package IceSSL;

import Ice.Communicator;
import Ice.Logger;
import Ice.PluginInitializationException;
import Ice.Properties;
import Ice.SecurityException;
import IceInternal.EndpointHostResolver;
import IceInternal.Network;
import IceInternal.ProtocolPluginFacade;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.net.InetSocketAddress;
import java.nio.channels.SelectableChannel;
import java.nio.channels.SocketChannel;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import net.yuntian.iuclient.util.PhonebookConstant;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class Instance {
    static final /* synthetic */ boolean $assertionsDisabled;
    private boolean _allCiphers;
    private boolean _checkCertName;
    private CipherExpression[] _ciphers;
    private SSLContext _context;
    private String _defaultDir;
    private ProtocolPluginFacade _facade;
    private boolean _initialized;
    private InputStream _keystoreStream;
    private Logger _logger;
    private boolean _noCiphers;
    private PasswordCallback _passwordCallback;
    private String[] _protocols;
    private int _securityTraceLevel;
    private TrustManager _trustManager;
    private InputStream _truststoreStream;
    private CertificateVerifier _verifier;
    private int _verifyDepthMax;
    private int _verifyPeer;
    private List<InputStream> _seeds = new ArrayList();
    private String _securityTraceCategory = "Security";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class CipherExpression {
        String cipher;
        boolean not;
        Pattern re;

        private CipherExpression() {
        }
    }

    static {
        $assertionsDisabled = !Instance.class.desiredAssertionStatus();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Instance(Communicator communicator) {
        this._logger = communicator.getLogger();
        this._facade = IceInternal.Util.getProtocolPluginFacade(communicator);
        this._securityTraceLevel = communicator.getProperties().getPropertyAsIntWithDefault("IceSSL.Trace.Security", 0);
        this._trustManager = new TrustManager(communicator);
        this._facade.addEndpointFactory(new EndpointFactoryI(this));
    }

    private InputStream openResource(String str) throws IOException {
        InputStream openResource = IceInternal.Util.openResource(getClass().getClassLoader(), str);
        InputStream openResource2 = (openResource != null || this._defaultDir.length() <= 0) ? openResource : IceInternal.Util.openResource(getClass().getClassLoader(), this._defaultDir + File.separator + str);
        return openResource2 != null ? new BufferedInputStream(openResource2) : openResource2;
    }

    private void parseCiphers(String str) {
        ArrayList arrayList = new ArrayList();
        String[] split = str.split("[ \t]+");
        for (int i = 0; i < split.length; i++) {
            if (split[i].equals("ALL")) {
                if (i != 0) {
                    PluginInitializationException pluginInitializationException = new PluginInitializationException();
                    pluginInitializationException.reason = "IceSSL: `ALL' must be first in cipher list `" + str + "'";
                    throw pluginInitializationException;
                }
                this._allCiphers = true;
            } else if (!split[i].equals("NONE")) {
                CipherExpression cipherExpression = new CipherExpression();
                String str2 = split[i];
                if (str2.charAt(0) == '!') {
                    cipherExpression.not = true;
                    if (str2.length() <= 1) {
                        PluginInitializationException pluginInitializationException2 = new PluginInitializationException();
                        pluginInitializationException2.reason = "IceSSL: invalid cipher expression `" + str2 + "'";
                        throw pluginInitializationException2;
                    }
                    str2 = str2.substring(1);
                }
                if (str2.charAt(0) != '(') {
                    cipherExpression.cipher = str2;
                } else {
                    if (!str2.endsWith(")")) {
                        PluginInitializationException pluginInitializationException3 = new PluginInitializationException();
                        pluginInitializationException3.reason = "IceSSL: invalid cipher expression `" + str2 + "'";
                        throw pluginInitializationException3;
                    }
                    try {
                        cipherExpression.re = Pattern.compile(str2.substring(1, str2.length() - 2));
                    } catch (PatternSyntaxException e) {
                        throw new PluginInitializationException("IceSSL: invalid cipher expression `" + str2 + "'", e);
                    }
                }
                arrayList.add(cipherExpression);
            } else {
                if (i != 0) {
                    PluginInitializationException pluginInitializationException4 = new PluginInitializationException();
                    pluginInitializationException4.reason = "IceSSL: `NONE' must be first in cipher list `" + str + "'";
                    throw pluginInitializationException4;
                }
                this._noCiphers = true;
            }
        }
        this._ciphers = new CipherExpression[arrayList.size()];
        arrayList.toArray(this._ciphers);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addSeedStream(InputStream inputStream) {
        this._seeds.add(inputStream);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Communicator communicator() {
        return this._facade.getCommunicator();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLContext context() {
        return this._context;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void context(SSLContext sSLContext) {
        if (!this._initialized) {
            this._context = sSLContext;
        } else {
            PluginInitializationException pluginInitializationException = new PluginInitializationException();
            pluginInitializationException.reason = "IceSSL: plug-in is already initialized";
            throw pluginInitializationException;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLEngine createSSLEngine(boolean z, InetSocketAddress inetSocketAddress) {
        SSLEngine createSSLEngine = inetSocketAddress != null ? this._context.createSSLEngine(inetSocketAddress.getHostName(), inetSocketAddress.getPort()) : this._context.createSSLEngine();
        createSSLEngine.setUseClientMode(!z);
        String[] filterCiphers = filterCiphers(createSSLEngine.getSupportedCipherSuites(), createSSLEngine.getEnabledCipherSuites());
        try {
            createSSLEngine.setEnabledCipherSuites(filterCiphers);
            if (this._securityTraceLevel >= 1) {
                StringBuilder sb = new StringBuilder(PhonebookConstant.SMS_STATUS_FAILED);
                sb.append("enabling SSL ciphersuites:");
                for (String str : filterCiphers) {
                    sb.append("\n  ");
                    sb.append(str);
                }
                this._logger.trace(this._securityTraceCategory, sb.toString());
            }
            if (this._protocols != null) {
                try {
                    createSSLEngine.setEnabledProtocols(this._protocols);
                } catch (IllegalArgumentException e) {
                    throw new SecurityException("IceSSL: invalid protocol", e);
                }
            }
            if (z) {
                if (this._verifyPeer == 0) {
                    createSSLEngine.setWantClientAuth(false);
                    createSSLEngine.setNeedClientAuth(false);
                } else if (this._verifyPeer == 1) {
                    createSSLEngine.setWantClientAuth(true);
                } else {
                    createSSLEngine.setNeedClientAuth(true);
                }
            }
            try {
                createSSLEngine.beginHandshake();
                return createSSLEngine;
            } catch (SSLException e2) {
                throw new SecurityException("IceSSL: handshake error", e2);
            }
        } catch (IllegalArgumentException e3) {
            throw new SecurityException("IceSSL: invalid ciphersuite", e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String defaultHost() {
        return this._facade.getDefaultHost();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public EndpointHostResolver endpointHostResolver() {
        return this._facade.getEndpointHostResolver();
    }

    String[] filterCiphers(String[] strArr, String[] strArr2) {
        LinkedList linkedList = new LinkedList();
        if (this._allCiphers) {
            for (String str : strArr) {
                linkedList.add(str);
            }
        } else if (!this._noCiphers) {
            for (String str2 : strArr2) {
                linkedList.add(str2);
            }
        }
        if (this._ciphers != null) {
            for (CipherExpression cipherExpression : this._ciphers) {
                if (cipherExpression.not) {
                    Iterator it = linkedList.iterator();
                    while (it.hasNext()) {
                        String str3 = (String) it.next();
                        if (cipherExpression.cipher == null) {
                            if (!$assertionsDisabled && cipherExpression.re == null) {
                                throw new AssertionError();
                            }
                            if (cipherExpression.re.matcher(str3).find()) {
                                it.remove();
                            }
                        } else if (cipherExpression.cipher.equals(str3)) {
                            it.remove();
                        }
                    }
                } else if (cipherExpression.cipher != null) {
                    linkedList.add(0, cipherExpression.cipher);
                } else {
                    if (!$assertionsDisabled && cipherExpression.re == null) {
                        throw new AssertionError();
                    }
                    for (String str4 : strArr) {
                        if (cipherExpression.re.matcher(str4).find()) {
                            linkedList.add(0, str4);
                        }
                    }
                }
            }
        }
        String[] strArr3 = new String[linkedList.size()];
        linkedList.toArray(strArr3);
        return strArr3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CertificateVerifier getCertificateVerifier() {
        return this._verifier;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PasswordCallback getPasswordCallback() {
        return this._passwordCallback;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void initialize() {
        InputStream openResource;
        InputStream openResource2;
        KeyStore keyStore;
        if (this._initialized) {
            return;
        }
        Properties properties = communicator().getProperties();
        String property = properties.getProperty("IceSSL.Ciphers");
        if (property.length() > 0) {
            parseCiphers(property);
        }
        String[] propertyAsList = properties.getPropertyAsList("IceSSL.Protocols");
        if (propertyAsList.length != 0) {
            ArrayList arrayList = new ArrayList();
            for (String str : propertyAsList) {
                String lowerCase = str.toLowerCase();
                if (lowerCase.equals("ssl3") || lowerCase.equals("sslv3")) {
                    arrayList.add("SSLv3");
                } else {
                    if (!lowerCase.equals("tls") && !lowerCase.equals("tls1") && !lowerCase.equals("tlsv1")) {
                        PluginInitializationException pluginInitializationException = new PluginInitializationException();
                        pluginInitializationException.reason = "IceSSL: unrecognized protocol `" + str + "'";
                        throw pluginInitializationException;
                    }
                    arrayList.add("TLSv1");
                }
            }
            this._protocols = new String[arrayList.size()];
            arrayList.toArray(this._protocols);
        }
        this._checkCertName = properties.getPropertyAsIntWithDefault("IceSSL.CheckCertName", 0) > 0;
        this._verifyDepthMax = properties.getPropertyAsIntWithDefault("IceSSL.VerifyDepthMax", 2);
        this._verifyPeer = communicator().getProperties().getPropertyAsIntWithDefault("IceSSL.VerifyPeer", 2);
        String property2 = properties.getProperty("IceSSL.CertVerifier");
        if (property2.length() > 0) {
            if (this._verifier != null) {
                PluginInitializationException pluginInitializationException2 = new PluginInitializationException();
                pluginInitializationException2.reason = "IceSSL: certificate verifier already installed";
                throw pluginInitializationException2;
            }
            try {
                try {
                    this._verifier = (CertificateVerifier) this._facade.findClass(property2).newInstance();
                } catch (Throwable th) {
                    throw new PluginInitializationException("IceSSL: unable to instantiate certificate verifier class " + property2, th);
                }
            } catch (Throwable th2) {
                throw new PluginInitializationException("IceSSL: unable to load certificate verifier class " + property2, th2);
            }
        }
        String property3 = properties.getProperty("IceSSL.PasswordCallback");
        if (property3.length() > 0) {
            if (this._passwordCallback != null) {
                PluginInitializationException pluginInitializationException3 = new PluginInitializationException();
                pluginInitializationException3.reason = "IceSSL: password callback already installed";
                throw pluginInitializationException3;
            }
            try {
                try {
                    this._passwordCallback = (PasswordCallback) this._facade.findClass(property3).newInstance();
                } catch (Throwable th3) {
                    throw new PluginInitializationException("IceSSL: unable to instantiate password callback class " + property3, th3);
                }
            } catch (Throwable th4) {
                throw new PluginInitializationException("IceSSL: unable to load password callback class " + property3, th4);
            }
        }
        if (this._context == null) {
            try {
                this._defaultDir = properties.getProperty("IceSSL.DefaultDir");
                SecureRandom secureRandom = new SecureRandom();
                String property4 = properties.getProperty("IceSSL.Random");
                if (property4.length() > 0) {
                    for (String str2 : property4.split(File.pathSeparator)) {
                        try {
                            InputStream openResource3 = openResource(str2);
                            if (openResource3 == null) {
                                PluginInitializationException pluginInitializationException4 = new PluginInitializationException();
                                pluginInitializationException4.reason = "IceSSL: random seed file not found:\n" + str2;
                                throw pluginInitializationException4;
                            }
                            this._seeds.add(openResource3);
                        } catch (IOException e) {
                            throw new PluginInitializationException("IceSSL: unable to access random seed file:\n" + str2, e);
                        }
                    }
                }
                if (!this._seeds.isEmpty()) {
                    byte[] bArr = null;
                    int i = 0;
                    for (InputStream inputStream : this._seeds) {
                        try {
                            try {
                                int available = inputStream.available();
                                if (bArr == null) {
                                    bArr = new byte[available];
                                } else {
                                    byte[] bArr2 = new byte[bArr.length + available];
                                    System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
                                    i = bArr.length;
                                    bArr = bArr2;
                                }
                                inputStream.read(bArr, i, available);
                                try {
                                    inputStream.close();
                                } catch (IOException e2) {
                                }
                            } catch (Throwable th5) {
                                try {
                                    inputStream.close();
                                } catch (IOException e3) {
                                }
                                throw th5;
                            }
                        } catch (IOException e4) {
                            throw new PluginInitializationException("IceSSL: error while reading random seed", e4);
                        }
                    }
                    secureRandom.setSeed(bArr);
                }
                this._seeds.clear();
                secureRandom.nextInt();
                String property5 = properties.getProperty("IceSSL.Keystore");
                String property6 = properties.getProperty("IceSSL.Password");
                String property7 = properties.getProperty("IceSSL.KeystorePassword");
                String propertyWithDefault = properties.getPropertyWithDefault("IceSSL.KeystoreType", KeyStore.getDefaultType());
                String property8 = properties.getProperty("IceSSL.Alias");
                String property9 = properties.getProperty("IceSSL.Truststore");
                String property10 = properties.getProperty("IceSSL.TruststorePassword");
                String propertyWithDefault2 = properties.getPropertyWithDefault("IceSSL.TruststoreType", KeyStore.getDefaultType());
                KeyManager[] keyManagerArr = null;
                KeyStore keyStore2 = null;
                if (this._keystoreStream != null || property5.length() > 0) {
                    InputStream inputStream2 = null;
                    try {
                        try {
                            if (this._keystoreStream != null) {
                                openResource = this._keystoreStream;
                            } else {
                                openResource = openResource(property5);
                                if (openResource == null) {
                                    PluginInitializationException pluginInitializationException5 = new PluginInitializationException();
                                    pluginInitializationException5.reason = "IceSSL: keystore not found:\n" + property5;
                                    throw pluginInitializationException5;
                                }
                            }
                            keyStore2 = KeyStore.getInstance(propertyWithDefault);
                            char[] cArr = null;
                            if (property7.length() > 0) {
                                cArr = property7.toCharArray();
                            } else if (this._passwordCallback != null) {
                                cArr = this._passwordCallback.getKeystorePassword();
                            } else if (propertyWithDefault.equals("BKS")) {
                                cArr = new char[0];
                            }
                            keyStore2.load(openResource, cArr);
                            if (cArr != null) {
                                Arrays.fill(cArr, (char) 0);
                            }
                            if (openResource != null) {
                                try {
                                    openResource.close();
                                } catch (IOException e5) {
                                }
                            }
                            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                            char[] cArr2 = new char[0];
                            if (property6.length() > 0) {
                                cArr2 = property6.toCharArray();
                            } else if (this._passwordCallback != null) {
                                cArr2 = this._passwordCallback.getPassword(property8);
                            }
                            keyManagerFactory.init(keyStore2, cArr2);
                            if (cArr2.length > 0) {
                                Arrays.fill(cArr2, (char) 0);
                            }
                            keyManagerArr = keyManagerFactory.getKeyManagers();
                            if (property8.length() > 0) {
                                if (!keyStore2.isKeyEntry(property8)) {
                                    PluginInitializationException pluginInitializationException6 = new PluginInitializationException();
                                    pluginInitializationException6.reason = "IceSSL: keystore does not contain an entry with alias `" + property8 + "'";
                                    throw pluginInitializationException6;
                                }
                                for (int i2 = 0; i2 < keyManagerArr.length; i2++) {
                                    keyManagerArr[i2] = new X509KeyManagerI((X509KeyManager) keyManagerArr[i2], property8);
                                }
                            }
                        } catch (Throwable th6) {
                            if (0 != 0) {
                                try {
                                    inputStream2.close();
                                } catch (IOException e6) {
                                }
                            }
                            throw th6;
                        }
                    } catch (IOException e7) {
                        throw new PluginInitializationException("IceSSL: unable to load keystore:\n" + property5, e7);
                    }
                }
                if (this._truststoreStream == null && property9.length() <= 0) {
                    keyStore = keyStore2;
                } else if ((this._truststoreStream == null || this._truststoreStream != this._keystoreStream) && (property9.length() <= 0 || !property9.equals(property5))) {
                    InputStream inputStream3 = null;
                    try {
                        try {
                            if (this._truststoreStream != null) {
                                openResource2 = this._truststoreStream;
                            } else {
                                openResource2 = openResource(property9);
                                if (openResource2 == null) {
                                    PluginInitializationException pluginInitializationException7 = new PluginInitializationException();
                                    pluginInitializationException7.reason = "IceSSL: truststore not found:\n" + property9;
                                    throw pluginInitializationException7;
                                }
                            }
                            keyStore = KeyStore.getInstance(propertyWithDefault2);
                            char[] cArr3 = null;
                            if (property10.length() > 0) {
                                cArr3 = property10.toCharArray();
                            } else if (this._passwordCallback != null) {
                                cArr3 = this._passwordCallback.getTruststorePassword();
                            } else if (propertyWithDefault2.equals("BKS")) {
                                cArr3 = new char[0];
                            }
                            keyStore.load(openResource2, cArr3);
                            if (cArr3 != null) {
                                Arrays.fill(cArr3, (char) 0);
                            }
                            if (openResource2 != null) {
                                try {
                                    openResource2.close();
                                } catch (IOException e8) {
                                }
                            }
                        } catch (Throwable th7) {
                            if (0 != 0) {
                                try {
                                    inputStream3.close();
                                } catch (IOException e9) {
                                }
                            }
                            throw th7;
                        }
                    } catch (IOException e10) {
                        throw new PluginInitializationException("IceSSL: unable to load truststore:\n" + property9, e10);
                    }
                } else {
                    if (!$assertionsDisabled && keyStore2 == null) {
                        throw new AssertionError();
                    }
                    keyStore = keyStore2;
                }
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                javax.net.ssl.TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                if (!$assertionsDisabled && trustManagers == null) {
                    throw new AssertionError();
                }
                for (int i3 = 0; i3 < trustManagers.length; i3++) {
                    trustManagers[i3] = new X509TrustManagerI(this, (X509TrustManager) trustManagers[i3]);
                }
                this._context = SSLContext.getInstance("TLS");
                this._context.init(keyManagerArr, trustManagers, secureRandom);
            } catch (GeneralSecurityException e11) {
                throw new PluginInitializationException("IceSSL: unable to initialize context", e11);
            }
        }
        this._seeds.clear();
        this._keystoreStream = null;
        this._truststoreStream = null;
        this._initialized = true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean initialized() {
        return this._initialized;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String networkTraceCategory() {
        return this._facade.getNetworkTraceCategory();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int networkTraceLevel() {
        return this._facade.getNetworkTraceLevel();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int protocolSupport() {
        return this._facade.getProtocolSupport();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int securityTraceLevel() {
        return this._securityTraceLevel;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCertificateVerifier(CertificateVerifier certificateVerifier) {
        this._verifier = certificateVerifier;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setKeystoreStream(InputStream inputStream) {
        if (!this._initialized) {
            this._keystoreStream = inputStream;
        } else {
            PluginInitializationException pluginInitializationException = new PluginInitializationException();
            pluginInitializationException.reason = "IceSSL: plugin is already initialized";
            throw pluginInitializationException;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPasswordCallback(PasswordCallback passwordCallback) {
        this._passwordCallback = passwordCallback;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setTruststoreStream(InputStream inputStream) {
        if (!this._initialized) {
            this._truststoreStream = inputStream;
        } else {
            PluginInitializationException pluginInitializationException = new PluginInitializationException();
            pluginInitializationException.reason = "IceSSL: plugin is already initialized";
            throw pluginInitializationException;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void traceConnection(SocketChannel socketChannel, SSLEngine sSLEngine, boolean z) {
        SSLSession session = sSLEngine.getSession();
        this._logger.trace(this._securityTraceCategory, "SSL summary for " + (z ? "incoming" : "outgoing") + " connection\ncipher = " + session.getCipherSuite() + "\nprotocol = " + session.getProtocol() + "\n" + Network.fdToString(socketChannel));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void trustManagerFailure(boolean z, CertificateException certificateException) throws CertificateException {
        if (this._verifyPeer != 0) {
            throw certificateException;
        }
        if (this._securityTraceLevel >= 1) {
            String str = "ignoring peer verification failure";
            if (this._securityTraceLevel > 1) {
                StringWriter stringWriter = new StringWriter();
                PrintWriter printWriter = new PrintWriter(stringWriter);
                certificateException.printStackTrace(printWriter);
                printWriter.flush();
                str = "ignoring peer verification failure:\n" + stringWriter.toString();
            }
            this._logger.trace(this._securityTraceCategory, str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void verifyPeer(NativeConnectionInfo nativeConnectionInfo, SelectableChannel selectableChannel, String str) {
        if (nativeConnectionInfo.nativeCerts != null && nativeConnectionInfo.nativeCerts.length > 0 && str.length() > 0) {
            X509Certificate x509Certificate = (X509Certificate) nativeConnectionInfo.nativeCerts[0];
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            try {
                Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
                if (subjectAlternativeNames != null) {
                    for (List<?> list : subjectAlternativeNames) {
                        if (!$assertionsDisabled && list.isEmpty()) {
                            throw new AssertionError();
                        }
                        Integer num = (Integer) list.get(0);
                        if (num.intValue() == 7) {
                            arrayList.add((String) list.get(1));
                        } else if (num.intValue() == 2) {
                            arrayList2.add(((String) list.get(1)).toLowerCase());
                        }
                    }
                }
            } catch (CertificateParsingException e) {
                if (!$assertionsDisabled) {
                    throw new AssertionError();
                }
            }
            String lowerCase = str.toLowerCase();
            String name = x509Certificate.getSubjectX500Principal().getName("CANONICAL");
            String str2 = "cn=" + lowerCase;
            int indexOf = name.indexOf(str2);
            boolean z = indexOf >= 0 ? str2.length() + indexOf == name.length() || name.charAt(str2.length() + indexOf) == ',' : false;
            if (!z) {
                z = arrayList.contains(lowerCase);
            }
            if (!z) {
                z = arrayList2.contains(lowerCase);
            }
            if (!z && (this._checkCertName || (this._securityTraceLevel >= 1 && this._verifier == null))) {
                StringBuilder sb = new StringBuilder(PhonebookConstant.SMS_STATUS_FAILED);
                sb.append("IceSSL: ");
                if (!this._checkCertName) {
                    sb.append("ignoring ");
                }
                sb.append("certificate validation failure:\npeer certificate does not have `");
                sb.append(str);
                sb.append("' as its commonName or in its subjectAltName extension");
                if (name.length() > 0) {
                    sb.append("\nSubject DN: ");
                    sb.append(name);
                }
                if (!arrayList2.isEmpty()) {
                    sb.append("\nDNS names found in certificate: ");
                    for (int i = 0; i < arrayList2.size(); i++) {
                        if (i > 0) {
                            sb.append(", ");
                        }
                        sb.append((String) arrayList2.get(i));
                    }
                }
                if (!arrayList.isEmpty()) {
                    sb.append("\nIP addresses found in certificate: ");
                    for (int i2 = 0; i2 < arrayList.size(); i2++) {
                        if (i2 > 0) {
                            sb.append(", ");
                        }
                        sb.append((String) arrayList.get(i2));
                    }
                }
                if (this._securityTraceLevel >= 1) {
                    this._logger.trace(this._securityTraceCategory, sb.toString());
                }
                if (this._checkCertName) {
                    SecurityException securityException = new SecurityException();
                    securityException.reason = sb.toString();
                    throw securityException;
                }
            }
        }
        if (this._verifyDepthMax > 0 && nativeConnectionInfo.nativeCerts != null && nativeConnectionInfo.nativeCerts.length > this._verifyDepthMax) {
            String str3 = (nativeConnectionInfo.incoming ? "incoming" : "outgoing") + " connection rejected:\nlength of peer's certificate chain (" + nativeConnectionInfo.nativeCerts.length + ") exceeds maximum of " + this._verifyDepthMax + "\n" + Network.fdToString(selectableChannel);
            if (this._securityTraceLevel >= 1) {
                this._logger.trace(this._securityTraceCategory, str3);
            }
            SecurityException securityException2 = new SecurityException();
            securityException2.reason = str3;
            throw securityException2;
        }
        if (!this._trustManager.verify(nativeConnectionInfo)) {
            String str4 = (nativeConnectionInfo.incoming ? "incoming" : "outgoing") + " connection rejected by trust manager\n" + Network.fdToString(selectableChannel);
            if (this._securityTraceLevel >= 1) {
                this._logger.trace(this._securityTraceCategory, str4);
            }
            SecurityException securityException3 = new SecurityException();
            securityException3.reason = str4;
            throw securityException3;
        }
        if (this._verifier == null || this._verifier.verify(nativeConnectionInfo)) {
            return;
        }
        String str5 = (nativeConnectionInfo.incoming ? "incoming" : "outgoing") + " connection rejected by certificate verifier\n" + Network.fdToString(selectableChannel);
        if (this._securityTraceLevel >= 1) {
            this._logger.trace(this._securityTraceCategory, str5);
        }
        SecurityException securityException4 = new SecurityException();
        securityException4.reason = str5;
        throw securityException4;
    }
}
