package weblogic.security.utils;

import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import java.util.Locale;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import weblogic.kernel.Kernel;
import weblogic.logging.Loggable;
import weblogic.management.configuration.KernelMBean;
import weblogic.management.configuration.SSLMBean;
import weblogic.security.SSL.HostnameVerifier;
import weblogic.security.SSL.HostnameVerifierJSSE;
import weblogic.security.SecurityLogger;
import weblogic.utils.NestedRuntimeException;

/* loaded from: input_file:weblogic/security/utils/SSLWLSHostnameVerifier.class */
public class SSLWLSHostnameVerifier implements SSLHostnameVerifier {
    private static final String IGNORE_VERIFICATION_PROP = "weblogic.security.SSL.ignoreHostnameVerification";
    private static final String IGNORE_VERIFICATION2_PROP = "weblogic.security.SSL.ignoreHostnameVerify";
    private static final String VERIFIER_CLASS_PROP = "weblogic.security.SSL.hostnameVerifier";
    private static final String REVERSE_DNS_ALLOWED_PROP = "weblogic.ReverseDNSAllowed";
    private static HostnameVerifier defaultVerifier = null;
    private HostnameVerifier verifier;
    private String urlHostName = null;
    private String proxyHostName = null;
    private String expectedName = null;

    /* loaded from: input_file:weblogic/security/utils/SSLWLSHostnameVerifier$DefaultHostnameVerifier.class */
    public static class DefaultHostnameVerifier implements HostnameVerifier {
        private static final String LOCALHOST_HOSTNAME = "localhost";
        private static final String LOCALHOST_IPADDRESS = "127.0.0.1";
        private boolean allowReverseDNS;

        public DefaultHostnameVerifier() {
            this.allowReverseDNS = false;
            if (!Kernel.isApplet() && System.getProperty(SSLWLSHostnameVerifier.REVERSE_DNS_ALLOWED_PROP) != null) {
                this.allowReverseDNS = Boolean.getBoolean(SSLWLSHostnameVerifier.REVERSE_DNS_ALLOWED_PROP);
            } else if (Kernel.getConfig() != null) {
                this.allowReverseDNS = Kernel.getConfig().isReverseDNSAllowed();
            }
            if (SSLSetup.isDebugEnabled(3)) {
                SSLSetup.info("HostnameVerifier: allowReverseDNS=" + this.allowReverseDNS);
            }
        }

        @Override // weblogic.security.SSL.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            if (str == null || str.length() == 0) {
                return false;
            }
            if (doVerify(str, sSLSession, SSLCertUtility.getCommonName(sSLSession))) {
                return true;
            }
            return doDNSSubjAltNamesVerify(str, SSLCertUtility.getDNSSubjAltNames(sSLSession));
        }

        private boolean doVerify(String str, SSLSession sSLSession, String str2) {
            if (str2 == null || str2.length() == 0) {
                return false;
            }
            if (str.equalsIgnoreCase(str2)) {
                return true;
            }
            if (isDemoCert(SSLCertUtility.getPeerLeafCert(sSLSession)) && str.toLowerCase(Locale.ENGLISH).startsWith(str2.toLowerCase(Locale.ENGLISH) + ".")) {
                return true;
            }
            try {
                InetAddress localHost = InetAddress.getLocalHost();
                if (!localHost.getHostName().equalsIgnoreCase(str2)) {
                    return false;
                }
                if (localHost.getHostAddress().equalsIgnoreCase(str)) {
                    return true;
                }
                return this.allowReverseDNS ? InetAddress.getByName(str).isLoopbackAddress() : "localhost".equalsIgnoreCase(str) || LOCALHOST_IPADDRESS.equalsIgnoreCase(str);
            } catch (UnknownHostException e) {
                SSLSetup.info("HostnameVerifier: unknown host");
                return false;
            }
        }

        private boolean doDNSSubjAltNamesVerify(String str, Collection collection) {
            if (collection == null || collection.isEmpty()) {
                return false;
            }
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                if (((String) it.next()).equalsIgnoreCase(str)) {
                    return true;
                }
            }
            return false;
        }

        private static boolean isDemoCert(X509Certificate x509Certificate) {
            return "C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=CertGenCAB".equalsIgnoreCase(x509Certificate.getIssuerDN().getName()) && x509Certificate.getSubjectDN().getName().startsWith("C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY");
        }
    }

    /* loaded from: input_file:weblogic/security/utils/SSLWLSHostnameVerifier$NullHostnameVerifier.class */
    public static class NullHostnameVerifier implements HostnameVerifier {
        @Override // weblogic.security.SSL.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return true;
        }
    }

    public SSLWLSHostnameVerifier() {
        this.verifier = null;
        this.verifier = getDefaultVerifer();
    }

    @Override // weblogic.security.utils.SSLHostnameVerifier
    public boolean hostnameValidationCallback(String str, SSLSocket sSLSocket) {
        SSLSession session = sSLSocket.getSession();
        boolean isProxying = isProxying(str, sSLSocket);
        if (isProxying) {
            str = this.urlHostName;
        }
        try {
            boolean isDebugEnabled = SSLSetup.isDebugEnabled(3);
            if (isDebugEnabled) {
                SSLSetup.info("Performing hostname validation checks: " + str);
                if (isProxying) {
                    SSLSetup.info("Proxying through " + this.proxyHostName);
                }
            }
            if (!this.verifier.verify(str, session)) {
                if (SSLSetup.logSSLRejections()) {
                    Loggable logHostnameVerificationErrorLoggable = SecurityLogger.logHostnameVerificationErrorLoggable(getPeerName(isProxying, sSLSocket), SSLCertUtility.getCommonName(session), str);
                    logHostnameVerificationErrorLoggable.log();
                    SSLSetup.setFailureDetails(session, logHostnameVerificationErrorLoggable.getMessage());
                }
                if (!isDebugEnabled) {
                    return false;
                }
                SSLSetup.info("Hostname Verification failed for certificate with CommonName '" + SSLCertUtility.getCommonName(session) + "' against hostname: " + str);
                return false;
            }
            if (this.expectedName == null) {
                return true;
            }
            if (SSLCertUtility.getPeerLeafCert(sSLSocket) == null) {
                if (SSLSetup.logSSLRejections()) {
                    Loggable logHostnameVerificationNoCertificateErrorLoggable = SecurityLogger.logHostnameVerificationNoCertificateErrorLoggable(getPeerName(isProxying, sSLSocket));
                    logHostnameVerificationNoCertificateErrorLoggable.log();
                    SSLSetup.setFailureDetails(session, logHostnameVerificationNoCertificateErrorLoggable.getMessage());
                }
                if (!isDebugEnabled) {
                    return false;
                }
                SSLSetup.info("No identity certificate, cannot verify expected name: " + this.expectedName);
                return false;
            }
            String commonName = SSLCertUtility.getCommonName(session);
            if (this.expectedName.equals(commonName)) {
                return true;
            }
            if (SSLSetup.logSSLRejections()) {
                Loggable logHostnameVerificationErrorLoggable2 = SecurityLogger.logHostnameVerificationErrorLoggable(getPeerName(isProxying, sSLSocket), commonName, this.expectedName);
                logHostnameVerificationErrorLoggable2.log();
                SSLSetup.setFailureDetails(session, logHostnameVerificationErrorLoggable2.getMessage());
            }
            if (!isDebugEnabled) {
                return false;
            }
            SSLSetup.info("Hostname Verification failed since certificate CommonName '" + commonName + "' does not match expected name: " + this.expectedName);
            return false;
        } catch (Exception e) {
            if (SSLSetup.logSSLRejections()) {
                Loggable logHostnameVerificationExceptionErrorLoggable = SecurityLogger.logHostnameVerificationExceptionErrorLoggable(getPeerName(isProxying, sSLSocket));
                logHostnameVerificationExceptionErrorLoggable.log();
                SSLSetup.setFailureDetails(session, logHostnameVerificationExceptionErrorLoggable.getMessage());
            }
            SSLSetup.debug(1, e, "Hostname Verification error");
            return false;
        }
    }

    private boolean isProxying(String str, SSLSocket sSLSocket) {
        if (this.proxyHostName == null || this.urlHostName == null) {
            return false;
        }
        if (this.proxyHostName.equals(str)) {
            return true;
        }
        InetAddress inetAddress = sSLSocket.getInetAddress();
        if (inetAddress != null) {
            return this.proxyHostName.equals(inetAddress.getHostAddress()) || this.proxyHostName.equals(inetAddress.getHostName());
        }
        return false;
    }

    private String getPeerName(boolean z, SSLSocket sSLSocket) {
        String peerName = SSLSetup.getPeerName(sSLSocket);
        if (z) {
            peerName = peerName + " --> " + this.urlHostName;
        }
        return peerName;
    }

    public void setExpectedName(String str) {
        this.expectedName = str;
    }

    public void setHostnameVerifier(HostnameVerifier hostnameVerifier) {
        this.verifier = hostnameVerifier != null ? hostnameVerifier : defaultVerifier;
    }

    private static synchronized HostnameVerifier getDefaultVerifer() {
        HostnameVerifier hostnameVerifier;
        if (defaultVerifier == null) {
            KernelMBean config = Kernel.getConfig();
            SSLMBean sSLMBean = null;
            if (config != null) {
                sSLMBean = config.getSSL();
            }
            if (isHostnameVerificationIgnored(sSLMBean)) {
                hostnameVerifier = new NullHostnameVerifier();
            } else {
                String hostnameVerifierClassName = getHostnameVerifierClassName(sSLMBean);
                if (hostnameVerifierClassName == null) {
                    if (SSLSetup.isDebugEnabled(3)) {
                        SSLSetup.info("HostnameVerifier: using default hostnameverifier");
                    }
                    hostnameVerifier = new DefaultHostnameVerifier();
                    SecurityLogger.logUsingDefaultHVLoggable().log();
                } else {
                    try {
                        Object newInstance = Class.forName(hostnameVerifierClassName).newInstance();
                        if (newInstance instanceof HostnameVerifier) {
                            hostnameVerifier = (HostnameVerifier) newInstance;
                            if (SSLSetup.isDebugEnabled(3)) {
                                SSLSetup.info("HostnameVerifier: using configured hostnameverifier: " + hostnameVerifier.getClass().getName());
                            }
                            SecurityLogger.logUsingConfiguredHVLoggable(hostnameVerifier.getClass().getName()).log();
                        } else {
                            if (!(newInstance instanceof HostnameVerifierJSSE)) {
                                Loggable logHostnameVerifierInvalidErrorLoggable = SecurityLogger.logHostnameVerifierInvalidErrorLoggable(hostnameVerifierClassName);
                                logHostnameVerifierInvalidErrorLoggable.log();
                                throw new NestedRuntimeException(logHostnameVerifierInvalidErrorLoggable.getMessage());
                            }
                            final HostnameVerifierJSSE hostnameVerifierJSSE = (HostnameVerifierJSSE) newInstance;
                            hostnameVerifier = new HostnameVerifier() { // from class: weblogic.security.utils.SSLWLSHostnameVerifier.1
                                @Override // weblogic.security.SSL.HostnameVerifier
                                public boolean verify(String str, SSLSession sSLSession) {
                                    return HostnameVerifierJSSE.this.verify(str, SSLCertUtility.getCommonName(sSLSession));
                                }
                            };
                            SecurityLogger.logUsingConfiguredHVLoggable(hostnameVerifier.getClass().getName()).log();
                            if (SSLSetup.isDebugEnabled(3)) {
                                SSLSetup.info("HostnameVerifier: using configured hostnameverifier: " + hostnameVerifier.getClass().getName());
                            }
                        }
                    } catch (Exception e) {
                        Loggable logHostnameVerifierInitErrorLoggable = SecurityLogger.logHostnameVerifierInitErrorLoggable(hostnameVerifierClassName);
                        logHostnameVerifierInitErrorLoggable.log();
                        throw new NestedRuntimeException(logHostnameVerifierInitErrorLoggable.getMessage(), e);
                    }
                }
            }
            if (sSLMBean == null && Kernel.isServer()) {
                return hostnameVerifier;
            }
            defaultVerifier = hostnameVerifier;
        }
        return defaultVerifier;
    }

    /* JADX WARN: Code restructure failed: missing block: B:18:0x000c, code lost:
    
        if (r2.isHostnameVerificationIgnored() == false) goto L7;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static boolean isHostnameVerificationIgnored(weblogic.management.configuration.SSLMBean r2) {
        /*
            r0 = 0
            r3 = r0
            r0 = r2
            if (r0 == 0) goto Lf
            r0 = r2
            boolean r0 = r0.isHostnameVerificationIgnored()     // Catch: java.lang.SecurityException -> L28
            if (r0 != 0) goto L1f
        Lf:
            java.lang.String r0 = "weblogic.security.SSL.ignoreHostnameVerification"
            boolean r0 = java.lang.Boolean.getBoolean(r0)     // Catch: java.lang.SecurityException -> L28
            if (r0 != 0) goto L1f
            java.lang.String r0 = "weblogic.security.SSL.ignoreHostnameVerify"
            boolean r0 = java.lang.Boolean.getBoolean(r0)     // Catch: java.lang.SecurityException -> L28
            if (r0 == 0) goto L23
        L1f:
            r0 = 1
            goto L24
        L23:
            r0 = 0
        L24:
            r3 = r0
            goto L29
        L28:
            r4 = move-exception
        L29:
            r0 = r3
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: weblogic.security.utils.SSLWLSHostnameVerifier.isHostnameVerificationIgnored(weblogic.management.configuration.SSLMBean):boolean");
    }

    public void setProxyMapping(String str, String str2) {
        this.urlHostName = str2;
        this.proxyHostName = str;
    }

    private static String getHostnameVerifierClassName(SSLMBean sSLMBean) {
        String str = null;
        try {
            str = System.getProperty(VERIFIER_CLASS_PROP);
        } catch (SecurityException e) {
        }
        if (str == null && sSLMBean != null) {
            str = sSLMBean.getHostnameVerifier();
        }
        return str;
    }
}
