package org.openjsse.sun.security.util;

import B1.t;
import java.io.IOException;
import java.net.IDN;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.text.Normalizer;
import java.util.Collection;
import java.util.List;
import java.util.Locale;
import java.util.StringTokenizer;
import javax.net.ssl.SNIHostName;
import org.openjsse.sun.security.ssl.SSLLogger;
import org.openjsse.sun.security.util.RegisteredDomain;
import sun.net.util.IPAddressUtil;
import sun.security.util.DerValue;
import sun.security.x509.X500Name;
import t0.d;
import u.K;

/* loaded from: classes.dex */
public class HostnameChecker {
    private static final int ALTNAME_DNS = 2;
    private static final int ALTNAME_IP = 7;
    public static final byte TYPE_LDAP = 2;
    public static final byte TYPE_TLS = 1;
    private final byte checkType;
    private static final HostnameChecker INSTANCE_TLS = new HostnameChecker((byte) 1);
    private static final HostnameChecker INSTANCE_LDAP = new HostnameChecker((byte) 2);

    private HostnameChecker(byte b5) {
        this.checkType = b5;
    }

    public static HostnameChecker getInstance(byte b5) {
        if (b5 == 1) {
            return INSTANCE_TLS;
        }
        if (b5 == 2) {
            return INSTANCE_LDAP;
        }
        throw new IllegalArgumentException(t.l(b5, "Unknown check type: "));
    }

    public static X500Name getSubjectX500Name(X509Certificate x509Certificate) {
        try {
            X500Name subjectDN = x509Certificate.getSubjectDN();
            return subjectDN instanceof X500Name ? subjectDN : new X500Name(x509Certificate.getSubjectX500Principal().getEncoded());
        } catch (IOException e5) {
            throw ((CertificateParsingException) new CertificateParsingException().initCause(e5));
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static boolean hasIllegalWildcard(String str, boolean z2) {
        if (str.equals("*") || str.equals("*.")) {
            if (SSLLogger.isOn) {
                SSLLogger.fine("Certificate domain name has illegal single wildcard character: ".concat(str), new Object[0]);
            }
            return true;
        }
        int lastIndexOf = str.lastIndexOf("*");
        if (lastIndexOf == -1) {
            return false;
        }
        String substring = str.substring(lastIndexOf);
        int indexOf = substring.indexOf(".");
        if (indexOf == -1) {
            if (SSLLogger.isOn) {
                SSLLogger.fine("Certificate domain name has illegal wildcard, no dot after wildcard character: ".concat(str), new Object[0]);
            }
            return true;
        }
        if (!z2) {
            return false;
        }
        String substring2 = substring.substring(indexOf + 1);
        String str2 = (String) RegisteredDomain.from("z." + substring2).filter(new Object()).map(new Object()).orElse(null);
        if (str2 == null || !substring2.equalsIgnoreCase(str2)) {
            return false;
        }
        if (SSLLogger.isOn) {
            SSLLogger.fine("Certificate domain name has illegal wildcard for top-level public suffix: ".concat(str), new Object[0]);
        }
        return true;
    }

    private static boolean isIpAddress(String str) {
        return IPAddressUtil.isIPv4LiteralAddress(str) || IPAddressUtil.isIPv6LiteralAddress(str);
    }

    private boolean isMatched(String str, String str2, boolean z2) {
        byte b5;
        try {
            String unicode = IDN.toUnicode(IDN.toASCII(str));
            String unicode2 = IDN.toUnicode(IDN.toASCII(str2));
            if (hasIllegalWildcard(unicode2, z2)) {
                return false;
            }
            try {
                new SNIHostName(unicode2.replace('*', 'z'));
                b5 = this.checkType;
            } catch (IllegalArgumentException unused) {
            }
            if (b5 == 1) {
                return matchAllWildcards(unicode, unicode2);
            }
            if (b5 == 2) {
                return matchLeftmostWildcard(unicode, unicode2);
            }
            return false;
        } catch (RuntimeException e5) {
            if (SSLLogger.isOn) {
                SSLLogger.fine("Failed to normalize to Unicode: " + e5, new Object[0]);
            }
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean lambda$hasIllegalWildcard$0(RegisteredDomain registeredDomain) {
        return registeredDomain.type() == RegisteredDomain.Type.ICANN;
    }

    private static boolean matchAllWildcards(String str, String str2) {
        Locale locale = Locale.ENGLISH;
        String lowerCase = str.toLowerCase(locale);
        String lowerCase2 = str2.toLowerCase(locale);
        StringTokenizer stringTokenizer = new StringTokenizer(lowerCase, ".");
        StringTokenizer stringTokenizer2 = new StringTokenizer(lowerCase2, ".");
        if (stringTokenizer.countTokens() != stringTokenizer2.countTokens()) {
            return false;
        }
        while (stringTokenizer.hasMoreTokens()) {
            if (!matchWildCards(stringTokenizer.nextToken(), stringTokenizer2.nextToken())) {
                return false;
            }
        }
        return true;
    }

    private void matchDNS(String str, X509Certificate x509Certificate, boolean z2) {
        try {
            new SNIHostName(str);
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                boolean z4 = false;
                for (List<?> list : subjectAlternativeNames) {
                    if (((Integer) list.get(0)).intValue() == 2) {
                        z4 = true;
                        if (isMatched(str, (String) list.get(1), z2)) {
                            return;
                        }
                    }
                }
                if (z4) {
                    throw new CertificateException(K.b("No subject alternative DNS name matching ", str, " found."));
                }
            }
            DerValue findMostSpecificAttribute = getSubjectX500Name(x509Certificate).findMostSpecificAttribute(X500Name.commonName_oid);
            if (findMostSpecificAttribute != null) {
                try {
                    String asString = findMostSpecificAttribute.getAsString();
                    if (!Normalizer.isNormalized(asString, Normalizer.Form.NFKC)) {
                        throw new CertificateException("Not a formal name " + asString);
                    }
                    if (isMatched(str, asString, z2)) {
                        return;
                    }
                } catch (IOException unused) {
                }
            }
            throw new CertificateException(K.b("No name matching ", str, " found"));
        } catch (IllegalArgumentException e5) {
            throw new CertificateException(d.a("Illegal given domain name: ", str), e5);
        }
    }

    private static void matchIP(String str, X509Certificate x509Certificate) {
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (subjectAlternativeNames == null) {
            throw new CertificateException("No subject alternative names present");
        }
        for (List<?> list : subjectAlternativeNames) {
            if (((Integer) list.get(0)).intValue() == 7) {
                String str2 = (String) list.get(1);
                if (str.equalsIgnoreCase(str2)) {
                    return;
                }
                try {
                    if (InetAddress.getByName(str).equals(InetAddress.getByName(str2))) {
                        return;
                    }
                } catch (SecurityException | UnknownHostException unused) {
                    continue;
                }
            }
        }
        throw new CertificateException(K.b("No subject alternative names matching IP address ", str, " found"));
    }

    private static boolean matchLeftmostWildcard(String str, String str2) {
        Locale locale = Locale.ENGLISH;
        String lowerCase = str.toLowerCase(locale);
        String lowerCase2 = str2.toLowerCase(locale);
        int indexOf = lowerCase2.indexOf(".");
        int indexOf2 = lowerCase.indexOf(".");
        if (indexOf == -1) {
            indexOf = lowerCase2.length();
        }
        if (indexOf2 == -1) {
            indexOf2 = lowerCase.length();
        }
        if (matchWildCards(lowerCase.substring(0, indexOf2), lowerCase2.substring(0, indexOf))) {
            return lowerCase2.substring(indexOf).equals(lowerCase.substring(indexOf2));
        }
        return false;
    }

    private static boolean matchWildCards(String str, String str2) {
        int indexOf = str2.indexOf("*");
        if (indexOf == -1) {
            return str.equals(str2);
        }
        boolean z2 = true;
        while (indexOf != -1) {
            String substring = str2.substring(0, indexOf);
            str2 = str2.substring(indexOf + 1);
            int indexOf2 = str.indexOf(substring);
            if (indexOf2 == -1 || (z2 && indexOf2 != 0)) {
                return false;
            }
            str = str.substring(substring.length() + indexOf2);
            indexOf = str2.indexOf("*");
            z2 = false;
        }
        return str.endsWith(str2);
    }

    public void match(String str, X509Certificate x509Certificate) {
        match(str, x509Certificate, false);
    }

    public void match(String str, X509Certificate x509Certificate, boolean z2) {
        if (str == null) {
            throw new CertificateException("Hostname or IP address is undefined.");
        }
        if (isIpAddress(str)) {
            matchIP(str, x509Certificate);
        } else {
            matchDNS(str, x509Certificate, z2);
        }
    }
}
