package org.apache.druid.server.security;

import java.net.Socket;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.druid.java.util.common.logger.Logger;

/* loaded from: input_file:org/apache/druid/server/security/CustomCheckX509TrustManager.class */
public class CustomCheckX509TrustManager extends X509ExtendedTrustManager implements X509TrustManager {
    private static final Logger log = new Logger(CustomCheckX509TrustManager.class);
    private final X509ExtendedTrustManager delegate;
    private final boolean validateServerHostnames;
    private final TLSCertificateChecker certificateChecker;

    public CustomCheckX509TrustManager(X509ExtendedTrustManager x509ExtendedTrustManager, TLSCertificateChecker tLSCertificateChecker, boolean z) {
        this.delegate = x509ExtendedTrustManager;
        this.validateServerHostnames = z;
        this.certificateChecker = tLSCertificateChecker;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.delegate.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.delegate.checkServerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.delegate.getAcceptedIssuers();
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        this.delegate.checkClientTrusted(x509CertificateArr, str, socket);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        this.delegate.checkServerTrusted(x509CertificateArr, str, socket);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        this.certificateChecker.checkClient(x509CertificateArr, str, sSLEngine, this.delegate);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        if (!this.validateServerHostnames) {
            SSLParameters sSLParameters = sSLEngine.getSSLParameters();
            sSLParameters.setEndpointIdentificationAlgorithm(null);
            sSLEngine.setSSLParameters(sSLParameters);
        }
        this.certificateChecker.checkServer(x509CertificateArr, str, sSLEngine, this.delegate);
    }
}
