package com.thingworx.communications.client.connection.netty;

import com.thingworx.common.RESTAPIConstants;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/thingworx/communications/client/connection/netty/NettyValidatingX509TrustManager.class */
public class NettyValidatingX509TrustManager implements X509TrustManager {
    private static final Logger log = LoggerFactory.getLogger(NettyValidatingX509TrustManager.class);
    public static final String SUBJECT_CN = "subjectCN";
    public static final String SUBJECT_O = "subjectO";
    public static final String SUBJECT_OU = "subjectOU";
    public static final String ISSUER_CN = "issuerCN";
    public static final String ISSUER_O = "issuerO";
    public static final String ISSUER_OU = "issuerOU";
    public static final String FIELD_TYPE_SUBJECT = "Subject";
    public static final String FIELD_TYPE_ISSUER = "Issuer";
    public static final String FIELD_COMMON_NAME = "CN";
    public static final String FIELD_ORGANIZATION = "O";
    public static final String FIELD_ORGANIZATIONAL_UNIT = "OU";
    protected X509TrustManager containedManager;
    protected Map<String, String> x509Fields;

    public NettyValidatingX509TrustManager(SSLContext sSLContext, Map<String, String> map) throws KeyStoreException, NoSuchAlgorithmException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        X509TrustManager x509TrustManager = null;
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        int length = trustManagers.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            TrustManager trustManager = trustManagers[i];
            if (trustManager instanceof X509TrustManager) {
                x509TrustManager = (X509TrustManager) trustManager;
                break;
            }
            i++;
        }
        this.containedManager = x509TrustManager;
        this.x509Fields = map;
    }

    public NettyValidatingX509TrustManager(TrustManager[] trustManagerArr, Map<String, String> map) {
        if (trustManagerArr.length <= 0) {
            throw new IllegalArgumentException("At least one TrustManager is required.");
        }
        if (!(trustManagerArr[0] instanceof X509TrustManager)) {
            throw new IllegalArgumentException("Only x509TrustManagers are supported.");
        }
        this.containedManager = (X509TrustManager) trustManagerArr[0];
        this.x509Fields = map;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.containedManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr.length <= 0) {
            throw new CertificateException("Server certificate fails the validation specified in your connection configuration.");
        }
        if (!fieldsMatchRequiredSubject(parseSubjectX509Fields(x509CertificateArr[0]))) {
            throw new CertificateException("Server certificate fails the validation specified in your connection configuration.");
        }
        if (!fieldsMatchRequiredIssuer(parseIssuerX509Fields(x509CertificateArr[0]))) {
            throw new CertificateException("Server certificate fails the validation specified in your connection configuration.");
        }
        this.containedManager.checkServerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.containedManager.getAcceptedIssuers();
    }

    protected boolean fieldsMatchRequiredSubject(Map<String, String> map) {
        return fieldMatches(map, "subjectCN", FIELD_COMMON_NAME, FIELD_TYPE_SUBJECT) && fieldMatches(map, "subjectO", FIELD_ORGANIZATION, FIELD_TYPE_SUBJECT) && fieldMatches(map, "subjectOU", FIELD_ORGANIZATIONAL_UNIT, FIELD_TYPE_SUBJECT);
    }

    protected boolean fieldsMatchRequiredIssuer(Map<String, String> map) {
        return fieldMatches(map, "issuerCN", FIELD_COMMON_NAME, FIELD_TYPE_ISSUER) && fieldMatches(map, "issuerO", FIELD_ORGANIZATION, FIELD_TYPE_ISSUER) && fieldMatches(map, "issuerOU", FIELD_ORGANIZATIONAL_UNIT, FIELD_TYPE_ISSUER);
    }

    protected boolean fieldMatches(Map<String, String> map, String str, String str2, String str3) {
        if (this.x509Fields.get(str) == null || this.x509Fields.get(str).isEmpty()) {
            return true;
        }
        if (!map.containsKey(str2)) {
            log.debug("Checking for x509 " + str3 + " field " + str2 + RESTAPIConstants.PARAMETER_VALUE_DELIMITER + this.x509Fields.get(str) + " in " + map + " FAILED.");
            return false;
        }
        if (map.get(str2).equals(this.x509Fields.get(str))) {
            log.debug("Checking for x509 " + str3 + " field " + str2 + RESTAPIConstants.PARAMETER_VALUE_DELIMITER + this.x509Fields.get(str) + " in " + map + " PASSED.");
            return true;
        }
        log.debug("Checking for x509 " + str3 + " field " + str2 + RESTAPIConstants.PARAMETER_VALUE_DELIMITER + this.x509Fields.get(str) + " in " + map + " FAILED.");
        return false;
    }

    protected Map<String, String> parseSubjectX509Fields(X509Certificate x509Certificate) {
        return (x509Certificate == null || x509Certificate.getSubjectDN() == null) ? new LinkedHashMap() : parseX509Fields(x509Certificate.getSubjectDN().toString());
    }

    protected Map<String, String> parseIssuerX509Fields(X509Certificate x509Certificate) {
        return (x509Certificate == null || x509Certificate.getIssuerDN() == null) ? new LinkedHashMap() : parseX509Fields(x509Certificate.getIssuerDN().toString());
    }

    private Map<String, String> parseX509Fields(String str) {
        String[] split = str.toString().split(",");
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (split.length > 0) {
            for (String str2 : split) {
                String[] split2 = str2.split(RESTAPIConstants.PARAMETER_VALUE_DELIMITER);
                if (split2.length > 1) {
                    linkedHashMap.put(split2[0].replaceAll("\\s+", ""), split2[1]);
                }
            }
        }
        return linkedHashMap;
    }
}
