package wse.utils.ssl;

import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public class WSETrustManager implements X509TrustManager, HostnameVerifier {
    public static final String IP_REGEX = "[0-9]*.[0-9]*.[0-9]*.[0-9]*";
    private Map<Thread, String> expectedHost = Collections.synchronizedMap(new HashMap());
    private final X509TrustManager tm;

    public WSETrustManager(X509TrustManager x509TrustManager) {
        this.tm = x509TrustManager;
    }

    public static String getCommonName(X509Certificate x509Certificate) {
        String name = x509Certificate.getSubjectDN().getName();
        if (name == null || name.isEmpty()) {
            return null;
        }
        int indexOf = name.indexOf("CN=") + 3;
        int indexOf2 = name.indexOf(",", indexOf);
        return indexOf2 != -1 ? name.substring(indexOf, indexOf2) : name.substring(indexOf);
    }

    public static List<String> getSubjectAlternativeNames(X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                for (List<?> list : subjectAlternativeNames) {
                    Integer num = (Integer) list.get(0);
                    if (num.intValue() == 2 || num.intValue() == 7) {
                        arrayList.add((String) list.get(1));
                    }
                }
            }
        } catch (CertificateParsingException unused) {
        }
        return arrayList;
    }

    public static boolean matchHostname(String str, String str2) {
        if (str != null && str2 != null) {
            if (str2.equals(str)) {
                return true;
            }
            if (str.startsWith("*") && str2.endsWith(str.substring(1))) {
                return true;
            }
        }
        return false;
    }

    public static void verifyHostname(X509Certificate x509Certificate, String str) throws CertificateException {
        if (str == null || "localhost".equals(str) || str.matches(IP_REGEX)) {
            return;
        }
        String commonName = getCommonName(x509Certificate);
        if (matchHostname(commonName, str)) {
            return;
        }
        List<String> subjectAlternativeNames = getSubjectAlternativeNames(x509Certificate);
        Iterator<String> it = subjectAlternativeNames.iterator();
        while (it.hasNext()) {
            if (matchHostname(it.next(), str)) {
                return;
            }
        }
        StringBuilder sb = new StringBuilder("Neither server hostname \"");
        sb.append(commonName);
        sb.append("\" nor alias");
        sb.append(subjectAlternativeNames.size() == 1 ? " " : "es ");
        sb.append(subjectAlternativeNames.toString());
        sb.append(" matched expected hostname \"");
        sb.append(str);
        sb.append("\"");
        throw new CertificateException(sb.toString());
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.tm.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.tm.checkServerTrusted(x509CertificateArr, str);
        verifyHostname(x509CertificateArr[0], this.expectedHost.remove(Thread.currentThread()));
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.tm.getAcceptedIssuers();
    }

    public void setExpectedHost(String str) {
        this.expectedHost.put(Thread.currentThread(), str);
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        return true;
    }
}
