package cmbc.cfca.x509.certificate;

import cfca.org.slf4j.Logger;
import cfca.org.slf4j.LoggerFactory;
import cmbc.cfca.org.bouncycastle.asn1.ASN1Object;
import cmbc.cfca.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import cmbc.cfca.org.bouncycastle.asn1.DERIA5String;
import cmbc.cfca.org.bouncycastle.asn1.x500.RDN;
import cmbc.cfca.org.bouncycastle.asn1.x500.X500Name;
import cmbc.cfca.org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import cmbc.cfca.org.bouncycastle.asn1.x509.CRLDistPoint;
import cmbc.cfca.org.bouncycastle.asn1.x509.DistributionPoint;
import cmbc.cfca.org.bouncycastle.asn1.x509.DistributionPointName;
import cmbc.cfca.org.bouncycastle.asn1.x509.Extension;
import cmbc.cfca.org.bouncycastle.asn1.x509.GeneralName;
import cmbc.cfca.org.bouncycastle.asn1.x509.GeneralNames;
import cmbc.cfca.org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import cmbc.cfca.org.bouncycastle.util.encoders.Hex;
import cmbc.cfca.sm2rsa.common.Mechanism;
import cmbc.cfca.sm2rsa.common.PKCSObjectIdentifiers;
import cmbc.cfca.sm2rsa.common.PKIException;
import cmbc.cfca.sm2rsa.common.X9ObjectIdentifiers;
import cmbc.cfca.system.Debugger;
import cmbc.cfca.util.HashUtil;
import com.sun.jndi.ldap.LdapURL;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import javax.naming.NamingEnumeration;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;

/* loaded from: input_file:cmbc/cfca/x509/certificate/X509CertValidator.class */
public final class X509CertValidator {
    static final Logger logger;
    public static final ASN1ObjectIdentifier SM3withSM2Encryption;
    private static HashMap trustCerts;

    public static void updateTrustCertsMap(ArrayList arrayList) throws PKIException {
        if (logger.isDebugEnabled()) {
            logger.debug("updateTrustCertsMap>>>>>>[trustCertPathList]Running");
        }
        if (arrayList != null) {
            int size = arrayList.size();
            for (int i = 0; i < size; i++) {
                Object obj = arrayList.get(i);
                if (obj instanceof String) {
                    try {
                        updateTrustCertsMap((String) obj);
                    } catch (PKIException e) {
                        throw e;
                    } catch (Exception e2) {
                        throw new PKIException(PKIException.X509_TRUST_UPDATE_VERIFY, PKIException.X509_TRUST_UPDATE_VERIFY_DES, e2);
                    }
                }
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("updateTrustCertsMa<<<<<<[trustCertPathList]Finished");
        }
    }

    public static void updateTrustCertsMap(String str) throws PKIException {
        if (logger.isDebugEnabled()) {
            logger.debug("updateTrustCertsMap>>>>>>[trustCerPath]Running");
        }
        if (str != null) {
            try {
                updateTrustCertsMap(X509CertHelper.certFrom(str));
            } catch (PKIException e) {
                throw e;
            } catch (Exception e2) {
                throw new PKIException(PKIException.X509_TRUST_UPDATE_VERIFY, PKIException.X509_TRUST_UPDATE_VERIFY_DES, e2);
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("updateTrustCertsMa<<<<<<[trustCerPath]Finished");
        }
    }

    public static void updateTrustCertsMap(X509Cert[] x509CertArr) throws PKIException {
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("updateTrustCertsMap>>>>>>Running");
            stringBuffer.append("\n trustCerts: ");
            stringBuffer.append(Debugger.dump(x509CertArr));
            logger.debug(stringBuffer.toString());
        }
        if (x509CertArr != null) {
            for (X509Cert x509Cert : x509CertArr) {
                try {
                    updateTrustCertsMap(x509Cert);
                } catch (PKIException e) {
                    throw e;
                } catch (Exception e2) {
                    throw new PKIException(PKIException.X509_TRUST_UPDATE_VERIFY, PKIException.X509_TRUST_UPDATE_VERIFY_DES, e2);
                }
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("updateTrustCertsMa<<<<<<[trustCerts]Finished");
        }
    }

    public static void updateTrustCertsMap(X509Cert x509Cert) throws PKIException {
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("updateTrustCertsMap>>>>>>Running");
            stringBuffer.append("\n trustCert: ");
            stringBuffer.append(Debugger.dump(x509Cert));
            logger.debug(stringBuffer.toString());
        }
        if (isValid(x509Cert)) {
            if (trustCerts.size() >= 1000) {
                throw new PKIException("trustCerts more than 1000");
            }
            try {
                PublicKey publicKey = x509Cert.getPublicKey();
                synchronized (trustCerts) {
                    trustCerts.put(x509Cert.getSubject(), publicKey);
                    String buildSubjectKeyIDTextFrom = buildSubjectKeyIDTextFrom(x509Cert);
                    if (buildSubjectKeyIDTextFrom != null) {
                        trustCerts.put(buildSubjectKeyIDTextFrom, publicKey);
                    } else {
                        trustCerts.put(new String(Hex.encode(HashUtil.rsaHashMessage(x509Cert.getPublicKeyData(), new Mechanism("SHA1")))).toLowerCase(), publicKey);
                    }
                }
            } catch (Exception e) {
                logger.error("updateTrustCertsMa<<<<<<[trustCert]Failure", e);
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("updateTrustCertsMa<<<<<<[trustCert]Finished, trustCerts=" + trustCerts.size());
        }
    }

    private static final boolean isValid(X509Cert x509Cert) {
        if (logger.isDebugEnabled()) {
            logger.debug("isValid::>>>>>>Running");
        }
        String id = SM3withSM2Encryption.getId();
        String id2 = PKCSObjectIdentifiers.rsaEncryption.getId();
        boolean z = false;
        if (x509Cert != null) {
            z = id.equals(x509Cert.getSignatureAlgorithmOID()) || id2.equals(x509Cert.getPublicKeyAlgorithmOID());
        }
        if (logger.isDebugEnabled()) {
            logger.debug("isValid::<<<<<<Failure,isValid=" + z);
        }
        return z;
    }

    public static final void clearTrustCertsMap() {
        if (logger.isDebugEnabled()) {
            logger.debug("clearTrustCertsMap>>>>>>Running");
        }
        synchronized (trustCerts) {
            trustCerts.clear();
        }
        if (logger.isDebugEnabled()) {
            logger.debug("clearTrustCertsMap<<<<<<Finished,trustCerts=" + trustCerts.size());
        }
    }

    public static final boolean validateCertSign(X509Cert x509Cert) throws PKIException {
        if (logger.isDebugEnabled()) {
            logger.debug("validateCertSign>>>>>>Running");
        }
        boolean z = false;
        if (x509Cert != null) {
            PublicKey publicKey = null;
            try {
                try {
                    String buildAuthorityKeyIDTextFrom = buildAuthorityKeyIDTextFrom(x509Cert);
                    if (buildAuthorityKeyIDTextFrom != null) {
                        publicKey = (PublicKey) trustCerts.get(buildAuthorityKeyIDTextFrom);
                    }
                } catch (Exception e) {
                }
                if (publicKey == null) {
                    publicKey = (PublicKey) trustCerts.get(x509Cert.getIssuer());
                }
                if (publicKey != null) {
                    z = x509Cert.verify(publicKey);
                }
            } catch (PKIException e2) {
                logger.debug("validateCertSign<<<<<<Failure", e2);
                throw e2;
            } catch (Exception e3) {
                logger.debug("validateCertSign<<<<<<Failure", e3);
                throw new PKIException(PKIException.X509_TRUST_VERIFY_SIGNVALUE, PKIException.X509_TRUST_VERIFY_SIGNVALUE_DES, e3);
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("validateCertSign<<<<<<Finished,verifyResult=" + z);
        }
        return z;
    }

    private static final String buildAuthorityKeyIDTextFrom(X509Cert x509Cert) throws PKIException {
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("buildAuthorityKeyIDTextFrom::>>>>>>Running");
            stringBuffer.append("\n cert: ");
            stringBuffer.append(Debugger.dump(x509Cert));
            logger.debug(stringBuffer.toString());
        }
        String str = null;
        try {
            ASN1Object extensionData = x509Cert.getExtensionData(Extension.authorityKeyIdentifier);
            if (extensionData != null) {
                str = buildKeyIDTextFrom(AuthorityKeyIdentifier.getInstance(extensionData).getKeyIdentifier());
            }
        } catch (Exception e) {
            logger.debug("buildAuthorityKeyIDTextFrom::<<<<<<Failure", e);
            str = null;
        }
        if (logger.isDebugEnabled()) {
            logger.debug("buildAuthorityKeyIDTextFrom::<<<<<<Finished,id=" + str);
        }
        return str;
    }

    private static final String buildSubjectKeyIDTextFrom(X509Cert x509Cert) throws PKIException {
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("buildSubjectKeyIDTextFrom::>>>>>>Running");
            stringBuffer.append("\n cert: ");
            stringBuffer.append(Debugger.dump(x509Cert));
            logger.debug(stringBuffer.toString());
        }
        String str = null;
        try {
            ASN1Object extensionData = x509Cert.getExtensionData(Extension.subjectKeyIdentifier);
            if (extensionData != null) {
                str = buildKeyIDTextFrom(SubjectKeyIdentifier.getInstance(extensionData).getKeyIdentifier());
            }
        } catch (Exception e) {
            logger.debug("buildSubjectKeyIDTextFrom::<<<<<<Failure", e);
            str = null;
        }
        if (logger.isDebugEnabled()) {
            logger.debug("buildSubjectKeyIDTextFrom::<<<<<<Finished,id=" + str);
        }
        return str;
    }

    private static final String buildKeyIDTextFrom(byte[] bArr) {
        return new String(Hex.encode(bArr)).toLowerCase();
    }

    public static final boolean verifyCertDate(X509Cert x509Cert) {
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("verifyCertDate>>>>>>Running");
            stringBuffer.append("\n cert: ");
            stringBuffer.append(Debugger.dump(x509Cert));
            logger.debug(stringBuffer.toString());
        }
        try {
            if (x509Cert == null) {
                logger.error("verifyCertDate<<<<<<Failure: Required cert");
                throw new IllegalArgumentException("850423, 校验证书有效期失败: Required cert");
            }
            Date date = new Date();
            Date notBefore = x509Cert.getNotBefore();
            Date notAfter = x509Cert.getNotAfter();
            if (date.before(notBefore)) {
                logger.error("verifyCertDate<<<<<<Finished: Not Yet Valid");
                return false;
            }
            if (date.after(notAfter)) {
                logger.error("verifyCertDate<<<<<<Finished: Expired");
                return false;
            }
            logger.debug("verifyCertDate<<<<<<Finished");
            return true;
        } catch (RuntimeException e) {
            logger.error("verifyCertDate<<<<<<Failure", e);
            throw e;
        }
    }

    public static final boolean verifyCertByCRLOutLine(X509Cert x509Cert, String str) throws PKIException {
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("verifyCertByCRLOutLine>>>>>>Running");
            stringBuffer.append("\n cert: ");
            stringBuffer.append(Debugger.dump(x509Cert));
            logger.debug(stringBuffer.toString());
        }
        if (x509Cert == null) {
            logger.error("verifyCertByCRLOutLine<<<<<<Failure: Required cert");
            throw new PKIException(PKIException.X509_TRUST_VERIFY_BY_CRL_OFFLINE, "校验证书是否吊销（离线CRL）失败: Required cert");
        }
        if (str == null) {
            logger.error("verifyCertByCRLOutLine<<<<<<Failure: Required crlPath");
            throw new PKIException(PKIException.X509_TRUST_VERIFY_BY_CRL_OFFLINE, "校验证书是否吊销（离线CRL）失败: Required crlPath");
        }
        try {
            boolean z = !X509CertHelper.crlFrom(str).isRevoke(x509Cert.getSerialNumber());
            if (logger.isDebugEnabled()) {
                logger.debug("verifyCertByCRLOutLine<<<<<<Finished,passed=" + z);
            }
            return z;
        } catch (PKIException e) {
            logger.error("verifyCertByCRLOutLine<<<<<<Failure", e);
            throw e;
        } catch (Error e2) {
            logger.error("verifyCertByCRLOutLine<<<<<<Failure", e2);
            throw new PKIException("verifyCertByCRLOutLine Failure", e2);
        } catch (Exception e3) {
            logger.error("verifyCertByCRLOutLine<<<<<<Failure", e3);
            throw new PKIException("verifyCertByCRLOutLine Failure", e3);
        }
    }

    public static final String getCRLPointName(X509Cert x509Cert) throws PKIException {
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("getCRLPointName>>>>>>Running");
            stringBuffer.append("\n cert: ");
            stringBuffer.append(Debugger.dump(x509Cert));
            logger.debug(stringBuffer.toString());
        }
        try {
            if (x509Cert == null) {
                logger.error("getCRLPointName<<<<<<Failure: Required cert");
                throw new PKIException(PKIException.X509_TRUST_VERIFY_BY_CRL_ONLINE, "校验证书是否吊销（在线CRL）失败: Required cert");
            }
            List urlsFromCRLPointName = getUrlsFromCRLPointName(x509Cert);
            if (urlsFromCRLPointName == null || urlsFromCRLPointName.size() == 0) {
                throw new PKIException(PKIException.X509_TRUST_VERIFY_BY_CRL_ONLINE_MISSGING_LDAPURL, PKIException.X509_TRUST_VERIFY_BY_CRL_ONLINE_MISSGING_LDAPURL_DES);
            }
            String str = null;
            int size = urlsFromCRLPointName.size();
            for (int i = 0; i < size; i++) {
                String str2 = (String) urlsFromCRLPointName.get(i);
                if (str2 != null && str2.startsWith("ldap://")) {
                    str = str2;
                }
            }
            if (str == null) {
                throw new PKIException(PKIException.X509_TRUST_VERIFY_BY_CRL_ONLINE_MISSGING_LDAPURL, PKIException.X509_TRUST_VERIFY_BY_CRL_ONLINE_MISSGING_LDAPURL_DES);
            }
            if (logger.isDebugEnabled()) {
                logger.debug("getCRLPointName<<<<<<Finished,url=" + str);
            }
            return str;
        } catch (PKIException e) {
            logger.error("getCRLPointName<<<<<<Failure", e);
            throw e;
        } catch (Exception e2) {
            logger.error("getCRLPointName<<<<<<Failure", e2);
            throw new PKIException("getCRLPointName Failure", e2);
        }
    }

    public static final List getUrlsFromCRLPointName(X509Cert x509Cert) throws PKIException {
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("getUrlsFromCRLPointName>>>>>>Running");
            stringBuffer.append("\n cert: ");
            stringBuffer.append(Debugger.dump(x509Cert));
            logger.debug(stringBuffer.toString());
        }
        try {
            ArrayList arrayList = new ArrayList();
            if (x509Cert == null) {
                logger.warn("getUrlsFromCRLPointName<<<<<<ReturnNULL with no cert");
                return arrayList;
            }
            CRLDistPoint cRLDistributionPoints = x509Cert.getCRLDistributionPoints();
            if (cRLDistributionPoints == null) {
                logger.warn("getUrlsFromCRLPointName<<<<<<ReturnNULL: none CRLDistPoint extends");
                return arrayList;
            }
            DistributionPoint[] distributionPoints = cRLDistributionPoints.getDistributionPoints();
            if (distributionPoints == null || distributionPoints.length == 0) {
                logger.warn("getUrlsFromCRLPointName<<<<<<ReturnNULL: none CRLDistPoint values");
                return arrayList;
            }
            for (int i = 0; i < distributionPoints.length; i++) {
                if (distributionPoints[i] != null) {
                    DistributionPointName distributionPoint = distributionPoints[i].getDistributionPoint();
                    if (distributionPoint.getType() == 0) {
                        try {
                            GeneralName[] names = GeneralNames.getInstance(distributionPoint.getName()).getNames();
                            if (names != null && names.length != 0) {
                                for (int i2 = 0; i2 < names.length; i2++) {
                                    if (names[i2] != null && names[i2].getTagNo() == 6) {
                                        try {
                                            String string = DERIA5String.getInstance(names[i2].getName()).getString();
                                            if (string.startsWith("http://") || string.startsWith("ldap://")) {
                                                arrayList.add(string);
                                            }
                                        } catch (Exception e) {
                                        }
                                    }
                                }
                            }
                        } catch (Exception e2) {
                        }
                    }
                }
            }
            if (logger.isDebugEnabled()) {
                StringBuffer stringBuffer2 = new StringBuffer();
                stringBuffer2.append("getUrlsFromCRLPointName<<<<<<Finished");
                stringBuffer2.append("\n utls: ");
                int size = arrayList.size();
                for (int i3 = 0; i3 < size; i3++) {
                    stringBuffer2.append("\n url: " + arrayList.get(i3));
                }
                logger.debug(stringBuffer2.toString());
            }
            return arrayList;
        } catch (PKIException e3) {
            logger.error("getUrlsFromCRLPointName<<<<<<Failure", e3);
            throw e3;
        } catch (Exception e4) {
            logger.error("getUrlsFromCRLPointName<<<<<<Failure", e4);
            throw new PKIException("getUrlsFromCRLPointName Failure", e4);
        }
    }

    public static boolean verifyCertByLDAP(X509Cert x509Cert) throws PKIException {
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("verifyCertByLDAP>>>>>>Running");
            stringBuffer.append("\n cert: ");
            stringBuffer.append(Debugger.dump(x509Cert));
            logger.debug(stringBuffer.toString());
        }
        try {
            if (x509Cert == null) {
                logger.error("verifyCertByLDAP<<<<<<Failure: Required cert");
                throw new PKIException(PKIException.X509_TRUST_VERIFY_BY_CRL_ONLINE, "校验证书是否吊销（在线CRL）失败: Required cert");
            }
            String cRLPointName = getCRLPointName(x509Cert);
            if (cRLPointName == null) {
                logger.error("verifyCertByLDAP<<<<<<Failure: none CRLPointName");
                throw new PKIException(PKIException.X509_TRUST_VERIFY_BY_CRL_ONLINE_MISSGING_LDAPURL, PKIException.X509_TRUST_VERIFY_BY_CRL_ONLINE_MISSGING_LDAPURL_DES);
            }
            if (!cRLPointName.startsWith("ldap://")) {
                logger.error("verifyCertByLDAP<<<<<<Failure: not start withldap://");
                throw new PKIException(PKIException.X509_TRUST_VERIFY_BY_CRL_ONLINE_INVALID_LDAPURL, PKIException.X509_TRUST_VERIFY_BY_CRL_ONLINE_INVALID_LDAPURL_DES);
            }
            int indexOf = cRLPointName.indexOf(63);
            String substring = indexOf < 0 ? cRLPointName : cRLPointName.substring(0, indexOf);
            String str = null;
            try {
                LdapURL ldapURL = new LdapURL(substring);
                String host = ldapURL.getHost();
                int port = ldapURL.getPort();
                String dn = ldapURL.getDN();
                RDN[] rDNs = new X500Name(dn).getRDNs();
                for (int i = 0; i < rDNs.length; i++) {
                    if (rDNs[i] != null && rDNs[i].getFirst().getType().equals(CFCAStyle.CN)) {
                        str = rDNs[i].getFirst().getValue().toString();
                    }
                }
                if (str == null) {
                    logger.error("verifyCertByLDAP<<<<<<Failure: none cn");
                    throw new PKIException(PKIException.X509_TRUST_VERIFY_BY_CRL_ONLINE_INVALID_LDAPURL, "校验证书是否吊销（在线CRL）失败: 无效的CRL颁发点（LDAP）: missing cn on " + substring);
                }
                try {
                    X509CRL downloadCRLFileFromLDAP = downloadCRLFileFromLDAP(host, port, dn, str);
                    if (downloadCRLFileFromLDAP == null) {
                        logger.error("verifyCertByLDAP<<<<<<Failure: : donwload failure with " + substring);
                        throw new PKIException(PKIException.X509_TRUST_VERIFY_BY_CRL_ONLINE_INVALID_LDAPURL, "校验证书是否吊销（在线CRL）失败: 无效的CRL颁发点（LDAP）: donwload failure with " + substring);
                    }
                    boolean z = !downloadCRLFileFromLDAP.isRevoke(x509Cert.getSerialNumber());
                    if (logger.isDebugEnabled()) {
                        logger.debug("verifyCertByLDAP<<<<<<Finished,passed=" + z);
                    }
                    return z;
                } catch (Exception e) {
                    logger.error("verifyCertByLDAP<<<<<<Failure:  downloadCRLFileFromLDAP", e);
                    throw new PKIException(PKIException.X509_TRUST_VERIFY_BY_CRL_ONLINE_INVALID_LDAPURL, "校验证书是否吊销（在线CRL）失败: 无效的CRL颁发点（LDAP）: " + substring);
                }
            } catch (Exception e2) {
                logger.error("verifyCertByLDAP<<<<<<Failure: parse url failure");
                throw new PKIException(PKIException.X509_TRUST_VERIFY_BY_CRL_ONLINE_INVALID_LDAPURL, "校验证书是否吊销（在线CRL）失败: 无效的CRL颁发点（LDAP）: " + substring, e2);
            }
        } catch (PKIException e3) {
            throw e3;
        } catch (Error e4) {
            logger.error("verifyCertByLDAP<<<<<<Failure", e4);
            throw new PKIException("verifyCertByLDAP Failure", e4);
        } catch (RuntimeException e5) {
            logger.error("verifyCertByLDAP<<<<<<Failure", e5);
            throw new PKIException("verifyCertByLDAP Failure", e5);
        } catch (Exception e6) {
            logger.error("verifyCertByLDAP<<<<<<Failure", e6);
            throw new PKIException("verifyCertByLDAP Failure", e6);
        }
    }

    private static final X509CRL downloadCRLFileFromLDAP(String str, int i, String str2, String str3) throws Exception {
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("downloadCRLFileFromLDAP::>>>>>>Running");
            stringBuffer.append("\n ip: ");
            stringBuffer.append(Debugger.dump(str));
            stringBuffer.append("\n port: " + i);
            stringBuffer.append("\n dn: ");
            stringBuffer.append(Debugger.dump(str2));
            stringBuffer.append("\n cn: ");
            stringBuffer.append(Debugger.dump(str3));
            logger.debug(stringBuffer.toString());
        }
        String str4 = "ldap://" + str + ":" + i;
        if (logger.isDebugEnabled()) {
            logger.debug("downloadCRLFileFromLDAP::::::::url=" + str4);
        }
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", str4);
        hashtable.put("java.naming.ldap.attributes.binary", "certificateRevocationList");
        X509CRL x509crl = null;
        DirContext dirContext = null;
        try {
            try {
                dirContext = new InitialDirContext(hashtable);
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                NamingEnumeration search = dirContext.search(str2, "(&(objectclass=cRLDistributionPoint)(cn=" + str3 + "))", new String[]{"certificateRevocationList;binary"}, searchControls);
                if (search != null && search.hasMore()) {
                    while (search.hasMore()) {
                        x509crl = new X509CRL((byte[]) ((SearchResult) search.next()).getAttributes().get("certificateRevocationList;binary").get(0));
                    }
                }
                dirContext.close();
                if (dirContext != null) {
                    try {
                        dirContext.close();
                    } catch (Exception e) {
                    }
                }
                return x509crl;
            } catch (Exception e2) {
                throw e2;
            }
        } catch (Throwable th) {
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (Exception e3) {
                }
            }
            throw th;
        }
    }

    static {
        Debugger.setDebugger();
        logger = LoggerFactory.getLogger(X509CertValidator.class);
        SM3withSM2Encryption = X9ObjectIdentifiers.sm3_with_SM2;
        trustCerts = new HashMap();
    }
}
