package org.opends.server.util;

import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.net.ssl.X509TrustManager;
import org.opends.messages.UtilityMessages;
import org.opends.server.loggers.ErrorLogger;
import org.opends.server.types.PublicAPI;
import org.opends.server.types.StabilityLevel;

@PublicAPI(stability = StabilityLevel.UNCOMMITTED, mayInstantiate = true, mayExtend = false, mayInvoke = true)
/* loaded from: input_file:org/opends/server/util/ExpirationCheckTrustManager.class */
public final class ExpirationCheckTrustManager implements X509TrustManager {
    private X509TrustManager trustManager;

    public ExpirationCheckTrustManager(X509TrustManager x509TrustManager) {
        this.trustManager = x509TrustManager;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        Date date = new Date();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            try {
                x509Certificate.checkValidity(date);
            } catch (CertificateExpiredException e) {
                ErrorLogger.logError(UtilityMessages.ERR_EXPCHECK_TRUSTMGR_CLIENT_CERT_EXPIRED.get(x509Certificate.getSubjectDN().getName(), String.valueOf(x509Certificate.getNotAfter())));
                throw e;
            } catch (CertificateNotYetValidException e2) {
                ErrorLogger.logError(UtilityMessages.ERR_EXPCHECK_TRUSTMGR_CLIENT_CERT_NOT_YET_VALID.get(x509Certificate.getSubjectDN().getName(), String.valueOf(x509Certificate.getNotBefore())));
                throw e2;
            }
        }
        this.trustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        Date date = new Date();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            try {
                x509Certificate.checkValidity(date);
            } catch (CertificateExpiredException e) {
                ErrorLogger.logError(UtilityMessages.ERR_EXPCHECK_TRUSTMGR_SERVER_CERT_EXPIRED.get(x509Certificate.getSubjectDN().getName(), String.valueOf(x509Certificate.getNotAfter())));
                throw e;
            } catch (CertificateNotYetValidException e2) {
                ErrorLogger.logError(UtilityMessages.ERR_EXPCHECK_TRUSTMGR_SERVER_CERT_NOT_YET_VALID.get(x509Certificate.getSubjectDN().getName(), String.valueOf(x509Certificate.getNotBefore())));
                throw e2;
            }
        }
        this.trustManager.checkServerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.trustManager.getAcceptedIssuers();
    }
}
