package com.tencent.qqmail.utilities.qmnetwork;

import com.tencent.qqmail.QMApplicationContext;
import com.tencent.qqmail.utilities.log.QMLog;
import com.xiaomi.mipush.sdk.Constants;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.InetAddress;
import java.net.Socket;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;

/* loaded from: classes2.dex */
public final class au extends at {
    private static void a(String str, String str2, List<String> list, boolean z) {
        StringBuilder sb = new StringBuilder();
        sb.append("key:").append(str);
        sb.append(",address:").append(str2);
        sb.append(",names:");
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            sb.append(it.next()).append(Constants.ACCEPT_TIME_SEPARATOR_SP);
        }
        sb.append(",result:").append(z);
        QMLog.log(3, "QMSSLUtil", sb.toString());
    }

    private boolean a(String str, SSLSession sSLSession) {
        try {
            Certificate[] peerCertificates = sSLSession.getPeerCertificates();
            QMLog.log(3, "QMSSLUtil", "appVerify certificates len:" + peerCertificates.length);
            return verify(str, (X509Certificate) peerCertificates[0]);
        } catch (SSLException e) {
            return false;
        }
    }

    private static List<String> getSubjectAltNames(X509Certificate x509Certificate, int i) {
        Integer num;
        String str;
        ArrayList arrayList = new ArrayList();
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                return Collections.emptyList();
            }
            for (List<?> list : subjectAlternativeNames) {
                if (list != null && list.size() >= 2 && (num = (Integer) list.get(0)) != null && num.intValue() == i && (str = (String) list.get(1)) != null) {
                    arrayList.add(str);
                }
            }
            return arrayList;
        } catch (CertificateParsingException e) {
            return Collections.emptyList();
        }
    }

    private boolean verify(String str, X509Certificate x509Certificate) {
        try {
            Method method = InetAddress.class.getMethod("isNumeric", String.class);
            method.setAccessible(true);
            boolean booleanValue = ((Boolean) method.invoke(null, str)).booleanValue();
            QMLog.log(3, "QMSSLUtil", "verify host:" + str + Constants.ACCEPT_TIME_SEPARATOR_SP + booleanValue);
            return booleanValue ? verifyIpAddress(str, x509Certificate) : verifyHostName(str, x509Certificate);
        } catch (IllegalAccessException e) {
            QMLog.log(5, "QMSSLUtil", "verify host fail IllegalAccessException:" + e.toString());
            return false;
        } catch (NoSuchMethodException e2) {
            QMLog.log(5, "QMSSLUtil", "verify host fail NoSuchMethodException:" + e2.toString());
            return false;
        } catch (InvocationTargetException e3) {
            QMLog.log(5, "QMSSLUtil", "verify host fail InvocationTargetException:" + e3.toString());
            return false;
        }
    }

    private boolean verifyHostName(String str, X509Certificate x509Certificate) {
        boolean z;
        String lowerCase = str.toLowerCase(Locale.US);
        List<String> subjectAltNames = getSubjectAltNames(x509Certificate, 2);
        boolean z2 = false;
        for (String str2 : subjectAltNames) {
            if (lowerCase == null || lowerCase.isEmpty() || str2 == null || str2.isEmpty()) {
                z = false;
            } else {
                String lowerCase2 = str2.toLowerCase(Locale.US);
                if (!lowerCase2.contains("*")) {
                    z = lowerCase.equals(lowerCase2);
                } else if (lowerCase2.startsWith("*.") && lowerCase.equals(lowerCase2.substring(2))) {
                    z = true;
                } else {
                    int indexOf = lowerCase2.indexOf(42);
                    if (indexOf > lowerCase2.indexOf(46)) {
                        z = false;
                    } else if (lowerCase.regionMatches(0, lowerCase2, 0, indexOf)) {
                        int length = lowerCase2.length() - (indexOf + 1);
                        int length2 = lowerCase.length() - length;
                        z = (lowerCase.indexOf(46, indexOf) >= length2 || lowerCase.endsWith(".clients.google.com")) ? lowerCase.regionMatches(length2, lowerCase2, indexOf + 1, length) : false;
                    } else {
                        z = false;
                    }
                }
            }
            z2 = z ? true : z2;
        }
        a("verifyHostName", lowerCase, subjectAltNames, z2);
        return z2;
    }

    private boolean verifyIpAddress(String str, X509Certificate x509Certificate) {
        boolean z = false;
        List<String> subjectAltNames = getSubjectAltNames(x509Certificate, 7);
        Iterator<String> it = subjectAltNames.iterator();
        while (true) {
            boolean z2 = z;
            if (!it.hasNext()) {
                a("verifyIpAddress", str, subjectAltNames, z2);
                return z2;
            }
            z = str.equalsIgnoreCase(it.next()) ? true : z2;
        }
    }

    @Override // com.tencent.qqmail.utilities.qmnetwork.at
    final SSLSocketFactory auA() {
        try {
            return new av(this).getSocketFactory();
        } catch (Exception e) {
            QMLog.log(5, "QMSSLUtil", "getWrappedFactory exception" + e.toString());
            return (SSLSocketFactory) SSLSocketFactory.getDefault();
        }
    }

    @Override // com.tencent.qqmail.utilities.qmnetwork.at, com.tencent.qqmail.feature.FeatureSSLSocketFactory
    public final /* bridge */ /* synthetic */ Socket createSocket(String str, int i) throws IOException {
        return super.createSocket(str, i);
    }

    @Override // com.tencent.qqmail.utilities.qmnetwork.at, com.tencent.qqmail.feature.FeatureSSLSocketFactory
    public final /* bridge */ /* synthetic */ Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException {
        return super.createSocket(str, i, inetAddress, i2);
    }

    @Override // com.tencent.qqmail.utilities.qmnetwork.at, com.tencent.qqmail.feature.FeatureSSLSocketFactory
    public final /* bridge */ /* synthetic */ Socket createSocket(InetAddress inetAddress, int i) throws IOException {
        return super.createSocket(inetAddress, i);
    }

    @Override // com.tencent.qqmail.utilities.qmnetwork.at, com.tencent.qqmail.feature.FeatureSSLSocketFactory
    public final /* bridge */ /* synthetic */ Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
        return super.createSocket(inetAddress, i, inetAddress2, i2);
    }

    @Override // com.tencent.qqmail.utilities.qmnetwork.at, com.tencent.qqmail.feature.FeatureSSLSocketFactory
    public final /* bridge */ /* synthetic */ Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
        return super.createSocket(socket, str, i, z);
    }

    @Override // com.tencent.qqmail.utilities.qmnetwork.at, com.tencent.qqmail.feature.FeatureSSLSocketFactory
    public final /* bridge */ /* synthetic */ String[] getDefaultCipherSuites() {
        return super.getDefaultCipherSuites();
    }

    @Override // com.tencent.qqmail.utilities.qmnetwork.at, com.tencent.qqmail.feature.FeatureSSLSocketFactory
    public final /* bridge */ /* synthetic */ String[] getSupportedCipherSuites() {
        return super.getSupportedCipherSuites();
    }

    @Override // javax.net.ssl.HostnameVerifier
    public final boolean verify(String str, SSLSession sSLSession) {
        boolean verify = HttpsURLConnection.getDefaultHostnameVerifier().verify(str, sSLSession);
        new StringBuilder("verify by DefaultHostnameVerifier: ").append(verify);
        if (!verify) {
            StringBuilder sb = new StringBuilder();
            sb.append("time:").append(new Date()).append(",host:").append(str).append(",verify cers:");
            try {
                for (Certificate certificate : sSLSession.getPeerCertificates()) {
                    sb.append(certificate).append("\n\n");
                }
                sb.append("\nnetwork wifi:").append(QMNetworkUtils.aul()).append(",mobile:").append(QMNetworkUtils.aun()).append(",airplane:").append(QMNetworkUtils.aF(QMApplicationContext.sharedInstance()));
                QMLog.log(3, "QMSSLUtil", sb.toString());
                QMLog.log(3, "QMSSLUtil", "appVerify:" + a(str, sSLSession));
            } catch (Exception e) {
            }
        }
        return verify;
    }
}
