package org.eclipse.jetty.util.ssl;

import java.net.InetAddress;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;

/* loaded from: input_file:WEB-INF/lib/jetty-util-9.4.42.v20210604.jar:org/eclipse/jetty/util/ssl/X509.class */
public class X509 {
    private static final Logger LOG = Log.getLogger((Class<?>) X509.class);
    private static final int KEY_USAGE__KEY_CERT_SIGN = 5;
    private static final int SUBJECT_ALTERNATIVE_NAMES__DNS_NAME = 2;
    private static final int SUBJECT_ALTERNATIVE_NAMES__IP_ADDRESS = 7;
    private final X509Certificate _x509;
    private final String _alias;
    private final Set<String> _hosts = new LinkedHashSet();
    private final Set<String> _wilds = new LinkedHashSet();
    private final Set<InetAddress> _addresses = new LinkedHashSet();

    public static boolean isCertSign(X509Certificate x509Certificate) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage == null || keyUsage.length <= 5) {
            return false;
        }
        return keyUsage[5];
    }

    public X509(String str, X509Certificate x509Certificate) {
        this._alias = str;
        this._x509 = x509Certificate;
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                for (List<?> list : subjectAlternativeNames) {
                    switch (((Number) list.get(0)).intValue()) {
                        case 2:
                            String obj = list.get(1).toString();
                            if (LOG.isDebugEnabled()) {
                                LOG.debug("Certificate alias={} SAN dns={} in {}", str, obj, this);
                            }
                            addName(obj);
                            break;
                        case 7:
                            String obj2 = list.get(1).toString();
                            if (LOG.isDebugEnabled()) {
                                LOG.debug("Certificate alias={} SAN ip={} in {}", str, obj2, this);
                            }
                            addAddress(obj2);
                            break;
                    }
                }
            }
            for (Rdn rdn : new LdapName(x509Certificate.getSubjectX500Principal().getName("RFC2253")).getRdns()) {
                if (rdn.getType().equalsIgnoreCase("CN")) {
                    String obj3 = rdn.getValue().toString();
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Certificate CN alias={} CN={} in {}", str, obj3, this);
                    }
                    addName(obj3);
                }
            }
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    protected void addName(String str) {
        if (str != null) {
            String asciiToLowerCase = StringUtil.asciiToLowerCase(str);
            if (asciiToLowerCase.startsWith("*.")) {
                this._wilds.add(asciiToLowerCase.substring(2));
            } else {
                this._hosts.add(asciiToLowerCase);
            }
        }
    }

    private void addAddress(String str) {
        InetAddress inetAddress = toInetAddress(str);
        if (inetAddress != null) {
            this._addresses.add(inetAddress);
        }
    }

    private InetAddress toInetAddress(String str) {
        try {
            return InetAddress.getByName(str);
        } catch (Throwable th) {
            LOG.ignore(th);
            return null;
        }
    }

    public String getAlias() {
        return this._alias;
    }

    public X509Certificate getCertificate() {
        return this._x509;
    }

    public Set<String> getHosts() {
        return Collections.unmodifiableSet(this._hosts);
    }

    public Set<String> getWilds() {
        return Collections.unmodifiableSet(this._wilds);
    }

    public boolean matches(String str) {
        InetAddress inetAddress;
        String asciiToLowerCase = StringUtil.asciiToLowerCase(str);
        if (this._hosts.contains(asciiToLowerCase) || this._wilds.contains(asciiToLowerCase)) {
            return true;
        }
        int indexOf = asciiToLowerCase.indexOf(46);
        if (indexOf >= 0) {
            if (this._wilds.contains(asciiToLowerCase.substring(indexOf + 1))) {
                return true;
            }
        }
        if (!seemsIPAddress(asciiToLowerCase) || (inetAddress = toInetAddress(asciiToLowerCase)) == null) {
            return false;
        }
        return this._addresses.contains(inetAddress);
    }

    private static boolean seemsIPAddress(String str) {
        return str.matches("[0-9\\.]+") || (str.matches("[0-9a-fA-F:\\[\\]]+") && containsAtLeastTwoColons(str));
    }

    private static boolean containsAtLeastTwoColons(String str) {
        int indexOf = str.indexOf(58);
        if (indexOf >= 0) {
            indexOf = str.indexOf(58, indexOf + 1);
        }
        return indexOf > 0;
    }

    public String toString() {
        return String.format("%s@%x(%s,h=%s,a=%s,w=%s)", getClass().getSimpleName(), Integer.valueOf(hashCode()), this._alias, this._hosts, this._addresses, this._wilds);
    }
}
