package io.deephaven.grpc;

import io.grpc.Context;
import io.grpc.Grpc;
import io.grpc.ServerCall;
import io.grpc.ServerInterceptor;
import java.io.ByteArrayInputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;

/* loaded from: input_file:io/deephaven/grpc/MTlsCertificate.class */
public class MTlsCertificate {
    private static final Logger logger = Logger.getLogger(MTlsCertificate.class.getName());
    public static final Context.Key<List<X509Certificate>> CLIENT_CERTIFICATES = Context.key("mtls-client-certificates");
    public static final ServerInterceptor DEFAULT_INTERCEPTOR = new AbstractMtlsClientCertificateInterceptor() { // from class: io.deephaven.grpc.MTlsCertificate.1
        @Override // io.deephaven.grpc.AbstractMtlsClientCertificateInterceptor
        protected <ReqT, RespT> Optional<List<X509Certificate>> getTransportCertificates(ServerCall<ReqT, RespT> serverCall) {
            SSLSession sSLSession = (SSLSession) serverCall.getAttributes().get(Grpc.TRANSPORT_ATTR_SSL_SESSION);
            if (sSLSession == null) {
                return Optional.empty();
            }
            try {
                Certificate[] peerCertificates = sSLSession.getPeerCertificates();
                if (peerCertificates == null || peerCertificates.length == 0) {
                    return Optional.empty();
                }
                ArrayList arrayList = new ArrayList(peerCertificates.length);
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                for (Certificate certificate : peerCertificates) {
                    arrayList.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certificate.getEncoded())));
                }
                return Optional.of(Collections.unmodifiableList(arrayList));
            } catch (CertificateException e) {
                MTlsCertificate.logger.log(Level.WARNING, "Unable to read X509CertChain due to certificate exception", (Throwable) e);
                return Optional.empty();
            } catch (SSLPeerUnverifiedException e2) {
                return Optional.empty();
            }
        }
    };
}
