package com.baltimore.jpkiplus.pkiservices;

import com.baltimore.jcrypto.asn1.ASN1ObjectIdentifier;
import com.baltimore.jcrypto.pkcs.AlgorithmIdentifier;
import com.baltimore.jcrypto.utils.ByteArray;
import com.baltimore.jcrypto.utils.OIDs;
import com.baltimore.jpkiplus.directory.LDAPDirectory;
import com.baltimore.jpkiplus.ocsp.BasicOCSPResponse;
import com.baltimore.jpkiplus.ocsp.CertID;
import com.baltimore.jpkiplus.ocsp.OCSPRequest;
import com.baltimore.jpkiplus.ocsp.OCSPResponse;
import com.baltimore.jpkiplus.ocsp.OcspOverHttp;
import com.baltimore.jpkiplus.ocsp.Request;
import com.baltimore.jpkiplus.ocsp.Requests;
import com.baltimore.jpkiplus.ocsp.ResponseData;
import com.baltimore.jpkiplus.ocsp.RevokedInfo;
import com.baltimore.jpkiplus.ocsp.SingleResponse;
import com.baltimore.jpkiplus.ocsp.TBSRequest;
import com.baltimore.jpkiplus.ocsp.extensions.AcceptableResponses;
import com.baltimore.jpkiplus.pkidevice.KeyProvider;
import com.baltimore.jpkiplus.policy.RemoteSecurityServicesLocatorRule;
import com.baltimore.jpkiplus.policy.RemoteSecurityServicesLocatorRules;
import com.baltimore.jpkiplus.policy.XMLPolicyException;
import com.baltimore.jpkiplus.vaults.DefaultOCSPVaultCallback;
import com.baltimore.jpkiplus.vaults.Vault;
import com.baltimore.jpkiplus.vaults.VaultException;
import com.baltimore.jpkiplus.x509.JCRYPTO_X509CRL;
import com.baltimore.jpkiplus.x509.JCRYPTO_X509Certificate;
import com.baltimore.jpkiplus.x509.Name;
import com.baltimore.jpkiplus.x509.extensions.KeyUsage;
import com.baltimore.jpkiplus.x509.utils.CertAndKey;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Vector;
import javax.naming.NamingEnumeration;
import javax.naming.directory.SearchResult;

/* compiled from: [DashoPro-V1.3-013000] */
/* loaded from: input_file:com/baltimore/jpkiplus/pkiservices/DirectoryClient.class */
public class DirectoryClient {
    private Vector a = new Vector();
    private Vector b = new Vector();

    private boolean a(Vault vault, JCRYPTO_X509Certificate jCRYPTO_X509Certificate, KeyUsage keyUsage, LDAPDirectory lDAPDirectory) throws PKIServicesException {
        try {
            if (!new KeyUsage(jCRYPTO_X509Certificate.getKeyUsage()).equals(keyUsage)) {
                return false;
            }
            if (jCRYPTO_X509Certificate.isSelfSigned()) {
                if (!vault.verify(jCRYPTO_X509Certificate, jCRYPTO_X509Certificate)) {
                    return false;
                }
                X509CRL[] cRLs = lDAPDirectory.getCRLs(new Name(jCRYPTO_X509Certificate.getSubjectDN()).toString());
                if (cRLs.length != 1) {
                    return false;
                }
                JCRYPTO_X509CRL jcrypto_x509crl = new JCRYPTO_X509CRL(cRLs[0].getEncoded());
                return jcrypto_x509crl.verify(jCRYPTO_X509Certificate) && !jcrypto_x509crl.isRevoked(jCRYPTO_X509Certificate);
            }
            X509Certificate[] cACertificates = lDAPDirectory.getCACertificates(new Name(jCRYPTO_X509Certificate.getIssuerDN()).toString());
            for (int i = 0; i < cACertificates.length; i++) {
                JCRYPTO_X509Certificate jCRYPTO_X509Certificate2 = new JCRYPTO_X509Certificate(cACertificates[i].getEncoded());
                if ((jCRYPTO_X509Certificate2.isSelfSigned() && !vault.verify(jCRYPTO_X509Certificate2, jCRYPTO_X509Certificate2)) || !vault.verify(jCRYPTO_X509Certificate, jCRYPTO_X509Certificate2)) {
                    return false;
                }
                X509CRL[] cRLs2 = lDAPDirectory.getCRLs(new Name(cACertificates[i].getIssuerDN()).toString());
                if (cRLs2.length != 1) {
                    return false;
                }
                JCRYPTO_X509CRL jcrypto_x509crl2 = new JCRYPTO_X509CRL(cRLs2[0].getEncoded());
                if (!jcrypto_x509crl2.verify(jCRYPTO_X509Certificate2) || jcrypto_x509crl2.isRevoked(jCRYPTO_X509Certificate)) {
                    return false;
                }
            }
            return true;
        } catch (Exception e) {
            throw new PKIServicesException("DirectoryClient::CheckCertificate - ", e);
        }
    }

    public void addLdapUrl(String str) {
        this.a.addElement(str);
    }

    public void addOcspUrl(String str) {
        this.b.addElement(str);
    }

    private byte[] a(Vault vault, boolean z) throws PKIServicesException {
        try {
            DefaultOCSPVaultCallback defaultOCSPVaultCallback = new DefaultOCSPVaultCallback();
            defaultOCSPVaultCallback.checkVaultCallBack(vault);
            CertAndKey[] certificateAndKeyArray = ((DefaultOCSPVaultCallback) vault.pushVaultCallback(defaultOCSPVaultCallback)).getCertificateAndKeyArray();
            vault.popVaultCallback();
            Vector vector = new Vector();
            Requests requests = new Requests();
            for (int i = 0; i < certificateAndKeyArray.length; i += 2) {
                X509Certificate x509Certificate = (JCRYPTO_X509Certificate) certificateAndKeyArray[i].getCertificate();
                JCRYPTO_X509Certificate jCRYPTO_X509Certificate = (JCRYPTO_X509Certificate) certificateAndKeyArray[i + 1].getCertificate();
                ASN1ObjectIdentifier aSN1ObjectIdentifier = OIDs.sha1;
                if (vault.getSignatureAlgorithm(x509Certificate).toString().toLowerCase().indexOf("md2") != -1) {
                    aSN1ObjectIdentifier = OIDs.md2;
                } else if (vault.getSignatureAlgorithm(x509Certificate).toString().indexOf("md5") != -1) {
                    aSN1ObjectIdentifier = OIDs.md5;
                }
                CertID certID = new CertID(x509Certificate, jCRYPTO_X509Certificate, new AlgorithmIdentifier(aSN1ObjectIdentifier, null));
                vector.addElement(certID);
                requests.addRequest(new Request(certID));
            }
            TBSRequest tBSRequest = new TBSRequest(requests, 1, null);
            AcceptableResponses acceptableResponses = new AcceptableResponses();
            acceptableResponses.addResponseType(OIDs.id_pkix_ocsp_basic);
            tBSRequest.addExtension(acceptableResponses);
            OCSPRequest oCSPRequest = new OCSPRequest(tBSRequest);
            for (int i2 = 0; i2 < certificateAndKeyArray.length; i2 += 2) {
                oCSPRequest.addCertificate(certificateAndKeyArray[i2].getCertificate());
            }
            if (z) {
                Signature signature = Signature.getInstance(OIDs.getStringFromOID(((JCRYPTO_X509Certificate) certificateAndKeyArray[0].getCertificate()).getSignatureAlgorithm(null).getAlgorithm()));
                String str = signature.getAlgorithm().toUpperCase().indexOf("DSA") != -1 ? "DSA" : "RSA";
                int i3 = -1;
                PrivateKey privateKey = null;
                int i4 = 0;
                while (i4 < certificateAndKeyArray.length) {
                    if (certificateAndKeyArray[i4].getPrivateKey().getAlgorithm() == str) {
                        i3 = i4;
                        privateKey = certificateAndKeyArray[i3].getPrivateKey();
                        i4 = certificateAndKeyArray.length;
                    }
                    i4 += 2;
                }
                if (i3 == -1) {
                    KeyProvider primaryKeyProvider = vault.primaryKeyProvider();
                    if (primaryKeyProvider == null) {
                        primaryKeyProvider = vault.secondaryKeyProvider();
                    }
                    if (primaryKeyProvider == null) {
                        throw new VaultException("Impossible to create a KeyProvider with that Vault.");
                    }
                    Vector privateKeys = primaryKeyProvider.getPrivateKeys();
                    Vector vector2 = new Vector();
                    for (int i5 = 0; i5 < privateKeys.size(); i5++) {
                        vector2.addElement(privateKeys.elementAt(i5));
                    }
                    int i6 = 0;
                    while (i6 < vector2.size()) {
                        if (((PrivateKey) vector2.elementAt(i6)).getAlgorithm() == str) {
                            privateKey = (PrivateKey) vector2.elementAt(i6);
                            i6 = vector2.size();
                            i3 = 0;
                        }
                        i6++;
                    }
                }
                if (i3 != -1) {
                    signature.initSign(privateKey);
                    signature.update(oCSPRequest.toDER());
                    oCSPRequest.setSignature(signature.sign(), null);
                    oCSPRequest.setSignatureAlgorithm(((JCRYPTO_X509Certificate) certificateAndKeyArray[0].getCertificate()).getSignatureAlgorithm(null), null);
                }
                if (!oCSPRequest.isSigned()) {
                    throw new PKIServicesException(" The OCSP request is not signed.");
                }
                if (!((JCRYPTO_X509Certificate) certificateAndKeyArray[0].getCertificate()).isSelfSigned()) {
                    oCSPRequest.addCertificate(certificateAndKeyArray[1].getCertificate());
                }
            }
            TBSRequest tBSRequest2 = oCSPRequest.getTBSRequest();
            if (tBSRequest2.getVersion() != 1) {
                throw new PKIServicesException(" The version of the OCSP request is incorrect.");
            }
            for (int i7 = 0; i7 < certificateAndKeyArray.length / 2; i7++) {
                CertID certID2 = (CertID) vector.elementAt(i7);
                CertID certID3 = tBSRequest2.getRequest(i7).getCertID();
                if (certID3.getHashAlgorithm() != certID2.getHashAlgorithm()) {
                    throw new PKIServicesException(" The hash algorithm is incorrect in the certid object.");
                }
                if (certID3.getSerialNumber() != certID2.getSerialNumber()) {
                    throw new PKIServicesException(" The serial number is incorrect in the certid object.");
                }
                if (certID3.getIssuerKeyHash() != certID2.getIssuerKeyHash()) {
                    throw new PKIServicesException(" The certid's issuerKeyHash is incorrect.");
                }
            }
            return oCSPRequest.toDER();
        } catch (Exception e) {
            throw new PKIServicesException("DirectoryClient::createOCSPRequest - ", e);
        }
    }

    private Vector a(Vault vault) throws XMLPolicyException {
        Vector vector = new Vector();
        RemoteSecurityServicesLocatorRules remoteSecurityServicesLocations = vault.getPolicy().getRemoteSecurityServicesLocations();
        int numRemoteSecurityServicesLocatorRules = remoteSecurityServicesLocations.numRemoteSecurityServicesLocatorRules();
        RemoteSecurityServicesLocatorRule[] remoteSecurityServicesLocatorRuleArr = new RemoteSecurityServicesLocatorRule[numRemoteSecurityServicesLocatorRules];
        for (int i = 0; i < numRemoteSecurityServicesLocatorRules; i++) {
            remoteSecurityServicesLocatorRuleArr[i] = remoteSecurityServicesLocations.getRemoteSecurityServicesLocatorRule(i);
            int numDirectoryLocators = remoteSecurityServicesLocatorRuleArr[i].numDirectoryLocators();
            for (int i2 = 0; i2 < numDirectoryLocators; i2++) {
                vector.addElement(remoteSecurityServicesLocatorRuleArr[i].getDirectoryLocator(i2).getURL());
            }
        }
        return vector;
    }

    public int getLdapUrlNumber() {
        if (this.a.isEmpty()) {
            return 0;
        }
        return this.a.size();
    }

    private Vector b(Vault vault) throws XMLPolicyException {
        Vector vector = new Vector();
        RemoteSecurityServicesLocatorRules remoteSecurityServicesLocations = vault.getPolicy().getRemoteSecurityServicesLocations();
        int numRemoteSecurityServicesLocatorRules = remoteSecurityServicesLocations.numRemoteSecurityServicesLocatorRules();
        RemoteSecurityServicesLocatorRule[] remoteSecurityServicesLocatorRuleArr = new RemoteSecurityServicesLocatorRule[numRemoteSecurityServicesLocatorRules];
        for (int i = 0; i < numRemoteSecurityServicesLocatorRules; i++) {
            remoteSecurityServicesLocatorRuleArr[i] = remoteSecurityServicesLocations.getRemoteSecurityServicesLocatorRule(i);
            int numOCSPLocators = remoteSecurityServicesLocatorRuleArr[i].numOCSPLocators();
            for (int i2 = 0; i2 < numOCSPLocators; i2++) {
                vector.addElement(new StringBuffer("http").append(remoteSecurityServicesLocatorRuleArr[i].getOCSPLocator(i2).getURL().substring(4)).toString());
            }
        }
        return vector;
    }

    public int getOcspUrlNumber() {
        if (this.b.isEmpty()) {
            return 0;
        }
        return this.b.size();
    }

    public JCRYPTO_X509Certificate[] lookupCACertificates(Vault vault, String str, String str2, String str3, KeyUsage keyUsage) throws PKIServicesException {
        try {
            Vector vector = new Vector();
            new Vector();
            Vector a = this.a.isEmpty() ? a(vault) : this.a;
            for (int i = 0; i < a.size(); i++) {
                String[] a2 = a((String) a.elementAt(i));
                if (str == null) {
                    str = a2[1];
                }
                LDAPDirectory lDAPDirectory = new LDAPDirectory(a2[2], new Integer(a2[3]).intValue());
                lDAPDirectory.setManagerNameAndPassword(a2[0], str);
                lDAPDirectory.connect();
                Vector vector2 = new Vector();
                if (str3 == null) {
                    for (X509Certificate x509Certificate : lDAPDirectory.getCACertificates(str2)) {
                        JCRYPTO_X509Certificate jCRYPTO_X509Certificate = new JCRYPTO_X509Certificate(x509Certificate.getEncoded());
                        if (a(vault, jCRYPTO_X509Certificate, keyUsage, lDAPDirectory)) {
                            vector.addElement(jCRYPTO_X509Certificate);
                        }
                    }
                } else {
                    NamingEnumeration search = lDAPDirectory.search(str2, str3);
                    while (search != null && search.hasMore()) {
                        String stringBuffer = new StringBuffer(String.valueOf(((SearchResult) search.next()).getName())).append(",").append(str2).toString();
                        if (lDAPDirectory.getAttributes(stringBuffer, "cacertificate;binary") != null) {
                            vector2.addElement(stringBuffer);
                        }
                    }
                    if (search != null) {
                        for (int i2 = 0; i2 < vector2.size(); i2++) {
                            for (X509Certificate x509Certificate2 : lDAPDirectory.getCACertificates((String) vector2.elementAt(i2))) {
                                JCRYPTO_X509Certificate jCRYPTO_X509Certificate2 = new JCRYPTO_X509Certificate(x509Certificate2.getEncoded());
                                if (a(vault, jCRYPTO_X509Certificate2, keyUsage, lDAPDirectory)) {
                                    vector.addElement(jCRYPTO_X509Certificate2);
                                }
                            }
                        }
                    }
                }
            }
            if (vector.isEmpty()) {
                return null;
            }
            JCRYPTO_X509Certificate[] jCRYPTO_X509CertificateArr = new JCRYPTO_X509Certificate[vector.size()];
            for (int i3 = 0; i3 < vector.size(); i3++) {
                jCRYPTO_X509CertificateArr[i3] = (JCRYPTO_X509Certificate) vector.elementAt(i3);
            }
            return jCRYPTO_X509CertificateArr;
        } catch (Exception e) {
            throw new PKIServicesException("DirectoryClient::lookupCACertificates() - ", e);
        }
    }

    public byte[] lookupOCSPCertBytes(Vault vault, boolean z) throws PKIServicesException {
        try {
            byte[] a = a(vault, z);
            if (a == null) {
                return null;
            }
            new Vector();
            return a(new OcspOverHttp((String) (this.b.isEmpty() ? b(vault) : this.b).elementAt(0)).sendData(a), a);
        } catch (Exception e) {
            throw new PKIServicesException("DirectoryClient::lookupOCSPCertBytes - ", e);
        }
    }

    public String[] lookupOCSPCertStatus(Vault vault, boolean z) throws PKIServicesException {
        try {
            byte[] lookupOCSPCertBytes = lookupOCSPCertBytes(vault, z);
            if (lookupOCSPCertBytes != null) {
                return a(lookupOCSPCertBytes);
            }
            return null;
        } catch (Exception e) {
            throw new PKIServicesException("DirectoryClient::lookupOCSPCertStatus - ", e);
        }
    }

    public JCRYPTO_X509Certificate[] lookupUserCertificates(Vault vault, String str, String str2, String str3, KeyUsage keyUsage) throws PKIServicesException {
        try {
            Vector vector = new Vector();
            new Vector();
            Vector a = this.a.isEmpty() ? a(vault) : this.a;
            for (int i = 0; i < a.size(); i++) {
                String[] a2 = a((String) a.elementAt(i));
                if (str == null) {
                    str = a2[1];
                }
                LDAPDirectory lDAPDirectory = new LDAPDirectory(a2[2], new Integer(a2[3]).intValue());
                lDAPDirectory.setManagerNameAndPassword(a2[0], str);
                lDAPDirectory.connect();
                Vector vector2 = new Vector();
                if (str3 == null) {
                    for (X509Certificate x509Certificate : lDAPDirectory.getUserCertificates(str2)) {
                        JCRYPTO_X509Certificate jCRYPTO_X509Certificate = new JCRYPTO_X509Certificate(x509Certificate.getEncoded());
                        if (a(vault, jCRYPTO_X509Certificate, keyUsage, lDAPDirectory)) {
                            vector.addElement(jCRYPTO_X509Certificate);
                        }
                    }
                } else {
                    NamingEnumeration search = lDAPDirectory.search(str2, str3);
                    while (search != null && search.hasMore()) {
                        String stringBuffer = new StringBuffer(String.valueOf(((SearchResult) search.next()).getName())).append(",").append(str2).toString();
                        if (lDAPDirectory.getAttributes(stringBuffer, "usercertificate;binary") != null) {
                            vector2.addElement(stringBuffer);
                        }
                    }
                    if (search != null) {
                        for (int i2 = 0; i2 < vector2.size(); i2++) {
                            for (X509Certificate x509Certificate2 : lDAPDirectory.getUserCertificates((String) vector2.elementAt(i2))) {
                                JCRYPTO_X509Certificate jCRYPTO_X509Certificate2 = new JCRYPTO_X509Certificate(x509Certificate2.getEncoded());
                                if (a(vault, jCRYPTO_X509Certificate2, keyUsage, lDAPDirectory)) {
                                    vector.addElement(jCRYPTO_X509Certificate2);
                                }
                            }
                        }
                    }
                }
            }
            if (vector.isEmpty()) {
                return null;
            }
            JCRYPTO_X509Certificate[] jCRYPTO_X509CertificateArr = new JCRYPTO_X509Certificate[vector.size()];
            for (int i3 = 0; i3 < vector.size(); i3++) {
                jCRYPTO_X509CertificateArr[i3] = (JCRYPTO_X509Certificate) vector.elementAt(i3);
            }
            return jCRYPTO_X509CertificateArr;
        } catch (Exception e) {
            throw new PKIServicesException("DirectoryClient::lookupUserCertificates - ", e);
        }
    }

    private byte[] a(byte[] bArr, byte[] bArr2) throws PKIServicesException {
        try {
            OCSPResponse oCSPResponse = new OCSPResponse(bArr);
            if (oCSPResponse.getResponseStatus() != 0) {
                throw new PKIServicesException("No Successful response received.");
            }
            if (!oCSPResponse.getResponseBytes().getResponseType().equals(OIDs.id_pkix_ocsp_basic)) {
                throw new PKIServicesException(" No OCSP basic response received");
            }
            byte[] response = oCSPResponse.getResponseBytes().getResponse();
            BasicOCSPResponse basicOCSPResponse = new BasicOCSPResponse(response);
            ResponseData responseData = basicOCSPResponse.getResponseData();
            if (responseData.getVersion() != 1) {
                throw new PKIServicesException(" The version the OCSP response is incorrect.");
            }
            OCSPRequest oCSPRequest = new OCSPRequest(bArr2);
            int numberOfResponses = responseData.getNumberOfResponses();
            for (int i = 0; i < numberOfResponses; i++) {
                X509Certificate certificate = oCSPRequest.getCertificate(i);
                CertID certID = oCSPRequest.getTBSRequest().getRequest(i).getCertID();
                SingleResponse response2 = responseData.getResponse(i);
                if (!new ByteArray(response2.getCertID().getSerialNumber()).equals(new ByteArray(certID.getSerialNumber()))) {
                    throw new PKIServicesException(" The certificate identified in the OCSP response does not correspond to the one identified in the corresponding request.");
                }
                responseData.getResponderID();
                Date date = new Date();
                if (response2.getNextUpdate() != null && date.after(response2.getNextUpdate())) {
                    throw new PKIServicesException(" The date is after next update.");
                }
                if (date.before(response2.getThisUpdate())) {
                    throw new PKIServicesException(" The date is before this update.");
                }
                int numberOfCertificates = basicOCSPResponse.getNumberOfCertificates();
                for (int i2 = 0; i2 < numberOfCertificates; i2++) {
                    X509Certificate certificate2 = basicOCSPResponse.getCertificate(i2);
                    byte[] der = basicOCSPResponse.toDER();
                    Signature signature = Signature.getInstance(certificate.getSigAlgName());
                    signature.initVerify(certificate2.getPublicKey());
                    signature.update(der);
                    if (!signature.verify(basicOCSPResponse.getSignature(null))) {
                        throw new PKIServicesException(" The signature of the OCSP response is not valid.");
                    }
                }
            }
            return response;
        } catch (Exception e) {
            throw new PKIServicesException("DirectoryClient::parseOCSPServerResponse - ", e);
        }
    }

    private String[] a(String str) {
        String[] strArr = new String[4];
        for (int i = 0; i < 4; i++) {
            strArr[i] = null;
        }
        int indexOf = str.indexOf("//");
        if (indexOf != -1) {
            int indexOf2 = str.indexOf(";", indexOf);
            if (indexOf2 != -1) {
                strArr[0] = str.substring(indexOf + 2, indexOf2);
                int indexOf3 = str.indexOf("@", indexOf2);
                if (indexOf3 != -1) {
                    strArr[1] = str.substring(indexOf2 + 1, indexOf3);
                    int indexOf4 = str.indexOf(":", indexOf3);
                    if (indexOf4 != -1) {
                        strArr[2] = str.substring(indexOf3 + 1, indexOf4);
                        strArr[3] = str.substring(indexOf4 + 1, str.length());
                    } else {
                        strArr[2] = str.substring(indexOf3 + 1, str.length());
                    }
                }
            } else {
                int indexOf5 = str.indexOf("@", indexOf2);
                if (indexOf5 != -1) {
                    strArr[0] = str.substring(indexOf + 2, indexOf5);
                    int indexOf6 = str.indexOf(":", indexOf5);
                    if (indexOf6 != -1) {
                        strArr[2] = str.substring(indexOf5 + 1, indexOf6);
                        strArr[3] = str.substring(indexOf6 + 1, str.length());
                    } else {
                        strArr[2] = str.substring(indexOf5 + 1, str.length());
                    }
                }
            }
        }
        return strArr;
    }

    private String[] a(byte[] bArr) throws PKIServicesException {
        try {
            Vector vector = new Vector();
            ResponseData responseData = new BasicOCSPResponse(bArr).getResponseData();
            int numberOfResponses = responseData.getNumberOfResponses();
            for (int i = 0; i < numberOfResponses; i++) {
                SingleResponse response = responseData.getResponse(i);
                switch (response.getCertStatus().getStatus()) {
                    case 0:
                        vector.addElement("GOOD");
                        break;
                    case 1:
                        RevokedInfo revokedInfo = response.getCertStatus().getRevokedInfo();
                        if (revokedInfo.getReasonCode() != null) {
                            switch (revokedInfo.getReasonCode().getValue()) {
                                case 0:
                                    vector.addElement("REVOKED  Reason code is unspecified");
                                    break;
                                case 1:
                                    vector.addElement("REVOKED  Reason code is key compromise");
                                    break;
                                case 2:
                                    vector.addElement("REVOKED  Reason code is ca compromise");
                                    break;
                                case 3:
                                    vector.addElement("REVOKED  Reason code is affiliation changed");
                                    break;
                                case 4:
                                    vector.addElement("REVOKED  Reason code is superseded");
                                    break;
                                case 5:
                                    vector.addElement("REVOKED  Reason code is cessation of operation");
                                    break;
                                case 6:
                                    vector.addElement("REVOKED  Reason code is certificate hold");
                                    break;
                                case 8:
                                    vector.addElement("REVOKED  Reason code is remove from crl");
                                    break;
                            }
                        } else {
                            vector.addElement("REVOKED");
                            break;
                        }
                        break;
                    case 2:
                        vector.addElement("UNKNOWN");
                        break;
                }
            }
            if (vector.isEmpty()) {
                return null;
            }
            String[] strArr = new String[vector.size()];
            for (int i2 = 0; i2 < vector.size(); i2++) {
                strArr[i2] = (String) vector.elementAt(i2);
            }
            return strArr;
        } catch (Exception e) {
            throw new PKIServicesException("DirectoryClient::processBytesForStatus - ", e);
        }
    }

    public void removeLdapUrl(int i) {
        this.a.removeElementAt(i);
    }

    public void removeOcspUrl(int i) {
        this.b.removeElementAt(i);
    }

    public void setLdapUrlFromXMLPolicy(Vault vault) throws XMLPolicyException {
        if (!this.a.isEmpty()) {
            this.a.removeAllElements();
        }
        this.a = a(vault);
    }

    public void setOcspUrlFromXMLPolicy(Vault vault) throws XMLPolicyException {
        if (!this.b.isEmpty()) {
            this.b.removeAllElements();
        }
        this.b = b(vault);
    }
}
