package de.tk.opensource.secon;

import java.io.ByteArrayInputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.Iterator;
import java.util.Optional;

/* loaded from: input_file:de/tk/opensource/secon/LdapDirectory.class */
final class LdapDirectory implements Directory {
    private static final Comparator<X509Certificate> CERTIFICATE_COMPARATOR = Comparator.comparing((v0) -> {
        return v0.getNotAfter();
    });
    private volatile CertificateFactory certificateFactory;
    private final DirContextPool pool;

    /* JADX INFO: Access modifiers changed from: package-private */
    public LdapDirectory(DirContextPool dirContextPool) {
        this.pool = dirContextPool;
    }

    @Override // de.tk.opensource.secon.Directory
    public Optional<X509Certificate> certificate(X509CertSelector x509CertSelector) throws Exception {
        String format = String.format("cn=%06X,%s", x509CertSelector.getSerialNumber(), x509CertSelector.getIssuerAsString());
        ArrayList arrayList = new ArrayList();
        this.pool.accept(dirContextVisitor -> {
            Iterator it = dirContextVisitor.search(format, "objectClass=pkiUser", 0, byte[].class, "userCertificate;binary").iterator();
            while (it.hasNext()) {
                X509Certificate certificate = certificate((byte[]) it.next());
                if (x509CertSelector.match(certificate)) {
                    arrayList.add(certificate);
                }
            }
        });
        return arrayList.stream().max(CERTIFICATE_COMPARATOR);
    }

    @Override // de.tk.opensource.secon.Directory
    public Optional<X509Certificate> certificate(String str) throws Exception {
        String str2 = str.length() == 9 ? "ou=IK" + str + ",o=LE,c=DE" : "ou=BN" + str + ",o=AG,c=DE";
        ArrayList arrayList = new ArrayList();
        this.pool.accept(dirContextVisitor -> {
            Iterator it = dirContextVisitor.search(str2, "objectClass=*", 1, String.class, "seeAlso").iterator();
            while (it.hasNext()) {
                Iterator it2 = dirContextVisitor.search((String) it.next(), "objectClass=pkiUser", 0, byte[].class, "userCertificate;binary").iterator();
                while (it2.hasNext()) {
                    arrayList.add(certificate((byte[]) it2.next()));
                }
            }
        });
        return arrayList.stream().max(CERTIFICATE_COMPARATOR);
    }

    private X509Certificate certificate(byte[] bArr) throws CertificateException {
        return (X509Certificate) certificateFactory().generateCertificate(new ByteArrayInputStream(bArr));
    }

    private CertificateFactory certificateFactory() throws CertificateException {
        CertificateFactory certificateFactory = this.certificateFactory;
        if (null != certificateFactory) {
            return certificateFactory;
        }
        CertificateFactory certificateFactory2 = CertificateFactory.getInstance("X.509");
        this.certificateFactory = certificateFactory2;
        return certificateFactory2;
    }
}
