package eu.siacs.conversations.crypto;

import android.util.Log;
import android.util.Pair;
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.net.IDN;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;

/* loaded from: classes.dex */
public class XmppDomainVerifier {

    /* loaded from: classes.dex */
    public static final class ValidDomains {
        final List<String> domains;
        final List<String> srvNames;
        final List<String> xmppAddrs;

        private ValidDomains(List<String> list, List<String> list2, List<String> list3) {
            this.xmppAddrs = list;
            this.srvNames = list2;
            this.domains = list3;
        }

        public List<String> all() {
            ImmutableList.Builder builder = new ImmutableList.Builder();
            builder.addAll((Iterable) this.xmppAddrs);
            builder.addAll((Iterable) this.srvNames);
            builder.addAll((Iterable) this.domains);
            return builder.build();
        }
    }

    private static List<String> getCommonNames(X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        try {
            X500Name subject = new JcaX509CertificateHolder(x509Certificate).getSubject();
            RDN[] rDNs = subject.getRDNs(BCStyle.CN);
            for (int i = 0; i < rDNs.length; i++) {
                arrayList.add(IETFUtils.valueToString(subject.getRDNs(BCStyle.CN)[i].getFirst().getValue()));
            }
            return arrayList;
        } catch (CertificateEncodingException e) {
            return arrayList;
        }
    }

    private boolean isSelfSigned(X509Certificate x509Certificate) {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public static boolean matchDomain(String str, List<String> list) {
        int indexOf;
        for (String str2 : list) {
            if (str2.startsWith("*.")) {
                int i = 0;
                while (i < str.length() && (indexOf = str.indexOf(46, i)) >= 0) {
                    if (str.substring(indexOf).equalsIgnoreCase(str2.substring(1))) {
                        return true;
                    }
                    i = indexOf + 1;
                }
            } else if (str2.equalsIgnoreCase(str)) {
                return true;
            }
        }
        return false;
    }

    private static Pair<String, String> parseOtherName(byte[] bArr) {
        try {
            ASN1Primitive fromByteArray = ASN1Primitive.fromByteArray(bArr);
            if (fromByteArray instanceof DERTaggedObject) {
                ASN1Primitive object = ((DERTaggedObject) fromByteArray).getObject();
                if (object instanceof DLSequence) {
                    DLSequence dLSequence = (DLSequence) object;
                    if (dLSequence.size() >= 2 && (dLSequence.getObjectAt(1) instanceof DERTaggedObject)) {
                        String obj = dLSequence.getObjectAt(0).toString();
                        ASN1Primitive object2 = ((DERTaggedObject) dLSequence.getObjectAt(1)).getObject();
                        if (object2 instanceof DERUTF8String) {
                            return new Pair<>(obj, ((DERUTF8String) object2).getString());
                        }
                        if (object2 instanceof DERIA5String) {
                            return new Pair<>(obj, ((DERIA5String) object2).getString());
                        }
                    }
                }
            }
            return null;
        } catch (IOException e) {
            return null;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:33:0x005b, code lost:
    
        if (r11.equals("1.3.6.1.5.5.7.8.7") != false) goto L25;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static eu.siacs.conversations.crypto.XmppDomainVerifier.ValidDomains parseValidDomains(java.security.cert.X509Certificate r13) throws java.security.cert.CertificateParsingException {
        /*
            java.util.List r0 = getCommonNames(r13)
            java.util.Collection r1 = r13.getSubjectAlternativeNames()
            java.util.ArrayList r2 = new java.util.ArrayList
            r2.<init>()
            java.util.ArrayList r3 = new java.util.ArrayList
            r3.<init>()
            java.util.ArrayList r4 = new java.util.ArrayList
            r4.<init>()
            if (r1 == 0) goto Lce
            java.util.Iterator r5 = r1.iterator()
        L1d:
            boolean r6 = r5.hasNext()
            if (r6 == 0) goto Lce
            java.lang.Object r6 = r5.next()
            java.util.List r6 = (java.util.List) r6
            r7 = 0
            java.lang.Object r8 = r6.get(r7)
            java.lang.Integer r8 = (java.lang.Integer) r8
            int r9 = r8.intValue()
            r10 = 1
            if (r9 != 0) goto Laf
            java.lang.Object r9 = r6.get(r10)
            byte[] r9 = (byte[]) r9
            android.util.Pair r9 = parseOtherName(r9)
            if (r9 == 0) goto Lcb
            java.lang.Object r11 = r9.first
            if (r11 == 0) goto Lcb
            java.lang.Object r12 = r9.second
            if (r12 == 0) goto Lcb
            java.lang.String r11 = (java.lang.String) r11
            int r12 = r11.hashCode()
            switch(r12) {
                case 767061161: goto L5e;
                case 767061162: goto L54;
                case 767061163: goto L55;
                default: goto L54;
            }
        L54:
            goto L68
        L55:
            java.lang.String r10 = "1.3.6.1.5.5.7.8.7"
            boolean r10 = r11.equals(r10)
            if (r10 == 0) goto L54
            goto L69
        L5e:
            java.lang.String r7 = "1.3.6.1.5.5.7.8.5"
            boolean r7 = r11.equals(r7)
            if (r7 == 0) goto L54
            r7 = 1
            goto L69
        L68:
            r7 = -1
        L69:
            switch(r7) {
                case 0: goto La1;
                case 1: goto L93;
                default: goto L6c;
            }
        L6c:
            java.lang.StringBuilder r7 = new java.lang.StringBuilder
            r7.<init>()
            java.lang.String r10 = "oid: "
            r7.append(r10)
            java.lang.Object r10 = r9.first
            java.lang.String r10 = (java.lang.String) r10
            r7.append(r10)
            java.lang.String r10 = " value: "
            r7.append(r10)
            java.lang.Object r10 = r9.second
            java.lang.String r10 = (java.lang.String) r10
            r7.append(r10)
            java.lang.String r7 = r7.toString()
            java.lang.String r10 = "XmppDomainVerifier"
            android.util.Log.d(r10, r7)
            goto Lcb
        L93:
            java.lang.Object r7 = r9.second
            java.lang.String r7 = (java.lang.String) r7
            java.util.Locale r10 = java.util.Locale.US
            java.lang.String r7 = r7.toLowerCase(r10)
            r2.add(r7)
            goto Lcb
        La1:
            java.lang.Object r7 = r9.second
            java.lang.String r7 = (java.lang.String) r7
            java.util.Locale r10 = java.util.Locale.US
            java.lang.String r7 = r7.toLowerCase(r10)
            r3.add(r7)
            goto Lcb
        Laf:
            int r7 = r8.intValue()
            r9 = 2
            if (r7 != r9) goto Lcb
            java.lang.Object r7 = r6.get(r10)
            boolean r9 = r7 instanceof java.lang.String
            if (r9 == 0) goto Lcc
            r9 = r7
            java.lang.String r9 = (java.lang.String) r9
            java.util.Locale r10 = java.util.Locale.US
            java.lang.String r9 = r9.toLowerCase(r10)
            r4.add(r9)
            goto Lcc
        Lcb:
        Lcc:
            goto L1d
        Lce:
            int r5 = r3.size()
            if (r5 != 0) goto Le3
            int r5 = r2.size()
            if (r5 != 0) goto Le3
            int r5 = r4.size()
            if (r5 != 0) goto Le3
            r4.addAll(r0)
        Le3:
            eu.siacs.conversations.crypto.XmppDomainVerifier$ValidDomains r5 = new eu.siacs.conversations.crypto.XmppDomainVerifier$ValidDomains
            r6 = 0
            r5.<init>(r2, r3, r4)
            return r5
        */
        throw new UnsupportedOperationException("Method not decompiled: eu.siacs.conversations.crypto.XmppDomainVerifier.parseValidDomains(java.security.cert.X509Certificate):eu.siacs.conversations.crypto.XmppDomainVerifier$ValidDomains");
    }

    public boolean verify(String str, String str2, SSLSession sSLSession) throws SSLPeerUnverifiedException {
        String ascii = IDN.toASCII(str);
        String ascii2 = str2 == null ? null : IDN.toASCII(str2);
        Certificate[] peerCertificates = sSLSession.getPeerCertificates();
        if (peerCertificates.length == 0 || !(peerCertificates[0] instanceof X509Certificate)) {
            return false;
        }
        X509Certificate x509Certificate = (X509Certificate) peerCertificates[0];
        List<String> commonNames = getCommonNames(x509Certificate);
        if (isSelfSigned(x509Certificate) && commonNames.size() == 1 && matchDomain(ascii, commonNames)) {
            Log.d("XmppDomainVerifier", "accepted CN in self signed cert as work around for " + ascii);
            return true;
        }
        try {
            ValidDomains parseValidDomains = parseValidDomains(x509Certificate);
            Log.d("XmppDomainVerifier", "searching for " + ascii + " in srvNames: " + parseValidDomains.srvNames + " xmppAddrs: " + parseValidDomains.xmppAddrs + " domains:" + parseValidDomains.domains);
            if (ascii2 != null) {
                Log.d("XmppDomainVerifier", "also trying to verify hostname " + ascii2);
            }
            if (!parseValidDomains.xmppAddrs.contains(ascii)) {
                if (!parseValidDomains.srvNames.contains("_xmpp-client." + ascii) && !matchDomain(ascii, parseValidDomains.domains)) {
                    if (ascii2 == null) {
                        return false;
                    }
                    if (!matchDomain(ascii2, parseValidDomains.domains)) {
                        return false;
                    }
                }
            }
            return true;
        } catch (Exception e) {
            return false;
        }
    }
}
