package org.apache.hc.client5.http.ssl;

import java.io.ByteArrayInputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import javax.net.ssl.SSLException;
import org.apache.hc.client5.http.psl.DomainType;
import org.apache.hc.client5.http.psl.PublicSuffixMatcher;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/hc/client5/http/ssl/TestDefaultHostnameVerifier.class */
public class TestDefaultHostnameVerifier {
    private DefaultHostnameVerifier impl;
    private PublicSuffixMatcher publicSuffixMatcher;
    private DefaultHostnameVerifier implWithPublicSuffixCheck;

    @Before
    public void setup() {
        this.impl = new DefaultHostnameVerifier();
        this.publicSuffixMatcher = new PublicSuffixMatcher(DomainType.ICANN, Arrays.asList("com", "co.jp", "gov.uk"), (Collection) null);
        this.implWithPublicSuffixCheck = new DefaultHostnameVerifier(this.publicSuffixMatcher);
    }

    @Test
    public void testVerify() throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertificatesToPlayWith.X509_FOO));
        this.impl.verify("foo.com", x509Certificate);
        exceptionPlease(this.impl, "a.foo.com", x509Certificate);
        exceptionPlease(this.impl, "bar.com", x509Certificate);
        X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertificatesToPlayWith.X509_HANAKO));
        this.impl.verify("花子.co.jp", x509Certificate2);
        exceptionPlease(this.impl, "a.花子.co.jp", x509Certificate2);
        X509Certificate x509Certificate3 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertificatesToPlayWith.X509_FOO_BAR));
        exceptionPlease(this.impl, "foo.com", x509Certificate3);
        exceptionPlease(this.impl, "a.foo.com", x509Certificate3);
        this.impl.verify("bar.com", x509Certificate3);
        exceptionPlease(this.impl, "a.bar.com", x509Certificate3);
        X509Certificate x509Certificate4 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertificatesToPlayWith.X509_FOO_BAR_HANAKO));
        exceptionPlease(this.impl, "foo.com", x509Certificate4);
        exceptionPlease(this.impl, "a.foo.com", x509Certificate4);
        this.impl.verify("bar.com", x509Certificate4);
        exceptionPlease(this.impl, "a.bar.com", x509Certificate4);
        exceptionPlease(this.impl, "a.花子.co.jp", x509Certificate4);
        X509Certificate x509Certificate5 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertificatesToPlayWith.X509_NO_CNS_FOO));
        this.impl.verify("foo.com", x509Certificate5);
        exceptionPlease(this.impl, "a.foo.com", x509Certificate5);
        X509Certificate x509Certificate6 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertificatesToPlayWith.X509_NO_CNS_FOO));
        this.impl.verify("foo.com", x509Certificate6);
        exceptionPlease(this.impl, "a.foo.com", x509Certificate6);
        X509Certificate x509Certificate7 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertificatesToPlayWith.X509_THREE_CNS_FOO_BAR_HANAKO));
        exceptionPlease(this.impl, "foo.com", x509Certificate7);
        exceptionPlease(this.impl, "a.foo.com", x509Certificate7);
        exceptionPlease(this.impl, "bar.com", x509Certificate7);
        exceptionPlease(this.impl, "a.bar.com", x509Certificate7);
        this.impl.verify("花子.co.jp", x509Certificate7);
        exceptionPlease(this.impl, "a.花子.co.jp", x509Certificate7);
        X509Certificate x509Certificate8 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertificatesToPlayWith.X509_WILD_FOO));
        exceptionPlease(this.impl, "foo.com", x509Certificate8);
        this.impl.verify("www.foo.com", x509Certificate8);
        this.impl.verify("花子.foo.com", x509Certificate8);
        exceptionPlease(this.impl, "a.b.foo.com", x509Certificate8);
        X509Certificate x509Certificate9 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertificatesToPlayWith.X509_WILD_CO_JP));
        this.impl.verify("*.co.jp", x509Certificate9);
        this.impl.verify("foo.co.jp", x509Certificate9);
        this.impl.verify("花子.co.jp", x509Certificate9);
        exceptionPlease(this.implWithPublicSuffixCheck, "foo.co.jp", x509Certificate9);
        exceptionPlease(this.implWithPublicSuffixCheck, "花子.co.jp", x509Certificate9);
        X509Certificate x509Certificate10 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertificatesToPlayWith.X509_WILD_FOO_BAR_HANAKO));
        exceptionPlease(this.impl, "foo.com", x509Certificate10);
        exceptionPlease(this.impl, "www.foo.com", x509Certificate10);
        exceptionPlease(this.impl, "花子.foo.com", x509Certificate10);
        exceptionPlease(this.impl, "a.b.foo.com", x509Certificate10);
        exceptionPlease(this.impl, "bar.com", x509Certificate10);
        this.impl.verify("www.bar.com", x509Certificate10);
        this.impl.verify("花子.bar.com", x509Certificate10);
        exceptionPlease(this.impl, "a.b.bar.com", x509Certificate10);
        this.impl.verify("repository.infonotary.com", (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertificatesToPlayWith.X509_MULTIPLE_VALUE_AVA)));
    }

    @Test
    public void testSubjectAlt() throws Exception {
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(CertificatesToPlayWith.X509_MULTIPLE_SUBJECT_ALT));
        Assert.assertEquals("CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=CH", x509Certificate.getSubjectDN().getName());
        this.impl.verify("localhost.localdomain", x509Certificate);
        this.impl.verify("127.0.0.1", x509Certificate);
        try {
            this.impl.verify("localhost", x509Certificate);
            Assert.fail("SSLException should have been thrown");
        } catch (SSLException e) {
        }
        try {
            this.impl.verify("local.host", x509Certificate);
            Assert.fail("SSLException should have been thrown");
        } catch (SSLException e2) {
        }
        try {
            this.impl.verify("127.0.0.2", x509Certificate);
            Assert.fail("SSLException should have been thrown");
        } catch (SSLException e3) {
        }
    }

    public void exceptionPlease(DefaultHostnameVerifier defaultHostnameVerifier, String str, X509Certificate x509Certificate) {
        try {
            defaultHostnameVerifier.verify(str, x509Certificate);
            Assert.fail("HostnameVerifier shouldn't allow [" + str + "]");
        } catch (SSLException e) {
        }
    }

    @Test
    public void testDomainRootMatching() {
        Assert.assertFalse(DefaultHostnameVerifier.matchDomainRoot("a.b.c", (String) null));
        Assert.assertTrue(DefaultHostnameVerifier.matchDomainRoot("a.b.c", "a.b.c"));
        Assert.assertFalse(DefaultHostnameVerifier.matchDomainRoot("aa.b.c", "a.b.c"));
        Assert.assertFalse(DefaultHostnameVerifier.matchDomainRoot("a.b.c", "aa.b.c"));
        Assert.assertTrue(DefaultHostnameVerifier.matchDomainRoot("a.a.b.c", "a.b.c"));
    }

    @Test
    public void testIdentityMatching() {
        Assert.assertTrue(DefaultHostnameVerifier.matchIdentity("a.b.c", "*.b.c"));
        Assert.assertTrue(DefaultHostnameVerifier.matchIdentityStrict("a.b.c", "*.b.c"));
        Assert.assertTrue(DefaultHostnameVerifier.matchIdentity("s.a.b.c", "*.b.c"));
        Assert.assertFalse(DefaultHostnameVerifier.matchIdentityStrict("s.a.b.c", "*.b.c"));
        Assert.assertFalse(DefaultHostnameVerifier.matchIdentity("a.gov.uk", "*.gov.uk", this.publicSuffixMatcher));
        Assert.assertFalse(DefaultHostnameVerifier.matchIdentityStrict("a.gov.uk", "*.gov.uk", this.publicSuffixMatcher));
        Assert.assertTrue(DefaultHostnameVerifier.matchIdentity("s.a.gov.uk", "*.a.gov.uk", this.publicSuffixMatcher));
        Assert.assertTrue(DefaultHostnameVerifier.matchIdentityStrict("s.a.gov.uk", "*.a.gov.uk", this.publicSuffixMatcher));
        Assert.assertFalse(DefaultHostnameVerifier.matchIdentity("s.a.gov.uk", "*.gov.uk", this.publicSuffixMatcher));
        Assert.assertFalse(DefaultHostnameVerifier.matchIdentityStrict("s.a.gov.uk", "*.gov.uk", this.publicSuffixMatcher));
        Assert.assertTrue(DefaultHostnameVerifier.matchIdentity("a.gov.com", "*.gov.com", this.publicSuffixMatcher));
        Assert.assertTrue(DefaultHostnameVerifier.matchIdentityStrict("a.gov.com", "*.gov.com", this.publicSuffixMatcher));
        Assert.assertTrue(DefaultHostnameVerifier.matchIdentity("s.a.gov.com", "*.gov.com", this.publicSuffixMatcher));
        Assert.assertFalse(DefaultHostnameVerifier.matchIdentityStrict("s.a.gov.com", "*.gov.com", this.publicSuffixMatcher));
        Assert.assertFalse(DefaultHostnameVerifier.matchIdentity("a.gov.uk", "a*.gov.uk", this.publicSuffixMatcher));
        Assert.assertFalse(DefaultHostnameVerifier.matchIdentityStrict("a.gov.uk", "a*.gov.uk", this.publicSuffixMatcher));
        Assert.assertFalse(DefaultHostnameVerifier.matchIdentity("s.a.gov.uk", "a*.gov.uk", this.publicSuffixMatcher));
        Assert.assertFalse(DefaultHostnameVerifier.matchIdentityStrict("s.a.gov.uk", "a*.gov.uk", this.publicSuffixMatcher));
        Assert.assertFalse(DefaultHostnameVerifier.matchIdentity("a.b.c", "*.b.*"));
        Assert.assertFalse(DefaultHostnameVerifier.matchIdentityStrict("a.b.c", "*.b.*"));
        Assert.assertFalse(DefaultHostnameVerifier.matchIdentity("a.b.c", "*.*.c"));
        Assert.assertFalse(DefaultHostnameVerifier.matchIdentityStrict("a.b.c", "*.*.c"));
    }

    @Test
    public void testHTTPCLIENT_1097() {
        Assert.assertTrue(DefaultHostnameVerifier.matchIdentity("a.b.c", "a*.b.c"));
        Assert.assertTrue(DefaultHostnameVerifier.matchIdentityStrict("a.b.c", "a*.b.c"));
        Assert.assertTrue(DefaultHostnameVerifier.matchIdentity("a.a.b.c", "a*.b.c"));
        Assert.assertFalse(DefaultHostnameVerifier.matchIdentityStrict("a.a.b.c", "a*.b.c"));
    }

    @Test
    public void testHTTPCLIENT_1255() {
        Assert.assertTrue(DefaultHostnameVerifier.matchIdentity("mail.a.b.c.com", "m*.a.b.c.com"));
        Assert.assertTrue(DefaultHostnameVerifier.matchIdentityStrict("mail.a.b.c.com", "m*.a.b.c.com"));
    }

    @Test
    public void testHTTPCLIENT_1316() throws Exception {
        DefaultHostnameVerifier.matchIPv6Address("2001:0db8:aaaa:bbbb:cccc:0:0:0001", Arrays.asList("2001:0db8:aaaa:bbbb:cccc:0:0:0001"));
        DefaultHostnameVerifier.matchIPv6Address("2001:0db8:aaaa:bbbb:cccc:0:0:0001", Arrays.asList("2001:0db8:aaaa:bbbb:cccc::1"));
        try {
            DefaultHostnameVerifier.matchIPv6Address("2001:0db8:aaaa:bbbb:cccc:0:0:0001", Arrays.asList("2001:0db8:aaaa:bbbb:cccc::10"));
            Assert.fail("SSLException expected");
        } catch (SSLException e) {
        }
        DefaultHostnameVerifier.matchIPv6Address("2001:0db8:aaaa:bbbb:cccc::1", Arrays.asList("2001:0db8:aaaa:bbbb:cccc:0:0:0001"));
        DefaultHostnameVerifier.matchIPv6Address("2001:0db8:aaaa:bbbb:cccc::1", Arrays.asList("2001:0db8:aaaa:bbbb:cccc::1"));
        try {
            DefaultHostnameVerifier.matchIPv6Address("2001:0db8:aaaa:bbbb:cccc::1", Arrays.asList("2001:0db8:aaaa:bbbb:cccc::10"));
            Assert.fail("SSLException expected");
        } catch (SSLException e2) {
        }
    }

    @Test
    public void testExtractCN() throws Exception {
        Assert.assertEquals("blah", DefaultHostnameVerifier.extractCN("cn=blah, ou=blah, o=blah"));
        Assert.assertEquals("blah", DefaultHostnameVerifier.extractCN("cn=blah, cn=yada, cn=booh"));
        Assert.assertEquals("blah", DefaultHostnameVerifier.extractCN("c = pampa ,  cn  =    blah    , ou = blah , o = blah"));
        Assert.assertEquals("blah", DefaultHostnameVerifier.extractCN("cn=\"blah\", ou=blah, o=blah"));
        Assert.assertEquals("blah  blah", DefaultHostnameVerifier.extractCN("cn=\"blah  blah\", ou=blah, o=blah"));
        Assert.assertEquals("blah, blah", DefaultHostnameVerifier.extractCN("cn=\"blah, blah\", ou=blah, o=blah"));
        Assert.assertEquals("blah, blah", DefaultHostnameVerifier.extractCN("cn=blah\\, blah, ou=blah, o=blah"));
        Assert.assertEquals("blah", DefaultHostnameVerifier.extractCN("c = cn=uuh, cn=blah, ou=blah, o=blah"));
        try {
            DefaultHostnameVerifier.extractCN("blah,blah");
            Assert.fail("SSLException expected");
        } catch (SSLException e) {
        }
        try {
            DefaultHostnameVerifier.extractCN("cn,o=blah");
            Assert.fail("SSLException expected");
        } catch (SSLException e2) {
        }
    }
}
