package com.simba.hiveserver1.jdbc.common;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/simba/hiveserver1/jdbc/common/DSTrustManager.class */
public class DSTrustManager implements X509TrustManager {
    X509TrustManager m_defaultTrustManager;
    X509TrustManager m_userSetTrustManager;
    boolean m_allowSelfSigned;
    boolean m_certNamesMismatch;
    String m_host;
    boolean m_hostNameInSAN;

    public DSTrustManager(SSLTransportParameters sSLTransportParameters, String str) throws NoSuchAlgorithmException, KeyStoreException, CertificateException, FileNotFoundException, IOException {
        this.m_allowSelfSigned = sSLTransportParameters.isAllowSelfSigned();
        this.m_certNamesMismatch = sSLTransportParameters.isCertNamesMismatch();
        this.m_host = str;
        this.m_hostNameInSAN = sSLTransportParameters.isHostNameInSAN();
        this.m_userSetTrustManager = null;
        this.m_defaultTrustManager = null;
        if (sSLTransportParameters.isTrustStoreSet()) {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(sSLTransportParameters.getTrustManagerType());
            KeyStore keyStore = KeyStore.getInstance(sSLTransportParameters.getTrustStoreType());
            keyStore.load(new FileInputStream(sSLTransportParameters.getTrustStore()), null != sSLTransportParameters.getTrustPass() ? sSLTransportParameters.getTrustPass().toCharArray() : null);
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (null != trustManagers) {
                int i = 0;
                while (true) {
                    if (i >= trustManagers.length) {
                        break;
                    }
                    if (trustManagers[i] instanceof X509TrustManager) {
                        this.m_userSetTrustManager = (X509TrustManager) trustManagers[0];
                        break;
                    }
                    i++;
                }
            }
        }
        if (null == this.m_userSetTrustManager) {
            TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory2.init((KeyStore) null);
            TrustManager[] trustManagers2 = trustManagerFactory2.getTrustManagers();
            if (trustManagers2 != null) {
                int i2 = 0;
                while (true) {
                    if (i2 >= trustManagers2.length) {
                        break;
                    }
                    if (trustManagers2[i2] instanceof X509TrustManager) {
                        this.m_defaultTrustManager = (X509TrustManager) trustManagers2[0];
                        break;
                    }
                    i2++;
                }
            }
            if (null == this.m_defaultTrustManager) {
                throw new CertificateException("Can not load TrustManager.");
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this.m_allowSelfSigned) {
            return;
        }
        if (null != this.m_userSetTrustManager) {
            this.m_userSetTrustManager.checkServerTrusted(x509CertificateArr, str);
        } else {
            this.m_defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
        }
        if (!verifyHost(x509CertificateArr[0])) {
            throw new CertificateException("Hostname and certificate CN are mismatched.");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    private boolean matchName(String str) {
        boolean z = false;
        int i = 0;
        int i2 = 0;
        while (i < str.length() && i2 < this.m_host.length()) {
            if (Character.toUpperCase(str.charAt(i)) != Character.toUpperCase(this.m_host.charAt(i2))) {
                if ('*' != str.charAt(i)) {
                    break;
                }
                while ('.' != this.m_host.charAt(i2) && i2 < this.m_host.length()) {
                    i2++;
                }
                i++;
            } else {
                i++;
                i2++;
            }
        }
        if (i == str.length() && i2 == this.m_host.length()) {
            z = true;
        }
        return z;
    }

    /* JADX WARN: Code restructure failed: missing block: B:38:0x00b8, code lost:
    
        r7 = r0.getValue().toString();
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private boolean verifyHost(java.security.cert.X509Certificate r5) throws java.security.cert.CertificateParsingException {
        /*
            r4 = this;
            r0 = r4
            boolean r0 = r0.m_certNamesMismatch
            if (r0 == 0) goto L9
            r0 = 1
            return r0
        L9:
            r0 = 0
            r1 = r5
            if (r0 != r1) goto L10
            r0 = 0
            return r0
        L10:
            r0 = r4
            boolean r0 = r0.m_hostNameInSAN
            if (r0 == 0) goto L78
            r0 = r5
            java.util.Collection r0 = r0.getSubjectAlternativeNames()
            r6 = r0
            r0 = 0
            r1 = r6
            if (r0 == r1) goto L78
            r0 = r6
            java.util.Iterator r0 = r0.iterator()
            r7 = r0
        L28:
            r0 = r7
            boolean r0 = r0.hasNext()
            if (r0 == 0) goto L78
            r0 = r7
            java.lang.Object r0 = r0.next()
            java.util.List r0 = (java.util.List) r0
            r8 = r0
            r0 = r8
            r1 = 0
            java.lang.Object r0 = r0.get(r1)
            r1 = 2
            java.lang.Integer r1 = java.lang.Integer.valueOf(r1)
            boolean r0 = r0.equals(r1)
            if (r0 != 0) goto L61
            r0 = r8
            r1 = 0
            java.lang.Object r0 = r0.get(r1)
            r1 = 7
            java.lang.Integer r1 = java.lang.Integer.valueOf(r1)
            boolean r0 = r0.equals(r1)
            if (r0 == 0) goto L75
        L61:
            r0 = r4
            r1 = r8
            r2 = 1
            java.lang.Object r1 = r1.get(r2)
            java.lang.String r1 = (java.lang.String) r1
            boolean r0 = r0.matchName(r1)
            if (r0 == 0) goto L75
            r0 = 1
            return r0
        L75:
            goto L28
        L78:
            java.lang.String r0 = ""
            r7 = r0
            javax.naming.ldap.LdapName r0 = new javax.naming.ldap.LdapName     // Catch: javax.naming.InvalidNameException -> Lca
            r1 = r0
            r2 = r5
            javax.security.auth.x500.X500Principal r2 = r2.getSubjectX500Principal()     // Catch: javax.naming.InvalidNameException -> Lca
            java.lang.String r2 = r2.getName()     // Catch: javax.naming.InvalidNameException -> Lca
            r1.<init>(r2)     // Catch: javax.naming.InvalidNameException -> Lca
            r6 = r0
            r0 = r6
            java.util.List r0 = r0.getRdns()     // Catch: javax.naming.InvalidNameException -> Lca
            java.util.Iterator r0 = r0.iterator()     // Catch: javax.naming.InvalidNameException -> Lca
            r8 = r0
        L95:
            r0 = r8
            boolean r0 = r0.hasNext()     // Catch: javax.naming.InvalidNameException -> Lca
            if (r0 == 0) goto Lc7
            r0 = r8
            java.lang.Object r0 = r0.next()     // Catch: javax.naming.InvalidNameException -> Lca
            javax.naming.ldap.Rdn r0 = (javax.naming.ldap.Rdn) r0     // Catch: javax.naming.InvalidNameException -> Lca
            r9 = r0
            r0 = r9
            java.lang.String r0 = r0.getType()     // Catch: javax.naming.InvalidNameException -> Lca
            java.lang.String r1 = "CN"
            boolean r0 = r0.equalsIgnoreCase(r1)     // Catch: javax.naming.InvalidNameException -> Lca
            if (r0 == 0) goto Lc4
            r0 = r9
            java.lang.Object r0 = r0.getValue()     // Catch: javax.naming.InvalidNameException -> Lca
            java.lang.String r0 = r0.toString()     // Catch: javax.naming.InvalidNameException -> Lca
            r7 = r0
            goto Lc7
        Lc4:
            goto L95
        Lc7:
            goto Lce
        Lca:
            r8 = move-exception
            r0 = 0
            return r0
        Lce:
            r0 = r4
            r1 = r7
            boolean r0 = r0.matchName(r1)
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.simba.hiveserver1.jdbc.common.DSTrustManager.verifyHost(java.security.cert.X509Certificate):boolean");
    }
}
