package org.eclipse.leshan.client.californium;

import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.CertificateMessage;
import org.eclipse.californium.scandium.dtls.CertificateType;
import org.eclipse.californium.scandium.dtls.CertificateVerificationResult;
import org.eclipse.californium.scandium.dtls.ConnectionId;
import org.eclipse.californium.scandium.dtls.DTLSSession;
import org.eclipse.californium.scandium.dtls.HandshakeException;
import org.eclipse.californium.scandium.dtls.HandshakeResultHandler;
import org.eclipse.californium.scandium.dtls.x509.NewAdvancedCertificateVerifier;
import org.eclipse.californium.scandium.util.ServerNames;

/* loaded from: input_file:org/eclipse/leshan/client/californium/DefaultLeshanCertificateVerifier.class */
public class DefaultLeshanCertificateVerifier implements NewAdvancedCertificateVerifier {
    private final Certificate expectedServerCertificate;
    private final List<CertificateType> supportedCertificateType = new ArrayList(1);

    public DefaultLeshanCertificateVerifier(Certificate certificate) {
        this.expectedServerCertificate = certificate;
        this.supportedCertificateType.add(CertificateType.X_509);
    }

    public List<X500Principal> getAcceptedIssuers() {
        return Collections.emptyList();
    }

    public List<CertificateType> getSupportedCertificateType() {
        return this.supportedCertificateType;
    }

    public CertificateVerificationResult verifyCertificate(ConnectionId connectionId, ServerNames serverNames, Boolean bool, boolean z, CertificateMessage certificateMessage, DTLSSession dTLSSession) {
        if (certificateMessage.getCertificateChain() == null || certificateMessage.getCertificateChain().getCertificates().size() == 0) {
            return new CertificateVerificationResult(connectionId, new HandshakeException("Certificate chain could not be validated : server cert chain is empty", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.BAD_CERTIFICATE, dTLSSession.getPeer())), (Object) null);
        }
        return !this.expectedServerCertificate.equals(certificateMessage.getCertificateChain().getCertificates().get(0)) ? new CertificateVerificationResult(connectionId, new HandshakeException("Certificate chain could not be validated: server certificate does not match expected one ('domain-issue certificate' usage)", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.BAD_CERTIFICATE, dTLSSession.getPeer())), (Object) null) : new CertificateVerificationResult(connectionId, certificateMessage.getCertificateChain(), (Object) null);
    }

    public void setResultHandler(HandshakeResultHandler handshakeResultHandler) {
    }
}
