package wiremock.grpc.io.grpc.netty;

import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.annotation.Nonnull;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.X509TrustManager;
import wiremock.com.google.common.base.Preconditions;
import wiremock.grpc.io.grpc.Status;
import wiremock.grpc.io.grpc.internal.AuthorityVerifier;
import wiremock.grpc.io.grpc.netty.ProtocolNegotiators;

/* loaded from: input_file:wiremock/grpc/io/grpc/netty/X509AuthorityVerifier.class */
final class X509AuthorityVerifier implements AuthorityVerifier {
    private final SSLEngine sslEngine;
    private final X509TrustManager x509ExtendedTrustManager;
    private static final Method checkServerTrustedMethod;

    public X509AuthorityVerifier(SSLEngine sSLEngine, X509TrustManager x509TrustManager) {
        this.sslEngine = (SSLEngine) Preconditions.checkNotNull(sSLEngine, "sslEngine");
        this.x509ExtendedTrustManager = x509TrustManager;
    }

    @Override // wiremock.grpc.io.grpc.internal.AuthorityVerifier
    public Status verifyAuthority(@Nonnull String str) {
        Status withCause;
        if (this.x509ExtendedTrustManager == null) {
            return Status.UNAVAILABLE.withDescription("Can't allow authority override in rpc when X509ExtendedTrustManager is not available");
        }
        try {
            verifyAuthorityAllowedForPeerCert(removeAnyPortNumber(str));
            withCause = Status.OK;
        } catch (IllegalAccessException | IllegalStateException | InvocationTargetException | CertificateException | SSLPeerUnverifiedException e) {
            withCause = Status.UNAVAILABLE.withDescription(String.format("Peer hostname verification during rpc failed for authority '%s'", str)).withCause(e);
        }
        return withCause;
    }

    private String removeAnyPortNumber(String str) {
        int lastIndexOf = str.lastIndexOf(93);
        int lastIndexOf2 = str.lastIndexOf(58);
        return lastIndexOf2 > lastIndexOf ? str.substring(0, lastIndexOf2) : str;
    }

    private void verifyAuthorityAllowedForPeerCert(String str) throws SSLPeerUnverifiedException, CertificateException, InvocationTargetException, IllegalAccessException {
        ProtocolNegotiators.SslEngineWrapper sslEngineWrapper = new ProtocolNegotiators.SslEngineWrapper(this.sslEngine, str);
        Certificate[] peerCertificates = this.sslEngine.getSession().getPeerCertificates();
        X509Certificate[] x509CertificateArr = new X509Certificate[peerCertificates.length];
        for (int i = 0; i < peerCertificates.length; i++) {
            x509CertificateArr[i] = (X509Certificate) peerCertificates[i];
        }
        if (checkServerTrustedMethod == null) {
            throw new IllegalStateException("checkServerTrustedMethod not found");
        }
        checkServerTrustedMethod.invoke(this.x509ExtendedTrustManager, x509CertificateArr, "RSA", sslEngineWrapper);
    }

    static {
        Method method = null;
        try {
            method = Class.forName("javax.net.ssl.X509ExtendedTrustManager").getMethod("checkServerTrusted", X509Certificate[].class, String.class, SSLEngine.class);
        } catch (ClassNotFoundException e) {
        } catch (NoSuchMethodException e2) {
        }
        checkServerTrustedMethod = method;
    }
}
