package eu.unicore.util.httpclient;

import eu.emi.security.authn.x509.impl.X500NameUtils;
import eu.unicore.util.Log;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:eu/unicore/util/httpclient/HostnameMismatchCallbackImpl.class */
public class HostnameMismatchCallbackImpl {
    private static final Logger log = Log.getLogger(Log.SECURITY, HostnameMismatchCallbackImpl.class);
    private ServerHostnameCheckingMode mode;

    public HostnameMismatchCallbackImpl(ServerHostnameCheckingMode serverHostnameCheckingMode) {
        this.mode = serverHostnameCheckingMode;
    }

    public boolean nameMismatch(SSLSession sSLSession, X509Certificate x509Certificate, String str) throws SSLException {
        if (this.mode == ServerHostnameCheckingMode.NONE) {
            return true;
        }
        String str2 = "The server hostname is not matching its certificate subject. This might mean that somebody is trying to perform a man-in-the-middle attack by pretending to be the server you are trying to connect to. However it is also possible that the server uses a certificate which was not associated with its address. The server DNS name is: '" + str + "' and its certificate subject is: '" + X500NameUtils.getReadableForm(x509Certificate.getSubjectX500Principal()) + "'.";
        if (this.mode == ServerHostnameCheckingMode.WARN) {
            log.warn(str2);
            return true;
        }
        log.error(str2);
        log.error("Invalidating connection.");
        sSLSession.invalidate();
        return false;
    }
}
