package org.ldaptive.ssl;

import java.io.IOException;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/ldaptive-2.0.0-RC5.jar:org/ldaptive/ssl/HostnameVerifyingListener.class */
public class HostnameVerifyingListener implements HandshakeCompletedListener {
    protected final Logger logger = LoggerFactory.getLogger(getClass());
    private final HostnameVerifier hostnameVerifier;
    private boolean invoked;
    private boolean verified;
    private String hostname;

    public HostnameVerifyingListener(HostnameVerifier hostnameVerifier) {
        this.hostnameVerifier = hostnameVerifier;
    }

    public HostnameVerifyingListener(HostnameVerifier hostnameVerifier, String str) {
        this.hostnameVerifier = hostnameVerifier;
        this.hostname = str;
    }

    @Override // javax.net.ssl.HandshakeCompletedListener
    public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
        this.invoked = true;
        if (this.hostname == null) {
            this.hostname = handshakeCompletedEvent.getSession().getPeerHost();
        }
        if (this.hostnameVerifier.verify(this.hostname, handshakeCompletedEvent.getSession())) {
            this.verified = true;
            return;
        }
        try {
            handshakeCompletedEvent.getSocket().close();
        } catch (IOException e) {
            this.logger.warn("Error closing SSL socket", (Throwable) e);
        }
        handshakeCompletedEvent.getSession().invalidate();
    }

    public void peerVerified() throws SSLPeerUnverifiedException {
        if (!this.invoked) {
            throw new IllegalStateException("Handshake has not completed");
        }
        if (!this.verified) {
            throw new SSLPeerUnverifiedException(String.format("Hostname '%s' does not match the hostname in the server's certificate", this.hostname));
        }
    }
}
