package com.sap.conn.rfc.driver.security.verify;

import com.sap.conn.jco.rt.Trace;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;

/* loaded from: input_file:com/sap/conn/rfc/driver/security/verify/WSHostnameVerifier.class */
public final class WSHostnameVerifier implements HostnameVerifier {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sap/conn/rfc/driver/security/verify/WSHostnameVerifier$HostNameType.class */
    public enum HostNameType {
        IPv4,
        IPv6,
        DNS
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        if (sSLSession == null) {
            if (!Trace.isOn(1)) {
                return false;
            }
            Trace.fireTrace(1, "No session given, session is null");
            return false;
        }
        try {
            Certificate[] peerCertificates = sSLSession.getPeerCertificates();
            if (peerCertificates == null) {
                if (!Trace.isOn(1)) {
                    return false;
                }
                Trace.fireTrace(1, "No peer certs available in session");
                return false;
            }
            X509Certificate x509Certificate = (X509Certificate) peerCertificates[0];
            if (x509Certificate != null) {
                verify(str, x509Certificate);
                return true;
            }
            if (!Trace.isOn(1)) {
                return false;
            }
            Trace.fireTrace(1, "No peer certs available in session");
            return false;
        } catch (UnknownHostException | CertificateParsingException | SSLException e) {
            if (!Trace.isOn(1)) {
                return false;
            }
            Trace.fireTrace(1, e);
            return false;
        }
    }

    public static void verify(String str, X509Certificate x509Certificate) throws SSLException, CertificateParsingException, UnknownHostException {
        HostNameType determineHostFormat = determineHostFormat(str);
        List<SubjectName> subjectAlternativeNames = getSubjectAlternativeNames(x509Certificate);
        if (subjectAlternativeNames == null || subjectAlternativeNames.isEmpty()) {
            String extractCN = extractCN(x509Certificate.getSubjectX500Principal().getName("RFC2253"));
            if (extractCN == null) {
                throw new SSLException("Certificate subject for <" + str + "> doesn't contain a common name and does not have alternative names");
            }
            matchCN(str, extractCN);
            return;
        }
        switch (determineHostFormat) {
            case IPv4:
                matchIPAddress(str, subjectAlternativeNames);
                return;
            case IPv6:
                matchIPv6Address(str, subjectAlternativeNames);
                return;
            default:
                matchDNSName(str, subjectAlternativeNames);
                return;
        }
    }

    private static HostNameType determineHostFormat(String str) {
        if (InetAddressUtils.isIPv4Address(str)) {
            return HostNameType.IPv4;
        }
        String str2 = str;
        if (str2.startsWith("[") && str2.endsWith("]")) {
            str2 = str.substring(1, str.length() - 1);
        }
        return InetAddressUtils.isIPv6Address(str2) ? HostNameType.IPv6 : HostNameType.DNS;
    }

    private static List<SubjectName> getSubjectAlternativeNames(X509Certificate x509Certificate) throws CertificateParsingException {
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (subjectAlternativeNames == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        for (List<?> list : subjectAlternativeNames) {
            Integer num = list.size() >= 2 ? (Integer) list.get(0) : null;
            if (num != null && (num.intValue() == 2 || num.intValue() == 7)) {
                Object obj = list.get(1);
                if (obj instanceof String) {
                    arrayList.add(new SubjectName((String) obj, num.intValue()));
                }
            }
        }
        return arrayList;
    }

    private static void matchIPAddress(String str, List<SubjectName> list) throws SSLException {
        for (int i = 0; i < list.size(); i++) {
            SubjectName subjectName = list.get(i);
            if (subjectName.getType() == 7 && str.equals(subjectName.getValue())) {
                return;
            }
        }
        throw new SSLPeerUnverifiedException("Certificate for <" + str + "> doesn't match any of the subject alternative names: " + list);
    }

    private static void matchIPv6Address(String str, List<SubjectName> list) throws SSLException, UnknownHostException {
        String normalizeAddress = normalizeAddress(str);
        for (int i = 0; i < list.size(); i++) {
            SubjectName subjectName = list.get(i);
            if (subjectName.getType() == 7 && normalizeAddress.equals(normalizeAddress(subjectName.getValue()))) {
                return;
            }
        }
        throw new SSLPeerUnverifiedException("Certificate for <" + str + "> doesn't match any of the subject alternative names: " + list);
    }

    private static void matchDNSName(String str, List<SubjectName> list) throws SSLException {
        String lowerCase = str.toLowerCase(Locale.ROOT);
        for (int i = 0; i < list.size(); i++) {
            SubjectName subjectName = list.get(i);
            if (subjectName.getType() == 2 && matchIdentity(lowerCase, subjectName.getValue().toLowerCase(Locale.ROOT))) {
                return;
            }
        }
        throw new SSLPeerUnverifiedException("Certificate for <" + str + "> doesn't match any of the subject alternative names: " + list);
    }

    private static void matchCN(String str, String str2) throws SSLException {
        if (!matchIdentity(str.toLowerCase(Locale.ROOT), str2.toLowerCase(Locale.ROOT))) {
            throw new SSLPeerUnverifiedException("Certificate for <" + str + "> doesn't match common name of the certificate subject: " + str2);
        }
    }

    private static boolean matchIdentity(String str, String str2) {
        int indexOf = str2.indexOf(42);
        if (indexOf == -1) {
            return str.equalsIgnoreCase(str2);
        }
        String substring = str2.substring(0, indexOf);
        String substring2 = str2.substring(indexOf + 1);
        if (substring.isEmpty() || str.startsWith(substring)) {
            return (substring2.isEmpty() || str.endsWith(substring2)) && !str.substring(substring.length(), str.length() - substring2.length()).contains(".");
        }
        return false;
    }

    private static String extractCN(String str) {
        if (str == null) {
            return null;
        }
        String[] split = str.toLowerCase(Locale.ENGLISH).split(",");
        String str2 = null;
        int i = 0;
        while (true) {
            if (i >= split.length) {
                break;
            }
            split[i] = split[i].trim();
            if (!split[i].startsWith("cn")) {
                i++;
            } else if (split[i].length() <= 2 || split[i].charAt(2) != '=') {
                String trim = split[i].substring(2).trim();
                str2 = (trim.length() <= 0 || trim.charAt(0) != '=') ? null : trim.substring(1).trim();
            } else {
                str2 = split[i].substring(3).trim();
            }
        }
        return str2;
    }

    private static String normalizeAddress(String str) throws UnknownHostException {
        return str == null ? str : InetAddress.getByName(str).getHostAddress();
    }
}
