package org.opendaylight.jsonrpc.security.api;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Objects;
import javax.net.ssl.X509TrustManager;
import org.opendaylight.jsonrpc.bus.zmq.Constants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opendaylight/jsonrpc/security/api/ChainLengthEnforcingTrustManager.class */
public class ChainLengthEnforcingTrustManager implements X509TrustManager {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) ChainLengthEnforcingTrustManager.class);
    private final int clientChainMaxLength;
    private final int serverChainMaxLength;
    private final X509TrustManager delegate;

    public ChainLengthEnforcingTrustManager(X509TrustManager x509TrustManager, int i, int i2) {
        this.delegate = (X509TrustManager) Objects.requireNonNull(x509TrustManager);
        this.clientChainMaxLength = i;
        this.serverChainMaxLength = i2;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkChainLength(x509CertificateArr, this.serverChainMaxLength, Constants.HANDLER_CLIENT);
        if (x509CertificateArr.length > this.serverChainMaxLength) {
            throw new CertificateException("Trust chain length exceeds configured value " + this.serverChainMaxLength);
        }
        this.delegate.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkChainLength(x509CertificateArr, this.clientChainMaxLength, "server");
        this.delegate.checkServerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.delegate.getAcceptedIssuers();
    }

    private void checkChainLength(X509Certificate[] x509CertificateArr, int i, String str) throws CertificateException {
        LOG.debug("Checking chain length {} against configured value {} for {}", Integer.valueOf(x509CertificateArr.length), Integer.valueOf(i), str);
        if (x509CertificateArr.length > i) {
            throw new CertificateException("Trust chain length exceeds configured value for " + str + " : " + i);
        }
    }
}
