package com.unboundid.util.ssl;

import com.unboundid.ldap.sdk.DN;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.RDN;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.util.Debug;
import com.unboundid.util.NotMutable;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import java.net.InetAddress;
import java.net.URI;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.List;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;

@ThreadSafety(level = ThreadSafetyLevel.COMPLETELY_THREADSAFE)
@NotMutable
/* loaded from: classes.dex */
public final class HostNameSSLSocketVerifier extends SSLSocketVerifier {
    private final boolean allowWildcards;

    public HostNameSSLSocketVerifier(boolean z) {
        this.allowWildcards = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean certificateIncludesHostname(String str, X509Certificate x509Certificate, boolean z, StringBuilder sb) {
        String lowerCase = StaticUtils.toLowerCase(str);
        String name = x509Certificate.getSubjectX500Principal().getName("RFC2253");
        sb.append("subject='");
        sb.append(name);
        sb.append('\'');
        try {
            for (RDN rdn : new DN(name).getRDNs()) {
                String[] attributeNames = rdn.getAttributeNames();
                String[] attributeValues = rdn.getAttributeValues();
                for (int i = 0; i < attributeNames.length; i++) {
                    String lowerCase2 = StaticUtils.toLowerCase(attributeNames[i]);
                    if (lowerCase2.equals("cn") || lowerCase2.equals("commonname") || lowerCase2.equals("2.5.4.3")) {
                        String lowerCase3 = StaticUtils.toLowerCase(attributeValues[i]);
                        if (lowerCase.equals(lowerCase3)) {
                            return true;
                        }
                        if (z && lowerCase3.startsWith("*.") && lowerCase.endsWith(lowerCase3.substring(1))) {
                            return true;
                        }
                    }
                }
            }
        } catch (Exception e) {
            Debug.debugException(e);
        }
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                for (List<?> list : subjectAlternativeNames) {
                    try {
                        int intValue = ((Integer) list.get(0)).intValue();
                        if (intValue != 2) {
                            switch (intValue) {
                                case 6:
                                    String str2 = (String) list.get(1);
                                    sb.append(" uniformResourceIdentifier='");
                                    sb.append(str2);
                                    sb.append('\'');
                                    if (lowerCase.equals(StaticUtils.toLowerCase(new URI(str2).getHost()))) {
                                        return true;
                                    }
                                    break;
                                case 7:
                                    String str3 = (String) list.get(1);
                                    sb.append(" iPAddress='");
                                    sb.append(str3);
                                    sb.append('\'');
                                    InetAddress byName = InetAddress.getByName(str3);
                                    if (!Character.isDigit(str.charAt(0)) && str.indexOf(58) < 0) {
                                        break;
                                    } else {
                                        if (byName.equals(InetAddress.getByName(str))) {
                                            return true;
                                        }
                                        break;
                                    }
                                    break;
                            }
                        } else {
                            String str4 = (String) list.get(1);
                            sb.append(" dNSName='");
                            sb.append(str4);
                            sb.append('\'');
                            String lowerCase4 = StaticUtils.toLowerCase(str4);
                            if (lowerCase.equals(lowerCase4)) {
                                return true;
                            }
                            if (z && lowerCase4.startsWith("*.") && lowerCase.endsWith(lowerCase4.substring(1))) {
                                return true;
                            }
                        }
                    } catch (Exception e2) {
                        Debug.debugException(e2);
                    }
                }
            }
            return false;
        } catch (Exception e3) {
            Debug.debugException(e3);
            return false;
        }
    }

    @Override // com.unboundid.util.ssl.SSLSocketVerifier
    public void verifySSLSocket(String str, int i, SSLSocket sSLSocket) throws LDAPException {
        try {
            SSLSession session = sSLSocket.getSession();
            if (session == null) {
                throw new LDAPException(ResultCode.CONNECT_ERROR, SSLMessages.ERR_HOST_NAME_SSL_SOCKET_VERIFIER_NO_SESSION.get(str, Integer.valueOf(i)));
            }
            Certificate[] peerCertificates = session.getPeerCertificates();
            if (peerCertificates != null && peerCertificates.length != 0) {
                if (!(peerCertificates[0] instanceof X509Certificate)) {
                    throw new LDAPException(ResultCode.CONNECT_ERROR, SSLMessages.ERR_HOST_NAME_SSL_SOCKET_VERIFIER_PEER_NOT_X509.get(str, Integer.valueOf(i), peerCertificates[0].getType()));
                }
                StringBuilder sb = new StringBuilder();
                if (!certificateIncludesHostname(str, (X509Certificate) peerCertificates[0], this.allowWildcards, sb)) {
                    throw new LDAPException(ResultCode.CONNECT_ERROR, SSLMessages.ERR_HOST_NAME_SSL_SOCKET_VERIFIER_HOSTNAME_NOT_FOUND.get(str, sb.toString()));
                }
                return;
            }
            throw new LDAPException(ResultCode.CONNECT_ERROR, SSLMessages.ERR_HOST_NAME_SSL_SOCKET_VERIFIER_NO_PEER_CERTS.get(str, Integer.valueOf(i)));
        } catch (LDAPException e) {
            Debug.debugException(e);
            throw e;
        } catch (Exception e2) {
            Debug.debugException(e2);
            throw new LDAPException(ResultCode.CONNECT_ERROR, SSLMessages.ERR_HOST_NAME_SSL_SOCKET_VERIFIER_EXCEPTION.get(str, Integer.valueOf(i), StaticUtils.getExceptionMessage(e2)), e2);
        }
    }
}
