package com.ning.http.util;

import java.security.Principal;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.auth.kerberos.KerberosPrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/Leapwork/Leapwork_plugin/model/leapwork.hpi:WEB-INF/lib/async-http-client-1.9.40.jar:com/ning/http/util/DefaultHostnameVerifier.class */
public class DefaultHostnameVerifier implements HostnameVerifier {
    private HostnameChecker checker;
    private HostnameVerifier extraHostnameVerifier;
    private static final Logger log = LoggerFactory.getLogger(DefaultHostnameVerifier.class.getName());

    public DefaultHostnameVerifier() {
        this.checker = new ProxyHostnameChecker();
    }

    public DefaultHostnameVerifier(HostnameChecker hostnameChecker) {
        this.checker = hostnameChecker;
    }

    public DefaultHostnameVerifier(HostnameVerifier hostnameVerifier) {
        this.checker = new ProxyHostnameChecker();
        this.extraHostnameVerifier = hostnameVerifier;
    }

    public DefaultHostnameVerifier(HostnameChecker hostnameChecker, HostnameVerifier hostnameVerifier) {
        this.checker = hostnameChecker;
        this.extraHostnameVerifier = hostnameVerifier;
    }

    private boolean hostnameMatches(String str, SSLSession sSLSession) {
        log.debug("hostname = {}, session = {}", str, Base64.encode(sSLSession.getId()));
        try {
            Certificate[] peerCertificates = sSLSession.getPeerCertificates();
            if (peerCertificates.length == 0) {
                log.debug("No peer certificates");
                return false;
            }
            if (!(peerCertificates[0] instanceof X509Certificate)) {
                log.debug("Peer does not have any certificates or they aren't X.509");
                return false;
            }
            X509Certificate x509Certificate = (X509Certificate) peerCertificates[0];
            log.debug("peerCertificate = {}", x509Certificate);
            try {
                this.checker.match(str, x509Certificate);
                return true;
            } catch (CertificateException e) {
                log.debug("Certificate does not match hostname", (Throwable) e);
                return false;
            }
        } catch (SSLPeerUnverifiedException e2) {
            log.debug("Not using certificates for peers, try verifying the principal");
            try {
                KerberosPrincipal peerPrincipal = sSLSession.getPeerPrincipal();
                log.debug("peerPrincipal = {}", peerPrincipal);
                if (peerPrincipal instanceof KerberosPrincipal) {
                    return this.checker.match(str, (Principal) peerPrincipal);
                }
                log.debug("Can't verify principal, not Kerberos");
                return false;
            } catch (SSLPeerUnverifiedException e3) {
                log.debug("Can't verify principal, no principal", (Throwable) e3);
                return false;
            }
        }
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        if (hostnameMatches(str, sSLSession)) {
            return true;
        }
        return this.extraHostnameVerifier != null && this.extraHostnameVerifier.verify(str, sSLSession);
    }
}
