package com.eway_crm.core.client.certificates;

import com.eway_crm.common.framework.helpers.StringHelper;
import com.eway_crm.common.framework.helpers.StringMatcher;
import com.eway_crm.mobile.androidapp.logging.Log;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.cert.X509Certificate;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public final class IpHostnameVerifier implements HostnameVerifier {
    private final HostnameVerifier defaultVerifier;

    /* JADX INFO: Access modifiers changed from: package-private */
    public IpHostnameVerifier(HostnameVerifier hostnameVerifier) {
        if (hostnameVerifier instanceof IpHostnameVerifier) {
            throw new IllegalArgumentException("The default verifier cannot be again this class.");
        }
        this.defaultVerifier = hostnameVerifier;
    }

    private static boolean isIp(String str) {
        return StringMatcher.isIpv4(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HostnameVerifier getDefaultVerifier() {
        return this.defaultVerifier;
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        if (str == null || sSLSession == null) {
            Log.INSTANCE.w("Hostname or SSL session is null, using default verifier.");
            return this.defaultVerifier.verify(str, sSLSession);
        }
        if (!isIp(str) || !isIp(sSLSession.getPeerHost())) {
            Log.INSTANCE.d("One of the hosts is not an IP, using default verifier.");
            return this.defaultVerifier.verify(str, sSLSession);
        }
        if (!str.equals(sSLSession.getPeerHost())) {
            Log.INSTANCE.w("Hostname '" + str + "' does not match SSL session '" + sSLSession.getPeerHost() + "', using default verifier.");
            return this.defaultVerifier.verify(str, sSLSession);
        }
        try {
            X509Certificate[] peerCertificateChain = sSLSession.getPeerCertificateChain();
            if (peerCertificateChain != null && peerCertificateChain.length != 0) {
                X509Certificate x509Certificate = peerCertificateChain[0];
                if (x509Certificate != null && !StringHelper.isNullOrEmpty(x509Certificate.getSubjectDN().getName())) {
                    String upperCase = peerCertificateChain[0].getSubjectDN().getName().replaceAll("(\\s|,|;)", "").toUpperCase();
                    for (String str2 : upperCase.split("CN=")) {
                        if (isIp(str2) && str.equals(str2)) {
                            Log.INSTANCE.d("There is an IP CN '" + str2 + "' which matches the hostname.");
                            return true;
                        }
                    }
                    Log.INSTANCE.w("Non of the common names '" + upperCase + "' matches the hostname '" + str + "'.");
                    return this.defaultVerifier.verify(str, sSLSession);
                }
            }
            Log.INSTANCE.d("SSL session returned no X509 certificates, using default verifier.");
            return this.defaultVerifier.verify(str, sSLSession);
        } catch (SSLPeerUnverifiedException unused) {
            return this.defaultVerifier.verify(str, sSLSession);
        }
    }
}
