package org.elasticsearch.xpack.security.transport;

import java.util.function.BiConsumer;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.component.Lifecycle;
import org.elasticsearch.common.network.CloseableChannel;
import org.elasticsearch.http.HttpChannel;
import org.elasticsearch.xpack.core.security.transport.SSLExceptionHelper;

/* loaded from: input_file:org/elasticsearch/xpack/security/transport/SecurityHttpExceptionHandler.class */
public final class SecurityHttpExceptionHandler implements BiConsumer<HttpChannel, Exception> {
    private final Lifecycle lifecycle;
    private final Logger logger;
    private final BiConsumer<HttpChannel, Exception> fallback;

    public SecurityHttpExceptionHandler(Logger logger, Lifecycle lifecycle, BiConsumer<HttpChannel, Exception> biConsumer) {
        this.lifecycle = lifecycle;
        this.logger = logger;
        this.fallback = biConsumer;
    }

    @Override // java.util.function.BiConsumer
    public void accept(HttpChannel httpChannel, Exception exc) {
        if (this.lifecycle.started()) {
            if (SSLExceptionHelper.isNotSslRecordException(exc)) {
                this.logger.warn("received plaintext http traffic on an https channel, closing connection {}", httpChannel);
                CloseableChannel.closeChannel(httpChannel);
            } else if (SSLExceptionHelper.isCloseDuringHandshakeException(exc)) {
                this.logger.debug("connection {} closed during ssl handshake", httpChannel);
                CloseableChannel.closeChannel(httpChannel);
            } else if (!SSLExceptionHelper.isReceivedCertificateUnknownException(exc)) {
                this.fallback.accept(httpChannel, exc);
            } else {
                this.logger.warn("http client did not trust this server's certificate, closing connection {}", httpChannel);
                CloseableChannel.closeChannel(httpChannel);
            }
        }
    }
}
