package itec.net.ssl;

import itec.ldap.util.DN;
import itec.ldap.util.RDN;
import java.net.InetAddress;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.List;
import java.util.Vector;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:itec/net/ssl/ITECTrustManager.class */
public class ITECTrustManager implements X509TrustManager {
    private X509Certificate[] m_chain;
    private X509TrustManager m_trustmanager;
    private String m_host = null;
    private String m_ip = null;
    private InetAddress m_address = null;

    public ITECTrustManager(CertificateChain certificateChain, X509TrustManager x509TrustManager) {
        this.m_chain = null;
        this.m_trustmanager = null;
        if (certificateChain != null) {
            this.m_chain = certificateChain.getCertificateChain();
        }
        this.m_trustmanager = x509TrustManager;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
            throw new IllegalArgumentException("certificate chain not found");
        }
        if (str == null || str.length() <= 0) {
            throw new IllegalArgumentException("auth type not found");
        }
        try {
            this.m_trustmanager.checkClientTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            X509Certificate x509Certificate = x509CertificateArr[0];
            checkDateValidity(x509Certificate);
            boolean z = false;
            for (X509Certificate x509Certificate2 : getAcceptedIssuers()) {
                try {
                    checkPublicKeyValidity(x509Certificate, x509Certificate2.getPublicKey());
                    z = true;
                    break;
                } catch (CertificateException e2) {
                }
            }
            if (!z) {
                throw new CertificateException("client certificate is not valid");
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
            throw new IllegalArgumentException("certificate chain not found");
        }
        if (str == null || str.length() <= 0) {
            throw new IllegalArgumentException("auth type not found");
        }
        try {
            this.m_trustmanager.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            X509Certificate x509Certificate = x509CertificateArr[0];
            X509Certificate x509Certificate2 = x509CertificateArr[1];
            checkDateValidity(x509Certificate);
            checkSiteCertificateValidity(x509Certificate);
            boolean z = false;
            for (X509Certificate x509Certificate3 : new X509Certificate[]{x509Certificate2}) {
                try {
                    checkPublicKeyValidity(x509Certificate, x509Certificate3.getPublicKey());
                    z = true;
                    break;
                } catch (CertificateException e2) {
                }
            }
            if (!z) {
                throw new CertificateException("client certificate is not valid");
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        if (this.m_chain != null) {
            return this.m_chain;
        }
        if (this.m_trustmanager != null) {
            return this.m_trustmanager.getAcceptedIssuers();
        }
        return null;
    }

    public InetAddress getInetAddress() {
        return this.m_address;
    }

    public void setInetAddress(InetAddress inetAddress) {
        this.m_address = inetAddress;
    }

    private void checkDateValidity(X509Certificate x509Certificate) throws CertificateException {
        x509Certificate.checkValidity();
    }

    private void checkSiteCertificateValidity(X509Certificate x509Certificate) throws CertificateException {
        String hostName = this.m_address.getHostName();
        String hostAddress = this.m_address.getHostAddress();
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        int i = 0;
        if (subjectAlternativeNames != null) {
            for (Object obj : subjectAlternativeNames.toArray()) {
                List list = (List) obj;
                if (list.size() != 2) {
                    throw new CertificateException("server certificate is not valid");
                }
                int intValue = ((Integer) list.get(0)).intValue();
                String str = (String) list.get(1);
                switch (intValue) {
                    case 2:
                        if (this.m_address != null && hostName.equalsIgnoreCase(str)) {
                            i++;
                            break;
                        }
                        break;
                    case 7:
                        if (this.m_address != null && hostAddress.equals(str)) {
                            i++;
                            break;
                        }
                        break;
                }
            }
        }
        if (i > 0) {
            return;
        }
        Vector rDNs = new DN(x509Certificate.getSubjectDN().getName()).getRDNs();
        for (int i2 = 0; i2 < rDNs.size(); i2++) {
            RDN rdn = (RDN) rDNs.elementAt(i2);
            String value = rdn.getValue();
            if (rdn.getType().equalsIgnoreCase("CN") && (value.equalsIgnoreCase(hostName) || value.equals(hostAddress))) {
                i++;
            }
        }
        if (i <= 0) {
            throw new CertificateException("certificate is not match the site");
        }
    }

    private void checkPublicKeyValidity(X509Certificate x509Certificate, PublicKey publicKey) throws CertificateException {
        try {
            x509Certificate.verify(publicKey);
        } catch (InvalidKeyException e) {
            throw new CertificateException("incorrect key");
        } catch (NoSuchAlgorithmException e2) {
            throw new CertificateException("unsupported signature algorithms");
        } catch (NoSuchProviderException e3) {
            throw new CertificateException("there's no default provider");
        } catch (SignatureException e4) {
            throw new CertificateException("signature errors");
        }
    }

    public String getHost() {
        return this.m_host;
    }

    public String getIp() {
        return this.m_ip;
    }

    public void setHost(String str) {
        this.m_host = str;
    }

    public void setIp(String str) {
        this.m_ip = str;
    }
}
