package io.vproxy.base.util.ringbuffer.ssl;

import io.vproxy.base.util.Logger;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.net.ssl.SSLContext;

/* loaded from: input_file:io/vproxy/base/util/ringbuffer/ssl/SSLContextHolder.class */
public class SSLContextHolder {
    private final List<Holder> holders = new ArrayList();
    protected final Map<String, SSLContext> quickAccess = new ConcurrentHashMap();
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/vproxy/base/util/ringbuffer/ssl/SSLContextHolder$CertHolder.class */
    public static class CertHolder {
        final X509Certificate cert;
        String cn;
        boolean cnRetrieved;
        List<String> san;
        boolean sanRetrieved;

        private CertHolder(X509Certificate x509Certificate) {
            this.cert = x509Certificate;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/vproxy/base/util/ringbuffer/ssl/SSLContextHolder$Holder.class */
    public static class Holder {
        final SSLContext sslContext;
        final CertHolder[] certs;

        private Holder(SSLContext sSLContext, X509Certificate[] x509CertificateArr) {
            this.sslContext = sSLContext;
            this.certs = new CertHolder[x509CertificateArr.length];
            for (int i = 0; i < x509CertificateArr.length; i++) {
                this.certs[i] = new CertHolder(x509CertificateArr[i]);
            }
        }
    }

    public void add(SSLContext sSLContext, X509Certificate[] x509CertificateArr) {
        this.holders.add(new Holder(sSLContext, x509CertificateArr));
    }

    public SSLContext choose(String str) {
        if (!$assertionsDisabled && !Logger.lowLevelDebug("choosing cert with sni " + str + ", holders.size = " + this.holders.size())) {
            throw new AssertionError();
        }
        if (this.holders.size() == 1) {
            return this.holders.get(0).sslContext;
        }
        if (this.holders.isEmpty()) {
            return null;
        }
        SSLContext chooseNoDefault = chooseNoDefault(str);
        if (chooseNoDefault != null) {
            return chooseNoDefault;
        }
        if ($assertionsDisabled || Logger.lowLevelDebug("cannot find corresponding cert for sni " + str + ", return the default (first) one")) {
            return this.holders.get(0).sslContext;
        }
        throw new AssertionError();
    }

    protected SSLContext chooseNoDefault(String str) {
        if (str == null) {
            return null;
        }
        SSLContext sSLContext = this.quickAccess.get(str);
        if (sSLContext != null) {
            return sSLContext;
        }
        for (Holder holder : this.holders) {
            if (checkSNI(holder, holder.certs, str)) {
                return holder.sslContext;
            }
        }
        return null;
    }

    private boolean checkSNI(Holder holder, CertHolder[] certHolderArr, String str) {
        if (!$assertionsDisabled && !Logger.lowLevelDebug("visiting certs: with " + certHolderArr.length + " element(s)")) {
            throw new AssertionError();
        }
        for (CertHolder certHolder : certHolderArr) {
            if (checkSNI(holder, certHolder, str)) {
                return true;
            }
        }
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private boolean checkSNI(Holder holder, CertHolder certHolder, String str) {
        String str2;
        List arrayList;
        List<String> list;
        if (certHolder.cnRetrieved) {
            str2 = certHolder.cn;
        } else {
            String[] split = certHolder.cert.getSubjectX500Principal().getName().split(",");
            str2 = null;
            int length = split.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                String str3 = split[i];
                if (str3.startsWith("CN=")) {
                    str2 = str3.substring("CN=".length());
                    break;
                }
                i++;
            }
            certHolder.cnRetrieved = true;
            certHolder.cn = str2;
        }
        if (str2 != null) {
            if (!$assertionsDisabled && !Logger.lowLevelDebug("comparing sni " + str + " with commonName " + str2)) {
                throw new AssertionError();
            }
            if (compare(str2, str)) {
                this.quickAccess.put(str, holder.sslContext);
                return true;
            }
        }
        if (certHolder.sanRetrieved) {
            list = certHolder.san;
        } else {
            try {
                Collection<List<?>> subjectAlternativeNames = certHolder.cert.getSubjectAlternativeNames();
                if (subjectAlternativeNames == null) {
                    arrayList = new ArrayList();
                } else {
                    arrayList = new ArrayList(subjectAlternativeNames.size());
                    for (List<?> list2 : subjectAlternativeNames) {
                        if (((Integer) list2.get(0)).intValue() == 2) {
                            arrayList.add((String) list2.get(1));
                        }
                    }
                }
                if (arrayList.isEmpty()) {
                    arrayList = null;
                }
                list = arrayList;
                certHolder.san = arrayList;
                certHolder.sanRetrieved = true;
            } catch (CertificateParsingException e) {
                if (!$assertionsDisabled && !Logger.lowLevelDebug("decoding cert SAN failed: " + e)) {
                    throw new AssertionError();
                }
                certHolder.sanRetrieved = true;
                return false;
            }
        }
        if (list == null) {
            if ($assertionsDisabled || Logger.lowLevelDebug("san is not retrieved")) {
                return false;
            }
            throw new AssertionError();
        }
        if (!$assertionsDisabled && !Logger.lowLevelDebug("retrieved san is " + list)) {
            throw new AssertionError();
        }
        for (String str4 : list) {
            if (!$assertionsDisabled && !Logger.lowLevelDebug("comparing sni " + str + " with dnsName " + str4)) {
                throw new AssertionError();
            }
            if (compare(str4, str)) {
                this.quickAccess.put(str, holder.sslContext);
                return true;
            }
        }
        return false;
    }

    private boolean compare(String str, String str2) {
        if (!str.startsWith("*.")) {
            return str2.equals(str);
        }
        String substring = str.substring("*".length());
        return str2.length() > substring.length() && str2.endsWith(substring) && !str2.substring(0, str2.length() - substring.length()).contains(".");
    }

    static {
        $assertionsDisabled = !SSLContextHolder.class.desiredAssertionStatus();
    }
}
