package org.openecard.common.util;

import java.io.IOException;
import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import org.openecard.apache.http.HttpStatus;
import org.openecard.bouncycastle.crypto.tls.Certificate;
import org.openecard.common.tlv.TLV;
import org.openecard.common.tlv.TLVException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openecard/common/util/TR03112Utils.class */
public class TR03112Utils {
    private static final Logger logger = LoggerFactory.getLogger(TR03112Utils.class.getName());
    private static final int TAG_OCTET_STRING = 4;
    private static final String SHA256 = "SHA-256";

    public static boolean checkSameOriginPolicy(URL url, URL url2) {
        logger.debug("Checking SOP for {} and {}.", url, url2);
        if (!url.getProtocol().equals(url2.getProtocol())) {
            logger.error("SOP violated; the protocols do not match.");
            return false;
        }
        if (!url.getHost().equals(url2.getHost())) {
            logger.error("SOP violated; the hosts do not match.");
            return false;
        }
        int port = url.getPort();
        if (port == -1) {
            port = url.getDefaultPort();
        }
        int port2 = url2.getPort();
        if (port2 == -1) {
            port2 = url2.getDefaultPort();
        }
        if (port == port2) {
            return true;
        }
        logger.error("SOP violated; the ports do not match");
        return false;
    }

    public static boolean isInCommCertificates(Certificate certificate, List<byte[]> list) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(SHA256);
            messageDigest.update(certificate.getCerts()[0].getEncoded());
            byte[] digest = messageDigest.digest();
            TLV tlv = new TLV();
            tlv.setTagNumWithClass(4L);
            tlv.setValue(digest);
            byte[] ber = tlv.toBER();
            if (logger.isDebugEnabled()) {
                logger.debug("Hash (with tag) of the retrieved server certificate: {}", ByteUtils.toHexString(ber));
            }
            for (byte[] bArr : list) {
                logger.debug("CommCertificate: {}", ByteUtils.toHexString(bArr));
                if (ByteUtils.compare(bArr, ber)) {
                    return true;
                }
            }
            return false;
        } catch (IOException e) {
            logger.error("Server certificate couldn't be encoded.");
            return false;
        } catch (NoSuchAlgorithmException e2) {
            logger.error("SHA-256 digest algorithm is not available.");
            return false;
        } catch (TLVException e3) {
            logger.error("TLV construction failed.");
            return false;
        }
    }

    public static boolean isRedirectStatusCode(int i) {
        switch (i) {
            case HttpStatus.SC_MOVED_PERMANENTLY /* 301 */:
            case HttpStatus.SC_MOVED_TEMPORARILY /* 302 */:
            case HttpStatus.SC_SEE_OTHER /* 303 */:
            case HttpStatus.SC_TEMPORARY_REDIRECT /* 307 */:
                return true;
            case HttpStatus.SC_NOT_MODIFIED /* 304 */:
            case HttpStatus.SC_USE_PROXY /* 305 */:
            case 306:
            default:
                return false;
        }
    }
}
