package org.glite.voms.contact;

import java.security.Security;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.apache.log4j.Logger;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.glite.voms.PKIUtils;

/* compiled from: VOMSProxyInit.java */
/* loaded from: input_file:WEB-INF/lib/voms-api-2.0.6.jar:org/glite/voms/contact/GSIVerifier.class */
class GSIVerifier implements HostnameVerifier {
    private String name;
    private HostnameVerifier verifier;
    private static final Logger log = Logger.getLogger(GSIVerifier.class);

    public GSIVerifier(HostnameVerifier hostnameVerifier, String str) {
        this.name = str;
        this.verifier = hostnameVerifier;
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        boolean z;
        if (this.verifier.verify(str, sSLSession)) {
            z = true;
            log.debug("Verified by default verifier");
        } else {
            try {
                X509Certificate x509Certificate = (X509Certificate) sSLSession.getPeerCertificates()[0];
                z = PKIUtils.DNCompare(this.name, PKIUtils.getOpenSSLFormatPrincipal(x509Certificate.getSubjectDN(), false)) || PKIUtils.DNCompare(this.name, PKIUtils.getOpenSSLFormatPrincipal(x509Certificate.getSubjectDN(), true));
                log.debug("result of DN verifier: " + z);
            } catch (SSLPeerUnverifiedException e) {
                log.debug("Unauthenticate peer.  Verify failed.");
                z = false;
            }
        }
        return z;
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
