package com.floragunn.searchguard.ssl.util;

import io.netty.handler.ssl.SslHandler;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.auth.x500.X500Principal;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.http.netty4.Netty4HttpRequest;
import org.elasticsearch.rest.RestRequest;

/* loaded from: input_file:com/floragunn/searchguard/ssl/util/SSLRequestHelper.class */
public class SSLRequestHelper {

    /* loaded from: input_file:com/floragunn/searchguard/ssl/util/SSLRequestHelper$SSLInfo.class */
    public static class SSLInfo {
        private final X509Certificate[] x509Certs;
        private final String principal;
        private final String protocol;
        private final String cipher;

        public SSLInfo(X509Certificate[] x509CertificateArr, String str, String str2, String str3) {
            this.x509Certs = x509CertificateArr;
            this.principal = str;
            this.protocol = str2;
            this.cipher = str3;
        }

        public X509Certificate[] getX509Certs() {
            if (this.x509Certs == null) {
                return null;
            }
            return (X509Certificate[]) this.x509Certs.clone();
        }

        public String getPrincipal() {
            return this.principal;
        }

        public String getProtocol() {
            return this.protocol;
        }

        public String getCipher() {
            return this.cipher;
        }

        public String toString() {
            return "SSLInfo [x509Certs=" + Arrays.toString(this.x509Certs) + ", principal=" + this.principal + ", protocol=" + this.protocol + ", cipher=" + this.cipher + "]";
        }
    }

    public static SSLInfo getSSLInfo(RestRequest restRequest) throws SSLPeerUnverifiedException {
        SslHandler sslHandler;
        if (restRequest == null || !(restRequest instanceof Netty4HttpRequest) || (sslHandler = ((Netty4HttpRequest) restRequest).getChannel().pipeline().get("ssl_http")) == null) {
            return null;
        }
        SSLEngine engine = sslHandler.engine();
        SSLSession session = engine.getSession();
        X509Certificate[] x509CertificateArr = null;
        String str = null;
        String protocol = session.getProtocol();
        String cipherSuite = session.getCipherSuite();
        if (engine.getNeedClientAuth() || engine.getWantClientAuth()) {
            try {
                Certificate[] peerCertificates = session.getPeerCertificates();
                if (peerCertificates != null && peerCertificates.length > 0 && (peerCertificates[0] instanceof X509Certificate)) {
                    x509CertificateArr = (X509Certificate[]) Arrays.copyOf(peerCertificates, peerCertificates.length, X509Certificate[].class);
                    X500Principal subjectX500Principal = x509CertificateArr[0].getSubjectX500Principal();
                    str = subjectX500Principal == null ? null : subjectX500Principal.getName();
                } else if (engine.getNeedClientAuth()) {
                    throw new ElasticsearchException("No client certificates found but such are needed (SG 9).", new Object[0]);
                }
            } catch (SSLPeerUnverifiedException e) {
                if (engine.getNeedClientAuth()) {
                    throw e;
                }
            }
        }
        return new SSLInfo(x509CertificateArr, str, protocol, cipherSuite);
    }
}
