package com.oracle.coherence.common.internal.security;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/oracle/coherence/common/internal/security/PeerX509TrustManager.class */
public class PeerX509TrustManager implements X509TrustManager {
    protected final KeyStore m_keyStore;
    public static final String ALGORITHM = "PeerX509";
    private static final String CN_PREFIX = "CN=";
    private static final int CN_PREFIX_LENGTH = CN_PREFIX.length();
    private static final X509Certificate[] EMPTY_CERTS = new X509Certificate[0];

    public PeerX509TrustManager(KeyStore keyStore) {
        if (keyStore == null) {
            throw new IllegalArgumentException();
        }
        this.m_keyStore = keyStore;
    }

    public void checkPeerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("Missing required certificate chain");
        }
        if (x509CertificateArr == null || x509CertificateArr.length == 0 || str == null || str.length() == 0) {
            throw new IllegalArgumentException("Missing required authentication type");
        }
        try {
            if (this.m_keyStore.getCertificateAlias(x509CertificateArr[0]) == null) {
                throw new CertificateException("Untrusted peer: " + getCommonName(x509CertificateArr[0].getSubjectDN()));
            }
        } catch (KeyStoreException e) {
            throw new CertificateException(e);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkPeerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkPeerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return EMPTY_CERTS;
    }

    protected String getCommonName(Principal principal) {
        String str = null;
        String name = principal.getName();
        int indexOf = name.toUpperCase().indexOf(CN_PREFIX);
        if (indexOf != -1) {
            int i = indexOf + CN_PREFIX_LENGTH;
            int indexOf2 = name.indexOf(",", i);
            if (indexOf2 == -1) {
                indexOf2 = name.length();
            }
            str = name.substring(i, indexOf2);
        }
        return str;
    }
}
