package eu.unicore.util.httpclient;

import eu.emi.security.authn.x509.helpers.ssl.HostnameToCertificateChecker;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;

/* loaded from: input_file:eu/unicore/util/httpclient/CanlHostnameVerifier.class */
public class CanlHostnameVerifier implements HostnameVerifier {
    private ServerHostnameCheckingMode mode;

    public CanlHostnameVerifier(ServerHostnameCheckingMode serverHostnameCheckingMode) {
        this.mode = serverHostnameCheckingMode;
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        return connectWithHostnameChecking(sSLSession, new HostnameMismatchCallbackImpl(this.mode));
    }

    private static boolean connectWithHostnameChecking(SSLSession sSLSession, HostnameMismatchCallbackImpl hostnameMismatchCallbackImpl) {
        HostnameToCertificateChecker hostnameToCertificateChecker = new HostnameToCertificateChecker();
        try {
            Certificate[] peerCertificates = sSLSession.getPeerCertificates();
            if (peerCertificates == null || peerCertificates.length == 0) {
                throw new IllegalStateException("JDK BUG? Got null or empty peer certificate array");
            }
            if (!(peerCertificates[0] instanceof X509Certificate)) {
                throw new ClassCastException("Peer certificate should be an X.509 certificate, but is " + peerCertificates[0].getClass().getName());
            }
            X509Certificate x509Certificate = (X509Certificate) peerCertificates[0];
            String peerHost = sSLSession.getPeerHost();
            try {
                if (hostnameToCertificateChecker.checkMatching(peerHost, x509Certificate)) {
                    return true;
                }
                return hostnameMismatchCallbackImpl.nameMismatch(sSLSession, x509Certificate, peerHost);
            } catch (Exception e) {
                throw new IllegalStateException("Can't check peer's address against its certificate", e);
            }
        } catch (SSLPeerUnverifiedException e2) {
            throw new IllegalStateException("Can't check peer's address as peer's certificate is not available", e2);
        }
    }
}
