package android.org.apache.http.conn.ssl;

import android.javax.naming.InvalidNameException;
import android.javax.naming.NamingException;
import android.javax.naming.directory.Attribute;
import android.javax.naming.ldap.LdapName;
import android.javax.naming.ldap.Rdn;
import android.org.apache.commons.logging.Log;
import android.org.apache.commons.logging.LogFactory;
import android.org.apache.http.annotation.Immutable;
import android.org.apache.http.conn.util.PublicSuffixMatcher;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Locale;
import java.util.NoSuchElementException;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;

/* compiled from: ProGuard */
@Immutable
/* loaded from: classes.dex */
public final class DefaultHostnameVerifier implements HostnameVerifier {
    public static final int DNS_NAME_TYPE = 2;
    public static final int IP_ADDRESS_TYPE = 7;
    private final Log log;
    private final PublicSuffixMatcher publicSuffixMatcher;

    public DefaultHostnameVerifier() {
        this(null);
    }

    public DefaultHostnameVerifier(PublicSuffixMatcher publicSuffixMatcher) {
        this.log = LogFactory.getLog(DefaultHostnameVerifier.class);
        this.publicSuffixMatcher = publicSuffixMatcher;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public static String extractCN(String str) throws SSLException {
        String str2 = str;
        if (str2 == null) {
            return null;
        }
        try {
            List<Rdn> rdns = new LdapName(str2).getRdns();
            for (int size = rdns.size() - 1; size >= 0; size--) {
                Attribute attribute = rdns.get(size).toAttributes().get("cn");
                if (attribute != null) {
                    try {
                        Object obj = attribute.get();
                        if (obj != null) {
                            return obj.toString();
                        }
                        continue;
                    } catch (NamingException | NoSuchElementException unused) {
                        continue;
                    }
                }
            }
            return null;
        } catch (InvalidNameException unused2) {
            throw new SSLException(str2 + " is not a valid X500 distinguished name");
        }
    }

    public static List<String> extractSubjectAlts(X509Certificate x509Certificate, int i11) {
        Collection<List<?>> collection;
        ArrayList arrayList = null;
        try {
            collection = x509Certificate.getSubjectAlternativeNames();
        } catch (CertificateParsingException unused) {
            collection = null;
        }
        if (collection != null) {
            for (List<?> list : collection) {
                if (((Integer) list.get(0)).intValue() == i11) {
                    String str = (String) list.get(1);
                    if (arrayList == null) {
                        arrayList = new ArrayList();
                    }
                    arrayList.add(str);
                }
            }
        }
        return arrayList;
    }

    public static void matchCN(String str, String str2, PublicSuffixMatcher publicSuffixMatcher) throws SSLException {
        if (matchIdentityStrict(str, str2, publicSuffixMatcher)) {
            return;
        }
        throw new SSLException("Certificate for <" + str + "> doesn't match common name of the certificate subject: " + str2);
    }

    public static void matchDNSName(String str, List<String> list, PublicSuffixMatcher publicSuffixMatcher) throws SSLException {
        String lowerCase = str.toLowerCase(Locale.ROOT);
        for (int i11 = 0; i11 < list.size(); i11++) {
            if (matchIdentityStrict(lowerCase, list.get(i11).toLowerCase(Locale.ROOT), publicSuffixMatcher)) {
                return;
            }
        }
        throw new SSLException("Certificate for <" + str + "> doesn't match any of the subject alternative names: " + list);
    }

    public static boolean matchDomainRoot(String str, String str2) {
        if (str2 == null || !str.endsWith(str2)) {
            return false;
        }
        if (str.length() != str2.length() && str.charAt((str.length() - str2.length()) - 1) != '.') {
            return false;
        }
        return true;
    }

    public static void matchIPAddress(String str, List<String> list) throws SSLException {
        for (int i11 = 0; i11 < list.size(); i11++) {
            if (str.equals(list.get(i11))) {
                return;
            }
        }
        throw new SSLException("Certificate for <" + str + "> doesn't match any of the subject alternative names: " + list);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public static void matchIPv6Address(String str, List<String> list) throws SSLException {
        String normaliseAddress = normaliseAddress(str);
        for (int i11 = 0; i11 < list.size(); i11++) {
            if (normaliseAddress.equals(normaliseAddress(list.get(i11)))) {
                return;
            }
        }
        throw new SSLException("Certificate for <" + str + "> doesn't match any of the subject alternative names: " + list);
    }

    public static boolean matchIdentity(String str, String str2) {
        return matchIdentity(str, str2, null, false);
    }

    public static boolean matchIdentity(String str, String str2, PublicSuffixMatcher publicSuffixMatcher) {
        return matchIdentity(str, str2, publicSuffixMatcher, false);
    }

    private static boolean matchIdentity(String str, String str2, PublicSuffixMatcher publicSuffixMatcher, boolean z11) {
        if (publicSuffixMatcher != null && str.contains(".") && !matchDomainRoot(str, publicSuffixMatcher.getDomainRoot(str2))) {
            return false;
        }
        int indexOf = str2.indexOf(42);
        if (indexOf == -1) {
            return str.equalsIgnoreCase(str2);
        }
        String substring = str2.substring(0, indexOf);
        String substring2 = str2.substring(indexOf + 1);
        if (!substring.isEmpty() && !str.startsWith(substring)) {
            return false;
        }
        if (substring2.isEmpty() || str.endsWith(substring2)) {
            return (z11 && str.substring(substring.length(), str.length() - substring2.length()).contains(".")) ? false : true;
        }
        return false;
    }

    public static boolean matchIdentityStrict(String str, String str2) {
        return matchIdentity(str, str2, null, true);
    }

    public static boolean matchIdentityStrict(String str, String str2, PublicSuffixMatcher publicSuffixMatcher) {
        return matchIdentity(str, str2, publicSuffixMatcher, true);
    }

    public static String normaliseAddress(String str) {
        if (str == null) {
            return str;
        }
        try {
            return InetAddress.getByName(str).getHostAddress();
        } catch (UnknownHostException unused) {
            return str;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:21:0x004b  */
    /* JADX WARN: Removed duplicated region for block: B:23:0x0053  */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void verify(java.lang.String r8, java.security.cert.X509Certificate r9) throws javax.net.ssl.SSLException {
        /*
            r7 = this;
            r4 = r7
            boolean r6 = android.org.apache.http.conn.util.InetAddressUtils.isIPv4Address(r8)
            r0 = r6
            boolean r1 = android.org.apache.http.conn.util.InetAddressUtils.isIPv6Address(r8)
            if (r0 != 0) goto L14
            r6 = 3
            if (r1 == 0) goto L10
            goto L15
        L10:
            r6 = 3
            r6 = 2
            r2 = r6
            goto L17
        L14:
            r6 = 7
        L15:
            r6 = 7
            r2 = r6
        L17:
            java.util.List r2 = extractSubjectAlts(r9, r2)
            if (r2 == 0) goto L39
            boolean r3 = r2.isEmpty()
            if (r3 != 0) goto L39
            if (r0 == 0) goto L29
            matchIPAddress(r8, r2)
            goto L52
        L29:
            if (r1 == 0) goto L30
            r6 = 7
            matchIPv6Address(r8, r2)
            goto L52
        L30:
            r6 = 6
            android.org.apache.http.conn.util.PublicSuffixMatcher r9 = r4.publicSuffixMatcher
            r6 = 3
            matchDNSName(r8, r2, r9)
            r6 = 3
            goto L52
        L39:
            r6 = 5
            javax.security.auth.x500.X500Principal r9 = r9.getSubjectX500Principal()
            java.lang.String r6 = "RFC2253"
            r0 = r6
            java.lang.String r9 = r9.getName(r0)
            java.lang.String r9 = extractCN(r9)
            if (r9 == 0) goto L53
            r6 = 3
            android.org.apache.http.conn.util.PublicSuffixMatcher r0 = r4.publicSuffixMatcher
            r6 = 2
            matchCN(r8, r9, r0)
        L52:
            return
        L53:
            r6 = 6
            javax.net.ssl.SSLException r9 = new javax.net.ssl.SSLException
            r6 = 7
            java.lang.StringBuilder r0 = new java.lang.StringBuilder
            r0.<init>()
            r6 = 7
            java.lang.String r1 = "Certificate subject for <"
            r0.append(r1)
            r0.append(r8)
            java.lang.String r8 = "> doesn't contain "
            r0.append(r8)
            java.lang.String r6 = "a common name and does not have alternative names"
            r8 = r6
            r0.append(r8)
            java.lang.String r6 = r0.toString()
            r8 = r6
            r9.<init>(r8)
            r6 = 5
            throw r9
            r6 = 5
        */
        throw new UnsupportedOperationException("Method not decompiled: android.org.apache.http.conn.ssl.DefaultHostnameVerifier.verify(java.lang.String, java.security.cert.X509Certificate):void");
    }

    @Override // javax.net.ssl.HostnameVerifier
    public final boolean verify(String str, SSLSession sSLSession) {
        try {
            verify(str, (X509Certificate) sSLSession.getPeerCertificates()[0]);
            return true;
        } catch (SSLException e11) {
            if (this.log.isDebugEnabled()) {
                this.log.debug(e11.getMessage(), e11);
            }
            return false;
        }
    }
}
