package weblogic.nodemanager.internal;

import com.certicom.net.ssl.TrustManager;
import java.security.Principal;
import javax.security.cert.X509Certificate;
import weblogic.logging.Severities;
import weblogic.nodemanager.NodeManager;

/* loaded from: input_file:weblogic.jar:weblogic/nodemanager/internal/LocalTrustManager.class */
public class LocalTrustManager implements TrustManager {
    @Override // com.certicom.net.ssl.TrustManager
    public boolean certificateCallback(X509Certificate[] x509CertificateArr, int i, Object obj) {
        String str = (String) obj;
        if ((i & 1) != 0) {
            NodeManagerHelper.printLog("Cert chain invalid", Severities.ERROR_TEXT);
            return false;
        }
        if ((i & 2) != 0) {
            NodeManagerHelper.printLog("Certificate expired", Severities.ERROR_TEXT);
            return false;
        }
        if ((i & 4) != 0) {
            NodeManagerHelper.printLog("Certificate chain incomplete", Severities.ERROR_TEXT);
            return false;
        }
        if ((i & 8) != 0) {
            NodeManagerHelper.printLog("Certificate signature invalid", Severities.ERROR_TEXT);
            return false;
        }
        if ((i & 16) != 0) {
            NodeManagerHelper.printLog("Certificate chain untrusted", Severities.ERROR_TEXT);
            return false;
        }
        String subjectCN = getSubjectCN(x509CertificateArr[0].getSubjectDN());
        if (subjectCN.equals(str) || !NodeManager.isSSLHostNameVerificationEnabled()) {
            return true;
        }
        NodeManagerHelper.printLog(new StringBuffer().append("Subject (").append(subjectCN).append(") does not match server name (").append(str).append(")").toString(), Severities.ERROR_TEXT);
        return false;
    }

    private String getSubjectCN(Principal principal) {
        return principal.getName().substring(principal.getName().indexOf("CN=") + "CN=".length());
    }
}
