package net.dona.doip.util.tls;

import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:net/dona/doip/util/tls/TrustManagerForSpecifiedServerIdAndKeys.class */
public class TrustManagerForSpecifiedServerIdAndKeys implements X509TrustManager {
    private final String id;
    private final List<PublicKey> keys;

    public TrustManagerForSpecifiedServerIdAndKeys(String str, List<PublicKey> list) {
        this.id = str;
        this.keys = list;
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("null or empty certificate chain");
        }
        authenticate(x509CertificateArr[0]);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("null or empty certificate chain");
        }
        authenticate(x509CertificateArr[0]);
    }

    private void authenticate(X509Certificate x509Certificate) throws CertificateException {
        try {
            String parseIdentityHandle = X509IdParser.parseIdentityHandle(x509Certificate);
            if (parseIdentityHandle == null) {
                throw new CertificateException("Could not parse identity from server certificate");
            }
            if (!parseIdentityHandle.equals(this.id)) {
                throw new CertificateException("Unable to validate X509 certificate, id does not match expected id");
            }
            PublicKey publicKey = x509Certificate.getPublicKey();
            if (this.keys != null && !this.keys.contains(publicKey)) {
                throw new CertificateException("Unable to validate X509 certificate, public key does not match any of expected public keys");
            }
        } catch (CertificateException e) {
            throw e;
        } catch (Exception e2) {
            throw new CertificateException("Exception validating X509 certificate", e2);
        }
    }
}
