package de.siegmar.logbackgelf;

import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:BOOT-INF/lib/logback-gelf-6.1.0.jar:de/siegmar/logbackgelf/CustomX509TrustManager.class */
class CustomX509TrustManager implements X509TrustManager {
    private static final int TYPE_DNS_NAME = 2;
    private final X509TrustManager trustManager;
    private final String hostname;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CustomX509TrustManager(X509TrustManager x509TrustManager, String str) {
        this.trustManager = x509TrustManager;
        this.hostname = str;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.trustManager.checkServerTrusted(x509CertificateArr, str);
        X509Certificate x509Certificate = x509CertificateArr[0];
        if (checkAlternativeNames(x509Certificate)) {
            return;
        }
        checkCommonName(x509Certificate);
    }

    private boolean checkAlternativeNames(X509Certificate x509Certificate) throws CertificateException {
        List<String> alternativeNames = getAlternativeNames(x509Certificate);
        if (alternativeNames.isEmpty()) {
            return false;
        }
        Iterator<String> it = alternativeNames.iterator();
        while (it.hasNext()) {
            if (HostnameVerifier.verify(this.hostname, it.next())) {
                return true;
            }
        }
        throw new CertificateException(String.format("Server certificate mismatch. Tried to verify %s against subject alternative names: %s", this.hostname, alternativeNames));
    }

    private static List<String> getAlternativeNames(X509Certificate x509Certificate) throws CertificateParsingException {
        String str;
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (subjectAlternativeNames == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        for (List<?> list : subjectAlternativeNames) {
            if (((Integer) list.get(0)).intValue() == 2 && (str = (String) list.get(1)) != null) {
                arrayList.add(str);
            }
        }
        return arrayList;
    }

    private void checkCommonName(X509Certificate x509Certificate) throws CertificateException {
        try {
            String commonName = getCommonName(x509Certificate);
            if (!HostnameVerifier.verify(this.hostname, commonName)) {
                throw new CertificateException(String.format("Server certificate mismatch. Tried to verify %s against common name: %s", this.hostname, commonName));
            }
        } catch (InvalidNameException e) {
            throw new CertificateException("Could not read CN from certificate", e);
        }
    }

    private static String getCommonName(X509Certificate x509Certificate) throws InvalidNameException {
        for (Rdn rdn : new LdapName(x509Certificate.getSubjectDN().getName()).getRdns()) {
            if ("CN".equalsIgnoreCase(rdn.getType())) {
                return (String) rdn.getValue();
            }
        }
        throw new InvalidNameException("No common name found");
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.trustManager.getAcceptedIssuers();
    }
}
