package com.enterprisedt.net.ftp.ssl;

import com.enterprisedt.util.debug.Logger;
import java.util.Date;
import java.util.Vector;

/* loaded from: input_file:com/enterprisedt/net/ftp/ssl/SSLFTPStandardValidator.class */
public class SSLFTPStandardValidator implements SSLFTPValidator {
    private static Logger a = Logger.getLogger("SSLFTPStandardValidator");
    private static String b = "*.";
    public static int MAX_CERTIFICATE_CHAIN_LENGTH = 2;
    protected boolean hostNameCheckingEnabled;
    protected String[] serverCommonNames;
    protected SSLFTPCertificateStore rootCertificateStore;

    public SSLFTPStandardValidator() {
        this.hostNameCheckingEnabled = true;
        this.serverCommonNames = null;
    }

    public SSLFTPStandardValidator(String str) {
        this.hostNameCheckingEnabled = true;
        this.serverCommonNames = null;
        this.serverCommonNames = new String[1];
        this.serverCommonNames[0] = str;
    }

    public SSLFTPStandardValidator(String[] strArr) {
        this.hostNameCheckingEnabled = true;
        this.serverCommonNames = null;
        this.serverCommonNames = strArr;
    }

    public SSLFTPStandardValidator(boolean z) {
        this.hostNameCheckingEnabled = true;
        this.serverCommonNames = null;
        this.hostNameCheckingEnabled = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(SSLFTPCertificateStore sSLFTPCertificateStore) {
        this.rootCertificateStore = sSLFTPCertificateStore;
    }

    protected boolean checkChainLength(int i) {
        return i <= MAX_CERTIFICATE_CHAIN_LENGTH;
    }

    protected boolean checkCommonName(String str, String str2) {
        if (!this.hostNameCheckingEnabled) {
            a.debug("Ignoring common name check (disabled)");
            return true;
        }
        if (this.serverCommonNames == null) {
            return a(str, str2);
        }
        for (int i = 0; i < this.serverCommonNames.length; i++) {
            if (a(str, this.serverCommonNames[i])) {
                return true;
            }
        }
        a.debug(new StringBuffer().append("Common names supplied explicitly - CN was not checked against '").append(str2).append("'").toString());
        return false;
    }

    private boolean a(String str, String str2) {
        if (!str.startsWith(b)) {
            return str.toLowerCase().equals(str2.toLowerCase());
        }
        String[] split = str.substring(b.length()).split("\\.");
        String[] split2 = str2.split("\\.");
        boolean z = true;
        int length = split.length - 1;
        int length2 = split2.length - 1;
        while (true) {
            if (length < 0 || length2 < 0) {
                break;
            }
            if (!split[length].toLowerCase().equals(split2[length2].toLowerCase())) {
                z = false;
                break;
            }
            length--;
            length2--;
        }
        return z && length < 0;
    }

    protected boolean checkDateRange(Date date, Date date2) {
        Date date3 = new Date();
        return (date3.before(date) || date3.after(date2)) ? false : true;
    }

    @Override // com.enterprisedt.net.ftp.ssl.SSLFTPValidator
    public boolean validateServerCertificate(boolean z, Vector vector, String str) throws SSLFTPException {
        if (!z) {
            return false;
        }
        if (!checkChainLength(vector.size())) {
            throw new SSLFTPException("The server's certificate chain is too long");
        }
        SSLFTPCertificate sSLFTPCertificate = (SSLFTPCertificate) vector.lastElement();
        String commonName = sSLFTPCertificate.getSubjectName().getCommonName();
        if (!checkCommonName(commonName, str)) {
            throw new SSLFTPException(new StringBuffer().append("The CN (Common Name), ").append(commonName).append(", on the server's certificate does not match its hostname, ").append(str).append(".").toString());
        }
        if (checkDateRange(sSLFTPCertificate.getValidityNotBefore(), sSLFTPCertificate.getValidityNotAfter())) {
            return true;
        }
        throw new SSLFTPException(new StringBuffer().append("The server's certificate is not currently valid.  It is valid from ").append(sSLFTPCertificate.getValidityNotBefore()).append(" until ").append(sSLFTPCertificate.getValidityNotAfter()).append(".  ").append("This computer indicates the current date/time is ").append(new Date().toString()).append(".").toString());
    }
}
