{0}\" using method \"{1}\".", x500Principal, ocspResponderExplicitTrustMethod);
                    break;
                }
                break;
            default:
                throw new IllegalStateException("Unknown ExplicitTrustMethod " + ocspResponderExplicitTrustMethod);
        }
        if (null != x509Certificate && isLoggable(Level.FINEST)) {
            log(Level.FINEST, "Found valid OCSP explicitly trusted certificate for CA \"{0}\" using method \"{1}\" with subject \"{2}\".", x500Principal, ocspResponderExplicitTrustMethod, x509Certificate.getSubjectX500Principal());
        }
        return x509Certificate;
    }

    WLSCertRevocConstants.ExplicitTrustMethod getOcspResponderExplicitTrustMethod(X500Principal x500Principal) {
        CertRevocCaMBean certRevocCaMBean;
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        if (null != certRevocMBean && null != (certRevocCaMBean = getCertRevocCaMBean(certRevocMBean, x500Principal))) {
            String ocspResponderExplicitTrustMethod = certRevocCaMBean.getOcspResponderExplicitTrustMethod();
            try {
                return WLSCertRevocConstants.ExplicitTrustMethod.valueOf(ocspResponderExplicitTrustMethod);
            } catch (Exception e) {
                logParsingException("OcspResponderExplicitTrustMethod", certRevocCaMBean, ocspResponderExplicitTrustMethod, e);
                return DEFAULT_OCSP_RESPONDER_EXPLICIT_TRUST_METHOD;
            }
        }
        return DEFAULT_OCSP_RESPONDER_EXPLICIT_TRUST_METHOD;
    }

    X500Principal getOcspResponderCertSubjectName(X500Principal x500Principal) {
        CertRevocCaMBean certRevocCaMBean;
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        if (null != certRevocMBean && null != (certRevocCaMBean = getCertRevocCaMBean(certRevocMBean, x500Principal))) {
            String ocspResponderCertSubjectName = certRevocCaMBean.getOcspResponderCertSubjectName();
            if (null == ocspResponderCertSubjectName) {
                return null;
            }
            try {
                return new X500Principal(ocspResponderCertSubjectName);
            } catch (Exception e) {
                logParsingException("OcspResponderCertSubjectName", certRevocCaMBean, ocspResponderCertSubjectName, e);
                return DEFAULT_OCSP_RESPONDER_CERT_SUBJECT_NAME;
            }
        }
        return DEFAULT_OCSP_RESPONDER_CERT_SUBJECT_NAME;
    }

    X500Principal getOcspResponderCertIssuerName(X500Principal x500Principal) {
        CertRevocCaMBean certRevocCaMBean;
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        if (null != certRevocMBean && null != (certRevocCaMBean = getCertRevocCaMBean(certRevocMBean, x500Principal))) {
            String ocspResponderCertIssuerName = certRevocCaMBean.getOcspResponderCertIssuerName();
            if (null == ocspResponderCertIssuerName) {
                return null;
            }
            try {
                return new X500Principal(ocspResponderCertIssuerName);
            } catch (Exception e) {
                logParsingException("OcspResponderCertIssuerName", certRevocCaMBean, ocspResponderCertIssuerName, e);
                return DEFAULT_OCSP_RESPONDER_CERT_ISSUER_NAME;
            }
        }
        return DEFAULT_OCSP_RESPONDER_CERT_ISSUER_NAME;
    }

    BigInteger getOcspResponderCertSerialNumber(X500Principal x500Principal) {
        CertRevocCaMBean certRevocCaMBean;
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        if (null != certRevocMBean && null != (certRevocCaMBean = getCertRevocCaMBean(certRevocMBean, x500Principal))) {
            String ocspResponderCertSerialNumber = certRevocCaMBean.getOcspResponderCertSerialNumber();
            if (null == ocspResponderCertSerialNumber) {
                return null;
            }
            try {
                return new BigInteger(ocspResponderCertSerialNumber);
            } catch (Exception e) {
                logParsingException("OcspResponderCertSerialNumber", certRevocCaMBean, ocspResponderCertSerialNumber, e);
                return DEFAULT_OCSP_RESPONDER_CERT_SERIAL_NUMBER;
            }
        }
        return DEFAULT_OCSP_RESPONDER_CERT_SERIAL_NUMBER;
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public boolean isOcspNonceEnabled(X500Principal x500Principal) {
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        if (null == certRevocMBean) {
            return DEFAULT_OCSP_NONCE_ENABLED.booleanValue();
        }
        CertRevocCaMBean certRevocCaMBean = getCertRevocCaMBean(certRevocMBean, x500Principal);
        return null == certRevocCaMBean ? certRevocMBean.isOcspNonceEnabled() : certRevocCaMBean.isOcspNonceEnabled();
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public PrivateKey getOcspRequestSigningPrivateKey(X500Principal x500Principal) {
        return null;
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public X509Certificate getOcspRequestSigningCert(X500Principal x500Principal) {
        return null;
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public boolean isOcspResponseCacheEnabled(X500Principal x500Principal) {
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        if (null == certRevocMBean) {
            return DEFAULT_OCSP_RESPONSE_CACHE_ENABLED.booleanValue();
        }
        CertRevocCaMBean certRevocCaMBean = getCertRevocCaMBean(certRevocMBean, x500Principal);
        return null == certRevocCaMBean ? certRevocMBean.isOcspResponseCacheEnabled() : certRevocCaMBean.isOcspResponseCacheEnabled();
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public int getOcspResponseCacheCapacity() {
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        return null == certRevocMBean ? DEFAULT_OCSP_RESPONSE_CACHE_CAPACITY.intValue() : certRevocMBean.getOcspResponseCacheCapacity();
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public int getOcspResponseCacheRefreshPeriodPercent() {
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        return null == certRevocMBean ? DEFAULT_OCSP_RESPONSE_CACHE_REFRESH_PERIOD_PERCENT.intValue() : certRevocMBean.getOcspResponseCacheRefreshPeriodPercent();
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public long getOcspResponseTimeout(X500Principal x500Principal) {
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        if (null == certRevocMBean) {
            return DEFAULT_OCSP_RESPONSE_TIMEOUT.longValue();
        }
        CertRevocCaMBean certRevocCaMBean = getCertRevocCaMBean(certRevocMBean, x500Principal);
        return null == certRevocCaMBean ? certRevocMBean.getOcspResponseTimeout() : certRevocCaMBean.getOcspResponseTimeout();
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public int getOcspTimeTolerance(X500Principal x500Principal) {
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        if (null == certRevocMBean) {
            return DEFAULT_OCSP_TIME_TOLERANCE.intValue();
        }
        CertRevocCaMBean certRevocCaMBean = getCertRevocCaMBean(certRevocMBean, x500Principal);
        return null == certRevocCaMBean ? certRevocMBean.getOcspTimeTolerance() : certRevocCaMBean.getOcspTimeTolerance();
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public AbstractCertRevocConstants.CrlCacheType getCrlCacheType() {
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        if (null == certRevocMBean) {
            return DEFAULT_CRL_CACHE_TYPE;
        }
        String crlCacheType = certRevocMBean.getCrlCacheType();
        try {
            return AbstractCertRevocConstants.CrlCacheType.valueOf(crlCacheType);
        } catch (Exception e) {
            logParsingException("CrlCacheType", null, crlCacheType, e);
            return DEFAULT_CRL_CACHE_TYPE;
        }
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public File getCrlCacheImportDir() {
        File crlCacheImportDirectory;
        File serverSecurityBaseDir = getServerSecurityBaseDir();
        if (null != serverSecurityBaseDir && null != (crlCacheImportDirectory = getCrlCacheImportDirectory(serverSecurityBaseDir))) {
            return crlCacheImportDirectory;
        }
        return DEFAULT_CRL_CACHE_IMPORT_DIR;
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public File getCrlCacheTypeFileDir() {
        File crlCacheStorageDirectory;
        File serverSecurityBaseDir = getServerSecurityBaseDir();
        if (null != serverSecurityBaseDir && null != (crlCacheStorageDirectory = getCrlCacheStorageDirectory(serverSecurityBaseDir))) {
            return crlCacheStorageDirectory;
        }
        return DEFAULT_CRL_CACHE_TYPE_FILE_DIR;
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public String getCrlCacheTypeLdapHostname() {
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        return null == certRevocMBean ? DEFAULT_CRL_CACHE_TYPE_LDAP_HOST_NAME : certRevocMBean.getCrlCacheTypeLdapHostname();
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public int getCrlCacheTypeLdapPort() {
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        return null == certRevocMBean ? DEFAULT_CRL_CACHE_TYPE_LDAP_PORT.intValue() : certRevocMBean.getCrlCacheTypeLdapPort();
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public int getCrlCacheTypeLdapSearchTimeout() {
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        return null == certRevocMBean ? DEFAULT_CRL_CACHE_TYPE_LDAP_SEARCH_TIMEOUT.intValue() : certRevocMBean.getCrlCacheTypeLdapSearchTimeout();
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public int getCrlCacheRefreshPeriodPercent() {
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        return null == certRevocMBean ? DEFAULT_CRL_CACHE_REFRESH_PERIOD_PERCENT.intValue() : certRevocMBean.getCrlCacheRefreshPeriodPercent();
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public boolean isCrlDpEnabled(X500Principal x500Principal) {
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        if (null == certRevocMBean) {
            return DEFAULT_CRL_DP_ENABLED.booleanValue();
        }
        CertRevocCaMBean certRevocCaMBean = getCertRevocCaMBean(certRevocMBean, x500Principal);
        return null == certRevocCaMBean ? certRevocMBean.isCrlDpEnabled() : certRevocCaMBean.isCrlDpEnabled();
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public long getCrlDpDownloadTimeout(X500Principal x500Principal) {
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        if (null == certRevocMBean) {
            return DEFAULT_CRL_DP_DOWNLOAD_TIMEOUT.longValue();
        }
        CertRevocCaMBean certRevocCaMBean = getCertRevocCaMBean(certRevocMBean, x500Principal);
        return null == certRevocCaMBean ? certRevocMBean.getCrlDpDownloadTimeout() : certRevocCaMBean.getCrlDpDownloadTimeout();
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public boolean isCrlDpBackgroundDownloadEnabled(X500Principal x500Principal) {
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        if (null == certRevocMBean) {
            return DEFAULT_CRL_DP_BACKGROUND_DOWNLOAD_ENABLED.booleanValue();
        }
        CertRevocCaMBean certRevocCaMBean = getCertRevocCaMBean(certRevocMBean, x500Principal);
        return null == certRevocCaMBean ? certRevocMBean.isCrlDpBackgroundDownloadEnabled() : certRevocCaMBean.isCrlDpBackgroundDownloadEnabled();
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public URI getCrlDpUrl(X500Principal x500Principal) {
        CertRevocCaMBean certRevocCaMBean;
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        if (null != certRevocMBean && null != (certRevocCaMBean = getCertRevocCaMBean(certRevocMBean, x500Principal))) {
            String crlDpUrl = certRevocCaMBean.getCrlDpUrl();
            if (null == crlDpUrl) {
                return null;
            }
            try {
                return new URI(crlDpUrl);
            } catch (Exception e) {
                logParsingException("CrlDpUrl", certRevocCaMBean, crlDpUrl, e);
                return DEFAULT_CRL_DP_URL;
            }
        }
        return DEFAULT_CRL_DP_URL;
    }

    @Override // weblogic.security.pki.revocation.common.AbstractCertRevocContext
    public AbstractCertRevocConstants.AttributeUsage getCrlDpUrlUsage(X500Principal x500Principal) {
        CertRevocCaMBean certRevocCaMBean;
        CertRevocMBean certRevocMBean = getCertRevocMBean();
        if (null != certRevocMBean && null != (certRevocCaMBean = getCertRevocCaMBean(certRevocMBean, x500Principal))) {
            String crlDpUrlUsage = certRevocCaMBean.getCrlDpUrlUsage();
            try {
                return AbstractCertRevocConstants.AttributeUsage.valueOf(crlDpUrlUsage);
            } catch (Exception e) {
                logParsingException("CrlDpUrlUsage", certRevocCaMBean, crlDpUrlUsage, e);
                return DEFAULT_CRL_DP_URL_USAGE;
            }
        }
        return DEFAULT_CRL_DP_URL_USAGE;
    }

    ServerMBean getServerMBean() {
        try {
            if (KernelStatus.isServer()) {
                SecurityRuntimeAccess runtimeAccess = SecurityRuntimeAccessService.getRuntimeAccess(this);
                if (null == runtimeAccess) {
                    logUnexpectedNullMBean("RuntimeAccess");
                } else if (null == runtimeAccess.getServer()) {
                    logUnexpectedNullMBean("ServerMBean");
                }
            } else if (isLoggable(Level.FINE)) {
                log(Level.FINE, "Certificate revocation checking is currently unavailable outside the server.", new Object[0]);
            }
            return null;
        } catch (RuntimeException e) {
            if (isLoggable(Level.FINE)) {
                log(Level.FINE, e, "Failure getting ServerMBean.", new Object[0]);
            }
            throw e;
        }
    }

    private String getServerName() {
        String str = null;
        try {
            if (KernelStatus.isServer()) {
                ServerPropertyNameService serverPropertyNameService = (ServerPropertyNameService) AccessController.doPrivileged(new PrivilegedAction<ServerPropertyNameService>() { // from class: weblogic.security.pki.revocation.wls.WlsCertRevocContext.3
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public ServerPropertyNameService run() {
                        return (ServerPropertyNameService) LocatorUtilities.getService(ServerPropertyNameService.class);
                    }
                });
                if (null != serverPropertyNameService) {
                    str = serverPropertyNameService.getServerName();
                } else if (isLoggable(Level.FINE)) {
                    log(Level.FINE, "Unexpected null PropertyService.", new Object[0]);
                }
            } else if (isLoggable(Level.FINE)) {
                log(Level.FINE, "Certificate revocation checking is currently unavailable outside the server.", new Object[0]);
            }
            return str;
        } catch (RuntimeException e) {
            if (isLoggable(Level.FINE)) {
                log(Level.FINE, e, "Failure getting server name.", new Object[0]);
            }
            throw e;
        }
    }

    CertRevocMBean getCertRevocMBean() {
        CertRevocMBean certRevocMBean = null;
        try {
            if (KernelStatus.isServer()) {
                SecurityRuntimeAccess runtimeAccess = SecurityRuntimeAccessService.getRuntimeAccess(this);
                if (null == runtimeAccess) {
                    logUnexpectedNullMBean("RuntimeAccess");
                } else {
                    DomainMBean domain = runtimeAccess.getDomain();
                    if (null == domain) {
                        logUnexpectedNullMBean("DomainMBean");
                    } else {
                        SecurityConfigurationMBean securityConfiguration = domain.getSecurityConfiguration();
                        if (null == securityConfiguration) {
                            logUnexpectedNullMBean("SecurityConfigurationMBean");
                        } else {
                            certRevocMBean = securityConfiguration.getCertRevoc();
                            if (null == certRevocMBean) {
                                logUnexpectedNullMBean("CertRevocMBean");
                            }
                        }
                    }
                }
            } else if (isLoggable(Level.FINE)) {
                log(Level.FINE, "Certificate revocation checking is currently unavailable outside the server.", new Object[0]);
            }
            return certRevocMBean;
        } catch (RuntimeException e) {
            if (isLoggable(Level.FINE)) {
                log(Level.FINE, e, "Failure getting CertRevocMBean.", new Object[0]);
            }
            throw e;
        }
    }

    CertRevocCaMBean getCertRevocCaMBean(CertRevocMBean certRevocMBean, X500Principal x500Principal) {
        String distinguishedName;
        if (null == certRevocMBean) {
            throw new IllegalArgumentException("Expected non-null CertRevocMBean.");
        }
        if (null == x500Principal) {
            if (!isLoggable(Level.FINE)) {
                return null;
            }
            log(Level.FINE, "Non-null caDn expected.", new Object[0]);
            return null;
        }
        CertRevocCaMBean[] certRevocCas = certRevocMBean.getCertRevocCas();
        if (null == certRevocCas || 0 == certRevocCas.length) {
            return null;
        }
        for (CertRevocCaMBean certRevocCaMBean : certRevocCas) {
            if (null != certRevocCaMBean && null != (distinguishedName = certRevocCaMBean.getDistinguishedName()) && 0 != distinguishedName.length()) {
                try {
                    if (x500Principal.equals(new X500Principal(distinguishedName))) {
                        return certRevocCaMBean;
                    }
                } catch (Exception e) {
                }
            }
        }
        return null;
    }

    private void logParsingException(String str, CertRevocCaMBean certRevocCaMBean, String str2, Exception exc) {
        if (isLoggable(Level.FINE)) {
            log(Level.FINE, exc, "Invalid {0}.{1} value {2}", null == certRevocCaMBean ? "CertRevocMBean" : "CertRevocCaMBean", str, str2);
        }
    }

    private void logUnexpectedNullMBean(String str) {
        if (isLoggable(Level.FINE)) {
            log(Level.FINE, "Unexpected null {0}.", str);
        }
    }

    private File getServerSecurityBaseDir() {
        String serverName = getServerName();
        if (null != serverName && serverName.length() != 0) {
            return new File(DomainDir.getSecurityDirForServer(serverName));
        }
        if (!isLoggable(Level.FINE)) {
            return null;
        }
        log(Level.FINE, "Server name is null or empty.", new Object[0]);
        return null;
    }

    private static String nameFrom(X500Principal x500Principal) {
        return x500Principal != null ? x500Principal.getName() : null;
    }

    private static String stringFrom(CertRevocStatus certRevocStatus) {
        return certRevocStatus != null ? certRevocStatus.toString() : null;
    }
}
