package com.dtolabs.rundeck.jetty.jaas;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.ssl.HostnameVerifier;

/* loaded from: input_file:lib/rundeck-jetty-server-2.6.11.jar:com/dtolabs/rundeck/jetty/jaas/HostnameVerifyingTrustManager.class */
public class HostnameVerifyingTrustManager implements X509TrustManager {
    protected X509TrustManager realTrustManager;
    protected HostnameVerifier verifier;

    public HostnameVerifyingTrustManager(TrustManager trustManager) {
        if (!(trustManager instanceof X509TrustManager)) {
            throw new IllegalArgumentException(String.format("Expected trustManager to be of type X509TrustManager but was [%s]", trustManager.getClass()));
        }
        this.verifier = HostnameVerifier.STRICT;
        this.realTrustManager = (X509TrustManager) trustManager;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.realTrustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr.length > 0) {
            X509Certificate x509Certificate = x509CertificateArr[0];
            try {
                this.verifier.check(HostnameVerifyingSSLSocketFactory.getTargetHost(), x509Certificate);
            } catch (SSLException e) {
                throw new CertificateException(e);
            }
        }
        this.realTrustManager.checkServerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.realTrustManager.getAcceptedIssuers();
    }
}
