package com.pg.client.connection.ssl;

import com.pg.client.connection.ConnectionManager;
import com.pg.client.connection.PGConnector;
import java.io.IOException;
import java.net.InetAddress;
import java.security.cert.CertificateException;
import java.util.Iterator;
import java.util.regex.Pattern;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;

/* loaded from: classes2.dex */
public class SetupHandshakeListener {
    private boolean connectedOverIp;

    public SetupHandshakeListener(boolean z) {
        this.connectedOverIp = false;
        this.connectedOverIp = z;
    }

    private int ipToInt(String str) {
        int i = 0;
        for (String str2 : str.split("\\.")) {
            i = (i << 8) | Integer.parseInt(str2);
        }
        return i;
    }

    private boolean verifySubjectCommonName(String str, String str2) {
        return str2.contains("*") ? Pattern.compile(str2.replaceAll("\\*", "[-0-9a-zA-Z]+")).matcher(str).matches() : str2.equals(str);
    }

    public final void handshakeCompleted(SSLSocket sSLSocket) {
        InetAddress inetAddress = sSLSocket.getInetAddress();
        String hostAddress = inetAddress.getHostAddress();
        String hostName = inetAddress.getHostName();
        try {
            validateCertificateAttributes(sSLSocket);
        } catch (Exception e) {
            ConnectionManager.isSSLValid = false;
            PGConnector.appendToDelegateLog("the ssl connection is not valid; ip:" + hostAddress + " host:" + hostName, PGConnector.ERROR_LOG_LEVEL);
            PGConnector.appendToDelegateLog("the ssl connection is not valid; ip:" + hostAddress + " host:" + hostName, e);
            try {
                sSLSocket.close();
            } catch (IOException e2) {
                PGConnector.appendToDelegateLog("Exception while closing the socket in SetupHandShakeListener", e2);
            }
        }
    }

    public void validateCertificateAttributes(SSLSocket sSLSocket) throws CertificateException, SSLPeerUnverifiedException {
        InetAddress inetAddress = sSLSocket.getInetAddress();
        String hostAddress = inetAddress.getHostAddress();
        String hostName = inetAddress.getHostName();
        boolean z = false;
        CertificateAttributes certificateAttributes = SetupTrustManager.getCertificateattributes().get(SSLUtil.getString(SSLUtil.convert(sSLSocket.getSession().getPeerCertificateChain()[0])));
        if (!certificateAttributes.isValid()) {
            throw new CertificateException("crt; ssl failed");
        }
        if (!CertificateConstants.verifyCACommonName(certificateAttributes.getCaCommonName())) {
            throw new CertificateException("cn; ssl failed");
        }
        if (!this.connectedOverIp) {
            if (verifySubjectCommonName(hostName, certificateAttributes.getServerCommonName())) {
                return;
            }
            Iterator<String> it = certificateAttributes.getServerAlternateIA5DNSName().iterator();
            while (it.hasNext() && !(z = verifySubjectCommonName(hostName, it.next()))) {
            }
            if (!z) {
                throw new CertificateException("adns; ssl failed");
            }
            return;
        }
        Iterator<String> it2 = certificateAttributes.getServerAlternateIA5IPAddress().iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            int ipToInt = ipToInt(it2.next());
            if ((ipToInt(hostAddress) & ipToInt) == ipToInt) {
                z = true;
                break;
            }
        }
        if (!z) {
            throw new CertificateException("ahs; ssl failed");
        }
    }
}
