package libcore.javax.net.ssl;

import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext;
import javax.security.auth.x500.X500Principal;
import javax.security.cert.X509Certificate;
import junit.framework.TestCase;
import org.slf4j.Marker;

/* loaded from: input_file:libcore/javax/net/ssl/DefaultHostnameVerifierTest.class */
public final class DefaultHostnameVerifierTest extends TestCase {
    private static final int ALT_UNKNOWN = 0;
    private static final int ALT_DNS_NAME = 2;
    private static final int ALT_IPA_NAME = 7;
    private final HostnameVerifier verifier = HttpsURLConnection.getDefaultHostnameVerifier();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:libcore/javax/net/ssl/DefaultHostnameVerifierTest$StubSSLSession.class */
    public static class StubSSLSession implements SSLSession {
        public Certificate[] peerCertificates;

        private StubSSLSession() {
            this.peerCertificates = new Certificate[0];
        }

        @Override // javax.net.ssl.SSLSession
        public int getApplicationBufferSize() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public String getCipherSuite() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public long getCreationTime() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public byte[] getId() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public long getLastAccessedTime() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public Certificate[] getLocalCertificates() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public Principal getLocalPrincipal() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public int getPacketBufferSize() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
            return this.peerCertificates;
        }

        @Override // javax.net.ssl.SSLSession
        public String getPeerHost() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public int getPeerPort() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public String getProtocol() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public SSLSessionContext getSessionContext() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public Object getValue(String str) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public String[] getValueNames() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public void invalidate() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public boolean isValid() {
            return true;
        }

        @Override // javax.net.ssl.SSLSession
        public void putValue(String str, Object obj) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public void removeValue(String str) {
            throw new UnsupportedOperationException();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:libcore/javax/net/ssl/DefaultHostnameVerifierTest$StubX509Certificate.class */
    public static class StubX509Certificate extends java.security.cert.X509Certificate {
        private final X500Principal subjectX500Principal;
        private Collection<List<?>> subjectAlternativeNames;

        public StubX509Certificate() {
            this.subjectX500Principal = new X500Principal("");
            this.subjectAlternativeNames = null;
        }

        public StubX509Certificate(String str) {
            this.subjectX500Principal = new X500Principal("cn=" + str);
            this.subjectAlternativeNames = null;
        }

        public static StubX509Certificate of(int i, String... strArr) {
            StubX509Certificate stubX509Certificate = new StubX509Certificate();
            for (String str : strArr) {
                stubX509Certificate.addSubjectAlternativeName(i, str);
            }
            return stubX509Certificate;
        }

        public static StubX509Certificate dns(String... strArr) {
            return of(2, strArr);
        }

        public static StubX509Certificate ipa(String... strArr) {
            return of(7, strArr);
        }

        public final StubX509Certificate addSubjectAlternativeName(int i, String str) {
            if (this.subjectAlternativeNames == null) {
                this.subjectAlternativeNames = new ArrayList();
            }
            LinkedList linkedList = new LinkedList();
            linkedList.add(Integer.valueOf(i));
            linkedList.add(str);
            this.subjectAlternativeNames.add(linkedList);
            return this;
        }

        @Override // java.security.cert.X509Certificate
        public Collection<List<?>> getSubjectAlternativeNames() {
            return this.subjectAlternativeNames;
        }

        @Override // java.security.cert.X509Certificate
        public X500Principal getSubjectX500Principal() {
            return this.subjectX500Principal;
        }

        @Override // java.security.cert.X509Certificate
        public void checkValidity() {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.X509Certificate
        public void checkValidity(Date date) {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.X509Certificate
        public int getBasicConstraints() {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.X509Certificate
        public Principal getIssuerDN() {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.X509Certificate
        public boolean[] getIssuerUniqueID() {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.X509Certificate
        public boolean[] getKeyUsage() {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.X509Certificate
        public Date getNotAfter() {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.X509Certificate
        public Date getNotBefore() {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.X509Certificate
        public BigInteger getSerialNumber() {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.X509Certificate
        public String getSigAlgName() {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.X509Certificate
        public String getSigAlgOID() {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.X509Certificate
        public byte[] getSigAlgParams() {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.X509Certificate
        public byte[] getSignature() {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.X509Certificate
        public Principal getSubjectDN() {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.X509Certificate
        public boolean[] getSubjectUniqueID() {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.X509Certificate
        public byte[] getTBSCertificate() {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.X509Certificate
        public int getVersion() {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.Certificate
        public byte[] getEncoded() {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.Certificate
        public PublicKey getPublicKey() {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.Certificate
        public String toString() {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.Certificate
        public void verify(PublicKey publicKey) {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.Certificate
        public void verify(PublicKey publicKey, String str) {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.X509Extension
        public Set<String> getCriticalExtensionOIDs() {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.X509Extension
        public byte[] getExtensionValue(String str) {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.X509Extension
        public Set<String> getNonCriticalExtensionOIDs() {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.cert.X509Extension
        public boolean hasUnsupportedCriticalExtension() {
            throw new UnsupportedOperationException();
        }
    }

    public void testVerify_wrongHost() {
        assertFalse(verifyWithServerCertificate("imap.g.com", StubX509Certificate.dns("imap2.g.com")));
        assertFalse(verifyWithServerCertificate("imap.g.com", StubX509Certificate.dns("sub.imap.g.com")));
    }

    public void testVerify_matchesAltNameButNotCommonName() {
        assertTrue(verifyWithServerCertificate("imap.g.com", new StubX509Certificate("Common Name").addSubjectAlternativeName(2, "imap.g.com")));
        assertFalse(verifyWithServerCertificate("imap.g.com", new StubX509Certificate("imap.g.com").addSubjectAlternativeName(2, "example.com")));
    }

    public void testSubjectAltNameAndCn() {
        assertFalse(verifyWithServerCertificate("imap.g.com", new StubX509Certificate().addSubjectAlternativeName(2, "a.y.com")));
        assertFalse(verifyWithServerCertificate("imap.g.com", new StubX509Certificate("imap.g.com").addSubjectAlternativeName(2, "a.y.com")));
        assertTrue(verifyWithServerCertificate("imap.g.com", new StubX509Certificate().addSubjectAlternativeName(2, "imap.g.com")));
    }

    public void testSubjectAltNameWithWildcard() {
        assertTrue(verifyWithServerCertificate("imap.g.com", StubX509Certificate.dns("*.g.com")));
    }

    public void testSubjectAltNameWithIpAddress() {
        assertTrue(verifyWithServerCertificate("1.2.3.4", StubX509Certificate.ipa("1.2.3.4")));
        assertFalse(verifyWithServerCertificate("1.2.3.5", StubX509Certificate.ipa("1.2.3.4")));
        assertTrue(verifyWithServerCertificate("192.168.100.1", StubX509Certificate.ipa("1.2.3.4", "192.168.100.1")));
    }

    public void testUnknownSubjectAltName() {
        assertTrue(verifyWithServerCertificate("imap.g.com", new StubX509Certificate().addSubjectAlternativeName(0, "random string 1").addSubjectAlternativeName(0, "random string 2").addSubjectAlternativeName(2, "a.b.c.d").addSubjectAlternativeName(2, "*.google.com").addSubjectAlternativeName(2, "imap.g.com").addSubjectAlternativeName(7, "2.33.44.55").addSubjectAlternativeName(0, "random string 3")));
        assertTrue(verifyWithServerCertificate("2.33.44.55", new StubX509Certificate().addSubjectAlternativeName(0, "random string 1").addSubjectAlternativeName(0, "random string 2").addSubjectAlternativeName(2, "a.b.c.d").addSubjectAlternativeName(2, "*.google.com").addSubjectAlternativeName(2, "imap.g.com").addSubjectAlternativeName(7, "2.33.44.55").addSubjectAlternativeName(0, "random string 3")));
        assertFalse(verifyWithServerCertificate("g.com", new StubX509Certificate().addSubjectAlternativeName(0, "random string 1").addSubjectAlternativeName(0, "random string 2").addSubjectAlternativeName(2, "a.b.c.d").addSubjectAlternativeName(2, "*.google.com").addSubjectAlternativeName(2, "imap.g.com").addSubjectAlternativeName(7, "2.33.44.55").addSubjectAlternativeName(0, "random string 3")));
        assertFalse(verifyWithServerCertificate("2.33.44.1", new StubX509Certificate().addSubjectAlternativeName(0, "random string 1").addSubjectAlternativeName(0, "random string 2").addSubjectAlternativeName(2, "a.b.c.d").addSubjectAlternativeName(2, "*.google.com").addSubjectAlternativeName(2, "imap.g.com").addSubjectAlternativeName(7, "2.33.44.55").addSubjectAlternativeName(0, "random string 3")));
    }

    public void testWildcardsRejectedForIpAddress() {
        assertFalse(verifyWithServerCertificate("1.2.3.4", new StubX509Certificate("*.2.3.4")));
        assertFalse(verifyWithServerCertificate("1.2.3.4", new StubX509Certificate("*.2.3.4").addSubjectAlternativeName(7, "*.2.3.4").addSubjectAlternativeName(2, "*.2.3.4")));
        assertFalse(verifyWithServerCertificate("2001:1234::1", new StubX509Certificate("*:1234::1")));
        assertFalse(verifyWithServerCertificate("2001:1234::1", new StubX509Certificate("*:1234::1").addSubjectAlternativeName(7, "*:1234::1").addSubjectAlternativeName(2, "*:1234::1")));
    }

    public void testNullParameters() {
        StubSSLSession stubSSLSession = new StubSSLSession();
        stubSSLSession.peerCertificates = new Certificate[]{new StubX509Certificate("cn=www.example.com")};
        this.verifier.verify("www.example.com", stubSSLSession);
        try {
            this.verifier.verify("www.example.com", null);
            fail();
        } catch (NullPointerException e) {
        }
        try {
            this.verifier.verify(null, stubSSLSession);
            fail();
        } catch (NullPointerException e2) {
        }
    }

    public void testInvalidDomainNames() {
        assertFalse(verifyWithDomainNamePattern("", ""));
        assertFalse(verifyWithDomainNamePattern(".test.example.com", ".test.example.com"));
        assertFalse(verifyWithDomainNamePattern("ex*ample.com", "ex*ample.com"));
        assertFalse(verifyWithDomainNamePattern("example.com..", "example.com."));
        assertFalse(verifyWithDomainNamePattern("example.com.", "example.com.."));
    }

    public void testWildcardCharacterMustBeLeftMostLabelOnly() {
        assertFalse(verifyWithDomainNamePattern("test.www.example.com", "test.*.example.com"));
        assertFalse(verifyWithDomainNamePattern("www.example.com", "www.*.com"));
        assertFalse(verifyWithDomainNamePattern("www.example.com", "www.example.*"));
        assertFalse(verifyWithDomainNamePattern("www.example.com", "*www.example.com"));
        assertFalse(verifyWithDomainNamePattern("www.example.com", "*w.example.com"));
        assertFalse(verifyWithDomainNamePattern("www.example.com", "w*w.example.com"));
        assertFalse(verifyWithDomainNamePattern("www.example.com", "w*.example.com"));
        assertFalse(verifyWithDomainNamePattern("www.example.com", "www*.example.com"));
    }

    public void testWildcardCannotMatchEmptyLabel() {
        assertFalse(verifyWithDomainNamePattern("example.com", "*.example.com"));
        assertFalse(verifyWithDomainNamePattern(".example.com", "*.example.com"));
    }

    public void testWildcardCannotMatchChildDomain() {
        assertFalse(verifyWithDomainNamePattern("sub.www.example.com", "*.example.com"));
    }

    public void testWildcardRejectedForSingleLabelPatterns() {
        assertFalse(verifyWithDomainNamePattern("d", Marker.ANY_MARKER));
        assertFalse(verifyWithDomainNamePattern("d.", "*."));
        assertFalse(verifyWithDomainNamePattern("d", "d*"));
        assertFalse(verifyWithDomainNamePattern("d.", "d*."));
        assertFalse(verifyWithDomainNamePattern("d", "*d"));
        assertFalse(verifyWithDomainNamePattern("d.", "*d."));
        assertFalse(verifyWithDomainNamePattern("ddd", "d*d"));
        assertFalse(verifyWithDomainNamePattern("ddd.", "d*d."));
    }

    public void testNoPrefixMatch() {
        assertFalse(verifyWithDomainNamePattern("imap.google.com.au", "imap.google.com"));
        assertFalse(verifyWithDomainNamePattern("imap.google.com.au", "*.google.com"));
    }

    public void testVerifyHostName() {
        assertTrue(verifyWithDomainNamePattern("a.b.c.d", "a.b.c.d"));
        assertTrue(verifyWithDomainNamePattern("a.b.c.d", "*.b.c.d"));
        assertFalse(verifyWithDomainNamePattern("a.b.c.d", "*.*.c.d"));
        assertTrue(verifyWithDomainNamePattern("imap.google.com", "imap.google.com"));
        assertFalse(verifyWithDomainNamePattern("imap2.google.com", "imap.google.com"));
        assertTrue(verifyWithDomainNamePattern("imap.google.com", "*.google.com"));
        assertTrue(verifyWithDomainNamePattern("imap2.google.com", "*.google.com"));
        assertFalse(verifyWithDomainNamePattern("imap.google.com", "*.googl.com"));
        assertFalse(verifyWithDomainNamePattern("imap2.google2.com", "*.google3.com"));
        assertFalse(verifyWithDomainNamePattern("imap.google.com", "a*.google.com"));
        assertFalse(verifyWithDomainNamePattern("imap.google.com", "ix*.google.com"));
        assertTrue(verifyWithDomainNamePattern("imap.google.com", "iMap.Google.Com"));
        assertTrue(verifyWithDomainNamePattern("weird", "weird"));
        assertTrue(verifyWithDomainNamePattern("weird", "weird."));
        assertFalse(verifyWithDomainNamePattern("weird", "weird*"));
        assertFalse(verifyWithDomainNamePattern("weird", "*weird"));
        assertFalse(verifyWithDomainNamePattern("weird", "weird*."));
        assertFalse(verifyWithDomainNamePattern("weird", "weird.*"));
    }

    public void testVerifyAbsoluteHostName() {
        assertTrue(verifyWithDomainNamePattern("a.b.c.d.", "a.b.c.d"));
        assertTrue(verifyWithDomainNamePattern("a.b.c.d.", "*.b.c.d"));
        assertFalse(verifyWithDomainNamePattern("a.b.c.d.", "*.*.c.d"));
        assertTrue(verifyWithDomainNamePattern("imap.google.com.", "imap.google.com"));
        assertFalse(verifyWithDomainNamePattern("imap2.google.com.", "imap.google.com"));
        assertTrue(verifyWithDomainNamePattern("imap.google.com.", "*.google.com"));
        assertTrue(verifyWithDomainNamePattern("imap2.google.com.", "*.google.com"));
        assertFalse(verifyWithDomainNamePattern("imap.google.com.", "*.googl.com"));
        assertFalse(verifyWithDomainNamePattern("imap2.google2.com.", "*.google3.com"));
        assertFalse(verifyWithDomainNamePattern("imap.google.com.", "a*.google.com"));
        assertFalse(verifyWithDomainNamePattern("imap.google.com.", "ix*.google.com"));
        assertTrue(verifyWithDomainNamePattern("imap.google.com.", "iMap.Google.Com"));
        assertTrue(verifyWithDomainNamePattern("weird.", "weird"));
        assertTrue(verifyWithDomainNamePattern("weird.", "weird."));
        assertFalse(verifyWithDomainNamePattern("weird.", "*weird"));
        assertFalse(verifyWithDomainNamePattern("weird.", "weird*"));
        assertFalse(verifyWithDomainNamePattern("weird.", "weird*."));
        assertFalse(verifyWithDomainNamePattern("weird.", "weird.*"));
    }

    public void testSubjectOnlyCert() throws Exception {
        java.security.cert.X509Certificate parseCertificate = parseCertificate("-----BEGIN CERTIFICATE-----\nMIIC0TCCAbmgAwIBAgIJANCQbJPPw31SMA0GCSqGSIb3DQEBBQUAMCcxCzAJBgNV\nBAYTAkpQMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wIBcNMTAwMTEyMjA1ODE4\nWhgPMjA2NDEwMTUyMDU4MThaMCcxCzAJBgNVBAYTAkpQMRgwFgYDVQQDEw93d3cu\nZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsdUJk\n4KxADA3vlDHxNbyC27Ozw4yiSVzPTHUct471YmdDRW3orO2P5a5hRnUGV70gjH9X\nMU4oeOdWYAgXB9pxfLyr6621k1+uNrmaZtzp0ECH9twcwxNJJFDZsN7o9vt7V6Ej\nNN9weeqDr/aeQXo07a12vyVfR6jWO8jHB0e4aemwZNoYjNvM69fivQTse2ZoRVfj\neSHhjRTX6I8ry4a31Hwt+fT1QiWWNN6o7+WOtpJAhX3eg4smhSD1svi2kOT8tdUe\nNS4hWlmXmumU9G4tI8PBurcLNTm7PB2lUlbn/IV18WavqKE/Uy/1WgAx+a1EJNdp\ni07AG1PsqaONKkf1AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAJrNsuL7fZZNC8gL\nBdePJ7DYW2e7mXANU3bCBe2BZqmXKQxKwibZnEsqA+yMLqcSd8uxISlyHY2tw9wT\n4wB9KPIttfNLbwn/rk+MbOTHpvyF60d9WhJJVUkPBl8D4VuPSl+VnlA54kU9dtZN\n+ZYdxYbNtSsI/Flz9SCoOV79W9GhN+uYJhv6RwyIMIHeMpZpyX1xSUVx5dZlmerQ\nWAUvghDH3fFRt2ZdnA4OXoKkTAaM3Pv7PUMsnah8bux6MQi0AuLMWFWOI1H34koH\nrs2oQLwOLnuifH52ey9+tJguabo+brlYYigAuWWFEzJfBzikDkIwnE/L7wlrypIk\ntaXDWI4=\n-----END CERTIFICATE-----");
        assertFalse(verifyWithServerCertificate("www.example.com", parseCertificate));
        assertFalse(verifyWithServerCertificate("www2.example.com", parseCertificate));
    }

    public void testSubjectAltOnlyCert() throws Exception {
        java.security.cert.X509Certificate parseCertificate = parseCertificate("-----BEGIN CERTIFICATE-----\nMIICvTCCAaWgAwIBAgIJALbA0TZk2YmNMA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNV\nBAYTAkpQMCAXDTEwMDExMjIwNTg1NFoYDzIwNjQxMDE1MjA1ODU0WjANMQswCQYD\nVQQGEwJKUDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEg6acVC9V4\nxNGoLNVLPbqBc8IvMvcsc88dF6MW3d9VagX3aeWU8c79tI/KOV/1AOakH7WYxw/w\nyD8aOX7+9BK1Hu0qKKKbSM+ycqaMthXd6xytrNDsIx5WiGUz8zTko0Gk3orIR7p7\nrPcNzB/zwtESkscqPv85aEn7S/yClNkzLfEzm3CtaYOc0tfhBMyzi/ipXzGMxUmx\nPvOLr3v/Oz5pZEQw7Kxlm4+tAtn7bJlHziQ1UW4WPIy+T3hySBEpODFiqZi7Ok3X\nZjxdii62fgo5B2Ee7q5Amo0mUIwcQTDjJ2CLAqzYnSh3tpiPJGjEIjmRyCoMQ1bx\n7D+y7nSPIq8CAwEAAaMeMBwwGgYDVR0RBBMwEYIPd3d3LmV4YW1wbGUuY29tMA0G\nCSqGSIb3DQEBBQUAA4IBAQBsGEh+nHc0l9FJTzWqvG3qs7i6XoJZdtThCDx4HjKJ\n8GMrJtreNN4JvIxn7KC+alVbnILjzCRO+c3rsnpxKBi5cp2imjuw5Kf/x2Seimb9\nUvZbaJvBVOzy4Q1IGef9bLy3wZzy2/WfBFyvPTAkgkRaX7LN2jnYOYVhNoNFrwqe\nEWxkA6fzrpyseUEFeGFFjGxRSRCDcQ25Eq6d9rkC1x21zNtt4QwZBO0wHrTy155M\nJPRynf9244Pn0Sr/wsnmdsTRFIFYynrc51hQ7DkwbUxpcaewkZzilru/SwZ3+pPT\n9JSqm5hJ1pg5WDlPkW7c/1VA0/141N52Q8MIU+2ZpuOj\n-----END CERTIFICATE-----");
        assertTrue(verifyWithServerCertificate("www.example.com", parseCertificate));
        assertFalse(verifyWithServerCertificate("www2.example.com", parseCertificate));
    }

    public void testSubjectWithAltNamesCert() throws Exception {
        java.security.cert.X509Certificate parseCertificate = parseCertificate("-----BEGIN CERTIFICATE-----\nMIIDBDCCAeygAwIBAgIJALv14qjcuhw9MA0GCSqGSIb3DQEBBQUAMCcxCzAJBgNV\nBAYTAkpQMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wIBcNMTAwMTEyMjA1OTM4\nWhgPMjA2NDEwMTUyMDU5MzhaMCcxCzAJBgNVBAYTAkpQMRgwFgYDVQQDEw93d3cu\nZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiTVgU\nkBO9KNYZZLmiPR0eBrk8u61CLnm35BGKW8EFpDaINLbbIFIQvqOMekURON/N+xFY\nD8roo7aFZVuHWAUqFcOJ4e6NmviK5qocLihtzAexsw4f4AzZxM3A8kcLlWLyAt7e\nEVLxhcMHogY7GaF6q+33Z8p+zp6x3tj07mwyPrriCLse2PeRsRunZl/fp/VvRlr6\nYbC7CbRrhnIv5nqohs8BsbBiiFpxQftsMQmiXhY2LUzqY2RXUIOw24fHjoQkHTL2\n4z5nUM3b6ueQe+CBnobUS6fzK/36Nct4dRpev9i/ORdRLuIDKJ+QR16G1V/BJYBR\ndAK+3iXvg6z8vP1XAgMBAAGjMTAvMC0GA1UdEQQmMCSCEHd3dzIuZXhhbXBsZS5j\nb22CEHd3dzMuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQEFBQADggEBAJQNf38uXm3h\n0vsF+Yd6/HqM48Su7tWnTDAfTXnQZZkzjzITq3JXzquMXICktAVN2cLnT9zPfRAE\n8V8A3BNO5zXiR5W3o/mJP5HQ3/WxpzBGM2N+YmDCJyBoQrIVaAZaXAZUaBBvn5A+\nkEVfGWquwIFuvA67xegbJOCRLD4eUzRdNsn5+NFiakWO1tkFqEzqyQ0PNPviRjgu\nz9NxdPvd1JQOhydkucsPKJzlEBbGyL5QL/Jkot3Qy+FOeuNzgQUfAGtQgzRrsZDK\nhrTVypLSoRXuTB2aWilu4p6aNh84xTdyqo2avtNr2MiQMZIcdamBq8LdBIAShFXI\nh5G2eVGXH/Y=\n-----END CERTIFICATE-----");
        assertFalse(verifyWithServerCertificate("www.example.com", parseCertificate));
        assertTrue(verifyWithServerCertificate("www2.example.com", parseCertificate));
        assertTrue(verifyWithServerCertificate("www3.example.com", parseCertificate));
        assertFalse(verifyWithServerCertificate("www4.example.com", parseCertificate));
    }

    public void testSubjectWithWildAltNamesCert() throws Exception {
        java.security.cert.X509Certificate parseCertificate = parseCertificate("-----BEGIN CERTIFICATE-----\nMIIC8DCCAdigAwIBAgIJAL/oWJ64VAdXMA0GCSqGSIb3DQEBBQUAMCcxCzAJBgNV\nBAYTAkpQMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wIBcNMTAwMTEyMjEwMDAx\nWhgPMjA2NDEwMTUyMTAwMDFaMCcxCzAJBgNVBAYTAkpQMRgwFgYDVQQDEw93d3cu\nZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbx1QB\n92iea7VybLYICA4MX4LWipYrRsgXUXQrcIQ3YLTQ9rH0VwScrHL4O4JDxgXCQnR+\n4VOzD42q1KXHJAqzqGUYCNPyvZEzkGCnQ4FBIUEmxZd5SNEefJVH3Z6GizYJomTh\np78yDcoqymD9umxRC2cWFu8GscfFGMVyhsqLlOofu7UWOs22mkXPo43jDx+VOAoV\nn48YP3P57a2Eo0gcd4zVL00y62VegqBO/1LW38aTS7teiCBFc1TkNYa5I40yN9lP\nrB9ICHYQWyzf/7OxU9iauEK2w6DmSsQoLs9JzEhgeNZddkcc77ciSUCo2Hx0VpOJ\nBFyf2rbryJeAk+FDAgMBAAGjHTAbMBkGA1UdEQQSMBCCDiouZXhhbXBsZTIuY29t\nMA0GCSqGSIb3DQEBBQUAA4IBAQA2a14pRL+4laJ8sscQlucaDB/oSdb0cwhk4IkE\nkKl/ZKr6rKwPZ81sJRgzvI4imLbUAKt4AJHdpI9cIQUq1gw9bzil7LKwmFtFSPmC\nMYb1iadaYrvp7RE4yXrWCcSbU0hup9JQLHTrHLlqLtRuU48NHMvWYThBcS9Q/hQp\nnJ/JxYy3am99MHALWLAfuRxQXhE4C5utDmBwI2KD6A8SA30s+CnuegmkYScuSqBu\nY3R0HZvKzNIU3pwAm69HCJoG+/9MZEIDJb0WJc5UygxDT45XE9zQMQe4dBOTaNXT\n+ntgaB62kE10HzrzpqXAgoAWxWK4RzFcUpBWw9qYq9xOCewJ\n-----END CERTIFICATE-----");
        assertFalse(verifyWithServerCertificate("www.example.com", parseCertificate));
        assertFalse(verifyWithServerCertificate("www2.example.com", parseCertificate));
        assertTrue(verifyWithServerCertificate("www.example2.com", parseCertificate));
        assertTrue(verifyWithServerCertificate("abc.example2.com", parseCertificate));
        assertFalse(verifyWithServerCertificate("www.example3.com", parseCertificate));
    }

    public void testWildAltNameOnlyCert() throws Exception {
        java.security.cert.X509Certificate parseCertificate = parseCertificate("-----BEGIN CERTIFICATE-----\nMIICuzCCAaOgAwIBAgIJAP82tgcvmAGxMA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNV\nBAYTAkpQMCAXDTEwMDExMjIxMDAyN1oYDzIwNjQxMDE1MjEwMDI3WjANMQswCQYD\nVQQGEwJKUDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALs528EQbcB1\nx4BwxthQBZrgDJzoO7KPV3dhGYoeP8EnRjapZm+T/sj9P/O4HvfxjnB+fsjYSdmE\nWWUtnFrP7wtG9DUC748Ea2PMV8WFhOG58dqBNIko5XzkHB7SxkNZD5S/0KQYMGLr\nrchDsDlmsEf2Qb6qiqpNEU70aSkExZJcH+B9nWdeBpsVFu7wtezwSWEc2NUa2bhW\ngcXQ/aafwHZ4o2PyGwy0sgS/UifqO9tEllC2tPleSNJOmYsVudv5Bz4Q0GG38BSz\nPc0IcOoln0ZWpXbGr03V2vlXWCwzaFAl3I1T3O7YVqDiaSWoP+d0tHZzmw8aJLXd\nB+KaUUGxRPsCAwEAAaMcMBowGAYDVR0RBBEwD4INKi5leGFtcGxlLmNvbTANBgkq\nhkiG9w0BAQUFAAOCAQEAJbVan4QgJ0cvpJnK9UWIVJNC+UbP87RC5go2fQiTnmGv\nprOrIuMqz1+vGcpIheLTLctJRHPoadXq0+UbQEIaU3pQbY6C4nNdfl+hcvmJeqrt\nkOCcvmIamO68iNvTSeszuHuu4O38PefrW2Xd0nn7bjFZrzBzHFhTudmnqNliP3ue\nKKQpqkUt5lCytnH8V/u/UCWdvVx5LnUa2XFGVLi3ongBIojW5fvF+yxn9ADqxdrI\nva++ow5r1VxQXFJc0ZPzsDo+6TlktoDHaRQJGMqQomqHWT4i7F5UZgf6BHGfEUPU\nqep+GsF3QRHSBtpObWkVDZNFvky3a1iZ2q25+hFIqQ==\n-----END CERTIFICATE-----");
        assertTrue(verifyWithServerCertificate("www.example.com", parseCertificate));
        assertTrue(verifyWithServerCertificate("www2.example.com", parseCertificate));
        assertFalse(verifyWithServerCertificate("www.example2.com", parseCertificate));
    }

    public void testAltIpOnlyCert() throws Exception {
        java.security.cert.X509Certificate parseCertificate = parseCertificate("-----BEGIN CERTIFICATE-----\nMIICsjCCAZqgAwIBAgIJALrC37YAXFIeMA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNV\nBAYTAkpQMCAXDTEwMDExMjIxMzk0NloYDzIwNjQxMDE1MjEzOTQ2WjANMQswCQYD\nVQQGEwJKUDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALr8s/4Abpby\nIYks5YCJE2nbWH7kj6XbwnRzsVP9RVC33bPoQ1M+2ZY24HqkigjQS/HEXR0s0bYh\ndewNUnTj1uGyGs6cYzsbu7x114vmVYqjxUo3hKjwfYiPeF6f3IE1vpLI7I2G32gq\nZwm9c1/vXNHIdWQxCpFcuPA8P3YGfoApFX4pQPFplBUNAQqnjdmA68cbxxMC+1F3\nmX42D7iIEVwyVpah5HjyxjIZQlf3X7QBj0bCmkL+ibIHTALrkNNwNM6i4xzYLz/5\n14GkN9ncHY87eSOk6r53ptER6mQMhCe9qPRjSHnpWTTyj6IXTaYe+dDQw657B80w\ncSHL7Ed25zUCAwEAAaMTMBEwDwYDVR0RBAgwBocEwKgKATANBgkqhkiG9w0BAQUF\nAAOCAQEAgrwrtOWZT3fbi1AafpGaAiOBWSJqYqRhtQy0AfiZBxv1U0XaYqmZmpnq\nDVAqr0NkljowD28NBrxIFO5gBNum2ZOPDl2/5vjFn+IirUCJ9u9wS7zYkTCW2lQR\nxE7Ic3mfWv7wUbKDfjlWqP1IDHUxwkrBTAl+HnwOPiaKKk1ttwcrgS8AHlqASe03\nmlwnvJ+Stk54IneRaegL0L93sNAy63RZqnPCTxGz7eHcFwX8Jdr4sbxTxQqV6pIc\nWPjHQcWfpkFzAF5wyOq0kveVfx0g5xPhOVDd+U+q7WastbXICpCoHp9FxISmZVik\nsAyifp8agkYdzaSh55fFmKXlFnRsQw==\n-----END CERTIFICATE-----");
        assertTrue(verifyWithServerCertificate("192.168.10.1", parseCertificate));
        assertFalse(verifyWithServerCertificate("192.168.10.2", parseCertificate));
    }

    private boolean verifyWithDomainNamePattern(String str, String str2) {
        StubSSLSession stubSSLSession = new StubSSLSession();
        stubSSLSession.peerCertificates = new Certificate[]{new StubX509Certificate("cn=\"" + str2 + "\"")};
        assertFalse("Verifier should ignore CN.", this.verifier.verify(str, stubSSLSession));
        stubSSLSession.peerCertificates = new Certificate[]{new StubX509Certificate("ou=test").addSubjectAlternativeName(2, str2)};
        return this.verifier.verify(str, stubSSLSession);
    }

    private boolean verifyWithServerCertificate(String str, java.security.cert.X509Certificate x509Certificate) {
        StubSSLSession stubSSLSession = new StubSSLSession();
        stubSSLSession.peerCertificates = x509Certificate != null ? new Certificate[]{x509Certificate} : new Certificate[0];
        return this.verifier.verify(str, stubSSLSession);
    }

    java.security.cert.X509Certificate parseCertificate(String str) throws Exception {
        return (java.security.cert.X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(str.getBytes(StandardCharsets.US_ASCII)));
    }
}
