package com.iplanet.portalserver.auth.module.cert;

import com.iplanet.portalserver.auth.server.Login;
import com.iplanet.portalserver.auth.server.LoginException;
import com.iplanet.portalserver.gateway.server.ReverseProxyConfigConstants;
import com.iplanet.portalserver.profile.Profile;
import com.iplanet.portalserver.util.Debug;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.BitSet;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Locale;
import java.util.ResourceBundle;
import java.util.StringTokenizer;
import javax.mail.internet.MimeUtility;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:116905-01/SUNWwtsdd/reloc/SUNWips/lib/ips_services.jar:com/iplanet/portalserver/auth/module/cert/Cert.class */
public class Cert extends Login {
    private static Locale locale = null;
    private static ResourceBundle bundle = null;
    private static Debug debug = null;
    private String userTokenId = null;
    private X509Certificate thecert = null;
    private String iwtAuthCert_ldapFactory;
    private String iwtAuthCert_ldapProviderUrl;
    private String iwtAuthCert_startSearchLoc;
    private String iwtAuthCert_securityType;
    private String iwtAuthCert_principleUser;
    private String iwtAuthCert_principlePasswd;
    private String iwtAuthCert_useSSL;
    private String iwtAuthCert_userProfileMapper;
    private String iwtAuthCert_chkCRL;
    private String iwtAuthCert_chkCertInLDAP;
    private String iwtAuthCert_ldapProfileID;
    private String iwtAuthCert_emailAddr;
    private String iwtAuthCert_emailAddrTag;
    private String ldapProfileID;
    private static final String sccsID = "@(#)Cert.java\t1.6 99/03/24 Sun Microsystems, Inc.";

    String getAttr(Profile profile, String str) throws LoginException {
        try {
            Enumeration attribute = profile.getAttribute(str);
            return (attribute == null || !attribute.hasMoreElements()) ? "" : (String) attribute.nextElement();
        } catch (Exception e) {
            debug.message(new StringBuffer("Cert: ").append(e).toString());
            throw new LoginException("");
        }
    }

    private X509Certificate getRegisteredCertificate(DirContext dirContext, X509Certificate x509Certificate) throws LoginException {
        debug.message("Certificate - before SearchControls ");
        SearchControls searchControls = new SearchControls();
        debug.message("Certificate - setSearchScope");
        searchControls.setSearchScope(2);
        debug.message("Certificate - exit setSearchScope");
        String name = x509Certificate.getSubjectDN().getName();
        debug.message(new StringBuffer("Certificate - dn: ").append(name).toString());
        if (name.indexOf("CN") < 0) {
            debug.message("X509Certificate getRegisteredCertificate - no CN in certificate");
            return null;
        }
        String substring = name.substring(name.indexOf("CN"));
        debug.message(new StringBuffer("Certificate - dn substring: ").append(substring).toString());
        StringTokenizer stringTokenizer = new StringTokenizer(substring, "=");
        stringTokenizer.nextToken();
        String nextToken = stringTokenizer.nextToken();
        debug.message(new StringBuffer("Certificate - cn: ").append(nextToken).toString());
        int indexOf = nextToken.indexOf(ReverseProxyConfigConstants.CONNECTIONMANAGERDELIMITER);
        if (indexOf != -1) {
            nextToken = nextToken.substring(0, indexOf);
        }
        debug.message(new StringBuffer("Certificate - cn substring: ").append(nextToken).toString());
        try {
            debug.message("Certificate - ctx.search");
            NamingEnumeration search = dirContext.search(this.iwtAuthCert_startSearchLoc, new StringBuffer("(cn=").append(nextToken).append(")").toString(), searchControls);
            debug.message("Certificate - CertificateFactory.getInstance");
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            debug.message("Certificate - exit CertificateFactory.getInstance");
            while (search != null && search.hasMore()) {
                SearchResult searchResult = (SearchResult) search.next();
                debug.message("Certificate - si.getAttributes");
                Attributes attributes = searchResult.getAttributes();
                debug.message("Certificate - attrs.get");
                Attribute attribute = attributes.get("usercertificate");
                if (attribute == null) {
                    debug.message(new StringBuffer("Certificate - get usercertificate is null").append(nextToken).toString());
                    attribute = attributes.get("usercertificate;binary");
                    if (attribute == null) {
                        debug.message("Certificate - get usercertificate;binary is null ");
                    }
                }
                debug.message("Certificate - found some certificate in LDAP");
                NamingEnumeration all = attribute.getAll();
                while (all.hasMoreElements()) {
                    debug.message("Certificate - allcert has more element.");
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream((byte[]) all.nextElement());
                    debug.message("Certificate - before generateCertificate");
                    X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                    debug.message("Certificate - after generateCertificate ");
                    if (x509Certificate.equals(x509Certificate2)) {
                        Attribute attribute2 = attributes.get(this.iwtAuthCert_ldapProfileID);
                        if (attribute2 != null) {
                            this.ldapProfileID = (String) attribute2.get();
                        }
                        debug.message("Certificate - found match in LDAP");
                        return x509Certificate2;
                    }
                }
            }
            debug.message("Certificate - did not find matching cert in LDAP");
            return null;
        } catch (Exception e) {
            debug.message(new StringBuffer("Certificate - Error finding registered certificate = ").append(e).toString());
            throw new LoginException(bundle.getString("CertNoReg"));
        }
    }

    private void getTokenFromCert(X509Certificate x509Certificate) throws LoginException {
        try {
            debug.message(new StringBuffer("getTokenFromCert: imapper=").append(this.iwtAuthCert_userProfileMapper).toString());
            if (this.iwtAuthCert_ldapProfileID != null) {
                if (this.ldapProfileID != null) {
                    this.userTokenId = this.ldapProfileID;
                    return;
                }
                debug.message("getTokenFromCert: ldapProfileID is null");
            }
            if (this.iwtAuthCert_userProfileMapper.equals("issuer DN")) {
                this.userTokenId = x509Certificate.getIssuerDN().getName();
                debug.message(new StringBuffer("getTokenFromCert: issuer DN:").append(this.userTokenId).toString());
            }
            if (this.iwtAuthCert_userProfileMapper.equals("issuer O")) {
                String name = x509Certificate.getIssuerDN().getName();
                String substring = name.substring(name.indexOf("O="));
                debug.message(new StringBuffer("XXXX dn: ").append(substring).toString());
                StringTokenizer stringTokenizer = new StringTokenizer(substring, "=");
                debug.message(new StringBuffer("YYYY ostr: ").append(stringTokenizer.nextToken()).toString());
                String nextToken = stringTokenizer.nextToken();
                debug.message(new StringBuffer("AAAA  ostr: ").append(nextToken).toString());
                if (nextToken.charAt(0) == '\"') {
                    this.userTokenId = nextToken;
                } else {
                    StringTokenizer stringTokenizer2 = new StringTokenizer(nextToken, ReverseProxyConfigConstants.CONNECTIONMANAGERDELIMITER);
                    debug.message(new StringBuffer("FFFF  ostr: ").append(nextToken).toString());
                    this.userTokenId = stringTokenizer2.nextToken();
                }
                debug.message(new StringBuffer("getTokenFromCert: issue org name").append(this.userTokenId).toString());
            }
            if (this.iwtAuthCert_userProfileMapper.equals("issuer CN")) {
                String name2 = x509Certificate.getIssuerDN().getName();
                if (name2.indexOf("CN") < 0) {
                    debug.message("getTokenFromCert: issuer CN: Certificate has no CN");
                    throw new LoginException("Invalid Certificate: no issuer CN!");
                }
                StringTokenizer stringTokenizer3 = new StringTokenizer(name2.substring(name2.indexOf("CN")), "=");
                stringTokenizer3.nextToken();
                String nextToken2 = stringTokenizer3.nextToken();
                int indexOf = nextToken2.indexOf(ReverseProxyConfigConstants.CONNECTIONMANAGERDELIMITER);
                if (indexOf != -1) {
                    this.userTokenId = nextToken2.substring(0, indexOf);
                } else {
                    this.userTokenId = nextToken2;
                }
                debug.message(new StringBuffer("getTokenFromCert: issuer CN").append(this.userTokenId).toString());
            }
            if (this.iwtAuthCert_userProfileMapper.equals("serial number")) {
                this.userTokenId = String.valueOf(x509Certificate.getSerialNumber());
                debug.message(new StringBuffer("getTokenFromCert: serial number:").append(this.userTokenId).toString());
            }
            if (this.iwtAuthCert_userProfileMapper.equals("signature")) {
                this.userTokenId = String.valueOf(x509Certificate.getSignature());
                debug.message(new StringBuffer("getTokenFromCert: signature").append(this.userTokenId).toString());
            }
            if (this.iwtAuthCert_userProfileMapper.equals("subject DN")) {
                this.userTokenId = x509Certificate.getSubjectDN().getName();
                debug.message(new StringBuffer("getTokenFromCert: subject DN").append(this.userTokenId).toString());
            }
            if (this.iwtAuthCert_userProfileMapper.equals("subject CN")) {
                String name3 = x509Certificate.getSubjectDN().getName();
                if (name3.indexOf("CN") < 0) {
                    debug.message("getTokenFromCert: subject CN:  Certificate has NO CN");
                    throw new LoginException("Invalid Certificate: no subject CN!");
                }
                StringTokenizer stringTokenizer4 = new StringTokenizer(name3.substring(name3.indexOf("CN")), "=");
                stringTokenizer4.nextToken();
                String nextToken3 = stringTokenizer4.nextToken();
                int indexOf2 = nextToken3.indexOf(ReverseProxyConfigConstants.CONNECTIONMANAGERDELIMITER);
                if (indexOf2 != -1) {
                    this.userTokenId = nextToken3.substring(0, indexOf2);
                } else {
                    this.userTokenId = nextToken3;
                }
                debug.message(new StringBuffer("getTokenFromCert: subject CN -- userTokenId == ").append(this.userTokenId).toString());
            }
            if (this.iwtAuthCert_userProfileMapper.equals(this.iwtAuthCert_emailAddrTag)) {
                String name4 = x509Certificate.getSubjectDN().getName();
                StringTokenizer stringTokenizer5 = new StringTokenizer(name4.substring(name4.indexOf(this.iwtAuthCert_emailAddr)), "=");
                stringTokenizer5.nextToken();
                String nextToken4 = stringTokenizer5.nextToken();
                int indexOf3 = nextToken4.indexOf(ReverseProxyConfigConstants.CONNECTIONMANAGERDELIMITER);
                if (indexOf3 != -1) {
                    this.userTokenId = nextToken4.substring(0, indexOf3);
                }
                debug.message(new StringBuffer("getTokenFromCert: emailaddr").append(this.userTokenId).toString());
            }
            if (this.iwtAuthCert_userProfileMapper.equals("subject O")) {
                String name5 = x509Certificate.getSubjectDN().getName();
                String substring2 = name5.substring(name5.indexOf("O="));
                debug.message(new StringBuffer("XXXX dn: ").append(substring2).toString());
                StringTokenizer stringTokenizer6 = new StringTokenizer(substring2, "=");
                debug.message(new StringBuffer("YYYY ostr: ").append(stringTokenizer6.nextToken()).toString());
                String nextToken5 = stringTokenizer6.nextToken();
                debug.message(new StringBuffer("AAAA  ostr: ").append(nextToken5).toString());
                if (nextToken5.charAt(0) == '\"') {
                    this.userTokenId = nextToken5;
                } else {
                    StringTokenizer stringTokenizer7 = new StringTokenizer(nextToken5, ReverseProxyConfigConstants.CONNECTIONMANAGERDELIMITER);
                    debug.message(new StringBuffer("FFFF  ostr: ").append(nextToken5).toString());
                    this.userTokenId = stringTokenizer7.nextToken();
                }
                debug.message(new StringBuffer("getTokenFromCert: subject org name").append(this.userTokenId).toString());
            }
            if (this.iwtAuthCert_userProfileMapper.equals("DER Certificate")) {
                this.userTokenId = String.valueOf(x509Certificate.getTBSCertificate());
                debug.message(new StringBuffer("getTokenFromCert: DER Certificate").append(this.userTokenId).toString());
            }
            if (this.iwtAuthCert_userProfileMapper.equals("issuerUniqueID")) {
                boolean[] issuerUniqueID = x509Certificate.getIssuerUniqueID();
                BitSet bitSet = new BitSet(issuerUniqueID.length);
                for (int i = 0; i < issuerUniqueID.length; i++) {
                    if (issuerUniqueID[i]) {
                        bitSet.set(i);
                    }
                }
                this.userTokenId = "";
            }
            if (this.iwtAuthCert_userProfileMapper.equals("getSubjectUniqueID")) {
                this.userTokenId = "";
            }
        } catch (Exception e) {
            debug.message(new StringBuffer("Certificate - Error in getTokenFromCert = ").append(e).toString());
            throw new LoginException(bundle.getString("CertNoReg"));
        }
    }

    @Override // com.iplanet.portalserver.auth.server.Login, com.iplanet.portalserver.auth.server.Authenticator
    public String getUserTokenId() {
        debug.message(new StringBuffer("in Certificate. getUserTokenId=").append(this.userTokenId).toString());
        return this.userTokenId;
    }

    @Override // com.iplanet.portalserver.auth.server.Login, com.iplanet.portalserver.auth.server.Authenticator
    public void init() throws LoginException {
        if (debug == null) {
            debug = new Debug("iwtAuthCert");
            debug.setDebug();
        }
        debug.message("Cert auth init()");
    }

    public void initialize() throws LoginException {
        try {
            if (bundle == null) {
                debug.message("Certificate getting resource bundle");
                bundle = com.iplanet.portalserver.util.Locale.getResourceBundle("iwtAuthCert", getLocale());
                debug.message("Certificate getting resource bundle completed");
            }
            Profile domainProfile = getDomainProfile(null);
            debug.message("Certificate: getting attributes.");
            this.iwtAuthCert_ldapFactory = domainProfile.getAttributeString("iwtAuthCert-ldapFactory");
            this.iwtAuthCert_ldapProviderUrl = domainProfile.getAttributeString("iwtAuthCert-ldapProviderUrl");
            this.iwtAuthCert_startSearchLoc = domainProfile.getAttributeString("iwtAuthCert-startSearchLoc");
            this.iwtAuthCert_securityType = domainProfile.getAttributeString("iwtAuthCert-securityType");
            this.iwtAuthCert_principleUser = domainProfile.getAttributeString("iwtAuthCert-principleUser");
            this.iwtAuthCert_principlePasswd = domainProfile.getAttributeString("iwtAuthCert-principlePasswd");
            this.iwtAuthCert_useSSL = domainProfile.getAttributeString("iwtAuthCert-useSSL");
            this.iwtAuthCert_userProfileMapper = domainProfile.getAttributeString("iwtAuthCert-userProfileMapper");
            this.iwtAuthCert_chkCRL = domainProfile.getAttributeString("iwtAuthCert-chkCRL");
            this.iwtAuthCert_chkCertInLDAP = domainProfile.getAttributeString("iwtAuthCert-chkCertInLDAP");
            this.iwtAuthCert_ldapProfileID = domainProfile.getAttributeString("iwtAuthCert-ldapProfileID");
            this.iwtAuthCert_emailAddr = bundle.getString("emailAddr");
            this.iwtAuthCert_emailAddrTag = bundle.getString("emailAddrTag");
            debug.message(new StringBuffer("ldapFactory").append(this.iwtAuthCert_ldapFactory).toString());
            debug.message(new StringBuffer("ldapProviderUrl").append(this.iwtAuthCert_ldapProviderUrl).toString());
            debug.message(new StringBuffer("startSearchLoc").append(this.iwtAuthCert_startSearchLoc).toString());
            debug.message(new StringBuffer("securityType").append(this.iwtAuthCert_securityType).toString());
            debug.message(new StringBuffer("principleUser").append(this.iwtAuthCert_principleUser).toString());
            debug.message(new StringBuffer("principlePasswd").append(this.iwtAuthCert_principlePasswd).toString());
            debug.message(new StringBuffer("useSSL").append(this.iwtAuthCert_useSSL).toString());
            debug.message(new StringBuffer("userProfileMapper").append(this.iwtAuthCert_userProfileMapper).toString());
            debug.message(new StringBuffer("chkCRL").append(this.iwtAuthCert_chkCRL).toString());
            debug.message(new StringBuffer("chkCertInLDAP").append(this.iwtAuthCert_chkCertInLDAP).toString());
            debug.message(new StringBuffer("emailAddr").append(this.iwtAuthCert_emailAddr).toString());
            debug.message(new StringBuffer("emailAddr").append(this.iwtAuthCert_emailAddrTag).toString());
            debug.message(new StringBuffer("ldapProfileID").append(this.iwtAuthCert_ldapProfileID).toString());
            debug.message("in Certificate. exit initialize");
        } catch (Exception e) {
            debug.message(new StringBuffer("Certificate: Initialize exception is ").append(e).toString());
            throw new LoginException(new StringBuffer(String.valueOf(bundle.getString("CERTex"))).append(e.getMessage()).toString());
        }
    }

    @Override // com.iplanet.portalserver.auth.server.Login, com.iplanet.portalserver.auth.server.Authenticator
    public void validate() throws LoginException {
        debug.message("in Certificate. validate");
        initialize();
        try {
            HttpServletRequest httpServletRequest = getHttpServletRequest();
            httpServletRequest.getContentLength();
            String parameterValue = this.request.getParameterValue("cert123");
            debug.message(new StringBuffer("in Certificate. validate certParam: ").append(parameterValue).toString());
            byte[] bytes = parameterValue.getBytes();
            debug.message(new StringBuffer("in Certificate: req.getContentLength=").append(httpServletRequest.getContentLength()).toString());
            debug.message("Certificate: before MimeUtility.decode.");
            InputStream decode = MimeUtility.decode(new ByteArrayInputStream(bytes), "base64");
            debug.message("Certificate: CertificateFactory.getInstance.");
            this.thecert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(decode);
            debug.message(new StringBuffer("X509Certificate: principal is: ").append(this.thecert.getSubjectDN().getName()).toString());
            debug.message(new StringBuffer("getTokenFromCert: issuer DN:").append(this.thecert.getIssuerDN().getName()).toString());
            debug.message(new StringBuffer("getTokenFromCert: serial number:").append(String.valueOf(this.thecert.getSerialNumber())).toString());
            debug.message(new StringBuffer("getTokenFromCert: subject dn:").append(this.thecert.getSubjectDN().getName()).toString());
            if (this.iwtAuthCert_chkCertInLDAP.equals("false") && this.iwtAuthCert_chkCRL.equals("false")) {
                getTokenFromCert(this.thecert);
                return;
            }
            try {
                Hashtable hashtable = new Hashtable(5, 0.75f);
                hashtable.put("java.naming.factory.initial", this.iwtAuthCert_ldapFactory);
                hashtable.put("java.naming.provider.url", this.iwtAuthCert_ldapProviderUrl);
                hashtable.put("java.naming.security.authentication", this.iwtAuthCert_securityType);
                if (!this.iwtAuthCert_securityType.equals("none")) {
                    debug.message("Cert:  initial ctx security type is not none.");
                    hashtable.put("java.naming.security.principal", this.iwtAuthCert_principleUser);
                    hashtable.put("java.naming.security.credentials", this.iwtAuthCert_principlePasswd);
                }
                if (this.iwtAuthCert_useSSL.equals("true")) {
                    debug.message("Cert:  initial ctx using ssl.");
                    hashtable.put("java.naming.security.protocol", "ssl");
                }
                debug.message("X509Certificate: InitialDirContext.");
                InitialDirContext initialDirContext = new InitialDirContext(hashtable);
                debug.message("X509Certificate: exit from InitialDirContext.");
                if (this.iwtAuthCert_chkCertInLDAP.equals("true")) {
                    debug.message("X509Certificate: getRegisteredCertificate.");
                    X509Certificate registeredCertificate = getRegisteredCertificate(initialDirContext, this.thecert);
                    debug.message("X509Certificate: exit getRegisteredCertificate.");
                    if (registeredCertificate == null) {
                        debug.message("X509Certificate: getRegisteredCertificate is null.");
                        throw new LoginException(bundle.getString("CertNoReg"));
                    }
                }
                try {
                    debug.message("X509Certificate: checkValidity.");
                    this.thecert.checkValidity();
                    if (this.iwtAuthCert_chkCRL.equals("true")) {
                        debug.message("X509Certificate: verifyCertificate.");
                        if (!verifyCertificate(initialDirContext, this.thecert)) {
                            debug.message("X509Certificate: verifyCertificate failed.");
                            throw new LoginException(bundle.getString("CertVerifyFailed"));
                        }
                    }
                    getTokenFromCert(this.thecert);
                    debug.message(new StringBuffer("in Certificate. exit validate; userTokenId=").append(this.userTokenId).toString());
                } catch (CertificateExpiredException e) {
                    debug.message(new StringBuffer("Certificate:  Certificate has expired exception = ").append(e).toString());
                    throw new LoginException(bundle.getString("CertExpired"));
                } catch (CertificateNotYetValidException e2) {
                    debug.message(new StringBuffer("Certificate:  Certificate is not yet valid exception = ").append(e2).toString());
                    throw new LoginException(bundle.getString("CertNotValidYet"));
                }
            } catch (Exception e3) {
                debug.message(new StringBuffer("Certifiate: dircontext").append(e3).toString());
                throw new LoginException(new StringBuffer(String.valueOf(bundle.getString("CertNoContext"))).append(e3).toString());
            }
        } catch (Exception e4) {
            debug.message(new StringBuffer("Certificate:  exiting validate with exception = ").append(e4).toString());
            throw new LoginException(new StringBuffer(String.valueOf(bundle.getString("CERTex"))).append(e4.getMessage()).toString());
        }
    }

    private boolean verifyCertificate(DirContext dirContext, X509Certificate x509Certificate) throws LoginException {
        debug.message("verifyCertificate enter");
        String name = x509Certificate.getIssuerDN().getName();
        if (name.indexOf("CN") == -1) {
            return false;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(name.substring(name.indexOf("CN")), "=");
        stringTokenizer.nextToken();
        String nextToken = stringTokenizer.nextToken();
        int indexOf = nextToken.indexOf(ReverseProxyConfigConstants.CONNECTIONMANAGERDELIMITER);
        if (indexOf != -1) {
            nextToken = nextToken.substring(0, indexOf);
        }
        debug.message("verifyCertificate computed cn");
        byte[] bArr = null;
        try {
            debug.message("Searching for signers certificate");
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            NamingEnumeration search = dirContext.search(this.iwtAuthCert_startSearchLoc, new StringBuffer("(cn=").append(nextToken).append(")").toString(), searchControls);
            if (search == null || !search.hasMore()) {
                return false;
            }
            Attributes attributes = ((SearchResult) search.next()).getAttributes();
            debug.message("Retrieving certificate and CRL");
            Attribute attribute = attributes.get("cacertificate");
            if (attribute == null) {
                attribute = attributes.get("cacertificate;binary");
                if (attribute == null) {
                    return false;
                }
            }
            byte[] bArr2 = (byte[]) attribute.get();
            Attribute attribute2 = attributes.get("certificaterevocationlist");
            if (attribute2 != null) {
                bArr = (byte[]) attribute2.get();
            } else {
                Attribute attribute3 = attributes.get("certificaterevocationlist;binary");
                if (attribute3 != null) {
                    bArr = (byte[]) attribute3.get();
                }
            }
            try {
                debug.message("Creating certificate factory");
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                debug.message("Converting certificates from 1421 to X509");
                X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr2));
                debug.message(new StringBuffer("signerCertificate getIssuerUniqueID=").append(x509Certificate2.getIssuerUniqueID()).toString());
                debug.message(new StringBuffer("signerCertificate getSerialNumber=").append(x509Certificate2.getSerialNumber()).toString());
                debug.message(new StringBuffer("signerCertificate subject dn = ").append(x509Certificate2.getSubjectDN().getName()).toString());
                debug.message(new StringBuffer("signerCertificate issuer dn = ").append(x509Certificate2.getIssuerDN().getName()).toString());
                debug.message(new StringBuffer("certificate getIssuerUniqueID=").append(x509Certificate.getIssuerUniqueID()).toString());
                debug.message(new StringBuffer("certificate getSerialNumber=").append(x509Certificate.getSerialNumber()).toString());
                debug.message(new StringBuffer("certificate subject dn = ").append(x509Certificate.getSubjectDN().getName()).toString());
                debug.message(new StringBuffer("certificate issuer dn = ").append(x509Certificate.getIssuerDN().getName()).toString());
                debug.message("Verifying certificate");
                debug.message("Certificate was verified");
                if (bArr != null) {
                    debug.message("Checking revocation list");
                    X509CRLEntry revokedCertificate = ((X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream(bArr))).getRevokedCertificate(x509Certificate.getSerialNumber());
                    if (revokedCertificate != null) {
                        debug.message(new StringBuffer("revoked entry:").append(revokedCertificate.getSerialNumber()).toString());
                        debug.message(new StringBuffer("revoked entry:").append(revokedCertificate.getRevocationDate()).toString());
                        throw new LoginException(bundle.getString("CertRevoked"));
                    }
                }
                return true;
            } catch (Exception e) {
                debug.message(new StringBuffer("Certificate: CertRevoked = ").append(e).toString());
                throw new LoginException(bundle.getString("CertRevoked"));
            }
        } catch (Exception e2) {
            debug.message(new StringBuffer("Error finding signers certificate = ").append(e2).toString());
            return false;
        }
    }
}
