package nl.altindag.ssl.hostnameverifier;

import java.nio.charset.CharsetEncoder;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import nl.altindag.ssl.util.StringUtils;

/* loaded from: input_file:nl/altindag/ssl/hostnameverifier/FenixHostnameVerifier.class */
public final class FenixHostnameVerifier implements HostnameVerifier {
    private static final HostnameVerifier INSTANCE = new FenixHostnameVerifier();
    private static final CharsetEncoder ASCII_ENCODER = StandardCharsets.US_ASCII.newEncoder();
    private static final int ALT_DNS_NAME = 2;
    private static final int ALT_IPA_NAME = 7;

    private FenixHostnameVerifier() {
    }

    public static HostnameVerifier getInstance() {
        return INSTANCE;
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        if (!isAscii(str)) {
            return false;
        }
        Optional<X509Certificate> peerCertificate = getPeerCertificate(sSLSession);
        return peerCertificate.isPresent() && verify(str, peerCertificate.get());
    }

    private boolean isAscii(String str) {
        return ASCII_ENCODER.canEncode(str);
    }

    private Optional<X509Certificate> getPeerCertificate(SSLSession sSLSession) {
        try {
            Stream filter = Arrays.stream(sSLSession.getPeerCertificates()).filter((v0) -> {
                return Objects.nonNull(v0);
            });
            Class<X509Certificate> cls = X509Certificate.class;
            X509Certificate.class.getClass();
            Stream filter2 = filter.filter((v1) -> {
                return r1.isInstance(v1);
            });
            Class<X509Certificate> cls2 = X509Certificate.class;
            X509Certificate.class.getClass();
            return filter2.map((v1) -> {
                return r1.cast(v1);
            }).findFirst();
        } catch (SSLPeerUnverifiedException e) {
            return Optional.empty();
        }
    }

    private boolean verify(String str, X509Certificate x509Certificate) {
        return HostnameCommon.canParseAsIpAddress(str) ? verifyIpAddress(str, x509Certificate) : verifyHostname(str, x509Certificate);
    }

    private boolean verifyIpAddress(String str, X509Certificate x509Certificate) {
        String canonicalHost = Hostnames.toCanonicalHost(str);
        if (canonicalHost == null) {
            return false;
        }
        return getSubjectAltNames(x509Certificate, ALT_IPA_NAME).stream().anyMatch(str2 -> {
            return canonicalHost.equals(Hostnames.toCanonicalHost(str2));
        });
    }

    private List<String> getSubjectAltNames(X509Certificate x509Certificate, int i) {
        try {
            Stream map = ((Collection) Optional.ofNullable(x509Certificate.getSubjectAlternativeNames()).orElseGet(Collections::emptyList)).stream().filter((v0) -> {
                return Objects.nonNull(v0);
            }).filter(list -> {
                return list.size() == ALT_DNS_NAME;
            }).filter(list2 -> {
                return (list2.get(0) instanceof Integer) && ((Integer) list2.get(0)).intValue() == i;
            }).map(list3 -> {
                return list3.get(1);
            });
            Class<String> cls = String.class;
            String.class.getClass();
            Stream filter = map.filter(cls::isInstance);
            Class<String> cls2 = String.class;
            String.class.getClass();
            return (List) filter.map(cls2::cast).collect(Collectors.toList());
        } catch (CertificateParsingException e) {
            return Collections.emptyList();
        }
    }

    private boolean verifyHostname(String str, X509Certificate x509Certificate) {
        return getSubjectAltNames(x509Certificate, ALT_DNS_NAME).stream().anyMatch(str2 -> {
            return verifyHostname(str, str2);
        });
    }

    private boolean verifyHostname(String str, String str2) {
        if (isHostnameInValid(str) || isHostnameInValid(str2)) {
            return false;
        }
        String absolute = toAbsolute(str);
        String absolute2 = toAbsolute(str2);
        String asciiToLowercase = asciiToLowercase(absolute);
        String asciiToLowercase2 = asciiToLowercase(absolute2);
        return !asciiToLowercase2.contains("*") ? asciiToLowercase.equals(asciiToLowercase2) : verifyWildcardPattern(asciiToLowercase, asciiToLowercase2);
    }

    private boolean isHostnameInValid(String str) {
        return StringUtils.isBlank(str) || str.startsWith(".") || str.endsWith("..");
    }

    String toAbsolute(String str) {
        String str2 = str;
        if (!str2.endsWith(".")) {
            str2 = str2 + ".";
        }
        return str2;
    }

    private String asciiToLowercase(String str) {
        return isAscii(str) ? str.toLowerCase(Locale.US) : str;
    }

    private boolean verifyWildcardPattern(String str, String str2) {
        if (!str2.startsWith("*.") || str2.indexOf("*", 1) != -1 || str.length() < str2.length() || "*.".equals(str2) || !str.endsWith(str2.substring(1))) {
            return false;
        }
        int length = str.length() - str2.length();
        return length <= 0 || str.lastIndexOf(".", length - 1) == -1;
    }
}
