package com.sun.identity.protocol.https;

import com.iplanet.am.util.SystemProperties;
import com.sun.identity.protocol.JSSEDebug;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
import sun.security.x509.GeneralName;
import sun.security.x509.X500Name;

/* JADX WARN: Classes with same name are omitted:
  input_file:119465-06/SUNWamclnt/reloc/SUNWam/lib/amclientsdk.jar:com/sun/identity/protocol/https/AMHostnameVerifier.class
 */
/* loaded from: input_file:119465-06/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/protocol/https/AMHostnameVerifier.class */
public class AMHostnameVerifier implements HostnameVerifier {
    public static boolean trustAllServerCerts;
    public static boolean checkSubjectAltName;
    public static boolean resolveIPAddress;

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        boolean z;
        if (trustAllServerCerts) {
            return true;
        }
        X509Certificate x509Certificate = null;
        String str2 = null;
        try {
            x509Certificate = ((X509Certificate[]) sSLSession.getPeerCertificates())[0];
            str2 = new X500Name(x509Certificate.getSubjectDN().getName()).getCommonName();
        } catch (Exception e) {
            JSSEDebug.debug.error("ApprovalCallback:" + e.toString());
        }
        if (str2 == null) {
            return false;
        }
        if (resolveIPAddress) {
            try {
                z = InetAddress.getByName(str2).getHostAddress().equals(InetAddress.getByName(str).getHostAddress());
            } catch (UnknownHostException e2) {
                if (JSSEDebug.debug.messageEnabled()) {
                    JSSEDebug.debug.message("ApprovalCallback:", e2);
                }
                z = false;
            }
        } else {
            z = false;
        }
        if (checkSubjectAltName && !z) {
            try {
                Iterator<List<?>> it = x509Certificate.getSubjectAlternativeNames().iterator();
                while (!z) {
                    if (!it.hasNext()) {
                        break;
                    }
                    z = compareHosts((GeneralName) it.next(), str);
                }
            } catch (Exception e3) {
                return false;
            }
        }
        return z;
    }

    private boolean compareHosts(GeneralName generalName, String str) {
        try {
            if (generalName.getType() != 2) {
                return false;
            }
            String generalName2 = generalName.toString();
            return InetAddress.getByName(generalName2.substring(generalName2.indexOf(58) + 1).trim()).equals(InetAddress.getByName(str));
        } catch (UnknownHostException e) {
            if (!JSSEDebug.debug.messageEnabled()) {
                return false;
            }
            JSSEDebug.debug.message(e.toString());
            return false;
        }
    }

    static {
        trustAllServerCerts = false;
        checkSubjectAltName = false;
        resolveIPAddress = false;
        String str = SystemProperties.get("com.iplanet.am.jssproxy.trustAllServerCerts");
        trustAllServerCerts = str != null && str.equalsIgnoreCase("true");
        String str2 = SystemProperties.get("com.iplanet.am.jssproxy.checkSubjectAltName");
        checkSubjectAltName = str2 != null && str2.equalsIgnoreCase("true");
        String str3 = SystemProperties.get("com.iplanet.am.jssproxy.resolveIPAddress");
        resolveIPAddress = str3 != null && str3.equalsIgnoreCase("true");
        if (JSSEDebug.debug.messageEnabled()) {
            JSSEDebug.debug.message("AMHostnameVerifier trustAllServerCerts = " + trustAllServerCerts);
            JSSEDebug.debug.message("AMHostnameVerifier checkSubjectAltName = " + checkSubjectAltName);
        }
    }
}
