// 
// Decompiled by Procyon v0.6.0
// 

package io.netty.handler.ssl;

import java.util.Iterator;
import java.util.Collection;
import java.util.List;
import javax.net.ssl.SSLEngine;
import java.security.cert.CertificateException;
import java.net.Socket;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;

final class EnhancingX509ExtendedTrustManager extends X509ExtendedTrustManager
{
    private final X509ExtendedTrustManager wrapped;
    
    EnhancingX509ExtendedTrustManager(final X509TrustManager wrapped) {
        this.wrapped = (X509ExtendedTrustManager)wrapped;
    }
    
    @Override
    public void checkClientTrusted(final X509Certificate[] chain, final String authType, final Socket socket) throws CertificateException {
        this.wrapped.checkClientTrusted(chain, authType, socket);
    }
    
    @Override
    public void checkServerTrusted(final X509Certificate[] chain, final String authType, final Socket socket) throws CertificateException {
        try {
            this.wrapped.checkServerTrusted(chain, authType, socket);
        }
        catch (final CertificateException e) {
            throwEnhancedCertificateException(chain, e);
        }
    }
    
    @Override
    public void checkClientTrusted(final X509Certificate[] chain, final String authType, final SSLEngine engine) throws CertificateException {
        this.wrapped.checkClientTrusted(chain, authType, engine);
    }
    
    @Override
    public void checkServerTrusted(final X509Certificate[] chain, final String authType, final SSLEngine engine) throws CertificateException {
        try {
            this.wrapped.checkServerTrusted(chain, authType, engine);
        }
        catch (final CertificateException e) {
            throwEnhancedCertificateException(chain, e);
        }
    }
    
    @Override
    public void checkClientTrusted(final X509Certificate[] chain, final String authType) throws CertificateException {
        this.wrapped.checkClientTrusted(chain, authType);
    }
    
    @Override
    public void checkServerTrusted(final X509Certificate[] chain, final String authType) throws CertificateException {
        try {
            this.wrapped.checkServerTrusted(chain, authType);
        }
        catch (final CertificateException e) {
            throwEnhancedCertificateException(chain, e);
        }
    }
    
    @Override
    public X509Certificate[] getAcceptedIssuers() {
        return this.wrapped.getAcceptedIssuers();
    }
    
    private static void throwEnhancedCertificateException(final X509Certificate[] chain, final CertificateException e) throws CertificateException {
        final String message = e.getMessage();
        if (message != null && e.getMessage().startsWith("No subject alternative DNS name matching")) {
            final StringBuilder names = new StringBuilder(64);
            for (int i = 0; i < chain.length; ++i) {
                final X509Certificate cert = chain[i];
                final Collection<List<?>> collection = cert.getSubjectAlternativeNames();
                if (collection != null) {
                    for (final List<?> altNames : collection) {
                        if (altNames.size() >= 2 && (int)altNames.get(0) == 2) {
                            names.append((String)altNames.get(1)).append(",");
                        }
                    }
                }
            }
            if (names.length() != 0) {
                names.setLength();
                throw new CertificateException(message + " Subject alternative DNS names in the certificate chain of " + chain.length + " certificate(s): " + (Object)names, e);
            }
        }
        throw e;
    }
}