package eu.unicore.security.canl;

import eu.emi.security.authn.x509.impl.CertificateUtils;
import eu.emi.security.authn.x509.impl.FormatMode;
import eu.emi.security.authn.x509.impl.X500NameUtils;
import eu.unicore.util.Log;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
import org.apache.log4j.Logger;

/* loaded from: input_file:eu/unicore/security/canl/LoggingX509TrustManager.class */
public class LoggingX509TrustManager implements X509TrustManager {
    private static final Logger log = Log.getLogger(Log.SECURITY, LoggingX509TrustManager.class);
    private X509TrustManager defaultTrustManager;
    private String info;

    public LoggingX509TrustManager(X509TrustManager x509TrustManager, String str) {
        this.defaultTrustManager = null;
        if (x509TrustManager == null) {
            throw new IllegalArgumentException("Trust manager may not be null");
        }
        this.info = str;
        this.defaultTrustManager = x509TrustManager;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        logCerts("Checking client's certificate:\n", x509CertificateArr);
        try {
            this.defaultTrustManager.checkClientTrusted(x509CertificateArr, str);
            logSuccessfulVerification("client", x509CertificateArr);
        } catch (CertificateException e) {
            try {
                Thread.sleep(20L);
            } catch (InterruptedException e2) {
            }
            logFailedVerification("client", e);
            throw e;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        logCerts("Checking server's certificate:\n", x509CertificateArr);
        try {
            this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
            logSuccessfulVerification("server", x509CertificateArr);
        } catch (CertificateException e) {
            logFailedVerification("server", e);
            throw e;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.defaultTrustManager.getAcceptedIssuers();
    }

    private void logCerts(String str, X509Certificate[] x509CertificateArr) {
        if (!log.isDebugEnabled() || x509CertificateArr == null) {
            return;
        }
        log.debug("[" + this.info + "] " + str + CertificateUtils.format(x509CertificateArr, FormatMode.FULL));
    }

    private void logFailedVerification(String str, CertificateException certificateException) {
        if (log.isDebugEnabled()) {
            log.debug("[" + this.info + "] Verification of the " + str + " certificate failed. " + certificateException.getMessage());
        }
    }

    private void logSuccessfulVerification(String str, X509Certificate[] x509CertificateArr) {
        if (log.isDebugEnabled()) {
            log.debug("[" + this.info + "] Verification of the " + str + " certificate with subject DN " + X500NameUtils.getReadableForm(x509CertificateArr[0].getSubjectX500Principal()) + " was successful");
        }
    }
}
