package org.apache.hc.client5.http.ssl;

import j$.util.Objects;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.slf4j.Logger;

/* loaded from: classes6.dex */
final class TlsSessionValidator {
    private final Logger log;

    /* JADX INFO: Access modifiers changed from: package-private */
    public TlsSessionValidator(Logger logger) {
        this.log = logger;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void verifySession(String str, SSLSession sSLSession, HostnameVerifier hostnameVerifier) throws SSLException {
        if (this.log.isDebugEnabled()) {
            this.log.debug("Secure session established");
            this.log.debug(" negotiated protocol: {}", sSLSession.getProtocol());
            this.log.debug(" negotiated cipher suite: {}", sSLSession.getCipherSuite());
            try {
                Certificate certificate = sSLSession.getPeerCertificates()[0];
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    this.log.debug(" peer principal: {}", x509Certificate.getSubjectX500Principal());
                    Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
                    if (subjectAlternativeNames != null) {
                        ArrayList arrayList = new ArrayList();
                        for (List<?> list : subjectAlternativeNames) {
                            if (!list.isEmpty()) {
                                arrayList.add(Objects.toString(list.get(1), null));
                            }
                        }
                        this.log.debug(" peer alternative names: {}", arrayList);
                    }
                    this.log.debug(" issuer principal: {}", x509Certificate.getIssuerX500Principal());
                    Collection<List<?>> issuerAlternativeNames = x509Certificate.getIssuerAlternativeNames();
                    if (issuerAlternativeNames != null) {
                        ArrayList arrayList2 = new ArrayList();
                        for (List<?> list2 : issuerAlternativeNames) {
                            if (!list2.isEmpty()) {
                                arrayList2.add(Objects.toString(list2.get(1), null));
                            }
                        }
                        this.log.debug(" issuer alternative names: {}", arrayList2);
                    }
                }
            } catch (Exception unused) {
            }
        }
        if (hostnameVerifier != null) {
            Certificate[] peerCertificates = sSLSession.getPeerCertificates();
            if (peerCertificates.length < 1) {
                throw new SSLPeerUnverifiedException("Peer certificate chain is empty");
            }
            Certificate certificate2 = peerCertificates[0];
            if (!(certificate2 instanceof X509Certificate)) {
                throw new SSLPeerUnverifiedException("Unexpected certificate type: " + certificate2.getType());
            }
            X509Certificate x509Certificate2 = (X509Certificate) certificate2;
            if (hostnameVerifier instanceof HttpClientHostnameVerifier) {
                ((HttpClientHostnameVerifier) hostnameVerifier).verify(str, x509Certificate2);
                return;
            }
            if (hostnameVerifier.verify(str, sSLSession)) {
                return;
            }
            throw new SSLPeerUnverifiedException("Certificate for <" + str + "> doesn't match any of the subject alternative names: " + DefaultHostnameVerifier.getSubjectAltNames(x509Certificate2));
        }
    }
}
