package eu.siacs.conversations.crypto;

import android.os.Build;
import android.util.Log;
import android.util.Pair;
import de.duenndns.ssl.DomainHostnameVerifier;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import javax.net.ssl.SSLSession;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;

/* loaded from: classes.dex */
public class XmppDomainVerifier implements DomainHostnameVerifier {
    private static List<String> getCommonNames(X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        try {
            X500Name subject = new JcaX509CertificateHolder(x509Certificate).getSubject();
            RDN[] rDNs = subject.getRDNs(BCStyle.CN);
            for (int i = 0; i < rDNs.length; i++) {
                arrayList.add(IETFUtils.valueToString(subject.getRDNs(BCStyle.CN)[i].getFirst().getValue()));
            }
        } catch (CertificateEncodingException e) {
        }
        return arrayList;
    }

    private boolean isSelfSigned(X509Certificate x509Certificate) {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    private static boolean matchDomain(String str, List<String> list) {
        for (String str2 : list) {
            if (str2.startsWith("*.")) {
                int indexOf = str.indexOf(46);
                Log.d("XmppDomainVerifier", "comparing " + str.substring(indexOf) + " and " + str2.substring(1));
                if (indexOf != -1 && str.substring(indexOf).equals(str2.substring(1))) {
                    Log.d("XmppDomainVerifier", "domain " + str + " matched " + str2);
                    return true;
                }
            } else if (str2.equals(str)) {
                Log.d("XmppDomainVerifier", "domain " + str + " matched " + str2);
                return true;
            }
        }
        return false;
    }

    private static Pair<String, String> parseOtherName(byte[] bArr) {
        Pair<String, String> pair;
        try {
            ASN1Primitive fromByteArray = ASN1Primitive.fromByteArray(bArr);
            if (fromByteArray instanceof DERTaggedObject) {
                ASN1Primitive object = ((DERTaggedObject) fromByteArray).getObject();
                if (object instanceof DLSequence) {
                    DLSequence dLSequence = (DLSequence) object;
                    if (dLSequence.size() >= 2 && (dLSequence.getObjectAt(1) instanceof DERTaggedObject)) {
                        String obj = dLSequence.getObjectAt(0).toString();
                        ASN1Primitive object2 = ((DERTaggedObject) dLSequence.getObjectAt(1)).getObject();
                        if (object2 instanceof DERUTF8String) {
                            pair = new Pair<>(obj, ((DERUTF8String) object2).getString());
                        } else if (object2 instanceof DERIA5String) {
                            pair = new Pair<>(obj, ((DERIA5String) object2).getString());
                        }
                        return pair;
                    }
                }
            }
            pair = null;
            return pair;
        } catch (IOException e) {
            return null;
        }
    }

    @Override // de.duenndns.ssl.DomainHostnameVerifier
    public boolean verify(String str, String str2, SSLSession sSLSession) {
        boolean z;
        try {
            Certificate[] peerCertificates = sSLSession.getPeerCertificates();
            if (peerCertificates.length == 0 || !(peerCertificates[0] instanceof X509Certificate)) {
                return false;
            }
            X509Certificate x509Certificate = (X509Certificate) peerCertificates[0];
            List<String> commonNames = getCommonNames(x509Certificate);
            if (Build.VERSION.SDK_INT >= 19 && isSelfSigned(x509Certificate) && commonNames.size() == 1 && matchDomain(str, commonNames)) {
                Log.d("XmppDomainVerifier", "accepted CN in self signed cert as work around for " + str);
                return true;
            }
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            ArrayList arrayList3 = new ArrayList();
            if (subjectAlternativeNames != null) {
                for (List<?> list : subjectAlternativeNames) {
                    Integer num = (Integer) list.get(0);
                    if (num.intValue() == 0) {
                        Pair<String, String> parseOtherName = parseOtherName((byte[]) list.get(1));
                        if (parseOtherName != null) {
                            String str3 = (String) parseOtherName.first;
                            switch (str3.hashCode()) {
                                case 767061161:
                                    if (str3.equals("1.3.6.1.5.5.7.8.5")) {
                                        z = true;
                                        break;
                                    }
                                    break;
                                case 767061163:
                                    if (str3.equals("1.3.6.1.5.5.7.8.7")) {
                                        z = false;
                                        break;
                                    }
                                    break;
                            }
                            z = -1;
                            switch (z) {
                                case false:
                                    arrayList2.add(parseOtherName.second);
                                    break;
                                case true:
                                    arrayList.add(parseOtherName.second);
                                    break;
                                default:
                                    Log.d("XmppDomainVerifier", "oid: " + ((String) parseOtherName.first) + " value: " + ((String) parseOtherName.second));
                                    break;
                            }
                        }
                    } else if (num.intValue() == 2) {
                        Object obj = list.get(1);
                        if (obj instanceof String) {
                            arrayList3.add((String) obj);
                        }
                    }
                }
            }
            if (arrayList2.size() == 0 && arrayList.size() == 0 && arrayList3.size() == 0) {
                arrayList3.addAll(commonNames);
            }
            Log.d("XmppDomainVerifier", "searching for " + str + " in srvNames: " + arrayList2 + " xmppAddrs: " + arrayList + " domains:" + arrayList3);
            if (str2 != null) {
                Log.d("XmppDomainVerifier", "also trying to verify hostname " + str2);
            }
            return arrayList.contains(str) || arrayList2.contains(new StringBuilder().append("_xmpp-client.").append(str).toString()) || matchDomain(str, arrayList3) || (str2 != null && matchDomain(str2, arrayList3));
        } catch (Exception e) {
            return false;
        }
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        return verify(str, null, sSLSession);
    }
}
