package com.citrix.sdk.jsse;

import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAKey;
import java.util.Date;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
final class b {
    private static final boolean a = false;
    private static final String b = "1.2.840.113549.1.1.2";
    private static final String c = "2.5.29.15";
    private static final int d = 2;
    private static final int e = 5;
    private static final String f = "2.5.29.37";
    private static final String g = "1.3.6.1.5.5.7.3.1";
    private static final String h = "2.5.29.19";
    private static final String i = "2.16.840.1.113730.1.1";
    private static final int j = 64;
    private static final int k = 4;
    private static final int l = 512;
    private static final int m = 0;
    private static final int n = 2;
    private static final int o = 3;
    private final X509Certificate p;
    private int q;
    private final int r;
    private String s;

    /* JADX INFO: Access modifiers changed from: protected */
    public b(X509Certificate x509Certificate, int i2) {
        this.s = "unknown";
        this.p = x509Certificate;
        this.r = i2;
        this.s = a(x509Certificate);
        if (this.r == 0) {
            this.q = 0;
            return;
        }
        this.q = 2;
        try {
            d(x509Certificate);
            this.q = 3;
        } catch (h e2) {
        }
    }

    private static String a(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        StringTokenizer stringTokenizer = new StringTokenizer(str.trim());
        while (stringTokenizer.hasMoreTokens()) {
            stringBuffer.append(stringTokenizer.nextToken());
            stringBuffer.append(' ');
        }
        return stringBuffer.toString();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String a(X509Certificate x509Certificate) {
        return a(x509Certificate.getSubjectX500Principal());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String a(X500Principal x500Principal) {
        String b2 = b(x500Principal);
        if (b2 == null) {
            b2 = x500Principal.getName("RFC2253");
        }
        return b2 == null ? "unknown" : b2;
    }

    private void a() throws h {
        Set<String> criticalExtensionOIDs = this.p.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs != null) {
            for (String str : criticalExtensionOIDs) {
                if (!str.equals(h) && !str.equals(c) && !str.equals(f) && !str.equals(i)) {
                    throw new h("UNRECOGNISED_CRITICAL_EXTENSION", new Object[]{this.s, str});
                }
            }
        }
        if (!(this.p.getPublicKey() instanceof RSAKey)) {
            throw new h("UNKNOWN_CERTIFICATE_ERROR", null, null);
        }
        int bitLength = ((RSAKey) this.p.getPublicKey()).getModulus().bitLength();
        if (bitLength < 512) {
            throw new h("KEYLENGTH_TOO_SHORT", new Object[]{this.s, Integer.toString(bitLength)});
        }
        e();
        b();
        c();
        d();
        f();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String b(X509Certificate x509Certificate) {
        return a(x509Certificate.getIssuerX500Principal());
    }

    private static String b(X500Principal x500Principal) {
        int indexOf;
        String name = x500Principal.getName("RFC2253");
        if (name == null || (indexOf = name.toUpperCase().indexOf("CN=")) < 0) {
            return null;
        }
        int indexOf2 = name.indexOf(",", indexOf);
        return indexOf2 >= 0 ? name.substring(indexOf + 3, indexOf2) : name.substring(indexOf + 3);
    }

    private void b() throws h {
        int basicConstraints = this.p.getBasicConstraints();
        if (basicConstraints >= 0 && basicConstraints < this.r - 1) {
            throw new h("UNSUITABLE_PATH_LENGTH", new Object[]{this.s, Integer.toString(basicConstraints + 1)});
        }
    }

    private void c() throws h {
        h hVar = new h("UNSUITABLE_KEY_USAGE_EXTENSION", new Object[]{this.s});
        if (this.p.getExtensionValue(c) == null) {
            if (this.q == 2) {
                throw hVar;
            }
            return;
        }
        boolean[] keyUsage = this.p.getKeyUsage();
        if (this.q == 0) {
            if (keyUsage.length <= 2) {
                throw hVar;
            }
            if (!keyUsage[2]) {
                throw hVar;
            }
            return;
        }
        if (keyUsage.length <= 5) {
            throw hVar;
        }
        if (!keyUsage[5]) {
            throw hVar;
        }
    }

    private void d() throws h {
        h hVar = new h("UNSUITABLE_ENHANCED_KEY", new Object[]{this.s});
        if (this.q != 0) {
            if (this.p.getCriticalExtensionOIDs() != null && this.p.getCriticalExtensionOIDs().contains(f)) {
                throw hVar;
            }
        } else {
            try {
                List<String> extendedKeyUsage = this.p.getExtendedKeyUsage();
                if (extendedKeyUsage == null || extendedKeyUsage.contains(g)) {
                } else {
                    throw hVar;
                }
            } catch (CertificateParsingException e2) {
                throw hVar;
            }
        }
    }

    private void d(X509Certificate x509Certificate) throws h {
        Throwable e2 = null;
        if (this.p.getIssuerX500Principal().equals(x509Certificate.getSubjectX500Principal())) {
            try {
                this.p.verify(x509Certificate.getPublicKey());
                return;
            } catch (NoSuchAlgorithmException e3) {
                e2 = e3;
                if (this.p.getSigAlgName().compareTo(b) == 0 && this.p.equals(x509Certificate) && this.p.getIssuerX500Principal().equals(this.p.getSubjectX500Principal())) {
                    return;
                }
            } catch (GeneralSecurityException e4) {
                e2 = e4;
            }
        }
        throw new h("CERTIFICATE_NOT_TRUSTED", e2, new Object[]{b(this.p)});
    }

    private void e() throws h {
        boolean z = true;
        h hVar = new h("UNSUITABLE_BASIC_CONSTRAINTS", new Object[]{this.s});
        byte[] extensionValue = this.p.getExtensionValue(h);
        if (extensionValue == null) {
            if (this.q == 2) {
                throw hVar;
            }
            return;
        }
        try {
            e a2 = f.a(extensionValue, f.a(extensionValue, 0).b());
            if (a2.a() != 48) {
                throw hVar;
            }
            if (a2.c() >= 3) {
                e a3 = f.a(extensionValue, a2.b());
                if (a3.a() != 1) {
                    throw hVar;
                }
                if (a3.c() != 1) {
                    throw hVar;
                }
                if (extensionValue[a3.b()] == 0) {
                    z = false;
                }
            } else {
                z = false;
            }
            if (!z && this.q != 0) {
                throw hVar;
            }
        } catch (CertificateEncodingException e2) {
            throw hVar;
        }
    }

    private void f() throws h {
        h hVar = new h("UNSUITABLE_NETSCAPE_EXTENSION", new Object[]{this.s});
        byte[] extensionValue = this.p.getExtensionValue(i);
        if (extensionValue != null) {
            try {
                e a2 = f.a(extensionValue, f.a(extensionValue, 0).b());
                if (a2.a() != 3) {
                    throw hVar;
                }
                if (a2.c() != 2) {
                    throw hVar;
                }
                byte b2 = extensionValue[a2.b() + 1];
                if (this.q == 0) {
                    if ((b2 & 64) == 0) {
                        throw hVar;
                    }
                } else if ((this.q == 2 || this.q == 3) && (b2 & 4) == 0) {
                    throw hVar;
                }
            } catch (CertificateEncodingException e2) {
                throw hVar;
            }
        }
    }

    private void g() throws h {
        Object[] objArr = {this.s, this.p.getNotBefore(), this.p.getNotAfter()};
        try {
            this.p.checkValidity(new Date());
        } catch (CertificateExpiredException e2) {
            throw new h("CERTIFICATE_EXPIRED", e2, objArr);
        } catch (CertificateNotYetValidException e3) {
            throw new h("CERTIFICATE_NOT_YET_VALID", e3, objArr);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void b(String str) throws h {
        h hVar = new h("INCORRECT_COMMONNAME", new Object[]{this.s, str});
        String a2 = a(str.toLowerCase());
        String b2 = b(this.p.getSubjectX500Principal());
        if (b2 == null) {
            throw hVar;
        }
        String a3 = a(b2.toLowerCase());
        if (a2.equals(a3)) {
            return;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(a2, ".");
        StringTokenizer stringTokenizer2 = new StringTokenizer(a3, ".");
        if (stringTokenizer2.countTokens() != stringTokenizer.countTokens()) {
            throw hVar;
        }
        if (stringTokenizer2.countTokens() == 0) {
            throw hVar;
        }
        String nextToken = stringTokenizer.nextToken();
        String nextToken2 = stringTokenizer2.nextToken();
        if (!nextToken2.equals("*")) {
            if (!nextToken2.endsWith("*")) {
                throw hVar;
            }
            if (!nextToken.startsWith(nextToken2.substring(0, nextToken.length() - 1))) {
                throw hVar;
            }
        }
        while (stringTokenizer.hasMoreTokens()) {
            if (!stringTokenizer.nextToken().equals(stringTokenizer2.nextToken())) {
                throw hVar;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void c(X509Certificate x509Certificate) throws h {
        d(x509Certificate);
        b bVar = new b(x509Certificate, this.r + 1);
        g();
        bVar.g();
        a();
        bVar.a();
    }
}
