package de.adito.trustmanager.confirmingui;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.text.DateFormat;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.ResourceBundle;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;
import sun.security.util.HostnameChecker;

/* loaded from: input_file:de/adito/trustmanager/confirmingui/CertificateExceptionDetail.class */
public class CertificateExceptionDetail {
    private ArrayList<EType> types;
    private X509Certificate[] chain;
    private String errorCode;

    /* loaded from: input_file:de/adito/trustmanager/confirmingui/CertificateExceptionDetail$EType.class */
    public enum EType {
        EXPIRED,
        WRONG_HOST,
        SELF_SIGNED,
        UNTRUSTED_ROOT,
        UNKNOWN
    }

    private CertificateExceptionDetail(ArrayList<EType> arrayList, X509Certificate[] x509CertificateArr, String str) {
        this.types = arrayList;
        this.chain = x509CertificateArr;
        this.errorCode = str;
    }

    public static CertificateExceptionDetail createExceptionDetail(X509Certificate[] x509CertificateArr, CertificateException certificateException, String str) throws CertificateException {
        String str2 = "";
        ArrayList arrayList = new ArrayList();
        if (_checkIsSelfSigned(x509CertificateArr[0])) {
            arrayList.add(EType.SELF_SIGNED);
            str2 = "PKIX_ERROR_SELF_SIGNED_CERT";
        } else if (certificateException.getMessage().contains("PKIX path building failed") && !_checkIsSelfSigned(x509CertificateArr[0])) {
            arrayList.add(EType.UNTRUSTED_ROOT);
            str2 = "SEC_ERROR_UNKNOWN_ISSUER";
        } else if (str != null && !_checkHostname(str, x509CertificateArr)) {
            arrayList.add(EType.WRONG_HOST);
            str2 = "SSL_ERROR_BAD_CERT_DOMAIN";
        } else if (x509CertificateArr[0].getNotAfter().compareTo(new Date()) > 0) {
            arrayList.add(EType.UNKNOWN);
            str2 = "UNKNOWN_CERT_ERROR";
        }
        if (x509CertificateArr[0].getNotAfter().compareTo(new Date()) < 0) {
            if (arrayList.isEmpty()) {
                str2 = "SEC_ERROR_EXPIRED_CERTIFICATE";
            }
            arrayList.add(EType.EXPIRED);
        }
        return new CertificateExceptionDetail(arrayList, x509CertificateArr, str2);
    }

    public String makeExceptionMessage(String str) {
        ResourceBundle bundle = ResourceBundle.getBundle("de.adito.trustmanager.dialogMessage", Locale.getDefault());
        if (str == null) {
            str = bundle.getString("simpleInfoNull");
        }
        String str2 = bundle.getString("firstMsg") + "\n\n";
        Iterator<EType> it = this.types.iterator();
        while (it.hasNext()) {
            switch (it.next()) {
                case EXPIRED:
                    str2 = str2 + String.format(bundle.getString("expired1") + "%1$s " + bundle.getString("expired2") + "%2$s.\n", _formatDate(this.chain[0].getNotAfter()), _formatDate(new Date()));
                    break;
                case WRONG_HOST:
                    str2 = str2 + bundle.getString("wrongHost") + "\n" + _getSubjectAlternativeNames() + "\n";
                    break;
                case SELF_SIGNED:
                    str2 = str2 + bundle.getString("selfSigned") + "\n";
                    break;
                case UNTRUSTED_ROOT:
                    str2 = str2 + bundle.getString("untrustedRoot") + "\n";
                    break;
                default:
                    str2 = str2 + bundle.getString("unknown") + "\n";
                    break;
            }
        }
        return str2 + "\n" + bundle.getString("errorCode") + "\t" + this.errorCode + "\n" + bundle.getString("server") + "\t" + str + "\n\n" + bundle.getString("endWarningMsg") + "\n";
    }

    private static boolean _checkIsSelfSigned(X509Certificate x509Certificate) throws CertificateException {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (InvalidKeyException | SignatureException e) {
            return false;
        } catch (NoSuchAlgorithmException | NoSuchProviderException e2) {
            return true;
        }
    }

    private static boolean _checkHostname(String str, X509Certificate[] x509CertificateArr) {
        try {
            HostnameChecker.getInstance((byte) 1).match(str, x509CertificateArr[0]);
            return true;
        } catch (CertificateException e) {
            return false;
        }
    }

    private String _formatDate(Date date) {
        return DateFormat.getDateInstance(0, Locale.getDefault()).format(date) + ", " + DateFormat.getTimeInstance(2, Locale.getDefault()).format(date);
    }

    private String _getSubjectAlternativeNames() {
        try {
            Collection<List<?>> subjectAlternativeNames = this.chain[0].getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                return "";
            }
            Iterator<List<?>> it = subjectAlternativeNames.iterator();
            StringBuilder sb = new StringBuilder();
            while (it.hasNext()) {
                List<?> next = it.next();
                Integer num = (Integer) next.get(0);
                if (num.intValue() == 2) {
                    sb.append((String) next.get(1));
                }
                if (num.intValue() == 7) {
                    try {
                        sb.append(new Oid((byte[]) next.get(1)).toString());
                    } catch (GSSException e) {
                    }
                }
                if (it.hasNext()) {
                    sb.append(", ");
                }
            }
            return sb.toString();
        } catch (CertificateParsingException e2) {
            return "";
        }
    }

    public List<EType> getTypes() {
        return this.types;
    }
}
