package org.eclipse.californium.elements.tcp.netty;

import io.netty.channel.Channel;
import io.netty.handler.ssl.SslHandler;
import java.net.InetSocketAddress;
import java.security.cert.Certificate;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.eclipse.californium.elements.EndpointContext;
import org.eclipse.californium.elements.TlsEndpointContext;
import org.eclipse.californium.elements.auth.X509CertPath;
import org.eclipse.californium.elements.util.StringUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/californium/elements/tcp/netty/TlsContextUtil.class */
public class TlsContextUtil extends TcpContextUtil {
    private static final Logger LOGGER = LoggerFactory.getLogger(TlsContextUtil.class);
    private final boolean warnMissingPrincipal;

    public TlsContextUtil(boolean z) {
        this.warnMissingPrincipal = z;
    }

    @Override // org.eclipse.californium.elements.tcp.netty.TcpContextUtil
    public EndpointContext buildEndpointContext(Channel channel) {
        InetSocketAddress inetSocketAddress = (InetSocketAddress) channel.remoteAddress();
        String asShortText = channel.id().asShortText();
        SslHandler sslHandler = (SslHandler) channel.pipeline().get(SslHandler.class);
        if (sslHandler == null) {
            throw new IllegalStateException("Missing SslHandler for " + asShortText + "!");
        }
        SSLSession session = sslHandler.engine().getSession();
        if (session != null) {
            boolean z = false;
            X509CertPath x509CertPath = null;
            try {
                Certificate[] peerCertificates = session.getPeerCertificates();
                if (peerCertificates == null || peerCertificates.length == 0) {
                    z = true;
                } else {
                    x509CertPath = X509CertPath.fromCertificatesChain(peerCertificates);
                }
            } catch (RuntimeException e) {
                LOGGER.warn("TLS({}) failed to extract principal {}", asShortText, e.getMessage());
            } catch (SSLPeerUnverifiedException e2) {
                z = true;
            }
            if (z) {
                try {
                    x509CertPath = session.getPeerPrincipal();
                } catch (SSLPeerUnverifiedException e3) {
                    if (this.warnMissingPrincipal) {
                        LOGGER.warn("TLS({}) failed to verify principal, {}", asShortText, e3.getMessage());
                    } else {
                        LOGGER.trace("TLS({}) failed to verify principal, {}", asShortText, e3.getMessage());
                    }
                }
            }
            if (x509CertPath != null) {
                LOGGER.debug("TLS({}) Principal {}", asShortText, x509CertPath.getName());
            } else if (this.warnMissingPrincipal) {
                LOGGER.warn("TLS({}) principal missing", asShortText);
            } else {
                LOGGER.trace("TLS({}) principal missing", asShortText);
            }
            byte[] id = session.getId();
            if (id != null && id.length > 0) {
                String byteArray2HexString = StringUtil.byteArray2HexString(id, (char) 0, 0);
                String cipherSuite = session.getCipherSuite();
                LOGGER.debug("TLS({},{},{})", new Object[]{asShortText, StringUtil.trunc(byteArray2HexString, 14), cipherSuite});
                return new TlsEndpointContext(inetSocketAddress, x509CertPath, asShortText, byteArray2HexString, cipherSuite);
            }
        }
        throw new IllegalStateException("TLS handshake " + asShortText + " not ready!");
    }
}
