package net.soti.ssl;

import com.google.common.base.Strings;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import javax.inject.Inject;
import javax.net.ssl.SSLException;
import kotlin.jvm.internal.e0;
import kotlin.jvm.internal.n;
import net.soti.comm.p2;
import net.soti.mobicontrol.util.w1;
import org.apache.commons.validator.routines.InetAddressValidator;
import org.apache.http.conn.ssl.AbstractVerifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import ub.p;

/* loaded from: classes4.dex */
public final class DefaultHostnameVerifier extends AbstractVerifier {
    public static final String CN = "CN";
    public static final Companion Companion = new Companion(null);
    private static final Pattern KEY_VALUE_DELIMITER;
    private static final Pattern LIST_DELIMITER;
    private static final Logger LOGGER;
    private static final int OID_IP_ADDRESS = 7;
    private static final boolean STRICT_WITH_SUB_DOMAINS = false;
    private final p2 tlsSettingsProvider;

    /* loaded from: classes4.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(kotlin.jvm.internal.h hVar) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final Collection<List<?>> getAlternativeNames(X509Certificate x509Certificate) throws SSLException {
            try {
                return x509Certificate.getSubjectAlternativeNames();
            } catch (CertificateParsingException e10) {
                throw new SSLException(e10);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final String getCertificateSubjectCommonName(X509Certificate x509Certificate) {
            return getCommonName(x509Certificate.getSubjectDN().toString());
        }

        private final String getHostnameFromSan(List<?> list) {
            if (list.get(1) instanceof String) {
                return (String) list.get(1);
            }
            return null;
        }

        private final int getOidFromSan(List<?> list) {
            if (!(list.get(0) instanceof Integer)) {
                return -1;
            }
            Object obj = list.get(0);
            n.d(obj, "null cannot be cast to non-null type kotlin.Int");
            return ((Integer) obj).intValue();
        }

        public final String getCommonName(String distinguishedName) {
            n.f(distinguishedName, "distinguishedName");
            String value = getValue(distinguishedName, "CN");
            return Strings.isNullOrEmpty(value) ? distinguishedName : value;
        }

        public final String getValue(String str, String key) {
            n.f(key, "key");
            ArrayList<String> arrayList = new ArrayList();
            Iterator a10 = kotlin.jvm.internal.c.a(DefaultHostnameVerifier.LIST_DELIMITER.split(str));
            while (a10.hasNext()) {
                String[] split = DefaultHostnameVerifier.KEY_VALUE_DELIMITER.split((String) a10.next());
                String str2 = split[0];
                n.e(str2, "get(...)");
                int length = str2.length() - 1;
                int i10 = 0;
                boolean z10 = false;
                while (i10 <= length) {
                    boolean z11 = n.g(str2.charAt(!z10 ? i10 : length), 32) <= 0;
                    if (z10) {
                        if (!z11) {
                            break;
                        }
                        length--;
                    } else if (z11) {
                        i10++;
                    } else {
                        z10 = true;
                    }
                }
                if (n.b(key, str2.subSequence(i10, length + 1).toString())) {
                    String str3 = split[1];
                    n.e(str3, "get(...)");
                    arrayList.add(str3);
                }
            }
            Collections.sort(arrayList);
            StringBuilder sb2 = new StringBuilder();
            for (String str4 : arrayList) {
                if (sb2.length() > 0) {
                    sb2.append(',');
                }
                sb2.append(str4);
            }
            String sb3 = sb2.toString();
            n.e(sb3, "toString(...)");
            return sb3;
        }

        protected final void verifyIpAddress(String hostName, Iterable<? extends List<?>> subjectAlternativeNames) throws SSLException {
            n.f(hostName, "hostName");
            n.f(subjectAlternativeNames, "subjectAlternativeNames");
            for (List<?> list : subjectAlternativeNames) {
                if (getOidFromSan(list) == 7 && p.z(hostName, getHostnameFromSan(list), true)) {
                    return;
                }
            }
            e0 e0Var = e0.f14288a;
            String format = String.format("[verifyIpAddress] failed. Hostname[%s] Cns[%s]", Arrays.copyOf(new Object[]{hostName, subjectAlternativeNames.toString()}, 2));
            n.e(format, "format(...)");
            throw new SSLException(format);
        }
    }

    static {
        Logger logger = LoggerFactory.getLogger((Class<?>) DefaultHostnameVerifier.class);
        n.e(logger, "getLogger(...)");
        LOGGER = logger;
        LIST_DELIMITER = Pattern.compile(",");
        KEY_VALUE_DELIMITER = Pattern.compile(w1.f36444d);
    }

    @Inject
    public DefaultHostnameVerifier(p2 tlsSettingsProvider) {
        n.f(tlsSettingsProvider, "tlsSettingsProvider");
        this.tlsSettingsProvider = tlsSettingsProvider;
    }

    @Override // org.apache.http.conn.ssl.X509HostnameVerifier
    public void verify(String hostname, String[] cns, String[] subjectAlts) throws SSLException {
        n.f(hostname, "hostname");
        n.f(cns, "cns");
        n.f(subjectAlts, "subjectAlts");
        verify(hostname, cns, subjectAlts, false);
    }

    public final void verifyHostNameOrIp(String hostName, X509Certificate deploymentServerCertificate) throws SSLException {
        n.f(hostName, "hostName");
        n.f(deploymentServerCertificate, "deploymentServerCertificate");
        boolean d10 = this.tlsSettingsProvider.d();
        if (!d10) {
            LOGGER.debug("shouldVerifyHostName : {}", Boolean.valueOf(d10));
            return;
        }
        Companion companion = Companion;
        Collection alternativeNames = companion.getAlternativeNames(deploymentServerCertificate);
        if (alternativeNames == null || alternativeNames.isEmpty()) {
            if (!p.z(hostName, companion.getCertificateSubjectCommonName(deploymentServerCertificate), true)) {
                throw new SSLException("not able to trust hostname: no alternative name or common name found in server certificate");
            }
            LOGGER.debug("hostname matches certificate's SubjectName");
        } else if (InetAddressValidator.getInstance().isValid(hostName)) {
            companion.verifyIpAddress(hostName, alternativeNames);
        } else {
            verify(hostName, deploymentServerCertificate);
        }
    }
}
