package com.teradata.jdbc.jdbc_4.io;

import ch.qos.logback.core.joran.util.beans.BeanUtil;
import com.teradata.jdbc.jdbc_4.io.TDNetworkIOIF;
import com.teradata.jdbc.jdbc_4.logging.Log;
import java.io.File;
import java.io.FilenameFilter;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.aspectj.org.eclipse.jdt.core.Signature;

/* loaded from: input_file:BOOT-INF/lib/terajdbc4-17.20.00.12.jar:com/teradata/jdbc/jdbc_4/io/CertChecker.class */
public class CertChecker {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/terajdbc4-17.20.00.12.jar:com/teradata/jdbc/jdbc_4/io/CertChecker$ExtractedSANs.class */
    public static class ExtractedSANs {
        public List list = null;
        public CertificateParsingException ex = null;
    }

    public static void checkCert(TDNetworkIOIF tDNetworkIOIF, TDNetworkIOIF.ConnectThread connectThread, String[] strArr) throws IOException {
        SSLSession session = ((SSLSocket) connectThread.m_socket).getSession();
        if (tDNetworkIOIF.log.isDebugEnabled()) {
            tDNetworkIOIF.log.debug("SSLSession.getProtocol=" + session.getProtocol() + " getCipherSuite=" + session.getCipherSuite());
        }
        List singletonList = tDNetworkIOIF.m_con.getURLParameters().getSSLCA() != null ? Collections.singletonList(tDNetworkIOIF.m_con.getURLParameters().getSSLCA()) : null;
        String sSLCAPath = tDNetworkIOIF.m_con.getURLParameters().getSSLCAPath();
        String sSLTrustStore = tDNetworkIOIF.m_con.getURLParameters().getSSLTrustStore();
        if (tDNetworkIOIF.log.isDebugEnabled()) {
            tDNetworkIOIF.log.debug(">>>>> createTrustManagerFromPEMFiles(" + singletonList + ")");
        }
        X509TrustManager createTrustManagerFromPEMFiles = createTrustManagerFromPEMFiles(singletonList, tDNetworkIOIF.log);
        if (tDNetworkIOIF.log.isDebugEnabled()) {
            tDNetworkIOIF.log.debug("<<<<< createTrustManagerFromPEMFiles(" + singletonList + ") returned " + createTrustManagerFromPEMFiles);
        }
        if (tDNetworkIOIF.log.isDebugEnabled()) {
            tDNetworkIOIF.log.debug(">>>>> createTrustManagerFromPEMDirectory(" + sSLCAPath + ")");
        }
        X509TrustManager createTrustManagerFromPEMDirectory = createTrustManagerFromPEMDirectory(sSLCAPath, tDNetworkIOIF.log);
        if (tDNetworkIOIF.log.isDebugEnabled()) {
            tDNetworkIOIF.log.debug("<<<<< createTrustManagerFromPEMDirectory(" + sSLCAPath + ") returned " + createTrustManagerFromPEMDirectory);
        }
        if (tDNetworkIOIF.log.isDebugEnabled()) {
            tDNetworkIOIF.log.debug(">>>>> createTrustManagerFromTrustStoreFile(" + sSLTrustStore + ")");
        }
        X509TrustManager createTrustManagerFromTrustStoreFile = createTrustManagerFromTrustStoreFile(sSLTrustStore);
        if (tDNetworkIOIF.log.isDebugEnabled()) {
            tDNetworkIOIF.log.debug("<<<<< createTrustManagerFromTrustStoreFile(" + sSLTrustStore + ") returned " + createTrustManagerFromTrustStoreFile);
        }
        if (tDNetworkIOIF.log.isDebugEnabled()) {
            tDNetworkIOIF.log.debug(">>>>> getDefaultTrustManager");
        }
        X509TrustManager defaultTrustManager = getDefaultTrustManager(tDNetworkIOIF.log);
        if (tDNetworkIOIF.log.isDebugEnabled()) {
            tDNetworkIOIF.log.debug("<<<<< getDefaultTrustManager returned " + defaultTrustManager);
        }
        Certificate[] certificateArr = null;
        try {
            certificateArr = session.getPeerCertificates();
        } catch (SSLPeerUnverifiedException e) {
            tDNetworkIOIF.log.error("getPeerCertificates failed for connection to " + connectThread.m_isa, e);
        }
        X509Certificate[] x509CertificateArr = certificateArr instanceof X509Certificate[] ? (X509Certificate[]) certificateArr : null;
        if (tDNetworkIOIF.log.isInfoEnabled()) {
            int i = 0;
            while (certificateArr != null && i < certificateArr.length) {
                X509Certificate x509Certificate = x509CertificateArr != null ? x509CertificateArr[i] : null;
                tDNetworkIOIF.log.info("getPeerCertificates returned certificate " + (i + 1) + " of " + certificateArr.length + (i == 0 ? " which is the peer certificate" : "") + "\n  Certificate " + (x509Certificate != null ? BeanUtil.PREFIX_GETTER_IS : "is not") + " an X509Certificate\n  Certificate date range is " + formatDateRange(x509Certificate) + "\n  Certificate " + formatValidity(x509Certificate) + "\n  Certificate purpose is " + formatCertPurpose(x509Certificate) + "\n  Subject Distinguished Name (DN) is " + formatDN(x509Certificate) + "\n  Subject Common Name (CN) is " + formatCN(x509Certificate) + "\n  Subject Alternative Names (SANs) are " + formatSANs(x509Certificate) + "\n" + formatCert(certificateArr[i]));
                i++;
            }
        }
        List validityProblems = getValidityProblems(x509CertificateArr);
        List serverCertProblems = getServerCertProblems(createTrustManagerFromPEMFiles, x509CertificateArr, strArr[0], "SSLCA=" + formatList(singletonList, null, null));
        List serverCertProblems2 = getServerCertProblems(createTrustManagerFromPEMDirectory, x509CertificateArr, strArr[0], "SSLCAPATH=" + sSLCAPath);
        List serverCertProblems3 = getServerCertProblems(createTrustManagerFromTrustStoreFile, x509CertificateArr, strArr[0], "SSLTRUSTSTORE=" + sSLTrustStore);
        List serverCertProblems4 = getServerCertProblems(defaultTrustManager, x509CertificateArr, strArr[0], "Default Java");
        if (tDNetworkIOIF.log.isInfoEnabled()) {
            tDNetworkIOIF.log.info("getValidityProblems " + (validityProblems.isEmpty() ? "accepted certificate" : "found " + validityProblems.size() + " certificate problem(s): " + formatList(validityProblems, ", ", null)));
            tDNetworkIOIF.log.info("createTrustManagerFromPEMFiles(" + singletonList + ") " + (createTrustManagerFromPEMFiles == null ? "is not available" : serverCertProblems.isEmpty() ? "accepted certificate" : "found " + serverCertProblems.size() + " certificate problem(s): " + formatList(serverCertProblems, ", ", null)));
            tDNetworkIOIF.log.info("createTrustManagerFromPEMDirectory(" + sSLCAPath + ") " + (createTrustManagerFromPEMDirectory == null ? "is not available" : serverCertProblems2.isEmpty() ? "accepted certificate" : "found " + serverCertProblems2.size() + " certificate problem(s): " + formatList(serverCertProblems2, ", ", null)));
            tDNetworkIOIF.log.info("createTrustManagerFromTrustStoreFile(" + sSLTrustStore + ") " + (createTrustManagerFromTrustStoreFile == null ? "is not available" : serverCertProblems3.isEmpty() ? "accepted certificate" : "found " + serverCertProblems3.size() + " certificate problem(s): " + formatList(serverCertProblems3, ", ", null)));
            tDNetworkIOIF.log.info("getDefaultTrustManager " + (defaultTrustManager == null ? "is not available" : serverCertProblems4.isEmpty() ? "accepted certificate" : "found " + serverCertProblems4.size() + " certificate problem(s): " + formatList(serverCertProblems4, ", ", null)));
        }
        boolean z = (createTrustManagerFromPEMFiles == null && createTrustManagerFromPEMDirectory == null && createTrustManagerFromTrustStoreFile == null && defaultTrustManager == null) ? false : true;
        boolean z2 = createTrustManagerFromPEMFiles != null && serverCertProblems.isEmpty();
        boolean z3 = createTrustManagerFromPEMDirectory != null && serverCertProblems2.isEmpty();
        boolean z4 = createTrustManagerFromTrustStoreFile != null && serverCertProblems3.isEmpty();
        boolean z5 = defaultTrustManager != null && serverCertProblems4.isEmpty();
        boolean z6 = z2 || z3 || z4 || z5;
        boolean z7 = validityProblems.isEmpty() && z && z6;
        if (tDNetworkIOIF.log.isInfoEnabled()) {
            tDNetworkIOIF.log.info("SSLMODE=VERIFY-CA would " + (z7 ? "accept" : "reject") + " this connection");
        }
        X509Certificate x509Certificate2 = x509CertificateArr != null ? x509CertificateArr[0] : null;
        String[] split = connectThread.m_isa.getAddress().toString().split("/");
        boolean z8 = split[0].length() == 0;
        String originalHostName = z8 ? null : tDNetworkIOIF.getOriginalHostName();
        String str = z8 ? null : split[0];
        String str2 = split[1];
        List certHostNameProblems = getCertHostNameProblems(x509Certificate2, "Hostname", originalHostName, tDNetworkIOIF.log);
        List certHostNameProblems2 = getCertHostNameProblems(x509Certificate2, "Resolved", str, tDNetworkIOIF.log);
        List certHostNameProblems3 = getCertHostNameProblems(x509Certificate2, "IP Address", str2, tDNetworkIOIF.log);
        boolean isEmpty = certHostNameProblems.isEmpty();
        boolean isEmpty2 = certHostNameProblems2.isEmpty();
        boolean isEmpty3 = certHostNameProblems3.isEmpty();
        boolean z9 = z7 && (isEmpty || isEmpty3);
        if (tDNetworkIOIF.log.isInfoEnabled()) {
            tDNetworkIOIF.log.info("SSLMODE=VERIFY-FULL would " + (z9 ? "accept" : "reject") + " this connection");
        }
        connectThread.m_sCertStatus = (validityProblems.isEmpty() ? Signature.SIG_VOID : "I") + ",P" + (createTrustManagerFromPEMFiles == null ? "U" : z2 ? "A" : "R") + ",D" + (createTrustManagerFromPEMDirectory == null ? "U" : z3 ? "A" : "R") + ",T" + (createTrustManagerFromTrustStoreFile == null ? "U" : z4 ? "A" : "R") + ",J" + (defaultTrustManager == null ? "U" : z5 ? "A" : "R") + ",C" + (z7 ? "Y" : "N") + ",H" + (z8 ? "U" : isEmpty ? "Y" : "N") + ",R" + (z8 ? "U" : isEmpty2 ? "Y" : "N") + ",I" + (isEmpty3 ? "Y" : "N") + ",F" + (z9 ? "Y" : "N");
        if (tDNetworkIOIF.log.isDebugEnabled()) {
            tDNetworkIOIF.log.debug("checkCert: t.m_sCertStatus=" + connectThread.m_sCertStatus);
        }
        boolean z10 = tDNetworkIOIF.m_con.getURLParameters().getSSLModeLevel() == 5 && !z7;
        boolean z11 = tDNetworkIOIF.m_con.getURLParameters().getSSLModeLevel() == 6 && !z9;
        if (z10 || z11) {
            ArrayList arrayList = new ArrayList(validityProblems);
            if (!z) {
                arrayList.add(new CertificateException("No TrustManager available to verify certificate"));
            } else if (!z6) {
                arrayList.addAll(serverCertProblems);
                arrayList.addAll(serverCertProblems2);
                arrayList.addAll(serverCertProblems3);
                arrayList.addAll(serverCertProblems4);
            }
            if (z11) {
                arrayList.addAll(certHostNameProblems);
                arrayList.addAll(certHostNameProblems3);
            }
            String formatList = formatList(arrayList, ", ", tDNetworkIOIF.m_con.getURLParameters().getSSLMode() + " error");
            tDNetworkIOIF.log.error(formatList);
            throw new IOException(formatList);
        }
    }

    private static List getCertHostNameProblems(X509Certificate x509Certificate, String str, String str2, Log log) {
        ArrayList arrayList = new ArrayList();
        if (str2 == null) {
            arrayList.add(new CertificateException(str + " is not available to match Subject CN or SANs"));
        } else {
            String extractCNfromCert = extractCNfromCert(x509Certificate);
            boolean z = extractCNfromCert != null && str2.matches(convertHostNamePatternToRegexPattern(extractCNfromCert));
            if (log.isInfoEnabled()) {
                log.info(str + " " + str2 + " " + (z ? "matches" : "does not match") + " Subject CN" + (extractCNfromCert != null ? " " + extractCNfromCert : ""));
            }
            ExtractedSANs extractSANsFromCert = extractSANsFromCert(x509Certificate);
            if (extractSANsFromCert.ex != null && log.isInfoEnabled()) {
                log.info(str + " " + str2 + " extractSANsFromCert: " + extractSANsFromCert.ex);
            }
            List findMatchingPatterns = findMatchingPatterns(str2, convertHostNamePatternsToRegexPatterns(extractSANsFromCert.list));
            if (log.isInfoEnabled()) {
                log.info(str + " " + str2 + " " + (findMatchingPatterns.isEmpty() ? "does not match any SANs" : "matches SANs " + formatList(findMatchingPatterns, ", ", null)));
            }
            if (!z && findMatchingPatterns.isEmpty()) {
                if (!z) {
                    arrayList.add(new CertificateException(str + " " + str2 + (extractCNfromCert != null ? " does not match Subject CN " + extractCNfromCert : " cannnot match missing Subject CN")));
                }
                if (extractSANsFromCert.ex != null) {
                    arrayList.add(extractSANsFromCert.ex);
                }
                if (findMatchingPatterns.isEmpty()) {
                    arrayList.add(new CertificateException(str + " " + str2 + " does not match any SANs from certificate: " + extractSANsFromCert.list));
                }
            }
        }
        return arrayList;
    }

    private static String convertHostNamePatternToRegexPattern(String str) {
        return str.replaceAll("[\\W]", "\\\\$0").replaceAll("\\\\\\*", "[^.]*");
    }

    private static List convertHostNamePatternsToRegexPatterns(List list) {
        ArrayList arrayList = new ArrayList();
        if (list != null) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(convertHostNamePatternToRegexPattern((String) it.next()));
            }
        }
        return arrayList;
    }

    private static List findMatchingPatterns(String str, List list) {
        ArrayList arrayList = new ArrayList();
        if (list != null) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                String str2 = (String) it.next();
                if (str.matches(str2)) {
                    arrayList.add(str2);
                }
            }
        }
        return arrayList;
    }

    private static X509TrustManager getDefaultTrustManager(Log log) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager)) {
                return (X509TrustManager) trustManagers[0];
            }
            log.error("Could not obtain default X509TrustManager");
            return null;
        } catch (GeneralSecurityException e) {
            log.error("Could not obtain default TrustManagerFactory: " + e);
            return null;
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:35:0x013f
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    private static javax.net.ssl.X509TrustManager createTrustManagerFromPEMFiles(java.util.List r5, com.teradata.jdbc.jdbc_4.logging.Log r6) {
        /*
            Method dump skipped, instructions count: 620
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.teradata.jdbc.jdbc_4.io.CertChecker.createTrustManagerFromPEMFiles(java.util.List, com.teradata.jdbc.jdbc_4.logging.Log):javax.net.ssl.X509TrustManager");
    }

    private static X509TrustManager createTrustManagerFromPEMDirectory(String str, Log log) {
        if (str == null) {
            return null;
        }
        File file = new File(str);
        if (!file.isDirectory()) {
            throw new IllegalArgumentException(str + " is not a directory");
        }
        File[] listFiles = file.listFiles(new FilenameFilter() { // from class: com.teradata.jdbc.jdbc_4.io.CertChecker.1
            @Override // java.io.FilenameFilter
            public boolean accept(File file2, String str2) {
                return str2.endsWith(".pem");
            }
        });
        if (listFiles == null) {
            throw new IllegalArgumentException("Unable to access directory " + str);
        }
        if (listFiles.length == 0) {
            throw new IllegalArgumentException("No .pem files found in directory " + str);
        }
        ArrayList arrayList = new ArrayList();
        for (File file2 : listFiles) {
            arrayList.add(file2.toString());
        }
        return createTrustManagerFromPEMFiles(arrayList, log);
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:25:0x00c2
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    private static javax.net.ssl.X509TrustManager createTrustManagerFromTrustStoreFile(java.lang.String r5) {
        /*
            Method dump skipped, instructions count: 303
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.teradata.jdbc.jdbc_4.io.CertChecker.createTrustManagerFromTrustStoreFile(java.lang.String):javax.net.ssl.X509TrustManager");
    }

    private static String formatDateRange(X509Certificate x509Certificate) {
        return x509Certificate == null ? "not available" : x509Certificate.getNotBefore() + " to " + x509Certificate.getNotAfter();
    }

    private static List getValidityProblems(X509Certificate[] x509CertificateArr) {
        ArrayList arrayList = new ArrayList();
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            arrayList.add(new CertificateException("Cannot check server certificate validity because server certificate is missing"));
        } else {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                try {
                    x509Certificate.checkValidity();
                } catch (CertificateException e) {
                    arrayList.add(e);
                }
            }
        }
        return arrayList;
    }

    private static String formatValidity(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return "validity is not available";
        }
        try {
            x509Certificate.checkValidity();
            return "is valid";
        } catch (CertificateException e) {
            return "is invalid due to " + e;
        }
    }

    private static String formatCertPurpose(X509Certificate x509Certificate) {
        String str;
        boolean[] keyUsage = x509Certificate != null ? x509Certificate.getKeyUsage() : null;
        if (keyUsage == null) {
            return "not available";
        }
        String[] strArr = {"digitalSignature(0)", "nonRepudiation(1)", "keyEncipherment(2)", "dataEncipherment(3)", "keyAgreement(4)", "keyCertSign(5)", "cRLSign(6)", "encipherOnly(7)", "decipherOnly(8)"};
        String str2 = "";
        int i = 0;
        while (i < keyUsage.length) {
            StringBuilder append = new StringBuilder().append(str2);
            if (keyUsage[i]) {
                str = (str2.length() > 0 ? ", " : "") + (i < strArr.length ? strArr[i] : "unknown(" + i + ")");
            } else {
                str = "";
            }
            str2 = append.append(str).toString();
            i++;
        }
        return str2;
    }

    private static String formatDN(X509Certificate x509Certificate) {
        Principal subjectDN = x509Certificate != null ? x509Certificate.getSubjectDN() : null;
        String name = subjectDN != null ? subjectDN.getName() : null;
        return name != null ? name : "not available";
    }

    private static String extractCNfromDN(String str) {
        if (str == null) {
            return null;
        }
        return str.replaceAll("\\\\\\\\", "\u0019").replaceAll("\\\\,", "\u001c").replaceAll("\\\\;", "\u001d").replaceAll("\\\\\"", "\u001e").replaceAll("\\\\=", "\u001f").replaceAll("\"([^\"]*)\"", "\u0017$1\u0018").replaceAll("(\u0017[^\u0018]*)C(N\\s*=)", "$1\u0016$2").replaceFirst("(?s)(?:^|^.*[,;]\\s*)CN\\s*=\\s*(\u0017[^\u0018]*\u0018|[^,;]*).*", "$1").replaceFirst("\\s+$", "").replaceAll("\u0018", "").replaceAll("\u0016", Signature.SIG_CHAR).replaceAll("\u0017", "").replaceAll("\u001f", "=").replaceAll("\u001e", "\"").replaceAll("\u001d", ";").replaceAll("\u001c", ",").replaceAll("\\\\", "").replaceAll("\u0019", "\\");
    }

    private static String extractCNfromCert(X509Certificate x509Certificate) {
        Principal subjectDN = x509Certificate != null ? x509Certificate.getSubjectDN() : null;
        return extractCNfromDN(subjectDN != null ? subjectDN.getName() : null);
    }

    private static String formatCN(X509Certificate x509Certificate) {
        String extractCNfromCert = extractCNfromCert(x509Certificate);
        return extractCNfromCert != null ? extractCNfromCert : "not available";
    }

    private static ExtractedSANs extractSANsFromCert(X509Certificate x509Certificate) {
        ExtractedSANs extractedSANs = new ExtractedSANs();
        Collection<List<?>> collection = null;
        if (x509Certificate != null) {
            try {
                collection = x509Certificate.getSubjectAlternativeNames();
            } catch (CertificateParsingException e) {
                extractedSANs.ex = e;
            }
        }
        if (collection != null) {
            extractedSANs.list = new ArrayList();
            List asList = Arrays.asList(new Integer(2), new Integer(7));
            for (List<?> list : collection) {
                if (list.size() >= 2 && asList.contains(list.get(0)) && (list.get(1) instanceof String)) {
                    extractedSANs.list.add(list.get(1));
                }
            }
        }
        return extractedSANs;
    }

    private static String formatList(List list, String str, String str2) {
        if (list == null) {
            return "null";
        }
        StringBuffer stringBuffer = new StringBuffer();
        int i = 1;
        Iterator it = list.iterator();
        while (it.hasNext()) {
            if (str != null && stringBuffer.length() > 0) {
                stringBuffer.append(str);
            }
            if (str2 != null) {
                stringBuffer.append(str2).append(" " + i + " of " + list.size() + ": ");
            }
            stringBuffer.append(String.valueOf(it.next()));
            i++;
        }
        return stringBuffer.toString();
    }

    private static String formatSANs(X509Certificate x509Certificate) {
        ExtractedSANs extractSANsFromCert = extractSANsFromCert(x509Certificate);
        return extractSANsFromCert.ex != null ? "not available: " + extractSANsFromCert.ex : extractSANsFromCert.list == null ? "not present" : formatList(extractSANsFromCert.list, ", ", null);
    }

    private static String formatCert(Certificate certificate) {
        return "  ----------------------------------------------\n  |  " + String.valueOf(certificate).trim().replaceAll("\n", "\n  |  ") + "\n  ----------------------------------------------";
    }

    private static List getServerCertProblems(X509TrustManager x509TrustManager, X509Certificate[] x509CertificateArr, String str, String str2) {
        ArrayList arrayList = new ArrayList();
        if (x509TrustManager != null && x509CertificateArr != null && str != null && str.length() > 0) {
            try {
                x509TrustManager.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                arrayList.add(new CertificateException(str2 + " TrustManager rejected certificate"));
                arrayList.add(e);
            }
        }
        return arrayList;
    }

    private static Set setMinus(Collection collection, Collection collection2) {
        LinkedHashSet linkedHashSet = new LinkedHashSet(collection);
        linkedHashSet.removeAll(collection2);
        return linkedHashSet;
    }
}
