package net.soti.ssl;

import com.google.inject.Inject;
import java.net.InetSocketAddress;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLException;
import net.soti.mobicontrol.ai.k;
import net.soti.mobicontrol.d.l;
import net.soti.mobicontrol.j.g;
import org.apache.http.conn.ssl.AbstractVerifier;
import org.jetbrains.annotations.NotNull;

/* loaded from: classes.dex */
public class DefaultHostnameVerifier extends AbstractVerifier {
    public static final boolean STRICT_WITH_SUB_DOMAINS = false;
    private k logger;
    private final RootCertificateStorage rootCertificateStorage;

    @Inject
    public DefaultHostnameVerifier(@NotNull RootCertificateStorage rootCertificateStorage, k kVar) {
        this.rootCertificateStorage = rootCertificateStorage;
        this.logger = kVar;
    }

    private static Collection<List<?>> getAlternativeNames(X509Certificate x509Certificate) throws SSLException {
        try {
            return x509Certificate.getSubjectAlternativeNames();
        } catch (CertificateParsingException e) {
            throw new SSLException(e);
        }
    }

    private static String getCertificateSubjectCommonName(X509Certificate x509Certificate) {
        return g.a(x509Certificate.getSubjectDN().toString());
    }

    private static boolean isHostNameIsIPAddress(String str) {
        return str.equals(new InetSocketAddress(str, 0).getAddress().getHostAddress());
    }

    @l
    protected static void verifyIpAddress(String str, Collection<List<?>> collection) throws SSLException {
        Iterator<List<?>> it = collection.iterator();
        while (it.hasNext()) {
            for (Object obj : it.next()) {
                if ((obj instanceof String) && str.equals(obj)) {
                    return;
                }
            }
        }
        throw new SSLException(String.format("[verifyIpAddress] failed. Hostname[%s] Cns[%s]", str, collection.toString()));
    }

    @Override // org.apache.http.conn.ssl.X509HostnameVerifier
    public void verify(String str, String[] strArr, String[] strArr2) throws SSLException {
        verify(str, strArr, strArr2, false);
    }

    public void verifyHostNameOrIp(String str, X509Certificate x509Certificate) throws SSLException {
        if (this.rootCertificateStorage.isUserTrusted()) {
            this.logger.a("[DefaultHostnameVerifier][verifyHostNameOrIp] rootCertificateStorage.isUserTrusted : " + this.rootCertificateStorage.isUserTrusted());
            return;
        }
        if (str.equalsIgnoreCase(getCertificateSubjectCommonName(x509Certificate))) {
            this.logger.a("[DefaultHostnameVerifier][verifyHostNameOrIp] hostname matches certificate's SubjectName");
            return;
        }
        Collection<List<?>> alternativeNames = getAlternativeNames(x509Certificate);
        if (alternativeNames == null || alternativeNames.isEmpty()) {
            throw new SSLException("not able to trust hostname: no alternative names found in server certificate");
        }
        if (isHostNameIsIPAddress(str)) {
            verifyIpAddress(str, alternativeNames);
        } else {
            verify(str, x509Certificate);
        }
    }
}
