package com.impossibl.postgres.protocol.v30;

import java.net.IDN;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.slf4j.Marker;

/* loaded from: input_file:com/impossibl/postgres/protocol/v30/HostNameVerifier.class */
public class HostNameVerifier {
    private static final int SAN_TYPE_DNS_NAME = 2;
    private static final int SAN_TYPE_IP_ADDRESS = 7;
    private static final Logger logger = Logger.getLogger(HostNameVerifier.class.getName());
    private static final Comparator<String> specificHostNameComparator = new Comparator<String>() { // from class: com.impossibl.postgres.protocol.v30.HostNameVerifier.1
        private int countChars(String str, char c) {
            int i = 0;
            int i2 = -1;
            while (true) {
                i2 = str.indexOf(c, i2 + 1);
                if (i2 == -1) {
                    return i;
                }
                i++;
            }
        }

        @Override // java.util.Comparator
        public int compare(String str, String str2) {
            int countChars = countChars(str, '.');
            int countChars2 = countChars(str2, '.');
            if (countChars != countChars2) {
                return countChars > countChars2 ? 1 : -1;
            }
            int countChars3 = countChars(str, '*');
            int countChars4 = countChars(str2, '*');
            if (countChars3 != countChars4) {
                return countChars3 < countChars4 ? 1 : -1;
            }
            int length = str.length();
            int length2 = str2.length();
            if (length != length2) {
                return length > length2 ? 1 : -1;
            }
            return 0;
        }
    };

    public static void verifyHostName(String str, SSLSession sSLSession) throws SSLPeerUnverifiedException {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) sSLSession.getPeerCertificates();
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new SSLPeerUnverifiedException("No peer certificates for hostname verification");
        }
        verifyHostName(str, x509CertificateArr[0]);
    }

    public static void verifyHostName(String str, X509Certificate x509Certificate) throws SSLPeerUnverifiedException {
        String ascii;
        if (str.startsWith("[") && str.endsWith("]")) {
            ascii = str.substring(1, str.length() - 1);
        } else {
            try {
                ascii = IDN.toASCII(str);
            } catch (IllegalArgumentException e) {
                throw new SSLPeerUnverifiedException(String.format("Hostname '%s' is invalid", str));
            }
        }
        logger.log(Level.FINE, "Translated hostname {0} to canonical hostname {1}", new Object[]{str, ascii});
        Collection<List<?>> collection = null;
        try {
            collection = x509Certificate.getSubjectAlternativeNames();
        } catch (CertificateParsingException e2) {
        }
        if (collection == null) {
            collection = Collections.emptyList();
        }
        boolean z = false;
        for (List<?> list : collection) {
            if (list.size() == 2) {
                Integer num = (Integer) list.get(0);
                if (num.intValue() == 7 || num.intValue() == 2) {
                    String str2 = (String) list.get(1);
                    if (num.intValue() != 7 || str2 == null || !str2.contains(Marker.ANY_MARKER)) {
                        z |= num.intValue() == 2;
                        if (matchHostName(ascii, str2)) {
                            logger.log(Level.FINE, "Matched Subject Alternate Name to '{0}'", str);
                            return;
                        }
                    }
                }
            }
        }
        if (z) {
            logger.log(Level.SEVERE, "Aborting host name verification due to mismatching DNS Subject Alternate Name", str);
            throw new SSLPeerUnverifiedException(String.format("Failed to match hostname '%s' against DNS Subject Alternate Name", str));
        }
        try {
            LdapName ldapName = new LdapName(x509Certificate.getSubjectX500Principal().getName("RFC2253"));
            ArrayList arrayList = new ArrayList(1);
            for (Rdn rdn : ldapName.getRdns()) {
                if ("CN".equals(rdn.getType())) {
                    arrayList.add((String) rdn.getValue());
                }
            }
            if (arrayList.isEmpty()) {
                throw new SSLPeerUnverifiedException("Certificate subject missing common name");
            }
            if (arrayList.size() > 1) {
                arrayList.sort(specificHostNameComparator);
            }
            if (!matchHostName(ascii, (String) arrayList.get(arrayList.size() - 1))) {
                throw new SSLPeerUnverifiedException(String.format("Hostname '%s' could not be verified", str));
            }
        } catch (InvalidNameException e3) {
            throw new SSLPeerUnverifiedException("Certificate contains invalid subject");
        }
    }

    public static boolean matchHostName(String str, String str2) {
        if (str == null || str2 == null) {
            return false;
        }
        int lastIndexOf = str2.lastIndexOf(42);
        if (lastIndexOf == -1) {
            return str.equalsIgnoreCase(str2);
        }
        if (lastIndexOf > 0 || str2.indexOf(46) == -1 || str.length() < str2.length() - 1) {
            return false;
        }
        int length = (str.length() - str2.length()) + 1;
        if (str.lastIndexOf(46, length - 1) >= 0) {
            return false;
        }
        return str.regionMatches(true, length, str2, 1, str2.length() - 1);
    }
}
