package org.tmatesoft.svn.core.internal.util;

import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import java.util.EnumSet;
import java.util.List;

/* loaded from: input_file:WEB-INF/lib/svnkit-1.10.4.jar:org/tmatesoft/svn/core/internal/util/SVNSSLUtil.class */
public class SVNSSLUtil {

    /* loaded from: input_file:WEB-INF/lib/svnkit-1.10.4.jar:org/tmatesoft/svn/core/internal/util/SVNSSLUtil$CertificateDoesNotConformConstraints.class */
    public static class CertificateDoesNotConformConstraints extends CertificateException {
        public CertificateDoesNotConformConstraints(String str, Exception exc) {
            super(str, exc);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/svnkit-1.10.4.jar:org/tmatesoft/svn/core/internal/util/SVNSSLUtil$CertificateNotTrustedException.class */
    public static class CertificateNotTrustedException extends CertificateException {
        private static final long serialVersionUID = 4845;

        public CertificateNotTrustedException(String str, Throwable th) {
            super(str, th);
        }
    }

    public static StringBuffer getServerCertificatePrompt(X509Certificate x509Certificate, String str, String str2) {
        return getServerCertificatePrompt(x509Certificate, str, str2, EnumSet.noneOf(SVNCertificateFailureKind.class));
    }

    public static StringBuffer getServerCertificatePrompt(X509Certificate x509Certificate, String str, String str2, EnumSet<SVNCertificateFailureKind> enumSet) {
        int serverCertificateFailures = getServerCertificateFailures(x509Certificate, str2) & (SVNCertificateFailureKind.createMask(enumSet) ^ (-1));
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("Error validating server certificate for '");
        stringBuffer.append(str);
        stringBuffer.append("':\n");
        if ((serverCertificateFailures & SVNCertificateFailureKind.UNKNOWN_CA.getCode()) != 0) {
            stringBuffer.append(" - The certificate is not issued by a trusted authority. Use the\n   fingerprint to validate the certificate manually!\n");
        }
        if ((serverCertificateFailures & SVNCertificateFailureKind.CN_MISMATCH.getCode()) != 0) {
            stringBuffer.append(" - The certificate hostname does not match.\n");
        }
        if ((serverCertificateFailures & SVNCertificateFailureKind.EXPIRED.getCode()) != 0) {
            stringBuffer.append(" - The certificate has expired.\n");
        }
        if ((serverCertificateFailures & SVNCertificateFailureKind.NOT_YET_VALID.getCode()) != 0) {
            stringBuffer.append(" - The certificate is not yet valid.\n");
        }
        getServerCertificateInfo(x509Certificate, stringBuffer);
        return stringBuffer;
    }

    private static String getFingerprint(X509Certificate x509Certificate) {
        try {
            return getFingerprint(x509Certificate.getEncoded(), "SHA1");
        } catch (Exception e) {
            return null;
        }
    }

    public static String getFingerprint(byte[] bArr, String str) {
        StringBuffer stringBuffer = new StringBuffer();
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str != null ? str : "SHA1");
            messageDigest.update(bArr);
            byte[] digest = messageDigest.digest();
            for (int i = 0; i < digest.length; i++) {
                if (i != 0) {
                    stringBuffer.append(':');
                }
                String hexString = Integer.toHexString(digest[i] & 255);
                if (hexString.length() == 1) {
                    stringBuffer.append('0');
                }
                stringBuffer.append(hexString.toLowerCase());
            }
        } catch (Exception e) {
        }
        return stringBuffer.toString();
    }

    private static void getServerCertificateInfo(X509Certificate x509Certificate, StringBuffer stringBuffer) {
        stringBuffer.append("Certificate information:");
        stringBuffer.append('\n');
        stringBuffer.append(" - Subject: ");
        stringBuffer.append(x509Certificate.getSubjectDN().getName());
        stringBuffer.append('\n');
        stringBuffer.append(" - Valid: ");
        stringBuffer.append("from " + x509Certificate.getNotBefore() + " until " + x509Certificate.getNotAfter());
        stringBuffer.append('\n');
        stringBuffer.append(" - Issuer: ");
        stringBuffer.append(x509Certificate.getIssuerDN().getName());
        stringBuffer.append('\n');
        stringBuffer.append(" - Fingerprint: ");
        stringBuffer.append(getFingerprint(x509Certificate));
    }

    public static int getServerCertificateFailures(X509Certificate x509Certificate, String str) {
        Date date = new Date(System.currentTimeMillis());
        int i = date.before(x509Certificate.getNotBefore()) ? 8 | 1 : 8;
        if (date.after(x509Certificate.getNotAfter())) {
            i |= 2;
        }
        String name = x509Certificate.getSubjectDN().getName();
        int indexOf = name.indexOf("CN=");
        if (indexOf >= 0) {
            name = name.substring(indexOf + 3);
            if (name.indexOf(32) >= 0) {
                name = name.substring(0, name.indexOf(32));
            }
            if (name.indexOf(44) >= 0) {
                name = name.substring(0, name.indexOf(44));
            }
        }
        if (!str.equals(name)) {
            try {
                Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
                if (subjectAlternativeNames != null) {
                    for (List<?> list : subjectAlternativeNames) {
                        if ((list instanceof Collection) && list.size() >= 2) {
                            Object[] array = list.toArray();
                            Object obj = array[0];
                            Object obj2 = array[1];
                            if ((obj instanceof Integer) && (obj2 instanceof String) && ((Integer) obj).intValue() == 2 && obj2.equals(str)) {
                                return i;
                            }
                        }
                    }
                }
            } catch (CertificateParsingException e) {
            }
            i |= 4;
        }
        return i;
    }
}
