package net.sourceforge.jnlp.security;

import java.io.IOException;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import net.sourceforge.jnlp.runtime.Translator;
import sun.security.util.HostnameChecker;
import sun.security.x509.X500Name;

/* loaded from: input_file:net/sourceforge/jnlp/security/HttpsCertVerifier.class */
public class HttpsCertVerifier implements CertVerifier {
    private VariableX509TrustManager tm;
    private X509Certificate[] chain;
    private String authType;
    private String hostName;
    private boolean isTrusted;
    private boolean hostMatched;
    private ArrayList<String> details = new ArrayList<>();

    public HttpsCertVerifier(VariableX509TrustManager variableX509TrustManager, X509Certificate[] x509CertificateArr, String str, boolean z, boolean z2, String str2) {
        this.tm = variableX509TrustManager;
        this.chain = x509CertificateArr;
        this.authType = str;
        this.hostName = str2;
        this.isTrusted = z;
        this.hostMatched = z2;
    }

    @Override // net.sourceforge.jnlp.security.CertVerifier
    public boolean getAlreadyTrustPublisher() {
        return this.isTrusted;
    }

    @Override // net.sourceforge.jnlp.security.CertVerifier
    public CertPath getCertPath() {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < this.chain.length; i++) {
            arrayList.add(this.chain[i]);
        }
        ArrayList arrayList2 = new ArrayList();
        try {
            arrayList2.add(CertificateFactory.getInstance("X.509").generateCertPath(arrayList));
        } catch (CertificateException e) {
            e.printStackTrace();
        }
        return (CertPath) arrayList2.get(0);
    }

    @Override // net.sourceforge.jnlp.security.CertVerifier
    public ArrayList<String> getDetails() {
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = !this.hostMatched;
        boolean z5 = getAlreadyTrustPublisher() ? false : true;
        for (int i = 0; i < this.chain.length; i++) {
            X509Certificate x509Certificate = this.chain[i];
            long currentTimeMillis = System.currentTimeMillis();
            long time = x509Certificate.getNotAfter().getTime();
            if (time < currentTimeMillis) {
                z = true;
            } else if (time < currentTimeMillis + 15552000000L) {
                z2 = true;
            }
            try {
                x509Certificate.checkValidity();
            } catch (CertificateExpiredException e) {
                z = true;
            } catch (CertificateNotYetValidException e2) {
                z3 = true;
            }
        }
        String namesForCert = getNamesForCert(this.chain[0]);
        if (z5 || z || z2 || z3 || z4) {
            if (z5) {
                addToDetails(Translator.R("SUntrustedCertificate"));
            }
            if (z) {
                addToDetails(Translator.R("SHasExpiredCert"));
            }
            if (z2) {
                addToDetails(Translator.R("SHasExpiringCert"));
            }
            if (z3) {
                addToDetails(Translator.R("SNotYetValidCert"));
            }
            if (z4) {
                addToDetails(Translator.R("SCNMisMatch", namesForCert, this.hostName));
            }
        }
        return this.details;
    }

    private String getNamesForCert(X509Certificate x509Certificate) {
        String str = "";
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            str = str + HostnameChecker.getSubjectX500Name(x509Certificate).findMostSpecificAttribute(X500Name.commonName_oid).getAsString();
            if (subjectAlternativeNames != null) {
                for (List<?> list : subjectAlternativeNames) {
                    if (((Integer) list.get(0)).intValue() == 7 || ((Integer) list.get(0)).intValue() == 2) {
                        str = str + ", " + ((String) list.get(1));
                    }
                }
            }
            if (subjectAlternativeNames != null) {
                str = str.substring(2);
            }
        } catch (IOException e) {
            e.printStackTrace();
        } catch (CertificateParsingException e2) {
            e2.printStackTrace();
        }
        return str;
    }

    private void addToDetails(String str) {
        if (this.details.contains(str)) {
            return;
        }
        this.details.add(str);
    }

    @Override // net.sourceforge.jnlp.security.CertVerifier
    public Certificate getPublisher() {
        if (this.chain.length > 0) {
            return this.chain[0];
        }
        return null;
    }

    @Override // net.sourceforge.jnlp.security.CertVerifier
    public Certificate getRoot() {
        if (this.chain.length > 0) {
            return this.chain[this.chain.length - 1];
        }
        return null;
    }

    @Override // net.sourceforge.jnlp.security.CertVerifier
    public boolean getRootInCacerts() {
        try {
            return CertificateUtils.inKeyStores((X509Certificate) getRoot(), KeyStores.getCAKeyStores());
        } catch (Exception e) {
            return false;
        }
    }

    @Override // net.sourceforge.jnlp.security.CertVerifier
    public boolean hasSigningIssues() {
        return false;
    }

    @Override // net.sourceforge.jnlp.security.CertVerifier
    public boolean noSigningIssues() {
        return false;
    }
}
