package com.blizzard.bgs.client.security;

import com.blizzard.bgs.client.log.Logger;
import java.io.IOException;
import java.security.Principal;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.cert.CertificateEncodingException;
import javax.security.cert.X509Certificate;
import okhttp3.internal.tls.OkHostnameVerifier;
import okio.ByteString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.asn1.x509.X509CertificateStructure;

/* loaded from: classes.dex */
public class WhitelistHostVerifier implements HostnameVerifier {
    private static final String TAG = "WhitelistHostVerifier";
    private final List<CertificatePin> certificatePins;
    private final Logger logger;

    public WhitelistHostVerifier(Logger logger, List<CertificatePin> list) {
        if (logger == null) {
            throw new IllegalArgumentException("logger cannot be null");
        }
        if (list == null) {
            throw new IllegalArgumentException("certificatePins cannot be null");
        }
        this.logger = logger;
        this.certificatePins = list;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private String[] getNames(X509Certificate x509Certificate) {
        Principal subjectDN = x509Certificate.getSubjectDN();
        RDN[] rDNs = (subjectDN instanceof X500Name ? (X500Name) subjectDN : new X500Name(subjectDN.getName())).getRDNs(BCStyle.CN);
        String[] strArr = new String[rDNs.length];
        int length = rDNs.length;
        int i = 0;
        int i2 = 0;
        while (i < length) {
            AttributeTypeAndValue[] typesAndValues = rDNs[i].getTypesAndValues();
            int length2 = typesAndValues.length;
            int i3 = i2;
            int i4 = 0;
            while (i4 < length2) {
                strArr[i3] = IETFUtils.valueToString(typesAndValues[i4].getValue());
                i4++;
                i3++;
            }
            i++;
            i2 = i3;
        }
        return strArr;
    }

    private boolean hashMatches(X509Certificate x509Certificate, String str) {
        try {
            return str.equals(ByteString.of(X509CertificateStructure.getInstance(ASN1Sequence.fromByteArray(x509Certificate.getEncoded())).getSubjectPublicKeyInfo().getPublicKeyData().getBytes()).sha256().hex().toUpperCase());
        } catch (IOException | CertificateEncodingException e) {
            this.logger.log(Logger.ERROR, TAG, "Error encoding certificate " + x509Certificate, e);
            return false;
        }
    }

    private boolean isPinned(String str, SSLSession sSLSession) {
        try {
            X509Certificate[] peerCertificateChain = sSLSession.getPeerCertificateChain();
            if (peerCertificateChain != null && peerCertificateChain.length != 0) {
                X509Certificate x509Certificate = peerCertificateChain[0];
                for (CertificatePin certificatePin : this.certificatePins) {
                    for (String str2 : getNames(x509Certificate)) {
                        if (nameMatches(str2, certificatePin.getPattern()) && hashMatches(x509Certificate, certificatePin.getHash())) {
                            this.logger.log(Logger.DEBUG, TAG, "Found certificate match for host " + str);
                            return true;
                        }
                    }
                }
                this.logger.log(Logger.INFO, TAG, "No match found for host " + str);
                return false;
            }
            this.logger.log(Logger.ERROR, TAG, "Peer " + str + "has no certificate chain");
            return false;
        } catch (SSLPeerUnverifiedException e) {
            this.logger.log(Logger.ERROR, TAG, "Cannot get certificate chain from peer " + str, e);
            return false;
        }
    }

    private boolean nameMatches(String str, String str2) {
        return str.equals(str2);
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        if (OkHostnameVerifier.INSTANCE.verify(str, sSLSession)) {
            return isPinned(str, sSLSession);
        }
        return false;
    }
}
