package com.amazonaws.kinesisvideo.http;

import com.amazonaws.kinesisvideo.common.logging.Log;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;

/* loaded from: classes.dex */
public class HostnameVerifyingX509ExtendedTrustManager extends X509ExtendedTrustManager {
    private static final HostnameVerifier DEFAULT_HOSTNAME_VERIFIER = HostnameVerifier.INSTANCE;
    private final boolean clientSideHostnameVerificationEnabled;
    private Log log = new Log(Log.SYSTEM_OUT);
    private final X509ExtendedTrustManager x509ExtendedTrustManager = getX509ExtendedTrustManager();

    public HostnameVerifyingX509ExtendedTrustManager(boolean z) {
        this.clientSideHostnameVerificationEnabled = z;
    }

    private X509ExtendedTrustManager getX509ExtendedTrustManager() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509ExtendedTrustManager) {
                    return (X509ExtendedTrustManager) trustManager;
                }
            }
            throw new RuntimeException("No default X509TrustManager found");
        } catch (KeyStoreException e) {
            throw new RuntimeException("Unable to initialize default TrustManagerFactory", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("Unable to initialize default TrustManagerFactory", e2);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.x509ExtendedTrustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        this.x509ExtendedTrustManager.checkClientTrusted(x509CertificateArr, str, socket);
        if (this.clientSideHostnameVerificationEnabled) {
            performHostVerification(socket.getInetAddress(), x509CertificateArr[0]);
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        this.x509ExtendedTrustManager.checkClientTrusted(x509CertificateArr, str, sSLEngine);
        if (this.clientSideHostnameVerificationEnabled) {
            try {
                performHostVerification(InetAddress.getByName(sSLEngine.getPeerHost()), x509CertificateArr[0]);
            } catch (UnknownHostException e) {
                throw new CertificateException("Failed to verify host", e);
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.x509ExtendedTrustManager.checkServerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        this.x509ExtendedTrustManager.checkServerTrusted(x509CertificateArr, str, socket);
        performHostVerification(socket.getInetAddress(), x509CertificateArr[0]);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        this.x509ExtendedTrustManager.checkServerTrusted(x509CertificateArr, str, sSLEngine);
        try {
            performHostVerification(InetAddress.getByName(sSLEngine.getPeerHost()), x509CertificateArr[0]);
        } catch (UnknownHostException e) {
            throw new CertificateException("Failed to verify host", e);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.x509ExtendedTrustManager.getAcceptedIssuers();
    }

    public void performHostVerification(String str, String str2, X509Certificate x509Certificate) throws CertificateException {
        HostnameVerifier hostnameVerifier = DEFAULT_HOSTNAME_VERIFIER;
        if (hostnameVerifier.verify(str, x509Certificate)) {
            return;
        }
        this.log.debug("Failed to verify host address: {} attempting to verify host name with reverse dns lookup", str);
        if (hostnameVerifier.verify(str2, x509Certificate)) {
            return;
        }
        this.log.error("Failed to verify host address: %s", str);
        this.log.error("Failed to verify hostname: %s", str2);
        throw new CertificateException("Failed to verify both host address and host name");
    }

    public void performHostVerification(InetAddress inetAddress, X509Certificate x509Certificate) throws CertificateException {
        performHostVerification(inetAddress.getHostAddress(), inetAddress.getHostName(), x509Certificate);
    }
}
