package com.sun.identity.authentication.modules.cert;

import com.iplanet.am.util.Debug;
import com.iplanet.am.util.Misc;
import com.iplanet.am.util.SSLSocketFactoryManager;
import com.iplanet.security.x509.X500Name;
import com.sun.identity.authentication.service.X509CertificateCallback;
import com.sun.identity.authentication.spi.AMLoginModule;
import com.sun.identity.authentication.spi.AuthLoginException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.Principal;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.Set;
import javax.mail.internet.MimeUtility;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.servlet.http.HttpServletRequest;
import netscape.ldap.LDAPAttribute;
import netscape.ldap.LDAPAttributeSet;
import netscape.ldap.LDAPConnection;
import netscape.ldap.LDAPException;
import netscape.ldap.LDAPSearchResults;
import netscape.ldap.LDAPUrl;
import org.mozilla.jss.CryptoManager;

/* loaded from: input_file:120091-12/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/authentication/modules/cert/Cert.class */
public class Cert extends AMLoginModule {
    private String amAuthCert_serverHost;
    private String amAuthCert_startSearchLoc;
    private String amAuthCert_securityType;
    private String amAuthCert_principleUser;
    private String amAuthCert_principlePasswd;
    private String amAuthCert_useSSL;
    private String amAuthCert_userProfileMapper;
    private String amAuthCert_altUserProfileMapper;
    private String amAuthCert_chkCRL;
    private String amAuthCert_chkCertInLDAP;
    private String amAuthCert_ldapProfileID;
    private String amAuthCert_emailAddrTag;
    private Map options;
    private CertAuthPrincipal userPrincipal;
    private CallbackHandler callbackHandler;
    private static final String amAuthCert = "amAuthCert";
    private static Locale locale = null;
    private static boolean portal_gw_cert_auth_enabled = false;
    public static Debug debug = null;
    private ResourceBundle bundle = null;
    private String userTokenId = null;
    private X509Certificate thecert = null;
    private String amAuthCert_chkAttrCRL = null;
    private String amAuthCert_uriParamsCRL = null;
    private String amAuthCert_chkAttrCertInLDAP = null;
    private int amAuthCert_serverPort = 389;
    private Set portalGateways = null;
    private boolean ocspEnabled = false;
    private LDAPConnection ldc = null;

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public void init(Subject subject, Map map, Map map2) {
        if (debug == null) {
            debug = Debug.getInstance(amAuthCert);
        }
        Locale loginLocale = getLoginLocale();
        this.bundle = amCache.getResBundle(amAuthCert, loginLocale);
        this.callbackHandler = getCallbackHandler();
        this.options = map2;
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("Cert Auth resbundle locale=").append(loginLocale).toString());
            debug.message("Cert auth init() done");
        }
    }

    private void initAuthConfig() throws AuthLoginException {
        if (this.options == null) {
            debug.error("options is null");
            throw new AuthLoginException(amAuthCert, "CERTex", null);
        }
        if (debug.messageEnabled()) {
            debug.message("Certificate: getting attributes.");
        }
        String mapAttr = Misc.getMapAttr(this.options, "iplanet-am-auth-cert-auth-level");
        if (mapAttr != null) {
            try {
                setAuthLevel(Integer.parseInt(mapAttr));
            } catch (Exception e) {
                debug.error(new StringBuffer().append("Invalid auth level ").append(mapAttr).toString(), e);
            }
        }
        this.amAuthCert_securityType = Misc.getMapAttr(this.options, "iplanet-am-auth-cert-security-type");
        this.amAuthCert_principleUser = Misc.getMapAttr(this.options, "iplanet-am-auth-cert-principal-user");
        this.amAuthCert_principlePasswd = Misc.getMapAttr(this.options, "iplanet-am-auth-cert-principal-passwd");
        this.amAuthCert_useSSL = Misc.getMapAttr(this.options, "iplanet-am-auth-cert-use-ssl");
        this.amAuthCert_userProfileMapper = Misc.getMapAttr(this.options, "iplanet-am-auth-cert-user-profile-mapper");
        this.amAuthCert_altUserProfileMapper = Misc.getMapAttr(this.options, "iplanet-am-auth-cert-user-profile-mapper-other");
        this.amAuthCert_chkCRL = Misc.getMapAttr(this.options, "iplanet-am-auth-cert-check-crl");
        if (this.amAuthCert_chkCRL.equalsIgnoreCase("true")) {
            this.amAuthCert_chkAttrCRL = Misc.getMapAttr(this.options, "iplanet-am-auth-cert-attr-check-crl");
            if (this.amAuthCert_chkAttrCRL == null || this.amAuthCert_chkAttrCRL.equals("")) {
                throw new AuthLoginException(amAuthCert, "noCRLAttr", null);
            }
        }
        this.amAuthCert_uriParamsCRL = Misc.getMapAttr(this.options, "iplanet-am-auth-cert-param-get-crl");
        this.amAuthCert_chkCertInLDAP = Misc.getMapAttr(this.options, "iplanet-am-auth-cert-check-cert-in-ldap");
        if (this.amAuthCert_chkCertInLDAP.equalsIgnoreCase("true")) {
            this.amAuthCert_chkAttrCertInLDAP = Misc.getMapAttr(this.options, "iplanet-am-auth-cert-attr-check-ldap");
            if (this.amAuthCert_chkAttrCertInLDAP == null || this.amAuthCert_chkAttrCertInLDAP.equals("")) {
                throw new AuthLoginException(amAuthCert, "noLDAPAttr", null);
            }
        }
        this.amAuthCert_ldapProfileID = Misc.getMapAttr(this.options, "iplanet-am-auth-cert-ldap-profile-id");
        String mapAttr2 = Misc.getMapAttr(this.options, "iplanet-am-auth-cert-check-ocsp");
        this.ocspEnabled = mapAttr2 != null && mapAttr2.equalsIgnoreCase("true");
        String mapAttr3 = Misc.getMapAttr(this.options, "iplanet-am-auth-cert-gw-cert-auth-enabled");
        HttpServletRequest httpServletRequest = getHttpServletRequest();
        String str = null;
        if (httpServletRequest != null) {
            str = httpServletRequest.getRemoteAddr();
        }
        portal_gw_cert_auth_enabled = false;
        if (mapAttr3 == null || mapAttr3.equals("") || mapAttr3.equalsIgnoreCase("none")) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("iplanet-am-auth-cert-gw-cert-auth-enabled = ").append(mapAttr3).toString());
            }
        } else if (mapAttr3.equalsIgnoreCase("any")) {
            portal_gw_cert_auth_enabled = true;
        } else {
            this.portalGateways = (Set) this.options.get("iplanet-am-auth-cert-gw-cert-auth-enabled");
            if (str != null && this.portalGateways.contains(str)) {
                portal_gw_cert_auth_enabled = true;
            } else if (debug.messageEnabled()) {
                debug.message("gateway list does not contain client");
                Iterator it = this.portalGateways.iterator();
                while (it.hasNext()) {
                    debug.message(new StringBuffer().append("client list entry = ").append((String) it.next()).toString());
                }
            }
        }
        this.amAuthCert_emailAddrTag = this.bundle.getString("emailAddrTag");
        this.amAuthCert_serverHost = Misc.getServerMapAttr(this.options, "iplanet-am-auth-cert-ldap-provider-url");
        if (this.amAuthCert_serverHost == null && (this.amAuthCert_chkCertInLDAP.equalsIgnoreCase("true") || this.amAuthCert_chkCRL.equalsIgnoreCase("true"))) {
            debug.error("Fatal error: LDAP Server and Port misconfigured");
            throw new AuthLoginException(amAuthCert, "wrongLDAPServer", null);
        }
        if (this.amAuthCert_serverHost != null) {
            try {
                LDAPUrl lDAPUrl = new LDAPUrl(new StringBuffer().append("ldap://").append(this.amAuthCert_serverHost).toString());
                this.amAuthCert_serverPort = lDAPUrl.getPort();
                this.amAuthCert_serverHost = lDAPUrl.getHost();
            } catch (Exception e2) {
                throw new AuthLoginException(amAuthCert, "wrongLDAPServer", null);
            }
        }
        this.amAuthCert_startSearchLoc = Misc.getServerMapAttr(this.options, "iplanet-am-auth-cert-start-search-loc");
        if (this.amAuthCert_startSearchLoc == null && (this.amAuthCert_chkCertInLDAP.equalsIgnoreCase("true") || this.amAuthCert_chkCRL.equalsIgnoreCase("true"))) {
            debug.error("Fatal error: LDAP Start Search DN is not configured");
            throw new AuthLoginException(amAuthCert, "wrongStartDN", null);
        }
        if (this.amAuthCert_startSearchLoc != null) {
            try {
                new X500Name(this.amAuthCert_startSearchLoc);
            } catch (Exception e3) {
                debug.error("Fatal error: LDAP Start Search DN misconfigured");
                throw new AuthLoginException(amAuthCert, "wrongStartDN", null);
            }
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("\nldapProviderUrl=").append(this.amAuthCert_serverHost).append("\n\tamAuthCert_serverPort = ").append(this.amAuthCert_serverPort).append("\n\tstartSearchLoc=").append(this.amAuthCert_startSearchLoc).append("\n\tsecurityType=").append(this.amAuthCert_securityType).append("\n\tprincipleUser=").append(this.amAuthCert_principleUser).append("\n\tauthLevel=").append(mapAttr).append("\n\tuseSSL=").append(this.amAuthCert_useSSL).append("\n\tocspEnable=").append(this.ocspEnabled).append("\n\tuserProfileMapper=").append(this.amAuthCert_userProfileMapper).append("\n\taltUserProfileMapper=").append(this.amAuthCert_altUserProfileMapper).append("\n\tchkCRL=").append(this.amAuthCert_chkCRL).append("\n\tchkAttrCRL=").append(this.amAuthCert_chkAttrCRL).append("\n\tchkCertInLDAP=").append(this.amAuthCert_chkCertInLDAP).append("\n\tchkAttrCertInLDAP=").append(this.amAuthCert_chkAttrCertInLDAP).append("\n\temailAddr=").append(this.amAuthCert_emailAddrTag).append("\n\tldapProfileID=").append(this.amAuthCert_ldapProfileID).append("\n\tgw-cert-auth-enabled=").append(portal_gw_cert_auth_enabled).append("\n\tclient=").append(str).toString());
        }
    }

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public int process(Callback[] callbackArr, int i) throws AuthLoginException {
        debug.message("in Certificate. process()");
        initAuthConfig();
        try {
            HttpServletRequest httpServletRequest = getHttpServletRequest();
            if (httpServletRequest != null) {
                X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
                if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                    debug.message("Certificate: checking for cert passed in the URL.");
                    if (!portal_gw_cert_auth_enabled) {
                        debug.error("Certificate: cert passed in URL not enabled for this client");
                        throw new AuthLoginException(amAuthCert, "noURLCertAuth", null);
                    }
                    this.thecert = getPortalStyleCert();
                } else {
                    if (debug.messageEnabled()) {
                        debug.message(new StringBuffer().append("Certificate: got all certs from HttpServletRequest =").append(x509CertificateArr.length).toString());
                    }
                    this.thecert = x509CertificateArr[0];
                }
            } else {
                this.thecert = sendCallback();
            }
            if (this.thecert == null) {
                if (debug.messageEnabled()) {
                    debug.message("Certificate: no cert passed in.");
                }
                throw new AuthLoginException(amAuthCert, "noCert", null);
            }
            getTokenFromCert(this.thecert);
            storeUsernamePasswd(this.userTokenId, null);
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("in Certificate. userTokenId=").append(this.userTokenId).append(" from getTokenFromCert").toString());
            }
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("Got client cert =\n").append(this.thecert.toString()).toString());
            }
            if (this.ocspEnabled && !certValidation(this.thecert)) {
                debug.message("OCSP cert validation failed");
                setFailureID(this.userTokenId);
                throw new AuthLoginException(amAuthCert, "CertIsNotValid", null);
            }
            if (this.amAuthCert_chkCertInLDAP.equalsIgnoreCase("false") && this.amAuthCert_chkCRL.equalsIgnoreCase("false")) {
                return -1;
            }
            if (this.amAuthCert_useSSL.equalsIgnoreCase("true")) {
                debug.message("Cert:  initial ldc  using ssl.");
                try {
                    this.ldc = new LDAPConnection(SSLSocketFactoryManager.getSSLSocketFactory());
                    debug.message("validate(): SSLSocketFactory called");
                } catch (Exception e) {
                    debug.error("validate.JSSSocketFactory", e);
                    setFailureID(this.userTokenId);
                    throw new AuthLoginException(amAuthCert, "jssSokFactoryFail", null);
                }
            } else {
                this.ldc = new LDAPConnection();
            }
            try {
                this.ldc.connect(this.amAuthCert_serverHost, this.amAuthCert_serverPort);
                this.ldc.authenticate(this.amAuthCert_principleUser, this.amAuthCert_principlePasswd);
                if (this.amAuthCert_chkCertInLDAP.equalsIgnoreCase("true")) {
                    debug.message("X509Certificate: getRegisteredCertificate.");
                    X509Certificate registeredCertificate = getRegisteredCertificate(this.ldc, this.thecert);
                    debug.message("X509Certificate: exit getRegisteredCertificate");
                    if (registeredCertificate == null) {
                        debug.message("X509Certificate: getRegCertificate is null");
                        setFailureID(this.userTokenId);
                        throw new AuthLoginException(amAuthCert, "CertNoReg", null);
                    }
                }
                try {
                    debug.message("X509Certificate: checkValidity.");
                    this.thecert.checkValidity();
                    if (!this.amAuthCert_chkCRL.equalsIgnoreCase("true")) {
                        return -1;
                    }
                    debug.message("X509Certificate: verifyCertificate.");
                    if (new CRLValidation(this).verifyCertificate()) {
                        return -1;
                    }
                    debug.message("X509Certificate:verifyCertificate failed.");
                    setFailureID(this.userTokenId);
                    throw new AuthLoginException(amAuthCert, "CertVerifyFailed", null);
                } catch (CertificateExpiredException e2) {
                    if (debug.messageEnabled()) {
                        debug.message("Certificate: Certificate has expired.", e2);
                    }
                    setFailureID(this.userTokenId);
                    throw new AuthLoginException(amAuthCert, "CertExpired", null);
                } catch (CertificateNotYetValidException e3) {
                    if (debug.messageEnabled()) {
                        debug.message("Certificate:  invalid Certificate", e3);
                    }
                    setFailureID(this.userTokenId);
                    throw new AuthLoginException(amAuthCert, "CertNotValidYet", null);
                }
            } catch (LDAPException e4) {
                if (debug.messageEnabled()) {
                    debug.message("Certificate: dircontext", e4);
                }
                setFailureID(this.userTokenId);
                throw new AuthLoginException(amAuthCert, "CertNoContext", null);
            }
        } catch (AuthLoginException e5) {
            setFailureID(this.userTokenId);
            debug.error("Certificate:  exiting validate with exception", e5);
            throw new AuthLoginException(amAuthCert, "noCert", null);
        }
    }

    private void getTokenFromCert(X509Certificate x509Certificate) throws AuthLoginException {
        try {
            X500Name x500Name = new X500Name(x509Certificate.getSubjectDN().getEncoded());
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("getTokenFromCert: Subject DN : ").append(x500Name.getName()).toString());
            }
            if (this.amAuthCert_userProfileMapper.equalsIgnoreCase("subject DN")) {
                this.userTokenId = x500Name.getName();
            }
            if (this.amAuthCert_userProfileMapper.equalsIgnoreCase("subject UID")) {
                this.userTokenId = x500Name.getAttributeValue("uid");
            }
            if (this.amAuthCert_userProfileMapper.equalsIgnoreCase("subject CN")) {
                this.userTokenId = x500Name.getCommonName();
            }
            if (this.amAuthCert_userProfileMapper.equalsIgnoreCase(this.amAuthCert_emailAddrTag)) {
                this.userTokenId = x500Name.getEmail();
                if (this.userTokenId == null) {
                    this.userTokenId = x500Name.getAttributeValue("mail");
                }
            }
            if (this.amAuthCert_userProfileMapper.equalsIgnoreCase("DER Certificate")) {
                this.userTokenId = String.valueOf(x509Certificate.getTBSCertificate());
            }
            if (this.amAuthCert_userProfileMapper.equals("other")) {
                this.userTokenId = x500Name.getAttributeValue(this.amAuthCert_altUserProfileMapper);
            }
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("getTokenFromCert: ").append(this.amAuthCert_userProfileMapper).append(this.userTokenId).toString());
            }
        } catch (Exception e) {
            if (debug.messageEnabled()) {
                debug.message("Certificate - Error in getTokenFromCert = ", e);
            }
            throw new AuthLoginException(amAuthCert, "CertNoReg", null);
        }
    }

    private X509Certificate getRegisteredCertificate(LDAPConnection lDAPConnection, X509Certificate x509Certificate) throws AuthLoginException {
        try {
            String attributeValue = new X500Name(x509Certificate.getSubjectDN().getEncoded()).getAttributeValue(this.amAuthCert_chkAttrCertInLDAP);
            if (attributeValue == null) {
                return null;
            }
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("Certificate - cn substring: ").append(attributeValue).toString());
            }
            try {
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("Certificate - ldc.search:searching  ").append(this.amAuthCert_startSearchLoc).append(" ").append(lDAPConnection).toString());
                }
                String stringBuffer = new StringBuffer(128).append("(").append(this.amAuthCert_chkAttrCertInLDAP).append("=").append(attributeValue).append(")").toString();
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("Certificate - ldc.search: using this filter: ").append(stringBuffer).toString());
                }
                LDAPSearchResults search = lDAPConnection.search(this.amAuthCert_startSearchLoc, 2, stringBuffer, null, false);
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                while (search != null) {
                    if (!search.hasMoreElements()) {
                        break;
                    }
                    LDAPAttributeSet attributeSet = search.next().getAttributeSet();
                    LDAPAttribute attribute = attributeSet.getAttribute("usercertificate");
                    if (attribute == null) {
                        if (debug.messageEnabled()) {
                            debug.message("Certificate - get usercertificate is null");
                        }
                        attribute = attributeSet.getAttribute("usercertificate;binary");
                        if (attribute == null) {
                            debug.message("Certificate - get usercertificate;binary is null ");
                        }
                    }
                    Enumeration byteValues = attribute.getByteValues();
                    while (byteValues.hasMoreElements()) {
                        X509Certificate x509Certificate2 = null;
                        try {
                            x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream((byte[]) byteValues.nextElement()));
                        } catch (CertificateParsingException e) {
                            debug.error("Error in Certificate parsing : ", e);
                        }
                        if (x509Certificate2 != null && x509Certificate.equals(x509Certificate2)) {
                            return x509Certificate2;
                        }
                    }
                }
                if (!debug.messageEnabled()) {
                    return null;
                }
                debug.message("Certificate - did not find matching cert in LDAP");
                return null;
            } catch (Exception e2) {
                if (debug.messageEnabled()) {
                    debug.message("Certificate - Error finding registered certificate = ", e2);
                }
                throw new AuthLoginException(amAuthCert, "CertNoReg", null);
            }
        } catch (Exception e3) {
            if (!debug.messageEnabled()) {
                return null;
            }
            debug.message(new StringBuffer().append("Certificate - cn substring: ").append(e3).toString());
            return null;
        }
    }

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public Principal getPrincipal() {
        if (this.userPrincipal != null) {
            return this.userPrincipal;
        }
        if (this.userTokenId == null) {
            return null;
        }
        this.userPrincipal = new CertAuthPrincipal(this.userTokenId);
        return this.userPrincipal;
    }

    public X509Certificate getCertificate() {
        return this.thecert;
    }

    public String getChkAttrCRL() {
        return this.amAuthCert_chkAttrCRL;
    }

    public LDAPConnection getLDAPConnection() {
        return this.ldc;
    }

    public Debug getDebug() {
        return debug;
    }

    public String getUriParamsCRL() {
        return this.amAuthCert_uriParamsCRL;
    }

    public String getStartSearchLoc() {
        return this.amAuthCert_startSearchLoc;
    }

    private X509Certificate sendCallback() throws AuthLoginException {
        if (this.callbackHandler == null) {
            throw new AuthLoginException(amAuthCert, "NoCallbackHandler", null);
        }
        try {
            Callback[] callbackArr = {new X509CertificateCallback(this.bundle.getString("certificate"))};
            this.callbackHandler.handle(callbackArr);
            return ((X509CertificateCallback) callbackArr[0]).getCertificate();
        } catch (IOException e) {
            throw new AuthLoginException(e);
        } catch (IllegalArgumentException e2) {
            debug.message("message type missing");
            throw new AuthLoginException(amAuthCert, "IllegalArgs", null);
        } catch (UnsupportedCallbackException e3) {
            throw new AuthLoginException(amAuthCert, "NoCallbackHandler", null);
        }
    }

    private X509Certificate getPortalStyleCert() throws AuthLoginException {
        debug.message("getPortalStyleCert: checking cert in userCert param");
        Hashtable requestParamHash = getLoginState("getPortalStyleCert()").getRequestParamHash();
        String str = null;
        if (requestParamHash != null) {
            str = (String) requestParamHash.get("IDToken0");
            if (str == null) {
                str = (String) requestParamHash.get("Login.Token0");
            }
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("in Certificate. validate certParam: ").append(str).toString());
        }
        if (str == null || str.equals("")) {
            debug.message("Certificate: no cert from HttpServletRequest");
            throw new AuthLoginException(amAuthCert, "noCert", null);
        }
        byte[] bytes = str.getBytes();
        debug.message("in Certificate: got certbytes");
        try {
            InputStream decode = MimeUtility.decode(new ByteArrayInputStream(bytes), "base64");
            debug.message("Certificate: CertificateFactory.getInstance.");
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(decode);
                if (x509Certificate == null) {
                    throw new AuthLoginException(amAuthCert, "CERTex", null);
                }
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("X509Certificate: principal is: ").append(x509Certificate.getSubjectDN().getName()).append("\nissuer DN:").append(x509Certificate.getIssuerDN().getName()).append("\nserial number:").append(String.valueOf(x509Certificate.getSerialNumber())).append("\nsubject dn:").append(x509Certificate.getSubjectDN().getName()).toString());
                }
                return x509Certificate;
            } catch (Exception e) {
                debug.error("CertificateFromParameter(X509Cert): exception ", e);
                throw new AuthLoginException(amAuthCert, "CERTex", null);
            }
        } catch (Exception e2) {
            debug.error("CertificateFromParameter(decode): exception", e2);
            throw new AuthLoginException(amAuthCert, "CERTex", null);
        }
    }

    private boolean certValidation(X509Certificate x509Certificate) {
        try {
            debug.message("inside certValidation");
            if (CryptoManager.getInstance().isCertValid(x509Certificate.getEncoded(), true, CryptoManager.CertUsage.SSLClient)) {
                debug.message("cert is valid");
                return true;
            }
            debug.message("cert is not valid");
            return false;
        } catch (Exception e) {
            debug.message("certValidation failed with exception", e);
            return false;
        }
    }
}
