package com.aspose.ms.core.System.Security.Protocol.Tls.Handshake.Client;

import com.aspose.ms.System.Collections.a;
import com.aspose.ms.System.ay;
import com.aspose.ms.System.h.a.b.e;
import com.aspose.ms.System.i.a.f;
import com.aspose.ms.core.System.Security.Cryptography.X509Certificates.X509Certificate;
import com.aspose.ms.core.System.Security.Cryptography.X509Certificates.X509CertificateCollection;
import com.aspose.ms.core.System.Security.Cryptography.X509Certificates.X509Chain;
import com.aspose.ms.core.System.Security.Cryptography.X509Certificates.X509Extension;
import com.aspose.ms.core.System.Security.Cryptography.X509Certificates.extensions.ExtendedKeyUsageExtension;
import com.aspose.ms.core.System.Security.Cryptography.X509Certificates.extensions.KeyUsageExtension;
import com.aspose.ms.core.System.Security.Cryptography.X509Certificates.extensions.NetscapeCertTypeExtension;
import com.aspose.ms.core.System.Security.Cryptography.X509Certificates.extensions.SubjectAltNameExtension;
import com.aspose.ms.core.System.Security.Protocol.Tls.ClientContext;
import com.aspose.ms.core.System.Security.Protocol.Tls.Context;
import com.aspose.ms.core.System.Security.Protocol.Tls.Handshake.HandshakeMessage;
import com.aspose.ms.core.System.Security.Protocol.Tls.TlsException;
import com.aspose.ms.core.System.Security.Protocol.Tls.ValidationResult;
import com.aspose.ms.lang.b;
import com.groupdocs.conversion.internal.c.a.pd.internal.ms.System.Security.Cryptography.z60;
import com.groupdocs.conversion.internal.c.a.pd.internal.p807.z28;
import com.groupdocs.conversion.internal.c.a.pd.internal.p807.z38;

/* loaded from: input_file:com/aspose/ms/core/System/Security/Protocol/Tls/Handshake/Client/TlsServerCertificate.class */
public class TlsServerCertificate extends HandshakeMessage {
    private X509CertificateCollection gCO;

    public TlsServerCertificate(Context context, byte[] bArr) {
        super(context, (byte) 11, bArr);
    }

    @Override // com.aspose.ms.core.System.Security.Protocol.Tls.Handshake.HandshakeMessage
    public void update() {
        super.update();
        getContext().getServerSettings().setCertificates(this.gCO);
        getContext().getServerSettings().updateCertificateRSA();
    }

    @Override // com.aspose.ms.core.System.Security.Protocol.Tls.Handshake.HandshakeMessage
    protected void bnR() {
        bnS();
    }

    @Override // com.aspose.ms.core.System.Security.Protocol.Tls.Handshake.HandshakeMessage
    protected void bnS() {
        this.gCO = new X509CertificateCollection();
        int i = 0;
        int readInt24 = readInt24();
        while (i < readInt24) {
            int readInt242 = readInt24();
            i += 3;
            if (readInt242 > 0) {
                this.gCO.add(new X509Certificate(readBytes(readInt242)));
                i += readInt242;
            }
        }
        a(this.gCO);
    }

    private boolean f(X509Certificate x509Certificate) {
        ClientContext clientContext = (ClientContext) getContext();
        if (x509Certificate.getVersion() < 3) {
            return true;
        }
        int i = 0;
        switch (clientContext.getNegotiating().getCipher().getExchangeAlgorithmType()) {
            case 0:
                i = 8;
                break;
            case 1:
                return false;
            case 3:
                i = 32;
                break;
            case 4:
                i = 128;
                break;
        }
        KeyUsageExtension keyUsageExtension = null;
        ExtendedKeyUsageExtension extendedKeyUsageExtension = null;
        X509Extension x509Extension = x509Certificate.getExtensions().get_Item(z38.m3);
        if (x509Extension != null) {
            keyUsageExtension = new KeyUsageExtension(x509Extension);
        }
        X509Extension x509Extension2 = x509Certificate.getExtensions().get_Item(z28.m3);
        if (x509Extension2 != null) {
            extendedKeyUsageExtension = new ExtendedKeyUsageExtension(x509Extension2);
        }
        if (keyUsageExtension != null && extendedKeyUsageExtension != null) {
            if (keyUsageExtension.support(i)) {
                return extendedKeyUsageExtension.getKeyPurpose().contains("1.3.6.1.5.5.7.3.1") || extendedKeyUsageExtension.getKeyPurpose().contains("2.16.840.1.113730.4.1");
            }
            return false;
        }
        if (keyUsageExtension != null) {
            return keyUsageExtension.support(i);
        }
        if (extendedKeyUsageExtension != null) {
            return extendedKeyUsageExtension.getKeyPurpose().contains("1.3.6.1.5.5.7.3.1") || extendedKeyUsageExtension.getKeyPurpose().contains("2.16.840.1.113730.4.1");
        }
        X509Extension x509Extension3 = x509Certificate.getExtensions().get_Item(z60.m19);
        if (x509Extension3 != null) {
            return new NetscapeCertTypeExtension(x509Extension3).support(64);
        }
        return true;
    }

    private void a(X509CertificateCollection x509CertificateCollection) {
        ClientContext clientContext = (ClientContext) getContext();
        if (clientContext.getSslStream().getHaveRemoteValidation2Callback()) {
            a(clientContext, (byte) 42);
        } else {
            b(clientContext, (byte) 42);
        }
    }

    private void a(ClientContext clientContext, byte b) {
        byte b2;
        ValidationResult raiseServerCertificateValidation2 = clientContext.getSslStream().raiseServerCertificateValidation2(this.gCO);
        if (raiseServerCertificateValidation2.getTrusted()) {
            return;
        }
        long errorCode = raiseServerCertificateValidation2.getErrorCode();
        switch ((int) errorCode) {
            case -2146762495:
                b2 = 45;
                break;
            case -2146762487:
                b2 = 48;
                break;
            case -2146762486:
                b2 = 48;
                break;
            default:
                b2 = 46;
                break;
        }
        throw new TlsException(b2, ay.format("Invalid certificate received from server. Error code: 0x{0:x}", b.cn(Long.valueOf(errorCode))));
    }

    private void b(ClientContext clientContext, byte b) {
        boolean z;
        X509Certificate x509Certificate = this.gCO.get_Item(0);
        e eVar = new e(x509Certificate.getRawData());
        a aVar = new a();
        if (!f(x509Certificate)) {
            aVar.addItem(b.cn(-2146762490));
        }
        if (!g(x509Certificate)) {
            aVar.addItem(b.cn(-2146762481));
        }
        X509CertificateCollection x509CertificateCollection = new X509CertificateCollection(this.gCO);
        x509CertificateCollection.remove(x509Certificate);
        X509Chain x509Chain = new X509Chain(x509CertificateCollection);
        try {
            z = x509Chain.build(x509Certificate);
        } catch (RuntimeException e) {
            z = false;
        }
        if (!z) {
            switch (x509Chain.getStatus()) {
                case 1:
                    b = 45;
                    aVar.addItem(b.cn(-2146762495));
                    break;
                case 2:
                    aVar.addItem(b.cn(-2146762494));
                    break;
                case 8:
                    aVar.addItem(b.cn(-2146869232));
                    break;
                case 32:
                    b = 48;
                    aVar.addItem(b.cn(-2146762487));
                    break;
                case 1024:
                    aVar.addItem(b.cn(-2146869223));
                    break;
                case 65536:
                    b = 48;
                    aVar.addItem(b.cn(-2146762486));
                    break;
                default:
                    b = 46;
                    aVar.addItem(b.cn(Integer.valueOf(x509Chain.getStatus())));
                    break;
            }
        }
        if (!clientContext.getSslStream().raiseServerCertificateValidation(eVar, (int[]) b.cast(aVar.a(b.s(Integer.TYPE)), int[].class))) {
            throw new TlsException(b, "Invalid certificate received from server.");
        }
    }

    private boolean g(X509Certificate x509Certificate) {
        String targetHost = ((ClientContext) getContext()).getClientSettings().getTargetHost();
        X509Extension x509Extension = x509Certificate.getExtensions().get_Item(z60.m17);
        if (x509Extension != null) {
            SubjectAltNameExtension subjectAltNameExtension = new SubjectAltNameExtension(x509Extension);
            for (String str : subjectAltNameExtension.getDNSNames()) {
                if (ay(targetHost, str)) {
                    return true;
                }
            }
            for (String str2 : subjectAltNameExtension.getIPAddresses()) {
                if (ay.equals(str2, targetHost)) {
                    return true;
                }
            }
        }
        return kZ(x509Certificate.get_SubjectName());
    }

    private boolean kZ(String str) {
        ClientContext clientContext = (ClientContext) getContext();
        String str2 = ay.fyw;
        com.aspose.ms.System.i.a.e ke = new f("CN\\s*=\\s*([^,]*)").ke(str);
        if (ke.getCount() == 1 && ke.nc(0).beZ()) {
            str2 = ke.nc(0).bfc().nb(1).getValue().toString();
        }
        return ay(clientContext.getClientSettings().getTargetHost(), str2);
    }

    static boolean ay(String str, String str2) {
        int g = ay.g(str2, '*');
        if (g == -1) {
            return ay.a(str, str2, true, com.aspose.ms.System.d.b.aXy()) == 0;
        }
        if ((g != str2.length() - 1 && str2.charAt(g + 1) != '.') || ay.d(str2, '*', g + 1) != -1) {
            return false;
        }
        String substring = ay.substring(str2, g + 1);
        int length = str.length() - substring.length();
        if (length <= 0 || ay.a(str, length, substring, 0, substring.length(), true, com.aspose.ms.System.d.b.aXy()) != 0) {
            return false;
        }
        if (g == 0) {
            int g2 = ay.g(str, '.');
            return g2 == -1 || g2 >= str.length() - substring.length();
        }
        String substring2 = ay.substring(str2, 0, g);
        return ay.a(str, 0, substring2, 0, substring2.length(), true, com.aspose.ms.System.d.b.aXy()) == 0;
    }
}
