package com.teradata.jdbc.jdbc_4.io;

import com.teradata.jdbc.Const;
import com.teradata.jdbc.TeraDatabaseMetaData;
import com.teradata.jdbc.jdbc_4.ifsupport.EscapeConstants;
import com.teradata.jdbc.jdbc_4.io.TDNetworkIOIF;
import com.teradata.jdbc.jdbc_4.logging.Log;
import java.io.File;
import java.io.FileInputStream;
import java.io.FilenameFilter;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Principal;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/teradata/jdbc/jdbc_4/io/CertChecker.class */
public class CertChecker {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/teradata/jdbc/jdbc_4/io/CertChecker$ExtractedSANs.class */
    public static class ExtractedSANs {
        public List list = null;
        public CertificateParsingException ex = null;
    }

    public static void checkCert(TDNetworkIOIF tDNetworkIOIF, TDNetworkIOIF.ConnectThread connectThread, String[] strArr) throws IOException {
        SSLSession session = ((SSLSocket) connectThread.m_socket).getSession();
        if (tDNetworkIOIF.log.isDebugEnabled()) {
            tDNetworkIOIF.log.debug(new StringBuffer().append("SSLSession.getProtocol=").append(session.getProtocol()).append(" getCipherSuite=").append(session.getCipherSuite()).toString());
        }
        List singletonList = tDNetworkIOIF.m_con.getURLParameters().getSSLCA() != null ? Collections.singletonList(tDNetworkIOIF.m_con.getURLParameters().getSSLCA()) : null;
        String sSLCAPath = tDNetworkIOIF.m_con.getURLParameters().getSSLCAPath();
        String sSLTrustStore = tDNetworkIOIF.m_con.getURLParameters().getSSLTrustStore();
        if (tDNetworkIOIF.log.isDebugEnabled()) {
            tDNetworkIOIF.log.debug(new StringBuffer().append(">>>>> createTrustManagerFromPEMFiles(").append(singletonList).append(")").toString());
        }
        X509TrustManager createTrustManagerFromPEMFiles = createTrustManagerFromPEMFiles(singletonList, tDNetworkIOIF.log);
        if (tDNetworkIOIF.log.isDebugEnabled()) {
            tDNetworkIOIF.log.debug(new StringBuffer().append("<<<<< createTrustManagerFromPEMFiles(").append(singletonList).append(") returned ").append(createTrustManagerFromPEMFiles).toString());
        }
        if (tDNetworkIOIF.log.isDebugEnabled()) {
            tDNetworkIOIF.log.debug(new StringBuffer().append(">>>>> createTrustManagerFromPEMDirectory(").append(sSLCAPath).append(")").toString());
        }
        X509TrustManager createTrustManagerFromPEMDirectory = createTrustManagerFromPEMDirectory(sSLCAPath, tDNetworkIOIF.log);
        if (tDNetworkIOIF.log.isDebugEnabled()) {
            tDNetworkIOIF.log.debug(new StringBuffer().append("<<<<< createTrustManagerFromPEMDirectory(").append(sSLCAPath).append(") returned ").append(createTrustManagerFromPEMDirectory).toString());
        }
        if (tDNetworkIOIF.log.isDebugEnabled()) {
            tDNetworkIOIF.log.debug(new StringBuffer().append(">>>>> createTrustManagerFromTrustStoreFile(").append(sSLTrustStore).append(")").toString());
        }
        X509TrustManager createTrustManagerFromTrustStoreFile = createTrustManagerFromTrustStoreFile(sSLTrustStore);
        if (tDNetworkIOIF.log.isDebugEnabled()) {
            tDNetworkIOIF.log.debug(new StringBuffer().append("<<<<< createTrustManagerFromTrustStoreFile(").append(sSLTrustStore).append(") returned ").append(createTrustManagerFromTrustStoreFile).toString());
        }
        if (tDNetworkIOIF.log.isDebugEnabled()) {
            tDNetworkIOIF.log.debug(">>>>> getDefaultTrustManager");
        }
        X509TrustManager defaultTrustManager = getDefaultTrustManager(tDNetworkIOIF.log);
        if (tDNetworkIOIF.log.isDebugEnabled()) {
            tDNetworkIOIF.log.debug(new StringBuffer().append("<<<<< getDefaultTrustManager returned ").append(defaultTrustManager).toString());
        }
        Certificate[] certificateArr = null;
        try {
            certificateArr = session.getPeerCertificates();
        } catch (SSLPeerUnverifiedException e) {
            tDNetworkIOIF.log.error(new StringBuffer().append("getPeerCertificates failed for connection to ").append(connectThread.m_isa).toString(), e);
        }
        X509Certificate[] x509CertificateArr = certificateArr instanceof X509Certificate[] ? (X509Certificate[]) certificateArr : null;
        if (tDNetworkIOIF.log.isInfoEnabled()) {
            int i = 0;
            while (certificateArr != null && i < certificateArr.length) {
                X509Certificate x509Certificate = x509CertificateArr != null ? x509CertificateArr[i] : null;
                tDNetworkIOIF.log.info(new StringBuffer().append("getPeerCertificates returned certificate ").append(i + 1).append(" of ").append(certificateArr.length).append(i == 0 ? " which is the peer certificate" : Const.URL_LSS_TYPE_DEFAULT).append("\n  Certificate ").append(x509Certificate != null ? "is" : "is not").append(" an X509Certificate").append("\n  Certificate date range is ").append(formatDateRange(x509Certificate)).append("\n  Certificate ").append(formatValidity(x509Certificate)).append("\n  Certificate purpose is ").append(formatCertPurpose(x509Certificate)).append("\n  Subject Distinguished Name (DN) is ").append(formatDN(x509Certificate)).append("\n  Subject Common Name (CN) is ").append(formatCN(x509Certificate)).append("\n  Subject Alternative Names (SANs) are ").append(formatSANs(x509Certificate)).append("\n").append(formatCert(certificateArr[i])).toString());
                i++;
            }
        }
        List validityProblems = getValidityProblems(x509CertificateArr);
        List serverCertProblems = getServerCertProblems(createTrustManagerFromPEMFiles, x509CertificateArr, strArr[0], new StringBuffer().append("SSLCA=").append(formatList(singletonList, null, null)).toString());
        List serverCertProblems2 = getServerCertProblems(createTrustManagerFromPEMDirectory, x509CertificateArr, strArr[0], new StringBuffer().append("SSLCAPATH=").append(sSLCAPath).toString());
        List serverCertProblems3 = getServerCertProblems(createTrustManagerFromTrustStoreFile, x509CertificateArr, strArr[0], new StringBuffer().append("SSLTRUSTSTORE=").append(sSLTrustStore).toString());
        List serverCertProblems4 = getServerCertProblems(defaultTrustManager, x509CertificateArr, strArr[0], "Default Java");
        if (tDNetworkIOIF.log.isInfoEnabled()) {
            tDNetworkIOIF.log.info(new StringBuffer().append("getValidityProblems ").append(validityProblems.isEmpty() ? "accepted certificate" : new StringBuffer().append("found ").append(validityProblems.size()).append(" certificate problem(s): ").append(formatList(validityProblems, ", ", null)).toString()).toString());
            tDNetworkIOIF.log.info(new StringBuffer().append("createTrustManagerFromPEMFiles(").append(singletonList).append(") ").append(createTrustManagerFromPEMFiles == null ? "is not available" : serverCertProblems.isEmpty() ? "accepted certificate" : new StringBuffer().append("found ").append(serverCertProblems.size()).append(" certificate problem(s): ").append(formatList(serverCertProblems, ", ", null)).toString()).toString());
            tDNetworkIOIF.log.info(new StringBuffer().append("createTrustManagerFromPEMDirectory(").append(sSLCAPath).append(") ").append(createTrustManagerFromPEMDirectory == null ? "is not available" : serverCertProblems2.isEmpty() ? "accepted certificate" : new StringBuffer().append("found ").append(serverCertProblems2.size()).append(" certificate problem(s): ").append(formatList(serverCertProblems2, ", ", null)).toString()).toString());
            tDNetworkIOIF.log.info(new StringBuffer().append("createTrustManagerFromTrustStoreFile(").append(sSLTrustStore).append(") ").append(createTrustManagerFromTrustStoreFile == null ? "is not available" : serverCertProblems3.isEmpty() ? "accepted certificate" : new StringBuffer().append("found ").append(serverCertProblems3.size()).append(" certificate problem(s): ").append(formatList(serverCertProblems3, ", ", null)).toString()).toString());
            tDNetworkIOIF.log.info(new StringBuffer().append("getDefaultTrustManager ").append(defaultTrustManager == null ? "is not available" : serverCertProblems4.isEmpty() ? "accepted certificate" : new StringBuffer().append("found ").append(serverCertProblems4.size()).append(" certificate problem(s): ").append(formatList(serverCertProblems4, ", ", null)).toString()).toString());
        }
        boolean z = (createTrustManagerFromPEMFiles == null && createTrustManagerFromPEMDirectory == null && createTrustManagerFromTrustStoreFile == null && defaultTrustManager == null) ? false : true;
        boolean z2 = createTrustManagerFromPEMFiles != null && serverCertProblems.isEmpty();
        boolean z3 = createTrustManagerFromPEMDirectory != null && serverCertProblems2.isEmpty();
        boolean z4 = createTrustManagerFromTrustStoreFile != null && serverCertProblems3.isEmpty();
        boolean z5 = defaultTrustManager != null && serverCertProblems4.isEmpty();
        boolean z6 = z2 || z3 || z4 || z5;
        boolean z7 = validityProblems.isEmpty() && z && z6;
        if (tDNetworkIOIF.log.isInfoEnabled()) {
            tDNetworkIOIF.log.info(new StringBuffer().append("SSLMODE=VERIFY-CA would ").append(z7 ? "accept" : "reject").append(" this connection").toString());
        }
        X509Certificate x509Certificate2 = x509CertificateArr != null ? x509CertificateArr[0] : null;
        String[] split = connectThread.m_isa.getAddress().toString().split("/");
        boolean z8 = split[0].length() == 0;
        String originalHostName = z8 ? null : tDNetworkIOIF.getOriginalHostName();
        String str = z8 ? null : split[0];
        String str2 = split[1];
        List certHostNameProblems = getCertHostNameProblems(x509Certificate2, "Hostname", originalHostName, tDNetworkIOIF.log);
        List certHostNameProblems2 = getCertHostNameProblems(x509Certificate2, "Resolved", str, tDNetworkIOIF.log);
        List certHostNameProblems3 = getCertHostNameProblems(x509Certificate2, "IP Address", str2, tDNetworkIOIF.log);
        boolean isEmpty = certHostNameProblems.isEmpty();
        boolean isEmpty2 = certHostNameProblems2.isEmpty();
        boolean isEmpty3 = certHostNameProblems3.isEmpty();
        boolean z9 = z7 && (isEmpty || isEmpty3);
        if (tDNetworkIOIF.log.isInfoEnabled()) {
            tDNetworkIOIF.log.info(new StringBuffer().append("SSLMODE=VERIFY-FULL would ").append(z9 ? "accept" : "reject").append(" this connection").toString());
        }
        connectThread.m_sCertStatus = new StringBuffer().append(validityProblems.isEmpty() ? "V" : "I").append(",P").append(createTrustManagerFromPEMFiles == null ? "U" : z2 ? "A" : "R").append(",D").append(createTrustManagerFromPEMDirectory == null ? "U" : z3 ? "A" : "R").append(",T").append(createTrustManagerFromTrustStoreFile == null ? "U" : z4 ? "A" : "R").append(",J").append(defaultTrustManager == null ? "U" : z5 ? "A" : "R").append(",C").append(z7 ? "Y" : "N").append(",H").append(z8 ? "U" : isEmpty ? "Y" : "N").append(",R").append(z8 ? "U" : isEmpty2 ? "Y" : "N").append(",I").append(isEmpty3 ? "Y" : "N").append(",F").append(z9 ? "Y" : "N").toString();
        if (tDNetworkIOIF.log.isDebugEnabled()) {
            tDNetworkIOIF.log.debug(new StringBuffer().append("checkCert: t.m_sCertStatus=").append(connectThread.m_sCertStatus).toString());
        }
        boolean z10 = tDNetworkIOIF.m_con.getURLParameters().getSSLModeLevel() == 5 && !z7;
        boolean z11 = tDNetworkIOIF.m_con.getURLParameters().getSSLModeLevel() == 6 && !z9;
        if (z10 || z11) {
            ArrayList arrayList = new ArrayList(validityProblems);
            if (!z) {
                arrayList.add(new CertificateException("No TrustManager available to verify certificate"));
            } else if (!z6) {
                arrayList.addAll(serverCertProblems);
                arrayList.addAll(serverCertProblems2);
                arrayList.addAll(serverCertProblems3);
                arrayList.addAll(serverCertProblems4);
            }
            if (z11) {
                arrayList.addAll(certHostNameProblems);
                arrayList.addAll(certHostNameProblems3);
            }
            String formatList = formatList(arrayList, ", ", new StringBuffer().append(tDNetworkIOIF.m_con.getURLParameters().getSSLMode()).append(" error").toString());
            tDNetworkIOIF.log.error(formatList);
            throw new IOException(formatList);
        }
    }

    private static List getCertHostNameProblems(X509Certificate x509Certificate, String str, String str2, Log log) {
        ArrayList arrayList = new ArrayList();
        if (str2 == null) {
            arrayList.add(new CertificateException(new StringBuffer().append(str).append(" is not available to match Subject CN or SANs").toString()));
        } else {
            String extractCNfromCert = extractCNfromCert(x509Certificate);
            boolean z = extractCNfromCert != null && matchesPatternIgnoreCase(str2, convertHostNamePatternToRegexPattern(extractCNfromCert));
            if (log.isInfoEnabled()) {
                log.info(new StringBuffer().append(str).append(" ").append(str2).append(" ").append(z ? "matches" : "does not match").append(" Subject CN").append(extractCNfromCert != null ? new StringBuffer().append(" ").append(extractCNfromCert).toString() : Const.URL_LSS_TYPE_DEFAULT).toString());
            }
            ExtractedSANs extractSANsFromCert = extractSANsFromCert(x509Certificate);
            if (extractSANsFromCert.ex != null && log.isInfoEnabled()) {
                log.info(new StringBuffer().append(str).append(" ").append(str2).append(" extractSANsFromCert: ").append(extractSANsFromCert.ex).toString());
            }
            List findMatchingPatterns = findMatchingPatterns(str2, convertHostNamePatternsToRegexPatterns(extractSANsFromCert.list));
            if (log.isInfoEnabled()) {
                log.info(new StringBuffer().append(str).append(" ").append(str2).append(" ").append(findMatchingPatterns.isEmpty() ? "does not match any SANs" : new StringBuffer().append("matches SANs ").append(formatList(findMatchingPatterns, ", ", null)).toString()).toString());
            }
            if (!z && findMatchingPatterns.isEmpty()) {
                if (!z) {
                    arrayList.add(new CertificateException(new StringBuffer().append(str).append(" ").append(str2).append(extractCNfromCert != null ? new StringBuffer().append(" does not match Subject CN ").append(extractCNfromCert).toString() : " cannnot match missing Subject CN").toString()));
                }
                if (extractSANsFromCert.ex != null) {
                    arrayList.add(extractSANsFromCert.ex);
                }
                if (findMatchingPatterns.isEmpty()) {
                    arrayList.add(new CertificateException(new StringBuffer().append(str).append(" ").append(str2).append(" does not match any SANs from certificate: ").append(extractSANsFromCert.list).toString()));
                }
            }
        }
        return arrayList;
    }

    private static String convertHostNamePatternToRegexPattern(String str) {
        return str.replaceAll("[\\W]", "\\\\$0").replaceAll("\\\\\\*", "[^.]*");
    }

    private static List convertHostNamePatternsToRegexPatterns(List list) {
        ArrayList arrayList = new ArrayList();
        if (list != null) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(convertHostNamePatternToRegexPattern((String) it.next()));
            }
        }
        return arrayList;
    }

    private static List findMatchingPatterns(String str, List list) {
        ArrayList arrayList = new ArrayList();
        if (list != null) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                String str2 = (String) it.next();
                if (matchesPatternIgnoreCase(str, str2)) {
                    arrayList.add(str2);
                }
            }
        }
        return arrayList;
    }

    private static boolean matchesPatternIgnoreCase(String str, String str2) {
        return str.matches(new StringBuffer().append("(?i)").append(str2).toString());
    }

    private static X509TrustManager getDefaultTrustManager(Log log) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager)) {
                return (X509TrustManager) trustManagers[0];
            }
            log.error("Could not obtain default X509TrustManager");
            return null;
        } catch (GeneralSecurityException e) {
            log.error(new StringBuffer().append("Could not obtain default TrustManagerFactory: ").append(e).toString());
            return null;
        }
    }

    private static X509TrustManager createTrustManagerFromPEMFiles(List list, Log log) {
        if (list == null) {
            return null;
        }
        String[] strArr = (String[]) list.toArray(new String[0]);
        String defaultType = KeyStore.getDefaultType();
        try {
            KeyStore keyStore = KeyStore.getInstance(defaultType);
            try {
                keyStore.load(null, null);
                try {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    for (String str : strArr) {
                        try {
                            FileInputStream fileInputStream = new FileInputStream(str);
                            try {
                                try {
                                    Collection<? extends Certificate> generateCertificates = certificateFactory.generateCertificates(fileInputStream);
                                    if (generateCertificates.isEmpty()) {
                                        throw new IllegalArgumentException(new StringBuffer().append("No server certificate found in file ").append(str).toString());
                                    }
                                    Certificate[] certificateArr = (Certificate[]) generateCertificates.toArray(new Certificate[0]);
                                    for (int i = 0; i < certificateArr.length; i++) {
                                        String stringBuffer = new StringBuffer().append(str).append("[").append(i).append("]").toString();
                                        if (log.isDebugEnabled()) {
                                            log.debug(stringBuffer);
                                        }
                                        try {
                                            keyStore.setCertificateEntry(stringBuffer, certificateArr[i]);
                                        } catch (Exception e) {
                                            IllegalArgumentException illegalArgumentException = new IllegalArgumentException(new StringBuffer().append("Could not set ").append(defaultType).append(" key store server certificate from file ").append(str).toString());
                                            illegalArgumentException.initCause(e);
                                            throw illegalArgumentException;
                                        }
                                    }
                                } catch (CertificateException e2) {
                                    IllegalArgumentException illegalArgumentException2 = new IllegalArgumentException(new StringBuffer().append("Could not obtain server certificate from file ").append(str).toString());
                                    illegalArgumentException2.initCause(e2);
                                    throw illegalArgumentException2;
                                }
                            } finally {
                                try {
                                    fileInputStream.close();
                                } catch (IOException e3) {
                                }
                            }
                        } catch (Exception e4) {
                            IllegalArgumentException illegalArgumentException3 = new IllegalArgumentException(new StringBuffer().append("Could not access server certificate file ").append(str).toString());
                            illegalArgumentException3.initCause(e4);
                            throw illegalArgumentException3;
                        }
                    }
                    try {
                        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        trustManagerFactory.init(keyStore);
                        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                        if (trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager)) {
                            return (X509TrustManager) trustManagers[0];
                        }
                        throw new IllegalArgumentException(new StringBuffer().append("Could not obtain X509TrustManager for ").append(defaultType).append(" key store").toString());
                    } catch (GeneralSecurityException e5) {
                        IllegalArgumentException illegalArgumentException4 = new IllegalArgumentException("Could not obtain TrustManagerFactory");
                        illegalArgumentException4.initCause(e5);
                        throw illegalArgumentException4;
                    }
                } catch (CertificateException e6) {
                    IllegalArgumentException illegalArgumentException5 = new IllegalArgumentException("Could not obtain X.509 certificate factory");
                    illegalArgumentException5.initCause(e6);
                    throw illegalArgumentException5;
                }
            } catch (Exception e7) {
                IllegalArgumentException illegalArgumentException6 = new IllegalArgumentException(new StringBuffer().append("Could not load ").append(defaultType).append(" key store").toString());
                illegalArgumentException6.initCause(e7);
                throw illegalArgumentException6;
            }
        } catch (KeyStoreException e8) {
            IllegalArgumentException illegalArgumentException7 = new IllegalArgumentException(new StringBuffer().append("Could not obtain ").append(defaultType).append(" key store").toString());
            illegalArgumentException7.initCause(e8);
            throw illegalArgumentException7;
        }
    }

    private static X509TrustManager createTrustManagerFromPEMDirectory(String str, Log log) {
        if (str == null) {
            return null;
        }
        File file = new File(str);
        if (!file.isDirectory()) {
            throw new IllegalArgumentException(new StringBuffer().append(str).append(" is not a directory").toString());
        }
        File[] listFiles = file.listFiles(new FilenameFilter() { // from class: com.teradata.jdbc.jdbc_4.io.CertChecker.1
            @Override // java.io.FilenameFilter
            public boolean accept(File file2, String str2) {
                return str2.endsWith(".pem");
            }
        });
        if (listFiles == null) {
            throw new IllegalArgumentException(new StringBuffer().append("Unable to access directory ").append(str).toString());
        }
        if (listFiles.length == 0) {
            throw new IllegalArgumentException(new StringBuffer().append("No .pem files found in directory ").append(str).toString());
        }
        ArrayList arrayList = new ArrayList();
        for (File file2 : listFiles) {
            arrayList.add(file2.toString());
        }
        return createTrustManagerFromPEMFiles(arrayList, log);
    }

    private static X509TrustManager createTrustManagerFromTrustStoreFile(String str) {
        if (str == null) {
            return null;
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            String defaultType = KeyStore.getDefaultType();
            try {
                try {
                    KeyStore keyStore = KeyStore.getInstance(defaultType);
                    try {
                        keyStore.load(fileInputStream, null);
                        try {
                            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                            trustManagerFactory.init(keyStore);
                            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                            if (trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager)) {
                                return (X509TrustManager) trustManagers[0];
                            }
                            throw new IllegalArgumentException(new StringBuffer().append("Could not obtain X509TrustManager for ").append(defaultType).append(" key store").toString());
                        } catch (GeneralSecurityException e) {
                            IllegalArgumentException illegalArgumentException = new IllegalArgumentException("Could not obtain TrustManagerFactory");
                            illegalArgumentException.initCause(e);
                            throw illegalArgumentException;
                        }
                    } catch (Exception e2) {
                        IllegalArgumentException illegalArgumentException2 = new IllegalArgumentException(new StringBuffer().append("Could not load ").append(defaultType).append(" TrustStore file ").append(str).toString());
                        illegalArgumentException2.initCause(e2);
                        throw illegalArgumentException2;
                    }
                } catch (KeyStoreException e3) {
                    IllegalArgumentException illegalArgumentException3 = new IllegalArgumentException(new StringBuffer().append("Could not obtain ").append(defaultType).append(" key store").toString());
                    illegalArgumentException3.initCause(e3);
                    throw illegalArgumentException3;
                }
            } finally {
                try {
                    fileInputStream.close();
                } catch (IOException e4) {
                }
            }
        } catch (Exception e5) {
            IllegalArgumentException illegalArgumentException4 = new IllegalArgumentException(new StringBuffer().append("Could not access TrustStore file ").append(str).toString());
            illegalArgumentException4.initCause(e5);
            throw illegalArgumentException4;
        }
    }

    private static String formatDateRange(X509Certificate x509Certificate) {
        return x509Certificate == null ? "not available" : new StringBuffer().append(x509Certificate.getNotBefore()).append(" to ").append(x509Certificate.getNotAfter()).toString();
    }

    private static List getValidityProblems(X509Certificate[] x509CertificateArr) {
        ArrayList arrayList = new ArrayList();
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            arrayList.add(new CertificateException("Cannot check server certificate validity because server certificate is missing"));
        } else {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                try {
                    x509Certificate.checkValidity();
                } catch (CertificateException e) {
                    arrayList.add(e);
                }
            }
        }
        return arrayList;
    }

    private static String formatValidity(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return "validity is not available";
        }
        try {
            x509Certificate.checkValidity();
            return "is valid";
        } catch (CertificateException e) {
            return new StringBuffer().append("is invalid due to ").append(e).toString();
        }
    }

    private static String formatCertPurpose(X509Certificate x509Certificate) {
        String stringBuffer;
        boolean[] keyUsage = x509Certificate != null ? x509Certificate.getKeyUsage() : null;
        if (keyUsage == null) {
            return "not available";
        }
        String[] strArr = {"digitalSignature(0)", "nonRepudiation(1)", "keyEncipherment(2)", "dataEncipherment(3)", "keyAgreement(4)", "keyCertSign(5)", "cRLSign(6)", "encipherOnly(7)", "decipherOnly(8)"};
        String str = Const.URL_LSS_TYPE_DEFAULT;
        int i = 0;
        while (i < keyUsage.length) {
            StringBuffer append = new StringBuffer().append(str);
            if (keyUsage[i]) {
                stringBuffer = new StringBuffer().append(str.length() > 0 ? ", " : Const.URL_LSS_TYPE_DEFAULT).append(i < strArr.length ? strArr[i] : new StringBuffer().append("unknown(").append(i).append(")").toString()).toString();
            } else {
                stringBuffer = Const.URL_LSS_TYPE_DEFAULT;
            }
            str = append.append(stringBuffer).toString();
            i++;
        }
        return str;
    }

    private static String formatDN(X509Certificate x509Certificate) {
        Principal subjectDN = x509Certificate != null ? x509Certificate.getSubjectDN() : null;
        String name = subjectDN != null ? subjectDN.getName() : null;
        return name != null ? name : "not available";
    }

    private static String extractCNfromDN(String str) {
        if (str == null) {
            return null;
        }
        return str.replaceAll("\\\\\\\\", "\u0019").replaceAll("\\\\,", "\u001c").replaceAll("\\\\;", "\u001d").replaceAll("\\\\\"", "\u001e").replaceAll("\\\\=", "\u001f").replaceAll("\"([^\"]*)\"", "\u0017$1\u0018").replaceAll("(\u0017[^\u0018]*)C(N\\s*=)", "$1\u0016$2").replaceFirst("(?s)(?:^|^.*[,;]\\s*)CN\\s*=\\s*(\u0017[^\u0018]*\u0018|[^,;]*).*", "$1").replaceFirst("\\s+$", Const.URL_LSS_TYPE_DEFAULT).replaceAll("\u0018", Const.URL_LSS_TYPE_DEFAULT).replaceAll("\u0016", "C").replaceAll("\u0017", Const.URL_LSS_TYPE_DEFAULT).replaceAll("\u001f", "=").replaceAll("\u001e", EscapeConstants.DOUBLE_QUOTE).replaceAll("\u001d", ";").replaceAll("\u001c", ",").replaceAll("\\\\", Const.URL_LSS_TYPE_DEFAULT).replaceAll("\u0019", TeraDatabaseMetaData.LIKE_ESCAPE);
    }

    private static String extractCNfromCert(X509Certificate x509Certificate) {
        Principal subjectDN = x509Certificate != null ? x509Certificate.getSubjectDN() : null;
        return extractCNfromDN(subjectDN != null ? subjectDN.getName() : null);
    }

    private static String formatCN(X509Certificate x509Certificate) {
        String extractCNfromCert = extractCNfromCert(x509Certificate);
        return extractCNfromCert != null ? extractCNfromCert : "not available";
    }

    private static ExtractedSANs extractSANsFromCert(X509Certificate x509Certificate) {
        ExtractedSANs extractedSANs = new ExtractedSANs();
        Collection<List<?>> collection = null;
        if (x509Certificate != null) {
            try {
                collection = x509Certificate.getSubjectAlternativeNames();
            } catch (CertificateParsingException e) {
                extractedSANs.ex = e;
            }
        }
        if (collection != null) {
            extractedSANs.list = new ArrayList();
            List asList = Arrays.asList(new Integer(2), new Integer(7));
            for (List<?> list : collection) {
                if (list.size() >= 2 && asList.contains(list.get(0)) && (list.get(1) instanceof String)) {
                    extractedSANs.list.add(list.get(1));
                }
            }
        }
        return extractedSANs;
    }

    private static String formatList(List list, String str, String str2) {
        if (list == null) {
            return "null";
        }
        StringBuffer stringBuffer = new StringBuffer();
        int i = 1;
        Iterator it = list.iterator();
        while (it.hasNext()) {
            if (str != null && stringBuffer.length() > 0) {
                stringBuffer.append(str);
            }
            if (str2 != null) {
                stringBuffer.append(str2).append(new StringBuffer().append(" ").append(i).append(" of ").append(list.size()).append(": ").toString());
            }
            stringBuffer.append(String.valueOf(it.next()));
            i++;
        }
        return stringBuffer.toString();
    }

    private static String formatSANs(X509Certificate x509Certificate) {
        ExtractedSANs extractSANsFromCert = extractSANsFromCert(x509Certificate);
        return extractSANsFromCert.ex != null ? new StringBuffer().append("not available: ").append(extractSANsFromCert.ex).toString() : extractSANsFromCert.list == null ? "not present" : formatList(extractSANsFromCert.list, ", ", null);
    }

    private static String formatCert(Certificate certificate) {
        return new StringBuffer().append("  ----------------------------------------------\n  |  ").append(String.valueOf(certificate).trim().replaceAll("\n", "\n  |  ")).append("\n").append("  ----------------------------------------------").toString();
    }

    private static List getServerCertProblems(X509TrustManager x509TrustManager, X509Certificate[] x509CertificateArr, String str, String str2) {
        ArrayList arrayList = new ArrayList();
        if (x509TrustManager != null && x509CertificateArr != null && str != null && str.length() > 0) {
            try {
                x509TrustManager.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                arrayList.add(new CertificateException(new StringBuffer().append(str2).append(" TrustManager rejected certificate").toString()));
                arrayList.add(e);
            }
        }
        return arrayList;
    }

    private static Set setMinus(Collection collection, Collection collection2) {
        LinkedHashSet linkedHashSet = new LinkedHashSet(collection);
        linkedHashSet.removeAll(collection2);
        return linkedHashSet;
    }
}
