package org.ldaptive.ssl;

import java.net.Socket;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/ldaptive-2.1.0.jar:org/ldaptive/ssl/X509ExtendedTrustManagerWrapper.class */
public class X509ExtendedTrustManagerWrapper extends X509ExtendedTrustManager {
    protected final Logger logger = LoggerFactory.getLogger(getClass());
    private final X509TrustManager trustManager;
    private final CertificateHostnameVerifier hostnameVerifier;

    public X509ExtendedTrustManagerWrapper(X509TrustManager x509TrustManager, CertificateHostnameVerifier certificateHostnameVerifier) {
        this.trustManager = x509TrustManager;
        this.hostnameVerifier = certificateHostnameVerifier;
    }

    protected void verifyHostname(SSLSession sSLSession, X509Certificate x509Certificate) throws CertificateException {
        String resolve = new HostnameResolver(sSLSession).resolve();
        if (!this.hostnameVerifier.verify(resolve, x509Certificate)) {
            throw new CertificateException("Hostname verification failed for " + resolve + " using " + this.hostnameVerifier);
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        if (this.trustManager instanceof X509ExtendedTrustManager) {
            ((X509ExtendedTrustManager) this.trustManager).checkClientTrusted(x509CertificateArr, str, socket);
            return;
        }
        this.trustManager.checkClientTrusted(x509CertificateArr, str);
        if (socket == null || !socket.isConnected() || !(socket instanceof SSLSocket)) {
            throw new CertificateException("Could not retrieve SSL session from socket");
        }
        verifyHostname(((SSLSocket) socket).getHandshakeSession(), x509CertificateArr[0]);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        if (this.trustManager instanceof X509ExtendedTrustManager) {
            ((X509ExtendedTrustManager) this.trustManager).checkServerTrusted(x509CertificateArr, str, socket);
            return;
        }
        this.trustManager.checkServerTrusted(x509CertificateArr, str);
        if (socket == null || !socket.isConnected() || !(socket instanceof SSLSocket)) {
            throw new CertificateException("Could not retrieve SSL session from socket");
        }
        verifyHostname(((SSLSocket) socket).getHandshakeSession(), x509CertificateArr[0]);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        if (this.trustManager instanceof X509ExtendedTrustManager) {
            ((X509ExtendedTrustManager) this.trustManager).checkClientTrusted(x509CertificateArr, str, sSLEngine);
        } else {
            this.trustManager.checkClientTrusted(x509CertificateArr, str);
            verifyHostname(sSLEngine.getHandshakeSession(), x509CertificateArr[0]);
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        if (this.trustManager instanceof X509ExtendedTrustManager) {
            ((X509ExtendedTrustManager) this.trustManager).checkServerTrusted(x509CertificateArr, str, sSLEngine);
        } else {
            this.trustManager.checkServerTrusted(x509CertificateArr, str);
            verifyHostname(sSLEngine.getHandshakeSession(), x509CertificateArr[0]);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.trustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.trustManager.checkServerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.trustManager.getAcceptedIssuers();
    }
}
