package android.net.http;

import android.annotation.SuppressLint;
import android.text.TextUtils;
import g.a0.d.g;
import g.a0.d.j;
import g.g0.p;
import g.g0.q;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
import net.juniper.junos.pulse.android.JunosApplication;
import net.juniper.junos.pulse.android.sql.VpnProfile;
import net.juniper.junos.pulse.android.util.Log;
import net.juniper.junos.pulse.android.util.SettingsUtil;
import okhttp3.internal.tls.OkHostnameVerifier;

/* compiled from: CustomHostnameVerifier.kt */
/* loaded from: classes.dex */
public final class CustomHostnameVerifier implements HostnameVerifier {
    public static final Companion Companion = new Companion(null);
    private static final CustomHostnameVerifier customHostnameVerifier = new CustomHostnameVerifier();

    /* compiled from: CustomHostnameVerifier.kt */
    /* loaded from: classes.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(g gVar) {
            this();
        }

        public final CustomHostnameVerifier getCustomHostnameVerifier() {
            return CustomHostnameVerifier.customHostnameVerifier;
        }
    }

    private final boolean performHNVDuringSession(String str, SSLSession sSLSession, VpnProfile vpnProfile) {
        String sessionX509ThumbPrint_SHA256Classic;
        boolean b2;
        Log.d("inside isPerformSessionOperation");
        Certificate certificate = sSLSession.getPeerCertificates()[0];
        if (certificate == null) {
            throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        boolean z = vpnProfile != null && vpnProfile.isSDPProfile();
        if (z) {
            sessionX509ThumbPrint_SHA256Classic = SSLUtilities.getSessionX509ThumbPrint_SHA256(str);
        } else {
            sessionX509ThumbPrint_SHA256Classic = SSLUtilities.getSessionX509ThumbPrint_SHA256Classic(vpnProfile == null ? null : vpnProfile.getUrl());
        }
        if (JunosApplication.getApplication().getTransitionZTAClassicReassert()) {
            if ((sessionX509ThumbPrint_SHA256Classic == null || sessionX509ThumbPrint_SHA256Classic.length() == 0) && !z) {
                Log.d("performHNVDuringSession :Calling getSessionX509ThumbPrint_SHA256ClassicValidate");
                sessionX509ThumbPrint_SHA256Classic = SSLUtilities.getSessionX509ThumbPrint_SHA256ClassicValidate(vpnProfile == null ? null : vpnProfile.getUrl(), SSLUtilities.getThumbPrintFromCert_SHA256(x509Certificate));
            }
        }
        String thumbPrintFromCert_SHA256 = SSLUtilities.getThumbPrintFromCert_SHA256(x509Certificate);
        if (z) {
            Log.d(j.a("activeProfileCertPrint = ", (Object) sessionX509ThumbPrint_SHA256Classic));
            Log.d(j.a("currentHostThumbprint = ", (Object) thumbPrintFromCert_SHA256));
        }
        b2 = p.b(sessionX509ThumbPrint_SHA256Classic, thumbPrintFromCert_SHA256, false, 2, null);
        if (b2) {
            Log.d("HNV pass - isPerformSessionOperation");
            return true;
        }
        Log.e("Certificate Thumbprints not matching, continue HNV..");
        return false;
    }

    private final boolean performHostNameVerification(String str, SSLSession sSLSession) {
        X509Certificate x509Certificate;
        boolean c2;
        int a2;
        boolean verify = OkHostnameVerifier.INSTANCE.verify(str, sSLSession);
        if (verify) {
            Log.d("HNV pass");
        } else {
            Log.d("Custom HNV in progress");
            Certificate certificate = sSLSession.getPeerCertificates()[0];
            if (certificate != null) {
                if (certificate.getType().equals("X.509")) {
                    Log.d(j.a("cert type is ", (Object) certificate.getType()));
                    if (certificate == null) {
                        throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
                    }
                    x509Certificate = (X509Certificate) certificate;
                } else {
                    x509Certificate = null;
                }
                if (x509Certificate != null) {
                    String cName = new SslCertificate(x509Certificate).getIssuedTo().getCName();
                    Log.d("commonName = " + ((Object) cName) + ", hostname = " + str);
                    if (TextUtils.isEmpty(cName)) {
                        Log.d("HNV failed");
                        return false;
                    }
                    if (j.a((Object) str, (Object) cName)) {
                        Log.d("HNV pass");
                        return true;
                    }
                    j.b(cName, "commonName");
                    c2 = p.c(cName, "*", false, 2, null);
                    if (c2) {
                        String substring = cName.substring(1);
                        j.b(substring, "this as java.lang.String).substring(startIndex)");
                        a2 = q.a((CharSequence) str, ".", 0, false, 6, (Object) null);
                        String substring2 = str.substring(a2);
                        j.b(substring2, "this as java.lang.String).substring(startIndex)");
                        Log.d(j.a("host domain is ", (Object) substring2));
                        if (j.a((Object) substring2, (Object) substring)) {
                            Log.d("HNV pass");
                            return true;
                        }
                    }
                }
            }
        }
        return verify;
    }

    @Override // javax.net.ssl.HostnameVerifier
    @SuppressLint({"BadHostnameVerifier"})
    public boolean verify(String str, SSLSession sSLSession) {
        boolean z = false;
        if ((str == null || str.length() == 0) || sSLSession == null) {
            Log.e("Hostname or session is invalid");
            return false;
        }
        String hNUrl = SSLUtilities.getHNUrl();
        Log.d("HNV for hostname = " + ((Object) str) + "--profileUrl = " + ((Object) hNUrl) + "--");
        VpnProfile activeProfile = JunosApplication.getApplication().getActiveProfile();
        if (!TextUtils.isEmpty(hNUrl)) {
            z = SettingsUtil.getTrustedServerCertRequired(hNUrl);
        } else if (activeProfile != null) {
            z = SettingsUtil.getTrustedServerCertRequired(activeProfile);
            Log.d(j.a("activeProfile = ", (Object) activeProfile.getCurrentActiveURL()));
        }
        Log.d(j.a("Server side - isServerTrustRequired = ", (Object) Boolean.valueOf(z)));
        if (!z) {
            Log.d("ignore HNV*");
            return true;
        }
        boolean isPerformSessionOperation = SSLUtilities.isPerformSessionOperation();
        Log.d(j.a("calling HNVerifier, isPerformSessionOperation=", (Object) Boolean.valueOf(isPerformSessionOperation)));
        if (isPerformSessionOperation && performHNVDuringSession(str, sSLSession, activeProfile)) {
            return true;
        }
        return performHostNameVerification(str, sSLSession);
    }
}
