package org.mockserver.socket.tls;

import io.netty.channel.ChannelHandlerContext;
import io.netty.handler.codec.DecoderException;
import io.netty.handler.ssl.AbstractSniHandler;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslHandler;
import io.netty.util.AttributeKey;
import io.netty.util.ReferenceCountUtil;
import io.netty.util.concurrent.Future;
import io.netty.util.internal.PlatformDependent;
import java.security.cert.Certificate;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.apache.commons.lang3.StringUtils;
import org.mockserver.configuration.Configuration;
import org.mockserver.log.model.LogEntry;
import org.mockserver.logging.MockServerLogger;
import org.slf4j.event.Level;

/* loaded from: input_file:org/mockserver/socket/tls/SniHandler.class */
public class SniHandler extends AbstractSniHandler<SslContext> {
    private static final AttributeKey<SSLEngine> UPSTREAM_SSL_ENGINE = AttributeKey.valueOf("UPSTREAM_SSL_ENGINE");
    private static final AttributeKey<Certificate[]> UPSTREAM_CLIENT_CERTIFICATES = AttributeKey.valueOf("UPSTREAM_CLIENT_CERTIFICATES");
    private final Configuration configuration;
    private final NettySslContextFactory nettySslContextFactory;

    public SniHandler(Configuration configuration, NettySslContextFactory nettySslContextFactory) {
        this.configuration = configuration;
        this.nettySslContextFactory = nettySslContextFactory;
    }

    protected Future<SslContext> lookup(ChannelHandlerContext channelHandlerContext, String str) {
        if (StringUtils.isNotBlank(str)) {
            this.configuration.addSubjectAlternativeName(str);
        }
        return channelHandlerContext.executor().newSucceededFuture(this.nettySslContextFactory.createServerSslContext());
    }

    protected void onLookupComplete(ChannelHandlerContext channelHandlerContext, String str, Future<SslContext> future) {
        if (!future.isSuccess()) {
            Throwable cause = future.cause();
            if (!(cause instanceof Error)) {
                throw new DecoderException("Failed to get the SslContext for " + str, cause);
            }
            throw ((Error) cause);
        }
        try {
            replaceHandler(channelHandlerContext, future);
        } catch (Throwable th) {
            PlatformDependent.throwException(th);
        }
    }

    private void replaceHandler(ChannelHandlerContext channelHandlerContext, Future<SslContext> future) {
        SslHandler sslHandler = null;
        try {
            SslHandler newHandler = ((SslContext) future.getNow()).newHandler(channelHandlerContext.alloc());
            channelHandlerContext.channel().attr(UPSTREAM_SSL_ENGINE).set(newHandler.engine());
            channelHandlerContext.pipeline().replace(this, "SslHandler#0", newHandler);
            sslHandler = null;
            if (0 != 0) {
                ReferenceCountUtil.safeRelease(sslHandler.engine());
            }
        } catch (Throwable th) {
            if (sslHandler != null) {
                ReferenceCountUtil.safeRelease(sslHandler.engine());
            }
            throw th;
        }
    }

    public static Certificate[] retrieveClientCertificates(MockServerLogger mockServerLogger, ChannelHandlerContext channelHandlerContext) {
        SSLEngine sSLEngine;
        SSLSession session;
        Certificate[] certificateArr = null;
        if (channelHandlerContext.channel().attr(UPSTREAM_CLIENT_CERTIFICATES).get() != null) {
            certificateArr = (Certificate[]) channelHandlerContext.channel().attr(UPSTREAM_CLIENT_CERTIFICATES).get();
        } else if (channelHandlerContext.channel().attr(UPSTREAM_SSL_ENGINE).get() != null && (sSLEngine = (SSLEngine) channelHandlerContext.channel().attr(UPSTREAM_SSL_ENGINE).get()) != null && (session = sSLEngine.getSession()) != null) {
            try {
                Certificate[] peerCertificates = session.getPeerCertificates();
                channelHandlerContext.channel().attr(UPSTREAM_CLIENT_CERTIFICATES).set(peerCertificates);
                return peerCertificates;
            } catch (SSLPeerUnverifiedException e) {
                if (MockServerLogger.isEnabled(Level.TRACE)) {
                    mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.TRACE).setMessageFormat("no client certificate chain as client did not complete mTLS"));
                }
            }
        }
        return certificateArr;
    }
}
