package com.ibm.ecc.connectivity;

import com.ibm.ecc.common.Trace;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;

/* loaded from: input_file:lib/ecc_v2r3m0f010/ConnectivityServices.jar:com/ibm/ecc/connectivity/ConnectivityHostnameVerifier.class */
public class ConnectivityHostnameVerifier implements HostnameVerifier {
    static final String COPYRIGHT = " Licensed Materials - Property of IBM, (C) COPYRIGHT 2005 All Rights Reserved. US Government Users restricted Rights -  Use, Duplication or Disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private final String className;
    private boolean _verify;

    private ConnectivityHostnameVerifier() {
        this.className = getClass().getName();
        this._verify = true;
    }

    public ConnectivityHostnameVerifier(boolean z) {
        this.className = getClass().getName();
        this._verify = z;
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        Trace.entry(this.className, "verify1()");
        if (!this._verify) {
            Trace.info(this.className, "verify1()", "verify disabled.", (Throwable) null);
            Trace.exit(this.className, "verify1()");
            return true;
        }
        if (str == null) {
            Trace.exit(this.className, "verify1()");
            return true;
        }
        if (isIPAddr(str)) {
            Trace.info(this.className, "verify1()", "Host name is IP, let pass", (Throwable) null);
            Trace.exit(this.className, "verify1()");
            return true;
        }
        try {
            Certificate[] peerCertificates = sSLSession.getPeerCertificates();
            if (!(peerCertificates[0] instanceof X509Certificate)) {
                Trace.info(this.className, "verify1()", "Certificate not a X509Certificate", (Throwable) null);
                return false;
            }
            X509Certificate x509Certificate = (X509Certificate) peerCertificates[0];
            Trace.exit(this.className, "verify1()");
            return common_verify(x509Certificate, str);
        } catch (SSLPeerUnverifiedException e) {
            Trace.warning(this.className, "verify1()", "Could not get peer certificates.", (Throwable) e);
            return false;
        }
    }

    public boolean verify(X509Certificate x509Certificate, String str) {
        Trace.entry(this.className, "verify2()");
        if (!this._verify) {
            Trace.info(this.className, "verify2()", "verify disabled.", (Throwable) null);
            Trace.exit(this.className, "verify2()");
            return true;
        }
        if (str == null) {
            Trace.exit(this.className, "verify2()");
            return true;
        }
        if (!isIPAddr(str)) {
            Trace.exit(this.className, "verify2()");
            return common_verify(x509Certificate, str);
        }
        Trace.info(this.className, "verify2()", "Host name is IP, let pass", (Throwable) null);
        Trace.exit(this.className, "verify2()");
        return true;
    }

    private boolean common_verify(X509Certificate x509Certificate, String str) {
        Trace.info(this.className, "common_verify()", "verify Host name " + str, (Throwable) null);
        String cn = getCN(x509Certificate.getSubjectDN().getName());
        Trace.info(this.className, "common_verify()", "Host name is " + str + ", CN from server certificate is " + cn, (Throwable) null);
        if (check(str, cn)) {
            Trace.exit(this.className, "common_verify()");
            return true;
        }
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                Trace.info(this.className, "common_verify()", "No subject alternative names.", (Throwable) null);
                Trace.exit(this.className, "common_verify()");
                return false;
            }
            Iterator<List<?>> it = subjectAlternativeNames.iterator();
            while (it.hasNext()) {
                Object[] array = it.next().toArray();
                if (((Integer) array[0]).intValue() == 2 && (array[1] instanceof String)) {
                    String str2 = (String) array[1];
                    Trace.info(this.className, "common_verify()", "Host name is " + str + ", subject alterative name is " + str2, (Throwable) null);
                    if (check(str, str2)) {
                        Trace.exit(this.className, "common_verify()");
                        return true;
                    }
                }
            }
            Trace.severe(this.className, "common_verify()", "Host name verification failed", (Throwable) null);
            Trace.exit(this.className, "common_verify()");
            return false;
        } catch (CertificateParsingException e) {
            Trace.warning(this.className, "common_verify()", "Problem parsing certificate for Host name Verification", (Throwable) e);
            Trace.exit(this.className, "common_verify()");
            return false;
        }
    }

    static boolean check(String str, String str2) {
        int indexOf;
        int indexOf2;
        if (str.equalsIgnoreCase(str2)) {
            return true;
        }
        if (str2.indexOf(42) == -1 || (indexOf = str2.indexOf(46)) == -1 || (indexOf2 = str.indexOf(46)) == -1) {
            return false;
        }
        return str.substring(indexOf2).equalsIgnoreCase(str2.substring(indexOf)) && str.substring(0, indexOf2).matches(str2.substring(0, indexOf).replace("*", ".*"));
    }

    private String getCN(String str) {
        int indexOf = str.indexOf("CN=");
        if (indexOf == -1) {
            return null;
        }
        String substring = str.substring(indexOf + 3);
        char[] charArray = substring.toCharArray();
        int i = 0;
        while (i < charArray.length && (charArray[i] != ',' || i <= 0 || charArray[i - 1] == '\\')) {
            i++;
        }
        return substring.substring(0, i);
    }

    private boolean isIPAddr(String str) {
        if (str.indexOf(58) != -1) {
            return true;
        }
        char[] charArray = str.toCharArray();
        for (int i = 0; i < charArray.length; i++) {
            if (charArray[i] > 'a' && charArray[i] < 'z') {
                return false;
            }
            if (charArray[i] > 'A' && charArray[i] < 'Z') {
                return false;
            }
        }
        return true;
    }
}
