package com.github.nhenneaux.resilienthttpclient.singlehostclient;

import java.net.IDN;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.List;
import java.util.Locale;
import java.util.StringTokenizer;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/github/nhenneaux/resilienthttpclient/singlehostclient/SingleHostnameX509TrustManager.class */
public class SingleHostnameX509TrustManager implements X509TrustManager {
    private static final Logger LOGGER = Logger.getLogger(SingleHostnameX509TrustManager.class.getSimpleName());
    private static final int ALTNAME_DNS = 2;
    private final X509TrustManager trustManager;
    private final String hostname;

    /* JADX INFO: Access modifiers changed from: protected */
    public SingleHostnameX509TrustManager(X509TrustManager x509TrustManager, String str) {
        this.trustManager = x509TrustManager;
        this.hostname = str;
    }

    static void matchDNS(String str, X509Certificate x509Certificate) throws CertificateException {
        try {
            new SNIHostName(str);
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                boolean z = false;
                for (List<?> list : subjectAlternativeNames) {
                    if (((Integer) list.get(0)).intValue() == ALTNAME_DNS) {
                        z = true;
                        if (isMatched(str, (String) list.get(1))) {
                            return;
                        }
                    }
                }
                if (z) {
                    throw new CertificateException("No subject alternative DNS name matching " + str + " found.");
                }
            }
            String subject = getSubject(x509Certificate);
            if (subject == null || !isMatched(str, subject)) {
                throw new CertificateException("No name matching " + str + " found");
            }
        } catch (IllegalArgumentException e) {
            throw new CertificateException("Illegal given domain name: " + str, e);
        }
    }

    private static String getSubject(X509Certificate x509Certificate) {
        return (String) Stream.of(x509Certificate).map(x509Certificate2 -> {
            return x509Certificate2.getSubjectX500Principal().getName();
        }).flatMap(str -> {
            try {
                return new LdapName(str).getRdns().stream().filter(rdn -> {
                    return rdn.getType().equalsIgnoreCase("cn");
                }).map(rdn2 -> {
                    return rdn2.getValue().toString();
                });
            } catch (InvalidNameException e) {
                LOGGER.log(Level.INFO, e, () -> {
                    return "The name " + str + " is not valid and cannot be parsed as javax.naming.ldap.LdapName";
                });
                return Stream.empty();
            }
        }).collect(Collectors.joining(", "));
    }

    private static boolean isMatched(String str, String str2) {
        try {
            String unicode = IDN.toUnicode(IDN.toASCII(str));
            String unicode2 = IDN.toUnicode(IDN.toASCII(str2));
            if (hasIllegalWildcard(unicode2)) {
                return false;
            }
            try {
                new SNIHostName(unicode2.replace('*', 'z'));
                return matchAllWildcards(unicode, unicode2);
            } catch (IllegalArgumentException e) {
                return false;
            }
        } catch (RuntimeException e2) {
            LOGGER.log(Level.FINE, "Failed to normalize to Unicode.", (Throwable) e2);
            return false;
        }
    }

    private static boolean hasIllegalWildcard(String str) {
        if (str.equals("*") || str.equals("*.")) {
            return true;
        }
        int lastIndexOf = str.lastIndexOf(42);
        return lastIndexOf != -1 && str.substring(lastIndexOf).indexOf(46) == -1;
    }

    private static boolean matchAllWildcards(String str, String str2) {
        String lowerCase = str.toLowerCase(Locale.ENGLISH);
        String lowerCase2 = str2.toLowerCase(Locale.ENGLISH);
        StringTokenizer stringTokenizer = new StringTokenizer(lowerCase, ".");
        StringTokenizer stringTokenizer2 = new StringTokenizer(lowerCase2, ".");
        if (stringTokenizer.countTokens() != stringTokenizer2.countTokens()) {
            return false;
        }
        while (stringTokenizer.hasMoreTokens()) {
            if (!matchWildCards(stringTokenizer.nextToken(), stringTokenizer2.nextToken())) {
                return false;
            }
        }
        return true;
    }

    private static boolean matchWildCards(String str, String str2) {
        int indexOf = str2.indexOf(42);
        if (indexOf == -1) {
            return str.equals(str2);
        }
        boolean z = true;
        String str3 = str2;
        while (indexOf != -1) {
            String substring = str3.substring(0, indexOf);
            str3 = str3.substring(indexOf + 1);
            int indexOf2 = str.indexOf(substring);
            if (indexOf2 == -1) {
                return false;
            }
            if (z && indexOf2 != 0) {
                return false;
            }
            z = false;
            str = str.substring(indexOf2 + substring.length());
            indexOf = str3.indexOf(42);
        }
        return str.endsWith(str3);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.trustManager.getAcceptedIssuers();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.trustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.trustManager.checkServerTrusted(x509CertificateArr, str);
        matchDNS(this.hostname, x509CertificateArr[0]);
    }
}
