package com.xabber.android.data.connection;

import android.util.Log;
import android.util.Pair;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import javax.net.ssl.SSLSession;
import org.bouncycastle.asn1.av;
import org.bouncycastle.asn1.b.b;
import org.bouncycastle.asn1.b.c;
import org.bouncycastle.asn1.bh;
import org.bouncycastle.asn1.bi;
import org.bouncycastle.asn1.bo;
import org.bouncycastle.asn1.r;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;

/* loaded from: classes.dex */
public class CustomDomainVerifier implements CustomHostnameVerifier {
    private static final String LOGTAG = "XmppDomainVerifier";
    private final String SRVName = "1.3.6.1.5.5.7.8.7";
    private final String xmppAddr = "1.3.6.1.5.5.7.8.5";

    private static List<String> getCommonNames(X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        try {
            c a2 = new JcaX509CertificateHolder(x509Certificate).a();
            b[] a3 = a2.a(org.bouncycastle.asn1.b.a.b.e);
            for (int i = 0; i < a3.length; i++) {
                arrayList.add(org.bouncycastle.asn1.b.a.c.a(a2.a(org.bouncycastle.asn1.b.a.b.e)[i].b().b()));
            }
        } catch (CertificateEncodingException e) {
        }
        return arrayList;
    }

    private boolean isSelfSigned(X509Certificate x509Certificate) {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    private static boolean matchDomain(String str, List<String> list) {
        for (String str2 : list) {
            if (str2.startsWith("*.")) {
                int indexOf = str.indexOf(46);
                Log.d(LOGTAG, "comparing " + str.substring(indexOf) + " and " + str2.substring(1));
                if (indexOf != -1 && str.substring(indexOf).equals(str2.substring(1))) {
                    Log.d(LOGTAG, "domain " + str + " matched " + str2);
                    return true;
                }
            } else if (str2.equals(str)) {
                Log.d(LOGTAG, "domain " + str + " matched " + str2);
                return true;
            }
        }
        return false;
    }

    private static Pair<String, String> parseOtherName(byte[] bArr) {
        Pair<String, String> pair;
        try {
            r b = r.b(bArr);
            if (b instanceof bh) {
                r j = ((bh) b).j();
                if (j instanceof bo) {
                    bo boVar = (bo) j;
                    if (boVar.e() >= 2 && (boVar.a(1) instanceof bh)) {
                        String obj = boVar.a(0).toString();
                        r j2 = ((bh) boVar.a(1)).j();
                        if (j2 instanceof bi) {
                            pair = new Pair<>(obj, ((bi) j2).b());
                        } else if (j2 instanceof av) {
                            pair = new Pair<>(obj, ((av) j2).b());
                        }
                        return pair;
                    }
                }
            }
            pair = null;
            return pair;
        } catch (IOException e) {
            return null;
        }
    }

    @Override // com.xabber.android.data.connection.CustomHostnameVerifier
    public boolean verify(String str, String str2, SSLSession sSLSession) {
        boolean z;
        try {
            Certificate[] peerCertificates = sSLSession.getPeerCertificates();
            if (peerCertificates.length == 0 || !(peerCertificates[0] instanceof X509Certificate)) {
                return false;
            }
            X509Certificate x509Certificate = (X509Certificate) peerCertificates[0];
            if (isSelfSigned(x509Certificate)) {
                List<String> commonNames = getCommonNames(x509Certificate);
                if (commonNames.size() == 1 && commonNames.get(0).equals(str)) {
                    Log.d(LOGTAG, "accepted CN in cert self signed cert for " + str);
                    return true;
                }
            }
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            ArrayList arrayList3 = new ArrayList();
            if (subjectAlternativeNames != null) {
                for (List<?> list : subjectAlternativeNames) {
                    Integer num = (Integer) list.get(0);
                    if (num.intValue() == 0) {
                        Pair<String, String> parseOtherName = parseOtherName((byte[]) list.get(1));
                        if (parseOtherName != null) {
                            String str3 = (String) parseOtherName.first;
                            switch (str3.hashCode()) {
                                case 767061161:
                                    if (str3.equals("1.3.6.1.5.5.7.8.5")) {
                                        z = true;
                                        break;
                                    }
                                    break;
                                case 767061163:
                                    if (str3.equals("1.3.6.1.5.5.7.8.7")) {
                                        z = false;
                                        break;
                                    }
                                    break;
                            }
                            z = -1;
                            switch (z) {
                                case false:
                                    arrayList2.add(parseOtherName.second);
                                    break;
                                case true:
                                    arrayList.add(parseOtherName.second);
                                    break;
                                default:
                                    Log.d(LOGTAG, "oid: " + ((String) parseOtherName.first) + " value: " + ((String) parseOtherName.second));
                                    break;
                            }
                        }
                    } else if (num.intValue() == 2) {
                        Object obj = list.get(1);
                        if (obj instanceof String) {
                            arrayList3.add((String) obj);
                        }
                    }
                }
            }
            if (arrayList2.size() == 0 && arrayList.size() == 0 && arrayList3.size() == 0) {
                arrayList3.addAll(arrayList3);
            }
            Log.d(LOGTAG, "searching for " + str + " in srvNames: " + arrayList2 + " xmppAddrs: " + arrayList + " domains:" + arrayList3);
            if (str2 != null) {
                Log.d(LOGTAG, "also trying to verify hostname " + str2);
            }
            return arrayList.contains(str) || arrayList2.contains(new StringBuilder().append("_xmpp-client.").append(str).toString()) || matchDomain(str, arrayList3) || (str2 != null && matchDomain(str2, arrayList3));
        } catch (Exception e) {
            return false;
        }
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        return verify(str, null, sSLSession);
    }
}
