package koal.usap.client.pep.ldap.impl;

import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPSearchException;
import com.unboundid.ldap.sdk.LDAPURL;
import com.unboundid.ldap.sdk.SearchRequest;
import com.unboundid.ldap.sdk.SearchResultEntry;
import com.unboundid.ldap.sdk.SearchScope;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import koal.security.utils.Base64;
import koal.usap.client.pep.ldap.LdapOper;
import koal.usap.client.pep.util.TimeUtil;

/* loaded from: input_file:koal/usap/client/pep/ldap/impl/JitPkiLdapOper.class */
public class JitPkiLdapOper extends LdapOper implements IPkiLdapOper {
    public JitPkiLdapOper(String str) {
        super(str);
    }

    public String getCertBase64(List<SearchResultEntry> list) {
        if (list == null) {
            return null;
        }
        for (SearchResultEntry searchResultEntry : list) {
            if ("5".equalsIgnoreCase(searchResultEntry.getAttribute("jituserstatus").getValue().trim())) {
                return new String(Base64.encode(searchResultEntry.getAttribute("caCertificate;binary").getValueByteArray()));
            }
        }
        return null;
    }

    @Override // koal.usap.client.pep.ldap.impl.IPkiLdapOper
    public String searchRootCert(String str, String str2) throws Exception {
        LDAPConnection lDAPConnection = null;
        try {
            try {
                lDAPConnection = getConnection();
                String certBase64 = getCertBase64(search(lDAPConnection, str, str2, "cn", "caCertificate;binary", "jituserstatus"));
                releaseConn(lDAPConnection);
                return certBase64;
            } catch (Exception e) {
                throw new Exception("查询LDAP失败：", e);
            }
        } catch (Throwable th) {
            releaseConn(lDAPConnection);
            throw th;
        }
    }

    @Override // koal.usap.client.pep.ldap.impl.IPkiLdapOper
    public String searchCaCert(String str, String str2) throws Exception {
        return searchRootCert(str, str2);
    }

    @Override // koal.usap.client.pep.ldap.impl.IPkiLdapOper
    public String searchCaRefCert(String str, String str2) throws Exception {
        LDAPConnection lDAPConnection = null;
        List<SearchResultEntry> list = null;
        SearchRequest searchRequest = null;
        try {
            try {
                lDAPConnection = getConnection();
                String[] strArr = {"cn", "caCertificate;binary", "jituserstatus"};
                searchRequest = new SearchRequest(str, SearchScope.SUB, str2, strArr);
                list = search(lDAPConnection, str, str2, strArr);
            } catch (Exception e) {
                if (!(e instanceof LDAPSearchException)) {
                    throw new Exception("查询LDAP失败：", e);
                }
                LDAPSearchException lDAPSearchException = e;
                if (lDAPSearchException.getResultCode().intValue() != 10) {
                    throw new Exception("查询LDAP失败：", lDAPSearchException);
                }
                LDAPConnection lDAPConnection2 = null;
                try {
                    try {
                        lDAPConnection2 = lDAPConnection.getReferralConnection(new LDAPURL(lDAPSearchException.getReferralURLs()[0]), lDAPConnection);
                        list = lDAPConnection2.search(searchRequest).getSearchEntries();
                        if (lDAPConnection2 != null) {
                            lDAPConnection2.close();
                        }
                    } catch (Exception e2) {
                        if (!(e2 instanceof LDAPSearchException)) {
                            throw new Exception("查询LDAP失败：", e2);
                        }
                        LDAPSearchException lDAPSearchException2 = e2;
                        if (lDAPSearchException2.getResultCode().intValue() == 10) {
                            LDAPURL ldapurl = new LDAPURL(lDAPSearchException2.getReferralURLs()[0]);
                            LDAPConnection lDAPConnection3 = null;
                            try {
                                try {
                                    LDAPConnection referralConnection = lDAPConnection.getReferralConnection(ldapurl, lDAPConnection2);
                                    list = referralConnection.search(searchRequest).getSearchEntries();
                                    if (referralConnection != null) {
                                        referralConnection.close();
                                    }
                                } catch (Throwable th) {
                                    if (0 != 0) {
                                        lDAPConnection3.close();
                                    }
                                    throw th;
                                }
                            } catch (Exception e3) {
                                throw new Exception("查询LDAP失败：", e3);
                            }
                        }
                        if (lDAPConnection2 != null) {
                            lDAPConnection2.close();
                        }
                    }
                } catch (Throwable th2) {
                    if (0 != 0) {
                        lDAPConnection2.close();
                    }
                    throw th2;
                }
            }
            if (list == null) {
                releaseConn(lDAPConnection);
                return null;
            }
            String certBase64 = getCertBase64(list);
            releaseConn(lDAPConnection);
            return certBase64;
        } catch (Throwable th3) {
            releaseConn(lDAPConnection);
            throw th3;
        }
    }

    @Override // koal.usap.client.pep.ldap.impl.IPkiLdapOper
    public Map<String, String> searchCrl(String str, String str2) throws Exception {
        LDAPConnection lDAPConnection = null;
        new HashMap();
        try {
            try {
                lDAPConnection = getConnection();
                List<SearchResultEntry> search = search(lDAPConnection, str, str2, "cn", "certificateRevocationList;binary");
                if (search == null) {
                    releaseConn(lDAPConnection);
                    return null;
                }
                Map<String, String> crlToMap = getCrlToMap(search);
                releaseConn(lDAPConnection);
                return crlToMap;
            } catch (Exception e) {
                throw new Exception("查询LDAP失败：", e);
            }
        } catch (Throwable th) {
            releaseConn(lDAPConnection);
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    @Override // koal.usap.client.pep.ldap.impl.IPkiLdapOper
    public Map<String, String> searchRefCrl(String str, String str2) throws Exception {
        Map<String, String> crlToMap;
        LDAPConnection lDAPConnection = null;
        new HashMap();
        SearchRequest searchRequest = new SearchRequest(str, SearchScope.SUB, str2, new String[]{"cn", "certificateRevocationList;binary"});
        try {
            try {
                lDAPConnection = getConnection();
                crlToMap = getCrlToMap(lDAPConnection.search(searchRequest).getSearchEntries());
                releaseConn(lDAPConnection);
            } catch (Exception e) {
                if (!(e instanceof LDAPSearchException)) {
                    throw new Exception("查询LDAP失败：" + e.getMessage(), e);
                }
                LDAPSearchException lDAPSearchException = e;
                if (lDAPSearchException.getResultCode().intValue() != 10) {
                    throw new Exception("查询LDAP失败：", lDAPSearchException);
                }
                LDAPURL ldapurl = new LDAPURL(lDAPSearchException.getReferralURLs()[0]);
                LDAPConnection lDAPConnection2 = null;
                try {
                    try {
                        LDAPConnection referralConnection = lDAPConnection.getReferralConnection(ldapurl, lDAPConnection);
                        ArrayList arrayList = new ArrayList();
                        try {
                            try {
                                searchPageByDate(arrayList, referralConnection, searchRequest, str2, null, null);
                                if (referralConnection != null) {
                                    referralConnection.close();
                                }
                            } catch (Exception e2) {
                                if (!(e2 instanceof LDAPSearchException)) {
                                    throw new Exception("查询LDAP失败：" + e2.getMessage(), e2);
                                }
                                LDAPSearchException lDAPSearchException2 = e2;
                                if (lDAPSearchException2.getResultCode().intValue() != 10) {
                                    throw new Exception("查询LDAP失败：" + e2.getMessage(), e2);
                                }
                                LDAPURL ldapurl2 = new LDAPURL(lDAPSearchException2.getReferralURLs()[0]);
                                LDAPConnection lDAPConnection3 = null;
                                try {
                                    try {
                                        LDAPConnection referralConnection2 = referralConnection.getReferralConnection(ldapurl2, referralConnection);
                                        searchPageByDate(arrayList, referralConnection2, searchRequest, str2, null, null);
                                        if (referralConnection2 != null) {
                                            referralConnection2.close();
                                        }
                                        if (referralConnection != null) {
                                            referralConnection.close();
                                        }
                                    } catch (Throwable th) {
                                        if (0 != 0) {
                                            lDAPConnection3.close();
                                        }
                                        throw th;
                                    }
                                } catch (Exception e3) {
                                    throw new Exception("查询LDAP失败：" + e3.getMessage(), e3);
                                }
                            }
                            crlToMap = getCrlToMap(arrayList);
                            if (referralConnection != null) {
                                referralConnection.close();
                            }
                            releaseConn(lDAPConnection);
                        } catch (Throwable th2) {
                            if (referralConnection != null) {
                                referralConnection.close();
                            }
                            throw th2;
                        }
                    } catch (Throwable th3) {
                        if (0 != 0) {
                            lDAPConnection2.close();
                        }
                        throw th3;
                    }
                } catch (Exception e4) {
                    throw new Exception("查询LDAP失败：" + e4.getMessage(), e4);
                }
            }
            return crlToMap;
        } catch (Throwable th4) {
            releaseConn(lDAPConnection);
            throw th4;
        }
    }

    public void searchPageByDate(List<SearchResultEntry> list, LDAPConnection lDAPConnection, SearchRequest searchRequest, String str, Date date, Date date2) throws Exception {
        if (list == null) {
            list = new ArrayList();
        }
        if (date == null) {
            date = TimeUtil.MinDate;
        }
        if (date2 == null) {
            date2 = TimeUtil.MaxDate;
        }
        searchRequest.setFilter("(&" + str + TimeUtil.createFilterByModifyTime(date, date2) + ")");
        try {
            List searchEntries = lDAPConnection.search(searchRequest).getSearchEntries();
            if (searchEntries != null && searchEntries.size() > 0) {
                list.addAll(searchEntries);
            }
        } catch (LDAPSearchException e) {
            if (e.toString().indexOf("size limit exceeded") <= -1) {
                throw e;
            }
            Date midData = TimeUtil.getMidData(date, date2);
            searchPageByDate(list, lDAPConnection, searchRequest, str, date, midData);
            searchPageByDate(list, lDAPConnection, searchRequest, str, midData, date2);
        }
    }

    private Map<String, String> getCrlToMap(List<SearchResultEntry> list) {
        HashMap hashMap = new HashMap();
        for (SearchResultEntry searchResultEntry : list) {
            hashMap.put(searchResultEntry.getAttribute("cn").getValue(), new String(Base64.encode(searchResultEntry.getAttribute("certificateRevocationList;binary").getValueByteArray())));
        }
        return hashMap;
    }

    @Override // koal.usap.client.pep.ldap.impl.IPkiLdapOper
    public List<String> searchRefSts(String str, String str2) throws Exception {
        ArrayList arrayList = new ArrayList();
        String[] strArr = {"st"};
        LDAPConnection lDAPConnection = null;
        try {
            lDAPConnection = getConnection();
            List<SearchResultEntry> search = search(lDAPConnection, str, SearchScope.SUB, str2, strArr);
            if (search != null) {
                Iterator<SearchResultEntry> it = search.iterator();
                while (it.hasNext()) {
                    arrayList.add(it.next().getAttribute("st").getValue());
                }
            }
            releaseConn(lDAPConnection);
            return arrayList;
        } catch (Throwable th) {
            releaseConn(lDAPConnection);
            throw th;
        }
    }
}
