package no.digipost.signature.client.core.internal.http;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import no.digipost.signature.client.core.exceptions.SecurityException;
import org.apache.http.conn.ssl.TrustStrategy;

/* loaded from: input_file:no/digipost/signature/client/core/internal/http/PostenEnterpriseCertificateStrategy.class */
public class PostenEnterpriseCertificateStrategy implements TrustStrategy {
    private static final String POSTEN_ORGANIZATION_NUMBER = "984661185";
    private static final String COMMON_NAME_POSTEN = "CN=984661185";
    private static final String SERIALNUMBER_POSTEN = "SERIALNUMBER=984661185";

    public boolean isTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        String name = x509CertificateArr[0].getSubjectDN().getName();
        if (isPostenEnterpriseCertiticate(name)) {
            return false;
        }
        throw new SecurityException("Could not find correct organization number in server certificate. Make sure the server URI is correct.\nActual certificate: " + name + ".\nExpected certificate issued to organization number " + POSTEN_ORGANIZATION_NUMBER + "\nThis could indicate a misconfiguration of the client or server, or potentially a man-in-the-middle attack.");
    }

    private boolean isPostenEnterpriseCertiticate(String str) {
        String lowerCase = str.toLowerCase();
        return lowerCase.contains(SERIALNUMBER_POSTEN.toLowerCase()) || lowerCase.contains(COMMON_NAME_POSTEN.toLowerCase());
    }
}
