package org.ldaptive.ssl;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/ldaptive-1.3.2.jar:org/ldaptive/ssl/HostnameVerifyingTrustManager.class */
public class HostnameVerifyingTrustManager implements X509TrustManager {
    protected final Logger logger = LoggerFactory.getLogger(getClass());
    private final String[] hostnames;
    private final CertificateHostnameVerifier hostnameVerifier;

    public HostnameVerifyingTrustManager(CertificateHostnameVerifier certificateHostnameVerifier, String... strArr) {
        this.hostnameVerifier = certificateHostnameVerifier;
        this.hostnames = strArr;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkCertificateTrusted(x509CertificateArr[0]);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkCertificateTrusted(x509CertificateArr[0]);
    }

    private void checkCertificateTrusted(X509Certificate x509Certificate) throws CertificateException {
        for (String str : this.hostnames) {
            if (this.hostnameVerifier.verify(str, x509Certificate)) {
                this.logger.debug("checkCertificateTrusted for {} succeeded against {}", this.hostnameVerifier, x509Certificate != null ? x509Certificate.getSubjectX500Principal() : null);
                return;
            }
        }
        Object[] objArr = new Object[2];
        objArr[0] = Arrays.toString(this.hostnames);
        objArr[1] = x509Certificate != null ? x509Certificate.getSubjectX500Principal() : null;
        throw new CertificateException(String.format("Hostname '%s' does not match the hostname in the server's certificate '%s'", objArr));
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    public String toString() {
        return String.format("[%s@%d::hostnameVerifier=%s, hostnames=%s]", getClass().getName(), Integer.valueOf(hashCode()), this.hostnameVerifier, Arrays.toString(this.hostnames));
    }
}
