package me.lucko.helper.sql.external.mariadb.jdbc.internal.protocol.tls;

import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Locale;
import java.util.StringTokenizer;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.security.auth.x500.X500Principal;
import me.lucko.helper.sql.external.mariadb.jdbc.internal.logging.Logger;
import me.lucko.helper.sql.external.mariadb.jdbc.internal.logging.LoggerFactory;
import me.lucko.helper.sql.external.mariadb.jdbc.internal.util.Utils;

/* loaded from: input_file:me/lucko/helper/sql/external/mariadb/jdbc/internal/protocol/tls/HostnameVerifierImpl.class */
public class HostnameVerifierImpl implements HostnameVerifier {
    private static final Logger logger = LoggerFactory.getLogger(HostnameVerifierImpl.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:me/lucko/helper/sql/external/mariadb/jdbc/internal/protocol/tls/HostnameVerifierImpl$Extension.class */
    public enum Extension {
        DNS,
        IP
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:me/lucko/helper/sql/external/mariadb/jdbc/internal/protocol/tls/HostnameVerifierImpl$GeneralName.class */
    public class GeneralName {
        private final String value;
        private final Extension extension;

        public GeneralName(String str, Extension extension) {
            this.value = str;
            this.extension = extension;
        }

        public String toString() {
            return "{" + this.extension + ":\"" + this.value + "\"}";
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:me/lucko/helper/sql/external/mariadb/jdbc/internal/protocol/tls/HostnameVerifierImpl$SubjectAltNames.class */
    public class SubjectAltNames {
        private final List<GeneralName> generalNames;

        private SubjectAltNames() {
            this.generalNames = new ArrayList();
        }

        public String toString() {
            if (isEmpty()) {
                return "SAN[-empty-]";
            }
            StringBuilder sb = new StringBuilder("SAN[");
            boolean z = true;
            for (GeneralName generalName : this.generalNames) {
                if (!z) {
                    sb.append(",");
                }
                z = false;
                sb.append(generalName.toString());
            }
            sb.append("]");
            return sb.toString();
        }

        public List<GeneralName> getGeneralNames() {
            return this.generalNames;
        }

        public void add(GeneralName generalName) {
            this.generalNames.add(generalName);
        }

        public boolean isEmpty() {
            return this.generalNames.isEmpty();
        }
    }

    private static boolean matchDns(String str, String str2) throws SSLException {
        boolean z = Utils.isIPv4(str) || Utils.isIPv6(str);
        StringTokenizer stringTokenizer = new StringTokenizer(str.toLowerCase(Locale.ROOT), ".");
        StringTokenizer stringTokenizer2 = new StringTokenizer(str2.toLowerCase(Locale.ROOT), ".");
        if (stringTokenizer.countTokens() != stringTokenizer2.countTokens()) {
            return false;
        }
        do {
            try {
                if (!stringTokenizer.hasMoreTokens()) {
                    return true;
                }
            } catch (SSLException e) {
                throw new SSLException(normalizedHostMsg(str) + " doesn't correspond to certificate CN \"" + str2 + "\" : wildcards not possible for IPs");
            }
        } while (matchWildCards(z, stringTokenizer.nextToken(), stringTokenizer2.nextToken()));
        return false;
    }

    private static boolean matchWildCards(boolean z, String str, String str2) throws SSLException {
        int indexOf = str2.indexOf("*");
        String str3 = str;
        if (indexOf == -1) {
            return str3.equals(str2);
        }
        if (z) {
            throw new SSLException("WildCards not possible when using IP's");
        }
        boolean z2 = true;
        String str4 = str2;
        while (indexOf != -1) {
            String substring = str4.substring(0, indexOf);
            str4 = str4.substring(indexOf + 1);
            int indexOf2 = str3.indexOf(substring);
            if (indexOf2 == -1) {
                return false;
            }
            if (z2 && indexOf2 != 0) {
                return false;
            }
            z2 = false;
            str3 = str3.substring(indexOf2 + substring.length());
            indexOf = str4.indexOf("*");
        }
        return str3.endsWith(str4);
    }

    private static String extractCommonName(String str) throws SSLException {
        Object value;
        if (str == null) {
            return null;
        }
        try {
            for (Rdn rdn : new LdapName(str).getRdns()) {
                if (rdn.getType().equalsIgnoreCase("CN") && (value = rdn.getValue()) != null) {
                    return value.toString();
                }
            }
            return null;
        } catch (InvalidNameException e) {
            throw new SSLException("DN value \"" + str + "\" is invalid");
        }
    }

    private static String normaliseAddress(String str) {
        if (str == null) {
            return null;
        }
        try {
            return InetAddress.getByName(str).getHostAddress();
        } catch (UnknownHostException e) {
            return str;
        }
    }

    private static String normalizedHostMsg(String str) {
        StringBuilder sb = new StringBuilder();
        if (Utils.isIPv4(str)) {
            sb.append("IPv4 host \"");
        } else if (Utils.isIPv6(str)) {
            sb.append("IPv6 host \"");
        } else {
            sb.append("DNS host \"");
        }
        sb.append(str).append("\"");
        return sb.toString();
    }

    private SubjectAltNames getSubjectAltNames(X509Certificate x509Certificate) throws CertificateParsingException {
        String str;
        String str2;
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        SubjectAltNames subjectAltNames = new SubjectAltNames();
        if (subjectAlternativeNames != null) {
            for (List<?> list : subjectAlternativeNames) {
                if (list.size() >= 2) {
                    int intValue = ((Integer) list.get(0)).intValue();
                    if (intValue == 2 && (str2 = (String) list.get(1)) != null) {
                        subjectAltNames.add(new GeneralName(str2.toLowerCase(Locale.ROOT), Extension.DNS));
                    }
                    if (intValue == 7 && (str = (String) list.get(1)) != null) {
                        subjectAltNames.add(new GeneralName(str, Extension.IP));
                    }
                }
            }
        }
        return subjectAltNames;
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        return verify(str, sSLSession, -1L);
    }

    public boolean verify(String str, SSLSession sSLSession, long j) {
        try {
            verify(str, (X509Certificate) sSLSession.getPeerCertificates()[0], j);
            return true;
        } catch (SSLException e) {
            if (!logger.isDebugEnabled()) {
                return false;
            }
            logger.debug(e.getMessage(), (Throwable) e);
            return false;
        }
    }

    public void verify(String str, X509Certificate x509Certificate, long j) throws SSLException {
        if (str == null) {
            return;
        }
        String lowerCase = str.toLowerCase(Locale.ROOT);
        try {
            SubjectAltNames subjectAltNames = getSubjectAltNames(x509Certificate);
            if (!subjectAltNames.isEmpty()) {
                if (Utils.isIPv4(lowerCase)) {
                    for (GeneralName generalName : subjectAltNames.getGeneralNames()) {
                        if (logger.isTraceEnabled()) {
                            logger.trace("Conn={}. IPv4 verification of hostname : type={} value={} to {}", Long.valueOf(j), generalName.extension, generalName.value, lowerCase);
                        }
                        if (generalName.extension == Extension.IP && lowerCase.equals(generalName.value)) {
                            return;
                        }
                    }
                } else if (Utils.isIPv6(lowerCase)) {
                    String normaliseAddress = normaliseAddress(lowerCase);
                    for (GeneralName generalName2 : subjectAltNames.getGeneralNames()) {
                        if (logger.isTraceEnabled()) {
                            logger.trace("Conn={}. IPv6 verification of hostname : type={} value={} to {}", Long.valueOf(j), generalName2.extension, generalName2.value, lowerCase);
                        }
                        if (generalName2.extension == Extension.IP && !Utils.isIPv4(generalName2.value) && normaliseAddress.equals(normaliseAddress(generalName2.value))) {
                            return;
                        }
                    }
                } else {
                    for (GeneralName generalName3 : subjectAltNames.getGeneralNames()) {
                        if (logger.isTraceEnabled()) {
                            logger.trace("Conn={}. DNS verification of hostname : type={} value={} to {}", Long.valueOf(j), generalName3.extension, generalName3.value, lowerCase);
                        }
                        if (generalName3.extension == Extension.DNS && matchDns(lowerCase, generalName3.value.toLowerCase(Locale.ROOT))) {
                            return;
                        }
                    }
                }
            }
            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
            String extractCommonName = extractCommonName(subjectX500Principal.getName("RFC2253"));
            if (extractCommonName == null) {
                if (!subjectAltNames.isEmpty()) {
                    throw new SSLException("CN not found in certificate principal \"" + subjectX500Principal + "\" and " + normalizedHostMsg(lowerCase) + " doesn't correspond to " + subjectAltNames.toString());
                }
                throw new SSLException("CN not found in certificate principal \"{}" + subjectX500Principal + "\" and certificate doesn't contain SAN");
            }
            String lowerCase2 = extractCommonName.toLowerCase(Locale.ROOT);
            if (logger.isTraceEnabled()) {
                logger.trace("Conn={}. DNS verification of hostname : CN={} to {}", Long.valueOf(j), lowerCase2, lowerCase);
            }
            if (matchDns(lowerCase, lowerCase2)) {
                return;
            }
            String str2 = normalizedHostMsg(lowerCase) + " doesn't correspond to certificate CN \"" + lowerCase2 + "\"";
            if (!subjectAltNames.isEmpty()) {
                str2 = str2 + " and " + subjectAltNames.toString();
            }
            throw new SSLException(str2);
        } catch (CertificateParsingException e) {
            throw new SSLException("certificate parsing error : " + e.getMessage());
        }
    }
}
