package com.zimbra.common.net;

import com.zimbra.common.util.ZimbraLog;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.cert.X509Certificate;
import sun.security.util.HostnameChecker;

/* loaded from: input_file:com/zimbra/common/net/CustomHostnameVerifier.class */
public class CustomHostnameVerifier implements HostnameVerifier {
    public static void verifyHostname(String str, SSLSession sSLSession) throws IOException {
        if (NetConfig.getInstance().isAllowMismatchedCerts()) {
            return;
        }
        try {
            InetAddress.getByName(str);
            X509Certificate[] peerCertificateChain = sSLSession.getPeerCertificateChain();
            if (peerCertificateChain == null || peerCertificateChain.length == 0) {
                throw new SSLPeerUnverifiedException("No server certificates found: " + str);
            }
            java.security.cert.X509Certificate certJavax2Java = certJavax2Java(peerCertificateChain[0]);
            CustomTrustManager customTrustManager = TrustManagers.customTrustManager();
            if (customTrustManager.isCertificateAcceptedForHostname(str, certJavax2Java)) {
                return;
            }
            try {
                HostnameChecker.getInstance((byte) 1).match(str, certJavax2Java);
            } catch (CertificateException e) {
                throw new SSLPeerUnverifiedException(customTrustManager.handleCertificateCheckFailure(str, certJavax2Java, true));
            }
        } catch (UnknownHostException e2) {
            throw new UnknownHostException("Could not resolve SSL sessions server hostname: " + str);
        }
    }

    private static java.security.cert.X509Certificate certJavax2Java(X509Certificate x509Certificate) {
        try {
            return (java.security.cert.X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509Certificate.getEncoded()));
        } catch (CertificateEncodingException | CertificateException | javax.security.cert.CertificateEncodingException e) {
            return null;
        }
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        try {
            verifyHostname(str, sSLSession);
            return true;
        } catch (IOException e) {
            ZimbraLog.security.debug("Hostname verification failed: hostname = " + str, e);
            return false;
        }
    }
}
