package geminicat;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:geminicat/NiceTrustManager.class */
public class NiceTrustManager implements X509TrustManager {
    protected final X509TrustManager DefaultTrm;
    protected MessageDigest md5;
    protected MessageDigest sha1;
    protected MessageDigest sha256;
    protected MessageDigest sha512;

    public NiceTrustManager() {
        TrustManagerFactory trustManagerFactory = null;
        try {
            trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        } catch (NoSuchAlgorithmException e) {
            System.err.println("A fundamental error has occurred and the program cannot continue to run.");
            e.printStackTrace(System.err);
            System.exit(1);
        }
        try {
            trustManagerFactory.init((KeyStore) null);
        } catch (KeyStoreException e2) {
            System.err.println("A fundamental error has occurred and the program cannot continue to run.");
            e2.printStackTrace(System.err);
            System.exit(1);
        }
        X509TrustManager x509TrustManager = null;
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        int length = trustManagers.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            TrustManager trustManager = trustManagers[i];
            if (trustManager instanceof X509TrustManager) {
                x509TrustManager = (X509TrustManager) trustManager;
                break;
            }
            i++;
        }
        this.DefaultTrm = x509TrustManager;
        try {
            this.md5 = MessageDigest.getInstance("MD5");
        } catch (NoSuchAlgorithmException e3) {
            this.md5 = null;
        }
        try {
            this.sha1 = MessageDigest.getInstance("SHA-1");
        } catch (NoSuchAlgorithmException e4) {
            this.sha1 = null;
        }
        try {
            this.sha256 = MessageDigest.getInstance("SHA-256");
        } catch (NoSuchAlgorithmException e5) {
            System.err.println("This Java version does not seem to support the SHA-256 hash..");
            System.exit(1);
        }
        try {
            this.sha512 = MessageDigest.getInstance("SHA-512");
        } catch (NoSuchAlgorithmException e6) {
            this.sha512 = null;
        }
    }

    protected boolean OutdatedCert() {
        boolean YesNoQuestion = GeminiCat.YesNoQuestion("The certificate is out of date. Should the certificate be accepted anyway? (y/n) ");
        if (YesNoQuestion) {
            System.out.println("The certificate is accepted.");
            return true;
        }
        if (YesNoQuestion) {
            System.out.println("The certificate is not accepted.");
            return false;
        }
        System.out.println("The answer is invalid.");
        return OutdatedCert();
    }

    protected String calcChecksum(MessageDigest messageDigest, byte[] bArr) {
        byte[] digest = messageDigest.digest(bArr);
        StringBuffer stringBuffer = new StringBuffer();
        for (byte b : digest) {
            stringBuffer.append(Integer.toHexString(Byte.toUnsignedInt(b)));
        }
        return stringBuffer.toString();
    }

    protected void ShowCert(X509Certificate x509Certificate) {
        System.out.println("Algorithm for the signature: " + x509Certificate.getSigAlgName());
        System.out.println("Version: " + x509Certificate.getVersion());
        System.out.println("Serial number: " + x509Certificate.getSerialNumber());
        System.out.println("Issuer: " + x509Certificate.getIssuerDN().getName());
        System.out.println("Subject: " + x509Certificate.getSubjectDN().getName());
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                Iterator<List<?>> it = subjectAlternativeNames.iterator();
                while (it.hasNext()) {
                    System.out.println("Subject alternative name: " + ((String) it.next().get(1)));
                }
            }
        } catch (CertificateParsingException e) {
            System.err.println("The alternative subject names could not be parsed.");
            e.printStackTrace(System.err);
            System.exit(1);
        }
        System.out.println("Fingerprints:");
        try {
            byte[] encoded = x509Certificate.getEncoded();
            if (this.md5 != null) {
                System.out.println(" * MD5: " + calcChecksum(this.md5, encoded));
            }
            if (this.sha1 != null) {
                System.out.println(" * SHA-1: " + calcChecksum(this.sha1, encoded));
            }
            if (this.sha256 != null) {
                System.out.println(" * SHA-256: " + calcChecksum(this.sha256, encoded));
            }
            if (this.sha512 != null) {
                System.out.println(" * SHA-512: " + calcChecksum(this.sha512, encoded));
            }
        } catch (CertificateEncodingException e2) {
            System.err.println("The certificate cannot be encoded. This means that no checksums can be calculated for the certificate. It is advised not to trust the authenticity of the certificate.");
            e2.printStackTrace(System.err);
        }
        System.out.println();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        System.out.println("A function was called which should not be called. The program ends immediately.");
        System.exit(1);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            this.DefaultTrm.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            System.out.println("Key exchange algorithm: " + str + "\n");
            System.out.println("Java does not seem to trust the following server certificates.");
            for (X509Certificate x509Certificate : x509CertificateArr) {
                ShowCert(x509Certificate);
            }
            if (!GeminiCat.YesNoQuestion("Should the connection be established anyway? (y/n) ")) {
                throw e;
            }
            for (X509Certificate x509Certificate2 : x509CertificateArr) {
                try {
                    x509Certificate2.checkValidity();
                } catch (CertificateExpiredException e2) {
                    if (!OutdatedCert()) {
                        throw e2;
                    }
                } catch (CertificateNotYetValidException e3) {
                    if (!OutdatedCert()) {
                        throw e3;
                    }
                }
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.DefaultTrm.getAcceptedIssuers();
    }
}
