package net.soti.ssl;

import com.google.common.base.Strings;
import com.microsoft.identity.common.internal.eststelemetry.SchemaConstants;
import d.f.b.d;
import d.f.b.f;
import d.f.b.k;
import d.k.e;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.regex.Pattern;
import javax.inject.Inject;
import javax.net.ssl.SSLException;
import net.soti.comm.bn;
import net.soti.mobicontrol.fx.as;
import org.apache.commons.validator.routines.InetAddressValidator;
import org.apache.http.conn.ssl.AbstractVerifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes6.dex */
public final class DefaultHostnameVerifier extends AbstractVerifier {
    public static final String CN = "CN";
    private static final int OID_IP_ADDRESS = 7;
    private static final boolean STRICT_WITH_SUB_DOMAINS = false;
    private final bn tlsSettingsProvider;
    public static final Companion Companion = new Companion(null);
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultHostnameVerifier.class);
    private static final Pattern LIST_DELIMITER = Pattern.compile(SchemaConstants.SEPARATOR_COMMA);
    private static final Pattern KEY_VALUE_DELIMITER = Pattern.compile(as.f18687c);

    /* loaded from: classes6.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(d dVar) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final Collection<List<?>> getAlternativeNames(X509Certificate x509Certificate) throws SSLException {
            try {
                return x509Certificate.getSubjectAlternativeNames();
            } catch (CertificateParsingException e2) {
                throw new SSLException(e2);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final String getCertificateSubjectCommonName(X509Certificate x509Certificate) {
            return getCommonName(x509Certificate.getSubjectDN().toString());
        }

        private final String getHostnameFromSan(List<?> list) {
            if (list.get(1) instanceof String) {
                return (String) list.get(1);
            }
            return null;
        }

        private final int getOidFromSan(List<?> list) {
            if (!(list.get(0) instanceof Integer)) {
                return -1;
            }
            Object obj = list.get(0);
            if (obj != null) {
                return ((Integer) obj).intValue();
            }
            throw new NullPointerException("null cannot be cast to non-null type kotlin.Int");
        }

        public final String getCommonName(String str) {
            f.d(str, "distinguishedName");
            String value = getValue(str, "CN");
            return Strings.isNullOrEmpty(value) ? str : value;
        }

        public final String getValue(String str, String str2) {
            f.d(str2, "key");
            ArrayList<String> arrayList = new ArrayList();
            for (String str3 : DefaultHostnameVerifier.LIST_DELIMITER.split(str)) {
                String[] split = DefaultHostnameVerifier.KEY_VALUE_DELIMITER.split(str3);
                String str4 = split[0];
                f.b(str4, "keyValue[0]");
                String str5 = str4;
                int length = str5.length() - 1;
                int i = 0;
                boolean z = false;
                while (i <= length) {
                    boolean z2 = f.a(str5.charAt(!z ? i : length), 32) <= 0;
                    if (z) {
                        if (!z2) {
                            break;
                        }
                        length--;
                    } else if (z2) {
                        i++;
                    } else {
                        z = true;
                    }
                }
                if (f.a((Object) str2, (Object) str5.subSequence(i, length + 1).toString())) {
                    String str6 = split[1];
                    f.b(str6, "keyValue[1]");
                    arrayList.add(str6);
                }
            }
            Collections.sort(arrayList);
            StringBuilder sb = new StringBuilder();
            for (String str7 : arrayList) {
                if (sb.length() > 0) {
                    sb.append(',');
                }
                sb.append(str7);
            }
            String sb2 = sb.toString();
            f.b(sb2, "commonName.toString()");
            return sb2;
        }

        protected final void verifyIpAddress(String str, Iterable<? extends List<?>> iterable) throws SSLException {
            f.d(str, "hostName");
            f.d(iterable, "subjectAlternativeNames");
            for (List<?> list : iterable) {
                Companion companion = this;
                if (companion.getOidFromSan(list) == 7 && e.a(str, companion.getHostnameFromSan(list), true)) {
                    return;
                }
            }
            k kVar = k.f8818a;
            String format = String.format("[verifyIpAddress] failed. Hostname[%s] Cns[%s]", Arrays.copyOf(new Object[]{str, iterable.toString()}, 2));
            f.b(format, "java.lang.String.format(format, *args)");
            throw new SSLException(format);
        }
    }

    @Inject
    public DefaultHostnameVerifier(bn bnVar) {
        f.d(bnVar, "tlsSettingsProvider");
        this.tlsSettingsProvider = bnVar;
    }

    @Override // org.apache.http.conn.ssl.X509HostnameVerifier
    public void verify(String str, String[] strArr, String[] strArr2) throws SSLException {
        f.d(str, "hostname");
        f.d(strArr, "cns");
        f.d(strArr2, "subjectAlts");
        verify(str, strArr, strArr2, false);
    }

    public final void verifyHostNameOrIp(String str, X509Certificate x509Certificate) throws SSLException {
        f.d(str, "hostName");
        f.d(x509Certificate, "deploymentServerCertificate");
        boolean c2 = this.tlsSettingsProvider.c();
        if (!c2) {
            LOGGER.debug("shouldVerifyHostName : {}", Boolean.valueOf(c2));
            return;
        }
        Collection alternativeNames = Companion.getAlternativeNames(x509Certificate);
        if (alternativeNames == null || alternativeNames.isEmpty()) {
            if (!e.a(str, Companion.getCertificateSubjectCommonName(x509Certificate), true)) {
                throw new SSLException("not able to trust hostname: no alternative name or common name found in server certificate");
            }
            LOGGER.debug("hostname matches certificate's SubjectName");
        } else if (InetAddressValidator.getInstance().isValid(str)) {
            Companion.verifyIpAddress(str, alternativeNames);
        } else {
            verify(str, x509Certificate);
        }
    }
}
