package net.java.sip.communicator.impl.protocol.sip.net;

import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import net.java.sip.communicator.impl.protocol.sip.ProtocolProviderServiceSipImpl;
import net.java.sip.communicator.impl.protocol.sip.SipActivator;
import net.java.sip.communicator.service.certificate.CertificateMatcher;
import net.java.sip.communicator.util.Logger;
import net.java.sip.communicator.util.NetworkUtils;
import org.jitsi.gov.nist.core.Separators;
import org.jitsi.javax.sip.address.SipURI;

/* loaded from: classes.dex */
public class RFC5922Matcher implements CertificateMatcher {
    public static final String PNAME_STRICT_RFC5922 = "net.java.sip.communicator.sip.tls.STRICT_RFC5922";
    private static final Logger logger = Logger.getLogger((Class<?>) CertificateMatcher.class);
    private ProtocolProviderServiceSipImpl provider;

    public RFC5922Matcher(ProtocolProviderServiceSipImpl protocolProviderServiceSipImpl) {
        this.provider = protocolProviderServiceSipImpl;
    }

    private Iterable<String> extractCertIdentities(X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        Collection<List<?>> collection = null;
        try {
            collection = x509Certificate.getSubjectAlternativeNames();
        } catch (CertificateParsingException e) {
            logger.error("Error parsing TLS certificate", e);
        }
        if (collection != null) {
            if (logger.isDebugEnabled()) {
                logger.debug("found subjAltNames: " + collection);
            }
            for (List<?> list : collection) {
                if (list.get(0).equals(6)) {
                    try {
                        SipURI createSipURI = this.provider.getAddressFactory().createSipURI((String) list.get(1));
                        if ("sip".equals(createSipURI.getScheme()) && createSipURI.getUser() == null) {
                            String host = createSipURI.getHost();
                            if (logger.isDebugEnabled()) {
                                logger.debug("found uri " + list.get(1) + ", hostName " + host);
                            }
                            arrayList.add(host);
                        }
                    } catch (ParseException e2) {
                        logger.error("certificate contains invalid uri: " + list.get(1));
                    }
                }
            }
            if (arrayList.isEmpty()) {
                for (List<?> list2 : collection) {
                    if (list2.get(0).equals(2)) {
                        if (logger.isDebugEnabled()) {
                            logger.debug("found dns " + list2.get(1));
                        }
                        arrayList.add(list2.get(1).toString());
                    }
                }
            }
        } else {
            String name = x509Certificate.getSubjectDN().getName();
            try {
                Matcher matcher = Pattern.compile(".*CN\\s*=\\s*([\\w*\\.]+).*").matcher(name);
                if (matcher.matches()) {
                    String group = matcher.group(1);
                    if (logger.isDebugEnabled()) {
                        logger.debug("found CN: " + group + " from DN: " + name);
                    }
                    arrayList.add(group);
                }
            } catch (Exception e3) {
                logger.error("exception while extracting CN", e3);
            }
        }
        return arrayList;
    }

    @Override // net.java.sip.communicator.service.certificate.CertificateMatcher
    public void verify(Iterable<String> iterable, X509Certificate x509Certificate) throws CertificateException {
        boolean z = SipActivator.getConfigurationService().getBoolean(PNAME_STRICT_RFC5922, false);
        Iterable<String> extractCertIdentities = extractCertIdentities(x509Certificate);
        for (String str : iterable) {
            for (String str2 : extractCertIdentities) {
                if (NetworkUtils.compareDnsNames(str2, str) == 0) {
                    return;
                }
                if (!z && str2.startsWith("*.") && str.indexOf(Separators.DOT) < str.lastIndexOf(Separators.DOT) && NetworkUtils.compareDnsNames(str2.substring(2), str.substring(str.indexOf(Separators.DOT) + 1)) == 0) {
                    return;
                }
            }
        }
        if (0 == 0) {
            throw new CertificateException("None of <" + iterable + "> matched by the rules of RFC5922 to the cert with CN=" + x509Certificate.getSubjectDN());
        }
    }
}
