package com.pcbsys.foundation.drivers;

import com.pcbsys.foundation.collections.Vector;
import com.pcbsys.foundation.drivers.configuration.fBaseSSLConfig;
import com.pcbsys.foundation.drivers.configuration.fDriverConfig;
import com.pcbsys.foundation.fConstants;
import com.pcbsys.foundation.security.fConnectionValidator;
import com.pcbsys.foundation.security.fCredential;
import com.pcbsys.foundation.security.fLoginContext;
import com.pcbsys.foundation.security.fPrincipal;
import com.pcbsys.foundation.security.fServerLoginContext;
import com.pcbsys.foundation.security.fSubject;
import com.pcbsys.foundation.utils.fReverseDNSUtility;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.net.Socket;
import java.util.StringTokenizer;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.cert.CertificateExpiredException;
import javax.security.cert.CertificateNotYetValidException;
import javax.security.cert.X509Certificate;

/* loaded from: input_file:com/pcbsys/foundation/drivers/fSubjectHelper.class */
public class fSubjectHelper {
    /* JADX WARN: Multi-variable type inference failed */
    public static fConnectionValidator loadValidator(fDriverConfig fdriverconfig) throws IOException {
        fConnectionValidator fconnectionvalidator = null;
        if (fdriverconfig instanceof fBaseSSLConfig) {
            fBaseSSLConfig fbasesslconfig = (fBaseSSLConfig) fdriverconfig;
            if (fbasesslconfig.getCRL() != null) {
                try {
                    if (fbasesslconfig.getCRLClassName() != null) {
                        Class<?> cls = Class.forName(fbasesslconfig.getCRLClassName());
                        if (cls != null) {
                            Constructor<?> constructor = cls.getConstructor(String.class, String.class);
                            Object newInstance = constructor != null ? constructor.newInstance(fdriverconfig.getName(), fbasesslconfig.getCRL()) : cls.newInstance();
                            if (!(newInstance instanceof fConnectionValidator)) {
                                throw new Exception("Class " + fbasesslconfig.getCRLClassName() + " is not of required type, please contact support");
                            }
                            fconnectionvalidator = (fConnectionValidator) newInstance;
                            fConstants.logger.log("Security, loaded certificate revocation class " + fbasesslconfig.getCRLClassName());
                        }
                    } else {
                        fconnectionvalidator = new fCRLHandler(fbasesslconfig.getCRL());
                    }
                } catch (Exception e) {
                    fConstants.logger.fatal(e);
                    throw new IOException("Unable to load CRL : " + e.getMessage());
                }
            }
        }
        return fconnectionvalidator;
    }

    public static fSubject extractSubject(String str, Socket socket, SSLSession sSLSession, boolean z, fLoginContext flogincontext) {
        fSubject fsubject = null;
        boolean z2 = true;
        X509Certificate[] x509CertificateArr = null;
        if (z) {
            try {
                x509CertificateArr = sSLSession.getPeerCertificateChain();
                Vector vector = new Vector();
                Vector vector2 = new Vector();
                try {
                    if (flogincontext instanceof fServerLoginContext) {
                        fServerLoginContext fserverlogincontext = (fServerLoginContext) flogincontext;
                        if (fserverlogincontext.getConnectionValidator() != null) {
                            if (!fserverlogincontext.getConnectionValidator().isValid(str, socket.getRemoteSocketAddress(), sSLSession.getPeerCertificates())) {
                                z2 = false;
                            }
                        }
                    }
                } catch (Throwable th) {
                    th.printStackTrace();
                }
                for (int i = 0; i < x509CertificateArr.length; i++) {
                    try {
                        try {
                            x509CertificateArr[i].checkValidity();
                            if (i == 0) {
                                fPrincipal fprincipal = new fPrincipal(extractCN(x509CertificateArr[i].getSubjectDN().getName()) + "@" + fReverseDNSUtility.resolveAddress(socket.getInetAddress()));
                                fprincipal.setHashCode(98);
                                vector.add(fprincipal);
                            }
                            fPrincipal fprincipal2 = new fPrincipal(x509CertificateArr[i].getSubjectDN().toString());
                            fprincipal2.setHashCode(98 - (i + 1));
                            vector.add(fprincipal2);
                            vector2.add(new fCredential("SerialNumber", x509CertificateArr[i].getSerialNumber().toByteArray()));
                        } catch (CertificateNotYetValidException e) {
                            fConstants.logger.log("Certificate not yet valid, id=" + socket.getInetAddress().toString() + " Not Before:" + x509CertificateArr[i].getNotBefore().toString());
                            z2 = false;
                        }
                    } catch (CertificateExpiredException e2) {
                        fConstants.logger.log("Certificate has expired, id=" + socket.getInetAddress().toString() + " Not After:" + x509CertificateArr[i].getNotAfter().toString());
                        z2 = false;
                    }
                }
                fsubject = new fSubject(vector, vector2, null, true);
            } catch (SSLPeerUnverifiedException e3) {
                fConstants.logger.log("SSL Peer unverified. Peer host = " + socket.getInetAddress().toString() + " Reason:" + e3.getMessage());
                z2 = false;
            }
            if (!z2) {
                fConstants.logger.log("Session will now be terminated for " + socket.getInetAddress().toString());
                try {
                    socket.close();
                } catch (Exception e4) {
                }
                fsubject = null;
            } else if (fConstants.logger.isDebugEnabled()) {
                fConstants.logger.debug("Certificate validated successfully for " + socket.getInetAddress().toString());
                for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
                    fConstants.logger.debug("Cert[" + i2 + "] DN = " + x509CertificateArr[i2].getSubjectDN().toString());
                    fConstants.logger.debug("Cert[" + i2 + "] Serial Number = " + x509CertificateArr[i2].getSerialNumber().toString());
                }
            }
        }
        return fsubject;
    }

    public static String extractCN(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        StringBuilder sb = new StringBuilder();
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            int indexOf = nextToken.indexOf("=");
            if (indexOf != -1 && nextToken.substring(0, indexOf).trim().equalsIgnoreCase("CN")) {
                sb.append(nextToken.substring(indexOf + 1).trim());
            }
        }
        return sb.toString();
    }
}
