package com.unboundid.util.ssl;

import com.unboundid.ldap.sdk.DN;
import com.unboundid.ldap.sdk.LDAPConnectionOptions;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.RDN;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.util.Debug;
import com.unboundid.util.NotMutable;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import java.net.InetAddress;
import java.net.URI;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.List;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;

@ThreadSafety(level = ThreadSafetyLevel.COMPLETELY_THREADSAFE)
@NotMutable
/* loaded from: classes6.dex */
public final class HostNameSSLSocketVerifier extends SSLSocketVerifier {
    private final boolean allowWildcards;

    public HostNameSSLSocketVerifier(boolean z11) {
        this.allowWildcards = z11;
    }

    public static boolean certificateIncludesHostname(String str, X509Certificate x509Certificate, boolean z11, StringBuilder sb2) {
        int i11;
        String lowerCase = StaticUtils.toLowerCase(str);
        String name = x509Certificate.getSubjectX500Principal().getName("RFC2253");
        sb2.append("subject='");
        sb2.append(name);
        sb2.append('\'');
        try {
            for (RDN rdn : new DN(name).getRDNs()) {
                String[] attributeNames = rdn.getAttributeNames();
                String[] attributeValues = rdn.getAttributeValues();
                for (0; i11 < attributeNames.length; i11 + 1) {
                    String lowerCase2 = StaticUtils.toLowerCase(attributeNames[i11]);
                    i11 = (lowerCase2.equals("cn") || lowerCase2.equals("commonname") || lowerCase2.equals("2.5.4.3")) ? 0 : i11 + 1;
                    String lowerCase3 = StaticUtils.toLowerCase(attributeValues[i11]);
                    if (lowerCase.equals(lowerCase3)) {
                        return true;
                    }
                    if (z11 && lowerCase3.startsWith("*.") && lowerCase.endsWith(lowerCase3.substring(1))) {
                        return true;
                    }
                }
            }
        } catch (Exception e11) {
            Debug.debugException(e11);
        }
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                for (List<?> list : subjectAlternativeNames) {
                    try {
                        int intValue = ((Integer) list.get(0)).intValue();
                        if (intValue == 2) {
                            String str2 = (String) list.get(1);
                            sb2.append(" dNSName='");
                            sb2.append(str2);
                            sb2.append('\'');
                            String lowerCase4 = StaticUtils.toLowerCase(str2);
                            if (lowerCase.equals(lowerCase4)) {
                                return true;
                            }
                            if (z11 && lowerCase4.startsWith("*.") && lowerCase.endsWith(lowerCase4.substring(1))) {
                                return true;
                            }
                        } else if (intValue == 6) {
                            String str3 = (String) list.get(1);
                            sb2.append(" uniformResourceIdentifier='");
                            sb2.append(str3);
                            sb2.append('\'');
                            if (lowerCase.equals(StaticUtils.toLowerCase(new URI(str3).getHost()))) {
                                return true;
                            }
                        } else if (intValue == 7) {
                            String str4 = (String) list.get(1);
                            sb2.append(" iPAddress='");
                            sb2.append(str4);
                            sb2.append('\'');
                            InetAddress byName = LDAPConnectionOptions.DEFAULT_NAME_RESOLVER.getByName(str4);
                            if (!Character.isDigit(str.charAt(0)) && str.indexOf(58) < 0) {
                            }
                            if (byName.equals(InetAddress.getByName(str))) {
                                return true;
                            }
                        }
                    } catch (Exception e12) {
                        Debug.debugException(e12);
                    }
                }
            }
            return false;
        } catch (Exception e13) {
            Debug.debugException(e13);
            return false;
        }
    }

    @Override // com.unboundid.util.ssl.SSLSocketVerifier
    public void verifySSLSocket(String str, int i11, SSLSocket sSLSocket) throws LDAPException {
        try {
            SSLSession session = sSLSocket.getSession();
            if (session == null) {
                throw new LDAPException(ResultCode.CONNECT_ERROR, b.ERR_HOST_NAME_SSL_SOCKET_VERIFIER_NO_SESSION.c(str, Integer.valueOf(i11)));
            }
            Certificate[] peerCertificates = session.getPeerCertificates();
            if (peerCertificates == null || peerCertificates.length == 0) {
                throw new LDAPException(ResultCode.CONNECT_ERROR, b.ERR_HOST_NAME_SSL_SOCKET_VERIFIER_NO_PEER_CERTS.c(str, Integer.valueOf(i11)));
            }
            if (!(peerCertificates[0] instanceof X509Certificate)) {
                throw new LDAPException(ResultCode.CONNECT_ERROR, b.ERR_HOST_NAME_SSL_SOCKET_VERIFIER_PEER_NOT_X509.c(str, Integer.valueOf(i11), peerCertificates[0].getType()));
            }
            StringBuilder sb2 = new StringBuilder();
            if (!certificateIncludesHostname(str, (X509Certificate) peerCertificates[0], this.allowWildcards, sb2)) {
                throw new LDAPException(ResultCode.CONNECT_ERROR, b.ERR_HOST_NAME_SSL_SOCKET_VERIFIER_HOSTNAME_NOT_FOUND.c(str, sb2.toString()));
            }
        } catch (LDAPException e11) {
            Debug.debugException(e11);
            throw e11;
        } catch (Exception e12) {
            Debug.debugException(e12);
            throw new LDAPException(ResultCode.CONNECT_ERROR, b.ERR_HOST_NAME_SSL_SOCKET_VERIFIER_EXCEPTION.c(str, Integer.valueOf(i11), StaticUtils.getExceptionMessage(e12)), e12);
        }
    }
}
