package net.solarnetwork.node.datum.tesla.powerwall;

import java.net.Socket;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.LinkedHashSet;
import java.util.List;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedTrustManager;
import net.solarnetwork.util.ObjectUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/solarnetwork/node/datum/tesla/powerwall/PowerwallTrustManager.class */
public class PowerwallTrustManager extends X509ExtendedTrustManager {
    private static final Logger log = LoggerFactory.getLogger(PowerwallTrustManager.class);
    private static final X509Certificate[] EMPTY_CERT_ARRAY = new X509Certificate[0];
    private final String hostName;

    public PowerwallTrustManager(String str) {
        this.hostName = ((String) ObjectUtils.requireNonNullArgument(str, "hostName")).split(":", 2)[0].toLowerCase();
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return EMPTY_CERT_ARRAY;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        verifyChain(x509CertificateArr);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        verifyChain(x509CertificateArr);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        verifyChain(x509CertificateArr);
    }

    private void verifyChain(X509Certificate[] x509CertificateArr) throws CertificateException {
        LinkedHashSet linkedHashSet = new LinkedHashSet(8);
        if (0 < x509CertificateArr.length) {
            X509Certificate x509Certificate = x509CertificateArr[0];
            log.debug("Validating server trust for certificate [{}]", x509Certificate.getSubjectX500Principal().getName("CANONICAL"));
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                for (List<?> list : subjectAlternativeNames) {
                    if (((Integer) list.get(0)).intValue() == 2) {
                        linkedHashSet.add(((String) list.get(1)).toLowerCase());
                    }
                }
            }
        }
        if (!linkedHashSet.contains(this.hostName)) {
            throw new CertificateException("Host certificate does not include name [" + this.hostName + "]");
        }
    }
}
