package org.snmp4j.transport.tls;

import java.net.Socket;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import org.snmp4j.TransportStateReference;
import org.snmp4j.event.CounterEvent;
import org.snmp4j.log.LogAdapter;
import org.snmp4j.log.LogFactory;
import org.snmp4j.mp.CounterSupport;
import org.snmp4j.mp.SnmpConstants;
import org.snmp4j.smi.IpAddress;
import org.snmp4j.smi.OctetString;

/* loaded from: classes3.dex */
public class TLSTMExtendedTrustManager extends X509ExtendedTrustManager {

    /* renamed from: f, reason: collision with root package name */
    private static final LogAdapter f28327f = LogFactory.getLogger(TLSTMExtendedTrustManager.class);
    X509TrustManager a;

    /* renamed from: b, reason: collision with root package name */
    private boolean f28328b;

    /* renamed from: c, reason: collision with root package name */
    private TransportStateReference f28329c;

    /* renamed from: d, reason: collision with root package name */
    private CounterSupport f28330d;

    /* renamed from: e, reason: collision with root package name */
    private TlsTmSecurityCallback<X509Certificate> f28331e;

    public TLSTMExtendedTrustManager(CounterSupport counterSupport, TlsTmSecurityCallback<X509Certificate> tlsTmSecurityCallback, X509TrustManager x509TrustManager, boolean z, TransportStateReference transportStateReference) {
        this.f28330d = counterSupport;
        this.f28331e = tlsTmSecurityCallback;
        this.a = x509TrustManager;
        this.f28328b = z;
        this.f28329c = transportStateReference;
    }

    private boolean a(X509Certificate[] x509CertificateArr) {
        TlsTmSecurityCallback<X509Certificate> tlsTmSecurityCallback;
        TransportStateReference transportStateReference = this.f28329c;
        if (transportStateReference != null && transportStateReference.getCertifiedIdentity() != null && b(x509CertificateArr, this.f28329c.getCertifiedIdentity().getClientFingerprint(), true)) {
            return true;
        }
        if (this.f28328b || (tlsTmSecurityCallback = this.f28331e) == null || !tlsTmSecurityCallback.isClientCertificateAccepted(x509CertificateArr[0])) {
            return false;
        }
        LogAdapter logAdapter = f28327f;
        if (logAdapter.isInfoEnabled()) {
            logAdapter.info("Client is trusted with certificate '" + x509CertificateArr[0] + "'");
        }
        return true;
    }

    private boolean b(X509Certificate[] x509CertificateArr, OctetString octetString, boolean z) {
        return TLSTMUtil.isMatchingFingerprint(x509CertificateArr, octetString, z, this.f28330d, f28327f, this);
    }

    private void c(X509Certificate[] x509CertificateArr) {
        TlsTmSecurityCallback<X509Certificate> tlsTmSecurityCallback;
        if (!this.f28328b || (tlsTmSecurityCallback = this.f28331e) == null) {
            return;
        }
        tlsTmSecurityCallback.isServerCertificateAccepted(x509CertificateArr);
    }

    private boolean d(X509Certificate[] x509CertificateArr) {
        X500Principal subjectX500Principal;
        if (this.f28329c.getCertifiedIdentity() != null && TLSTMUtil.isMatchingFingerprint(x509CertificateArr, this.f28329c.getCertifiedIdentity().getServerFingerprint(), true, this.f28330d, f28327f, this)) {
            return true;
        }
        Object obj = null;
        try {
            obj = TLSTMUtil.getSubjAltName(x509CertificateArr[0].getSubjectAlternativeNames(), 2);
        } catch (CertificateParsingException unused) {
            f28327f.error("CertificateParsingException while verifying server certificate " + Arrays.asList(x509CertificateArr));
        }
        if (obj == null && (subjectX500Principal = x509CertificateArr[0].getSubjectX500Principal()) != null) {
            obj = subjectX500Principal.getName();
        }
        if (obj != null) {
            String lowerCase = ((String) obj).toLowerCase();
            String canonicalHostName = ((IpAddress) this.f28329c.getAddress()).getInetAddress().getCanonicalHostName();
            if (lowerCase.length() > 0) {
                if (lowerCase.charAt(0) == '*') {
                    canonicalHostName = canonicalHostName.substring(canonicalHostName.indexOf(46));
                    lowerCase = lowerCase.substring(1);
                }
                if (canonicalHostName.equalsIgnoreCase(lowerCase)) {
                    LogAdapter logAdapter = f28327f;
                    if (logAdapter.isInfoEnabled()) {
                        logAdapter.info("Peer hostname " + canonicalHostName + " matches dNSName " + lowerCase);
                    }
                    return true;
                }
            }
            LogAdapter logAdapter2 = f28327f;
            if (logAdapter2.isDebugEnabled()) {
                logAdapter2.debug("Peer hostname " + canonicalHostName + " did not match dNSName " + lowerCase);
            }
        }
        return false;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        if (a(x509CertificateArr)) {
            return;
        }
        try {
            this.a.checkClientTrusted(x509CertificateArr, str);
        } catch (CertificateException e2) {
            this.f28330d.fireIncrementCounter(new CounterEvent(this, SnmpConstants.snmpTlstmSessionOpenErrors));
            this.f28330d.fireIncrementCounter(new CounterEvent(this, SnmpConstants.snmpTlstmSessionInvalidClientCertificates));
            f28327f.warn("Client certificate validation failed for '" + x509CertificateArr[0] + "'");
            throw e2;
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) {
        LogAdapter logAdapter = f28327f;
        logAdapter.debug("checkClientTrusted with socket");
        if (a(x509CertificateArr)) {
            return;
        }
        try {
            X509TrustManager x509TrustManager = this.a;
            if (x509TrustManager instanceof X509ExtendedTrustManager) {
                logAdapter.debug("Extended checkClientTrusted with socket");
                ((X509ExtendedTrustManager) this.a).checkClientTrusted(x509CertificateArr, str, socket);
            } else {
                x509TrustManager.checkClientTrusted(x509CertificateArr, str);
            }
        } catch (CertificateException e2) {
            this.f28330d.fireIncrementCounter(new CounterEvent(this, SnmpConstants.snmpTlstmSessionOpenErrors));
            this.f28330d.fireIncrementCounter(new CounterEvent(this, SnmpConstants.snmpTlstmSessionInvalidClientCertificates));
            f28327f.warn("Client certificate validation failed for '" + x509CertificateArr[0] + "'");
            throw e2;
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
        LogAdapter logAdapter = f28327f;
        logAdapter.debug("checkClientTrusted with sslEngine");
        if (a(x509CertificateArr)) {
            return;
        }
        try {
            X509TrustManager x509TrustManager = this.a;
            if (x509TrustManager instanceof X509ExtendedTrustManager) {
                logAdapter.debug("extended checkClientTrusted with sslEngine");
                ((X509ExtendedTrustManager) this.a).checkClientTrusted(x509CertificateArr, str, sSLEngine);
            } else {
                x509TrustManager.checkClientTrusted(x509CertificateArr, str);
            }
        } catch (CertificateException e2) {
            this.f28330d.fireIncrementCounter(new CounterEvent(this, SnmpConstants.snmpTlstmSessionOpenErrors));
            this.f28330d.fireIncrementCounter(new CounterEvent(this, SnmpConstants.snmpTlstmSessionInvalidClientCertificates));
            f28327f.warn("Client certificate validation failed for '" + x509CertificateArr[0] + "'");
            throw e2;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        if (d(x509CertificateArr)) {
            return;
        }
        try {
            this.a.checkServerTrusted(x509CertificateArr, str);
            c(x509CertificateArr);
        } catch (CertificateException e2) {
            this.f28330d.fireIncrementCounter(new CounterEvent(this, SnmpConstants.snmpTlstmSessionOpenErrors));
            this.f28330d.fireIncrementCounter(new CounterEvent(this, SnmpConstants.snmpTlstmSessionInvalidServerCertificates));
            f28327f.warn("Server certificate validation failed for '" + x509CertificateArr[0] + "'");
            throw e2;
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) {
        LogAdapter logAdapter = f28327f;
        logAdapter.debug("checkClientTrusted with socket");
        if (d(x509CertificateArr)) {
            return;
        }
        try {
            X509TrustManager x509TrustManager = this.a;
            if (x509TrustManager instanceof X509ExtendedTrustManager) {
                logAdapter.debug("extended checkClientTrusted with socket");
                ((X509ExtendedTrustManager) this.a).checkServerTrusted(x509CertificateArr, str, socket);
            } else {
                x509TrustManager.checkServerTrusted(x509CertificateArr, str);
                c(x509CertificateArr);
            }
        } catch (CertificateException e2) {
            this.f28330d.fireIncrementCounter(new CounterEvent(this, SnmpConstants.snmpTlstmSessionOpenErrors));
            this.f28330d.fireIncrementCounter(new CounterEvent(this, SnmpConstants.snmpTlstmSessionInvalidServerCertificates));
            f28327f.warn("Server certificate validation failed for '" + x509CertificateArr[0] + "'");
            throw e2;
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
        LogAdapter logAdapter = f28327f;
        logAdapter.debug("checkServerTrusted with sslEngine");
        if (d(x509CertificateArr)) {
            return;
        }
        try {
            X509TrustManager x509TrustManager = this.a;
            if (x509TrustManager instanceof X509ExtendedTrustManager) {
                logAdapter.debug("extended checkServerTrusted with sslEngine");
                ((X509ExtendedTrustManager) this.a).checkServerTrusted(x509CertificateArr, str, sSLEngine);
            } else {
                x509TrustManager.checkServerTrusted(x509CertificateArr, str);
            }
            c(x509CertificateArr);
        } catch (CertificateException e2) {
            this.f28330d.fireIncrementCounter(new CounterEvent(this, SnmpConstants.snmpTlstmSessionOpenErrors));
            this.f28330d.fireIncrementCounter(new CounterEvent(this, SnmpConstants.snmpTlstmSessionInvalidServerCertificates));
            f28327f.warn("Server certificate validation failed for '" + x509CertificateArr[0] + "'");
            throw e2;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return TlsTrustManager.getAcceptedIssuers(this.a, this.f28331e);
    }
}
