package io.esastack.codec.common.ssl;

import esa.commons.logging.Logger;
import esa.commons.logging.LoggerFactory;
import io.netty.channel.Channel;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.SslHandshakeCompletionEvent;
import io.netty.util.AttributeKey;
import java.security.cert.Certificate;
import javax.net.ssl.SSLPeerUnverifiedException;

/* loaded from: input_file:io/esastack/codec/common/ssl/SslUtils.class */
public class SslUtils {
    public static final AttributeKey<Certificate> TLS_PEER_CERTIFICATE_KEY = AttributeKey.newInstance("TLS_PEER_CERTIFICATE");
    private static final Logger LOGGER = LoggerFactory.getLogger(SslUtils.class);

    public static void extractSslPeerCertificate(Channel channel) {
        SslHandler sslHandler = channel.pipeline().get(SslHandler.class);
        if (sslHandler == null) {
            LOGGER.info("Could not get SslHandler in TLS channel!");
            return;
        }
        try {
            Certificate[] peerCertificates = sslHandler.engine().getSession().getPeerCertificates();
            if (peerCertificates != null && peerCertificates.length != 0) {
                channel.attr(TLS_PEER_CERTIFICATE_KEY).set(peerCertificates[0]);
            }
        } catch (SSLPeerUnverifiedException e) {
            LOGGER.info("There is no client certificate in the tsl session, client may not enable clientAuth: " + e.getMessage());
        }
    }

    public static void extractSslPeerCertificate(Channel channel, SslHandshakeCompletionEvent sslHandshakeCompletionEvent) {
        SslHandler sslHandler = channel.pipeline().get(SslHandler.class);
        if (sslHandler == null) {
            LOGGER.info("Could not get SslHandler in TLS channel!");
            return;
        }
        if (sslHandshakeCompletionEvent.isSuccess()) {
            try {
                Certificate[] peerCertificates = sslHandler.engine().getSession().getPeerCertificates();
                if (peerCertificates != null && peerCertificates.length != 0) {
                    channel.attr(TLS_PEER_CERTIFICATE_KEY).set(peerCertificates[0]);
                }
            } catch (SSLPeerUnverifiedException e) {
                LOGGER.info("There is no client certificate in the tsl session, client may not enable clientAuth: " + e.getMessage());
            }
        }
    }
}
