package org.eclipse.hono.service.auth;

import io.netty.handler.ssl.util.SimpleTrustManagerFactory;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.time.Instant;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/hono/service/auth/ValidityOnlyTrustManagerFactory.class */
public final class ValidityOnlyTrustManagerFactory extends SimpleTrustManagerFactory {
    private static final Logger LOG = LoggerFactory.getLogger(ValidityOnlyTrustManagerFactory.class);
    private static final X509Certificate[] EMPTY_CERTS = new X509Certificate[0];
    private final TrustManager tm = new X509TrustManager() { // from class: org.eclipse.hono.service.auth.ValidityOnlyTrustManagerFactory.1
        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return ValidityOnlyTrustManagerFactory.EMPTY_CERTS;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (x509CertificateArr == null) {
                throw new NullPointerException("certificate chain must not be null");
            }
            if (x509CertificateArr.length < 1) {
                throw new IllegalArgumentException("certificate chain must not be empty");
            }
            X509Certificate x509Certificate = x509CertificateArr[0];
            Instant instant = x509Certificate.getNotBefore().toInstant();
            Instant instant2 = x509Certificate.getNotAfter().toInstant();
            Instant now = Instant.now();
            if (now.isBefore(instant)) {
                throw new CertificateNotYetValidException();
            }
            if (now.isAfter(instant2)) {
                throw new CertificateExpiredException();
            }
            if (ValidityOnlyTrustManagerFactory.LOG.isDebugEnabled()) {
                ValidityOnlyTrustManagerFactory.LOG.debug("accepting client certificate [not before: {}, not after: {}, subject DN: {}, issuer DN: {}]", new Object[]{instant, instant2, x509Certificate.getSubjectX500Principal().getName("RFC2253"), x509Certificate.getIssuerX500Principal().getName("RFC2253")});
            }
        }
    };

    protected void engineInit(KeyStore keyStore) throws Exception {
    }

    protected void engineInit(ManagerFactoryParameters managerFactoryParameters) throws Exception {
    }

    protected TrustManager[] engineGetTrustManagers() {
        return new TrustManager[]{this.tm};
    }
}
