package org.apache.http.conn.ssl;

import java.io.ByteArrayInputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.SSLException;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/http/conn/ssl/TestHostnameVerifier.class */
public class TestHostnameVerifier {
    @Test
    public void testVerify() throws Exception {
        BrowserCompatHostnameVerifier browserCompatHostnameVerifier = new BrowserCompatHostnameVerifier();
        StrictHostnameVerifier strictHostnameVerifier = new StrictHostnameVerifier();
        AllowAllHostnameVerifier allowAllHostnameVerifier = new AllowAllHostnameVerifier();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertificatesToPlayWith.X509_FOO));
        browserCompatHostnameVerifier.verify("foo.com", x509Certificate);
        strictHostnameVerifier.verify("foo.com", x509Certificate);
        exceptionPlease(browserCompatHostnameVerifier, "a.foo.com", x509Certificate);
        exceptionPlease(strictHostnameVerifier, "a.foo.com", x509Certificate);
        exceptionPlease(browserCompatHostnameVerifier, "bar.com", x509Certificate);
        exceptionPlease(strictHostnameVerifier, "bar.com", x509Certificate);
        allowAllHostnameVerifier.verify("foo.com", x509Certificate);
        allowAllHostnameVerifier.verify("a.foo.com", x509Certificate);
        allowAllHostnameVerifier.verify("bar.com", x509Certificate);
        X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertificatesToPlayWith.X509_HANAKO));
        browserCompatHostnameVerifier.verify("花子.co.jp", x509Certificate2);
        strictHostnameVerifier.verify("花子.co.jp", x509Certificate2);
        exceptionPlease(browserCompatHostnameVerifier, "a.花子.co.jp", x509Certificate2);
        exceptionPlease(strictHostnameVerifier, "a.花子.co.jp", x509Certificate2);
        X509Certificate x509Certificate3 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertificatesToPlayWith.X509_FOO_BAR));
        browserCompatHostnameVerifier.verify("foo.com", x509Certificate3);
        strictHostnameVerifier.verify("foo.com", x509Certificate3);
        exceptionPlease(browserCompatHostnameVerifier, "a.foo.com", x509Certificate3);
        exceptionPlease(strictHostnameVerifier, "a.foo.com", x509Certificate3);
        browserCompatHostnameVerifier.verify("bar.com", x509Certificate3);
        strictHostnameVerifier.verify("bar.com", x509Certificate3);
        exceptionPlease(browserCompatHostnameVerifier, "a.bar.com", x509Certificate3);
        exceptionPlease(strictHostnameVerifier, "a.bar.com", x509Certificate3);
        X509Certificate x509Certificate4 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertificatesToPlayWith.X509_FOO_BAR_HANAKO));
        browserCompatHostnameVerifier.verify("foo.com", x509Certificate4);
        strictHostnameVerifier.verify("foo.com", x509Certificate4);
        exceptionPlease(browserCompatHostnameVerifier, "a.foo.com", x509Certificate4);
        exceptionPlease(strictHostnameVerifier, "a.foo.com", x509Certificate4);
        browserCompatHostnameVerifier.verify("bar.com", x509Certificate4);
        strictHostnameVerifier.verify("bar.com", x509Certificate4);
        exceptionPlease(browserCompatHostnameVerifier, "a.bar.com", x509Certificate4);
        exceptionPlease(strictHostnameVerifier, "a.bar.com", x509Certificate4);
        exceptionPlease(browserCompatHostnameVerifier, "a.花子.co.jp", x509Certificate4);
        exceptionPlease(strictHostnameVerifier, "a.花子.co.jp", x509Certificate4);
        X509Certificate x509Certificate5 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertificatesToPlayWith.X509_NO_CNS_FOO));
        browserCompatHostnameVerifier.verify("foo.com", x509Certificate5);
        strictHostnameVerifier.verify("foo.com", x509Certificate5);
        exceptionPlease(browserCompatHostnameVerifier, "a.foo.com", x509Certificate5);
        exceptionPlease(strictHostnameVerifier, "a.foo.com", x509Certificate5);
        X509Certificate x509Certificate6 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertificatesToPlayWith.X509_NO_CNS_FOO));
        browserCompatHostnameVerifier.verify("foo.com", x509Certificate6);
        strictHostnameVerifier.verify("foo.com", x509Certificate6);
        exceptionPlease(browserCompatHostnameVerifier, "a.foo.com", x509Certificate6);
        exceptionPlease(strictHostnameVerifier, "a.foo.com", x509Certificate6);
        X509Certificate x509Certificate7 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertificatesToPlayWith.X509_THREE_CNS_FOO_BAR_HANAKO));
        exceptionPlease(browserCompatHostnameVerifier, "foo.com", x509Certificate7);
        exceptionPlease(strictHostnameVerifier, "foo.com", x509Certificate7);
        exceptionPlease(browserCompatHostnameVerifier, "a.foo.com", x509Certificate7);
        exceptionPlease(strictHostnameVerifier, "a.foo.com", x509Certificate7);
        exceptionPlease(browserCompatHostnameVerifier, "bar.com", x509Certificate7);
        exceptionPlease(strictHostnameVerifier, "bar.com", x509Certificate7);
        exceptionPlease(browserCompatHostnameVerifier, "a.bar.com", x509Certificate7);
        exceptionPlease(strictHostnameVerifier, "a.bar.com", x509Certificate7);
        browserCompatHostnameVerifier.verify("花子.co.jp", x509Certificate7);
        strictHostnameVerifier.verify("花子.co.jp", x509Certificate7);
        exceptionPlease(browserCompatHostnameVerifier, "a.花子.co.jp", x509Certificate7);
        exceptionPlease(strictHostnameVerifier, "a.花子.co.jp", x509Certificate7);
        X509Certificate x509Certificate8 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertificatesToPlayWith.X509_WILD_FOO));
        exceptionPlease(browserCompatHostnameVerifier, "foo.com", x509Certificate8);
        exceptionPlease(strictHostnameVerifier, "foo.com", x509Certificate8);
        browserCompatHostnameVerifier.verify("www.foo.com", x509Certificate8);
        strictHostnameVerifier.verify("www.foo.com", x509Certificate8);
        browserCompatHostnameVerifier.verify("花子.foo.com", x509Certificate8);
        strictHostnameVerifier.verify("花子.foo.com", x509Certificate8);
        browserCompatHostnameVerifier.verify("a.b.foo.com", x509Certificate8);
        exceptionPlease(strictHostnameVerifier, "a.b.foo.com", x509Certificate8);
        X509Certificate x509Certificate9 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertificatesToPlayWith.X509_WILD_CO_JP));
        browserCompatHostnameVerifier.verify("*.co.jp", x509Certificate9);
        strictHostnameVerifier.verify("*.co.jp", x509Certificate9);
        exceptionPlease(browserCompatHostnameVerifier, "foo.co.jp", x509Certificate9);
        exceptionPlease(strictHostnameVerifier, "foo.co.jp", x509Certificate9);
        exceptionPlease(browserCompatHostnameVerifier, "花子.co.jp", x509Certificate9);
        exceptionPlease(strictHostnameVerifier, "花子.co.jp", x509Certificate9);
        X509Certificate x509Certificate10 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertificatesToPlayWith.X509_WILD_FOO_BAR_HANAKO));
        exceptionPlease(browserCompatHostnameVerifier, "foo.com", x509Certificate10);
        exceptionPlease(strictHostnameVerifier, "foo.com", x509Certificate10);
        browserCompatHostnameVerifier.verify("www.foo.com", x509Certificate10);
        strictHostnameVerifier.verify("www.foo.com", x509Certificate10);
        browserCompatHostnameVerifier.verify("花子.foo.com", x509Certificate10);
        strictHostnameVerifier.verify("花子.foo.com", x509Certificate10);
        browserCompatHostnameVerifier.verify("a.b.foo.com", x509Certificate10);
        exceptionPlease(strictHostnameVerifier, "a.b.foo.com", x509Certificate10);
        exceptionPlease(browserCompatHostnameVerifier, "bar.com", x509Certificate10);
        exceptionPlease(strictHostnameVerifier, "bar.com", x509Certificate10);
        browserCompatHostnameVerifier.verify("www.bar.com", x509Certificate10);
        strictHostnameVerifier.verify("www.bar.com", x509Certificate10);
        browserCompatHostnameVerifier.verify("花子.bar.com", x509Certificate10);
        strictHostnameVerifier.verify("花子.bar.com", x509Certificate10);
        browserCompatHostnameVerifier.verify("a.b.bar.com", x509Certificate10);
        exceptionPlease(strictHostnameVerifier, "a.b.bar.com", x509Certificate10);
        X509Certificate x509Certificate11 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertificatesToPlayWith.X509_MULTIPLE_VALUE_AVA));
        allowAllHostnameVerifier.verify("repository.infonotary.com", x509Certificate11);
        browserCompatHostnameVerifier.verify("repository.infonotary.com", x509Certificate11);
        strictHostnameVerifier.verify("repository.infonotary.com", x509Certificate11);
    }

    @Test
    public void testSubjectAlt() throws Exception {
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(CertificatesToPlayWith.X509_MULTIPLE_SUBJECT_ALT));
        X509HostnameVerifier x509HostnameVerifier = SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER;
        Assert.assertEquals("CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=CH", x509Certificate.getSubjectDN().getName());
        x509HostnameVerifier.verify("localhost", x509Certificate);
        x509HostnameVerifier.verify("localhost.localdomain", x509Certificate);
        x509HostnameVerifier.verify("127.0.0.1", x509Certificate);
        try {
            x509HostnameVerifier.verify("local.host", x509Certificate);
            Assert.fail("SSLException should have been thrown");
        } catch (SSLException e) {
        }
        try {
            x509HostnameVerifier.verify("127.0.0.2", x509Certificate);
            Assert.fail("SSLException should have been thrown");
        } catch (SSLException e2) {
        }
    }

    public void exceptionPlease(X509HostnameVerifier x509HostnameVerifier, String str, X509Certificate x509Certificate) {
        try {
            x509HostnameVerifier.verify(str, x509Certificate);
            Assert.fail("HostnameVerifier shouldn't allow [" + str + "]");
        } catch (SSLException e) {
        }
    }

    private void checkMatching(X509HostnameVerifier x509HostnameVerifier, String str, String[] strArr, String[] strArr2, boolean z) {
        try {
            x509HostnameVerifier.verify(str, strArr, strArr2);
            if (z) {
                Assert.fail("HostnameVerifier should not allow [" + str + "] to match " + Arrays.toString(strArr) + " or " + Arrays.toString(strArr2));
            }
        } catch (SSLException e) {
            if (z) {
                return;
            }
            Assert.fail("HostnameVerifier should have allowed [" + str + "] to match " + Arrays.toString(strArr) + " or " + Arrays.toString(strArr2));
        }
    }

    @Test
    public void testMatching() {
        String[] strArr = new String[0];
        String[] strArr2 = new String[0];
        BrowserCompatHostnameVerifier browserCompatHostnameVerifier = new BrowserCompatHostnameVerifier();
        StrictHostnameVerifier strictHostnameVerifier = new StrictHostnameVerifier();
        checkMatching(browserCompatHostnameVerifier, "a.b.c", strArr, strArr2, true);
        checkMatching(strictHostnameVerifier, "a.b.c", strArr, strArr2, true);
        String[] strArr3 = {"*.b.c"};
        checkMatching(browserCompatHostnameVerifier, "a.b.c", strArr3, strArr2, false);
        checkMatching(strictHostnameVerifier, "a.b.c", strArr3, strArr2, false);
        checkMatching(browserCompatHostnameVerifier, "s.a.b.c", strArr3, strArr2, false);
        checkMatching(strictHostnameVerifier, "s.a.b.c", strArr3, strArr2, true);
        String[] strArr4 = new String[0];
        String[] strArr5 = {"dummy", "*.b.c"};
        checkMatching(browserCompatHostnameVerifier, "a.b.c", strArr4, strArr5, false);
        checkMatching(strictHostnameVerifier, "a.b.c", strArr4, strArr5, false);
        checkMatching(browserCompatHostnameVerifier, "s.a.b.c", strArr4, strArr5, false);
        checkMatching(strictHostnameVerifier, "s.a.b.c", strArr4, strArr5, true);
        String[] strArr6 = {"*.gov.uk"};
        checkMatching(browserCompatHostnameVerifier, "a.gov.uk", strArr4, strArr6, true);
        checkMatching(strictHostnameVerifier, "a.gov.uk", strArr4, strArr6, true);
        checkMatching(browserCompatHostnameVerifier, "s.a.gov.uk", strArr4, strArr6, true);
        checkMatching(strictHostnameVerifier, "s.a.gov.uk", strArr4, strArr6, true);
        String[] strArr7 = {"*.gov.com"};
        checkMatching(browserCompatHostnameVerifier, "a.gov.com", strArr4, strArr7, false);
        checkMatching(strictHostnameVerifier, "a.gov.com", strArr4, strArr7, false);
        checkMatching(browserCompatHostnameVerifier, "s.a.gov.com", strArr4, strArr7, false);
        checkMatching(strictHostnameVerifier, "s.a.gov.com", strArr4, strArr7, true);
        String[] strArr8 = {"a*.gov.uk"};
        checkMatching(browserCompatHostnameVerifier, "a.gov.uk", strArr8, strArr7, true);
        checkMatching(strictHostnameVerifier, "a.gov.uk", strArr8, strArr7, true);
        checkMatching(browserCompatHostnameVerifier, "s.a.gov.uk", strArr8, strArr7, true);
        checkMatching(strictHostnameVerifier, "s.a.gov.uk", strArr8, strArr7, true);
    }

    @Test
    public void testHTTPCLIENT_1097() {
        String[] strArr = new String[0];
        BrowserCompatHostnameVerifier browserCompatHostnameVerifier = new BrowserCompatHostnameVerifier();
        StrictHostnameVerifier strictHostnameVerifier = new StrictHostnameVerifier();
        String[] strArr2 = {"a*.b.c"};
        checkMatching(browserCompatHostnameVerifier, "a.b.c", strArr2, strArr, false);
        checkMatching(strictHostnameVerifier, "a.b.c", strArr2, strArr, false);
        checkMatching(browserCompatHostnameVerifier, "a.a.b.c", strArr2, strArr, false);
        checkMatching(strictHostnameVerifier, "a.a.b.c", strArr2, strArr, true);
        checkWildcard("s*.co.uk", false);
        checkWildcard("s*.gov.uk", false);
        checkWildcard("s*.gouv.uk", false);
    }

    @Test
    public void testHTTPCLIENT_1255() {
        BrowserCompatHostnameVerifier browserCompatHostnameVerifier = new BrowserCompatHostnameVerifier();
        StrictHostnameVerifier strictHostnameVerifier = new StrictHostnameVerifier();
        String[] strArr = {"m*.a.b.c.com"};
        String[] strArr2 = new String[0];
        checkMatching(browserCompatHostnameVerifier, "mail.a.b.c.com", strArr, strArr2, false);
        checkMatching(strictHostnameVerifier, "mail.a.b.c.com", strArr, strArr2, false);
    }

    private void checkWildcard(String str, boolean z) {
        Assert.assertTrue(str + " should be " + z, z == AbstractVerifier.acceptableCountryWildcard(str));
    }

    @Test
    public void testAcceptableCountryWildcards() {
        checkWildcard("*.co.org", true);
        checkWildcard("s*.co.org", true);
        checkWildcard("*.co.uk", false);
        checkWildcard("*.gov.uk", false);
        checkWildcard("*.gouv.uk", false);
        checkWildcard("*.a.co.uk", true);
        checkWildcard("s*.a.co.uk", true);
    }

    @Test
    public void testExtractCN() throws Exception {
        Assert.assertArrayEquals(new String[]{"blah"}, AbstractVerifier.extractCNs("cn=blah, ou=blah, o=blah"));
        Assert.assertArrayEquals(new String[]{"blah", "yada", "booh"}, AbstractVerifier.extractCNs("cn=blah, cn=yada, cn=booh"));
        Assert.assertArrayEquals(new String[]{"blah"}, AbstractVerifier.extractCNs("c = pampa ,  cn  =    blah    , ou = blah , o = blah"));
        Assert.assertArrayEquals(new String[]{"blah"}, AbstractVerifier.extractCNs("cn=\"blah\", ou=blah, o=blah"));
        Assert.assertArrayEquals(new String[]{"blah  blah"}, AbstractVerifier.extractCNs("cn=\"blah  blah\", ou=blah, o=blah"));
        Assert.assertArrayEquals(new String[]{"blah, blah"}, AbstractVerifier.extractCNs("cn=\"blah, blah\", ou=blah, o=blah"));
        Assert.assertArrayEquals(new String[]{"blah, blah"}, AbstractVerifier.extractCNs("cn=blah\\, blah, ou=blah, o=blah"));
        Assert.assertArrayEquals(new String[]{"blah"}, AbstractVerifier.extractCNs("c = cn=uuh, cn=blah, ou=blah, o=blah"));
        Assert.assertArrayEquals(new String[]{""}, AbstractVerifier.extractCNs("cn=   , ou=blah, o=blah"));
    }

    @Test(expected = SSLException.class)
    public void testExtractCNInvalid1() throws Exception {
        AbstractVerifier.extractCNs("blah,blah");
    }

    @Test(expected = SSLException.class)
    public void testExtractCNInvalid2() throws Exception {
        AbstractVerifier.extractCNs("cn,o=blah");
    }
}
