package org.xipki.security;

import java.security.Principal;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import org.bouncycastle.asn1.x500.X500Name;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.common.ConfPairs;
import org.xipki.common.util.LogUtil;
import org.xipki.common.util.ParamUtil;
import org.xipki.common.util.StringUtil;
import org.xipki.security.util.X509Util;

/* loaded from: input_file:org/xipki/security/HttpsHostnameVerifier.class */
public class HttpsHostnameVerifier implements HostnameVerifier {
    private static final Logger LOG = LoggerFactory.getLogger(HttpsHostnameVerifier.class);
    private boolean enabled;
    private boolean trustAll;
    private Map<String, Set<String>> hostnameMap = new ConcurrentHashMap();
    private HostnameVerifier oldHostnameVerifier;
    private boolean meAsDefaultHostnameVerifier;

    public void init() {
        LOG.info("enabled: {}", Boolean.valueOf(this.enabled));
        LOG.info("trustAll: {}", Boolean.valueOf(this.trustAll));
        if (this.enabled) {
            this.oldHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
            LOG.info("Register me as DefaultHostnameVerifier, and backup the old one {}", this.oldHostnameVerifier);
            HttpsURLConnection.setDefaultHostnameVerifier(this);
            this.meAsDefaultHostnameVerifier = true;
        }
    }

    public void shutdown() {
        if (this.meAsDefaultHostnameVerifier && HttpsURLConnection.getDefaultHostnameVerifier() == this) {
            LOG.info("Unregister me as DefaultHostnameVerifier, and reuse the old one {}", this.oldHostnameVerifier);
            HttpsURLConnection.setDefaultHostnameVerifier(this.oldHostnameVerifier);
            this.meAsDefaultHostnameVerifier = false;
        }
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        ParamUtil.requireNonNull("hostname", str);
        if (this.trustAll) {
            return true;
        }
        LOG.info("hostname: {}", str);
        try {
            Principal peerPrincipal = sSLSession.getPeerPrincipal();
            if (peerPrincipal == null) {
                return false;
            }
            String commonName = X509Util.getCommonName(new X500Name(peerPrincipal.getName()));
            LOG.info("commonName: {}", commonName);
            Set<String> set = this.hostnameMap.get(commonName);
            if (set == null) {
                return false;
            }
            return set.contains(str);
        } catch (Exception e) {
            LogUtil.error(LOG, e);
            return false;
        }
    }

    public void setCommonnameHostMap(String str) {
        this.hostnameMap.clear();
        if (StringUtil.isBlank(str)) {
            return;
        }
        ConfPairs confPairs = new ConfPairs(str);
        for (String str2 : confPairs.names()) {
            this.hostnameMap.put(str2, StringUtil.splitAsSet(confPairs.value(str2), ",; \t"));
        }
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    public void setEnabled(boolean z) {
        this.enabled = z;
    }

    public boolean isTrustAll() {
        return this.trustAll;
    }

    public void setTrustAll(boolean z) {
        this.trustAll = z;
    }
}
