package net.anthavio.httl.util;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.regex.Pattern;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:net/anthavio/httl/util/SubjectDNPatternTrustManager.class */
public class SubjectDNPatternTrustManager implements X509TrustManager {
    private final Pattern hostnamePattern;

    public SubjectDNPatternTrustManager(String str) {
        this.hostnamePattern = Pattern.compile(str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new CertificateException("Can't validate client certs");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        X509Certificate x509Certificate = x509CertificateArr[0];
        String name = x509Certificate.getSubjectDN().getName();
        if (!this.hostnamePattern.matcher(name).find()) {
            throw new CertificateException("Certificate SubjectDN " + name + " does not match " + this.hostnamePattern);
        }
        Date date = new Date();
        if (date.after(x509Certificate.getNotAfter())) {
            throw new CertificateException("Certificate is expired " + x509Certificate.getNotAfter());
        }
        if (date.before(x509Certificate.getNotBefore())) {
            throw new CertificateException("Certificate is not yet valid " + x509Certificate.getNotBefore());
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}
