package org.springframework.security.saml.trust;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.crypto.codec.Hex;

/* loaded from: input_file:WEB-INF/lib/spring-security-saml2-core-1.0.3.RELEASE.jar:org/springframework/security/saml/trust/UntrustedCertificateException.class */
public class UntrustedCertificateException extends CertificateException {
    private X509Certificate[] x509Certificates;

    public UntrustedCertificateException(String str, X509Certificate[] x509CertificateArr) {
        super(str);
        this.x509Certificates = x509CertificateArr;
    }

    public X509Certificate[] getX509Certificates() {
        return this.x509Certificates;
    }

    @Override // java.lang.Throwable
    public String getMessage() {
        StringBuilder sb = new StringBuilder(150);
        sb.append(super.getMessage());
        if (this.x509Certificates != null && this.x509Certificates.length > 0) {
            sb.append("\n\nFollow certificates (in PEM format) presented by the peer. Content between being/end certificate (including) can be stored in a file and imported using keytool, e.g. 'keytool -importcert -file cert.cer -alias certAlias -keystore keystore.jks'). Make sure the presented certificates are issued by your trusted CA before adding them to the keystore.\n\n");
            for (X509Certificate x509Certificate : this.x509Certificates) {
                sb.append("Subject: ").append(x509Certificate.getSubjectDN()).append("\n");
                sb.append("Serial number: ").append(x509Certificate.getSerialNumber()).append("\n");
                appendThumbPrint(x509Certificate, sb);
                sb.append("\n");
                appendCertificate(x509Certificate, sb);
                sb.append("\n");
            }
        }
        return sb.toString();
    }

    private static void appendThumbPrint(X509Certificate x509Certificate, StringBuilder sb) {
        sb.append("Thumbprint SHA-1: ");
        appendThumbPrint(x509Certificate, "SHA-1", sb);
        sb.append("\n");
        sb.append("Thumbprint MD5: ");
        appendThumbPrint(x509Certificate, MessageDigestAlgorithms.MD5, sb);
        sb.append("\n");
    }

    private static void appendThumbPrint(X509Certificate x509Certificate, String str, StringBuilder sb) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.update(x509Certificate.getEncoded());
            appendHexSpace(Hex.encode(messageDigest.digest()), sb);
        } catch (NoSuchAlgorithmException e) {
            sb.append("Error calculating thumbprint: " + e.getMessage());
        } catch (CertificateEncodingException e2) {
            sb.append("Error calculating thumbprint: " + e2.getMessage());
        }
    }

    private static void appendHexSpace(char[] cArr, StringBuilder sb) {
        for (int i = 1; i <= cArr.length; i++) {
            sb.append(cArr[i - 1]);
            if (i % 2 == 0 && i != cArr.length) {
                sb.append(":");
            }
        }
    }

    private static void appendCertificate(X509Certificate x509Certificate, StringBuilder sb) {
        sb.append("-----BEGIN CERTIFICATE-----\n");
        try {
            String str = new String(Base64.encode(x509Certificate.getEncoded()));
            int i = 0;
            while (true) {
                int i2 = i + 76;
                if (i2 >= str.length()) {
                    break;
                }
                sb.append(str.substring(i, i2)).append("\n");
                i = i2;
            }
            sb.append(str.substring(i)).append("\n");
        } catch (CertificateEncodingException e) {
            sb.append("Cannot encode: ").append(e.getMessage());
        }
        sb.append("-----END CERTIFICATE-----\n");
    }
}
