package hv;

import com.microsoft.identity.common.java.eststelemetry.SchemaConstants;
import com.unboundid.ldap.sdk.LDAPConnectionOptions;
import com.unboundid.ldap.sdk.RDN;
import com.unboundid.util.Debug;
import com.unboundid.util.ObjectPair;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.args.IPAddressArgumentValueValidator;
import com.unboundid.util.ssl.cert.BasicConstraintsExtension;
import com.unboundid.util.ssl.cert.CertException;
import com.unboundid.util.ssl.cert.ExtendedKeyUsageExtension;
import com.unboundid.util.ssl.cert.ExtendedKeyUsageID;
import com.unboundid.util.ssl.cert.KeyUsageExtension;
import com.unboundid.util.ssl.cert.SubjectAlternativeNameExtension;
import com.unboundid.util.ssl.cert.X509Certificate;
import com.unboundid.util.ssl.cert.X509CertificateExtension;
import java.net.InetAddress;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* loaded from: classes5.dex */
public final class a {
    public static void a(StringBuilder sb2, String str) {
        if (sb2.length() > 0) {
            sb2.append(", ");
        }
        sb2.append(str);
    }

    public static String b(Date date) {
        return b.WARN_PROMPT_PROCESSOR_DATE_TIME.b(new SimpleDateFormat("EEEE, MMMM d, yyyy").format(date), new SimpleDateFormat("hh:mm:ss aa z").format(date));
    }

    public static boolean c(String str, List<String> list) {
        int indexOf;
        int i11 = 7 ^ 1;
        if (IPAddressArgumentValueValidator.isValidNumericIPAddress(str)) {
            try {
                InetAddress byName = LDAPConnectionOptions.DEFAULT_NAME_RESOLVER.getByName(str);
                for (String str2 : list) {
                    if (IPAddressArgumentValueValidator.isValidNumericIPAddress(str2) && byName.equals(LDAPConnectionOptions.DEFAULT_NAME_RESOLVER.getByName(str2))) {
                        return true;
                    }
                }
            } catch (Exception e11) {
                Debug.debugException(e11);
            }
        }
        for (String str3 : list) {
            if (str.equalsIgnoreCase(str3)) {
                return true;
            }
            if (str.startsWith("*.") && (indexOf = str3.indexOf(46)) > 0 && str.substring(2).equalsIgnoreCase(str3.substring(indexOf + 1))) {
                return true;
            }
        }
        return false;
    }

    public static boolean d(InetAddress inetAddress, List<String> list) {
        for (String str : list) {
            try {
                if (IPAddressArgumentValueValidator.isValidNumericIPAddress(str) && inetAddress.equals(LDAPConnectionOptions.DEFAULT_NAME_RESOLVER.getByName(str))) {
                    return true;
                }
            } catch (Exception e11) {
                Debug.debugException(e11);
            }
        }
        return false;
    }

    public static boolean e(String str) {
        if (str.isEmpty()) {
            return false;
        }
        if (IPAddressArgumentValueValidator.isValidNumericIPAddress(str)) {
            return true;
        }
        boolean z11 = false;
        for (int i11 = 0; i11 < str.length(); i11++) {
            char charAt = str.charAt(i11);
            if (charAt < 'a' || charAt > 'z') {
                if (charAt < '0' || charAt > '9') {
                    if (charAt == '.') {
                        if (i11 != 0 && !z11) {
                            z11 = true;
                        }
                        return false;
                    }
                    if (charAt != '*') {
                        continue;
                    } else if (i11 > 0 || str.length() == 1 || str.charAt(1) != '.') {
                        return false;
                    }
                } else if (i11 == 0 || z11) {
                    return false;
                }
            }
            z11 = false;
        }
        return !z11;
    }

    public static ObjectPair<Boolean, List<String>> f(String str, X509Certificate[] x509CertificateArr, boolean z11, boolean z12, Map<String, Boolean> map, List<String> list) {
        ArrayList arrayList = new ArrayList(5);
        long currentTimeMillis = System.currentTimeMillis();
        int i11 = 0;
        boolean z13 = false;
        while (i11 < x509CertificateArr.length) {
            if (!x509CertificateArr[i11].isWithinValidityWindow(currentTimeMillis)) {
                String a11 = i11 == 0 ? z11 ? b.WARN_PROMPT_PROCESSOR_LABEL_SERVER.a() : b.WARN_PROMPT_PROCESSOR_LABEL_CLIENT.a() : b.WARN_PROMPT_PROCESSOR_LABEL_ISSUER.a();
                if (currentTimeMillis > x509CertificateArr[i11].getNotAfterTime()) {
                    arrayList.add(b.WARN_PROMPT_PROCESSOR_CERT_EXPIRED.b(a11, String.valueOf(x509CertificateArr[i11].getSubjectDN()), b(x509CertificateArr[i11].getNotAfterDate()), StaticUtils.secondsToHumanReadableDuration(Math.round((currentTimeMillis - x509CertificateArr[i11].getNotAfterTime()) / 1000.0d))));
                } else {
                    arrayList.add(b.WARN_PROMPT_PROCESSOR_CERT_NOT_YET_VALID.b(a11, String.valueOf(x509CertificateArr[i11].getSubjectDN()), b(x509CertificateArr[i11].getNotBeforeDate()), StaticUtils.secondsToHumanReadableDuration(Math.round((x509CertificateArr[i11].getNotBeforeTime() - currentTimeMillis) / 1000.0d))));
                }
                z13 = true;
            }
            i11++;
        }
        SubjectAlternativeNameExtension subjectAlternativeNameExtension = null;
        for (X509CertificateExtension x509CertificateExtension : x509CertificateArr[0].getExtensions()) {
            if (x509CertificateExtension instanceof ExtendedKeyUsageExtension) {
                ExtendedKeyUsageExtension extendedKeyUsageExtension = (ExtendedKeyUsageExtension) x509CertificateExtension;
                if (z11) {
                    if (!extendedKeyUsageExtension.getKeyPurposeIDs().contains(ExtendedKeyUsageID.TLS_SERVER_AUTHENTICATION.getOID())) {
                        arrayList.add(b.WARN_PROMPT_PROCESSOR_EKU_MISSING_SERVER_AUTH.b(x509CertificateArr[0].getSubjectDN()));
                    }
                } else if (!extendedKeyUsageExtension.getKeyPurposeIDs().contains(ExtendedKeyUsageID.TLS_CLIENT_AUTHENTICATION.getOID())) {
                    arrayList.add(b.WARN_PROMPT_PROCESSOR_EKU_MISSING_CLIENT_AUTH.b(x509CertificateArr[0].getSubjectDN()));
                }
            } else if (x509CertificateExtension instanceof SubjectAlternativeNameExtension) {
                subjectAlternativeNameExtension = (SubjectAlternativeNameExtension) x509CertificateExtension;
            }
        }
        if (x509CertificateArr.length != 1) {
            for (int i12 = 1; i12 < x509CertificateArr.length; i12++) {
                int i13 = i12 - 1;
                if (x509CertificateArr[i12].isIssuerFor(x509CertificateArr[i13])) {
                    try {
                        x509CertificateArr[i13].verifySignature(x509CertificateArr[i12]);
                    } catch (CertException e11) {
                        Debug.debugException(e11);
                        arrayList.add(e11.getMessage());
                    }
                } else {
                    arrayList.add(b.WARN_PROMPT_PROCESSOR_CHAIN_ISSUER_MISMATCH.b(x509CertificateArr[i12].getSubjectDN(), x509CertificateArr[i13].getSubjectDN()));
                }
                BasicConstraintsExtension basicConstraintsExtension = null;
                KeyUsageExtension keyUsageExtension = null;
                for (X509CertificateExtension x509CertificateExtension2 : x509CertificateArr[i12].getExtensions()) {
                    if (x509CertificateExtension2 instanceof BasicConstraintsExtension) {
                        basicConstraintsExtension = (BasicConstraintsExtension) x509CertificateExtension2;
                    } else if (x509CertificateExtension2 instanceof KeyUsageExtension) {
                        keyUsageExtension = (KeyUsageExtension) x509CertificateExtension2;
                    }
                }
                if (basicConstraintsExtension == null) {
                    arrayList.add(b.WARN_PROMPT_PROCESSOR_NO_BC_EXTENSION.b(x509CertificateArr[i12].getSubjectDN()));
                } else if (!basicConstraintsExtension.isCA()) {
                    arrayList.add(b.WARN_PROMPT_PROCESSOR_BC_NOT_CA.b(x509CertificateArr[i12].getSubjectDN()));
                } else if (basicConstraintsExtension.getPathLengthConstraint() != null && i13 > basicConstraintsExtension.getPathLengthConstraint().intValue()) {
                    if (basicConstraintsExtension.getPathLengthConstraint().intValue() == 0) {
                        arrayList.add(b.WARN_PROMPT_PROCESSOR_BC_DISALLOWED_INTERMEDIATE.b(x509CertificateArr[i12].getSubjectDN()));
                    } else {
                        arrayList.add(b.WARN_PROMPT_PROCESSOR_BC_TOO_MANY_INTERMEDIATES.b(x509CertificateArr[i12].getSubjectDN(), basicConstraintsExtension.getPathLengthConstraint(), Integer.valueOf(i13)));
                        if (keyUsageExtension != null && !keyUsageExtension.isKeyCertSignBitSet()) {
                            arrayList.add(b.WARN_PROMPT_PROCESSOR_KU_NO_KEY_CERT_SIGN.b(x509CertificateArr[i12].getSubjectDN()));
                        }
                    }
                }
                if (keyUsageExtension != null) {
                    arrayList.add(b.WARN_PROMPT_PROCESSOR_KU_NO_KEY_CERT_SIGN.b(x509CertificateArr[i12].getSubjectDN()));
                }
            }
            if (x509CertificateArr[x509CertificateArr.length - 1].isSelfSigned()) {
                try {
                    x509CertificateArr[x509CertificateArr.length - 1].verifySignature(x509CertificateArr[x509CertificateArr.length - 1]);
                } catch (CertException e12) {
                    Debug.debugException(e12);
                    arrayList.add(e12.getMessage());
                }
            } else {
                arrayList.add(b.WARN_PROMPT_PROCESSOR_CHAIN_NOT_COMPLETE.b(x509CertificateArr[x509CertificateArr.length - 1].getSubjectDN()));
            }
        } else if (x509CertificateArr[0].isSelfSigned()) {
            arrayList.add(b.WARN_PROMPT_PROCESSOR_CERT_IS_SELF_SIGNED.a());
            try {
                x509CertificateArr[0].verifySignature(x509CertificateArr[0]);
            } catch (CertException e13) {
                Debug.debugException(e13);
                arrayList.add(e13.getMessage());
            }
        } else {
            arrayList.add(b.WARN_PROMPT_PROCESSOR_CHAIN_NOT_COMPLETE.b(x509CertificateArr[0].getSubjectDN()));
        }
        if (z11 && list != null && !list.isEmpty()) {
            StringBuilder sb2 = new StringBuilder();
            boolean z14 = false;
            for (RDN rdn : x509CertificateArr[0].getSubjectDN().getRDNs()) {
                String[] attributeNames = rdn.getAttributeNames();
                int i14 = 0;
                while (true) {
                    if (i14 >= attributeNames.length) {
                        break;
                    }
                    if (attributeNames[i14].equalsIgnoreCase("cn") || attributeNames[i14].equalsIgnoreCase("commonName") || attributeNames[i14].equalsIgnoreCase("2.5.4.3")) {
                        String str2 = rdn.getAttributeValues()[i14];
                        String lowerCase = StaticUtils.toLowerCase(str2);
                        if (e(lowerCase)) {
                            a(sb2, str2);
                            if (c(lowerCase, list)) {
                                z14 = true;
                                break;
                            }
                        } else {
                            continue;
                        }
                    }
                    i14++;
                }
                if (z14) {
                    break;
                }
            }
            if (!z14 && subjectAlternativeNameExtension != null) {
                Iterator<String> it2 = subjectAlternativeNameExtension.getDNSNames().iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    String next = it2.next();
                    a(sb2, next);
                    if (c(next, list)) {
                        z14 = true;
                        break;
                    }
                }
                if (!z14) {
                    Iterator<InetAddress> it3 = subjectAlternativeNameExtension.getIPAddresses().iterator();
                    while (true) {
                        if (!it3.hasNext()) {
                            break;
                        }
                        InetAddress next2 = it3.next();
                        a(sb2, next2.getHostAddress());
                        if (d(next2, list)) {
                            z14 = true;
                            break;
                        }
                    }
                }
            }
            if (!z14 && sb2.length() != 0) {
                if (sb2.indexOf(SchemaConstants.SEPARATOR_COMMA) > 0) {
                    arrayList.add(b.WARN_PROMPT_PROCESSOR_MULTIPLE_ADDRESSES_NOT_MATCHED.b(x509CertificateArr[0].getSubjectDN(), sb2));
                } else {
                    arrayList.add(b.WARN_PROMPT_PROCESSOR_SINGLE_ADDRESS_NOT_MATCHED.b(x509CertificateArr[0].getSubjectDN(), sb2));
                }
            }
        }
        Boolean bool = map.get(str);
        return bool == null ? new ObjectPair<>(Boolean.TRUE, arrayList) : bool.booleanValue() ? new ObjectPair<>(Boolean.FALSE, arrayList) : new ObjectPair<>(Boolean.valueOf(z13), arrayList);
    }
}
