package weblogic.security.utils;

import java.util.Collection;
import java.util.Iterator;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.SSLSession;
import weblogic.security.utils.SSLWLSHostnameVerifier;

/* loaded from: input_file:weblogic/security/utils/SSLWLSWildcardHostnameVerifier.class */
public class SSLWLSWildcardHostnameVerifier extends SSLWLSHostnameVerifier.DefaultHostnameVerifier {
    private static final String WILDCARD_DNSNAME_REGEX = "^\\*((\\.[^*.]+){2,})$";
    private static final Pattern WILDCARD_DNSNAME_PATTERN = Pattern.compile(WILDCARD_DNSNAME_REGEX);
    private static final String URL_HOSTNAME_REGEX = "^[^*.\\s]+((\\.[^*.]+){2,})$";
    private static final Pattern URL_HOSTNAME_PATTERN = Pattern.compile(URL_HOSTNAME_REGEX);

    public SSLWLSWildcardHostnameVerifier() {
        if (SSLSetup.isDebugEnabled(3)) {
            SSLSetup.info("HostnameVerifier: allowing wildcarded certificates");
        }
    }

    @Override // weblogic.security.utils.SSLWLSHostnameVerifier.DefaultHostnameVerifier, weblogic.security.SSL.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        boolean z = false;
        if (str != null && sSLSession != null) {
            Collection dNSSubjAltNames = SSLCertUtility.getDNSSubjAltNames(sSLSession, true, false);
            String commonName = SSLCertUtility.getCommonName(sSLSession);
            if (dNSSubjAltNames == null || dNSSubjAltNames.size() <= 0) {
                z = isLegalWildcarded(str, commonName);
            } else {
                z = verifyCNAfterSAN() ? verifySANWildcardDNSNames(str, dNSSubjAltNames) || isLegalWildcarded(str, commonName) : verifySANWildcardDNSNames(str, dNSSubjAltNames);
            }
            if (!z) {
                z = super.verify(str, sSLSession);
            }
        }
        return z;
    }

    private static boolean isLegalWildcarded(String str, String str2) {
        if (str2 == null) {
            return false;
        }
        if (str2.indexOf("*") != -1) {
            return str2.indexOf(".") != str2.lastIndexOf(".") && str2.startsWith("*.") && str2.indexOf("*") == str2.lastIndexOf("*") && domainMatchesDomain(str2, str);
        }
        if (!SSLSetup.isDebugEnabled(3)) {
            return false;
        }
        SSLSetup.info("HostnameVerifier: no wildcard present, wildcard validation not performed.");
        return false;
    }

    private static boolean domainMatchesDomain(String str, String str2) {
        int indexOf = str.indexOf("*");
        if (indexOf == -1) {
            return false;
        }
        String lowerCase = str.substring(indexOf + 1).toLowerCase();
        String lowerCase2 = str2.toLowerCase();
        if (!lowerCase2.endsWith(lowerCase) || lowerCase2.lastIndexOf(lowerCase) == -1) {
            return false;
        }
        String substring = lowerCase2.substring(0, lowerCase2.length() - lowerCase.length());
        return substring.length() > 0 && substring.indexOf(".") == -1;
    }

    private static boolean verifySANWildcardDNSNames(String str, Collection<String> collection) {
        boolean z = false;
        if (collection != null && !collection.isEmpty()) {
            Matcher matcher = URL_HOSTNAME_PATTERN.matcher(str);
            boolean matches = matcher.matches();
            Iterator<String> it = collection.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Matcher matcher2 = WILDCARD_DNSNAME_PATTERN.matcher(it.next());
                if (matcher2.matches()) {
                    String group = matcher2.group(1);
                    if (matches) {
                        String group2 = matcher.group(1);
                        if (group != null && group2 != null && group.equalsIgnoreCase(group2)) {
                            z = true;
                            break;
                        }
                    } else {
                        continue;
                    }
                }
            }
        }
        return z;
    }
}
