package com.ibm.rational.test.lt.execution.socket.vp;

import com.ibm.rational.test.lt.execution.socket.log.ExecutionMessages;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import java.util.regex.Pattern;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/ibm/rational/test/lt/execution/socket/vp/SckSecureUpgradeUtils.class */
public final class SckSecureUpgradeUtils {

    /* loaded from: input_file:com/ibm/rational/test/lt/execution/socket/vp/SckSecureUpgradeUtils$SckSecureUpgradeVerificationResult.class */
    public static class SckSecureUpgradeVerificationResult {
        private boolean verified;
        private String message;

        public SckSecureUpgradeVerificationResult(boolean z, String str) {
            this.verified = z;
            this.message = str;
        }

        public boolean isVerified() {
            return this.verified;
        }

        public String getMessage() {
            return this.message;
        }
    }

    private static int getDaysLeft(int i, long j, Date date) {
        int time;
        if (date != null && (time = (int) (((((date.getTime() - j) / 1000) / 60) / 60) / 24)) < i) {
            i = time;
        }
        return i;
    }

    private static SckSecureUpgradeVerificationResult checkValidity(X509Certificate[] x509CertificateArr) {
        try {
            long time = new Date().getTime();
            int i = Integer.MAX_VALUE;
            for (int i2 = 0; i2 < x509CertificateArr.length - 1; i2++) {
                x509CertificateArr[i2].checkValidity();
                i = getDaysLeft(i, time, x509CertificateArr[i2].getNotAfter());
            }
            int length = x509CertificateArr.length - 1;
            x509CertificateArr[length].checkValidity();
            int daysLeft = getDaysLeft(i, time, x509CertificateArr[length].getNotAfter());
            return daysLeft > 0 ? new SckSecureUpgradeVerificationResult(true, ExecutionMessages.getMessage("SECURE_UPGRADE_TAB_SERVER_CERTIFICATE_VALIDITY_OK", daysLeft)) : new SckSecureUpgradeVerificationResult(true, ExecutionMessages.getMessage("SECURE_UPGRADE_TAB_SERVER_CERTIFICATE_VALIDITY_OK_LESS_THAN_ONE_DAY"));
        } catch (CertificateExpiredException e) {
            return new SckSecureUpgradeVerificationResult(false, ExecutionMessages.getMessage("SECURE_UPGRADE_TAB_SERVER_CERTIFICATE_EXPIRED", e.getLocalizedMessage()));
        } catch (CertificateNotYetValidException e2) {
            return new SckSecureUpgradeVerificationResult(false, ExecutionMessages.getMessage("SECURE_UPGRADE_TAB_SERVER_CERTIFICATE_NOT_YET_VALID", e2.getLocalizedMessage()));
        }
    }

    public static String getX509CertificateSubjectCN(X509Certificate x509Certificate) {
        String name = x509Certificate.getSubjectX500Principal().getName();
        int indexOf = name.indexOf("CN=");
        if (indexOf < 0) {
            return ExecutionMessages.getMessage("SECURE_UPGRADE_TAB_SERVER_CERTIFICATE_UNKNOWN_CN");
        }
        int indexOf2 = name.indexOf(44, indexOf);
        return indexOf2 > 0 ? name.substring(indexOf + 3, indexOf2) : name.substring(indexOf + 3);
    }

    public static String[][] getSubjectAltNames(X509Certificate x509Certificate) {
        String[][] strArr = (String[][]) null;
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                ArrayList arrayList = new ArrayList();
                for (List<?> list : subjectAlternativeNames) {
                    if (list.get(1) instanceof String) {
                        String[] strArr2 = new String[2];
                        strArr2[1] = (String) list.get(1);
                        arrayList.add(strArr2);
                    }
                }
                strArr = (String[][]) arrayList.toArray(new String[subjectAlternativeNames.size()]);
            }
        } catch (CertificateParsingException unused) {
        }
        return strArr;
    }

    public static boolean checkHostName(String str, String str2) {
        return Pattern.compile(str2.replaceAll("\\.", "\\\\.").replaceAll("\\*", ".*")).matcher(str).matches();
    }

    public static boolean checkHostName(String str, X509Certificate x509Certificate) {
        if (checkHostName(str, getX509CertificateSubjectCN(x509Certificate))) {
            return true;
        }
        String[][] subjectAltNames = getSubjectAltNames(x509Certificate);
        if (subjectAltNames == null) {
            return false;
        }
        for (String[] strArr : subjectAltNames) {
            if (checkHostName(str, strArr[1])) {
                return true;
            }
        }
        return false;
    }

    private static SckSecureUpgradeVerificationResult checkSignature(X509Certificate[] x509CertificateArr) {
        for (int i = 0; i < x509CertificateArr.length - 1; i++) {
            try {
                x509CertificateArr[i].verify(x509CertificateArr[i + 1].getPublicKey());
            } catch (InvalidKeyException e) {
                return new SckSecureUpgradeVerificationResult(false, ExecutionMessages.getMessage("SECURE_UPGRADE_TAB_SERVER_CERTIFICATE_INVALID_KEYS", e.getLocalizedMessage()));
            } catch (NoSuchAlgorithmException e2) {
                return new SckSecureUpgradeVerificationResult(false, ExecutionMessages.getMessage("SECURE_UPGRADE_TAB_SERVER_CERTIFICATE_NO_SUCH_ALGORITHM", e2.getLocalizedMessage()));
            } catch (NoSuchProviderException e3) {
                return new SckSecureUpgradeVerificationResult(false, ExecutionMessages.getMessage("SECURE_UPGRADE_TAB_SERVER_CERTIFICATE_NO_SUCH_PROVIDER", e3.getLocalizedMessage()));
            } catch (SignatureException e4) {
                return new SckSecureUpgradeVerificationResult(false, ExecutionMessages.getMessage("SECURE_UPGRADE_TAB_SERVER_CERTIFICATE_OTHER_ERROR", e4.getLocalizedMessage()));
            } catch (CertificateExpiredException e5) {
                return new SckSecureUpgradeVerificationResult(false, ExecutionMessages.getMessage("SECURE_UPGRADE_TAB_SERVER_CERTIFICATE_EXPIRED", e5.getLocalizedMessage()));
            } catch (CertificateNotYetValidException e6) {
                return new SckSecureUpgradeVerificationResult(false, ExecutionMessages.getMessage("SECURE_UPGRADE_TAB_SERVER_CERTIFICATE_NOT_YET_VALID", e6.getLocalizedMessage()));
            } catch (CertificateException e7) {
                return new SckSecureUpgradeVerificationResult(false, ExecutionMessages.getMessage("SECURE_UPGRADE_TAB_SERVER_CERTIFICATE_OTHER_CERTIFICATE_ERROR", e7.getLocalizedMessage()));
            }
        }
        return new SckSecureUpgradeVerificationResult(true, ExecutionMessages.getMessage("SECURE_UPGRADE_TAB_SERVER_CERTIFICATE_SIGNATURE_OK"));
    }

    private static SckSecureUpgradeVerificationResult checkTrusted(X509Certificate[] x509CertificateArr, String str) {
        TrustManagerFactory trustManagerFactory = null;
        try {
            try {
                trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
            } catch (KeyStoreException unused) {
            } catch (NoSuchAlgorithmException e) {
                return new SckSecureUpgradeVerificationResult(false, ExecutionMessages.getMessage("SECURE_UPGRADE_TAB_SERVER_CERTIFICATE_NO_SUCH_ALGORITHM", e.getLocalizedMessage()));
            }
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            int length = trustManagers.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                TrustManager trustManager = trustManagers[i];
                if (trustManager instanceof X509TrustManager) {
                    ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
                    break;
                }
                i++;
            }
            return new SckSecureUpgradeVerificationResult(true, ExecutionMessages.getMessage("SECURE_UPGRADE_TAB_SERVER_CERTIFICATE_TRUSTED"));
        } catch (CertificateException e2) {
            return e2.getCause() instanceof CertPathBuilderException ? new SckSecureUpgradeVerificationResult(false, ExecutionMessages.getMessage("SECURE_UPGRADE_TAB_SERVER_CERTIFICATE_UNTRUSTED", e2.getCause().getLocalizedMessage())) : new SckSecureUpgradeVerificationResult(false, ExecutionMessages.getMessage("SECURE_UPGRADE_TAB_SERVER_CERTIFICATE_OTHER_CERTIFICATE_ERROR", e2.getLocalizedMessage()));
        }
    }

    public static SckSecureUpgradeVerificationResult verifyCertificate(String str, X509Certificate[] x509CertificateArr, boolean z, boolean z2, boolean z3, String str2) {
        SckSecureUpgradeVerificationResult sckSecureUpgradeVerificationResult = null;
        SckSecureUpgradeVerificationResult sckSecureUpgradeVerificationResult2 = null;
        SckSecureUpgradeVerificationResult sckSecureUpgradeVerificationResult3 = null;
        SckSecureUpgradeVerificationResult sckSecureUpgradeVerificationResult4 = null;
        if (z) {
            sckSecureUpgradeVerificationResult = checkValidity(x509CertificateArr);
        }
        if (z2) {
            sckSecureUpgradeVerificationResult2 = !checkHostName(str, x509CertificateArr[0]) ? new SckSecureUpgradeVerificationResult(false, ExecutionMessages.getMessage("SECURE_UPGRADE_TAB_SERVER_CERTIFICATE_CN_ERROR", str)) : new SckSecureUpgradeVerificationResult(true, ExecutionMessages.getMessage("SECURE_UPGRADE_TAB_SERVER_CERTIFICATE_HOST_NAME_OK", str));
        }
        if (z3) {
            sckSecureUpgradeVerificationResult3 = checkSignature(x509CertificateArr);
        }
        if (str2 != null) {
            sckSecureUpgradeVerificationResult4 = checkTrusted(x509CertificateArr, str2);
        }
        boolean z4 = (!z || sckSecureUpgradeVerificationResult.verified) && (!z2 || sckSecureUpgradeVerificationResult2.verified) && ((!z3 || sckSecureUpgradeVerificationResult3.verified) && (str2 == null || sckSecureUpgradeVerificationResult4.verified));
        StringBuilder sb = new StringBuilder();
        String property = System.getProperty("line.separator");
        String str3 = String.valueOf(property) + "- ";
        String str4 = String.valueOf(property) + "* ";
        if (z4) {
            sb.append(ExecutionMessages.getMessage("SECURE_UPGRADE_TAB_SERVER_CERTIFICATE_VERIFIED"));
        } else {
            sb.append(ExecutionMessages.getMessage("SECURE_UPGRADE_TAB_SERVER_CERTIFICATE_FAILED"));
        }
        if (z) {
            sb.append(sckSecureUpgradeVerificationResult.verified ? str3 : str4);
            sb.append(sckSecureUpgradeVerificationResult.message);
        }
        if (z2) {
            sb.append(sckSecureUpgradeVerificationResult2.verified ? str3 : str4);
            sb.append(sckSecureUpgradeVerificationResult2.message);
        }
        if (z3) {
            sb.append(sckSecureUpgradeVerificationResult3.verified ? str3 : str4);
            sb.append(sckSecureUpgradeVerificationResult3.message);
        }
        if (str2 != null) {
            sb.append(sckSecureUpgradeVerificationResult4.verified ? str3 : str4);
            sb.append(sckSecureUpgradeVerificationResult4.message);
        }
        return new SckSecureUpgradeVerificationResult(z4, sb.toString());
    }
}
