package org.postgresql.ssl;

import java.net.IDN;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.postgresql.util.GT;
import org.wildfly.security.auth.realm.ldap.AttributeMapping;

/* loaded from: input_file:WEB-INF/lib/postgresql-42.3.3.jar:org/postgresql/ssl/PGjdbcHostnameVerifier.class */
public class PGjdbcHostnameVerifier implements HostnameVerifier {
    private static final int TYPE_DNS_NAME = 2;
    private static final int TYPE_IP_ADDRESS = 7;
    private static final Logger LOGGER = Logger.getLogger(PGjdbcHostnameVerifier.class.getName());
    public static final PGjdbcHostnameVerifier INSTANCE = new PGjdbcHostnameVerifier();
    public static final Comparator<String> HOSTNAME_PATTERN_COMPARATOR = new Comparator<String>() { // from class: org.postgresql.ssl.PGjdbcHostnameVerifier.1
        private int countChars(String str, char c) {
            int i = 0;
            int i2 = -1;
            while (true) {
                i2 = str.indexOf(c, i2 + 1);
                if (i2 == -1) {
                    return i;
                }
                i++;
            }
        }

        @Override // java.util.Comparator
        public int compare(String str, String str2) {
            int countChars = countChars(str, '.');
            int countChars2 = countChars(str2, '.');
            if (countChars != countChars2) {
                return countChars > countChars2 ? 1 : -1;
            }
            int countChars3 = countChars(str, '*');
            int countChars4 = countChars(str2, '*');
            if (countChars3 != countChars4) {
                return countChars3 < countChars4 ? 1 : -1;
            }
            int length = str.length();
            int length2 = str2.length();
            if (length != length2) {
                return length > length2 ? 1 : -1;
            }
            return 0;
        }
    };

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        String ascii;
        Integer num;
        try {
            X509Certificate[] x509CertificateArr = (X509Certificate[]) sSLSession.getPeerCertificates();
            if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                LOGGER.log(Level.SEVERE, GT.tr("No certificates found for hostname {0}", str));
                return false;
            }
            if (str.startsWith("[") && str.endsWith("]")) {
                ascii = str.substring(1, str.length() - 1);
            } else {
                try {
                    ascii = IDN.toASCII(str);
                    if (LOGGER.isLoggable(Level.FINEST)) {
                        LOGGER.log(Level.FINEST, "Canonical host name for {0} is {1}", new Object[]{str, ascii});
                    }
                } catch (IllegalArgumentException e) {
                    LOGGER.log(Level.SEVERE, GT.tr("Hostname {0} is invalid", str), (Throwable) e);
                    return false;
                }
            }
            X509Certificate x509Certificate = x509CertificateArr[0];
            try {
                Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
                if (subjectAlternativeNames == null) {
                    subjectAlternativeNames = Collections.emptyList();
                }
                boolean z = false;
                for (List<?> list : subjectAlternativeNames) {
                    if (list.size() == 2 && (num = (Integer) list.get(0)) != null && (num.intValue() == 7 || num.intValue() == 2)) {
                        String str2 = (String) list.get(1);
                        if (num.intValue() != 7 || str2 == null || !str2.startsWith("*")) {
                            z |= num.intValue() == 2;
                            if (verifyHostName(ascii, str2)) {
                                if (!LOGGER.isLoggable(Level.FINEST)) {
                                    return true;
                                }
                                LOGGER.log(Level.FINEST, GT.tr("Server name validation pass for {0}, subjectAltName {1}", str, str2));
                                return true;
                            }
                        }
                    }
                }
                if (z) {
                    LOGGER.log(Level.SEVERE, GT.tr("Server name validation failed: certificate for host {0} dNSName entries subjectAltName, but none of them match. Assuming server name validation failed", str));
                    return false;
                }
                try {
                    LdapName ldapName = new LdapName(x509Certificate.getSubjectX500Principal().getName("RFC2253"));
                    ArrayList arrayList = new ArrayList(1);
                    for (Rdn rdn : ldapName.getRdns()) {
                        if (AttributeMapping.DEFAULT_ROLE_RECURSION_ATTRIBUTE.equals(rdn.getType())) {
                            arrayList.add((String) rdn.getValue());
                        }
                    }
                    if (arrayList.isEmpty()) {
                        LOGGER.log(Level.SEVERE, GT.tr("Server name validation failed: certificate for hostname {0} has no DNS subjectAltNames, and it CommonName is missing as well", str));
                        return false;
                    }
                    if (arrayList.size() > 1) {
                        Collections.sort(arrayList, HOSTNAME_PATTERN_COMPARATOR);
                    }
                    String str3 = (String) arrayList.get(arrayList.size() - 1);
                    boolean verifyHostName = verifyHostName(ascii, str3);
                    if (!verifyHostName) {
                        LOGGER.log(Level.SEVERE, GT.tr("Server name validation failed: hostname {0} does not match common name {1}", str, str3));
                    }
                    return verifyHostName;
                } catch (InvalidNameException e2) {
                    LOGGER.log(Level.SEVERE, GT.tr("Server name validation failed: unable to extract common name from X509Certificate for hostname {0}", str), e2);
                    return false;
                }
            } catch (CertificateParsingException e3) {
                LOGGER.log(Level.SEVERE, GT.tr("Unable to parse certificates for hostname {0}", str), (Throwable) e3);
                return false;
            }
        } catch (SSLPeerUnverifiedException e4) {
            LOGGER.log(Level.SEVERE, GT.tr("Unable to parse X509Certificate for hostname {0}", str), (Throwable) e4);
            return false;
        }
    }

    public boolean verifyHostName(String str, String str2) {
        if (str == null || str2 == null) {
            return false;
        }
        int lastIndexOf = str2.lastIndexOf(42);
        if (lastIndexOf == -1) {
            return str.equalsIgnoreCase(str2);
        }
        if (lastIndexOf > 0 || str2.indexOf(46) == -1 || str.length() < str2.length() - 1) {
            return false;
        }
        int length = (str.length() - str2.length()) + 1;
        if (str.lastIndexOf(46, length - 1) >= 0) {
            return false;
        }
        return str.regionMatches(true, length, str2, 1, str2.length() - 1);
    }
}
