package com.datastax.bdp.cassandra.auth;

import java.net.Socket;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.annotation.Nullable;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedTrustManager;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;

/* loaded from: input_file:com/datastax/bdp/cassandra/auth/DseHostnameVerificationTrustManager.class */
public class DseHostnameVerificationTrustManager extends X509ExtendedTrustManager {
    private static final DefaultHostnameVerifier hostnameVerifier = new DefaultHostnameVerifier();
    static final String INVALID_HOSTNAME_MESSAGE_TEMPLATE = "Hostname %s does not match with the subject alternative names or the common name of the server certificate.";
    private X509ExtendedTrustManager delegateManager;
    private String[] hostnames;

    public DseHostnameVerificationTrustManager(String... strArr) {
        this.hostnames = strArr;
    }

    public DseHostnameVerificationTrustManager(@Nullable X509ExtendedTrustManager x509ExtendedTrustManager, String... strArr) {
        this(strArr);
        this.delegateManager = x509ExtendedTrustManager;
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        verifyCertificate(x509CertificateArr);
        if (this.delegateManager != null) {
            this.delegateManager.checkClientTrusted(x509CertificateArr, str, socket);
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        verifyCertificate(x509CertificateArr);
        if (this.delegateManager != null) {
            this.delegateManager.checkServerTrusted(x509CertificateArr, str, socket);
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        verifyCertificate(x509CertificateArr);
        if (this.delegateManager != null) {
            this.delegateManager.checkClientTrusted(x509CertificateArr, str, sSLEngine);
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        verifyCertificate(x509CertificateArr);
        if (this.delegateManager != null) {
            this.delegateManager.checkServerTrusted(x509CertificateArr, str, sSLEngine);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        verifyCertificate(x509CertificateArr);
        if (this.delegateManager != null) {
            this.delegateManager.checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        verifyCertificate(x509CertificateArr);
        if (this.delegateManager != null) {
            this.delegateManager.checkServerTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.delegateManager != null ? this.delegateManager.getAcceptedIssuers() : new X509Certificate[0];
    }

    private void verifyCertificate(X509Certificate[] x509CertificateArr) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new CertificateException("null or zero-length certificate chain");
        }
        for (String str : this.hostnames) {
            try {
                hostnameVerifier.verify(str, x509CertificateArr[0]);
            } catch (Exception e) {
                throw new CertificateException(String.format(INVALID_HOSTNAME_MESSAGE_TEMPLATE, str), e);
            }
        }
    }
}
