package org.jivesoftware.smack.java7;

import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.Principal;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.auth.kerberos.KerberosPrincipal;
import org.jivesoftware.smack.util.IpAddressUtil;

/* loaded from: input_file:lib/smack-java7-4.2.1.jar:org/jivesoftware/smack/java7/XmppHostnameVerifier.class */
public class XmppHostnameVerifier implements HostnameVerifier {
    private static final Logger LOGGER = Logger.getLogger(XmppHostnameVerifier.class.getName());
    private static final int ALTNAME_DNS = 2;
    private static final int ALTNAME_IP = 7;

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        Certificate[] peerCertificates;
        boolean z = false;
        boolean z2 = false;
        try {
            peerCertificates = sSLSession.getPeerCertificates();
        } catch (SSLPeerUnverifiedException e) {
            Principal principal = null;
            try {
                principal = sSLSession.getPeerPrincipal();
            } catch (SSLPeerUnverifiedException e2) {
                LOGGER.log(Level.INFO, "Can't verify principal for " + str + ". Not kerberos", (Throwable) e2);
            }
            if (principal instanceof KerberosPrincipal) {
                z2 = match(str, (KerberosPrincipal) principal);
            } else {
                LOGGER.info("Can't verify principal for " + str + ". Not kerberos");
            }
        }
        if (peerCertificates.length == 0 || !(peerCertificates[0] instanceof X509Certificate)) {
            return false;
        }
        try {
            match(str, (X509Certificate) peerCertificates[0]);
            z = true;
        } catch (CertificateException e3) {
            LOGGER.log(Level.INFO, "Certificate does not match hostname", (Throwable) e3);
        }
        return z || z2;
    }

    private static void match(String str, X509Certificate x509Certificate) throws CertificateException {
        if (IpAddressUtil.isIpAddress(str)) {
            matchIp(str, x509Certificate);
        } else {
            matchDns(str, x509Certificate);
        }
    }

    private static boolean match(String str, KerberosPrincipal kerberosPrincipal) {
        LOGGER.warning("KerberosPrincipal validation not implemented yet. Can not verify " + str);
        return false;
    }

    private static void matchDns(String str, X509Certificate x509Certificate) throws CertificateException {
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (subjectAlternativeNames != null) {
            LinkedList linkedList = new LinkedList();
            for (List<?> list : subjectAlternativeNames) {
                if (((Integer) list.get(0)).intValue() == 2) {
                    String str2 = (String) list.get(1);
                    if (matchesPerRfc2818(str, str2)) {
                        return;
                    } else {
                        linkedList.add(str2);
                    }
                }
            }
            if (!linkedList.isEmpty()) {
                StringBuilder sb = new StringBuilder("No subject alternative DNS name matching " + str + " found. Tried: ");
                Iterator it = linkedList.iterator();
                while (it.hasNext()) {
                    sb.append((String) it.next()).append(',');
                }
                throw new CertificateException(sb.toString());
            }
        }
        LdapName ldapName = null;
        try {
            ldapName = new LdapName(x509Certificate.getSubjectX500Principal().getName());
        } catch (InvalidNameException e) {
            LOGGER.warning("Invalid DN: " + e.getMessage());
        }
        if (ldapName != null) {
            Iterator it2 = ldapName.getRdns().iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                Rdn rdn = (Rdn) it2.next();
                if (rdn.getType().equalsIgnoreCase("CN")) {
                    if (matchesPerRfc2818(str, rdn.getValue().toString())) {
                        return;
                    }
                }
            }
        }
        throw new CertificateException("No name matching " + str + " found");
    }

    private static boolean matchesPerRfc2818(String str, String str2) {
        String[] split = str.toLowerCase(Locale.US).split("\\.");
        String[] split2 = str2.toLowerCase(Locale.US).split("\\.");
        if (split.length != split2.length) {
            return false;
        }
        for (int i = 0; i < split.length; i++) {
            if (!matchWildCards(split[i], split2[i])) {
                return false;
            }
        }
        return true;
    }

    private static boolean matchWildCards(String str, String str2) {
        int indexOf = str2.indexOf("*");
        if (indexOf == -1) {
            return str.equals(str2);
        }
        boolean z = true;
        String str3 = str2;
        while (indexOf != -1) {
            String substring = str3.substring(0, indexOf);
            str3 = str3.substring(indexOf + 1);
            int indexOf2 = str.indexOf(substring);
            if (indexOf2 == -1) {
                return false;
            }
            if (z && indexOf2 != 0) {
                return false;
            }
            z = false;
            str = str.substring(indexOf2 + substring.length());
            indexOf = str3.indexOf("*");
        }
        return str.endsWith(str3);
    }

    private static void matchIp(String str, X509Certificate x509Certificate) throws CertificateException {
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (subjectAlternativeNames == null) {
            throw new CertificateException("No subject alternative names present");
        }
        LinkedList linkedList = new LinkedList();
        for (List<?> list : subjectAlternativeNames) {
            if (((Integer) list.get(0)).intValue() == 7) {
                String str2 = (String) list.get(1);
                if (str.equalsIgnoreCase(str2)) {
                    return;
                }
                try {
                    if (InetAddress.getByName(str).equals(InetAddress.getByName(str2))) {
                        return;
                    }
                } catch (SecurityException | UnknownHostException e) {
                    LOGGER.log(Level.FINE, "Comparing IP strings failed", e);
                }
                linkedList.add(str2);
            }
        }
        StringBuilder sb = new StringBuilder("No subject alternative names matching IP address " + str + " found. Tried: ");
        Iterator it = linkedList.iterator();
        while (it.hasNext()) {
            sb.append((String) it.next()).append(',');
        }
        throw new CertificateException(sb.toString());
    }
}
