package org.jivesoftware.smack;

import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.jivesoftware.smack.log.LoggingManager;
import org.jivesoftware.smack.log.SmackLogger;

/* loaded from: input_file:org/jivesoftware/smack/ServerTrustManager.class */
class ServerTrustManager implements X509TrustManager {
    private static final SmackLogger logger = LoggingManager.getLogger(ServerTrustManager.class);
    private static Pattern cnPattern = Pattern.compile("(?i)(cn=)([^,]*)");
    private String mServer;
    private X509TrustManager mTrustManager;
    private boolean mVerifyTlsCertChain;

    public ServerTrustManager(String str, ConnectionConfiguration connectionConfiguration) {
        this.mVerifyTlsCertChain = connectionConfiguration.getVerifyTlsCertChain();
        if (this.mVerifyTlsCertChain) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                    if (trustManager instanceof X509TrustManager) {
                        this.mTrustManager = (X509TrustManager) trustManager;
                    }
                }
            } catch (Exception e) {
                logger.error("Unable to get TrustManager: ", e);
            }
        }
        this.mServer = str;
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.mVerifyTlsCertChain ? this.mTrustManager.getAcceptedIssuers() : new X509Certificate[0];
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this.mVerifyTlsCertChain) {
            if (this.mTrustManager == null) {
                throw new CertificateException("No X509TrustManager found, unable to verify cert");
            }
            this.mTrustManager.checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this.mVerifyTlsCertChain) {
            if (this.mTrustManager == null) {
                throw new CertificateException("No X509TrustManager found, unable to verify cert");
            }
            this.mTrustManager.checkServerTrusted(x509CertificateArr, str);
            List<String> peerIdentities = getPeerIdentities(x509CertificateArr[0]);
            boolean z = false;
            Iterator<String> it = peerIdentities.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String next = it.next();
                if (next.startsWith("*.")) {
                    if (this.mServer.endsWith(next.substring(1))) {
                        z = true;
                        break;
                    }
                } else if (this.mServer.equals(next)) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                throw new CertificateException("Hostname is " + this.mServer + " which did not match identities: " + peerIdentities);
            }
        }
    }

    public static List<String> getPeerIdentities(X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        String name = x509Certificate.getSubjectDN().getName();
        Matcher matcher = cnPattern.matcher(name);
        if (matcher.find()) {
            name = matcher.group(2);
        }
        arrayList.add(name);
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                for (List<?> list : subjectAlternativeNames) {
                    if (((Integer) list.get(0)).intValue() == 2) {
                        arrayList.add((String) list.get(1));
                    }
                }
            }
        } catch (CertificateParsingException e) {
            logger.error("Unable to parse certificate: ", e);
        }
        return arrayList;
    }
}
