package org.apache.druid.testing.utils;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedTrustManager;
import org.apache.druid.java.util.common.logger.Logger;
import org.apache.druid.server.security.TLSCertificateChecker;

/* loaded from: input_file:org/apache/druid/testing/utils/ITTLSCertificateChecker.class */
public class ITTLSCertificateChecker implements TLSCertificateChecker {
    private static final Logger log = new Logger(ITTLSCertificateChecker.class);

    public void checkClient(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine, X509ExtendedTrustManager x509ExtendedTrustManager) throws CertificateException {
        if (!x509CertificateArr[0].toString().contains("thisisprobablynottherighthostname") || !sSLEngine.getPeerHost().contains("172.172.172.1")) {
            throw new CertificateException("Custom check rejected request from client.");
        }
    }

    public void checkServer(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine, X509ExtendedTrustManager x509ExtendedTrustManager) throws CertificateException {
        x509ExtendedTrustManager.checkServerTrusted(x509CertificateArr, str, sSLEngine);
        if (x509CertificateArr[0].toString().contains("172.172.172.60")) {
            throw new CertificateException("Custom check intentionally terminated request to broker.");
        }
    }
}
