package org.silvertunnel_ng.netlib.layer.tor.common;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/silvertunnel_ng/netlib/layer/tor/common/TorX509TrustManager.class */
public class TorX509TrustManager implements X509TrustManager {
    private static final Logger LOG = LoggerFactory.getLogger(TorX509TrustManager.class);
    public static final Pattern cnPattern = Pattern.compile(".*CN=(.*?)(,.*)*", 35);

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr.length != 2) {
            throw new CertificateException("Certificate Chain length != 2");
        }
        String name = x509CertificateArr[0].getSubjectDN().getName();
        String name2 = x509CertificateArr[1].getSubjectDN().getName();
        Matcher matcher = cnPattern.matcher(name);
        Matcher matcher2 = cnPattern.matcher(name2);
        if (!matcher.matches() || !matcher2.matches()) {
            LOG.warn("TorX509TrustManager.checkServerTrusted(): not matched dnName0=" + name + ", dnName1=" + name2);
            throw new CertificateException("Name field of Certificate does not have the right format");
        }
        String group = matcher.group(1);
        String group2 = matcher2.group(1);
        if (group2.indexOf(group) > 1) {
            throw new CertificateException("Certifier and Certificate owner don't have the same name");
        }
        LOG.debug("dnName0 = {}, dnName1 = {}", group.toString(), group2.toString());
        if (group2.indexOf("<identity>") != -1 && group2.indexOf("<signing>") != -1) {
            throw new CertificateException("Certifier Field does not have the required form");
        }
        Date date = new Date();
        if (date.before(x509CertificateArr[0].getNotBefore())) {
            throw new CertificateException("Certificate is not valid yet");
        }
        if (date.after(x509CertificateArr[0].getNotAfter())) {
            throw new CertificateException("Certificate has expired");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        LOG.debug("X509Certificate[] getAcceptedIssuers()");
        return new X509Certificate[0];
    }
}
