package cz.msebera.android.httpclient.conn.ssl;

import Qg.c;
import T6.a;
import cz.msebera.android.httpclient.annotation.Contract;
import cz.msebera.android.httpclient.annotation.ThreadingBehavior;
import cz.msebera.android.httpclient.conn.util.DomainType;
import cz.msebera.android.httpclient.conn.util.InetAddressUtils;
import cz.msebera.android.httpclient.conn.util.PublicSuffixMatcher;
import cz.msebera.android.httpclient.extras.HttpClientAndroidLog;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import n.AbstractC4414q;

@Contract(threading = ThreadingBehavior.IMMUTABLE_CONDITIONAL)
/* loaded from: classes6.dex */
public final class DefaultHostnameVerifier implements HostnameVerifier {

    /* renamed from: a, reason: collision with root package name */
    public final PublicSuffixMatcher f72206a;
    public HttpClientAndroidLog log;

    public DefaultHostnameVerifier() {
        this(null);
    }

    public DefaultHostnameVerifier(PublicSuffixMatcher publicSuffixMatcher) {
        this.log = new HttpClientAndroidLog(DefaultHostnameVerifier.class);
        this.f72206a = publicSuffixMatcher;
    }

    public static List a(X509Certificate x509Certificate) {
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                return Collections.emptyList();
            }
            ArrayList arrayList = new ArrayList();
            for (List<?> list : subjectAlternativeNames) {
                Integer num = list.size() >= 2 ? (Integer) list.get(0) : null;
                if (num != null && (num.intValue() == 2 || num.intValue() == 7)) {
                    Object obj = list.get(1);
                    if (obj instanceof String) {
                        arrayList.add(new c((String) obj, num.intValue()));
                    } else {
                        boolean z = obj instanceof byte[];
                    }
                }
            }
            return arrayList;
        } catch (CertificateParsingException unused) {
            return Collections.emptyList();
        }
    }

    public static boolean b(String str, String str2, PublicSuffixMatcher publicSuffixMatcher) {
        String domainRoot;
        if (publicSuffixMatcher == null || !str.contains(".") || ((domainRoot = publicSuffixMatcher.getDomainRoot(str2, DomainType.ICANN)) != null && str.endsWith(domainRoot) && (str.length() == domainRoot.length() || str.charAt((str.length() - domainRoot.length()) - 1) == '.'))) {
            int indexOf = str2.indexOf(42);
            if (indexOf == -1) {
                return str.equalsIgnoreCase(str2);
            }
            String substring = str2.substring(0, indexOf);
            String substring2 = str2.substring(indexOf + 1);
            if ((substring.isEmpty() || str.startsWith(substring)) && ((substring2.isEmpty() || str.endsWith(substring2)) && !str.substring(substring.length(), str.length() - substring2.length()).contains("."))) {
                return true;
            }
        }
        return false;
    }

    public static String c(String str) {
        if (str == null) {
            return str;
        }
        try {
            return InetAddress.getByName(str).getHostAddress();
        } catch (UnknownHostException unused) {
            return str;
        }
    }

    public void verify(String str, X509Certificate x509Certificate) {
        int i5;
        if (InetAddressUtils.isIPv4Address(str)) {
            i5 = 1;
        } else {
            i5 = InetAddressUtils.isIPv6Address((!str.startsWith("[") || !str.endsWith("]")) ? str : str.substring(1, str.length() - 1)) ? 2 : 3;
        }
        List a4 = a(x509Certificate);
        PublicSuffixMatcher publicSuffixMatcher = this.f72206a;
        if (a4 == null || a4.isEmpty()) {
            String findMostSpecific = new DistinguishedNameParser(x509Certificate.getSubjectX500Principal()).findMostSpecific("cn");
            if (findMostSpecific == null) {
                throw new SSLException(a.o("Certificate subject for <", str, "> doesn't contain a common name and does not have alternative names"));
            }
            Locale locale = Locale.ROOT;
            if (!b(str.toLowerCase(locale), findMostSpecific.toLowerCase(locale), publicSuffixMatcher)) {
                throw new SSLPeerUnverifiedException(AbstractC4414q.c("Certificate for <", str, "> doesn't match common name of the certificate subject: ", findMostSpecific));
            }
            return;
        }
        int h10 = AbstractC4414q.h(i5);
        int i6 = 0;
        if (h10 == 0) {
            while (i6 < a4.size()) {
                c cVar = (c) a4.get(i6);
                if (cVar.f9357b == 7 && str.equals(cVar.f9356a)) {
                    return;
                } else {
                    i6++;
                }
            }
            throw new SSLPeerUnverifiedException("Certificate for <" + str + "> doesn't match any of the subject alternative names: " + a4);
        }
        if (h10 != 1) {
            String lowerCase = str.toLowerCase(Locale.ROOT);
            while (i6 < a4.size()) {
                c cVar2 = (c) a4.get(i6);
                if (cVar2.f9357b == 2) {
                    if (b(lowerCase, cVar2.f9356a.toLowerCase(Locale.ROOT), publicSuffixMatcher)) {
                        return;
                    }
                }
                i6++;
            }
            throw new SSLPeerUnverifiedException("Certificate for <" + str + "> doesn't match any of the subject alternative names: " + a4);
        }
        String c5 = c(str);
        while (i6 < a4.size()) {
            c cVar3 = (c) a4.get(i6);
            if (cVar3.f9357b == 7 && c5.equals(c(cVar3.f9356a))) {
                return;
            } else {
                i6++;
            }
        }
        throw new SSLPeerUnverifiedException("Certificate for <" + str + "> doesn't match any of the subject alternative names: " + a4);
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        try {
            verify(str, (X509Certificate) sSLSession.getPeerCertificates()[0]);
            return true;
        } catch (SSLException e) {
            if (this.log.isDebugEnabled()) {
                this.log.debug(e.getMessage(), e);
            }
            return false;
        }
    }
}
