package org.tmatesoft.svn.core.internal.util;

import java.security.MessageDigest;
import java.security.cert.X509Certificate;
import java.util.Date;

/* loaded from: input_file:bluej-dist.jar:lib/svnkit.jar:org/tmatesoft/svn/core/internal/util/SVNSSLUtil.class */
public class SVNSSLUtil {
    public static StringBuffer getServerCertificatePrompt(X509Certificate x509Certificate, String str, String str2) {
        int serverCertificateFailures = getServerCertificateFailures(x509Certificate, str2);
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("Error validating server certificate for '");
        stringBuffer.append(str);
        stringBuffer.append("':\n");
        if ((serverCertificateFailures & 8) != 0) {
            stringBuffer.append(" - The certificate is not issued by a trusted authority. Use the\n   fingerprint to validate the certificate manually!\n");
        }
        if ((serverCertificateFailures & 4) != 0) {
            stringBuffer.append(" - The certificate hostname does not match.\n");
        }
        if ((serverCertificateFailures & 2) != 0) {
            stringBuffer.append(" - The certificate has expired.\n");
        }
        if ((serverCertificateFailures & 1) != 0) {
            stringBuffer.append(" - The certificate is not yet valid.\n");
        }
        getServerCertificateInfo(x509Certificate, stringBuffer);
        return stringBuffer;
    }

    private static String getFingerprint(X509Certificate x509Certificate) {
        StringBuffer stringBuffer = new StringBuffer();
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
            messageDigest.update(x509Certificate.getEncoded());
            byte[] digest = messageDigest.digest();
            for (int i = 0; i < digest.length; i++) {
                if (i != 0) {
                    stringBuffer.append(':');
                }
                String hexString = Integer.toHexString(digest[i] & 255);
                if (hexString.length() == 1) {
                    stringBuffer.append('0');
                }
                stringBuffer.append(hexString.toLowerCase());
            }
        } catch (Exception e) {
        }
        return stringBuffer.toString();
    }

    private static void getServerCertificateInfo(X509Certificate x509Certificate, StringBuffer stringBuffer) {
        stringBuffer.append("Certificate information:");
        stringBuffer.append('\n');
        stringBuffer.append(" - Subject: ");
        stringBuffer.append(x509Certificate.getSubjectDN().getName());
        stringBuffer.append('\n');
        stringBuffer.append(" - Valid: ");
        stringBuffer.append(new StringBuffer().append("from ").append(x509Certificate.getNotBefore()).append(" until ").append(x509Certificate.getNotAfter()).toString());
        stringBuffer.append('\n');
        stringBuffer.append(" - Issuer: ");
        stringBuffer.append(x509Certificate.getIssuerDN().getName());
        stringBuffer.append('\n');
        stringBuffer.append(" - Fingerprint: ");
        stringBuffer.append(getFingerprint(x509Certificate));
    }

    private static int getServerCertificateFailures(X509Certificate x509Certificate, String str) {
        int i = 8;
        Date date = new Date(System.currentTimeMillis());
        if (date.before(x509Certificate.getNotBefore())) {
            i = 8 | 1;
        }
        if (date.after(x509Certificate.getNotAfter())) {
            i |= 2;
        }
        String name = x509Certificate.getSubjectDN().getName();
        int indexOf = name.indexOf("CN=") + 3;
        if (indexOf >= 0) {
            name = name.substring(indexOf);
            if (name.indexOf(32) >= 0) {
                name = name.substring(0, name.indexOf(32));
            }
            if (name.indexOf(44) >= 0) {
                name = name.substring(0, name.indexOf(44));
            }
        }
        if (str != null && !str.equals(name)) {
            i |= 4;
        }
        return i;
    }
}
