package com.sun.deploy.security;

import com.sun.applet2.preloader.CancelException;
import com.sun.applet2.preloader.Preloader;
import com.sun.applet2.preloader.event.UserDeclinedEvent;
import com.sun.deploy.config.Config;
import com.sun.deploy.resources.ResourceManager;
import com.sun.deploy.services.Service;
import com.sun.deploy.services.ServiceManager;
import com.sun.deploy.trace.Trace;
import com.sun.deploy.trace.TraceLevel;
import com.sun.deploy.ui.AppInfo;
import com.sun.deploy.uitoolkit.Applet2Adapter;
import com.sun.deploy.uitoolkit.ToolkitStore;
import com.sun.deploy.util.DeployLock;
import com.sun.deploy.util.PerfLogger;
import com.sun.javafx.fxml.expression.Expression;
import java.io.DataInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLConnection;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.Security;
import java.security.Timestamp;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import sun.security.provider.certpath.OCSP;
import sun.security.validator.Validator;

/* loaded from: input_file:com/sun/deploy/security/TrustDecider.class */
public class TrustDecider {
    public static final int TrustOption_GrantThisSession = 0;
    public static final int TrustOption_Deny = 1;
    public static final int TrustOption_GrantAlways = 2;
    private static DeployLock deployLock;
    public static final long PERMISSION_GRANTED_FOR_SESSION = 1;
    public static final long PERMISSION_DENIED = 0;
    private static boolean storesLoaded;
    private static boolean reloadDeniedStore;
    private static CertStore rootStore = null;
    private static CertStore permanentStore = null;
    private static CertStore sessionStore = null;
    private static CertStore deniedStore = null;
    private static CertStore browserRootStore = null;
    private static CertStore browserTrustedStore = null;
    private static LazyRootStore lazyRootStore = null;
    private static List jurisdictionList = null;
    private static X509CRL crl509 = null;
    private static boolean ocspValidConfig = false;
    private static String ocspSigner = null;
    private static String ocspURL = null;
    private static boolean crlCheck = false;
    private static boolean ocspCheck = false;
    private static boolean ocspEECheck = false;
    private static final String SUN_NAMESPACE = "OU=Java Signed Extensions,OU=Corporate Object Signing,O=Sun Microsystems Inc";
    private static final String ORACLE_NAMESPACE = "OU=Java Signed Extensions,OU=Corporate Object Signing,O=Oracle Corporation";
    private static final String[] PRE_TRUSTED_NAMESPACES = {SUN_NAMESPACE, ORACLE_NAMESPACE};
    private static final List preTrustList = Arrays.asList(PRE_TRUSTED_NAMESPACES);

    private static void grabDeployLock() throws InterruptedException {
        deployLock.lock();
    }

    private static void releaseDeployLock() {
        try {
            deployLock.unlock();
        } catch (IllegalMonitorStateException e) {
        }
    }

    public static void resetDenyStore() {
        Trace.msgSecurityPrintln("trustdecider.check.reset.denystore");
        try {
            try {
                grabDeployLock();
                deniedStore = new DeniedCertStore();
                reloadDeniedStore = true;
            } catch (InterruptedException e) {
                throw new RuntimeException(e);
            }
        } finally {
            releaseDeployLock();
        }
    }

    public static void reset() {
        PerfLogger.setTime("Security: Start Reset call in TrustDecider class");
        try {
            try {
                grabDeployLock();
                storesLoaded = false;
                rootStore = RootCertStore.getCertStore();
                permanentStore = DeploySigningCertStore.getCertStore();
                sessionStore = new SessionCertStore("TrustDecider");
                deniedStore = new DeniedCertStore();
                jurisdictionList = null;
                if (Config.getBooleanProperty(Config.SEC_USE_PRETRUST_LIST_KEY)) {
                    jurisdictionList = preTrustList;
                }
                if (Config.getBooleanProperty(Config.SEC_USE_BROWSER_KEYSTORE_KEY)) {
                    Service service = ServiceManager.getService();
                    browserRootStore = service.getBrowserSigningRootCertStore();
                    browserTrustedStore = service.getBrowserTrustedCertStore();
                }
                try {
                    lazyRootStore = new LazyRootStore(browserRootStore, rootStore);
                } catch (Exception e) {
                    e.printStackTrace();
                }
                try {
                    AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.sun.deploy.security.TrustDecider.1
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws Exception {
                            String stringProperty;
                            boolean unused = TrustDecider.crlCheck = Config.getBooleanProperty(Config.SEC_USE_VALIDATION_CRL_KEY);
                            if (!TrustDecider.crlCheck || (stringProperty = Config.getStringProperty(Config.SEC_USE_VALIDATION_CRL_URL_KEY)) == null || stringProperty.length() <= 0) {
                                return null;
                            }
                            CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
                            URLConnection openConnection = new URL(stringProperty).openConnection();
                            openConnection.setDoInput(true);
                            openConnection.setUseCaches(false);
                            DataInputStream dataInputStream = new DataInputStream(openConnection.getInputStream());
                            X509CRL unused2 = TrustDecider.crl509 = (X509CRL) certificateFactory.generateCRL(dataInputStream);
                            dataInputStream.close();
                            return null;
                        }
                    });
                } catch (PrivilegedActionException e2) {
                    e2.printStackTrace();
                }
                try {
                    AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.sun.deploy.security.TrustDecider.2
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws Exception {
                            boolean unused = TrustDecider.ocspCheck = Config.getBooleanProperty(Config.SEC_USE_VALIDATION_OCSP_KEY);
                            if (TrustDecider.ocspCheck) {
                                String unused2 = TrustDecider.ocspSigner = Config.getStringProperty(Config.SEC_USE_VALIDATION_OCSP_SIGNER_KEY);
                                String unused3 = TrustDecider.ocspURL = Config.getStringProperty(Config.SEC_USE_VALIDATION_OCSP_URL_KEY);
                                if (TrustDecider.ocspSigner != null && TrustDecider.ocspSigner.length() > 0 && TrustDecider.ocspURL != null && TrustDecider.ocspURL.length() > 0) {
                                    boolean unused4 = TrustDecider.ocspValidConfig = true;
                                }
                            }
                            boolean unused5 = TrustDecider.ocspEECheck = Config.getBooleanProperty(Config.SEC_USE_VALIDATION_OCSP_EE_KEY);
                            return null;
                        }
                    });
                } catch (PrivilegedActionException e3) {
                    e3.printStackTrace();
                }
                PerfLogger.setTime("Security: End Reset call in TrustDecider class");
            } catch (InterruptedException e4) {
                throw new RuntimeException(e4);
            }
        } finally {
            releaseDeployLock();
        }
    }

    public static long isAllPermissionGranted(CodeSource codeSource, Preloader preloader) throws CertificateEncodingException, CertificateExpiredException, CertificateNotYetValidException, CertificateParsingException, CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException, CRLException, InvalidAlgorithmParameterException {
        return isAllPermissionGranted(codeSource, new AppInfo(), false, preloader);
    }

    private static void notifyOnUserDeclined(Preloader preloader, String str) {
        if (preloader == null) {
            preloader = (Preloader) ToolkitStore.get().getAppContext().get(Applet2Adapter.PRELOADER_KEY);
        }
        if (preloader != null) {
            try {
                preloader.handleEvent(new UserDeclinedEvent(str));
            } catch (CancelException e) {
            }
        }
    }

    private static void doCheckRevocationStatus(X509Certificate[] x509CertificateArr, Date date) throws KeyStoreException, CertificateException, NoSuchAlgorithmException {
        if (permanentStore.contains(x509CertificateArr[0])) {
            return;
        }
        try {
            if (doOCSPEEValidation(x509CertificateArr[0], x509CertificateArr[1], lazyRootStore, date) != OCSP.RevocationStatus.CertStatus.GOOD) {
                Trace.msgSecurityPrintln("trustdecider.check.ocsp.ee.bad");
                throw new CertificateException(ResourceManager.getMessage("trustdecider.check.ocsp.ee.revoked"));
            }
            Trace.msgSecurityPrintln("trustdecider.check.ocsp.ee.good");
        } catch (IOException e) {
            Trace.msgSecurityPrintln(e.getMessage());
        } catch (NoClassDefFoundError e2) {
        } catch (CertPathValidatorException e3) {
            Trace.msgSecurityPrintln(e3.getMessage());
            throw new CertificateException(e3);
        }
    }

    private static List breakDownMultiSignerChains(Certificate[] certificateArr) {
        int i = 0;
        int i2 = 0;
        int i3 = 0;
        ArrayList arrayList = new ArrayList();
        while (i2 < certificateArr.length) {
            ArrayList arrayList2 = new ArrayList();
            int i4 = i;
            while (i4 + 1 < certificateArr.length && (certificateArr[i4] instanceof X509Certificate) && (certificateArr[i4 + 1] instanceof X509Certificate) && CertUtils.isIssuerOf((X509Certificate) certificateArr[i4], (X509Certificate) certificateArr[i4 + 1])) {
                i4++;
            }
            i2 = i4 + 1;
            for (int i5 = i; i5 < i2; i5++) {
                arrayList2.add(certificateArr[i5]);
            }
            arrayList.add(arrayList2);
            i = i2;
            i3++;
        }
        return arrayList;
    }

    private static boolean haveValidatorSupport() {
        if (!Config.isJavaVersionAtLeast16()) {
            return false;
        }
        try {
            return Class.forName("sun.security.validator.Validator", true, ClassLoader.getSystemClassLoader()) != null;
        } catch (ClassNotFoundException e) {
            Trace.msgSecurityPrintln("trustdecider.check.validate.notfound");
            return false;
        }
    }

    private static boolean hasCRL(X509Certificate[] x509CertificateArr) throws IOException {
        if (crl509 != null) {
            return true;
        }
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (CertUtils.getCertCRLExtension(x509Certificate)) {
                return true;
            }
        }
        return false;
    }

    private static boolean hasOCSP(X509Certificate[] x509CertificateArr) throws IOException {
        if (ocspValidConfig) {
            return true;
        }
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (CertUtils.hasAIAExtensionWithOCSPAccessMethod(x509Certificate)) {
                return true;
            }
        }
        return false;
    }

    public static synchronized void validateChainForWarmup(X509Certificate[] x509CertificateArr, CodeSource codeSource, int i, AppInfo appInfo, boolean z) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, CRLException, InvalidAlgorithmParameterException {
        try {
            grabDeployLock();
            ensureBasicStoresLoaded();
            Trace.println(new StringBuffer().append("Warmup validation completed (res=").append(validateChain(x509CertificateArr, codeSource, i, appInfo, z, null)).append(Expression.RIGHT_PARENTHESIS).toString(), TraceLevel.SECURITY);
        } catch (InterruptedException e) {
        } finally {
            releaseDeployLock();
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:102:0x0386  */
    /* JADX WARN: Removed duplicated region for block: B:108:0x03ab  */
    /* JADX WARN: Removed duplicated region for block: B:173:0x0534 A[RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:220:0x0220 A[Catch: CertificateException -> 0x027d, IOException -> 0x0301, InvalidAlgorithmParameterException -> 0x030e, CRLException -> 0x031b, all -> 0x0328, TryCatch #4 {IOException -> 0x0301, blocks: (B:224:0x0194, B:66:0x01a7, B:69:0x01b3, B:71:0x01eb, B:72:0x0201, B:74:0x020b, B:75:0x0225, B:78:0x023b, B:80:0x0251, B:84:0x0272, B:220:0x0220, B:221:0x01fc), top: B:223:0x0194, outer: #3 }] */
    /* JADX WARN: Removed duplicated region for block: B:221:0x01fc A[Catch: CertificateException -> 0x027d, IOException -> 0x0301, InvalidAlgorithmParameterException -> 0x030e, CRLException -> 0x031b, all -> 0x0328, TryCatch #4 {IOException -> 0x0301, blocks: (B:224:0x0194, B:66:0x01a7, B:69:0x01b3, B:71:0x01eb, B:72:0x0201, B:74:0x020b, B:75:0x0225, B:78:0x023b, B:80:0x0251, B:84:0x0272, B:220:0x0220, B:221:0x01fc), top: B:223:0x0194, outer: #3 }] */
    /* JADX WARN: Removed duplicated region for block: B:71:0x01eb A[Catch: CertificateException -> 0x027d, IOException -> 0x0301, InvalidAlgorithmParameterException -> 0x030e, CRLException -> 0x031b, all -> 0x0328, TryCatch #4 {IOException -> 0x0301, blocks: (B:224:0x0194, B:66:0x01a7, B:69:0x01b3, B:71:0x01eb, B:72:0x0201, B:74:0x020b, B:75:0x0225, B:78:0x023b, B:80:0x0251, B:84:0x0272, B:220:0x0220, B:221:0x01fc), top: B:223:0x0194, outer: #3 }] */
    /* JADX WARN: Removed duplicated region for block: B:74:0x020b A[Catch: CertificateException -> 0x027d, IOException -> 0x0301, InvalidAlgorithmParameterException -> 0x030e, CRLException -> 0x031b, all -> 0x0328, TryCatch #4 {IOException -> 0x0301, blocks: (B:224:0x0194, B:66:0x01a7, B:69:0x01b3, B:71:0x01eb, B:72:0x0201, B:74:0x020b, B:75:0x0225, B:78:0x023b, B:80:0x0251, B:84:0x0272, B:220:0x0220, B:221:0x01fc), top: B:223:0x0194, outer: #3 }] */
    /* JADX WARN: Removed duplicated region for block: B:78:0x023b A[Catch: CertificateException -> 0x027d, IOException -> 0x0301, InvalidAlgorithmParameterException -> 0x030e, CRLException -> 0x031b, all -> 0x0328, LOOP:1: B:76:0x0234->B:78:0x023b, LOOP_END, TryCatch #4 {IOException -> 0x0301, blocks: (B:224:0x0194, B:66:0x01a7, B:69:0x01b3, B:71:0x01eb, B:72:0x0201, B:74:0x020b, B:75:0x0225, B:78:0x023b, B:80:0x0251, B:84:0x0272, B:220:0x0220, B:221:0x01fc), top: B:223:0x0194, outer: #3 }] */
    /* JADX WARN: Removed duplicated region for block: B:89:0x0345  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static long validateChain(java.security.cert.X509Certificate[] r10, java.security.CodeSource r11, int r12, com.sun.deploy.ui.AppInfo r13, boolean r14, com.sun.applet2.preloader.Preloader r15) throws java.security.KeyStoreException, java.io.IOException, java.security.cert.CertificateException, java.security.NoSuchAlgorithmException, java.security.cert.CRLException, java.security.InvalidAlgorithmParameterException {
        /*
            Method dump skipped, instructions count: 1334
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.deploy.security.TrustDecider.validateChain(java.security.cert.X509Certificate[], java.security.CodeSource, int, com.sun.deploy.ui.AppInfo, boolean, com.sun.applet2.preloader.Preloader):long");
    }

    private static void ensureBasicStoresLoaded() throws InterruptedException, IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        if (reloadDeniedStore || !storesLoaded) {
            deniedStore.load();
            reloadDeniedStore = false;
        }
        if (storesLoaded) {
            return;
        }
        storesLoaded = true;
        PerfLogger.setTime("Security: Start loading JRE permanent certStore");
        permanentStore.load();
        PerfLogger.setTime("Security: End loading JRE permanent certStore");
        sessionStore.load();
        PerfLogger.setTime("Security: start loading browser Trust certStore");
        if (browserTrustedStore != null) {
            browserTrustedStore.load();
        }
        PerfLogger.setTime("Security: End loading browser Trust certStore");
    }

    public static synchronized long isAllPermissionGranted(CodeSource codeSource, AppInfo appInfo, boolean z, Preloader preloader) throws CertificateEncodingException, CertificateExpiredException, CertificateNotYetValidException, CertificateParsingException, CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException, CRLException, InvalidAlgorithmParameterException {
        try {
            try {
                grabDeployLock();
                Certificate[] certificates = codeSource.getCertificates();
                if (certificates == null) {
                    return 0L;
                }
                ensureBasicStoresLoaded();
                List breakDownMultiSignerChains = breakDownMultiSignerChains(certificates);
                PerfLogger.setTime("Security: End break certificate chain");
                if (haveValidatorSupport()) {
                    Trace.msgSecurityPrintln("trustdecider.check.validate.certpath.algorithm");
                    Iterator it = breakDownMultiSignerChains.iterator();
                    int i = 0;
                    while (it.hasNext()) {
                        PerfLogger.setTime("Security: Start check certificate expired");
                        long validateChain = validateChain((X509Certificate[]) ((List) it.next()).toArray(new X509Certificate[0]), codeSource, i, appInfo, z, preloader);
                        if (validateChain != 0) {
                            return validateChain;
                        }
                        i++;
                    }
                } else {
                    Trace.msgSecurityPrintln("trustdecider.check.validate.legacy.algorithm");
                    rootStore.load();
                    if (browserRootStore != null) {
                        browserRootStore.load();
                    }
                    if (CertValidator.validate(codeSource, appInfo, certificates, breakDownMultiSignerChains.size(), rootStore, browserRootStore, browserTrustedStore, sessionStore, permanentStore, deniedStore)) {
                        return 1L;
                    }
                }
                return 0L;
            } catch (InterruptedException e) {
                throw new RuntimeException(e);
            }
        } finally {
            releaseDeployLock();
        }
    }

    private static boolean checkTSAPath(CertPath certPath, LazyRootStore lazyRootStore2) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        Trace.msgSecurityPrintln("trustdecider.check.timestamping.tsapath");
        X509Certificate[] x509CertificateArr = (X509Certificate[]) certPath.getCertificates().toArray(new X509Certificate[0]);
        List trustAnchors = lazyRootStore2.getTrustAnchors(x509CertificateArr[x509CertificateArr.length - 1]);
        if (trustAnchors == null) {
            return false;
        }
        try {
            Validator.getInstance("PKIX", "tsa server", trustAnchors).validate(x509CertificateArr);
            return true;
        } catch (CertificateException e) {
            Trace.msgSecurityPrintln(e.getMessage());
            return false;
        }
    }

    private static PKIXParameters doCRLValidation(PKIXParameters pKIXParameters, boolean z) throws IOException, InvalidAlgorithmParameterException, CRLException, NoSuchAlgorithmException {
        if (crl509 != null) {
            Trace.msgSecurityPrintln("trustdecider.check.validation.crl.system.on");
            System.clearProperty("com.sun.security.enableCRLDP");
            pKIXParameters.setRevocationEnabled(true);
            pKIXParameters.addCertStore(java.security.cert.CertStore.getInstance("Collection", new CollectionCertStoreParameters(Collections.singletonList(crl509))));
        } else {
            Trace.msgSecurityPrintln("trustdecider.check.validation.crl.system.off");
            pKIXParameters.setRevocationEnabled(z);
            System.setProperty("com.sun.security.enableCRLDP", Boolean.toString(z));
        }
        return pKIXParameters;
    }

    private static void doOCSPValidation(PKIXParameters pKIXParameters, LazyRootStore lazyRootStore2, X509Certificate[] x509CertificateArr, boolean z, boolean z2) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        Security.setProperty("ocsp.enable", Boolean.toString(z));
        if (ocspValidConfig) {
            Security.setProperty("ocsp.responderURL", ocspURL);
        }
        pKIXParameters.setRevocationEnabled(z);
        if (ocspValidConfig) {
            Trace.msgSecurityPrintln("trustdecider.check.validation.ocsp.system.on");
            boolean containSubject = lazyRootStore2.containSubject(ocspSigner);
            X509Certificate oCSPCert = lazyRootStore2.getOCSPCert();
            if (containSubject && oCSPCert != null) {
                Security.setProperty("ocsp.responderCertSubjectName", oCSPCert.getSubjectX500Principal().getName());
            }
        } else {
            Trace.msgSecurityPrintln("trustdecider.check.validation.ocsp.system.off");
        }
        if (z2 || !z) {
            return;
        }
        System.setProperty("com.sun.security.enableCRLDP", "true");
    }

    private static OCSP.RevocationStatus.CertStatus doOCSPEEValidation(X509Certificate x509Certificate, X509Certificate x509Certificate2, LazyRootStore lazyRootStore2, Date date) throws IOException, CertPathValidatorException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        URI uri;
        Trace.msgSecurityPrintln("trustdecider.check.ocsp.ee.start");
        X509Certificate x509Certificate3 = x509Certificate2;
        if (ocspValidConfig) {
            try {
                uri = new URI(ocspURL);
                if (lazyRootStore2.containSubject(ocspSigner)) {
                    x509Certificate3 = lazyRootStore2.getOCSPCert();
                }
            } catch (URISyntaxException e) {
                Trace.msgSecurityPrintln("trustdecider.check.ocsp.ee.responderURI.no");
                return OCSP.RevocationStatus.CertStatus.GOOD;
            }
        } else {
            uri = OCSP.getResponderURI(x509Certificate);
        }
        if (uri == null) {
            Trace.msgSecurityPrintln("trustdecider.check.ocsp.ee.responderURI.no");
            return OCSP.RevocationStatus.CertStatus.GOOD;
        }
        Trace.msgSecurityPrintln("trustdecider.check.ocsp.ee.responderURI.value", new Object[]{uri.toString()});
        OCSP.RevocationStatus.CertStatus certStatus = OCSP.check(x509Certificate, x509Certificate2, uri, x509Certificate3, date).getCertStatus();
        Trace.msgSecurityPrintln("trustdecider.check.ocsp.ee.return.status", new Object[]{certStatus.name()});
        return certStatus;
    }

    private static boolean checkTrustedExtension(X509Certificate x509Certificate) {
        Trace.msgSecurityPrintln("trustdecider.check.trustextension.jurisdiction");
        String name = x509Certificate.getSubjectX500Principal().getName();
        Iterator it = jurisdictionList.iterator();
        while (it.hasNext()) {
            if (name.endsWith((String) it.next())) {
                Trace.msgSecurityPrintln("trustdecider.check.trustextension.jurisdiction.found");
                return true;
            }
        }
        return false;
    }

    private static Date getTimeStampInfo(CodeSource codeSource, int i, X509Certificate[] x509CertificateArr, LazyRootStore lazyRootStore2, boolean z) {
        Date date = null;
        if (!z) {
            Trace.msgSecurityPrintln("trustdecider.check.timestamping.noneed");
            return null;
        }
        try {
            Trace.msgSecurityPrintln("trustdecider.check.timestamping.need");
            Timestamp timestamp = codeSource.getCodeSigners()[i].getTimestamp();
            if (timestamp != null) {
                Trace.msgSecurityPrintln("trustdecider.check.timestamping.yes");
                date = timestamp.getTimestamp();
                CertPath signerCertPath = timestamp.getSignerCertPath();
                Trace.msgSecurityPrintln("trustdecider.check.timestamping.need");
                Date notAfter = x509CertificateArr[x509CertificateArr.length - 1].getNotAfter();
                Date notBefore = x509CertificateArr[x509CertificateArr.length - 1].getNotBefore();
                if (date.before(notAfter) && date.after(notBefore)) {
                    Trace.msgSecurityPrintln("trustdecider.check.timestamping.valid");
                    if (!checkTSAPath(signerCertPath, lazyRootStore2)) {
                        date = null;
                    }
                } else {
                    Trace.msgSecurityPrintln("trustdecider.check.timestamping.invalid");
                    date = null;
                }
            } else {
                Trace.msgSecurityPrintln("trustdecider.check.timestamping.no");
            }
        } catch (IOException e) {
            Trace.msgSecurityPrintln("trustdecider.check.timestamping.notfound");
        } catch (NoSuchMethodError e2) {
            Trace.msgSecurityPrintln("trustdecider.check.timestamping.notfound");
        } catch (KeyStoreException e3) {
            Trace.msgSecurityPrintln("trustdecider.check.timestamping.notfound");
        } catch (NoSuchAlgorithmException e4) {
            Trace.msgSecurityPrintln("trustdecider.check.timestamping.notfound");
        } catch (CertificateException e5) {
            Trace.msgSecurityPrintln("trustdecider.check.timestamping.notfound");
        }
        return date;
    }

    static {
        deployLock = null;
        deployLock = new DeployLock();
        reset();
        storesLoaded = false;
        reloadDeniedStore = false;
    }
}
