package eu.emi.security.authn.x509.impl;

import eu.emi.security.authn.x509.helpers.ssl.HostnameToCertificateChecker;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;

@Deprecated
/* loaded from: input_file:eu/emi/security/authn/x509/impl/AbstractHostnameToCertificateChecker.class */
public abstract class AbstractHostnameToCertificateChecker implements HandshakeCompletedListener {
    @Override // javax.net.ssl.HandshakeCompletedListener
    public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
        try {
            Certificate[] peerCertificates = handshakeCompletedEvent.getPeerCertificates();
            if (peerCertificates == null || peerCertificates.length == 0) {
                processingError(handshakeCompletedEvent, new Exception("JDK BUG? Got null or empty peer certificate array"));
                return;
            }
            if (!(peerCertificates[0] instanceof X509Certificate)) {
                processingError(handshakeCompletedEvent, new ClassCastException("Peer certificate should be an X.509 certificate, but is " + peerCertificates[0].getClass().getName()));
                return;
            }
            X509Certificate x509Certificate = (X509Certificate) peerCertificates[0];
            String hostName = handshakeCompletedEvent.getSocket().getInetAddress().getHostName();
            try {
                if (!new HostnameToCertificateChecker().checkMatching(hostName, x509Certificate)) {
                    nameMismatch(handshakeCompletedEvent, x509Certificate, hostName);
                }
            } catch (Exception e) {
                processingError(handshakeCompletedEvent, e);
            }
        } catch (SSLPeerUnverifiedException e2) {
            processingError(handshakeCompletedEvent, new Exception("Peer is unverified when handshake is completed - is it really an X.509-authenticated connection?", e2));
        }
    }

    protected abstract void nameMismatch(HandshakeCompletedEvent handshakeCompletedEvent, X509Certificate x509Certificate, String str) throws SSLException;

    protected void processingError(HandshakeCompletedEvent handshakeCompletedEvent, Exception exc) {
        throw new IllegalStateException("Error occured when verifying if the SSL peer's hostname matches its certificate", exc);
    }

    static {
        CertificateUtils.configureSecProvider();
    }
}
