package de.rub.nds.tlsscanner.serverscanner.probe.certificate;

import de.rub.nds.tlsattacker.core.constants.HashAlgorithm;
import de.rub.nds.tlsattacker.core.constants.SignatureAlgorithm;
import java.io.ByteArrayInputStream;
import java.security.InvalidKeyException;
import java.security.SignatureException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.bouncycastle.asn1.x509.Certificate;

/* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/probe/certificate/CertificateJudge.class */
public class CertificateJudge {
    private final Certificate certificate;
    private final String domainName;
    private final CertificateReport report;

    public CertificateJudge(Certificate certificate, CertificateReport certificateReport, String str) {
        this.certificate = certificate;
        this.report = certificateReport;
        this.domainName = str;
    }

    public Boolean checkExpired() {
        return isCertificateExpired(this.report);
    }

    public Boolean checkNotYetValid() {
        return isCertificateValidYet(this.report);
    }

    public Boolean checkCertificateRevoked() {
        return isRevoked(this.certificate);
    }

    public Boolean isWeakHashAlgo(CertificateReport certificateReport) {
        if (certificateReport.getSignatureAndHashAlgorithm() == null) {
            return null;
        }
        HashAlgorithm hashAlgorithm = certificateReport.getSignatureAndHashAlgorithm().getHashAlgorithm();
        return Boolean.valueOf(hashAlgorithm == HashAlgorithm.MD5 || hashAlgorithm == HashAlgorithm.NONE || hashAlgorithm == HashAlgorithm.SHA1);
    }

    public Boolean isWeakSigAlgo(CertificateReport certificateReport) {
        if (certificateReport.getSignatureAndHashAlgorithm() != null) {
            return Boolean.valueOf(certificateReport.getSignatureAndHashAlgorithm().getSignatureAlgorithm() == SignatureAlgorithm.ANONYMOUS);
        }
        return null;
    }

    public Boolean isWeakKey(CertificateReport certificateReport) {
        return Boolean.valueOf(certificateReport.getWeakDebianKey() == Boolean.TRUE);
    }

    public Boolean isCertificateExpired(CertificateReport certificateReport) {
        if (certificateReport.getValidTo() != null) {
            return Boolean.valueOf(!certificateReport.getValidTo().after(new Date(System.currentTimeMillis())));
        }
        return null;
    }

    public Boolean isCertificateValidYet(CertificateReport certificateReport) {
        if (certificateReport.getValidFrom() != null) {
            return Boolean.valueOf(!certificateReport.getValidFrom().before(new Date(System.currentTimeMillis())));
        }
        return null;
    }

    public Boolean isRevoked(Certificate certificate) {
        return false;
    }

    public Boolean domainNameDoesNotMatch(Certificate certificate, String str) {
        return false;
    }

    private Boolean isNotTrusted(Certificate certificate) {
        return false;
    }

    private Boolean isSelfSigned(Certificate certificate) {
        return false;
    }

    public Boolean isSelfSigned() {
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(this.certificate.getEncoded()));
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (InvalidKeyException | SignatureException e) {
            return false;
        } catch (Exception e2) {
            return null;
        }
    }

    private Boolean checkDomainNameMatch() {
        return null;
    }

    private Boolean checkCertificateTrusted() {
        return null;
    }

    private Boolean checkBlacklistedKey() {
        return null;
    }
}
