package cfca.sadk.tls.sun.security.util;

import cfca.sadk.tls.sun.security.ssl.Debugger;
import cfca.sadk.tls.sun.security.validator.GMAlgorithmConstraints;
import cfca.sadk.tls.sun.security.validator.TLSValidator;
import cfca.sadk.tls.util.DeviceConf;
import cfca.sadk.tls.util.Loggings;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.SSLSession;
import sun.security.util.HostnameChecker;

/* loaded from: input_file:cfca/sadk/tls/sun/security/util/GMSSLHelper.class */
public final class GMSSLHelper {
    public static final String noAlternativeName = "No subject alternative names present";
    private static boolean checkUrlMatchCertIdentity = DeviceConf.isCheckidentity();

    private GMSSLHelper() {
    }

    public static void setCheckUrlMatchCertIdentity(boolean z) {
        Loggings.ENVIRONMENT.info("checkUrlMatchCertIdentity: {}", Boolean.valueOf(z));
        checkUrlMatchCertIdentity = z;
    }

    public static boolean isCheckUrlMatchCertIdentity() {
        return checkUrlMatchCertIdentity;
    }

    public static final X509Certificate[] validate(TLSValidator tLSValidator, X509Certificate[] x509CertificateArr, GMAlgorithmConstraints gMAlgorithmConstraints, String str, boolean z) throws CertificateException {
        return tLSValidator.validate(x509CertificateArr, null, gMAlgorithmConstraints, str);
    }

    public static final void checkIdentity(SSLSession sSLSession, X509Certificate x509Certificate, String str, boolean z) throws CertificateException {
        if (sSLSession == null || !checkUrlMatchCertIdentity || z) {
            return;
        }
        checkClientIdentity(x509Certificate, str, sSLSession.getPeerHost());
    }

    private static final void checkClientIdentity(X509Certificate x509Certificate, String str, String str2) throws CertificateException {
        checkIdentity(x509Certificate, str, str2);
    }

    public static final void checkIdentity(X509Certificate x509Certificate, String str, String str2) throws CertificateException {
        byte b;
        if (checkUrlMatchCertIdentity) {
            Debugger.handshaker.debug("checkIdentity->hostname={}", str2);
            if ((str2 == null || str2.length() == 0 || x509Certificate == null || str == null || str.length() == 0) ? false : true) {
                if (str2.length() > 2 && str2.charAt(0) == '[' && str2.charAt(str2.length() - 1) == ']') {
                    str2 = str2.substring(1, str2.length() - 1);
                }
                if (str.equalsIgnoreCase("HTTPS") || str.equalsIgnoreCase("TCP")) {
                    b = 1;
                } else {
                    if (!str.equalsIgnoreCase("LDAP") && !str.equalsIgnoreCase("LDAPS")) {
                        throw new CertificateException("Unknown identification algorithm: " + str);
                    }
                    b = 2;
                }
                HostnameChecker.getInstance(b).match(str2, x509Certificate);
            }
        }
    }

    public static final Set<X509Certificate> getTrustedCerts(KeyStore keyStore) {
        Certificate[] certificateChain;
        Set<X509Certificate> set = null;
        if (keyStore != null) {
            try {
                set = new HashSet();
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (keyStore.isCertificateEntry(nextElement)) {
                        Certificate certificate = keyStore.getCertificate(nextElement);
                        if (certificate instanceof X509Certificate) {
                            set.add((X509Certificate) certificate);
                        }
                    } else if (keyStore.isKeyEntry(nextElement) && (certificateChain = keyStore.getCertificateChain(nextElement)) != null && certificateChain.length > 0 && (certificateChain[0] instanceof X509Certificate)) {
                        set.add((X509Certificate) certificateChain[0]);
                    }
                }
            } catch (KeyStoreException e) {
            }
        }
        if (set == null) {
            set = Collections.emptySet();
        }
        return set;
    }
}
