package com.microsoft.sqlserver.jdbc;

import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.Locale;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.X509TrustManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: SQLServerTrustManager.java */
/* loaded from: input_file:WEB-INF/lib/lucee.jar:extensions/99A4EF8D-F2FD-40C8-8FB8C2E67A4EEEB6-12.4.2.jre8.lex:jars/org.lucee.mssql-12.4.2.jre8.jar:com/microsoft/sqlserver/jdbc/ServerCertificateX509TrustManager.class */
public final class ServerCertificateX509TrustManager implements X509TrustManager {
    private final Logger logger;
    private final String logContext;
    private String hostName;
    private String serverCert;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerCertificateX509TrustManager(TDSChannel tDSChannel, String str, String str2) {
        this.logger = tDSChannel.getLogger();
        this.logContext = tDSChannel.toString() + " (ServerCertificateX509TrustManager):";
        this.hostName = str2.toLowerCase(Locale.ENGLISH);
        this.serverCert = str;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this.logger.isLoggable(Level.FINEST)) {
            this.logger.finest(this.logContext + " Trusting client certificate (!)");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this.logger.isLoggable(Level.FINEST)) {
            this.logger.finest(this.logContext + " Check if server trusted.");
        }
        if (null == x509CertificateArr || 0 == x509CertificateArr.length || null == str || str.isEmpty()) {
            throw new IllegalArgumentException(SQLServerException.getErrString("R_illegalArgumentTrustManager"));
        }
        X509Certificate x509Certificate = null;
        try {
            for (X509Certificate x509Certificate2 : x509CertificateArr) {
                x509Certificate2.checkValidity();
            }
            if (null == this.serverCert) {
                SQLServerCertificateUtils.validateServerNameInCertificate(x509CertificateArr[0], this.hostName);
            } else {
                SQLServerCertificateUtils.validateServerCerticate(x509CertificateArr[0], this.serverCert);
            }
        } catch (CertificateExpiredException e) {
            MessageFormat messageFormat = new MessageFormat(SQLServerException.getErrString("R_serverCertExpired"));
            Object[] objArr = new Object[2];
            objArr[0] = this.serverCert != null ? this.serverCert : this.hostName;
            objArr[1] = e.getMessage();
            throw new CertificateException(messageFormat.format(objArr));
        } catch (CertificateNotYetValidException e2) {
            MessageFormat messageFormat2 = new MessageFormat(SQLServerException.getErrString("R_serverCertNotYetValid"));
            Object[] objArr2 = new Object[2];
            objArr2[0] = this.serverCert != null ? this.serverCert : this.hostName;
            objArr2[1] = e2.getMessage();
            throw new CertificateException(messageFormat2.format(objArr2));
        } catch (Exception e3) {
            MessageFormat messageFormat3 = new MessageFormat(SQLServerException.getErrString("R_serverCertError"));
            Object[] objArr3 = new Object[3];
            objArr3[0] = e3.getMessage();
            objArr3[1] = this.serverCert != null ? this.serverCert : this.hostName;
            objArr3[2] = 0 != 0 ? x509Certificate.toString() : "";
            throw new CertificateException(messageFormat3.format(objArr3));
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
