package net.sf.compositor.gemini;

import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.List;
import javax.net.ssl.X509TrustManager;
import net.sf.compositor.util.Config;
import net.sf.compositor.util.Log;

/* loaded from: input_file:net/sf/compositor/gemini/GeminiTrustManager.class */
class GeminiTrustManager implements X509TrustManager {
    private static final Log s_log = Log.getInstance();
    private final GeminiTrustContext m_context;
    private final Config m_config;

    /* JADX INFO: Access modifiers changed from: package-private */
    public GeminiTrustManager(GeminiTrustContext geminiTrustContext) {
        this.m_context = geminiTrustContext;
        this.m_config = geminiTrustContext.getConfig();
    }

    static String getCN(String str) {
        String[] split = str.split(", ?");
        for (int i = 0; i < split.length; i++) {
            if (split[i].startsWith("CN=")) {
                return split[i].substring(3);
            }
        }
        return "";
    }

    static boolean hostInSANs(String str, Collection<List<?>> collection) {
        if (null == collection) {
            return false;
        }
        for (List<?> list : collection) {
            if ("2".equals(String.valueOf(list.get(0))) && wildCardMatch(str, String.valueOf(list.get(1)))) {
                return true;
            }
        }
        return false;
    }

    static boolean wildCardMatch(String str, String str2) {
        if (str.equalsIgnoreCase(str2)) {
            return true;
        }
        if (str2.startsWith("*.")) {
            return str.matches("(?i).*" + str2.substring(1).replaceAll("\\.", "\\\\."));
        }
        return false;
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        X509Certificate x509Certificate = x509CertificateArr[0];
        String hex = Utils.toHex(x509Certificate.getSignature());
        String host = this.m_context.getHost();
        String str2 = "sig." + host;
        if (s_log.isOnVerbose()) {
            s_log.verbose(x509Certificate);
        }
        try {
            x509Certificate.checkValidity();
            if (!wildCardMatch(host, getCN(x509Certificate.getSubjectX500Principal().getName())) && !hostInSANs(host, x509Certificate.getSubjectAlternativeNames())) {
                throw new CertificateException("host name " + host + " does not match certificate name\n" + x509Certificate.getSubjectX500Principal().getName() + "\nor certificate SANs.");
            }
            if (!this.m_config.containsKey(str2)) {
                this.m_config.setProperty(str2, hex);
            } else if (!this.m_config.getProperty(str2).equals(hex)) {
                throw new CertificateSignatureChange("The certificate for " + host + " has changed since your last visit.");
            }
        } catch (CertificateException e) {
            try {
                if (this.m_context.askUser("WARNING: " + Utils.exceptionInfo(e) + "\nContinue?", "WARNING", 2)) {
                    if (e instanceof CertificateSignatureChange) {
                        this.m_config.setProperty(str2, hex);
                    }
                } else {
                    if (e instanceof CertificateSignatureChange) {
                        this.m_config.setProperty(str2 + ".putative", hex);
                    }
                    throw e;
                }
            } catch (IOException e2) {
                throw e;
            }
        }
    }
}
