package com.enterprisedt.net.ftp.ssl;

import com.enterprisedt.util.debug.Logger;
import java.util.Date;
import java.util.Vector;

/* loaded from: classes.dex */
public class SSLFTPStandardValidator implements SSLFTPValidator {
    public static int MAX_CERTIFICATE_CHAIN_LENGTH = 4;
    private static Logger a = Logger.getLogger("SSLFTPStandardValidator");
    private static String b = "*.";
    protected boolean hostNameCheckingEnabled;
    protected SSLFTPCertificateStore rootCertificateStore;
    protected String[] serverCommonNames;

    public SSLFTPStandardValidator() {
        this.hostNameCheckingEnabled = true;
        this.serverCommonNames = null;
    }

    public SSLFTPStandardValidator(String str) {
        this.hostNameCheckingEnabled = true;
        this.serverCommonNames = null;
        this.serverCommonNames = new String[1];
        this.serverCommonNames[0] = str;
    }

    public SSLFTPStandardValidator(boolean z) {
        this.hostNameCheckingEnabled = true;
        this.serverCommonNames = null;
        this.hostNameCheckingEnabled = z;
    }

    public SSLFTPStandardValidator(String[] strArr) {
        this.hostNameCheckingEnabled = true;
        this.serverCommonNames = null;
        this.serverCommonNames = strArr;
    }

    private boolean a(String str, String str2) {
        boolean z;
        if (!str.startsWith(b)) {
            return str.toLowerCase().equals(str2.toLowerCase());
        }
        String[] split = str.substring(b.length()).split("\\.");
        String[] split2 = str2.split("\\.");
        int length = split.length - 1;
        for (int length2 = split2.length - 1; length >= 0 && length2 >= 0; length2--) {
            if (!split[length].toLowerCase().equals(split2[length2].toLowerCase())) {
                z = false;
                break;
            }
            length--;
        }
        z = true;
        return z && length < 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(SSLFTPCertificateStore sSLFTPCertificateStore) {
        this.rootCertificateStore = sSLFTPCertificateStore;
    }

    protected boolean checkChainLength(int i) {
        return i <= MAX_CERTIFICATE_CHAIN_LENGTH;
    }

    protected boolean checkCommonName(String str, String str2) {
        if (!this.hostNameCheckingEnabled) {
            a.debug("Ignoring common name check (disabled)");
            return true;
        }
        if (this.serverCommonNames == null) {
            return a(str, str2);
        }
        for (int i = 0; i < this.serverCommonNames.length; i++) {
            if (a(str, this.serverCommonNames[i])) {
                return true;
            }
        }
        Logger logger = a;
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("Common names supplied explicitly - CN was not checked against '");
        stringBuffer.append(str2);
        stringBuffer.append("'");
        logger.debug(stringBuffer.toString());
        return false;
    }

    protected boolean checkDateRange(Date date, Date date2) {
        Date date3 = new Date();
        return (date3.before(date) || date3.after(date2)) ? false : true;
    }

    @Override // com.enterprisedt.net.ftp.ssl.SSLFTPValidator
    public boolean validateServerCertificate(boolean z, Vector vector, String str) throws SSLFTPException {
        if (!z) {
            return false;
        }
        if (!checkChainLength(vector.size())) {
            throw new SSLFTPException("The server's certificate chain is too long");
        }
        SSLFTPCertificate sSLFTPCertificate = (SSLFTPCertificate) vector.lastElement();
        String commonName = sSLFTPCertificate.getSubjectName().getCommonName();
        if (!checkCommonName(commonName, str)) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("The CN (Common Name), ");
            stringBuffer.append(commonName);
            stringBuffer.append(", on the server's certificate does not match its hostname, ");
            stringBuffer.append(str);
            stringBuffer.append(".");
            throw new SSLFTPException(stringBuffer.toString());
        }
        if (checkDateRange(sSLFTPCertificate.getValidityNotBefore(), sSLFTPCertificate.getValidityNotAfter())) {
            return true;
        }
        StringBuffer stringBuffer2 = new StringBuffer();
        stringBuffer2.append("The server's certificate is not currently valid.  It is valid from ");
        stringBuffer2.append(sSLFTPCertificate.getValidityNotBefore());
        stringBuffer2.append(" until ");
        stringBuffer2.append(sSLFTPCertificate.getValidityNotAfter());
        stringBuffer2.append(".  ");
        stringBuffer2.append("This computer indicates the current date/time is ");
        stringBuffer2.append(new Date().toString());
        stringBuffer2.append(".");
        throw new SSLFTPException(stringBuffer2.toString());
    }
}
