package org.apache.directory.api.ldap.model.exception;

import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.apache.directory.api.ldap.model.exception.LdapTlsHandshakeFailCause;

/* loaded from: input_file:WEB-INF/lib/connector-ldap-3.0.jar:lib/api-all-2.0.1.jar:org/apache/directory/api/ldap/model/exception/LdapTlsHandshakeExceptionClassifier.class */
public final class LdapTlsHandshakeExceptionClassifier {
    private LdapTlsHandshakeExceptionClassifier() {
    }

    public static LdapTlsHandshakeFailCause classify(Throwable th) {
        return classify(th, null);
    }

    public static LdapTlsHandshakeFailCause classify(Throwable th, X509Certificate x509Certificate) {
        LdapTlsHandshakeFailCause ldapTlsHandshakeFailCause = new LdapTlsHandshakeFailCause();
        ldapTlsHandshakeFailCause.setCause(th);
        Throwable rootCause = ExceptionUtils.getRootCause(th);
        ldapTlsHandshakeFailCause.setRootCause(rootCause);
        if (rootCause instanceof CertificateExpiredException) {
            ldapTlsHandshakeFailCause.setReason(CertPathValidatorException.BasicReason.EXPIRED);
            ldapTlsHandshakeFailCause.setReasonPhrase("Certificate expired");
        } else if (rootCause instanceof CertificateNotYetValidException) {
            ldapTlsHandshakeFailCause.setReason(CertPathValidatorException.BasicReason.NOT_YET_VALID);
            ldapTlsHandshakeFailCause.setReasonPhrase("Certificate not yet valid");
        } else if (rootCause instanceof CertPathBuilderException) {
            ldapTlsHandshakeFailCause.setReason(LdapTlsHandshakeFailCause.LdapApiReason.NO_VALID_CERTIFICATION_PATH);
            ldapTlsHandshakeFailCause.setReasonPhrase("Failed to build certification path");
            if (x509Certificate != null && x509Certificate.getIssuerX500Principal().equals(x509Certificate.getSubjectX500Principal())) {
                ldapTlsHandshakeFailCause.setReason(LdapTlsHandshakeFailCause.LdapApiReason.SELF_SIGNED);
                ldapTlsHandshakeFailCause.setReasonPhrase("Self signed certificate");
            }
        } else if (rootCause instanceof CertPathValidatorException) {
            ldapTlsHandshakeFailCause.setReason(((CertPathValidatorException) rootCause).getReason());
            ldapTlsHandshakeFailCause.setReasonPhrase("Failed to verify certification path");
        } else {
            ldapTlsHandshakeFailCause.setReason(CertPathValidatorException.BasicReason.UNSPECIFIED);
            ldapTlsHandshakeFailCause.setReasonPhrase("Unspecified");
        }
        return ldapTlsHandshakeFailCause;
    }
}
