package HTTPClient;

import HTTPClient.ntlm.NtlmAuthenticationScheme;
import java.net.InetAddress;
import java.security.Principal;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.directory.Attribute;
import javax.naming.ldap.LdapName;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.cert.X509Certificate;

/* loaded from: input_file:HTTPClient/StandardHostnameVerifier.class */
public class StandardHostnameVerifier implements HostnameVerifier {
    private static final Logger logger = HttpClientLoggerFactory.getLogger(StandardHostnameVerifier.class.getName());
    private boolean recognizeWildcardCNs = true;

    public StandardHostnameVerifier() {
    }

    public StandardHostnameVerifier(boolean z) {
        setRecognizeWildcardCNs(z);
    }

    public boolean isRecognizeWildcardCNs() {
        return this.recognizeWildcardCNs;
    }

    public boolean setRecognizeWildcardCNs(boolean z) {
        boolean z2 = this.recognizeWildcardCNs;
        this.recognizeWildcardCNs = z;
        return z2;
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        String trim = null == str ? NtlmAuthenticationScheme.NTLM_REALM : str.trim();
        if (null == sSLSession) {
            if (!logger.isLoggable(Level.FINE)) {
                return false;
            }
            logger.log(Level.FINE, "Expected non-null SSLSession for host ''{0}''.", new Object[]{trim});
            return false;
        }
        if (NtlmAuthenticationScheme.NTLM_REALM.equals(trim)) {
            if (!logger.isLoggable(Level.FINE)) {
                return false;
            }
            logger.log(Level.FINE, "Expected non-null, non-empty hostname.");
            return false;
        }
        try {
            X509Certificate[] peerCertificateChain = sSLSession.getPeerCertificateChain();
            if (null == peerCertificateChain || 0 == peerCertificateChain.length) {
                throw new SSLPeerUnverifiedException("Found no server certificates.");
            }
            dumpCertDNsToLog(peerCertificateChain, trim);
            X509Certificate x509Certificate = peerCertificateChain[0];
            if (null == x509Certificate) {
                if (!logger.isLoggable(Level.FINE)) {
                    return false;
                }
                logger.log(Level.FINE, "First SSL certificate is null for hostname ''{0}''.", new Object[]{trim});
                return false;
            }
            Principal subjectDN = x509Certificate.getSubjectDN();
            if (null == subjectDN) {
                if (!logger.isLoggable(Level.FINE)) {
                    return false;
                }
                logger.log(Level.FINE, "Principal in first SSL certificate is null for hostname ''{0}''.", new Object[]{trim});
                return false;
            }
            String name = subjectDN.getName();
            if (null == name || NtlmAuthenticationScheme.NTLM_REALM.equals(name)) {
                if (!logger.isLoggable(Level.FINE)) {
                    return false;
                }
                logger.log(Level.FINE, "First SSL certificate has null or empty Distinguished Name (DN) for hostname ''{0}''", new Object[]{trim});
                return false;
            }
            if (isMatchesCN(trim, name)) {
                if (!logger.isLoggable(Level.FINEST)) {
                    return true;
                }
                logger.log(Level.FINEST, "Successfully verified hostname ''{0}'' with SSL certificate Common Name (CN).", new Object[]{trim});
                return true;
            }
            if (!logger.isLoggable(Level.FINE)) {
                return false;
            }
            logger.log(Level.FINE, "SSL certificate Distinguished Name (DN) ''{0}'' does not have a Common Name (CN) which matches hostname ''{1}''.", new Object[]{name, trim});
            return false;
        } catch (Exception e) {
            if (!logger.isLoggable(Level.FINE)) {
                return false;
            }
            logger.log(Level.FINE, "Unable to obtain SSL session peer certificate chain for host '" + trim + "'.", (Throwable) e);
            return false;
        }
    }

    private boolean isMatchesCN(String str, String str2) {
        String obj;
        int length;
        try {
            LdapName ldapName = new LdapName(str2);
            for (int size = ldapName.size() - 1; size >= 0; size--) {
                Attribute attribute = ldapName.getRdn(size).toAttributes().get("CN");
                if (null != attribute) {
                    int size2 = attribute.size();
                    for (int i = 0; i < size2; i++) {
                        Object obj2 = attribute.get(i);
                        if (null != obj2 && null != (obj = obj2.toString())) {
                            String trim = obj.trim();
                            if (trim.equalsIgnoreCase(str)) {
                                return true;
                            }
                            if (HTTPConnection.isStringAnIPv6(str) && HTTPConnection.isStringAnIPv6(trim) && InetAddress.getByName(str).equals(InetAddress.getByName(trim))) {
                                return true;
                            }
                            if (this.recognizeWildcardCNs && trim.startsWith("*.") && -1 != trim.indexOf(46, 2) && -1 == trim.indexOf(42, 2) && (length = str.length() - (trim.length() - 1)) >= 0) {
                                if (trim.substring(1).equalsIgnoreCase(str.substring(length))) {
                                    return true;
                                }
                            }
                        }
                    }
                }
            }
            return false;
        } catch (Exception e) {
            if (!logger.isLoggable(Level.FINE)) {
                return false;
            }
            logger.log(Level.FINE, "Unable to parse DN '" + str2 + "' for hostname '" + str + "'.", (Throwable) e);
            return false;
        }
    }

    private static void dumpCertDNsToLog(X509Certificate[] x509CertificateArr, String str) {
        Level level = Level.FINEST;
        if (logger.isLoggable(level)) {
            String str2 = null == str ? NtlmAuthenticationScheme.NTLM_REALM : str;
            if (null == x509CertificateArr || 0 == x509CertificateArr.length) {
                logger.log(level, "Null or empty peer certificate chain given for hostname ''{0}''", new Object[]{str2});
                return;
            }
            StringBuilder sb = new StringBuilder(256);
            sb.append("Dump of SSL certificate DN values for Host '");
            sb.append(str2);
            sb.append("': \n");
            for (X509Certificate x509Certificate : x509CertificateArr) {
                if (null != x509Certificate) {
                    sb.append(x509Certificate.getSubjectDN().getName());
                    sb.append('\n');
                }
            }
            sb.append("done---------\n");
            logger.log(level, sb.toString());
        }
    }
}
