package net.soti.ssl;

import com.google.common.base.Strings;
import com.microsoft.identity.common.internal.eststelemetry.SchemaConstants;
import g.a0.d.l;
import g.a0.d.y;
import g.f0.p;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.regex.Pattern;
import javax.inject.Inject;
import javax.net.ssl.SSLException;
import net.soti.comm.s1;
import net.soti.mobicontrol.d9.a1;
import org.apache.commons.validator.routines.InetAddressValidator;
import org.apache.http.conn.ssl.AbstractVerifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public final class DefaultHostnameVerifier extends AbstractVerifier {
    public static final String CN = "CN";
    private static final int OID_IP_ADDRESS = 7;
    private static final boolean STRICT_WITH_SUB_DOMAINS = false;
    private final s1 tlsSettingsProvider;
    public static final Companion Companion = new Companion(null);
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultHostnameVerifier.class);
    private static final Pattern LIST_DELIMITER = Pattern.compile(SchemaConstants.SEPARATOR_COMMA);
    private static final Pattern KEY_VALUE_DELIMITER = Pattern.compile(a1.f11942d);

    /* loaded from: classes2.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(g.a0.d.g gVar) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final Collection<List<?>> getAlternativeNames(X509Certificate x509Certificate) throws SSLException {
            try {
                return x509Certificate.getSubjectAlternativeNames();
            } catch (CertificateParsingException e2) {
                throw new SSLException(e2);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final String getCertificateSubjectCommonName(X509Certificate x509Certificate) {
            return getCommonName(x509Certificate.getSubjectDN().toString());
        }

        private final String getHostnameFromSan(List<?> list) {
            if (list.get(1) instanceof String) {
                return (String) list.get(1);
            }
            return null;
        }

        private final int getOidFromSan(List<?> list) {
            if (!(list.get(0) instanceof Integer)) {
                return -1;
            }
            Object obj = list.get(0);
            Objects.requireNonNull(obj, "null cannot be cast to non-null type kotlin.Int");
            return ((Integer) obj).intValue();
        }

        public final String getCommonName(String str) {
            l.e(str, "distinguishedName");
            String value = getValue(str, "CN");
            return Strings.isNullOrEmpty(value) ? str : value;
        }

        public final String getValue(String str, String str2) {
            l.e(str2, "key");
            ArrayList<String> arrayList = new ArrayList();
            for (String str3 : DefaultHostnameVerifier.LIST_DELIMITER.split(str)) {
                String[] split = DefaultHostnameVerifier.KEY_VALUE_DELIMITER.split(str3);
                String str4 = split[0];
                l.d(str4, "keyValue[0]");
                int length = str4.length() - 1;
                int i2 = 0;
                boolean z = false;
                while (i2 <= length) {
                    boolean z2 = l.g(str4.charAt(!z ? i2 : length), 32) <= 0;
                    if (z) {
                        if (!z2) {
                            break;
                        }
                        length--;
                    } else if (z2) {
                        i2++;
                    } else {
                        z = true;
                    }
                }
                if (l.a(str2, str4.subSequence(i2, length + 1).toString())) {
                    String str5 = split[1];
                    l.d(str5, "keyValue[1]");
                    arrayList.add(str5);
                }
            }
            Collections.sort(arrayList);
            StringBuilder sb = new StringBuilder();
            for (String str6 : arrayList) {
                if (sb.length() > 0) {
                    sb.append(',');
                }
                sb.append(str6);
            }
            String sb2 = sb.toString();
            l.d(sb2, "commonName.toString()");
            return sb2;
        }

        protected final void verifyIpAddress(String str, Iterable<? extends List<?>> iterable) throws SSLException {
            boolean o;
            l.e(str, "hostName");
            l.e(iterable, "subjectAlternativeNames");
            for (List<?> list : iterable) {
                if (getOidFromSan(list) == 7) {
                    o = p.o(str, getHostnameFromSan(list), true);
                    if (o) {
                        return;
                    }
                }
            }
            y yVar = y.a;
            String format = String.format("[verifyIpAddress] failed. Hostname[%s] Cns[%s]", Arrays.copyOf(new Object[]{str, iterable.toString()}, 2));
            l.d(format, "java.lang.String.format(format, *args)");
            throw new SSLException(format);
        }
    }

    @Inject
    public DefaultHostnameVerifier(s1 s1Var) {
        l.e(s1Var, "tlsSettingsProvider");
        this.tlsSettingsProvider = s1Var;
    }

    @Override // org.apache.http.conn.ssl.X509HostnameVerifier
    public void verify(String str, String[] strArr, String[] strArr2) throws SSLException {
        l.e(str, "hostname");
        l.e(strArr, "cns");
        l.e(strArr2, "subjectAlts");
        verify(str, strArr, strArr2, false);
    }

    public final void verifyHostNameOrIp(String str, X509Certificate x509Certificate) throws SSLException {
        boolean o;
        l.e(str, "hostName");
        l.e(x509Certificate, "deploymentServerCertificate");
        boolean d2 = this.tlsSettingsProvider.d();
        if (!d2) {
            LOGGER.debug("shouldVerifyHostName : {}", Boolean.valueOf(d2));
            return;
        }
        Companion companion = Companion;
        Collection alternativeNames = companion.getAlternativeNames(x509Certificate);
        if (alternativeNames == null || alternativeNames.isEmpty()) {
            o = p.o(str, companion.getCertificateSubjectCommonName(x509Certificate), true);
            if (!o) {
                throw new SSLException("not able to trust hostname: no alternative name or common name found in server certificate");
            }
            LOGGER.debug("hostname matches certificate's SubjectName");
            return;
        }
        if (InetAddressValidator.getInstance().isValid(str)) {
            companion.verifyIpAddress(str, alternativeNames);
        } else {
            verify(str, x509Certificate);
        }
    }
}
