package org.eclipse.leshan.core.util;

import java.net.InetAddress;
import java.security.Principal;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:org/eclipse/leshan/core/util/X509CertUtil.class */
public class X509CertUtil {

    /* loaded from: input_file:org/eclipse/leshan/core/util/X509CertUtil$GeneralName.class */
    public enum GeneralName {
        OTHER_NAME(0),
        RFC822_NAME(1),
        DNS_NAME(2),
        X400_ADDRESS(3),
        DIRECTORY_NAME(4),
        EDI_PARTY_NAME(5),
        UNIFORM_RESOURCE_IDENTIFIER(6),
        IP_ADDRESS(7),
        REGISTERED_ID(8);

        public final int value;

        GeneralName(int i) {
            this.value = i;
        }

        public static GeneralName valueOf(int i) {
            switch (i) {
                case 0:
                    return OTHER_NAME;
                case 1:
                    return RFC822_NAME;
                case 2:
                    return DNS_NAME;
                case 3:
                    return X400_ADDRESS;
                case 4:
                    return DIRECTORY_NAME;
                case 5:
                    return EDI_PARTY_NAME;
                case 6:
                    return UNIFORM_RESOURCE_IDENTIFIER;
                case 7:
                    return IP_ADDRESS;
                case 8:
                    return REGISTERED_ID;
                default:
                    throw new IllegalArgumentException(String.format("Unknown GeneralName class code: %d", Integer.valueOf(i)));
            }
        }
    }

    private static boolean isHex(char c) {
        return (c >= '0' && c <= '9') || (c >= 'A' && c <= 'F') || (c >= 'a' && c <= 'f');
    }

    public static Map<String, String> parseRfc2253Name(String str) {
        HashMap hashMap = new HashMap();
        boolean z = false;
        StringBuilder sb = new StringBuilder();
        StringBuilder sb2 = new StringBuilder();
        int i = 0;
        while (i < str.length()) {
            char charAt = str.charAt(i);
            if (z) {
                if (charAt == '\\') {
                    char charAt2 = str.charAt(i + 1);
                    if (isHex(charAt2) && isHex(str.charAt(i + 2))) {
                        sb2.append((char) Integer.parseInt(str.substring(i + 1, i + 2), 16));
                        i += 2;
                    } else {
                        sb2.append(charAt2);
                        i++;
                    }
                } else if (charAt == ',' || charAt == '+') {
                    z = false;
                    hashMap.put(sb.toString(), sb2.toString());
                    sb = new StringBuilder();
                    sb2 = new StringBuilder();
                } else {
                    sb2.append(charAt);
                }
            } else if (charAt == '=') {
                z = true;
                if (sb.length() == 0) {
                    throw new IllegalArgumentException("Key in RFC 2253 name cannot be empty");
                }
            } else {
                sb.append(charAt);
            }
            i++;
        }
        if (sb.length() > 0) {
            hashMap.put(sb.toString(), sb2.toString());
        }
        return hashMap;
    }

    public static String getPrincipalField(Principal principal, String str) {
        if (!(principal instanceof X500Principal)) {
            return null;
        }
        HashMap hashMap = new HashMap();
        hashMap.put("2.5.4.5", "SERIALNUMBER");
        Map<String, String> parseRfc2253Name = parseRfc2253Name(((X500Principal) principal).getName("RFC2253", hashMap));
        if (parseRfc2253Name.containsKey(str)) {
            return parseRfc2253Name.get(str);
        }
        return null;
    }

    private static boolean dnsNameMatch(String str, String str2) {
        return str.startsWith("*.") ? str2.endsWith(str.substring(1)) && str2.substring(0, str2.length() - (str.length() - 1)).indexOf(46) == -1 : str.equals(str2);
    }

    public static boolean matchSubjectDnsName(X509Certificate x509Certificate, String str) {
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                return dnsNameMatch(getPrincipalField(x509Certificate.getSubjectX500Principal(), "CN"), str);
            }
            for (List<?> list : subjectAlternativeNames) {
                if (((Integer) list.get(0)).intValue() == GeneralName.DNS_NAME.value && dnsNameMatch((String) list.get(1), str)) {
                    return true;
                }
            }
            return false;
        } catch (CertificateParsingException e) {
            return false;
        }
    }

    public static boolean matchSubjectInetAddress(X509Certificate x509Certificate, InetAddress inetAddress) {
        try {
            String hostAddress = inetAddress.getHostAddress();
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                return hostAddress.equals(getPrincipalField(x509Certificate.getSubjectX500Principal(), "CN"));
            }
            for (List<?> list : subjectAlternativeNames) {
                if (((Integer) list.get(0)).intValue() == GeneralName.IP_ADDRESS.value && hostAddress.equals((String) list.get(1))) {
                    return true;
                }
            }
            return false;
        } catch (CertificateParsingException e) {
            return false;
        }
    }
}
