package de.hi_tier.hitupros.http;

import de.hi_tier.hitupros.HitException;
import de.hi_tier.hitupros.HitHelpers;
import de.hi_tier.hitupros.HitSimpleDTS;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.sql.Date;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;

/* loaded from: input_file:de/hi_tier/hitupros/http/SslCertificate.class */
final class SslCertificate {
    private String strThisRemoteHost;
    private String strThisCertType;
    private PrincipalName objThisSubjectName;
    private PrincipalName objThisIssuerName;
    private String[] astrThisSubjectAlternatveNames;
    private long longThisValidFrom;
    private long longThisValidTo;
    private String strThisPubKeyAlgorithm = null;
    private int intThisPubKeyRsaBitsize = -1;
    private SslCertificate objThisParent;

    protected SslCertificate() {
    }

    public SslCertificate(SSLSession sSLSession) throws SSLException {
        if (sSLSession == null) {
            throw new IllegalArgumentException("Null session?!");
        }
        parseSession(sSLSession);
    }

    public String toString() {
        return toString(false, false);
    }

    public String toString(boolean z) {
        return toString(z, false);
    }

    public String toDisplay() {
        return toString(true, true);
    }

    private String toString(boolean z, boolean z2) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("Type \"" + this.strThisCertType + "\"");
        arrayList.add("Subject " + this.objThisSubjectName + "");
        if (this.astrThisSubjectAlternatveNames != null) {
            arrayList.add("Subject Alternative Names (SAN) " + Arrays.toString(this.astrThisSubjectAlternatveNames) + "");
        }
        arrayList.add("Issuer " + this.objThisIssuerName + "");
        arrayList.add("valid from " + date2str(this.longThisValidFrom) + " to " + date2str(this.longThisValidTo));
        arrayList.add("Algorithm \"" + this.strThisPubKeyAlgorithm + "\"");
        if (this.intThisPubKeyRsaBitsize > 0) {
            arrayList.add("PubKey length " + this.intThisPubKeyRsaBitsize + " bits");
        }
        StringBuffer stringBuffer = new StringBuffer();
        if (this.strThisRemoteHost != null) {
            stringBuffer.append("Remote host: ").append(this.strThisRemoteHost).append(HitHelpers.scstrLf);
        }
        stringBuffer.append(getClass().getName()).append("[");
        int i = 0;
        while (i < arrayList.size()) {
            if (z2) {
                stringBuffer.append("\n\t");
            } else {
                stringBuffer.append(i > 0 ? "; " : HitHelpers.scstrLf);
            }
            stringBuffer.append(arrayList.get(i));
            i++;
        }
        if (z && this.objThisParent != null) {
            stringBuffer.append("\n+ " + this.objThisParent.toString(z, z2) + HitHelpers.scstrLf);
        }
        stringBuffer.append(z2 ? HitHelpers.scstrLf : "").append("]");
        return stringBuffer.toString();
    }

    private String date2str(long j) {
        try {
            return HitSimpleDTS.sstrFormatHitDate(new Date(j), HitSimpleDTS.sstrTsFormat_TT_MM_JJJJ_hh_mm_ss_nnn);
        } catch (HitException e) {
            return "<" + j + ">";
        }
    }

    public void verifyHost() throws SSLException {
        verifyHost(System.currentTimeMillis());
    }

    public void verifyHost(Date date) throws SSLException {
        verifyHost(date.getTime());
    }

    protected void verifyHost(long j) throws SSLException {
        if (this.strThisRemoteHost == null) {
            throw new IllegalStateException("Es kann nur ein Host-Zertifikat getestet werden, aber dies ist ein übergeordnetes!");
        }
        String lowerCase = this.objThisSubjectName.getCommonName().toLowerCase();
        String lowerCase2 = this.strThisRemoteHost.toLowerCase();
        if (!lowerCase.equals(lowerCase2)) {
            lowerCase2 = null;
        }
        if (lowerCase2 == null && this.astrThisSubjectAlternatveNames != null) {
            for (int i = 0; i < this.astrThisSubjectAlternatveNames.length; i++) {
                lowerCase2 = this.astrThisSubjectAlternatveNames[i].toLowerCase();
                if (lowerCase.equals(lowerCase2)) {
                    break;
                }
                lowerCase2 = null;
            }
        }
        if (lowerCase2 == null) {
            throw new SSLException("Gültiges Zertifikat erhalten, aber Hostname \"" + this.strThisRemoteHost + "\" passt nicht!");
        }
        if (this.longThisValidFrom > j) {
            throw new SSLException("Gültiges Zertifikat erhalten, es ist für \"" + this.strThisRemoteHost + "\" noch nicht gültig (erst ab " + getValidFrom() + ")!");
        }
        if (j > this.longThisValidTo) {
            throw new SSLException("Gültiges Zertifikat erhalten, es ist für \"" + this.strThisRemoteHost + "\" abgelaufen (seit " + getValidFrom() + ")!");
        }
    }

    public Date validFrom() {
        return new Date(this.longThisValidFrom);
    }

    public Date validTo() {
        return new Date(this.longThisValidTo);
    }

    public String getValidFrom() {
        return validFrom().toString();
    }

    public String getValidTo() {
        return validTo().toString();
    }

    private void parseSession(SSLSession sSLSession) throws SSLException {
        this.strThisRemoteHost = sSLSession.getPeerHost();
        Certificate[] peerCertificates = sSLSession.getPeerCertificates();
        if (peerCertificates == null) {
            throw new SSLException("No certificates found in SSLSession?!");
        }
        extractCert(peerCertificates, 0);
    }

    protected void extractCert(Certificate[] certificateArr, int i) {
        if (i >= certificateArr.length) {
            return;
        }
        this.strThisCertType = certificateArr[i].getType();
        if (certificateArr[i] instanceof X509Certificate) {
            X509Certificate x509Certificate = (X509Certificate) certificateArr[i];
            this.objThisSubjectName = new PrincipalName(x509Certificate.getSubjectX500Principal());
            this.objThisIssuerName = new PrincipalName(x509Certificate.getIssuerX500Principal());
            this.astrThisSubjectAlternatveNames = null;
            ArrayList arrayList = new ArrayList();
            try {
                if (x509Certificate.getSubjectAlternativeNames() != null) {
                    for (List<?> list : x509Certificate.getSubjectAlternativeNames()) {
                        ((Integer) list.get(0)).intValue();
                        if ((list.get(1) instanceof String) && this.astrThisSubjectAlternatveNames == null) {
                            arrayList.add(list.get(1));
                        }
                    }
                }
                this.astrThisSubjectAlternatveNames = (String[]) arrayList.toArray(new String[0]);
            } catch (CertificateParsingException e) {
            }
            arrayList.clear();
            this.longThisValidFrom = x509Certificate.getNotBefore().getTime();
            this.longThisValidTo = x509Certificate.getNotAfter().getTime();
            PublicKey publicKey = x509Certificate.getPublicKey();
            this.strThisPubKeyAlgorithm = publicKey.getAlgorithm();
            this.intThisPubKeyRsaBitsize = -1;
            if (publicKey instanceof RSAPublicKey) {
                this.intThisPubKeyRsaBitsize = ((RSAPublicKey) publicKey).getModulus().bitLength();
            }
        } else {
            this.strThisPubKeyAlgorithm = certificateArr[i].getPublicKey().getAlgorithm();
            this.intThisPubKeyRsaBitsize = -1;
        }
        this.objThisParent = null;
        int i2 = i + 1;
        if (i2 >= certificateArr.length) {
            return;
        }
        this.objThisParent = new SslCertificate();
        this.objThisParent.strThisRemoteHost = null;
        this.objThisParent.extractCert(certificateArr, i2);
    }
}
